Informations

My name is Stéphane Guedon, and I am living in Aarhus, Denmark.

You can download my key here, or on the keyservers.

It is a 4096 bits RSA key created the 3 th of march 2015 with this fingerprint:

F6B2 DCE3 B6F6 A972 FF3A 1C9B 2041 3A8E 7F36 CE55

The original markdown file of this document is available here (just miss the extension), and it is signed.

In case of any doubt, it is the French version of this document that makes law. This version is valid from the day of publication until I publish a new one.

Keysigning

I sign your key, you sign mine (after checking each other ID) and everybody is happy in a brave new world. OK ?

My usual signature is «marginal trust». It is the trust granted on signing parties.

As I explain in this article, I think trust is more a matter of skills rather than ID checking.

None trust

You just created your first key and you ask me to sign it, or it is younger than six months and nobody has signed it yet ?

I will think you lack experience and sign with a none trust.

But if you ask me after a minimum period of three months, I will sign it again, with a marginal or total trust.

I will ask to meet you personally again, or in visual (for ID checking, through Firefox Hello for example).

Total trust

I sign with a total trust in those cases:

We know each other since the dawn of time

There, no problem. I know you and trust your skills.

This case is not possible currently. I write it for reasons of completeness.

The shared secret method

You ought to prove me your seriousness and ownership of the key.

I ask you to write me a mail to arrange a meeting. This mail has to contain all the keys you want me to sign. It must also be signed itself with one of those keys, and encrypted.

In the mail, you will reveal a secret that you will confirm during the meeting (that you will come dressed in green, or you love James Joyce, or…). I will do the same.

If you could not send me a secret in the mail, we can still agree on one during the meeting and you send me the mail later (signed and encrypted of course).

Signing policy

If you have a defined signing policy and I judged it correct.

If I don't judge it correct, you will then have a marginal trust, whatever the case.

Yes, I know. It's hard ! Life is life !

Proof of skills

If your key is older than one year with good characteristics and more than ten signatures. You can also have done a correct key transition and the previous key has more than ten signatures.

You have at least one document signed with the key on your website or elsewhere (github for instance…). A Keybase.io proof doesn't count.

These two conditions (key qualities and signed document) are both necessary.