Scribd
Upload
63 views1 page

About S HTTP

In 1993, Allan Schiffman and Eric Rescorla developed Secure HTTP (S-HTTP), a security-enhanced version of HTTP, to address privacy and security issues. Their work continued in 1994 under CommerceNet and resulted in software to implement S-HTTP. In 1995, the IETF formed a working group to standardize S-HTTP, publishing two RFCs in 1999. However, similar needs were met by the development of SSL/TLS in 1995, which has now been universally adopted for secure web transactions, though security issues still remain.

Uploaded by

ravg10
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
63 views1 page

About S HTTP

In 1993, Allan Schiffman and Eric Rescorla developed Secure HTTP (S-HTTP), a security-enhanced version of HTTP, to address privacy and security issues. Their work continued in 1994 under CommerceNet and resulted in software to implement S-HTTP. In 1995, the IETF formed a working group to standardize S-HTTP, publishing two RFCs in 1999. However, similar needs were met by the development of SSL/TLS in 1995, which has now been universally adopted for secure web transactions, though security issues still remain.

Uploaded by

ravg10
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

About S-HTTP

In late 1993 Allan Schiffman and Eric Rescorla, then with Enterprise Integration Technologies
(EIT), developed a security-enhanced version of the HTTP protocol. This protocol, named Secure
HTTP (a.k.a. S-HTTP), was a message-oriented application-layer protocol inspired by existing
IETF standards of the day, including Privacy Enhanced Mail (PEM).
This work was continued in 1994 under CommerceNet auspices, in cooperation with NCSA,
culminating in the delivery of Secure Mosaic and Secure HTTPD software to CommerceNet
members and described in a series of IETF "Internet-Draft" standard proposals.
The IETF Web Transaction Security (WTS) working group was chartered in 1995 to consider this
protocol. It concluded and published S-HTTP in two ''experimental'' RFCs authored by Rescorla &
Schiffman (then with Terisa Systems) in 1999:
• RFC2660 The Secure HyperText Transfer Protocol
• RFC2659 Security Extensions For HTML
This note is too short to put Secure HTTP in historical perspective. Here it is sufficient to say that
similar needs were addressed by Netscape's development in 1995 of the Secure Sockets Layer
(SSL) protocol, which later was standardized by the IETF as the Transport Layer Security (TLS)
protocol. SSL/TLS has been universally adopted, although many Web security issues remain
unaddressed.

By: Flavia Fortes

Reference: http://www.commerce.net/legacy/shttp.html

You might also like