Netscape's Secure Sockets Layer (cont.)

Strengths:

: 1. Large browser deployment
2. Can be used with other protocols than HTTP
3. Easy to drop in support (for clients, especially)

Free implementation made in Australia: SSLEAY

Weaknesses:

1.1 Client Implementation: bad random number generator !

Authentication is needed at the Application Layer in long-term

Requires new proxy protocol

No way of getting a vendor-signed receipt (non-repudiation)

Current certificate handling, negotiation clumsier than S-HTTP

There are several other network layer security proposals

IPv6 (IETF)
Kerberos provides secure connection

Overall, it's a simple scheme, primarily useful for credit card info transfer

Microsoft PCT

: Same basic design as SSL
Offers a few improvements (e.g., fewer messages for client auth)

for more information....

Netscape Security Overview

SSLeay and SSLapps FAQ

Microsoft PCT Protocol