Server-Gated Cryptography
   HOME

TheInfoList



Click Here for Items Related To - Server-Gated Cryptography
OR:
Server-Gated Cryptography on:   [Wikipedia]   [Google]   [Amazon]

Server-Gated Cryptography (SGC), also known as International Step-Up by
Netscape Netscape Communications Corporation (originally Mosaic Communications Corporation) was an American independent computer services company with headquarters in Mountain View, California and then Dulles, Virginia. Its Netscape web browser was onc ...
, is a defunct mechanism that was used to step up from 40-bit or 56-bit to 128-bit cipher suites with SSL. It was created in response to United States federal legislation on the export of strong cryptography in the 1990s. The legislation had limited
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
to weak
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algorithms are used as specificat ...
s and shorter key lengths in software exported outside of the
United States of America The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territo ...
. When the legislation added an exception for financial transactions, SGC was created as an extension to SSL with the certificates being restricted to financial organisations. In 1999, this list was expanded to include online merchants, healthcare organizations, and insurance companies. This legislation changed in January 2000, resulting in vendors no longer shipping export-grade browsers and SGC certificates becoming available without restriction.
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical user interface, graphical web browsers developed by Microsoft which was used in the Microsoft Wind ...
supported SGC starting with patched versions of
Internet Explorer 3 Microsoft Internet Explorer 3 (IE3) is a graphical web browser which was announced in March 1996, and was released on August 13, 1996 by Microsoft for Microsoft Windows and on January 8, 1997 for Apple Mac OS (see IE for Mac). It began serious ...
. SGC became obsolete when Internet Explorer 5.01 SP1 and
Internet Explorer 5.5 Microsoft Internet Explorer 5 (IE5) is a graphical web browser, the fifth version of Internet Explorer, the successor to Internet Explorer 4 and one of the main participants of the first Browser wars, browser war. Its distribution methods and Wi ...
started supporting strong encryption without the need for a separate high encryption pack (except on
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
, which needs its own high encryption pack that was included in Service Pack 2 and later). "Export-grade" browsers are unusable on the modern Web due to many servers disabling export cipher suites. Additionally, these browsers are incapable of using SHA-2 family signature hash algorithms like SHA-256. Certification authorities are trying to phase out the new issuance of certificates with the older SHA-1 signature hash algorithm. The continuing use of SGC facilitates the use of obsolete, insecure Web browsers with HTTPS.Server-Gated Cryptography (SGC) browsers pose security risks
3/12/2010 However, while certificates that use the SHA-1 signature hash algorithm remain available, some certificate authorities continue to issue SGC certificates (often charging a premium for them) although they are obsolete. The reason certificate authorities can charge a premium for SGC certificates is that browsers only allowed a limited number of roots to support SGC. When an SSL handshake takes place, the software (e.g. a
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
) would list the
cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
s that it supports. Although the weaker exported browsers would only include weaker ciphers in its initial SSL handshake, the browser also contained stronger cryptography algorithms. There are two protocols involved to activate them. Netscape Communicator 4 used International Step-Up, which used the now obsolete insecure renegotiation to change to a stronger cipher suite. Microsoft used SGC, which sends a new Client Hello message listing the stronger cipher suites on the same connection after the certificate is determined to be SGC capable, and also supported Netscape Step-Up for compatibility (though this support in the NT 4.0 SP6 and IE 5.01 version had a bug where changing MAC algorithms during Step-Up did not work properly).


See also

*
FREAK A freak is a person who is physically deformed or transformed due to an extraordinary medical condition or body modification. This definition was first attested with this meaning in the 1880s as a shorter form of the phrase " freak of nature ...


References


External links


Microsoft's page on Server Gated Cryptography

Old mod_ssl documentation
on SGC, Step-Up and Global-ID Cryptography Transport Layer Security {{SSL/TLS