Adding Cryptographic Features to the Web (cont.)

Wait a minute....Why again are we doing this?!

Why? Because most of our problems are solved if we can use...

• Digital signatures to authenticate client HTTP requests

• Digitally signed HTTP server responses for authenticating server

• Signed documents to verify author, prevent forgery

• Public and symmetric-key cryptography for privacy (HTTP, documents)

General Form of Application-level WWW Security schemes:

• Sign and/or encrypt HTTP messages, header fields

• This isn't the only way to add crypto to the Web