Web Security, Privacy and Commerce, 2nd Edition

B.1 History

The SSL protocol was designed by Netscape Communications for use with Netscape Navigator. Version 1.0 of the protocol was used inside Netscape. Version 2.0 of the protocol shipped with Netscape Navigator Versions 1 and 2. After SSL 2.0 was published, Microsoft created a similar secure link protocol called PCT (described briefly in Chapter 5) that it claimed overcame some of SSL 2.0's shortcomings. However, PCT generally annoyed the rest of the industry, which claimed that Microsoft wasn't interested in working with standards bodies and was more interested in doing things its own way. The advances of PCT were incorporated into SSL 3.0, which was used as the basis for the TLS protocol developed by the IETF.

The TLS protocol is arranged in two layers:

• The TLS Record Protocol, which is responsible for transmitting blocks of information called records between the two computers.

• The TLS Handshake protocol, which manages key exchange, alerts, and cipher changes.

These two layers are built on top of a third layer, which is not strictly part of SSL:

• The data transport layer (usually TCP/IP)

These layers are illustrated in Figure B-1.