I have two active PGP keys: a work key for Ellucian business and a personal key for everything else. This signing policy applies to both keys, although the only keys I will sign with my work key will be those of professional contacts. I also have an older personal key (revoked in favor of the newer one) and a Bristol Instruments key (revoked when I stopped working there).
Here’s a summary of my personal key:
4096-bit RSA public key Creation date: 2014-09-19 Short fingerprint: 79974D79 Fingerprint: E663 1535 1E9B 2ACF 357F 5C34 F533 D909 7997 4D79 uid Benjamin D. Esham <email@example.com> sub 4096R/ED4B0EC6 2014-09-19
My Ellucian key:
4096-bit RSA public key Creation date: 2016-03-25 Short fingerprint: C04792B7 Fingerprint: D804 521D FA80 20E0 2146 92AE E619 4C96 C047 92B7 uid Benjamin D. Esham (Ellucian) <firstname.lastname@example.org> sub 4096R/413048BF 2016-03-25
My old personal key:
1024-bit DSA public key Creation date: 2000-09-19 Revocation date: 2015-02-12 Short fingerprint: D676BB9A Fingerprint: C385 21B9 B701 6D1B 67C6 2705 CCE0 B74D D676 BB9A uid Benjamin D. Esham <email@example.com> uid Benjamin D. Esham <firstname.lastname@example.org> uid Benjamin D. Esham <email@example.com> uid [jpeg image of size 9723] sub 4096R/A6893A49 2010-08-01 [expires: 2015-08-01]
My Bristol Instruments key:
2048-bit RSA public key Creation date: 2013-08-09 Revocation date: 2016-03-18 Short fingerprint: AF06F2DD Fingerprint: 0F31 B387 E434 790B 3A7F 4B6E 4884 391E AF06 F2DD uid Benjamin Esham (Bristol Instruments, Inc.) <firstname.lastname@example.org> sub 2048R/B5E5F3BF 2013-08-09
The MIT PGP Public Key Server should have the latest versions of my personal and work keys.
If you wish to contact me, please use the
esham.io email address given in my personal key.
- Level 0 (generic certification)
- I will issue this type of signature for keys that represent a group or an organization. My signature on such a key indicates only that I am “pretty sure” that there is a correspondence between the key and the group.
- Level 1 (persona certification)
- I do not use this type of signature.
- Level 2 (casual certification)
- I will issue this type of signature for pseudonymous keys. In this case I have determined only that the same person controls the key and the email addresses listed in the signed UIDs. No claim is made regarding the connection between the key and any real-life identity.
- Level 3 (positive certification)
- I will issue this signature if I have personally met the keyholder and verified their identity according to the procedure below.
I will meet with another user in reasonable conditions and verify his or her identity against a government-issued photo ID. I will accept a passport from any country or a driver license from a U.S. state. The user must present me with a written record of the key fingerprint and list of the UIDs to be signed.
I will send the signed key to the keyholder only; the keyholder can distribute these as he or she sees fit. My signature for each UID will be delivered to that UID only, so my signature on e.g. an email address confirms that the key owner has access to that email address. I will sign UIDs containing photos, XMPP addresses, etc. at my discretion. If the UIDs I signed contain contact information, each signature will be sent to the corresponding address, encrypted if possible. If some UIDs do not specify contact information, the signature for these UIDs will be sent to the address on one of the other signed UIDs. If none of the UIDs to be signed give contact information then the keyholder must specify during our meeting where the signatures should be sent.
- March 25, 2016: Changed the URL of this page to reflect the fact that this site is now HTTPS-only. Added information about my Ellucian key and the revocation of my Bristol Instruments key.
- February 12, 2015: Added information about my new personal key and the revocation of the old one.
- May 27, 2014: Changed the URL of this page to
- August 11, 2013: Added information about my Bristol Instruments key.
- June 19, 2011: Changed URL to
http://www.bdesham.info/pgp-key-signing-policy. Added contact information and a link to the actual key at the MIT key server.
- March 3, 2011: Initial upload.