PGP-USERS List Charter

Table of Contents:

1. Introduction
2. Topics & Purposes of the List
3. Subscriptions
4. List Administration
5. CoAdmin Guidelines
6. Appropriateness
7. Good Things to Do on This List
8. Things Not to Do on This List
9. Administrative Posts
10. Standard Administrative Actions
11. Corrective Administrative Actions
12. The Small Print

1. Introduction:

The PGP-USERS list is a public benefit resource provided by a nonprofit 501(c)(3) private foundation (server, mailing list management, volunteer time, etc) for the Internet community at large. The charitable organization, CryptoRights, therefore reserves the right, through its List Administrator representative(s) to modify the list and its membership as deemed necessary by the CryptoRights Foundation's governing entities, in order to protect the public benefit work of the foundation and to maintain the list as an open, uncensored service to the Internet privacy community. Regardless of any modifications made, however, under no circumstances will personal information about subscribers be voluntarily shared with any entity, either inside or outside of CryptoRights, other than those chartered to work with that information for purposes of maintaining the list.

2. Topics & Purposes of This List:

The PGP-USERS list was established for, and continues to promote:

• Open discussion of technical issues surrounding the use of the "PGP" (Pretty Good Privacy) encryption software, "GnuPG" (aka "GPG", an OpenPGP implementation) and any other implementation of PGP protocol(s), e.g. asking and answering questions such as: "how do I do this with this encryption software/technology/etc?"
• A forum for a multitude of PGP encryption and privacy-related issues such as:
  • Political aspects of privacy and encryption.
  • Cryptography export control/administration.
  • Public Key Infrastructures and cryptographic key management.
  • Debates about government/third-party key escrow issues.
  • Use of cryptography with anonymous remailers, pseudonymous services and other responsible identity management techniques.

NOTE: Any message which already contains the phrase "this may be off-topic, but..." (or any variation thereof) probably doesn't need to be read by the rest of the list's subscribers. If you do have something on-topic to say, please feel free to say it, but don't post a message of questionable topicality unless you consult the Current CoAdmin first. See the sections below on Appropriateness, Good Things To Do and Things Not to Do, and rely on your good sense and the Golden Rule.

3. Subscriptions:

Any person may subscribe to the list from an email account that they control. Once a person's subscription has been confirmed, that person becomes a member of the PGP-USERS community and is expected to abide by this Charter.

PLEASE NOTE THAT BY SUBSCRIBING TO, OR POSTING TO, THIS LIST, YOU INDICATE YOUR AGREEMENT TO ABIDE BY THIS CHARTER: YOUR FAILURE TO DO SO MAY RESULT IN THE TEMPORARY SUSPENSION, OR LOSS, OF YOUR MEMBERSHIP PRIVILEGES AT THE DISCRETION OF THE LIST ADMINS.

Only current subscribers may Post to the list, and they may post only from the address(es) they subscribe. A person may subscribe up to a maximum of two (2) email addresses for the purposes of posting from one address and reading the list from another. Subscribing more than two addresses at any one time constitutes a Minor Infraction as defined in the Section on Corrective Administrative Actions below.

Only current subscribers may view the List Archives.

Administrators of other lists may distribute the PGP-USERS list to additional groups, provided that (A) digitally-signed permission is obtained from the PGP-USERS List Admin prior to the forwarding or re-distribution of the list, and provided the forwards themselves (B) clearly identify the party responsible for the forwarding mechanism, (C) indemnify CryptoRights from any liability that might result from the forwarding, and (D) the forwarding mechanism preserves any identifying information so that the ultimate recipients know who posted what and that it was posted originally to the PGP-USERS list and that (E) the forwarding 'From' address contains the string 'pgp-users'.

To protect the privacy of the list's members as much as possible, only the List Admin may view/alter the names, addresses and/or the number of current subscribers. CoAdmins may from time to time access the subscriber information, but are strictly prohibited from using the information for any other purpose than the management of the PGP-USERS list. Subscriber information will not be shared voluntarily with any entity under any circumstances, except when required by CoAdmins for administrative purposes limited to specific incidents and subscribers, or in extremely rare situations where there is a legal requirement for members of the Board of Directors of the CryptoRights Foundation to confirm that a specific person is a subscriber to protect the foundation from prosecution by legal authorities.

