Pardon my dumb question: can you expand on or give a reference regarding
your "point to note." What temporary RSA key are you referring to: a
temporary PK RSA or RSA (CORP) symmetric ciphers (RC 2/4) (I presume the
former)? What is "naughty"? Thanks.
Bill Price
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
> Sent: Friday, October 15, 1999 6:27 PM
> To: [EMAIL PROTECTED]
> Subject: Re: FYI: Certs from "U. S. Government DoD"
>
>
> Anonymous wrote:
> >
> > Wanna see what certs from the U.S. Department of Defense look
> > like? Try gutenberg.ncr.disa.mil:443. They're pretty plain,
> > except for a "Policy" extension with a long ASN1 id unknown
> > to OpenSSL.
> >
>
> Yeah I've seen these before. You can probably use the info therein to
> pull a CRL as well.
>
> Point to note. The first one is from an SSL server and it has keyUsage
> as just keyEncipherment. If this is usable with SSL v3 export ciphers
> then its naughty because export ciphers use the certified server key for
> digital signing of the RSA temporary key.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
