WWW: Beyond the Basics

16. HTTP and related protocols

16.5 S-HTTP

16.5.1 Background

Secure-HTTP or S-HTTP describes a syntax for securing messages sent using the HTTP protocol. It tries to enable spontaneous commercial transactions by negotiation of different algorithms, modes and parameters needed for security. It provides independently applicable security services for transaction confidentiality, and authenticity/integrity. It allows a variety of key management mechanisms, security policies and cryptographic algorithms by supporting option negotiation between parties for each transaction. Details about these various security mechanisms are available in chapter 16.

16.5.2 Main features

Some of the main features of S-HTTP are summarized below
  1. S-HTTP is a secure message-oriented communications protocol designed for use in conjunction with HTTP. It is designed to co-exist with HTTP's message model and to be easily integrated with HTTP applications.
  2. S-HTTP deliberately mimics the format and style of HTTP to ease integration. However, certain headers are promoted to be Secure HTTP headers. In such messages, the request line will look like
    Secure * Secure-HTTP/1.2
    
    The response line will look like
    Secure-HTTP/1.2 200 OK
    
  3. S-HTTP provides a variety of security mechanisms to HTTP clients and servers, providing the security service options appropriate to the wide range of potential and uses possible for the WWW.
  4. S-HTTP supports inter-operation among a variety of implementations, and is compatible with HTTP. This means that S-HTTP aware agents can communicate with S-HTTP oblivious agents, and vice versa, although such transactions would not utilize S-HTTP's security features. One of the ways this is done is through the use of a new kind of URL. This starts with "shttp". The use of this as part of an anchor tag indicates that the target server is S-HTTP capable.
  5. Several cryptographic message format standards may be incorporated into S-HTTP clients and servers. S-HTTP provides full flexibility of cryptographic algorithms, modes and parameters. Option negotiation is used to allow clients and servers to agree on transaction modes, cryptographic algorithms, and certificate selection.
  6. Message protection can be done in three ways: signature, authentication, and encryption. Any message may be signed, authenticated, encrypted, or any combination of these. S-HTTP has features to allow all these facilities.
  7. Special header lines are provided in S-HTTP in order to deal with HTTP facilities like caching and proxies.
  8. S-HTTP also permits persistent connections between clients/proxy and proxy/server pairs through the use of special headers.

Basically S-HTTP attempts to make the existing HTTP more secure my providing many features. Some of the main features have been presented here. These and other features are presented in greater detail in the internet draft. ( Rescorla et al)

[PREV] [NEXT] [UP] [HOME] [VT CS]

Copyright © 1996 Mir Farooq Ali, All Rights Reserved

Mir Farooq Ali <mfali@vt.edu>
Last modified: Sat Oct 26 13:26:04 1996