[6170] in cryptography@c2.net mail archive
Re: Thawte "SuperCerts"
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Dec 1 16:07:24 1999
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Marcus Leech" <mleech@nortelnetworks.com>
Cc: cryptography@c2.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 01 Dec 1999 14:36:46 -0500
Message-Id: <19991201193651.0366F41F16@SIGABA.research.att.com>
In message <384544AA.C486CB58@nortelnetworks.com>, "Marcus Leech" writes:
> The Thawte folks are busily promoting their "SuperCerts" which enable
> 128-bit
> symmetric modes in "International" versions of the various browsers.
>
> I guess I've been out of touch--is there an extension in web certs that
> enables
> better than 40-bit symmetric SSL modes? My assumption has always been
> that
> a 40-bit (or 56-bit) browser was "nailed" to that particular key size,
> or
> lower.
>
There's an exemption that permits 128-bit keys when talking to financial
institutions. In SSL, this is enabled by some field in the merchant's
certificate. Perhaps a "SuperCert" has that bit set?
--Steve Bellovin
