A quick search found the reseller for Verisign for the Asia/Pacific region. Their site describes their SSL certificates as 128bit and 40bit at http://www.esign.com.au/server/. Worse still, they describe the 40bit certificate as "standard".
(I do wonder why people just don't buy the cheaper Thawte certificates. <envy> If they did, Mark Shuttleworth wouldn't be enjoying his trip to the ISS </envy>). The global cert costs about twice the standard cert. As for the law in Australia on cryptography, this seems a reasonable page on International encryption. http://rechten.kub.nl/koops/cryptolaw/ Finally, their support for servers mentions Apache-SSL with no mention at all of openssl. Without a little more information about which browsers are causing trouble, there's not a lot more we can do. - John Airey Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] The teaching of evolution as a proven fact rather than a theory has done more harm to scientific progress than anything else in history. -----Original Message----- From: Eric Rescorla [mailto:[EMAIL PROTECTED]] Sent: 26 April 2002 16:17 To: [EMAIL PROTECTED] Subject: Re: Key strength confusion [snip] As far as I know, there is in fact no such thing as a 40-bit cert. There are two kinds of certificates: (1) Ordinary X.509 certs containing an RSA key of whatever strength you've chosen. (2) Certs containing the SGC/Step-Up extensions. There are three kinds of browsers in the world: (1) Really old export browsers which will only do 40 bit crypto. (2) Newer export browsers which will do SGC/Step-Up. (3) Old domestic browsers or new (post export-control removal) export browsers which do strong crypto. So, the interaction matrix between certificates and browsers looks like this: Cert Browser Ordinary SGC/Step-Up ---------------------------------------------------------------- Old Export 40-bit crypto 40-bit crypto Newer Export 40-bit crypto SGC/Step-Up to strong New Export/Domestic Strong crypto Strong crypto There is no way to tag an X.509 certificate in such a way that it is 40-bit only. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
