1 files changed, 75 insertions, 1 deletions

diff --git a/doc/qualified.txt b/doc/qualified.txt
index 083550734..f6a54d66e 100644
--- a/doc/qualified.txt
+++ b/doc/qualified.txt
@@ -13,7 +13,8 @@
 # property with its OpenPGP signature.  Check this signature before
 # adding entries:
 #  svn pg gpg:signature qualified.txt | gpg --verify - qualified.txt
-
+# to create a new signature:
+#  f=qualified.txt; gpg -sba $f && svn ps gpg:signature -F $f.asc $f
 
 #*******************************************
 #
@@ -108,6 +109,79 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B  de
 A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  de
 
 
+#
+# D-Trust root certificates.  Probably by shifting a lot of Euros to
+# laywer companies, German CAs achieved to get the permission to
+# create their own legally binding root certificates - independent of
+# the Bundesnetzagentur.  The main problem with this is that it is
+# hard to figure out what qualified root certificates are actually
+# active.  There is now no way to be sure whether a signature is a
+# qualified one.  A pettifogger's way of validating certificates.
+#
+
+#Serial number: 00B95F
+#       Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+#      Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+#          aka: [email protected]
+#          aka: (uri http://www.d-trust.net)
+#     validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+#     policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31  by phone 030-259391-0 and callback by Mrs. Enke]
+E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C  de
+
+
+#Serial number: 00B960
+#       Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+#      Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+#          aka: [email protected]
+#          aka: (uri http://www.d-trust.net)
+#     validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+#     policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31  by phone 030-259391-0 and callback by Mrs. Enke]
+98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04  de
+
+
+#
+# S-Trust root certificates.
+#
+
+#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+#       Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#      Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#     validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9  de
+
+#Serial number: 00BC098E0402E92956B8D7DE74977E26F7
+#       Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#      Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#     validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC  de
+
+
+
+
 #*******************************************
 #
 #                 End of file