[452] in WWW Security List Archive
Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (cwilson@spry.com)
Mon Feb 27 15:56:48 1995
From: cwilson@spry.com
Date: Mon, 27 Feb 1995 09:18:20 -0800
To: www-security@ns2.rutgers.edu, www-security@ns2.rutgers.edu
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>From: isaac j g <i7c@cosmail2.ctd.ornl.gov>
>Can someone comment on SSL versus S-http (implementation schedules not
>religous debates over which is best) ? Is the intention to have
>secure browsers support both protocols or is this going to divide the user
>community based on what browsers they have?
I think in the short run, this is indeed dividing the market, since each
browser implementor working on security has to choose their priority security
scheme. In the long run, I'm sure things will settle down, and the prevailing
scheme or schemes will be supported across the board. As SSL is applicable to
other protocols also, it is possible that it would find a place as a base
security protocol. Secure-HTTP seems to be prevailing (at least, in the eyes
of the W3C at the security meeting last week) as the premiere HTTP security
protocol, due to its flexibility and openness. However, this does not
necessarily rule out coexistent transport-level security protocols such as SSL
or IPSP, and I'm sure if SSL, IPSP or any other security protocol catches on it
will also be supported by the same vendors who now support only SHTTP,
including SPRY.
>What is the status on implementation of WWW servers using s-http vs SSL ?
Well, EIT/TERISA has one, of course... CommerceNet uses it. SPRY has also had
a Secure-HTTP server based on the CERN HTTP server out in publicly-available
beta release for about 2 weeks now. See the <a
href="http://www.spry.com/secure/betalet.html">SafetyWEB page</a> for more
information on how to get a copy.
>Is there any intention to make these available free for non-commerical use?
I believe the W3O is currently working on putting Secure-HTTP support into the
base libWWW... perhaps Tim or Phillip would like to comment?
>What's available now
Hmm, well, I think I answered that above, except for the SSL implementations.
NetScape has clients (NetScape) for all three platforms and a server for UNIX
systems that support 40-bit SSL.
>What browsers support what
NetScape supports SSL, Secure NCSA Mosaic (from EIT) and SPRY Mosaic support
Secure-HTTP.
-Chris Wilson
:::::::::::::::::::::<<< NETWORKING THE DESKTOP >>>::::::::::::::::::::
Chris Wilson Spry, Inc.
WWW Technology Lead 316 Occidental Avenue S. 2nd Floor
Email: cwilson@spry.com Seattle, WA 98104
Phone: (206) 447-0300 FAX: (206) 447-9008
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
