>[SGC cert]
>I got one from: zvinet.creditanstalt.co.at
Thanks for that. Apart from the standard keyUsage and use of an obsolete
certificatePolicies extension containing the usual Verisign policies and
qualifiers, the extension of interest is:
1157 30 32: SEQUENCE {
1159 06 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
1164 04 25: OCTET STRING, encapsulates {
1166 30 23: SEQUENCE {
1168 06 9: OBJECT IDENTIFIER
: serverGatedCrypto (2 16 840 1 113730 4 1)
: (Netscape)
1179 06 10: OBJECT IDENTIFIER
: serverGatedCrypto (1 3 6 1 4 1 311 10 3 3)
: (Microsoft enhanced key usage)
: }
: }
Interestingly, this enables SGC for both MSIE and Netscape in a single cert.
I don't have the necessary tools/software here to check this at the moment, but
is the signing cert - 'VeriSign International Server CA - Class 3' - available
from the browser? It's not one of the standard ones included with MSIE or
Netscape, unless it was in a version newer than the ones I examined.
Peter.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
