Message Signing Policy for Gonzalo Bermúdez

v1.3 - June 1, 2008

Policy statement

As of 2006-07-24, I'm signing all outgoing email with my OpenPGP key (email address removed to prevent spam):

pub   4096R/E2FC4825 2006-07-24 [expires: 2081-01-01]
      Key fingerprint = 607D 555B 2B11 B1B3 916A  CBDE 31E5 FE63 E2FC 4825
uid                  Gonzalo Bermúdez <>
uid                  [jpeg image of size 1346]
sub   1024D/C6348680 2006-07-24 [expires: 2081-01-01]
sub   2048g/BDDC0C50 2006-07-24 [expires: 2008-07-23]
sub   2048g/B705529D 2008-06-01 [expires: 2010-06-01]

These signatures mean only that it's very probably me who wrote those emails unless otherwise stated, and nothing else.

In certain situations, I may be unable or unwilling to sign a certain email. I should be contacted in case you need to confirm it was me who wrote it.

Due to the fact that it's so easy to forge an identity, there's absolutely no guarantee that an unsigned email came from me. It is also possible although unlikely, that my key gets compromised. Thus a signed email is no guarantee either, and it's up to you to determine the value of such a signature.

This statement should be extended to any other signatures I issue, like files or any other message type.

Version history

Version 1.3, 2008-06-01
Added the new encryption subkey, and the main and signing subkey's expiration date.
Version 1.2, 2007-07-04
Fixed XHTML issues. This version can be found here.
Version 1.1, 2006-08-30
Corrected some typos.
Version 1.0, 2006-08-27
Initial release.

This policy can and should be checked against its detached signature.


Copyright (c) 2006-2008 Gonzalo Bermúdez

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2.