v1.3 - June 1, 2008
As of 2006-07-24, I'm signing all outgoing email with my OpenPGP key (email address removed to prevent spam):
pub 4096R/E2FC4825 2006-07-24 [expires: 2081-01-01]
Key fingerprint = 607D 555B 2B11 B1B3 916A CBDE 31E5 FE63 E2FC 4825
uid Gonzalo Bermúdez <>
uid [jpeg image of size 1346]
sub 1024D/C6348680 2006-07-24 [expires: 2081-01-01]
sub 2048g/BDDC0C50 2006-07-24 [expires: 2008-07-23]
sub 2048g/B705529D 2008-06-01 [expires: 2010-06-01]
These signatures mean only that it's very probably me who wrote those emails unless otherwise stated, and nothing else.
In certain situations, I may be unable or unwilling to sign a certain email. I should be contacted in case you need to confirm it was me who wrote it.
Due to the fact that it's so easy to forge an identity, there's absolutely no guarantee that an unsigned email came from me. It is also possible although unlikely, that my key gets compromised. Thus a signed email is no guarantee either, and it's up to you to determine the value of such a signature.
This statement should be extended to any other signatures I issue, like files or any other message type.
This policy can and should be checked against its detached signature.
Copyright (c) 2006-2008 Gonzalo Bermúdez
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2.