Gervase Markham wrote:
Does anyone know where I can find a definitive list of browsers for whom
SGC is helpful? That is to say, a list of browsers for which, if I
connected to a site with an SGC certificate, would provide a higher
grade of encryption than if I connected to an identical site with a
non-SGC certificate?
I'll assume you mean to ask about SGC and all similar schemes, such as
SSL Step Up.
The list is constituted of the export versions of browsers subject to US
export restriction that were produced before the restriction was lifted
back in well it must be around 2001, so that's IE until 5.01, Netscape
until around the 4.6 version (you remember it went up to 4.78 or maybe
4.8 ?).
All of them are unsupported with major security issues.
One could find oneself using that by installing the first version of
Windows 2000 (or an even earlier OS), and not installing any update. The
survival time of such a configuration on the internet is probably
counted in seconds.
Also, are there technical reasons why some CAs cannot issue SGC
certificates? Does it require specially-marked roots?
Yes, those browsers allowed SGC/Step-up only for a restricted list of
pre-installed root CA certificates.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
