On Wed, Dec 01, 1999 at 02:36:46PM -0500, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]>, "Marcus Leech" writes:
> > The Thawte folks are busily promoting their "SuperCerts" which enable
> > 128-bit
> > symmetric modes in "International" versions of the various browsers.
> >
> > I guess I've been out of touch--is there an extension in web certs that
> > enables
> > better than 40-bit symmetric SSL modes? My assumption has always been
> > that
> > a 40-bit (or 56-bit) browser was "nailed" to that particular key size,
> > or
> > lower.
> >
> There's an exemption that permits 128-bit keys when talking to financial
> institutions. In SSL, this is enabled by some field in the merchant's
> certificate. Perhaps a "SuperCert" has that bit set?
Yes, this seems to be the Thawte version of Verisign's "Global Server
ID"'s; both have taken advantage of the DOC's modified regulations to
add an additional charge to merchants taking advantage of the program.
See <http://www.thawte.com/certs/server/128bit/contents.html> for the
Thawte, or <http://www.verisign.com/server/prd/g/index.html> for
Verisign.
--
Greg Broiles [EMAIL PROTECTED]
PO Box 897
Oakland CA 94604