JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
 
Certificates
Our products range
Partners
Support
Focus


History of SGC certificate

SGC history enlightens us on the reasons of its future disappearance.

Historical context

During WWII, cryptographic technology soon becomes an indispensable tool (via Enigma) and is, after the conflict and until 1992, considered as a military technology by the US government. On the first days of the Cold War, the US government introduces a law preventing a cutting edge technology from being used by the Eastern Block.

That law forbids the exportation of any form of high-end cryptographic solution. Equipment (browsers, software...) that was meant to be used outside the US frontiers was then restrained to 40-bit (the same equipment could already enable 128-bit session on the US territory).

It is that law that created a need for SGC certificates.

Birth

Financial organizations doing business with foreigners had to find a way to enable high-powered cryptography to secure sensitive data.

SGC - Server Gated Cryptography - is created at that time. It is not a new kind of certificate but rather an extension that can be applied on existing kind of certificates.

They were issued by few CAs (previously handpicked and approved by the US government) to few financial organizations only.

Back then, SGC certificate was the prerogative of an elite and its use had to comply with strict recommendations.

Golden age

In January 2000, the law specific to the exportation of cryptographic material is revoked and 128-bit encryption can then be used by any kind of organization.

Two major consequences:

  • Manufacturers unbridle their products. Browsers and software released after January 2000 can manage 128-bit sessions by default without the help of SGC certificates.
  • Sales of SGC certificates explode. They allow 128-bit encrypted connections with out-of-date material.

Decline

SGC lifespan is, by essence, linked to the lifespan of browsers / machines released before January 2000. Once they will be gone, there won't be any utility for SGC certificates anymore.

The decline began the very day SGC certificates were released for general use as they became less useful with any browsers new release.

Nowadays, browsers that need SGC to enable 128-bit sessions count for less than 1% of the global market. On those browsers, the encryption level is far from a priority given the numerous security failures they carry.

TBS INTERNET choice

We chose to keep providing SGC certificates. That said, they have been put aside and are presented as an out-of-date technology.

In a near future they will disappear as they won't be needed anymore and because they encourage users not to update their obsolete browsers.

EDIT : 20150129 - Final disparition of SGC

For a few months now, we have started the progressive migration from SHA1 to SHA256 (that becomes mandatory as of January 1st, 2017). But browsers released before 2001 and requiring SGC do not support SHA256. It is the reason why SHA256 SGC certificates do not exist.

SHA256 becoming the standard, SGC certificates have to disappear.
(See our communication: SGC is about to disappear)

Situation of certification authorities

GlobalSign

GlobalSign ceased issuing SGC certificates in September 2011.

Comodo / TBS X509

TBS X509 and Comodo SGC certificates will disappear along with SHA1 certificate, meaning at the end of year 2015.

For owners of currently valid certificates we propose a promotional code to replace their product by a new one:

TBS X509 PRODUCTS
migrat2014shaTbs
COMODO PRODUCTS
migrat2014shaCom

Offer details:

  • Valid for the replacement of a certificate issued by TBS INTERNET
  • 20% discount only applicable on the migration of a SHA1 currently valid certificate to a SHA256 one
  • Only applpicable for an identical replacement (same CN, organization...)
  • TBS X509 code: valid for the migration of a TBS X509 SHA1 product to its SHA256 counterpart
  • Comodo code: valid for the migration of a Comodo SHA1 product to its SHA256 counterpart
  • Valid from 2014-09-18

Thawte

Thawte takes a lead and schedules the disappearance of its SuperCert (SGC) range of products around mid-2015 (probably by the beginning of July).

Owners of currently valid Thawte Supercert certificates will be notified by email. They will have to choose a replacement product. TBS advise:

  • You want to keep using the same root?
    In that case select Symantec Secure Site (£233)

  • The security level is your priority?
    Then choose Thawte SSL EV SHA256 (£183) - full audit, encryption up-to 256-bit and SHA256 signature - most powerfull hash algorithm

  • You want to keep working with the same certification authority?
    Then Thawte SSL Standard (£89) will meet your needs

In your token account is in credit with this kind of product, you'll have to make a token conversion. To do so, contact our customer service (marianne.bonjour@tbs-internet.co.uk) to gat a proposal. Just indicate which tokens you'd like to convert.

Useful links