SlideShare una empresa de Scribd logo

Shttp

Descargar como DOC, PDF
Ram Dutt Shukla
Ram Dutt Shukla

Unit 5 Of ACN

Tecnología
1 de 2
S-HTTP: Secure Hypertext Transfer Protocol Secure HTTP (S-HTTP) is a secure message-oriented communications protocol designed for use in conjunction with HTTP. S-HTTP is designed to coexist with HTTP's messaging model and to be easily integrated with HTTP applications. Secure HTTP provides a variety of security mechanisms to HTTP clients and servers, providing the security service options appropriate to the wide range of potential end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric capabilities to both client and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP. Several cryptographic message format standards may be incorporated into S- HTTP clients and servers. HTTPS (S-HTTP) supports interoperation among a variety of implementations, and is compatible with HTTP. S-HTTP aware clients can communicate with S-HTTP oblivious servers and vice-versa, although such transactions obviously would not use S-HTTP security features. S-HTTP does not require client-side public key certificates (or public keys), as it supports symmetric key-only operation modes. This is significant because it means that spontaneous private transactions can occur without requiring individual users to have an established public key. While S-HTTP is able to take advantage of ubiquitous certification infrastructures, its deployment does not require it. S-HTTP supports end-to-end secure transactions. Clients may be "primed" to initiate a secure transaction (typically using information supplied in message headers); this may be used to support encryption of fill-out forms, for example. With S-HTTP, no sensitive data need ever be sent over the network in the clear. SHTTP provides full flexibility of cryptographic algorithms, modes and parameters. Option negotiation is used to allow clients and servers to agree on transaction modes cryptographic algorithms (RSA vs. DSA for signing, DES vs. RC2 for encrypting, etc.); and certificate selection. S-HTTP attempts to avoid presuming a particular trust model, although its designers admit to a conscious effort to facilitate multiply-rooted hierarchical trust, and anticipate that principals may have many public key certificates. HTTPS differs from Digest-Authentication in that it provides support for public key cryptography and consequently digital signature capability, as well as providing confidentiality. Another popular way of making secured web communication is HTTPS, which is the HTTP runs on top of TLS or SSL for secured transactions.
Protocol Structure - S-HTTP: Secure Hypertext Transfer Protocol Syntactically, Secure HTTP messages are the same as HTTP, consisting of a request or status line followed by headers and a body. However, the range of headers is different and the bodies are typically cryptographically enhanced. S-HTTP messages, just as the HTTP messages, consist of requests from client to server and responses from server to client. The request message has the following format: Request Line General header Request header Entity header Message Body In order to differentiate S-HTTP messages from HTTP messages and allow for special processing, the request line should use the special Secure" method and use the protocol designator "Secure-HTTP/1.4". Consequently, Secure-HTTP and HTTP processing can be intermixed on the same TCP port, e.g. port 80. In order to prevent leakage of potentially sensitive information Request-URI should be "*". S-HTTP responses should use the protocol designator "Secure-HTTP/1.4". The response message has the following format: Status Line General header Response header Entity header Message Body Note that the status in the Secure HTTP response line does not indicate anything about the success or failure of the unwrapped HTTP request. Servers should always use 200 OK provided that the Secure HTTP processing is successful. This prevents analysis of success or failure for any request, which the correct recipient can determine from the encapsulated data. All case variations should be accepted.

Recomendados

Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - SecurityWayne Jones Jnr
 
Introduction to Application layer
Introduction to Application layerIntroduction to Application layer
Introduction to Application layerDr. C.V. Suresh Babu
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layersjayaprakash
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Shimona Agarwal
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...rahul kundu
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basicssanjoysanyal
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Saravanan T.M
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and responseSahil Agarwal
 

Recomendados

Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - SecurityWayne Jones Jnr
 
Introduction to Application layer
Introduction to Application layerIntroduction to Application layer
Introduction to Application layerDr. C.V. Suresh Babu
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layersjayaprakash
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Shimona Agarwal
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...rahul kundu
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basicssanjoysanyal
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Saravanan T.M
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and responseSahil Agarwal
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems Haitham Ahmed
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https . simplyharshad
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Https presentation
Https presentationHttps presentation
Https presentationpatel jatin
 
Process management in linux
Process management in linuxProcess management in linux
Process management in linuxMazenetsolution
 
Data encryption
Data encryptionData encryption
Data encryptionDeepam Goyal
 
Chapter 4 a interprocess communication
Chapter 4 a interprocess communicationChapter 4 a interprocess communication
Chapter 4 a interprocess communicationAbDul ThaYyal
 
