The main difference between the protocols is the layer at which they operate. SSL (see Question 134) operates at the transport layer and mimics the "socket library," while S-HTTP (see Question 133) operates at the application layer. Encryption of the transport layer allows SSL to be application-independent, while S-HTTP is limited to the specific software implementing it. The protocols adopt different philosophies towards encryption as well, with SSL encrypting the entire communications channel and S-HTTP encrypting each message independently. S-HTTP allows a user to produce digital signatures on any messages (not just specific messages during an authentication protocol), a feature SSL lacks. Terisa Systems is developing toolkits to support both protocols.
| Question 136 |