Hal Finney writes:
From: Adam Shostack <adam@bwh.harvard.edu>
Actually, it also supports Kerberos (not relevant to most of us), and PGP messaging. Although a KCA would be needed before anything useful came of the PGP support, at least its there.
It appears that support for PGP messaging has been removed from the July 1995 SHTTP draft. So it's X.500 all the way. <URL:http://info.internet.isi.edu/in-drafts/files/draft-ietf-wts-shttp-00.txt>
Well, X.509 for now. The Eastlake-Kaufman DNS Security work (draft-ietf-dnssec-secext-04.txt) plus MOSS (draft-ietf-pem-mime-08.txt --now proposed standard, awaiting an RFC number) promise to give us a non-X.509 certification structure for the Internet. S-HTTP explicitly looks to this work to free us from X.500. Note that this only marginally improves the situation, however, since what you really want is commercial-grade certification, and you still can't issue RSA certificates, whatever the format, without licensing from RSADSI. This promises to be something of an issue in the future. -Ekr