[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| 40 vs. 128 bit certificate question

Hello Tom,

GlobalID, step up or server gated cryptography only may be required when
(old) exportable client software: first the client offers the server
a exportable cipher suite; when the server sents a special "step-up"
certificate (issued by Verisign) the client recognizes that the server
is allowed to use a strong cipher suite and starts a renegotiation handshake
to switch to the new cipher suite. If the client uses strong cipher suites
by default, step-up cryptography may not be required. Please look at
(last sections) for using server gated cryptography with iSaSiLk .


-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Tom van den Berge
Gesendet: Montag, 08. April 2002 12:42
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl]cu|| 40 vs. 128 bit certificate question

I'm trying to figure out what the (technical) difference is between a 40
and 128 bit certificate, like verisign is selling.
What is the actual difference between a "40-bit SSL Secure Server ID"
certificate and a "128-bit SSL Global Server ID" certificate. As far as
I know, there is no such thing as a keylength limitation in a certificate.
When my server application supports 128 bit encryption, and my client
application, too, I don't think that my 40-bit verisign server cert can
prevent the use of 128 bit keys?

In other words, why should I buy a 128 bits cert, which is more than
twice as expensive as a 40 bit cert.

Can anybody clarify these things to me?


Tom van den Berge                                tom.vandenberge@bibit.com
Development                                          V +31 (0)30 65 95 143
Bibit Internet Payments BV                           F +31 (0)30 65 64 464
Kosterijland 20                                              www.bibit.com
3981 AJ Bunnik
The Netherlands

Mailinglist-archive at

To unsubscribe send an email to listserv@iaik.at with the folowing content:

Attachment: smime.p7s
Description: application/pkcs7-signature