Ben: In response to your question (see below) about surrogate/gated functionality built into the major browsers since Netscape and IE version 3, the answer is simple. To address the global needs of the US financial community, the US Government agreed to this functionality for both domestic and exportable versions of the browser. The Federal Government agreed to this provided the server that triggers the higher strength processing is operating in the US or Canada and a domestic commercial certificate authority (CA) with the capability of issuing such certificates is utilized. To my knowledge, only VeriSign can provide such certificates. I have been involved with the installation of global certificates on Netscape, iPlanet, and IIS web servers since at least the first quarter of the Year 2000. Initially, WebLogic servers could not handle global certificates even though BEA claimed its software did. Once BEA completed its legal agreement with VeriSign, the issue was supposedly resolved. While I expect that this is true, I have never validated it for myself. I don't recall that an Apache web server could handle the Global certificates. To function properly, the supplier of the web server must obtain special (export controlled) code from the issuing CA.
Note: I'm note exposing any secrets here. You should be able to obtain this information freely from the VeriSign, Netscape, and Microsoft public web sites. You just may have to dig for it awhile. Sincerely yours; Marc Mandel At 10:10 PM 05/24/2002 +0200, Ben Nagy wrote: >G'day, > >Um, could you run through that at a more technical level for me? > >How exactly does a different Verisign cert at the server end make a 40 >bit "Colombian Special" browser suddenly able to support 128 bit >encryption? > >Intrigued, > >-- >Ben Nagy >Network Security Specialist >Mb: TBA PGP Key ID: 0x1A86E304 > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Marc E. Mandel > > Sent: Friday, May 24, 2002 8:08 PM > > To: [EMAIL PROTECTED] > > Subject: Re: OT: Encryption and Credit Card Processing > > > > > > Richard: >[...] The installation of > > global certificates trigger the Netscape surrogate and the Internet > > Explorer gated functionality. What this means is that > > 40-bit, 56-bit, and > > 64-bit versions of the browser will step up to 128-bit SSL > > sessions without > > the user having to install a browser or upgrade to achieve > > the stronger > > algorithm.[...] > > > > Regards; > > Marc Mandel >[...] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
