S-HTTP

from Wikipedia, the free encyclopedia
SHTTP in the TCP / IP protocol stack :
application SHTTP
transport TCP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
bus 		Token
ring 		FDDI ...

S-HTTP or SHTTP stands for Secure Hypertext Transfer Protocol , a protocol from the Internet protocol family that was developed in 1995 by Eric Rescorla and Allan M. Schiffmann at Enterprise Integration Technologies . It defines an encrypted data transfer via the Hypertext Transfer Protocol (HTTP), i.e. the data exchange between web server and web browser on the World Wide Web .

Not all web browsers support S-HTTP. The protocol was published by the IETF in 1999 as RFC 2660 with the status "Experimental" .

Today, however, usually is https (HTTPS), the data through a secure SSL / TLS - Tunnel transfers between server and client. S-HTTP, on the other hand, encrypts each individual request, i.e. it encapsulates the user data; the headers, however, do not. This means that S-HTTP can be used simultaneously with HTTP (unsecured) on the same port.

Various standard cryptographic methods are used in SHTTP. The data is protected by any combination of three mechanisms:

  • Authentication
  • Encryption
  • digital / electronic signature

A few headers are added to the HTTP message encapsulated by SHTTP, which describe the format of the encapsulated data. Possible standard formats are Pretty Good Privacy ( PGP ), Privacy Enhancement for Electronic Mail (PEM) and PKCS-7, whereby all SHTTP features can only be used with PKCS-7.

In addition, a sender can use a hash function to provide a message digest that can guarantee data integrity. If this message digest also contains a time stamp, the communication partners are protected from so-called "replay attacks". An intercepted, untampered message cannot be sent undetected to the server at a later point in time. By reading the time stamp in the original request, the server recognizes the unauthorized access attempt based on the timeout and rejects it.

Due to the structure and possibilities of SHTTP, when using this protocol, clear text information never has to be transmitted over the Internet. This results in a wide range of possible applications.

Example implementations of SHTTP

An example implementation of SHTTP is Secure Mosaic and Secure NCSA httpd, which are available via CommerceNet.

Web links

  • RFC 2660 - The Secure HyperText Transfer Protocol , August 1999

Individual evidence

  1. bleib-Virenfrei.de .