From: “Amanda Walker” <amanda@intercon.com>
To: cypherpunks@toad.com
Message Hash: 9718ee6351d254d010221a79e35381f2e730db36540171843f3c5f78668902d9
Message ID: <9412131046.AA05938@amanda.dial.intercon.com>
Reply To: N/A
UTC Datetime: 1994-12-13 15:46:45 UTC
Raw Date: Tue, 13 Dec 94 07:46:45 PST
From: "Amanda Walker" <amanda@intercon.com>
Date: Tue, 13 Dec 94 07:46:45 PST
To: cypherpunks@toad.com
Subject: Re: HTTP security
Message-ID: <9412131046.AA05938@amanda.dial.intercon.com>
MIME-Version: 1.0
Content-Type: text/plain
> This seems a very relevant criticism: Has Amanda, or anyone else
> proposed an extension to HTML that would incorporate such things?
Actually, it's not an extension to HTML, but to MIME (whose formats HTTP uses
top tag and label data), and it just went to Proposed Standard (the last step
before Internet Standard). The MIME multipart/signed and multipart/encrypted
body parts allow anything using MIME encapsulation to sign and/or encrypt
arbitrary body parts. Since it's at the document layer, it requires no
special transport software, works with existing proxies and caching servers,
and allows secure HTTP software to share code with secure email software
(since it would use exactly the same formats). The framework is general
enough to allow use with either PEM-compliant signatures and encryption or
others (such as PGP). I believe that can also be used with symmetric key
management, which could be useful for special purpose applications.
EInet's secure SHTTP proposal is also an end-to-end security framework.
Amanda Walker
InterCon Systems Corporation
Return to December 1994
Return to “Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>”