S-HTTP (Secure HTTP, means secure Protocol HTTP) is a process of reassurance of the deals HTTP basing on an improvement of the protocol HTTP finalized in 1994 by the EIT (Enterprise Integration Technologies). He allows to supply a reassurance of the exchanges during deals of e-commerce by coding messages to guarantee to the customers the confidentiality of their number of credit card or quite other personal information. An implémentation of S-HTTP was developed by the company Terisa Systems to include a reassurance at the level of the servers Web and navigators.
Contrary to SSL who works at the level of the layer of transport, S-HTTP gets a security based on messages over the protocol HTTP, by marking individually documents HTML by means of certificates. While SSL is independent from the used application and amounts the completeness of the communication, S-HTTP is very strongly connected to the protocol HTTP and codes individually every message.
The functioning
S-HTTP messages are based on three constituents:
- The HTTP message
- The cryptographic preferences of the sender
- The preferences of the addressee
The complementarity of S-HTTP and SSL
While SSL and S-HTTP was rival, a big number of persons realized that both protocols of reassurance were additional, given that they do not work on the same level. In this way, SSL allows to reassure the internet connection whereas S-HTTP allows to supply secure exchanges HTTP.
In this way, the company Terisa Systems, specialized in the reassurance of networks, formed by RSA Data Security and the EIT, finalized a Kit of development allowing developers to develop servers Web implementing SSL and S-HTTP ( Secure Web Server Toolkit), as well as customers Web supporting these protocols (Secure Web Client Toolkit).
No comments:
Post a Comment