Hi.
Is it possible to reopen this inclusion request?
As far as I can see it was closed, as the DFN PCA Global Cert is now
also signed by Deutsche Telekom Root 2, right?
But:
1) These are still two different and independent organisations
(Deutsche Telekom is commercial, DFN academic).
Of course it does not make sense to include any "sub-CA" but DFN is
definitely not just a sub-CA of Deutsche Telekom. I think one should
consider this more as a uni-directional cross-signing ;)
Imagine Mozilla Foundation would create its own CA and simply sign all
of its current CA's (Verisign, Thawte, etc.)...
It would probably - especially from a security point of view - make no
sense to only include the root cert of Mozilla's CA.
I mean the farer away the root cert, the lesser it's value for trust
and/or security.
2) As far as I can see, only ONE of DFN's root certs is "cross-signed"
by Deutsche Telekom, namely the "DFN-Verein PCA Global - G01".
The others:
DFN-Verein PCA Classic - G01
DFN-Verein PCA Grid - G01
DFN-Verein PCA Basic - G01
are not covered by this, but are still very interesting.
If you would consider inclusion of these 4 root certs, I'd add a
OpenPGP signed request.
I've received offline copies of the fingerprints via several means:
- printed in different editions of the "Linux Magazine"
- via meeting with one of the persons working at DFN PKI.
- via a DFN Forschungsbericht (printed book, which can be ordered at the DFN)
My key in turn is signed by at least some Debian developers.
Best wishes,
Chris.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
