Re: About GPG-signing the public RSA keys of Debian machines
On Tue, 2006-10-10 at 22:24 +0200, Joerg Jaspert wrote:
> On 10803 March 1977, Kurt Roeckx wrote:
>
> > I assume you've used https and that you verified the certificate?
> > And saw that it was issued by SPI? And then you looked up SPI's
> > certificate? And you found that there is a text file with the SHA1 and
> > MD5 sum signed by Wichert Akkerman?
> > For those that don't know those files:
> > http://www.spi-inc.org/secretary/spi-ca.crthttp://www.spi-inc.org/secretary/spi-ca-fingerprint.txt
>
> Well, thats the old CA certificate, expires in January 2007.
> I just moved that to files with an -old in it and added the new CA to
> that site, with a fingerprint file signed by me. (Im one of
> hostmaster@spi).
The page is still displaying the old fingerprint. It says
ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5, but:
vezult@feanor:~$ openssl x509 -noout -md5 -fingerprint < spi-ca-old.crt
MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
vezult@feanor:~$ wget http://www.spi-inc.org/secretary/spi-ca.crt
--16:36:08-- http://www.spi-inc.org/secretary/spi-ca.crt
=> `spi-ca.crt'
Resolving www.spi-inc.org... 217.196.43.136
Connecting to www.spi-inc.org[217.196.43.136]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,171 [application/x-x509-ca-cert]
100%[====================================>] 2,171 --.--K/s
16:36:09 (20.70 MB/s) - `spi-ca.crt' saved [2171/2171]
vezult@feanor:~$ openssl x509 -noout -md5 -fingerprint < spi-ca.crt
MD5 Fingerprint=3B:30:4A:04:E8:8D:AC:48:B4:5F:EF:D5:A8:07:9E:91
-davidc
--
To err is human. To moo, bovine.
Reply to: