> > It is not a special extension per se (although the MSIE handling
> > could be called extension ;-). It is just a certificate signed by
> > a special CA (the certs of which are only available by financial
> > institutions) and the browser remembers its true strong crypto
> > capabilities.
>
> What does this mean in terms of the browser; does the export (40-bit)
> MSIE all of a sudden do strong crypto?
In effect, yes. During connection set up, if the browser sees
that the server has a magic certificate, it closes and re-opens the
connection, and on the second open it offers a set of preferred ciphers
that include the 128-bit ones. The server picks the strongest one,
and away you go....
> > The same game is with netscape. The CA in question is Verisign.
> > Look for Global Server ID.
>
> :-( Those of us who prefer to have Thawte sign (cheaper, easier)
> are going to be out of luck for the time being.
Yes. It is an open question as to whether the U.S. Government will
ever delegate control of its crypto policies to non-U.S. certificate
authorities.
Perhaps someone from Thawte or Belsign might be able to give
us an update?....
Farrell.
--
Farrell McKay
http://www.fortify.net/
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
