[6185] in cryptography@c2.net mail archive
Re: Thawte "SuperCerts"
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu Dec 2 16:32:30 1999
Message-ID: <38465308.D847E9DB@algroup.co.uk>
Date: Thu, 02 Dec 1999 11:07:52 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Marcus Leech <mleech@nortelnetworks.com>
Cc: Radia Perlman - Boston Center for Networking <Radia.Perlman@East.Sun.COM>,
cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Marcus Leech wrote:
> So: two questions (with a possible answer of "use the source, luke"):
>
> o What bits are set in a "super cert" to indicate that it's a SGC
> or step-up cert? Or is it simply that certs issued by a super-cert
> authority (as marked in the browser CA cert database) are always
> "step up" certs?
The latter.
> o I'm thinking that there's a bit in the CA cert database that
> Netscape and
> IE maintain that says "OK to issue SGC certs". Anyone know where
> the bit
> is?
Yes, it is known, at least for Netscape, but I'm afraid I've forgotten
where it is documented. There's also a program to tweak Netscape's CA
cert DB to mark a CA of your choice for SGC.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
