[1004] in WWW Security List Archive
Re: N$ SSL vs M$ PCT
daemon@ATHENA.MIT.EDU (Bob Denny)
Tue Oct 10 04:41:53 1995
From: "Bob Denny" <rdenny@netcom.com>
Date: Sun, 8 Oct 1995 20:50:10 -0700
In-Reply-To: a-davem@ac.tandem.com (maracchini_dave)
"RE: N$ SSL vs M$ PCT" (Oct 5, 10:09)
To: a-davem@ac.tandem.com (maracchini_dave), www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Oct 5, 10:09, maracchini_dave wrote:
> Subject: RE: N$ SSL vs M$ PCT
>
> Virtually ALL protocols proposed for use in protecting commerce on the
> Internet (e.g., S-HTTP) have holes have holes large enough to drive a truck
> through PRECISLY because they do not limit key use to a specific purpose.
As a participant in building an S-HTTP-capable server, I have to take
exception to the above. S-HTTP can indeed selectively encrypt. In contrast to
link-level encryption protocols like SSL and PCT, S-HTTP is designed to
selectively encrypt, sign, and/or encrypt and sign individual "documents". The
documents do not have to be HTML documents, they can be anything. Like packets
containing financial information. S-HTTP has the ability to negotiate keys and
crypt-opts at a fine-grain level. Both in-band and out-of-band keys are
supported.
Also, in my opinion, it is unfair to describe a security system as having
"holes large enough to drive a truck through" without posting the support for
that. Quantitative support. We have a lot of newcomers to the net now, and we
should not treat them to scare tactics like this.
-- Bob
