1994-04-19 - Secure HTTP, Mosaic

Header Data

From: VACCINIA@UNCVX1.OIT.UNC.EDU
To: cypherpunks@toad.com
Message Hash: 8477ba8c2c64b642f1d2d2ce1e4aae113b3392d14601bcc223627f33b8e52ea1
Message ID: <01HBC83X7Q54004DPJ@UNCVX1.OIT.UNC.EDU>
Reply To: N/A
UTC Datetime: 1994-04-19 04:06:00 UTC
Raw Date: Mon, 18 Apr 94 21:06:00 PDT

Raw message

From: VACCINIA@UNCVX1.OIT.UNC.EDU
Date: Mon, 18 Apr 94 21:06:00 PDT
To: cypherpunks@toad.com
Subject: Secure HTTP, Mosaic
Message-ID: <01HBC83X7Q54004DPJ@UNCVX1.OIT.UNC.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Below is the information NCSA/EIT sent me about S-HTTP, you can skip the press
release at the end if you have already read it. It was posted to the list a
short while ago.

Vaccinia@UNCVX1.oit.unc.edu

Thank you for your inquiry regarding Secure HTTP.  This message
provides some details on the protocol and the status of its
implementation.

The April 12th joint EIT/NCSA/RSA press release regarding Secure
Mosaic is included at the end of the message.


OVERVIEW OF S-HTTP

We have developed a new protocol for dealing with a wide range of
cryptographic modes and algorithms in the context of the World-Wide
Web, based on the Web's existing HyperText Transfer Protocol (HTTP).
We call this protocol "Secure HTTP" or "S-HTTP".  This protocol has
been designed to enable incorporation of various cryptographic message
format standards into Web clients and servers, including, but not
limited to PKCS-7, PEM, and PGP. S-HTTP supports interoperation among
a variety of implementations, and is backwards compatible with HTTP.
S-HTTP aware clients can talk to S-HTTP oblivious servers and
vice-versa, although such transactions obviously would not use S-HTTP
security features.


IMPLEMENTATIONS AND LICENSING

EIT will make available freely usable source code for implementing
S-HTTP in both clients and servers. These reference implementations of
"Secure NCSA Mosaic" and "Secure NCSA HTTPD" will support two crypto
engine implementations: via an integrated TIPEM library (offering
PKCS-7 support) and via an "outboard" RIPEM application. RSA has
agreed to permit the distribution of their TIPEM library, in binary
form, without charge in conjunction with the non-commercial
distribution of NCSA Mosaic.  Implementors of non-commercial clients
or servers may wish to use the already available RIPEM system (which
is itself based on RSA's RSAREF library).  Commercial implementors or
distributors of WWW clients and servers are encouraged to pursue
licencing arrangements with RSA or their licencees.


FEATURES OF S-HTTP

S-HTTP does not require client-side public key certificates (or public
keys), supporting a symmetric session key operation mode. This is
significant because it means that secure, spontaneous transactions can
occur without requiring individual users to have an established public
key.  While S-HTTP will be able to take advantage of a ubiquitious
certification infrastructure, its deployment does not require it.

S-HTTP supports end-to-end secure transactions, in contrast with
current usage of the existing HTTP authorization protocol which
requires the client to attempt access and be denied before the
security mechanism is employed.  Clients may be "primed" to initiate a
secure transaction (typically using information supplied in an HTML
anchor); this is used to support encryption of fill-out forms, for
example. In S-HTTP, no sensitive data need ever be sent over the
network in the clear.

S-HTTP provides full flexibility of cryptographic algorithms, modes and
parameters. Option negotiation is used to allow clients and servers to
agree on transaction modes (should the the request be signed? encrypted?
both? what about the reply?); cryptographic algorithms (RSA vs. DSA for
signing, DES vs. RC4 for encrypting, etc.); and certificate selection
(please sign with your "Mastercard certificate").


ABOUT PKCS-7

PKCS-7 is a cryptographic message syntax standard developed by a
consortium of companies lead by RSA.  PKCS-7 is compatible with the
Internet standards for Privacy Enhanced Mail (PEM) in that signed-data
and signed-and-enveloped-data content, constructed in a PEM-compatible
mode, can be converted into PEM messages without any cryptographic
operations.  PEM messages can similarly be converted into the PKCS-7
signed-data and signed-and-enveloped-data content types.  In other
words, PKCS-7 and PEM implementations can interoperate.

