4.3 Conclusion

The preceding sections have presented a description of requirements and other factors to be considered in assessing candidate protocols used to provide security for electronic commerce applications. The protocols evaluated here, SSL and SHTTP, represent two possible tools which might be used to build secure applications. These tools may well need to be combined with other security mechanisms, particularly secure payment schemes, to meet overall system security requirements. In addition, operational security elements beyond the scope of the protocol specification (e.g. key management, user actions, audit, platform issues) are critical to system security.

In general, SSL and SHTTP provide architecturally distinct, and possibly complementary, methods for supplying many similar security services. The main differences lie in four areas:

Operation in proxy environments

SSL mostly requires a tradeoff between potentially compromising the firewall by creating secure associations through the proxy and terminating the security services at the proxy. SHTTP may also require terminating services at the proxy depending on policy but supports security services, especially authentication, between multiple parties and provides greater flexibility in cases where the proxy is SHTTP aware.

Nature of integration

SSL is essentially an added layer between the application and the transport service and consequently should be simpler to integrate (and may support multiple applications). SHTTP is HTTP specific and is likely to require integration with the application package. For providing secure system solutions, some degree of coupling between the security service and the application will be needed regardless of the choice of protocol.

Performance

SSL incurs a start up latency, especially for new associations and then adds little performance penalty. SHTTP incurs little or no start up delay but adds more per transaction overhead in terms of both size and processing complexity.

Non-repudiation

SSL provides no facilities for non-repudiation while SHTTP provides non-repudiation with proof of origin when digital signatures are employed.

This document serves to provide information to system integrators and providers on the characteristics of the respective protocols. The selection of one or more as elements of a system solution will depend on the requirements of those particular systems and on a detailed analysis of customer, operational, and regulatory characteristics.