[1871] in WWW Security List Archive
Re: Interoperability question (s)...
daemon@ATHENA.MIT.EDU (Mary Ellen Zurko)
Mon Apr 22 15:04:01 1996
To: vnoble@noble.tamu.edu
cc: web transaction security <www-security@ns2.rutgers.edu>, zurko@osf.org
In-reply-to: Your message of "Fri, 19 Apr 1996 18:48:06 EDT."
<9604192348.AA04538@noble.tamu.edu>
Date: Mon, 22 Apr 1996 12:11:18 -0400
From: Mary Ellen Zurko <zurko@osf.org>
Errors-To: owner-www-security@ns2.rutgers.edu
I don't know of anyone who has implemented SSL and SHTTP interoperability.
What I mean when I say that is that I don't know of anyone with a technique
to allow SSL clients to talk to SHTTP servers, or vica versa. I have no idea
what scheme your professor is suggesting. Maybe he's just saying that it's
not impossible; that it could be designed and coded.
We have implemented interoperability between SSL clients and DCE-Web
servers. We've done it via a gateway that talks SSL to the clients and
DCE-Web to the server, and translates the requesting principal. Such a
gateway has to be trusted by the server (since it's impersonating the client).
Our gateway is designed to allow interoperation with other secure protocols
and DCE-Web. You can read more about it at
http://www.osf.org/www/dceweb/DWsdg.html.
Mez
