Kryptographie FAQ: Frage 136: What is PCT?

Question 136. What is PCT?

PCT stands for Private Communication Technology, a protocol developed by Microsoft and Visa International for secure communication on the Internet [BLS95]. It is a counterpart to Netscape's SSL protocol (see Question 134) and a companion to the STT protocol (see Question 142). Like SSL, PCT is intended for Internet standardization.

The protocol is quite similar to SSL in many respects, and in fact the message formats are similar enough so that a server can interact with clients supporting SSL as well as client supporting PCT. According to the specification, PCT "corrects or improves on several weaknesses of SSL." The following are the main differences:

PCT involves fewer messages between the client and the server than SSL, and the messages themselves are shorter.
PCT has more choices in the negotiation of algorithm and data formats than SSL, and the negotiation has additional cryptographic protection so that the client and server can verify that their choices have not been modified.
Message authentication and encryption in PCT uses different keys. In SSL, both involve the same keys. This means in particular that in PCT, authentication can involve longer keys than encryption (encryption key length may be limited by export restrictions), and can thus be more secure.
In the PCT authentication protocol, the client's response depends on the negotiated encryption algorithm, where as in SSL it is independent of the algorithm. This provides a kind of "firewall" so that an opponent who recovers the encryption key in a session with one choice of algorithm (e.g., a weak algorithm) cannot subsequently compromise a session with another choice of algorithm (e.g., a strong one). SSL does not have this "firewall."

For key establishment, PCT supports RSA (see Question 8), Diffie-Hellman (see Question 24), and Fortezza (see Question 156); encryption algorithms include DES (see Question 64), triple-DES (see Question 72), RC2 (see Question 75), and RC4 (see Question 87). Both DSA (see Question 26) and RSA signatures are supported.