N. wrote: > > > Just thought you might know the answer to this one: how is it that > > > Verisign is selling certificates for 40 bit and 128 bit encryption - the > > > chosen session key size has nothing to do with the certificate! or am I > > > completely off here? > > > > I don't quite understand the question... are you asking > > what it means to sell a certificate for a particular session key size? > > Yes, that's what I'm asking. If all a certificate includes is the public key > and information about the key holder, where is the "use only export grade key" > directive hidden? > > > Go look at the certificate extensions supported by each browser; > > they grant permission to use particular session key sizes. > > I found no information about this. I must have been searching with the wrong > keywords. Anyway, what you seem to be saying is that when the server sends the > certificate to the client, the client reads a certificate extension that says > the session key should be export grade. > This doesn't seem logical since the client selects the possible > algorithm/keysize (e.g. SSL_RSA_WITH_RC4_128_MD5, > SSL_RSA_EXPORT_WITH_RC4_40_MD5) in its' initial ClientHello message, before it > even got the server's certificate. The client has to present a *list* of ciphersuites. If he presents both an export and a high-security option, the server may choose the export one. > This suggests it's the server that needs to enforce the 40/128 key size > issue. This also fits in the regular SSL model where the server has last say > about key size, in its' ServerHello message. > So, is there anything in the DigitalID (a.k.a certificate?) which directs > the server what maximum key size to use? is it a certificate extension? if I > were to write my own SSL server, would anything force me to use a 40 bit > certificate issued by Verisign with 40 bit session keys only? > I'm not looking for a way to bypass the restriction, I just want to know how > my server is supposed to figure out if 128 bit session keys can be used with a > particular certificate. This is beyond my expertise, but try searching for "Netscape International Step-Up" and "Microsoft Server Gated Cryptography" (SGC). If the client sees a particular extension in the server's cert, it will renegotate with a higher security cipher. This is so the US Government can say which servers can be high security or not. I'm quite sure that with open source client and server, there's nothing stopping you. The only question is whether you will be able to get a server cert from one of the CA's built into the particular browsers you want to support. If you're in the US, no prob. Otherwise, you might only be able to get a low-security cert, and IE5 might conceivably refuse to complete a high security negotiation with you. I have no idea. I'm CC'ing the list because this is way beyond my experience. You might want to check out one of the books mentioned on the list recently; see http://www.kegel.com/ssl/ - Dan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
