Re: embedding public-key cryptography into HTML

Philip Trauring (
Thu, 6 Apr 95 22:58:53 EDT

>I think instead you should check out
><URL:> - I honestly feel that this
>kind of information should be dealt with external to the HTML document
>itself, because a solution that works like that will also work for any
>kind of datatype.

The point here is that SHTTP cannot deal with document-level
authentication. I cannot have a personally signed document authenticated by
another user. This is a missing segment in total security over the web. As
I see it you need three types of security to ensure a secure transmission
of a document from one machine to another:

1) Site security - the holding site must be secure so documents cannot be
altered online. SATAN is making people look at this a little differently
this week.

2) Site-to-Site security - ensures the document is not modified en-route.
this is SHTTP or SSL's job.

3) Document security - this allows signed or encrypted documents to be
served and authenticated remotely. this is what I would like to see


Philip Trauring
Brandeis University MB1001
P.O. Box 9110 "knowledge is my addiction,
Waltham, Ma 02254-9110 information is my drug."
(617) 736-5282 ['94/95]

WWW home page: