Step-Up Cryptography is a variation of SSL that provides a way for weaker clients to detect the need for strong cryptography. This feature is referred to as Server Gated Cryptography (SGC) by Microsoft, and Step-Up Cryptography by Netscape*. iChain supports Netscape's Step-Up Cryptography. This feature is especially applicable for users running on Windows 98, Windows NT, users with older browsers (Internet Explorer 5.0, 5.5, and Netscape 4.7x), and machines that are used outside the United States.
Step-Up Cryptography depends on a server to have a special certificate that permits it to participate in strong cryptography with the client. This certificate must be issued by a trustworthy CA (currently only Verisign and Thawte), and must contain an extension that indicates it is step-up capable. This means that the clients that have step-up capability must contain the code for strong cryptography. Step-Up Cryptography is conducted by using SSL's handshake feature. After the client views the server's certificate and verifies the appropriateness of Step-Up Cryptography, it initiates a second handshake, and the messages for the second handshake are transmitted over the current protected session.
To use Step-Up Cryptography:
Obtain a Verisign Secure Site Pro certificate or a Thawte 128-bit SuperCert certificate by going to the applicable Web site.
Select Novell as the vendor. (If Novell is not available, select Silverstream. Do not select Microsoft.)
Follow the normal import process.