Kernel I/O subsystem
Kernel I/O subsystemKernel I/O subsystem
Kernel I/O subsystemAtiKa Bhatti
 
Mime
MimeMime
Mimepullel
 
Chap 8 switching
Chap 8 switchingChap 8 switching
Chap 8 switchingMukesh Tekwani
 
HTTPS
HTTPSHTTPS
HTTPSmaroti164
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...JAINAM KAPADIYA
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocolsFabMinds
 
System and Network Administration/ SNA
System and Network Administration/ SNASystem and Network Administration/ SNA
System and Network Administration/ SNAFaisalMashood
 
Tcp
TcpTcp
TcpVarsha Kumar
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Chapter 21 - The Linux System
Chapter 21 - The Linux SystemChapter 21 - The Linux System
Chapter 21 - The Linux SystemWayne Jones Jnr
 
Deadlock detection and recovery by saad symbian
Deadlock detection and recovery by saad symbianDeadlock detection and recovery by saad symbian
Deadlock detection and recovery by saad symbiansaad symbian
 
Dns
DnsDns
DnsSanoj Kumar
 
Operating system memory management
Operating system memory managementOperating system memory management
Operating system memory managementrprajat007
 
I Pv6 Addressing
I Pv6 AddressingI Pv6 Addressing
I Pv6 AddressingRam Dutt Shukla
 
Multicast Routing Protocols
Multicast Routing ProtocolsMulticast Routing Protocols
Multicast Routing ProtocolsRam Dutt Shukla
 

Más contenido relacionado

La actualidad más candente

Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems Haitham Ahmed
 
Https presentation
Https presentationHttps presentation
Https presentationpatel jatin
 
Process management in linux
Process management in linuxProcess management in linux
Process management in linuxMazenetsolution
 
Chapter 4 a interprocess communication
Chapter 4 a interprocess communicationChapter 4 a interprocess communication
Chapter 4 a interprocess communicationAbDul ThaYyal
 
Kernel I/O subsystem
Kernel I/O subsystemKernel I/O subsystem
Kernel I/O subsystemAtiKa Bhatti
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...JAINAM KAPADIYA
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocolsFabMinds
 
System and Network Administration/ SNA
System and Network Administration/ SNASystem and Network Administration/ SNA
System and Network Administration/ SNAFaisalMashood
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Chapter 21 - The Linux System
Chapter 21 - The Linux SystemChapter 21 - The Linux System
Chapter 21 - The Linux SystemWayne Jones Jnr
 
Deadlock detection and recovery by saad symbian
Deadlock detection and recovery by saad symbianDeadlock detection and recovery by saad symbian
Deadlock detection and recovery by saad symbiansaad symbian
 
Operating system memory management
Operating system memory managementOperating system memory management
Operating system memory managementrprajat007
 

La actualidad más candente (20)

Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
Ipsec
IpsecIpsec
Ipsec
 
Https presentation
Https presentationHttps presentation
Https presentation
 
Process management in linux
Process management in linuxProcess management in linux
Process management in linux
 
Data encryption
Data encryptionData encryption
Data encryption
 
Chapter 4 a interprocess communication
Chapter 4 a interprocess communicationChapter 4 a interprocess communication
Chapter 4 a interprocess communication
 
Kernel I/O subsystem
Kernel I/O subsystemKernel I/O subsystem
Kernel I/O subsystem
 
Mime
MimeMime
Mime
 
Chap 8 switching
Chap 8 switchingChap 8 switching
Chap 8 switching
 
HTTPS
HTTPSHTTPS
HTTPS
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
 
Application layer protocols
Application layer protocolsApplication layer protocols
Application layer protocols
 
System and Network Administration/ SNA
System and Network Administration/ SNASystem and Network Administration/ SNA
System and Network Administration/ SNA
 
Tcp
TcpTcp
Tcp
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Chapter 21 - The Linux System
Chapter 21 - The Linux SystemChapter 21 - The Linux System
Chapter 21 - The Linux System
 
Deadlock detection and recovery by saad symbian
Deadlock detection and recovery by saad symbianDeadlock detection and recovery by saad symbian
Deadlock detection and recovery by saad symbian
 
Dns
DnsDns
Dns
 
Operating system memory management
Operating system memory managementOperating system memory management
Operating system memory management
 

Destacado

Multicast Routing Protocols
Multicast Routing ProtocolsMulticast Routing Protocols
Multicast Routing ProtocolsRam Dutt Shukla
 
