In the 90s, 'strong' cryptography - greater than 40 bit, and later 56 bit - was considered a munition in the US. So Netscape and Microsoft released two versions of their browsers: a US version with full 128 bit encryption and a weakened international version.
However there were exceptions: US-based finance sites could apply to selected CAs for a certificate that had a special flag that would allow non-US browsers to use 128 bit symmetric crypto. This is Server Gated Cryptography, or SGC.
Then, 15 years ago, in the final days of Bill Clinton's presidency, the US government eased the restriction and allowed any website to use strong cryptography. Browsers since IE 5.01 SP1 have this fix.
This should be the the end of the story. But it isn't.
The 2015 Internet Explorer 5 upsell
It's 19th May 2015. Symantec's 'Introduction to SSL' has the following header:
Introduction to SSL
- How SSL works
- Authentication and trust: EV SSL
- Strongest SSL encryption: SGC
Thus begins a trend you'll see in the rest of Symantec's website: make sure people know that SGC enables 128 bit encryption, draw attention to the importance of cryptographic strength, and absolutely do not focus on how the browsers that can use SGC are so rare their usage is undetectably low.
Clicking on the 'SGC' tab reveals:
SGC: True 128-Bit SSL Encryption
Server-Gated Cryptography (SGC) certificates enable 128-minimum to 256-bit SSL encryption*, the most powerful SSL encryption commercially available today. You need the strongest SSL encryption available, when...
- you accept credit card, debit card, purchase card, or other online payments.
- you allow network access to confidential bank or brokerage account information.
- you transmit healthcare or insurance claim records electronically.
- you must meet privacy and security standards as a government agency.
- your reputation depends on the privacy and integrity of your information.
The wording is remarkably clever, and the points made are true:
- Yes, SGC enables 128 bit encryption in old browsers.
- Yes, you do need 128 bit encryption when you accept payments, or when your reputation depends on the privacy and integrity of your information.
What's strongly implied, but never said outright - because it would be wrong - is that SGC is needed in most circumstances for any of those things. Yet we're fairly confident that the majority of people would leave with that impresssion.
The full article continues in the same manner: focus on strong encryption, ignore legacy browser support. This is how long Symantec takes from introducting SGC to pointing out the browsers this technology is relevant to:
IE 5.01 SP1 also has the fix, but we'll ignore that for now.
Non-technical people often purchase certificates, and even those who see 'Stroingest SSL Encryption: SGC' and make it past all the crypto speak may still not realize how rare Internet Explorer 5.5 and Netscape 4.72 are in 2015. Symantec's not going to tell them: the article quickly moves back to the importance of strong encryption.
Oddly enough, while taking screenshots for this article, we visited symantec.com using IE5 and soon our IP was blocked. Simply visiting the site with a browser that outdated is enough to trigger Symantec's attack detection. Symantec's site doesn't render or work in IE5 anyway - we had to use another browser to make the image at the top of this page. Which begs the question: if supporting IE5 is so important, why doesn't symantec.com do it?
This is why people think the SSL industry is awful
We're not the first to talk about this. SSLShopper discussed it in 2008 (read the definitely-real-people comments if you're in need of a laugh), Entrust covered it in 2012. Both are well known in the SSL industry, so it's fairly likely that Symantec are aware of what others think about they sell SGC. We suspect they find the commercial benefit of SGC sales - Symantec's regular EV certificates are $699, their EV+SGC certificates are $1199 - outweighs the effect of their brand so far.
For an industry based on trust, upselling SGC as a 'the strongest SSL encryption' while drawing attention away from the age of the browsers affected is inappropriate. Not only should we point out these activities, we have a duty to do so: this kind of behavior is why people think the SSL industry is awful.
If you're buying SSL certificates, be aware of how SGC is sold, particularly when non-technical people are paying for certificates. $500 USD is an awful price to pay for not being aware of how old some browser versions are. Consider whether you want to support a company - including it's sub brands like VeriSign, GeoTrust, Thawte and RapidSSL - that engages in these techniques.
The end of the line for SGC
The good news is that while some regions still advertise SGC in 'Introduction to SSL', other regions have removed the SGC content in the last few months. This isn't a sudden change of heart from Symantec: the current Chrome requires SHA2 signed certificates, which requires Windows XP SP3/IE6 or newer.
Since IE6 will happily do 128 bit encryption without SGC, Symantec can, 15 years since SGC made a difference, no longer upsell SGC for $500.