Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
S-HTTP (Secure Hypertext Transfer Protocol)
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
The native protocol that World Wide Web clients and servers use to communicate is HTTP (Hypertext Transfer Protocol). HTTP is ideal for open communications, but it does not provide authentication and encryption features. S-HTTP was developed to work in conjunction with HTTP to enable clients and servers to engage in private and secure transactions. S-HTTP is especially useful for encrypting forms-based information as it passes between clients and servers.
However, S-HTTP was never fully accepted by Web browser vendors such as Microsoft and Netscape. Instead, a similar protocol called SSL (Secure Sockets Layer) became more popular. SSL provides the same authentication and encryption functionality, but SSL has the added feature of being able to encrypt all data being passed between client and server, including data at the IP level. S-HTTP only encrypts HTTP-level messages.
Still, S-HTTP is supported by a number of products. It supports a variety of cryptographic algorithms and modes of operation. Messages may be protected by using digital signatures, authentication, and encryption. Upon first contact, the sender and receiver establish preferences for encrypting and handling secure messages.
A number of encryption algorithms and security techniques can be used, including DES and RC2 encryption, or RSA public-key signing. In addition, users can choose to use a particular type of certificate, or no certificate at all. In cases in which public-key certificates are not available, it is possible for a sender and receiver to use a session key that they have exchanged in advance. A challenge/response mechanism is also available (see "CHAP (Challenge Handshake Authentication Protocol)").
The IETF (Internet Engineering Task Force) Web Transaction Security (wts) Working Group is in charge of developing S-HTTP. The Web site is listed on the related entries page. Relevant RFCs are listed here:
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.