[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] International Step-Up Encryption Certificate



The step-up is basically a client side feature, it really only requires a
server that supports strong ciphersuites.

What happens is that export strength clients first initiate the
connection advertising only export ciphersuites and completing the
handshake. When it has been verified that a step-up is allowed the
connection is renegotiated now also allowing strong ciphersuites.
Successive connections are established using strong ciphersuites right
away.

Note that this is what I gathered from the documentation that is
available. As we cannot get such a certificate I could never actually try
it out live.

Regards,

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at

-----Ursprüngliche Nachricht-----
Von: Zahid Ahmed <zahid.ahmed@commerceone.com>
An: Andreas Sterbenz <Andreas.Sterbenz@iaik.tu-graz.ac.at>;
<iaik-jce@iaik.tu-graz.ac.at>
Gesendet: Dienstag, 14. September 1999 21:14
Betreff: RE: [iaik-jce] International Step-Up Encryption Certificate


How would IAIK iSASiLk "step-up" to use the stronger encryption
key?

What do we need to do to make the SSL Server step up when using
a Verisign Global Server ID?




smime.p7s