-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =============================================================================== OVERVIEW OpenPGP and SSH Key policy for Slater Fingerprint: 6734 373B D016 8435 EBE9 9D09 20A4 C22F 92F9 7D24 Policy URL: https://igloo.to/keypolicy.txt.asc Public KEY: https://igloo.to/slater.asc SSH keys: https://dl.igloo.to/keys Created: 2021-10-22 Version: 1.1 Update date: 2021-10-22 All keys signed by 6734 373B D016 8435 EBE9 9D09 20A4 C22F 92F9 7D24 use this policy, unless a subsequent policy has been published at the policy URL. This document describes: - - Cryptographic methods and security precautions for both my PGP and SSH keys; - - My personal PGP signature policy =============================================================================== CURRENTLY ACTIVE KEYS - - SSH: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZQdXzYW+Wkai0paSUJTpSYhYbBs2jPbqrvSNzACJiK igloo@igloo.to-20200426 - - GPG: sec# rsa4096/20A4C22F92F97D24 created: 2021-09-06 expires: never [C] ssb> rsa4096/3C54904FD84E3643 created: 2021-09-06 expires: 2024-09-05 [S,E] =============================================================================== KEY SECURITY All keys described in this document were generated on an air-gapped, stateless system purchased in-person using non-electronic methods. The system has had all ports (RJ45, Wi-Fi, etc...) removed or permanently disabled. Both the master keys and the signing system are stored in an encrypted format on redundant, detached disks; these disks are then kept inside of a RF-shielded container. The container is kept within a safe in an environment with persistent on-site monitoring. Subkeys (and the SSH key) are stored on a Yubikey 5. The Yubikey has been configured to use PIN authentication for all sessions; further, a confirmation push is required for each signature/authentication. The administrative PINs are stored alongside the master keys. The usage PINs are memorized and are not stored. In the event of a suspected subkey breach, all subkeys will be revoked and a new subkey will be issued from the parent master. An encrypted revocation certificate for the master key and all subkeys is maintained at several geographically distributed locations. =============================================================================== SIGNING POLICY It is my personal belief that the name of a given individual (that is, the personal identifier which they prefer to be referred to by) should be based on what the individual desires to be called, insofar as the individual's desire is not in an attempt to defraud or confuse. My signing policy is largely based on this belief; individual validations are not strictly performed on the basis of legal identity. In contrast, organizational/group validations will be performed on the basis of control over a given entity's existing presence. All validations confirm that the user at a given e-mail address maintains the private key which has been signed. +------+---------------------------------------------+ | Type | Definition | +------+---------------------------------------------+ | sig0 | Undefined - No signatures will be issued | | | at this level by me under this policy. | +------+---------------------------------------------+ | sig1 | Basic - I certify that I reasonably believe | | | the key is held by the listed entity on the | | | basis of interaction. The validation is | | | entirely contextual; no in person | | | interaction has necessarily occurred. | +------+---------------------------------------------+ | sig2 | Medium - I have physically met the | | | individual (or, in the instance of an | | | organization/group, an empowered | | | representative of the group) and have | | | confirmed their PGP fingerprint with them. | | | Further, I have verified at least one of | | | the following: | | | - The identifier matches their legal name | | | on at least one legal document issued by an | | | entity that I recognize; | | | - The identifier matches the name that I | | | reasonably believe they use on a day-to-day | | | basis; | | | - In the instance of organizations - They | | | are capable of demonstrating control | | | over organizational resources in a manner | | | that only an empowered member would be | | | able to perform. | +------+---------------------------------------------+ | sig3 | Strong - In addition to the requirements | | | for medium validation, one of the following | | | must be true: | | | - The identifier matches their legal name | | | on at least two legal documents, issued by | | | at least two distinct legal entities which | | | I recognize; | | | - I have personally known the individual by | | | the listed identifier for at least a 6 | | | month period, during which they have used | | | it as an active identifier; | | | - In the instance of organizations - The | | | representative must have be publicly | | | identifiable as a reasonably empowered | | | organizational representative for a period | | | of at least 1 month. | +------+---------------------------------------------+ =============================================================================== SIGNATURE PROCEDURE Following the verification process, I will record a copy of either the key fingerprint or the public key to be signed in a manner that I reasonably believe is reasonably protected against tampering (signing a temporary message with my signature key, storing it in an encrypted and signed storage medium, etc...). A copy of the key will subsequently be brought into the air-gapped environment, appropriately signed, then sent to the user via an encrypted and signed e-mail. =============================================================================== -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEGrgCapGYpv6cwBKxPFSQT9hONkMFAmFzf+oACgkQPFSQT9hO NkMYSw//XJX0gUqV8OS8XDEviR5Q+MRd5bUdC3LO/0bHtB3mDbEsIYTbOaa3tUCy rjaPT1DPIHcLYvG1q+p/szxuUfOHLx/cj0UInlPr9fdPD+oUDY3BTTd6sqMcty55 JY3mcHyFoX26bSmj5lAqjJeFXuv5Y3e43BcfwT1/ZbqwTKd4/eAWWCQIdectFIbq VSZgjgl/3UD2WTaGYaDLcFCNPmp5A5djn+aOxpN2vwd/o2l9JgLOfnPel7T5JMa/ m596KB/EygxI8NcUAXfRZVyL8782tfhTmzn/plxX3PiGGGiMkaMatjxJt4jX7EJk 62XTh/CVwxtWFUd+JBtSKxlQmAiESwOUqKaxGTfdfSHCx5ULrrCiRpRuXhX6rN8s WV8lbYeCqTRa30jPcAyd9Z8kF+M5uot9ky0+srkafm6zx40qmatEzSC455sT5CYA aa2y/TC7EKhFax7Vr9XS0d5LbnP3PUffNNjNyEMhWu6hz4IKQUKeg2hBg2L7cl64 hsZvF4oVKpHP4niTL7YL4gUOQZe+x14f7cvj8mi60G8sg38NWiXRLMS+2E+XQFCq 63mwcKfm1cJc7T2U1rshC2Tjf7qiYtfAzGizFcmtdW9BQ/8vBNf/gPw8XWT7GCMz FFeoU7VqIy9PFI9q3H2CCZ7jcBvUDV8dQuiRSHaZZTbJ1BL/m/A= =YsVS -----END PGP SIGNATURE-----