It Services Secure Email Presentation
It Services Secure Email PresentationIt Services Secure Email Presentation
It Services Secure Email Presentationbryanpsu
 
HTTPS at Sydney Alt.Net User Group
HTTPS at Sydney Alt.Net User GroupHTTPS at Sydney Alt.Net User Group
HTTPS at Sydney Alt.Net User GroupJason Stangroome
 
Secure Email Overview - NeoCertified Demo
Secure Email Overview - NeoCertified DemoSecure Email Overview - NeoCertified Demo
Secure Email Overview - NeoCertified DemoBrent Faulk
 
HTTP Definition and Basics.
HTTP Definition and Basics.HTTP Definition and Basics.
HTTP Definition and Basics.Halah Salih
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?NeoCertified
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 

Destacado (20)

I Pv6 Addressing
I Pv6 AddressingI Pv6 Addressing
I Pv6 Addressing
 
Multicast Routing Protocols
Multicast Routing ProtocolsMulticast Routing Protocols
Multicast Routing Protocols
 
HTTPS
HTTPSHTTPS
HTTPS
 
Https
HttpsHttps
Https
 
Https
HttpsHttps
Https
 
7 Protocols
7 Protocols7 Protocols
7 Protocols
 
It Services Secure Email Presentation
It Services Secure Email PresentationIt Services Secure Email Presentation
It Services Secure Email Presentation
 
HTTPS at Sydney Alt.Net User Group
HTTPS at Sydney Alt.Net User GroupHTTPS at Sydney Alt.Net User Group
HTTPS at Sydney Alt.Net User Group
 
Secure Email Overview - NeoCertified Demo
Secure Email Overview - NeoCertified DemoSecure Email Overview - NeoCertified Demo
Secure Email Overview - NeoCertified Demo
 
HTTP Definition and Basics.
HTTP Definition and Basics.HTTP Definition and Basics.
HTTP Definition and Basics.
 
Ppt multicast routing
Ppt multicast routingPpt multicast routing
Ppt multicast routing
 
Https
HttpsHttps
Https
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 

Similar a Shttp

Explain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxExplain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxtodd401
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 
Organizador Grafico.pdf.docx
Organizador Grafico.pdf.docxOrganizador Grafico.pdf.docx
Organizador Grafico.pdf.docxLleliAna
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL CertificateCheapSSLUSA
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 

Similar a Shttp (20)

Http vs https
Http vs httpsHttp vs https
Http vs https
 
Explain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxExplain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docx
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Ssl https
Ssl httpsSsl https
Ssl https
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPS
 
Lecture 6- http
Lecture 6- httpLecture 6- http
Lecture 6- http
 
Organizador Grafico.pdf.docx
Organizador Grafico.pdf.docxOrganizador Grafico.pdf.docx
Organizador Grafico.pdf.docx
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
Www and http
Www and httpWww and http
Www and http
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
Http protocol
Http protocolHttp protocol
Http protocol
 
application layer
application layerapplication layer
application layer
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
 
Unit 6
Unit 6Unit 6
Unit 6
 
HTTP
HTTPHTTP
HTTP
 

Más de Ram Dutt Shukla

Tcp Congestion Avoidance
Tcp Congestion AvoidanceTcp Congestion Avoidance
Tcp Congestion AvoidanceRam Dutt Shukla
 
Tcp Immediate Data Transfer
Tcp Immediate Data TransferTcp Immediate Data Transfer
Tcp Immediate Data TransferRam Dutt Shukla
 
Tcp Reliability Flow Control
Tcp Reliability Flow ControlTcp Reliability Flow Control
Tcp Reliability Flow ControlRam Dutt Shukla
 
Transport Layer [Autosaved]
Transport Layer [Autosaved]Transport Layer [Autosaved]
Transport Layer [Autosaved]Ram Dutt Shukla
 
Mobility And Mobile I Pv4
Mobility And Mobile I Pv4Mobility And Mobile I Pv4
Mobility And Mobile I Pv4Ram Dutt Shukla
 
Address Resolution Protocol
Address Resolution ProtocolAddress Resolution Protocol
Address Resolution ProtocolRam Dutt Shukla
 

Más de Ram Dutt Shukla (20)

Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Web Security
Web SecurityWeb Security
Web Security
 
Anycast & Multicast
Anycast & MulticastAnycast & Multicast
Anycast & Multicast
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
 
Retransmission Tcp
Retransmission TcpRetransmission Tcp
Retransmission Tcp
 
Tcp Congestion Avoidance
Tcp Congestion AvoidanceTcp Congestion Avoidance
Tcp Congestion Avoidance
 
