N3PB PKI

Public Key Info

Contents of https://pki.n3pb.org/N3PB-PKI.txt:

N3PB-PKI.txt

Public key information for Phil Benchoff (benchoff@n3pb.org)

This is a plain text file which identifies my primary public keys.  You can
download it from https://pki.n3pb.org/ along
with detached signatures you can use for verification.  If you have
established trust in one of these keys, you can validate the others.

=========
PGP keys
=========

  Current:
    pub   3072R/83378A94FA6C4994 2011-10-05 [expires: 2021-10-02]
          Key fingerprint = 5CD5 EFA3 E1C5 20B1 B0ED  E38C 8337 8A94 FA6C 4994
    sub   3072R/AF1BE4F9363340BA 2011-10-05 [expires: 2020-12-05]

  Old:
    pub   1024R/7FDBB08DD827583D 1995-06-05
          Key fingerprint = E5 94 A9 D3 2C 65 98 3A  E7 F3 B8 F4 A5 30 03 5D

  You can obtain these keys from the public keyserver network with:
    gpg --recv-keys 83378A94FA6C4994 7FDBB08DD827583D

=================
X509 Certificates
=================

I also have a CAcert certificate.  I vastly prefer PGP to S/MIME, but here is
the info:


   Certificate:
      SHA256 Fingerprint=02:73:44:AE:2D:16:E1:51:22:C7:7A:5C:7C:3C:C4:34:60:9F:9C:19:63:88:11:37:34:9C:32:87:CF:CC:E6:F9
      Data:
        Issuer: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
        Validity
            Not Before: May 24 14:27:31 2017 GMT
            Not After : May 24 14:27:31 2019 GMT
        Subject: CN=Phillip E. Benchoff/emailAddress=benchoff@n3pb.org/emailAddress=n3pb@blacksburgskywarn.org

      Chain:
        Intermediate: CN=CAcert Class 3 Root
        Root: CN=CA Cert Signing Authority/emailAddress=support@cacert.org

      You can get the certificate chain at http://www.cacert.org/.

=================
Misc Assertions
=================
Other bindings between my public key and me:
* Twitter: https://twitter.com/n3pb/status/444258668117495809
  (2014-03-13 status update, profile link)
* LinkedIn: http://www.linkedin.com/in/philbenchoff (see Publications section,
   also 2014-03-13 status update)
* FaceBook: https://www.facebook.com/phil.benchoff/posts/10202691984774054
  (requires login)
* Keybase: https://keybase.io/n3pb

Signatures for https://pki.n3pb.org/N3PB-PKI.txt: Other assertions of key ownership:

PGP

Trust Paths

From key id: to my key
From my key: to key id:
Stats for key:

Certification Practices

I have not yet defined any formal certification practices. Here are some notes on the levels of verification:

RFC-4880 Section 5.2.1 defines signature types. Types 0x10 to 0x13 define key certifications and the level of verification. GnuPG represents these as levels 0 to 3. Level 0 is the default. The default min-cert-level option is 2 which means that level 1 signatures are ignored. Level 0 signatures are always used.

Here are the definitions from RFC-4880 Section 5.2.1:
0 Generic certification of a User ID and Public-Key packet. The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID.
1 Persona certification of a User ID and Public-Key packet. The issuer of this certification has not done any verification of the claim that the owner of this key is the User ID specified.
2 Casual certification of a User ID and Public-Key packet. The issuer of this certification has done some casual verification of the claim of identity.
3 Positive certification of a User ID and Public-Key packet. The issuer of this certification has done substantial verification of the claim of identity.

From the GnuPG Manual under --default-cert-level:
0 means you make no particular claim as to how carefully you verified the key.
1 means you believe the key is owned by the person who claims to own it but you could not, or did not verify the key at all. This is useful for a "persona" verification, where you sign the key of a pseudonymous user.
2 means you did casual verification of the key. For example, this could mean that you verified that the key fingerprint and checked the user ID on the key against a photo ID.
3 means you did extensive verification of the key. For example, this could mean that you verified the key fingerprint with the owner of the key in person, and that you checked, by means of a hard to forge document with a photo ID (such as a passport) that the name of the key owner matches the name in the user ID on the key, and finally that you verified (by exchange of email) that the email address on the key belongs to the key owner.
Note that the examples given above for levels 2 and 3 are just that: examples. In the end, it is up to you to decide just what "casual" and "extensive" mean to you. This option defaults to 0 (no particular claim).

CAcert

I am also a CAcert assurer. I can award 35 assurance points. You will find me listed if you search in Blacksburg (Montgomery), Virginia, United States.

You can find all the information on what it takes to be assured at the CAcert web site. Here are a few things to keep in mind:

# If you have a trusted copy of the CAcert root certificate in your default trust store
# and want to verify my certificate:
openssl verify N3PB-CAcert.pem

# If you have a trusted copy of the CAcert root certificate in a file
# and want to verify my certificate:
openssl verify -CAfile cacert-root.pem N3PB-CAcert.pem

# If you have a trusted copy of my certificate and want to verify N3PB-PKI.txt
openssl smime -verify -in N3PB-PKI.txt-CAcert.pem -inform PEM -content N3PB-PKI.txt -nointern -certfile N3PB-CAcert.pem

$Id: index.shtml,v 1.13 2015/12/17 16:34:19 benchoff Exp $