SGC "steps up" older, export-only browsers or email clients that were restricted to 40 bit SSL encryption by U.S. export laws (in effect at the time of their release). SGC was devised as a shortcut to avoid the need for users to update these older browsers. It should be noted that there hasn't been a 40 bit client released since the U.S. export laws were relaxed in 1999.
Step-up certificates or SGC, would only be needed for users still running Win95 or Win98 1st edition and who have never loaded a single patch or update since 2000. It is well known that these older browsers have serious security flaws. Since the point of SGC was to strengthen the security of the SSL session, this object is defeated if a potential attacker can exploit a security weakness in the browser.
If users want strong security, they should upgrade to the latest browser versions and keep updates current; there are literally hundreds of security vulnerabilities in IE 5.01 - IE 5.5 that have been fixed in updates and subsequent versions of the browsers.
Anyone who downloaded and installed a new browser, or updated their Microsoft Windows, Microsoft Office or their mail client/ browser since 2000 was automatically upgraded to 128 bit.
Using SGC creates an the illusion that Web sessions using these certificates are more secure when in fact, using older browsers represents a serious security risk. 4SecureMail does not offer step-up or SGC because it would compromise the users security. We feel that the best practice is to require that users use more current or updated browsers.