[453] in WWW Security List Archive
Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (wmperry@spry.com)
Mon Feb 27 16:56:41 1995
From: wmperry@spry.com
Date: Mon, 27 Feb 95 09:41 PST
To: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.SUN.3.91.950227104815.28496B-100000-100000@cosmail2.ctd.ornl.gov>
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
isaac j. g. writes:
> Can someone comment on SSL versus S-http (implementation schedules not
> religous debates over which is best) ? Is the intention to have secure
> browsers support both protocols or is this going to divide the user
> community based on what browsers they have ?
I think it will behoove browser authors to support both. Netscape
recently announced that they will be supporting S-HTTP in some future
version. Not sure what their timeline is.
AIR Mosaic will be supporting Secure-HTTP (already does, just not shipped
yet). We have not decided whether to support SSL or not. I imagine we
will, but then I'm not in charge of engineering. :)
Emacs-w3 will be supporting both as soon as I can find the time. SSL
will probably be first, with S-HTTP not too far behind.
> What is the status on implementation of WWW servers using s-http vs SSL ?
> Is there any intention on making these available free for non-commerical
> use ? What's available now ! What browsers support what ! Is there any
> FAQ someone on this topic ?
I imagine someone will put the REFSSL code into the CERN or NCSA servers
pretty quickly. There are already servers based on NCSA and CERN for
Secure-HTTP. You can get info on SPRY's secure web server (free beta) at
http://www.spry.com/secure/betalet.html - this is based on the CERN 3.0
server, and supports proxying and cacheing, etc.
-Bill P.
