RE: SSL and negotiated key strength

["Scott, Richard" <Richard.Scott () BestBuy com>]

<SNIP>
i'm wondering why folks are still buying global/super certs given that
non-crippled browsers have been available for a while now (perhaps 2
years?).  i don't see the need for step-up or SGC hacks any longer.
<!SNIP>

It depends on essentially what your aim is.  Conducting commerce on the web
to a general audience, one must try every opportunity to raise the bar on
security and privacy.  I believe that this issue has yet to raise it's head
in a legal battle (eCommerce vs consumer), but I am sure it will.  Many
customers may not have the privileged information to upgrade encryption
packs to use 128bit.  More so, one has to realize what is the real cost of
risk and if risk can be mitigated, one should go down that route.  

For the work I am involved in, we have been testing with the idea, and there
are so many problems we have ran into, that we may not run with it.
However, it's a proactive measure in enabling customer to use stronger
security than they may be aware of.

But, I am curious as to see if anyone has this working on IIS.

My 2 cents.
r.

Richard Scott   
Information Security
? Best Buy World Headquarters
7075 Flying Cloud Drive
Eden Prairie, MN 55344 USA
The views expressed in this email do not represent Best Buy
or any of its subsidiaries.



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards