Bug#271692: seconding request to include SURFnet-PCA-Root-CA in Debian

[Teun Nijssen]

Hello Philipp,

Joost van Baal wrote:

Hi Philipp,

On Thu, Mar 20, 2008 at 05:12:11PM +0100, Philipp Kern wrote:

On Fri, Jul 08, 2005 at 09:59:58AM +0200, Teun Nijssen wrote:

I am Teun Nijssen, Security Advisor at Tilburg University, but also
responsible for the SURFnet GPG Keyserver at pgp.surfnet.nl as well
as for operating the SURFnet-PKI. My GPG key has been signed by
Phil Zimmermann (PGP) as well as Werner Koch (GPG).

I wholeheartedly support the Debian efforts of Joos van Baal in
general as well as specifically the inclusion of the
SURFnet-PCA-Root-CA in the Debian distributions.

your signature is the only one still valid and doesn't provide me
with a trust path (i.e. it does not list the SHA1 and MD5 checksums
of the certificate).

Joost's signature is invalid:
gpg: Signature made Tue 14 Sep 2004 17:12:34 CEST using DSA key ID 88C6EDF6
gpg: please do a --check-trustdb
gpg: Good signature from "Joost van Baal <[EMAIL PROTECTED]>"
gpg:                 aka "Joost van Baal <[EMAIL PROTECTED]>"
gpg: WARNING: This key has been revoked by its owner!
gpg:          This could mean that the signature is forged.
gpg: reason for revocation: Key is superseded
gpg: revocation comment: Superseded by B8FA C2E2 5047 5B8C E940  A919 5793 0DAB 
0B86 B06 (Joost E. van Baal (Nederland, 1970))
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7177 F40B 051B 5793 8A0B  E219 5F76 E17A 88C6 EDF6

gpg: Signature made Thu 07 Jul 2005 17:32:43 CEST using DSA key ID 22047F26
gpg: please do a --check-trustdb
gpg: Good signature from "Wessel Dankers <[EMAIL PROTECTED]>"
gpg:                 aka "Wessel Dankers <[EMAIL PROTECTED]>"
gpg:                 aka "Wessel Dankers <[EMAIL PROTECTED]>"
gpg:                 aka "Wessel Dankers (developer) <[EMAIL PROTECTED]>"
gpg: Note: This key has expired!
Primary key fingerprint: 458E 3F32 7F08 DBFE D930  EB70 C122 0C95 2204 7F26

Please provide me with two signatures (out of the strong set) and I will
take care of your request.

As is Wessel's (which actually provides the checksums):

Thanks for getting back on this request.  Unfortunately, it's no longer
useful to act upon it: SURFnet is ditching it's root certificate: it's
currently being phased out.

just to explain a bit of the background:





thanks, and keep up the great Debian work!

teun

three years ago SURFnet took the initiative for a pan european tender for server certificates. It proved so successful that the research networks of 15 countries are now part of the Terena SCS (Server Certificate Service) contract. In the past two (and the coming two years), the certificates are being issued under the GTE Cybertrust Global Root. A side effect of the SCS contract has been that people lost interest in their national NREN Root certificates. So indeed, the question of including or excluding the SURFnet-PCA-Root-CA in Debian is now irrelevant.

signature.asc
Description: OpenPGP digital signature