4. List Administration:

This list is administered by the PGP-USERS List Admin, who represents the CryptoRights Foundation, Inc, which provides this service. Administration involves the configuration of the mailing list management software and associated technical responsibilities, as well as the development and auditing of list policy with the CoAdmins, the coordination of CoAdmin duties and rotations and any special key management required to ensure security and authenticity of material related to the list.

The list is moderated, as unobtrusively as possible, by "CoAdmins" who form a crew of subscriber-volunteers. CoAdmins serve in rotations, depending on their availability and willingness. During each rotation, the Current CoAdmin serves as the main contact person for the entire PGP-USERS subscriber community and the initial decision-maker for issues raised by subscribers. Subscribers should consider the Current CoAdmin as the Sheriff, the other CoAdmins as a Jury of Peers, and the List Admin as the Judge.

VERY IMPORTANT NOTE:

Please note that any and all messages pertaining to the operation of the list, to your subscription to the list or to the behavior of any other member of the list community MUST be sent to the Admins ONLY and not to the actual list posting address. Experience has shown us that we must enforce this particular rule very strictly: if you violate it more than once, your subscription will be terminated and you may be asked not to re-subscribe for a period of time up to infinity. Ignorance of this specific prohibition is absolutely no excuse.

The Current CoAdmin volunteer on duty receives email at pgp-users-coadmin [at] cryptorights.org. The Current CoAdmin is always the primary contact person for assistance of any kind. Please allow up to two weekdays for a reply.

The CoAdmin Crew receives email at pgp-users-coadmins [at] cryptorights.org. Please use this address only when necessary, and only after contacting the Current CoAdmin first.

The List Admin page has a key for private mail if needed, and is found here. Official administrative posts requiring a digital signature will be signed by this key. Please use this address only as a last resort, and only after first using the two above.

5. CoAdmin Guidelines:

1. PGP-USERS list subscribers can volunteer to be a CoAdmin by sending a message to the List Admin at pgp-users-admin-humanoid [at] cryptorights.org with the Subject: "CoAdmin volunteer inquiry". CryptoRights Membership is not required to apply. Subscribers who have materially contributed to the list and who have demonstrated good character, helpful qualities and patience may also be invited to join the CoAdmin crew.
2. To qualify as a CoAdmin, a person must have been subscribed to the PGP-USERS list for a minimum of six (6) months, with no significant infractions or substantiated complaints from other subscribers.
3. The existing CoAdmins (including all who have served in the past and all those scheduled to serve in the future) will conduct an authenticated vote to confirm an applicant. In the event that there are no suitable candidates or volunteers, the List Admin may appoint a person who otherwise qualifies.
4. All CoAdmins will be provided with an CryptoRights email account/mailbox, an alias of their choosing at the cryptorights.org domain and a special keypair to use during their rotation.
5. CoAdmins should maintain high standards of professionalism and good netiquette in all communications with each other and subscribers. If a subscriber has a complaint about a CoAdmin, it should be directed to the List Admin for review, along with supporting evidence including the CoAdmin's entire (signed) message and a specific, concise claim.
6. CoAdmins should always warn offenders first and give them reasonable time to correct a problem. However, when time pressure requires it (e.g., if someone left a 'vacation' program to mail-bomb the list), or if the infraction is judged to be extreme in nature, the Current CoAdmin may suspend or unsubscribe a user without warning, notifying the List Admin in the process. In any case, the CoAdmin will send the user an email message explaining the problem and the proposed or actual resolution being contemplated or in effect.
7. All CoAdmin warnings or advisories sent (off-list) to list members should be CC'd (or BCC'd as appropriate) to the internal CoAdmin crew list in order to keep the other CoAdmins informed of a particular situation as it develops or is resolved.
8. All CoAdmins should track both positive and negative behaviour/netiquette on the list and may choose to maintain notes on the reputations of specific persons for use when discussing situations with other CoAdmins. All notes pertaining to reputation issues should be dated and concurrently PGP-signed.
9. Administrative messages to the list may be posted only by a CoAdmin (or another administrator temporarily charged with posting the notice for the Current CoAdmin). Any Administrative message must contain [ADMIN] in the subject line to clearly mark it as administrative in nature. Under no circumstances may a subscriber post an [ADMIN] message to the list: this will result in immediate disciplinary action.
10. CoAdmins should send any messages relating to actions taken during the performance of their duties FROM the official CryptoRights volunteer/staff email account bound to their PGP key (i.e. From: admin_userid [at] cryptorights.org). If this is not possible, any other CoAdmin or the List Admin may temporarily be designated to forward the message to the list, signed by their key. CoAdmin messages sent from personal accounts are not acceptable.
11. To strengthen the legitimacy, and prevent repudiation, of administrative messages, the Current CoAdmin MUST sign administrative action messages sent to the list or to subscribers off-list using the official currently valid CoAdmin key. All such messages must also include the URL of the signing key so that the recipient can acquire it easily. In the event of a signature failure, recipients may request that the message be re-sent or confirmed via an alternate method (e.g. a TEXT file attachment signed and encrypted to their personal key).
12. Should any CoAdmin fail to perform his/her duty, be rude or disrespectful, or otherwise become incapable of dispatching his/her duties (e.g. personal events prevent her/him from moderating the list), he/she may resign or be removed from his/her CoAdmin status by a majority vote of the other CoAdmins. In the event of a split decision by the other CoAdmins, the List Admin may cast the deciding vote on behalf of the CryptoRights Foundation.

