Server-Gated Cryptography: Difference between revisions
121.242.89.2 (talk) No edit summary |
|||
Line 7: | Line 7: | ||
Today, SGC certificates are widely considered to be [[obsolete]],<ref>http://www-uxsup.csx.cam.ac.uk/~jw35/courses/using_https/html/x746.htm, University of Cambridge page on Server Gated Cryptography, 3/12/2010</ref> as browsers requiring enhanced encryption capabilities are all but extinct, and many parties contend that facilitating the use of older, insecure browsers creates more security concerns than it remedies.<ref>http://www.sslshopper.com/article-say-no-to-sgc-ssl-certificates.html, SSLShopper.com "Say No to SGC", 3/12/2010</ref><ref>https://support.quovadisglobal.com/KB/a100/server-gated-cryptography-sgc-browsers-pose-security-risks.aspx, Server-Gated Cryptography (SGC) browsers pose security risks, 3/12/2010</ref> However, many certificate authorities continue to charge a premium for this kind of certificate. |
Today, SGC certificates are widely considered to be [[obsolete]],<ref>http://www-uxsup.csx.cam.ac.uk/~jw35/courses/using_https/html/x746.htm, University of Cambridge page on Server Gated Cryptography, 3/12/2010</ref> as browsers requiring enhanced encryption capabilities are all but extinct, and many parties contend that facilitating the use of older, insecure browsers creates more security concerns than it remedies.<ref>http://www.sslshopper.com/article-say-no-to-sgc-ssl-certificates.html, SSLShopper.com "Say No to SGC", 3/12/2010</ref><ref>https://support.quovadisglobal.com/KB/a100/server-gated-cryptography-sgc-browsers-pose-security-risks.aspx, Server-Gated Cryptography (SGC) browsers pose security risks, 3/12/2010</ref> However, many certificate authorities continue to charge a premium for this kind of certificate. |
||
When an SSL handshake takes place, the software (e.g. a [[web browser]]) would list the [[cipher]]s that it supports. Although the weaker exported browsers would only include weaker ciphers in its SSL handshake, the browser did also contain stronger cryptography algorithms |
When an SSL handshake takes place, the software (e.g. a [[web browser]]) would list the [[cipher]]s that it supports. Although the weaker exported browsers would only include weaker ciphers in its SSL handshake, the browser did also contain stronger cryptography algorithms |
||
[[Internet Explorer]] used SGC with 40-bit and 128-bit encryption starting with patched versions of [[Internet Explorer 3]], [[Internet Explorer 4|version 4]], and [[Internet Explorer 5|version 5+]]. |
[[Internet Explorer]] used SGC with 40-bit and 128-bit encryption starting with patched versions of [[Internet Explorer 3]], [[Internet Explorer 4|version 4]], and [[Internet Explorer 5|version 5+]]. |
Revision as of 05:35, 28 February 2013
Server Gated Cryptography (SGC) was created in response to United States federal legislation on the export of strong cryptography in the 1990s.[1]
The legislation had limited encryption to weak algorithms and shorter key lengths if used in software outside of the United States of America. As the legislation included an exception for financial transactions, SGC was created as an extension to SSL, with SGC certificates only issued to financial organisations.
This legislation has since been revoked and SGC certificates can now be issued to any organisation.
Today, SGC certificates are widely considered to be obsolete,[2] as browsers requiring enhanced encryption capabilities are all but extinct, and many parties contend that facilitating the use of older, insecure browsers creates more security concerns than it remedies.[3][4] However, many certificate authorities continue to charge a premium for this kind of certificate.
When an SSL handshake takes place, the software (e.g. a web browser) would list the ciphers that it supports. Although the weaker exported browsers would only include weaker ciphers in its SSL handshake, the browser did also contain stronger cryptography algorithms
Internet Explorer used SGC with 40-bit and 128-bit encryption starting with patched versions of Internet Explorer 3, version 4, and version 5+.
References
- ^ http://www.thawte.com/ssl-digital-certificates/technical-support/sgc/index.html, Thawte SGC Knowledgebase, 3/12/2010
- ^ http://www-uxsup.csx.cam.ac.uk/~jw35/courses/using_https/html/x746.htm, University of Cambridge page on Server Gated Cryptography, 3/12/2010
- ^ http://www.sslshopper.com/article-say-no-to-sgc-ssl-certificates.html, SSLShopper.com "Say No to SGC", 3/12/2010
- ^ https://support.quovadisglobal.com/KB/a100/server-gated-cryptography-sgc-browsers-pose-security-risks.aspx, Server-Gated Cryptography (SGC) browsers pose security risks, 3/12/2010