16. HTTP and related protocols
16.5 S-HTTP
16.5.1 Background
Secure-HTTP or S-HTTP describes a syntax for
securing messages sent using the HTTP protocol. It tries to enable
spontaneous commercial transactions by negotiation of different algorithms,
modes and parameters needed for security. It provides independently
applicable security services for transaction confidentiality, and
authenticity/integrity. It allows a variety of key management
mechanisms, security policies and cryptographic algorithms by supporting
option negotiation between parties for each transaction. Details about
these various security mechanisms are available in chapter 16.
16.5.2 Main features
Some of the main features of S-HTTP are summarized below
- S-HTTP is a secure message-oriented communications protocol
designed for use in conjunction with HTTP. It is designed to co-exist
with HTTP's message model and to be easily integrated with HTTP
applications.
- S-HTTP deliberately mimics the format and style of
HTTP to ease integration. However, certain headers are promoted to be
Secure HTTP headers. In such messages, the request line will look like
Secure * Secure-HTTP/1.2
The response line will look like
Secure-HTTP/1.2 200 OK
- S-HTTP provides a variety of security mechanisms to HTTP clients
and servers, providing the security service options appropriate to the
wide range of potential and uses possible for the WWW.
- S-HTTP supports inter-operation among a variety of implementations,
and is compatible with HTTP. This means
that S-HTTP aware agents can communicate with S-HTTP oblivious agents,
and vice versa, although such transactions would not utilize S-HTTP's
security features. One of the ways this is done is through the use of a
new kind of URL. This starts with "shttp". The use of this as part of an
anchor tag indicates that the target server is S-HTTP capable.
- Several cryptographic message format standards may be
incorporated into S-HTTP clients and servers.
S-HTTP provides full flexibility of cryptographic algorithms,
modes and parameters. Option negotiation is used to allow clients and
servers to agree on transaction modes, cryptographic algorithms, and
certificate selection.
- Message protection can be done in three ways:
signature, authentication, and encryption. Any message may be signed,
authenticated, encrypted, or any combination of these. S-HTTP has
features to allow all these facilities.
- Special header lines are provided in S-HTTP
in order to deal with HTTP facilities like caching and proxies.
- S-HTTP also permits persistent connections between clients/proxy
and proxy/server pairs through the use of special headers.
Basically S-HTTP attempts to make the existing HTTP more
secure my providing many features. Some of the main features have
been presented here. These and other features are presented in
greater detail in the internet draft. (
Rescorla et al)
Copyright © 1996
Mir Farooq Ali, All Rights Reserved
Mir Farooq Ali
<mfali@vt.edu>
Last modified: Sat Oct 26 13:26:04 1996