Quote:
Originally Posted by Thesa
- Another protocol for secure transmission of data: Secure HTTP (S-HTTP) - transmits individual messages securely. Thus, both complement each other.
|
SHTTP (Secure Hypertext Transfer Protocol), developed by Enterprise Integration Technologies in 1995 to ensure security with commercial transactions on Internet.
A protocol that provides secure transactions over Web and is endorsed by a variety of organizations.
An extension to HTTP protocol to support sending data securely over World Wide Web. Not all Web browsers and servers support S-HTTP. Each S-HTTP file is either encrypted, contains a digital certificate, or both.
For a given document, S-HTTP is an
alternative to above mentioned security protocol,
Secure Sockets Layer (SSL). Has been submitted to the Internet Engineering Task Force (IETF) for consideration as a standard.
It is not HTTPS ->HTTP over SSL.
Comparisions of SSL and S-HTTP
Major difference
S-HTTP allows client to send a certificate to authenticate user
In SSL, only server can be authenticated.
S-HTTP is likely to be used in situations where server represents a bank and requires authentication from user that is more secure than a userid and password. It does not use any single encryption system, but supports the Rivest-Shamir-Adleman encryption system.
SSL works at a program layer slightly higher than the Transmission Control Protocol (TCP) level.
S-HTTP works at the even higher level of the HTTP application.
Both security protocols can be used by a browser user, but only one can be used with a given document. A number of popular Web servers support both S-HTTP and SSL.
Newer browsers support both SSL and S-HTTP.