- Authors:
- E. Rescorla,
- A. Schiffman
This memo describes a syntax for securing messages sent using the Hypertext Transfer Protocol (HTTP), which forms the basis for the World Wide Web. Secure HTTP (S-HTTP) provides independently applicable security services for transaction confidentiality, authenticity/integrity and non-repudiability of origin.
RFC Downloads
Cited By
Afanasyev A, Halderman J, Ruoti S, Seamons K, Yu Y, Zappala D and Zhang L Content-based security for the web Proceedings of the 2016 New Security Paradigms Workshop, (49-60)- Fayazbakhsh S, Lin Y, Tootoonchian A, Ghodsi A, Koponen T, Maggs B, Ng K, Sekar V and Shenker S (2013). Less pain, most of the gain, ACM SIGCOMM Computer Communication Review, 43:4, (147-158), Online publication date: 19-Sep-2013.
- Fayazbakhsh S, Lin Y, Tootoonchian A, Ghodsi A, Koponen T, Maggs B, Ng K, Sekar V and Shenker S Less pain, most of the gain Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM, (147-158)
- Singh K, Wang H, Moshchuk A, Jackson C and Lee W Practical end-to-end web content integrity Proceedings of the 21st international conference on World Wide Web, (659-668)
- Mogul J (2019). Clarifying the fundamentals of HTTP, Software—Practice & Experience, 34:2, (103-134), Online publication date: 1-Feb-2004.
- Yi X (2004). Authenticated key agreement in dynamic peer groups, Theoretical Computer Science, 326:1-3, (363-382), Online publication date: 20-Oct-2004.
- Mogul J Clarifying the fundamentals of HTTP Proceedings of the 11th international conference on World Wide Web, (25-36)
- Park J, Sandhu R and Ahn G (2001). Role-based access control on the web, ACM Transactions on Information and System Security (TISSEC), 4:1, (37-71), Online publication date: 1-Feb-2001.
- Krannig A Towards web security using PLASMA Proceedings of the 7th conference on USENIX Security Symposium - Volume 7, (14-14)
- Bhimani A (1996). Securing the commercial Internet, Communications of the ACM, 39:6, (29-35), Online publication date: 1-Jun-1996.
- Steves D, Edmondson-Yurkanan C and Gouda M A protocol for secure transactions Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, (12-12)
- Gabber E and Silberschatz A Agora Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2, (13-13)
Recommendations
A New Secure Authenticated Group Key Transfer Protocol
Group key transfer protocols depend on a mutually trusted key generation center (KGC) to generate group keys and transport group keys to all group members secretly. Generally, KGC encrypts group keys under another secret key shared with each user during ...
Provably secure CL-KEM-based password-authenticated key exchange protocol
Traditional password-based authentication protocols are vulnerable to various password-related attacks, while public key cryptography PKC is expensive to manage certificates. Moreover, the traditional identity-based cryptography suffers to key escrow. ...
Secure cross-realm C2C-PAKE protocol
ACISP'06: Proceedings of the 11th Australasian conference on Information Security and PrivacyClient-to-client password authenticated key exchange (C2C-PAKE) protocol deals with the authenticated key exchange process between two clients, who only share their passwords with their own servers. Jin Wook Byun et al. first divided this scenario into ...