RFC 2660 (rfc2660) - Page 1 of 45


The Secure HyperText Transfer Protocol



Alternative Format: Original Text Document



Network Working Group                                       E. Rescorla
Request for Comments: 2660                                   RTFM, Inc.
Category: Experimental                                     A. Schiffman
                                                   Terisa Systems, Inc.
                                                            August 1999


                 The Secure HyperText Transfer Protocol

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This memo describes a syntax for securing messages sent using the
   Hypertext Transfer Protocol (HTTP), which forms the basis for the
   World Wide Web. Secure HTTP (S-HTTP) provides independently
   applicable security services for transaction confidentiality,
   authenticity/integrity and non-repudiability of origin.

   The protocol emphasizes maximum flexibility in choice of key
   management mechanisms, security policies and cryptographic algorithms
   by supporting option negotiation between parties for each
   transaction.

Table of Contents

   1. Introduction .................................................. 3
   1.1. Summary of Features ......................................... 3
   1.2. Changes ..................................................... 4
   1.3. Processing Model ............................................ 5
   1.4. Modes of Operation .......................................... 6
   1.5. Implementation Options ...................................... 7
   2. Message Format ................................................ 7
   2.1. Notational Conventions ...................................... 8
   2.2. The Request Line ............................................ 8
   2.3. The Status Line ............................................. 8
   2.4. Secure HTTP Header Lines .................................... 8
   2.5. Content .....................................................12
   2.6. Encapsulation Format Options ................................13



Rescorla & Schiffman          Experimental