PKCS-7 has the following advantages:
a) PKCS-7 permits transport of 8-bit data (contrast with PEM, which
requires Base-64 encoding).
b) PKCS-7 can have a signature-less mode of operation. This permits secure
messages to be sent from senders who do not have RSA key pairs.  Signature
is mandatory under PEM.
c) PKCS-7 permits more flexibility in certificate format and trust models.
d) PKCS-7 is explicitly designed for algorithmic flexibility.  New
cryptosystems, message digest algorithms and signature schemes can be added
just by defining new types.


SCHEDULE

An "alpha quality" implementation of Secure Mosaic and HTTPD was
demonstrated in public on April 12th.

The protocol document is to be sent for external review (to RSA, NCSA
and TIS) at the end of April. After revision, we plan to submit it as
an "experimental protocol" RFC -- by late May, we expect.

The reference implementation will be supplied to beta testers (to the
protocol reviewers, and selected CommerceNet sponsors). Public release
(to CommerceNet participants) is scheduled for September. CommerceNet
will operate a certification authority, suitable for operators of
S-HTTP servers (open to CommerceNet participants), beginning at that
time.

We expect that NCSA will make the reference implementation available
to the Internet community soon after.

Periodic progress reports will be reported to Internet mailing lists
(such as PEM-DEV), and available on the EIT and CommerceNet Web
servers (URL's http://www.commerce.net/ and http://www.eit.com/).


ORIGINAL PRESS RELEASE

Secure NCSA Mosaic Establishes Necessary Framework for
Electronic Commerce on the Internet

PALO ALTO, Calif., April 12, 1994 -- Enterprise Integration
Technologies (EIT), the National Center for Supercomputing
Applications (NCSA) at the University of Illinois and RSA Data
Security today announced agreements to jointly develop and distribute
a secure version of NCSA Mosaic, the popular point-and-click interface
that enables easy access to thousands of multimedia information
services on the Internet.

The announcement was made in conjunction with the launch of
CommerceNet, a large-scale market trial of electronic commerce on the
Internet. Under the agreements, EIT will integrate its Secure-HTTP
software with public key cryptography from RSA into NCSA Mosaic
Clients and World Wide Web (WWW) servers.  WWW is a general-purpose
architecture for information retrieval comprised of thousands of
computers and servers that is available to anyone on Internet. The
enhancements will then be made available to NCSA for widespread public
distribution and commercial licensing.

Jay M. Tenenbaum, chief executive officer of EIT, believes secure
NCSA Mosaic will help unleash the commercial potential of the Internet
by enabling buyers and sellers to meet spontaneously and transact
business.

"While NCSA Mosaic makes it possible to browse multimedia catalogs, view
product videos, and fill out order forms, there is currently no
commercially safe way to consummate a sale," said Tenenbaum.  "With
public key cryptography, however, one can authenticate the identity
of trading partners so that access to sensitive information can be
properly accounted for."

This secure version of NCSA Mosaic allows users to affix digital
signatures which cannot be repudiated and time stamps to contracts so
that they become legally binding and auditable.  In addition,
sensitive information such as credit card numbers and bid amounts can
be securely exchanged under encryption. Together, these capabilities
provide the foundation for a broad range of financial services,
including the network equivalents of credit and debit cards, letters
of credit and checks.  In short, such secure WWW software enables
all users to safely transact day-to-day business involving even their
most valuable information on the Internet.

According to Joseph Hardin, director of the NCSA group that developed
NCSA Mosaic, over 50,000 copies of the interface software are being
downloaded monthly from NCSA's public server -- with over 300,000
copies to date. Moreover, five companies have signed license
agreements with NCSA and announced plans to release commercial
products based on NCSA Mosaic.

"This large and rapidly growing installed base represents a vast,
untapped marketplace," says Hardin. The availability of a secure
version of NCSA Mosaic establishes a valid framework for companies to
immediately begin large-scale commerce on the Internet."