6. Appropriateness:

Subscribers should use the list appropriately at all times, which includes, but is not limited to, remaining on-topic as described above. Remember that you remain the judge of whether or not your message is appropriate only until the moment that you post it. Once you post, you relinquish the right to judge your post. At that point, the list administrators and your fellow subscribers become the judges of the quality, appropriateness and civility of your communications. Be absolutely certain that you have carefully read the preceding sentence and that you understand it very clearly. If you have a question about this, ask the CoAdmins before you begin to participate actively on the list.

Since it is impossible to maintain a complete list of everything that is (or might be) inappropriate, the basic rule is: use your Common Sense and if you're not sure, ask the Current CoAdmin before doing it. The CoAdmins will make a judgement call on borderline issues: this is good for you because you cannot be held responsible in case it later turns out not to be a wise idea.

TO ASSIST YOU in evaluating the appropriateness of your messages BEFORE posting, be advised that the following uses are pre-defined as BEING INAPPROPRIATE to this list:

• Meta-discussions about the list itself are not allowed. A classic example of this is complaining on the list about someone else's post. Any concerns you have about the list, or about another subscribers' behaviour, must be sent directly to the Current CoAdmin. The sole exception to this rule is that the CoAdmins may occasionally post administrative comments about circumstances raised by one or more subscribers on behalf of other subscribers which they are resolving after off-list deliberations. If you have constructive suggestions or any concerns about this policy itself, please send off-list email to the List Admin.
• Conspiracy theories, libel and other provocative activities (a.k.a. "trolling", "flame-baiting") are not welcome behaviours. It's also illegal in most countries to make unsubstantiated charges about another person or company in a public forum. Please do not post your opinions about any entity's products or services unless there's a PGP-related technical security problem involved.
• Any kind of rude or obnoxious behavior, including overly 'brusque' comments, will not be tolerated. If your post were spoken directly to another person face to face, and would be considered impolite by a reasonable observer, your post has failed basic netiquette standards. If any dispute arises between two or more subscribers, the Current CoAdmin(s) may be asked (off-list) to render an impartial decision.

Under no circumstances should a subscriber send inflammatory comments to the list or try to correct another person's behavior on the list: let the list administrators take care of problems.

• Ignore the offender and hope the offending behavior stops on its own. This often works. Pouring fuel on a fire does not put it out.
• Contact the Current CoAdmin with your complaint, including specific details and a concise quote of the offending material. Put a premium value on any volunteer admin's time, just as you would you own.
• Express your objection to the offending person off-list, being as constructive and non-judgmental as possible. You may optionally CC/BCC the Current CoAdmin.

In addition, any member of the CoAdmin crew may intercede on- or off-list and declare something 'inappropriate' or 'off-topic' if he/she believes that further discussion may degrade the quality of the list (e.g. trigger a flame-war or divert useful discussion toward unrelated material). Please respect all administrative decisions so that full moderation remains unnecessary.

