HTTP security
Amanda Walker
amanda at intercon.com
Tue Dec 13 07:46:45 PST 1994
> This seems a very relevant criticism: Has Amanda, or anyone else
> proposed an extension to HTML that would incorporate such things?
Actually, it's not an extension to HTML, but to MIME (whose formats HTTP uses
top tag and label data), and it just went to Proposed Standard (the last step
before Internet Standard). The MIME multipart/signed and multipart/encrypted
body parts allow anything using MIME encapsulation to sign and/or encrypt
arbitrary body parts. Since it's at the document layer, it requires no
special transport software, works with existing proxies and caching servers,
and allows secure HTTP software to share code with secure email software
(since it would use exactly the same formats). The framework is general
enough to allow use with either PEM-compliant signatures and encryption or
others (such as PGP). I believe that can also be used with symmetric key
management, which could be useful for special purpose applications.
EInet's secure SHTTP proposal is also an end-to-end security framework.
Amanda Walker
InterCon Systems Corporation
More information about the cypherpunks-legacy
mailing list