Date: Tue, 16 Dec 1997 20:06:58 -0700 (MST) From: Charles Mott <cmott@srv.net> To: chat@freebsd.org, softweyr@xmission.com Cc: questions@freesbd.org, hackers@freebsd.org, isp@freebsd.org Subject: Re: Support for secure http protocols Message-ID: <Pine.BSF.3.96.971216195732.6298A-100000@darkstar.home> In-Reply-To: <34973506.B112548D@xmission.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 16 Dec 1997, Wes Peters wrote: > So, my question is: if I have the capability (time, interest, etc) to > implement only ONE secure http transport, which one should it be? There > is a draft ieft standard for S-HTTP, but Netscape et al HTTP-SSL seems to > have garnered more support in the real world. I've said this once before, but I think the way to go is to operate an "anonymous" ssh server on the web server, and then have the client application set up a secure proxy connection to the host via existing the existing port remapping (-L option) in ssh. I think anonymous ssh could have a similar impact to anonymous ftp. Ssh based clients would use the anonymous user name the same way web browsers do for ftp right now. Ssh and sshd are already universal in the unix world, and the Wintel variant (F-Secure) is reasonably priced. Why not encapsulate security as much as possible in an ssh framework? Then developers could stop thinking about the subtleties and cross-national implications of licensing. Charles Mott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971216195732.6298A-100000>