If you disagree with, or have an issue with, any CoAdmin's decision, inform the CoAdmin crew immediately. If the CoAdmin crew cannot satisfy your needs, you may then contact the List Admin directly, but under no circumstances should you ever post a complaint about anyone to the list unless your issue has first been reviewed by the list administrators.

7. Good Things to Do on This List:

1. USE COMMON SENSE.
   Please observe all standard, widely-held principles of Netiquette.
   See RFC 1855 <http://www.dtcc.edu/cs/rfc1855.html>
   In particular, if you wouldn't say or do something in a crowded public room, please don't do it on this list.
2. MAINTAIN A RELIABLE EMAIL ADDRESS.
   It is the minimum responsibility of all subscribers to maintain a valid email address associated with their subscription. Should a subscriber's email address bounce, that subscriber may be immediately removed from the list without warning.
3. KEEP ON-TOPIC with your posts (see above).
4. BEHAVE professionally and politely at all times. If a post makes you angry, wait 24 hours and cool down before writing your reply.
5. BE RESPECTFUL to other subscribers.
   Keep in mind that what might seem polite to you could sound mean or harsh when it is read in an email message. You are not the judge of what is rude: other people are.
6. PRUNE QUOTED TEXT down to the minimum necessary to convey your ideas.
   If you remove other peoples' PGP signatures, replace them with your own to maintain some form of authentication chain.
7. BE THOUGHTFUL in your replies. Re-read your message at least once before posting it.
8. DON'T POST FAQs (Frequently Asked Questions):
   Before posting your first question, look for the answer yourself in:
   • The PGP manuals (always included with the software, and) online at
     <http://www.pgpi.org/doc/>
   • Various PGP FAQs on the Internet:
     <http://www.pgpi.org/doc/faq/>
     
   • The PGP-USERS list archive is available (to current subscribers only) at
     < https://lists.cryptorights.org/mailman/private/pgp-users/>. You will be prompted for your subscription password, which you can have sent to you by accessing your "subscriber options" from the subscription webpage (password reminders are also sent automatically to each subscriber every month).
     
9. USE PRIVATE EMAIL for answers to simple/common questions.
   Think: do thousands of people need to read your post?
10. HELP CONSERVE other peoples' bandwidth and time. Keep your posts short!
    In particular, don't post a public or private key to the list.

8. Things Not to Do on This List:

Members/Subscribers who have difficulty co-existing with this democratically constructed Charter's guidlines may be warned, suspended temporarily or removed permanently from the list at the discretion of the CoAdmins or the List Admin. Removal is extremely rare. Refer to the section below on 'disciplinary action' for more information on the consequences of actions that violate either the principles of common sense or specifically uncooperative behaviours, including the following:

