HTTPS与S-HTTP

Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.

S-HTTP was designed in 1999 by E. Rescorla and A. Schiffman of EIT, it was never fully accepted by Web browser vendors such as Microsoft and Netscape.

HTTPS is a combination of HTTP with SSL/TLS to provide encrypted communication and secure identification of a network web server.

Here is how HTTPS works:

To support HTTPS, the browser software must pre-install some certificate authorities .

connecting to a web server, the browser asks for the server's certificate(signed by a certificate authority A), after receiving it, the browser checks whether the authority A is trusted, if so, the browser checks whether the server is what it claims to be. After that, the browser and the server will negotiate about the session key, which is used by the SSL as the RC4 key to encrypt the messages.

S-HTTP is a superset of HTTP, it provides a wide variety of mechanisms to provide for confidentiality, authentication, and integrity.

It is not tied to any particular cryptographic system, key infrastructure, or cryptographic format, actually, messages may be protected by using digital signatures, authentication, and encryption.

Upon first contact, the sender and receiver establish preferences for encrypting and handling secure messages.

HTTPS is normally HTTP over SSL.

S-HTTP it's a more advanced version of HTTP.

S-HTTP can authenticate a user while HTTPS authenticates a server.

S-HTTP is more flexible, a number of encryption algorithms and security techniques can be used, including DES and RC2 encryption, or RSA public-key signing. In addition, users can choose to use a particular type of certificate, or no certificate at all. In cases in which public-key certificates are not available, it is possible for a sender and receiver to use a session key that they have exchanged in advance. A challenge/response mechanism is also available.

你可能感兴趣的:(https)