S-HTTP, SSL: Security is in progress

Secure HTTP (S-HTTP) is a secure message-oriented communications protocol designed for use in conjunction with HTTP (Hypertext Transfer Protocol). S-HTTP is designed to coexist with HTTP's messaging model and to be easily integrated with HTTP applications.

S-HTTP is an extension to the HTTP to support sending data securely over the World Wide Web. It was developed by Enterprise Integration Technologies (EIT), which was acquired by Verifone in 1995. Secure HTTP provides a variety of security mechanisms to HTTP clients and servers, providing the security service options appropriate to the wide range of potential end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric capabilities to both client and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP.

But not all Web browsers and servers support S-HTTP. Another technology for transmitting secure communications over the World Wide Web, Secure Sockets Layer (SSL), is more prevalent. However, SSL and S-HTTP have very different designs and goals so it is possible to use the two protocols together. Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely. Both protocols have been submitted to the Internet Engineering Task Force (IETF) for approval as a standard.