Tcp Immediate Data Transfer
Tcp Immediate Data TransferTcp Immediate Data Transfer
Tcp Immediate Data Transfer
 
Tcp Reliability Flow Control
Tcp Reliability Flow ControlTcp Reliability Flow Control
Tcp Reliability Flow Control
 
Tcp Udp Notes
Tcp Udp NotesTcp Udp Notes
Tcp Udp Notes
 
Transport Layer [Autosaved]
Transport Layer [Autosaved]Transport Layer [Autosaved]
Transport Layer [Autosaved]
 
Transport Layer
Transport LayerTransport Layer
Transport Layer
 
T Tcp
T TcpT Tcp
T Tcp
 
Anycast & Multicast
Anycast & MulticastAnycast & Multicast
Anycast & Multicast
 
Igmp
IgmpIgmp
Igmp
 
Mobile I Pv6
Mobile I Pv6Mobile I Pv6
Mobile I Pv6
 
Mld
MldMld
Mld
 
Mobility And Mobile I Pv4
Mobility And Mobile I Pv4Mobility And Mobile I Pv4
Mobility And Mobile I Pv4
 
Address Resolution Protocol
Address Resolution ProtocolAddress Resolution Protocol
Address Resolution Protocol
 

Último

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 

Último (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 

Shttp

  • 1. S-HTTP: Secure Hypertext Transfer Protocol Secure HTTP (S-HTTP) is a secure message-oriented communications protocol designed for use in conjunction with HTTP. S-HTTP is designed to coexist with HTTP's messaging model and to be easily integrated with HTTP applications. Secure HTTP provides a variety of security mechanisms to HTTP clients and servers, providing the security service options appropriate to the wide range of potential end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric capabilities to both client and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP. Several cryptographic message format standards may be incorporated into S- HTTP clients and servers. HTTPS (S-HTTP) supports interoperation among a variety of implementations, and is compatible with HTTP. S-HTTP aware clients can communicate with S-HTTP oblivious servers and vice-versa, although such transactions obviously would not use S-HTTP security features. S-HTTP does not require client-side public key certificates (or public keys), as it supports symmetric key-only operation modes. This is significant because it means that spontaneous private transactions can occur without requiring individual users to have an established public key. While S-HTTP is able to take advantage of ubiquitous certification infrastructures, its deployment does not require it. S-HTTP supports end-to-end secure transactions. Clients may be "primed" to initiate a secure transaction (typically using information supplied in message headers); this may be used to support encryption of fill-out forms, for example. With S-HTTP, no sensitive data need ever be sent over the network in the clear. SHTTP provides full flexibility of cryptographic algorithms, modes and parameters. Option negotiation is used to allow clients and servers to agree on transaction modes cryptographic algorithms (RSA vs. DSA for signing, DES vs. RC2 for encrypting, etc.); and certificate selection. S-HTTP attempts to avoid presuming a particular trust model, although its designers admit to a conscious effort to facilitate multiply-rooted hierarchical trust, and anticipate that principals may have many public key certificates. HTTPS differs from Digest-Authentication in that it provides support for public key cryptography and consequently digital signature capability, as well as providing confidentiality. Another popular way of making secured web communication is HTTPS, which is the HTTP runs on top of TLS or SSL for secured transactions.
  • 2. Protocol Structure - S-HTTP: Secure Hypertext Transfer Protocol Syntactically, Secure HTTP messages are the same as HTTP, consisting of a request or status line followed by headers and a body. However, the range of headers is different and the bodies are typically cryptographically enhanced. S-HTTP messages, just as the HTTP messages, consist of requests from client to server and responses from server to client. The request message has the following format: Request Line General header Request header Entity header Message Body In order to differentiate S-HTTP messages from HTTP messages and allow for special processing, the request line should use the special Secure" method and use the protocol designator "Secure-HTTP/1.4". Consequently, Secure-HTTP and HTTP processing can be intermixed on the same TCP port, e.g. port 80. In order to prevent leakage of potentially sensitive information Request-URI should be "*". S-HTTP responses should use the protocol designator "Secure-HTTP/1.4". The response message has the following format: Status Line General header Response header Entity header Message Body Note that the status in the Secure HTTP response line does not indicate anything about the success or failure of the unwrapped HTTP request. Servers should always use 200 OK provided that the Secure HTTP processing is successful. This prevents analysis of success or failure for any request, which the correct recipient can determine from the encapsulated data. All case variations should be accepted.