The point here is that SHTTP cannot deal with document-level
authentication. I cannot have a personally signed document authenticated by
another user. This is a missing segment in total security over the web. As
I see it you need three types of security to ensure a secure transmission
of a document from one machine to another:
1) Site security - the holding site must be secure so documents cannot be
altered online. SATAN is making people look at this a little differently
this week.
2) Site-to-Site security - ensures the document is not modified en-route.
this is SHTTP or SSL's job.
3) Document security - this allows signed or encrypted documents to be
served and authenticated remotely. this is what I would like to see
implemented.
Philip
--=--=====--=--=====--=--=====--=--=====--=--=====--=--=====--=--=====--=--
Philip Trauring philip@cs.brandeis.edu
Brandeis University MB1001
P.O. Box 9110 "knowledge is my addiction,
Waltham, Ma 02254-9110 information is my drug."
(617) 736-5282 ['94/95]
WWW home page: http://www.cs.brandeis.edu/~philip/home.html
--=--=====--=--=====--=--=====--=--=====--=--=====--=--=====--=--=====--=--