5.4. Server Gated Cryptography

Some Certification Authorities offer "special" certificates which claim to offer better levels of encryption than standard certificates. These are variously described as "HyperSign Certificates", "Global-Server-IDs" or "SuperCerts". These are all examples of a technology called "Server Gated Cryptography" (SGC) or "International Set-Up".

During the period of tight US restriction on the export of strong cryptography it was recognised that some applications, electronic banking being that most usually cited, really needed better cryptography than was available in export version browsers. Therefore versions of browsers from Netscape and Microsoft were shipped with strong cryptography code included but disabled by default. A small number of "approved" CA's were authorised to issue special certificates for websites of approved organisations which would unlock the strong cryptographic capability when communicating with these sites.

Since January 2000 the restrictions on export of cryptographic software have been largely removed and current browsers are able to use strong cryptography, assuming the server supports it (and most do). Therefore SGC certificates will only make a difference to connections established from old browsers, but old browsers must be assumed to contain bugs that make them unsuitable for applications where security is an issue. In addition, SGC certificates are typically much more expensive than standard ones, despite differing only by a few bits.

If strong encryption is necessary for a particular application then an alternative to using SCG certificates would be to configure web servers to reject weak encryption and to recommend a browser upgrade.