• NO ADVERTISING!
  No commercial announcements, product marketing or spamming is allowed, period.
  Incidental discussion of products specifically related to PGP/encryption/privacy is acceptable. If someone clicks a URL in your e-mail footer, the page that person ends up on is between you and them.
• NO PGP-ENCRYPTED MESSAGES.
  Post only in plaintext/cleartext. PGP-signed messages are OK, but they are generally unnecessary. Excessive use of signatures, or the failure to delete all but the relevant signature (your own), can make your posts overly long and annoy other memberss. Be selective about which messages you sign: it may even keep you out of trouble someday (look up the word "repudiation").
• DON'T POST "ME TOO" MESSAGES.
  Don't add one line with "I agree" to a long post and repost it.
• DON'T SEND SUBSCRIBE OR UNSUBSCRIBE MESSAGES TO THE ENTIRE LIST.
• DON'T SUBSCRIBE OR UNSUBSCRIBE OTHER USERS.
  If you get caught doing this, your known addresses will probably be permanently banned from re-subscribing to the list. This includes attempting to hijack the entire list through subterfuge (it's been tried).
• DON'T POST 'TEST' MESSAGES.
  Ask the CoAdmin or the List Admin "Is this list working?" — not thousands of fellow subscribers. If something were broken, querying the list about it would be highly illogical. Only the administrative staff can fix it anyway.
• DON'T POST "APOLOGY" MESSAGES.
  Don't post 'whoops!' or 'sorry about that!' messages: they only make things worse. Generally, it's too late anyway: everyone can plainly see you've done something dumb and the only people who cares to hear an apology will ask you for it directly. If you do something serious that really does warrant an apology and you've got the integrity to make a public apology, then a CoAdmin will help you communicate with the appropriate parties off-list, or s/he may post a summary in an [ADMIN] message signed by one or more CoAdmins.
• BE NICE: NO FLAMING.
  Personal insults and/or attacks on any other person or entity may very easily get you suspended or even removed.
• AVOID DISRESPECTFUL, OFFENSIVE OR PROVOCATIVE LANGUAGE.
  Comments such as 'ad hominem' attacks, and especially any remarks concerning anyone else's physical characteristics, religious beliefs, or sexual or political orientation are grounds for immediate suspension or removal, depending on the gravity. Being deliberately provocative in such a way as to invite bad behavior on the part of others is also frowned upon, and may invite disciplinary action by the CoAdmin(s). If you're not sure what 'provocative' means, see the cautionary note below on 'playing dumb'.
• NO LARGE MESSAGES
  Any post of more than 200 lines in length or greater than 10K in size is pushing the size limit. The Mailing List software may also be adjusted to automatically block posts over a certain size: if your messages bounce, the universe is trying to tell you something about being a more efficient communicator. Extremely long items of monumental importance should be placed on web pages: if you have one, but you have no website of your own, please ask the List Admin to post it on the PGP-USERS Resources Webpage for posterity.
• DO NOT SEND YOUR PGP PUBLIC KEY TO THE LIST.
  Please use the web or the public keyservers --and not this list-- for key distribution. You are strongly advised to read the PGP documentation and/or ask questions about this on the list first. It's OK, and even considered polite and advisable, to include a URL to your key on a webpage in your standard email footer or '.sig' or in your mailer's outgoing X-headers. Under no circumstances should you post anyone's private key or passphrase (especially someone else's) to the list.
• DON'T SEND ATTACHMENTS TO THE LIST.
  This especially applies to 'vcard' attachments, but also to any non-MIME artifacts of your mailer. Please learn how to use your email program before posting: it's relevant to security and a minimal expectation of other subscribers already on the list.
• AVOID HTML-FORMATTED MESSAGES.
  These are unnecessary, break many peoples' (old) mail programs, are usually too large and often ruin any PGP signatures. HTML posts annoy people and can cause flaming: it's best to simply avoid them. If you truly need HTML to communicate an idea, put it on a web page and post the URL to the list.
• DON'T PLAY DUMB WITH THE LIST ADMINS.
  First of all, if you can spell the word cryptography, you're already too intelligent not to know when you're not playing well with the other kids. Second, this list is operated by volunteers who do not have the time to teach you how to be an enlightened being. If you make a mistake and get called on it, please be mature about it. Everyone will want ro move on, rather than argue and make it worse. Everyone is also human, and we all make mistakes, so be calm and reasonable and others will follow your example. Please consider whether it's more important to be 'right' than to be a constructive member of the PGP-USERS community, and act accordingly. Hint: if you frequently insist on making others wrong, you may find yourself being 'right busy' ...finding another list for arguing with people.

9. Administrative Posts:

From time to time, the CoAdmins may post administrative messages to the list. These should be clearly labelled as ADMIN posts, and normally involve list management information.

When necessary to correct a situation, any CoAdmin (or the List Admin) may send a signed administrative message to the list, for example, when advising the list that a particular thread/topic has already been collectively deemed to be off-topic (this is another reasons why we are lucky to have CoAdmins who have subscribed for many years).

We recognize that some off-topic posts may prompt replies. Subscribers who are not yet aware of the topic's removal may consider such respondents to be innocent. Therefore, At the discretion of the CoAdmin who posted the off-topic advisory, a reasonable delay will be allowed before taking any action concerning replies to the original off-topic post. This may mean a delay of from 1 to 24 hours, after which a subscriber who continues to post to an off-topic thread (or reply to it) will be advised directly off-list.

10. Standard Administrative Actions:

All reasonable list members should endeavour to render this section of the List Charter unnecessary.

Generally, the CoAdmin volunteers are present to make sure things run smoothly and help people with list difficulties. List members should regulate their own behaviour and maintain a constructive presence among fellow community members. On occasion, however, certain behaviours known to be counterproductive may persist to the point where the Current CoAdmin or List Admin is requires to act to resolve a persistent issue so that the list is not disrupted.

