Can others with more incite to verisign certs verify this information for
me? thanks in advance:
In response to your question (see below) about surrogate/gated
functionality built into the major browsers since Netscape and IE version
3, the answer is simple. To address the global needs of the US financial
community, the US Government agreed to this functionality for both domestic
and exportable versions of the browser. The Federal Government agreed to
this provided the server that triggers the higher strength processing is
operating in the US or Canada and a domestic commercial certificate
authority (CA) with the capability of issuing such certificates is
utilized. To my knowledge, only VeriSign can provide such certificates. I
have been involved with the installation of global certificates on
Netscape, iPlanet, and IIS web servers since at least the first quarter of
the Year 2000. Initially, WebLogic servers could not handle global
certificates even though BEA claimed its software did. Once BEA completed
its legal agreement with VeriSign, the issue was supposedly
resolved. While I expect that this is true, I have never validated it for
myself. I don't recall that an Apache web server could handle the Global
certificates. To function properly, the supplier of the web server must
obtain special (export controlled) code from the issuing CA.
Note: I'm note exposing any secrets here. You should be able to obtain
this information freely from the VeriSign, Netscape, and Microsoft public
web sites. You just may have to dig for it awhile.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
