How Does S-HTTP Work?

New protocol designator in anchor: "shttp"

New protocol method: "Secure"

Protected HTTP message encapsulated in S-HTTP message

New Headers are added to original HTTP message, specifying:

Requirements: "reply must be signed and encrypted" (for example)

Cryptographic algorithms, parameters supported

Key, certificate exchange/management

New message is signed/encrypted & encapsulated in S-HTTP message
Headers are added to tell receiver how to "unwrap" the message

Example S-HTTP "Get" request:

 
    Secure * Secure-HTTP/1.1   
    Content-Privacy-Domain: PKCS-7  
    Content-Transfer-Encoding: 7BIT 

    BVO5WkJ5hOfh2h0Fif2mAAABb+SLLdZSUMSrLCf3IJpYcts7E9aFHKmWTzT4iqUn
    DD42hvRtOn/TLYtqNdjzttho36gowAh7/wnjY8rBxhoosymZigJKOWwK33EE3H5B
    O4DgkxckGNhH9WjtdDKQ92icIcA/ORPmyl/4O72pscJr186u0xRiyhu04LvRxsFQ
    qzjWJjARaELKVCPwhg/W/QhlH3t7olK83yzEiRu5P/JyxPzReyEc1MAYhLR57rsX

New info in shttp anchors: DN, NONCE, CRYPTOPTS

HTML extensions: CERTS and CRYPTOPTS

for more information....

New S-HTTP RFC spec

How Does S-HTTP Work?

New Headers are added to original HTTP message, specifying:

Requirements: "reply must be signed and encrypted" (for example) Cryptographic algorithms, parameters supported Key, certificate exchange/management

New message is signed/encrypted & encapsulated in S-HTTP message Headers are added to tell receiver how to "unwrap" the message

Example S-HTTP "Get" request:

Requirements: "reply must be signed and encrypted" (for example)

Cryptographic algorithms, parameters supported

Key, certificate exchange/management

New message is signed/encrypted & encapsulated in S-HTTP message
Headers are added to tell receiver how to "unwrap" the message