Jim Bidzos, president of RSA, sees the agreement as the beginning of a
new era in electronic commerce, where companies routinely transact
business over public networks.

"RSA is proud to provide the enabling public key software technology
and will make it available on a royalty-free basis for inclusion in
NCSA's public distribution of NCSA Mosaic," said Bidzos.  RSA and EIT
will work together to develop attractive licensing programs for
commercial use of public key technology in WWW servers."

At the CommerceNet launch, Allan M. Schiffman, chief technical officer
of EIT, demonstrated a working prototype of secure NCSA Mosaic, along
with a companion product that provides for a secure WWW server. The
prototype was implemented using RSA's TIPEM toolkit.

"In integrating public key cryptography into NCSA Mosaic, we took
great pains to hide the intricacies and preserve the simplicity and
intuitive nature of NCSA Mosaic," explained Schiffman.

Any user that is familiar with NCSA Mosaic should be able to
understand and use the software's new security features.  Immediately
to the left of NCSA's familiar spinning globe icon, a second icon has
been inserted that is designed to resemble a piece of yellow paper.
When a document is signed, a red seal appears at the bottom of the
paper, which the user can click on to see the public key certificates
of the signer and issuing agencies.  When an arriving document is
encrypted, the paper folds into a closed envelope, signifying that its
information is hidden from prying eyes.  When the user fills out a
form containing sensitive information, there is a 'secure send' button
that will encrypt it prior to transmission.

Distribution of Public Keys

To effectively employ public-key cryptography, an infrastructure must
be created to certify and standardize the usage of public key
certificates.  CommerceNet will certify public keys on behalf of
member companies, and will also authorize third parties such as banks,
public agencies, industry consortia to issue keys.  Such keys will
often serve as credentials, for example, identifying someone as a
customer of a bank, with a guaranteed credit line.  Significantly, all
of the transactions involved in doing routine purchases from a catalog
can be accomplished without requiring buyers to obtain public keys.
Using only the server's public key, the buyer can authenticate the
identity of the seller, and transmit credit card information securely
by encrypting it under the seller's public key.  Because there are far
fewer servers than clients, public key administration issues are
greatly simplified.

Easy Access to Strong Security

To successfully combine simplicity of operation and key administration
functions with a high level of security that can be accessible to even
non-sophisticated users, significant changes were necessary for
existing WWW security protocols.  EIT developed a new protocol called
Secure-HTTP for dealing with a full range of modern cryptographic
algorithms and systems in the Web.

Secure-HTTP enables incorporation of a variety of cryptographic
standards, including, but not limited to, RSA's PKCS-7, and Internet
Privacy Enhanced Mail (PEM), and supports maximal interoperation
between clients and servers using different cryptographic algorithms.
Cryptosystem and signature system interoperation is particularly
useful between U.S.  residents and non-U.S. residents, where the
non-U.S. residents may have to use weaker 40-bit keys in conjunction
with RSA's RC2 (TM) and RC4 (TM) variable keysize ciphers.  EIT
intends to publish Secure-HTTP as an Internet standard, and work with
others in the WWW community to create a standard that will encourage
using the Web for a wide variety of commercial transactions.

Availability

EIT will make Secure NCSA Mosaic software available at no charge to
CommerceNet members in September and NCSA will incorporate these
secure features in future NCSA Mosaic releases.

Enterprise Integration Technologies Corp., of Palo Alto, Calif., (EIT)
is an R&D and consulting organization, developing software and
services that help companies do business on the Internet. EIT is also
project manager of CommerceNet.

The National Center for Supercomputer Applications (NCSA), developer
of the Mosaic hypermedia browser based at the University of Illinois
in Champaign, Ill., is pursuing a wide variety of software projects
aimed at making the Internet more useful and easier to use.

RSA Data Security, Inc., Redwood City, Calif., invented Public Key
Cryptography and performs basic research and development in the
cryptographic sciences.  RSA markets software that facilitates the
integration of their technology into applications.

Information on Secure NCSA Mosaic can be obtained by sending e-mail
to shttp-info@eit.com.

Press Contact:

Nancy Teater
Hamilton Communications
Phone:  (415) 321-0252
Fax:  (415) 327-4660
Internet: nrt@hamilton.com





Thread