Question 136. What is PCT?

PCT stands for Private Communication Technology, a protocol developed by Microsoft and Visa International for secure communication on the Internet [BLS95]. It is a counterpart to Netscape's SSL protocol (see Question 134) and a companion to the STT protocol (see Question 142). Like SSL, PCT is intended for Internet standardization.

The protocol is quite similar to SSL in many respects, and in fact the message formats are similar enough so that a server can interact with clients supporting SSL as well as client supporting PCT. According to the specification, PCT "corrects or improves on several weaknesses of SSL." The following are the main differences:

For key establishment, PCT supports RSA (see Question 8), Diffie-Hellman (see Question 24), and Fortezza (see Question 156); encryption algorithms include DES (see Question 64), triple-DES (see Question 72), RC2 (see Question 75), and RC4 (see Question 87). Both DSA (see Question 26) and RSA signatures are supported.