[6172] in cryptography@c2.net mail archive
Re: Thawte "SuperCerts"
daemon@ATHENA.MIT.EDU (Greg Broiles)
Wed Dec 1 18:45:09 1999
Date: Wed, 1 Dec 1999 13:25:44 -0800
From: Greg Broiles <gbroiles@netbox.com>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: cryptography@c2.net
Message-ID: <19991201132544.A16727@ideath.parrhesia.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <19991201193651.0366F41F16@SIGABA.research.att.com>; from smb@research.att.com on Wed, Dec 01, 1999 at 02:36:46PM -0500
On Wed, Dec 01, 1999 at 02:36:46PM -0500, Steven M. Bellovin wrote:
> In message <384544AA.C486CB58@nortelnetworks.com>, "Marcus Leech" writes:
> > The Thawte folks are busily promoting their "SuperCerts" which enable
> > 128-bit
> > symmetric modes in "International" versions of the various browsers.
> >
> > I guess I've been out of touch--is there an extension in web certs that
> > enables
> > better than 40-bit symmetric SSL modes? My assumption has always been
> > that
> > a 40-bit (or 56-bit) browser was "nailed" to that particular key size,
> > or
> > lower.
> >
> There's an exemption that permits 128-bit keys when talking to financial
> institutions. In SSL, this is enabled by some field in the merchant's
> certificate. Perhaps a "SuperCert" has that bit set?
Yes, this seems to be the Thawte version of Verisign's "Global Server
ID"'s; both have taken advantage of the DOC's modified regulations to
add an additional charge to merchants taking advantage of the program.
See <http://www.thawte.com/certs/server/128bit/contents.html> for the
Thawte, or <http://www.verisign.com/server/prd/g/index.html> for
Verisign.
--
Greg Broiles gbroiles@netbox.com
PO Box 897
Oakland CA 94604
