Microsoft today submitted a proposal to the Internet Engineering Task Force, an Internet standards body, that would set a new common security standard called the Secure Transport Layer Protocol (STLP) if adopted. The new specification combines features of both Netscape's Secure Sockets Layer (SSL) 3.0 and Microsoft's Private Communications Technology (PCT) 2.0 and could eliminate the possibility of having two competitive standards for Internet security.
SSL and PCT both encrypt communications between a Web server and browser, including HTML (Hypertext Markup Language). This means that sensitive data, such as bank account information or credit card numbers, are protected when passed over the network.
Microsoft has written a draft of SLTP and has invited Netscape and other companies to collaborate on what it says is a more secure, scalable standard than either PCT or SSL, according to Mike Jackman, a Microsoft spokesperson.
Netscape officials wouldn't comment yet on the draft proposal received from Microsoft but said Netscape expects to adopt the single security standard ratified by the IETF.
"We see ourselves being very active in the [IETF] working group in trying to get the industry to standardize as quickly as possible [on a single transport protocol standard]," said Jeff Treuhaft, director of security products at Netscape. "It's very important that there be a single open standard. We expect to migrate [all Netscape products] to that standard when the group is done."
Transport-layer protocols like SSL and PCT are separate from secure payment protocols, such as MasterCard and Visa's SET (Secure Electronic Transaction) protocol, which is used for online credit card transactions only.
Microsoft has not yet implemented PCT into any of its products. If it did, PCT servers and clients would be able to communicate with their SSL counterparts, such as Netscape's browser and server, but the connection would not reflect the PCT's true performance and scalability, according to Michele Bourdon, marketing manager for electronic commerce at Microsoft.
Microsoft, which yesterday posted a draft specification for a second version of its own PCT protocol, said that it plans to move over to support the SLTP encryption standard as soon as it is ready. "We're going to go forward with PCT simultaneously until we have convergence," Bourdon said. "We hope this spec will be done so we can put it into Internet Explorer 3.0." Internet Explorer 3.0 is due this summer.