-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

GnuPG/PGP certification policy
==============================

  This signing policy is used for all signatures of GnuPG/PGP keys done
  by:
  
  pub   4096R/0xDEEABBD4BB30CE35 2008-03-30
  uid                            Daniel Heß <daniel@rio-grande.ping.de>
  uid                            Daniel Hess
  uid                            Daniel Heß
  uid                            Daniel Hess <dh@ping.de>
  uid                            Daniel Heß <dh@ping.de>
  uid                            Daniel Hess (DB3YDH) <db3ydh@darc.de>
  uid                            Daniel Heß (DB3YDH) <db3ydh@darc.de>
  uid                            Daniel Hess <daniel@eintrachtschule.de>
  uid                            Daniel Hess <daniel@rio-grande.ping.de>
  uid                            Daniel Heß <daniel@eintrachtschule.de>

  This policy is valid from February, 14th 2009. All signatures done by the
  GnuPG key above follow this policy.


Requirements for key signing (when do I sign a key?)
====================================================

  I only sign other GnuPG/PGP keys when at least the following points
  are met:

  * The person who asks for a key to be signed is the person named in
    the uids of the key:

    There are two ways to get this point. Either I already know the
    person or the person showed me some official document to proof his
    or her identity. Documents can be faked and I do not really know how
    to check every countries' passports or id cards. Therefore I trust
    persons who I already know for a while more to be the one they claim
    to be than someone with a passport. Because of this I use cert
    levels to differentiate between these two cases like this:

    1 - Not used currently.
    2 - I checked some kind of governmental issued identity card like a
        passport or id card.
    3 - I already knew the person.

  * The fingerprint of the key was transmitted securely. This was either
    by giving me a paper slip with a hardcopy of the fingerprint
    directly or via a secure group signing protocol used on keysigning
    parties.

  Besides that, email addresses are checked automatically. Signed keys,
  or more exactly signed uids, are not directly uploaded to the keyserver
  network. Every uid with an associated email address is checkes by
  sending the signature in an encrypted (if possible) email to the
  email address. The only way for a signature to reach the keyserver
  network is, that the valid recipient takes the signature out of the
  email and uploads it to the keyserver network.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBCAAGBQJJlzldAAoJEHGfA607AMNmBm0H/0q3+3cE19kDmDlJ58APpFaF
ZzeCovjmlwZ0OX3aeEOEacyAAZ6G08mMGhoiI7Jb3F+paotOyq98klhUN/ZDBt+E
V98CLR1vFSofOeRDOWlhs8tWms+4eTvMz+B2w2v6W4khI0vBNQsxvVxzSWFozPQl
8SFaO5Tiz3gMW6rgYMu3i5tp+X43nPx5uUj3s7Aty2XeMSf23j3A50NgAFxqOimP
RLtW6pudX9sGxYBmkuvzBT58mEsXkDhoTz4NRdgKf824JDC9TsYuEVJCDv0AdPsa
1BmQ0ncvzyoU5FAjaoiNOwwoQzb5wioOg9134U4BHGRPlv2mVoaCbI1v2gxkhdo=
=5s3Z
-----END PGP SIGNATURE-----