Correction

[Eric Rescorla]

My previous message about HTTP Security implied that you would
(in SHTTP) reuse the DEK from say an HTTP request for the reply.
You most certainly would not do this. (It's horribly bad
key hygiene.) Rather, SHTTP provides a way to exchange
a symmetric encryption key (in an HTTP message) that can subsequently
be used cover subsequent DEKs.

Sorry for the possible confusion...
-Ekr