[472] in WWW Security List Archive
Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Tue Feb 28 15:20:37 1995
Date: Tue, 28 Feb 95 08:23:56 PST
From: ekr@eit.com (Eric Rescorla)
To: www-security@ns2.rutgers.edu
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>From owner-www-security@ns2.rutgers.edu Tue Feb 28 00:52:16 1995
>Return-Path: <owner-www-security@ns2.rutgers.edu>
>Received: from ns2.rutgers.edu by eitech.eit.com (4.1/SMI-4.1)
> id AA10646; Tue, 28 Feb 95 00:51:52 PST
>Errors-To: owner-www-security@ns2.Rutgers.EDU
>Received: (daemon@localhost) by ns2.rutgers.edu (8.6.8.1+bestmx+oldruq+newsunq/8.5) id DAA02882; Tue, 28 Feb 1995 03:45:23 -0500
>Received: from neon.mcom.com (neon.mcom.com [198.93.92.3]) by ns2.rutgers.edu (8.6.8.1+bestmx+oldruq+newsunq/8.5) with ESMTP id DAA02855; Tue, 28 Feb 1995 03:45:14 -0500
>Received: from lr1-dynamic1.mcom.com (lr1-dynamic1.mcom.com [198.93.92.81]) by neon.mcom.com (8.6.10/8.6.9) with SMTP id AAA06796 for <www-security@ns2.rutgers.edu>; Tue, 28 Feb 1995 00:44:25 -0800
>Date: Tue, 28 Feb 1995 00:44:25 -0800
>Message-Id: <199502280844.AAA06796@neon.mcom.com>
>From: marca@netscape.com (Marc Andreessen)
>To: www-security@ns2.rutgers.edu
>Subject: Re: SLL protocol implementation ?
>References: <199502260210.SAA07724@neon.mcom.com> <Pine.SUN.3.91.950227104815.28496B-100000-100000@cosmail2.ctd.ornl.gov>
>Organization: Netscape Communications Corp.
>X-Newsreader: Value-Added NewsWatcher 2.0b20.0+
>Sender: owner-www-security@ns2.Rutgers.EDU
>Precedence: bulk
>Reply-To: www-security@ns2.rutgers.edu
>Errors-To: owner-www-security@ns2.Rutgers.EDU
>Status: R
>
>> Can someone comment on SSL versus S-http (implementation schedules not
>> religous debates over which is best) ?
>
>Well, SSL-capable Netscape Navigator and Netsite Commerce Server have been
>commercially shipping since December, and we believe there are over two
>million active Netscape Navigator users today, all of whom can do HTTP+SSL.
>As for the availability of the protocol specs, the S-HTTP spec that Terisa
>seems to be implementing to came out last November, and the SSL spec came
>out last October.
>
>As far as I know, you cannot today buy a product that uses S-HTTP.
>
>> Is the intention to have
>> secure browsers support both protocols or is this going to divide the user
>> community based on what browsers they have ?
>
>In Netscape's case, in the future Netscape Navigator will support S-HTTP
>in addition to SSL, so there won't be a division of user community
>for Netscape users (or, for that matter, Netsite server customers). I dunno
>about other companies.
>
>> What is the status on
>> implementation of WWW servers using s-http vs SSL ?
>
>Well, Netsite Commerce Server with SSL has been commercially shipping
>since December. No S-HTTP servers are shipping today, as far as I know.
>Netsite Commerce Server will support S-HTTP in the future, for maximum
>interoperability.
>
>> Is there any
>> intention on making these available free for non-commerical use ?
>
>sslref (a reference implementation of SSL available in ANSI C form)
>is free for noncommercial use (although we cannot export it outside
>the US, due to US ITAR restrictions). For more information, please see
>http://home.netscape.com/info/sslref.html or email ssl@netscape.com
>directly.
>
>Cheers,
>Marc
>
>--
>Marc Andreessen
>Netscape Communications Corp.
>Mountain View, CA
>marca@netscape.com
>
