-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

GnuPG/PGP certification policy
==============================

  This signing policy is used for all signatures of GnuPG/PGP keys done
  by:
  
  pub   ed25519 2019-01-20
        1F5AA102D264E544D09CE27B2CC56C201E412779
  uid           [ultimate] Daniel Heß (DB3YDH) <daniel@db3ydh.de>
  uid           [ultimate] Daniel Hess
  uid           [ultimate] Daniel Hess (DB3YDH) <daniel@db3ydh.de>
  uid           [ultimate] Daniel Heß <dh@ping.de>
  uid           [ultimate] Daniel Hess <dh@ping.de>
  uid           [ultimate] Daniel Heß

  This policy is valid from February, 5th 2019. All signatures done by the
  GnuPG key above follow this policy.


Requirements for key signing (when do I sign a key?)
====================================================

  I only sign other GnuPG/PGP keys when at least the following points
  are met:

  * The person who asks for a key to be signed is the person named in
    the uids of the key:

    There are two ways to get this point. Either I already know the
    person or the person showed me some official document to proof his
    or her identity. Documents can be faked and I do not really know how
    to check every countries' passports or id cards. Therefore I trust
    persons who I already know for a while more to be the one they claim
    to be than someone with a passport. Because of this I use cert
    levels to differentiate between these two cases like this:

    1 - Not used currently.
    2 - I checked some kind of governmental issued identity card like a
        passport or id card.
    3 - I already knew the person.

  * The fingerprint of the key was transmitted securely. This was either
    by giving me a paper slip with a hardcopy of the fingerprint
    directly or via a secure group signing protocol used on keysigning
    parties.

  Besides that, email addresses are checked automatically. Signed keys,
  or more exactly signed uids, are not directly uploaded to the keyserver
  network. Every uid with an associated email address is checked by
  sending the signature in an encrypted (if possible) email to the
  email address. The only way for a signature to reach the keyserver
  network is, that the valid recipient takes the signature out of the
  email and uploads it to the keyserver network.

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQHDG6yR+B4/VBEytwocpI8lhkvDQUCXFn8WQAKCRAocpI8lhkv
Ddb6AQCnxfe7ATybvBkX7WBU+7P9yt1O7vFrucF0cSSXycEJRgEAkB4eybuIlW22
hmbVevsdjiuFTcMQsGEr/mCWNXbWBgM=
=XE7K
-----END PGP SIGNATURE-----