> 1.> I'm wondering if it's possible to make a digital cert that
supports/uses SCG (Server Gated Cryptography), and if so, > how?
>
> [Lee] I think you have to be a big company, like MS or Netscape, and
negotate a special deal with the NSA.
I don't think so. Better yet, search for SGC (not SCG)
Well, as long as we're picking nits (Especially since Greg doesn't
seem to make mistakes in his explanations.)
> I can create one using OpenSSL and get it
> signed by Verisign without paying a penny to MS or Netscape. I'll have to
> pay Verisign of course, perhaps more than usual (~US $500),
day, April 25, 2001 4:44 PM
Subject: RE: SCG, DSA
> Greg,
>
> As your link states, you need to have a CA cert signed by a root SGC CA
and as I recall, both MS and NS have to control access to such entities
quite closely (ie. you need to be a big company or at least you have to be
big enough to
3.> When I use the .cnf file, putting in
my own data... it doesn't seem to work. Of note is the DATE -- even if I
stick in, say, 3650 days, the cert still defaults to a years expiry. Why
don't my changes to the cnf file work -- is there some sort of trick or
something I'm missing??
[Lee]
riginal Message-
From: Greg Stark [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 25, 2001 3:56 PM
To: [EMAIL PROTECTED]
Subject: Re: SCG, DSA
> 1.> I'm wondering if it's possible to make a digital cert that
supports/uses SCG (Server Gated Cryptography), and if so, >
1.> I'm wondering if it's possible to
make a digital cert that supports/uses SCG (Server Gated Cryptography), and if
so, how?
[Lee] I think you have to be a
big company, like MS or Netscape, and negotate a special deal with the
NSA.
4.> Finally, I notice a problem w
