By Kelly Jackson Higgins
It's definitely not a good sign. The Internet Engineering Task Force (IETF) might remove the Secure HTTP (SHTTP) from the standards track and place it on the "experimental" track instead, according to Charlie Kaufman, chair of the IETF's Web Transaction Security Working Group. Kaufman adds that the SHTTP group hasn't even convened at the last few IETF meetings.
The troubled protocol, which encrypts Web documents, never really took off; it was overshadowed by the widely available Secure Sockets Layer (SSL), a Netscape Communications Corp.-developed technology that comes packaged in every desktop browser and server, and then more recently by the Secure Electronic Transaction (SET) protocol for credit-card transactions on the Internet. Although SHTTP predates SSL, it isn't as easy to use and doesn't have Netscape's backing.
SHTTP offerings are available from Open Market, O'Reilly & Associates and Terisa Systems, among others, but some vendors are shelving their plans for SHTTP implementations. For example, Lotus Development Corp. subsidiary Iris Associates, where Kaufman is security architect, has put its SHTTP implementation aside, at least temporarily, citing general lack of interest.
Still, SHTTP is considered more powerful than SSL for tasks like document caching. An SHTTP-based caching server, for instance, can store and secure documents for retrieval, rather than force the user to go to the actual Web site. SSL, meanwhile, doesn't offer this caching option, which can lead to performance problems with well-traveled Web sites. No other security protocol can do all the things SHTTP can do, yet SHTTP is on the brink of of extinction. The final nail in the coffin for SHTTP could be forthcoming extensions to SSL that would put SSL ahead of SHTTP feature-wise.
Copyright (c) 1997 CMP Media Inc.
CryptoSoft GmbH
Feedback: webmaster@cryptosoft.com
Copyright ©1995-1998 Cryptosoft GmbH
All Rights Reserved