> Uhm, I see. But in that case, what happens if someone gets a (non-escrowed)
> DSA cert, and uses it for a secure web server only supporting the
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite (ephemeral Diffie-Hellman
> authenticated with DSS)? Strong, MIM-attack-resistant, and required by TLS
> for minimum compliance (and, HOPEFULLY, some day supported by popular
> browsers...)
Although it isn't clear if this will happen (or even if the govt. has
realised the possibility), the CA could set keyUsage flags in the
certificate to stop a DSA cert from authenticating a strong encryption key
at all, or limit authenticated encryption key length to 40 bits, or not
allow any further certification by that key. The wonders of X.509...
Ian.