The Current CoAdmin or List Admin may take any reasonable action s/he deems necessary to protect the integrity of the list's discussions from unapproved or counterproductive behaviour. All of this activity must be conducted off-list and may include one or more of the following remedies:

• A Subscriber may be required to re-familiarize her/him/itself with the List Charter by reviewing it for a specific period of time (e.g. anywhere from a day to weeks). Such review periods are intended to be constructive (we might even get good ideas about improving the Charter). The Reviewee is expected to observe the 'honor system' and may continue to read the list, but may not post to it. Once notified that the review period has concluded posting may resume. A Reviewee who posts to the list while under review may be suspended from the list indefinitely while the CoAdmins discuss the situation with the Reviewee directly. The Reviewee may at any time send a direct appeal to the List Admin to state her/his case.
• A Subscriber may be asked (or required) to apologize to specific parties or to the entire list for specific behaviour contrary to, or violating the principles of, the List Charter. This request must be signed by the Current CoAdmin key (available from the List Admin) and may only be sent to the Subscriber while suspension or removal is still pending (in an attempt to resolve the issue). On the rare occasion when an apology is required, it should be signed by the Subscriber's key and sent only to the CoAdmin for review. The message will then be forwarded in a signed [ADMIN] message to the offended party or the list as appropriate. This procedure closes the issue so the entire community can get back to important discussions on the list and take their private discussions off-list. Please don't be the first person asked to apologize.
• A Subscriber who unsubscribes another member without permission or attempts to hijack the list in any way may be terminated immediately from the list without discussion. Depending on the seriousness of the situation, the termination may either be long-term or permanent. Upon receipt of a signed termination request from any CoAdmin, the List Admin will perform the removal and provide a signed confirmation of that action. Please don't be the second person to be terminated from the list for this type of misbehaviour.

11. Corrective Administrative Actions:

This is another section of the List Charter that should be unnecessary, so we try to keep things as simple as possible and expect subscribers to abide by the straightforward rules on the Honor System. If a subscriber becomes intransigent or obstreperous, the CoAdmins and/or List Admin will apply a corrective action. The admins will try to consistently apply the same basic guidelines fairly and equally, with the emphasis always on fairness.

Minor/Occasional Behaviour: The Current CoAdmin may send a short off-list "advisory" email to the offender(s) explaining the situation and reminding them of the desired behavioural modification(s). In some cases, another list member may raise a serious objection that will get acted upon immediately. In most cases, this advisory message is sent after the second time an objectionable behaviour has occurred. Either way, just one advisory message should be all that is required for a cooperative community member to modify her/his behaviour.

A few examples of minor issues that have been addressed in the past (but not a comprehensive list) include: off-topic or inadvertent/intentionally rude/crude posts; broken HTML messages; posting of public keys; vcard or file attachments; subscribing more than two addresses; spoofing other subscribers; cross-posting to excessive numbers of recipients and/or lists simultaneously, etc.

Frequent/Extreme Behaviour: If a person repeatedly behaves uncooperatively, obstructs the smooth operation of the list in any way, and/or causes other subscribers to complain to the CoAdmin(s), the Current CoAdmin is authorized to act decisively. Depending on the specifics, corrective actions may include enabling manual moderation of the member's posts (review & approval) or suspension of the member's posting privileges for a period of review or permanent removal of the member's address(es) from the list. Whenever possible, the CoAdmin will advise the offending member of the problem and solution first before taking further actions. However, in extreme cases no warning may be feasible. Any person whose subscription has an administrative action applied may appeal to the entire CoAdmin Crew and/or to the List Admin to have the action reversed.

All administative action messages must be signed and sent off-list whenever possible. Any member under review who posts administrative messages to the list will be considered as not cooperating in the fair resolution of the issue as per this Charter. In such cases, a request for permanent termination of the member's subscription(s) may immediately be sent to the List Admin.

12. The Small Print:

This Charter document <http://www.cryptorights.org/pgp-users/charter.html> constitutes the entire and current policy for the PGP-USERS list, supersedes any prior general guidelines or rules, and is subject to change at any time, upon email notice to the list subscribers. Under no circumstances will any CryptoRights member, volunteer, staff or officer be permitted to modify any part of this Charter pertaining to the privacy of subscriber information.