Peter,
What would you estimate is the feasibility of constructing
an SGC cert from a non-M$, non-NS root?
Andrew Hall.
-----Original Message-----
From: Peter Gutmann <[EMAIL PROTECTED]>
Date: Viernes 29 de Mayo de 1998 15:28
Subject: Re: [ssl-users] 128-bit on Microsoft IIS and export
>>[SGC cert]
>
>>I got one from: zvinet.creditanstalt.co.at
>
>Thanks for that. Apart from the standard keyUsage and use of an obsolete
>certificatePolicies extension containing the usual Verisign policies and
>qualifiers, the extension of interest is:
>
>1157 30 32: SEQUENCE {
>1159 06 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
>1164 04 25: OCTET STRING, encapsulates {
>1166 30 23: SEQUENCE {
>1168 06 9: OBJECT IDENTIFIER
> : serverGatedCrypto (2 16 840 1 113730 4 1)
> : (Netscape)
>1179 06 10: OBJECT IDENTIFIER
> : serverGatedCrypto (1 3 6 1 4 1 311 10 3 3)
> : (Microsoft enhanced key usage)
> : }
> : }
>
>Interestingly, this enables SGC for both MSIE and Netscape in a single
cert.
>
>I don't have the necessary tools/software here to check this at the moment,
but
>is the signing cert - 'VeriSign International Server CA - Class 3' -
available
>from the browser? It's not one of the standard ones included with MSIE or
>Netscape, unless it was in a version newer than the ones I examined.
>
>Peter.
>
>
>+-------------------------------------------------------------------------+
>| Administrative requests should be sent to [EMAIL PROTECTED] |
>| List service provided by Open Software Associates, http://www.osa.com/ |
>+-------------------------------------------------------------------------+
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
