-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

==================================================================
OpenPGP key signing policy for Jonathan Cross <jcross@gmail.com>
Fingerprint:    9386 A2FB 2DA9 D0D3 1FAF  0818 C0C0 7613 2FFA 7695
Policy URL:  https://jonathancross.com/C0C076132FFA7695.policy.txt
Public KEY:  https://jonathancross.com/C0C076132FFA7695.asc
Created:     2018-03-08
Updated:     2018-11-28
==================================================================

INTRO

This document explains my  personal  policy when  signing  OpenPGP
keys  belonging  to  others  and  security  precautions  taken  to
protect to my own key.


SIGNING POLICY

+------+---------------------------------------------------------+
| TYPE | SIGNATURE TYPE AND WHAT IT MEANS                        |
+------+---------------------------------------------------------+
| sig0 | UNDEFINED Signature type                                |
|      | This type of signature offers no guarantees about the   |
|      | level of verification.  I only certify that I am        |
|      | reasonably convinced this key is owned by the person,   |
|      | group, or pseudonym indicated.                          |
+------+---------------------------------------------------------+
| sig1 | WEAK Signature type                                     |
|      | I have signed this key without meeting the person face  |
|      | to face, but have determined that they are almost       |
|      | certainly the owner of this key.  This signature type   |
|      | is rarely used, but might indicate that I have verified |
|      | the key is owned by a particular project maintainer and |
|      | that key was used to sign a unique email to me and      |
|      | to decrypt a message from me correctly.                 |
+------+---------------------------------------------------------+
| sig2 | MEDIUM Signature type                                   |
|      | I have met this person (or verified in some unambiguous |
|      | way for a group key or pseudonym).  I may or may not    |
|      | have checked their government ID.  I have checked the   |
|      | PGP fingerprint. I have also confirmed that they can    |
|      | decrypt messages sent to the email address listed and   |
|      | sign messages using this key.                           |
+------+---------------------------------------------------------+
| sig3 | STRONG Signature type                                   |
|      | I have met this person face-to-face and carefully       |
|      | checked their PGP fingerprint and that the name on this |
|      | key ID matches the name on their government ID.  I have |
|      | also confirmed that they can decrypt messages sent to   |
|      | the email address listed and sign messages using        |
|      | this key.  If the UID indicates only a pseudonym, a     |
|      | government ID check might be replaced with equivalent   |
|      | verification of my choosing, but similar confidence.    |
+------+---------------------------------------------------------+


SIGNING PROCEDURE

Key fingerprint and  UID is checked according to the policy above.
The user's  key is then  brought to an  air-gapped environment and
appropriate signature is made using the master key (kept offline).
The keys  are then brought  back to an online  system and each sig
is emailed to its respective UID in an encrypted and signed email.


MY KEY

Fingerprint:    9386 A2FB 2DA9 D0D3 1FAF  0818 C0C0 7613 2FFA 7695
sec#  rsa4096/0xC0C076132FFA7695 2016-02-01 [C]
uid                              Jonathan Cross <jcross@gmail.com>
uid                              [jpeg image of size 2772]
uid                              website (jonathancross.com)
ssb>  rsa2048/0xD8578DF8EA7CCF1B 2016-02-01 [S]
ssb>  rsa2048/0x8E1719FE1E8DA9B9 2016-02-01 [E]
ssb>  rsa2048/0x397428FC5BA60C24 2016-02-01 [A]


KEY SECURITY

The master key  and its subkeys  were generated in an  air-gapped,
stateless  environment.   The master key  was then backed up in an
encrypted  archive with strong  password  and stored in such a way
that it cannot be  reached from outside the air-gapped environment
except in an  emergency (to revoke, etc).   The master key archive
has never been opened outside this secure environment.

Subkeys (embedded in a  YubiKey device on the air-gapped computer)
are used daily for work,  but if lost cannot be extracted from the
Yubikey without advanced lab equipment.  The YubiKey is physically
protected and uses a PIN.

In the event of a  breach of the  YubiKey,  subkeys may be revoked
and new subkeys issued without  affecting the offline  master key.

I maintain a revocation certificate for use in case the master key
is compromised.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEMsk361Pa9SImG35c2FeN+Op8zxsFAlv/DlYACgkQ2FeN+Op8
zxsZ8Qf/W9X8H5VANWGAxkbdUcvXapo4OA7rkdVoDwso03DETQ0qdYDfpVUIGhup
K/18ucsbjn+uih3Zal3AE9It9PReX7lxFU5/YkYOCLMs1zDMn/YIWxF9Q+sHrG5k
TXB/dJlGeDmUlC4nV4hCMH9FfmrLyKZc9cBPFHJqcUWBdwvUls/sXYpqGY4MnM7w
v6Nq1o5frgecwPsxgUitaihIfTvV6HbSrespbOFWc3ZvvQpjE9Zk522mG/6FX6gG
tvioIx0gzcu2ILGEDKX9CxHUYxAjIbesxXdap6L4BRmYCIsQWpjkbrDLhx2elyeV
8yQltk01OXRR6/Z7AoyJ4FHjyOGV4w==
=njWH
-----END PGP SIGNATURE-----