algorithm;HTTP;Kerberos;public-key;DES;authentication;multiple key management">

Question 133. What is S-HTTP?

S-HTTP (Secure Hypertext Transfer Protocol) is an extension to HTTP (Hypertext Transfer Protocol) that provides security services [RS95]. It was originally developed by Enterprise Integration Technologies, and further development continues at Terisa Systems. HTTP is the protocol that forms the basis of the World Wide Web, allowing the exchange of multimedia documents on the Web. S-HTTP is designed to provide confidentiality, authenticity, integrity, and non-repudiability while supporting multiple key management mechanisms and cryptographic algorithms via option negotiation between the parties involved in each transaction.

S-HTTP can use any of four methods to exchange data-encrypting keys. The possible methods are RSA (see Question 8), out-band, in-band, and Kerberos (see Question 144). If RSA is used, data-encrypting keys are exchanged by the RSA public-key cryptosystem. Out-band refers to an external key agreement, while in-band refers to a key transported in a S-HTTP-protected message in another session. In the Kerberos method, the key is obtained from a Kerberos server. Cryptographic algorithms supported by S-HTTP include DES (see Question 64), two-key and three-key triple-DES (see Question 72), DESX (see Question 74), IDEA (see Question 77), RC2 (see Question 75), and CDMF [JML93].

More information about S-HTTP can be obtained from Terisa Systems at <http://www.terisa.com/>.