Linux Security HOWTO
: Password Security and Encryption
: SSL, S-HTTP and S/MIME
Previous: PGP and Public-Key Cryptography
Next: Linux IPSEC Implementations
6.2. SSL, S-HTTP and S/MIME
Often users ask about the differences between the various
security and encryption protocols, and how to use them. While this
isn't an encryption document, it is a good idea to explain briefly
what each protocol is, and where to find more information.
- SSL: - SSL, or Secure Sockets Layer, is an encryption
method developed by Netscape to provide security over the Internet.
It supports several different encryption protocols, and provides
client and server authentication. SSL operates at the transport
layer, creates a secure encrypted channel of data, and thus can
seamlessly encrypt data of many types. This is most commonly seen
when going to a secure site to view a secure online document with
Communicator, and serves as the basis for secure communications with
Communicator, as well as many other Netscape Communications data
encryption. More information can be found at http://www.consensus.com/security/ssl-talk-faq.html.
Information on Netscape's other security implementations, and a good
starting point for these protocols is available at http://home.netscape.com/info/security-doc.html. It's also
worth noting that the SSL protocol can be used to pass many other
common protocols, "wrapping" them for security. See
http://www.quiltaholic.com/rickk/sslwrap/
- S-HTTP: - S-HTTP is another protocol that provides
security services across the Internet. It was designed to provide
confidentiality, authentication, integrity, and non-repudiability [cannot be mistaken for someone else] while supporting multiple
key-management mechanisms and cryptographic algorithms via option
negotiation between the parties involved in each transaction. S-HTTP
is limited to the specific software that is implementing it, and
encrypts each message individually. [ From RSA Cryptography FAQ,
page 138]
- S/MIME: - S/MIME, or Secure Multipurpose Internet Mail
Extension, is an encryption standard used to encrypt electronic mail
and other types of messages on the Internet. It is an open standard
developed by RSA, so it is likely we will see it on Linux one day
soon. More information on S/MIME can be found at http://home.netscape.com/assist/security/smime/overview.html.
Linux Security HOWTO
: Password Security and Encryption
: SSL, S-HTTP and S/MIME
Previous: PGP and Public-Key Cryptography
Next: Linux IPSEC Implementations