Browse Prior Art Database

The Secure HyperText Transfer Protocol (RFC2660)

IP.com Disclosure Number: IPCOM000003250D
Original Publication Date: 1999-Aug-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 36 page(s) / 89K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

E. Rescorla: AUTHOR [+2]

Abstract

This memo describes a syntax for securing messages sent using the Hypertext Transfer Protocol (HTTP), which forms the basis for the World Wide Web. Secure HTTP (S-HTTP) provides independently applicable security services for transaction confidentiality, authenticity/integrity and non-repudiability of origin.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group E. Rescorla

Request for Comments: 2660 RTFM, Inc.

Category: Experimental A. Schiffman

Terisa Systems, Inc.

August 1999

The Secure HyperText Transfer Protocol

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. It does not specify an Internet standard of any kind.

Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This memo describes a syntax for securing messages sent using the

Hypertext Transfer Protocol (HTTP), which forms the basis for the

World Wide Web. Secure HTTP (S-HTTP) provides independently

applicable security services for transaction confidentiality,

authenticity/integrity and non-repudiability of origin.

The protocol emphasizes maximum flexibility in choice of key

management mechanisms, security policies and cryptographic algorithms

by supporting option negotiation between parties for each

transaction.

Table of Contents

1. Introduction .................................................. 3

1.1. Summary of Features ......................................... 3

1.2. Changes ..................................................... 4

1.3. Processing Model ............................................ 5

1.4. Modes of Operation .......................................... 6

1.5. Implementation Options ...................................... 7

2. Message Format ................................................ 7

2.1. Notational Conventions ...................................... 8

2.2. The Request Line ............................................ 8

2.3. The Status Line ............................................. 8

2.4. Secure HTTP Header Lines .................................... 8

2.5. Content .....................................................12

2.6. Encapsulation Format Options ................................13

2.6.1. Content-Privacy-Domain: CMS ...............................13

2.6.2. Content-Privacy-Domain: MOSS ..............................14

2.6.3. Permitted HTTP headers ....................................14

2.6.3.2. Host ....................................................15

2.6.3.3. Connection ..............................................15

3. Cryptographic Parameters ......................................15

3.1. Options Headers .............................................15

3.2. Negotiation Options .........................................16

3.2.1. Negotiation Overview ......................................16

3.2.2. Negotiation Option Format .................................16

3.2.3. Parametrization for Variable-length Key Ciphers .............