[227] in WWW Security List Archive
Re: Secure HTTP mailing list
daemon@ATHENA.MIT.EDU (Chuck McManis)
Wed Nov 16 03:50:58 1994
Date: Tue, 15 Nov 1994 22:18:32 +0800
From: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
To: allyn@dblv001.ca.boeing.com, andrieu@presence.COM, hungvu@milkyway.com
Cc: treese@openmarket.com, www-security@ns1.rutgers.edu
Reply-To: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
Unfortunately you can't compare s-http to TCP or DNS or any other standard.
In those cases, the specs were "public domain" and anyone could build a
TCP stack and take it to the TCP bake off to see if it worked. In the case
of any secure protocol there is the very good chance (and SHTTP is no
exception) that the protocol or specification will want to use the
_patented_ RSA algorithims (Public Key Partners effectively has a what
appears to be a patent on any public key scheme). What that means is
that there is _no way_ for anyone to develop a license free version of
S-HTTP because they would always infringe the patent. Since public key
technology appears at this stage to be essential to any useful secure
protocol, RSADSI, PKP, and EIT have the rest of the net by their
cyber short hairs.
You non-US folks of course don't have this restriction.
--Chuck
�
