From: Adam Shostack <adam@bwh.harvard.edu>

Actually, it also supports Kerberos (not relevant to most of us), and PGP messaging. Although a KCA would be needed before anything useful came of the PGP support, at least its there.

It appears that support for PGP messaging has been removed from the July 1995 SHTTP draft. So it's X.500 all the way. <URL:http://info.internet.isi.edu/in-drafts/files/draft-ietf-wts-shttp-00.txt> From: Steven Champeon - Imonics Development <schampeo@imonics.com>

The one "advantage" to SSL that they were pushing over SHTTP was that SSL is a socket-level encryption mechanism, as opposed to protocol- level. It doesn't conflict with SHTTP except in terms of adding to the processing time.

I guess I don't see why SSL is so awful from a crypto standpoint. Could someone a bit more educated on the nuts and bolts clue me in on its weaknesses? As compared to other schemes, perhaps?

Frankly I don't think SSL is particularly weak cryptographically. It has gone through several revisions as various problems were pointed out. The one thing I would note is that there is considerable known plaintext being exchanged in the handshake. This helps with key guessing and will be the foundation for the SSL challenge that Adam Back is organising. IMO at least some of this material could have been sent encrypted with the public key so that an eavesdropper couldn't know it. OTOH this might have run afoul of the NSA's rules on export for at least the 40 bit version since you'd have more than 40 bits of secrecy in effect. SSL includes a 16 byte checksum with each packet. IMO this is overkill and wasteful for small packets. One thing about SSL is that it provides both secrecy and immunity to certain kinds of active attacks. These big checksums include a sequence number and key information to prevent replay attacks. For some purposes you might be satisfied with secrecy and not want to pay this overhead. I think a lot of the criticism of SSL was based on the thought that it would be obsoleted by the new IP secure protocols. That may be true eventually but SSL is here today, in use. Order something from Netscape and it is secured with SSL. Buy the domestic version if you want real security. For IP, many of us we will have to wait until the new IP protocols get built into our OS's and other infrastructure. People have also objected to the use of the X.500 certificate approach. But that seems to be de rigeur for any serious Internet standard these days. IMO the real solution is to come up with a PGP-like X.500 certificate maker so people can easily set themselves up as Certificate Authorities and go about their business while the anal hierarchy fans argue about liability. Actually I think there is a PD certificate maker around, possibily from Eric Young down under. Hal