Private Communications Technology
|Kerberos · PKIX · X.509 · XKMS|
|S/MIME · PGP · Sender ID
DKIM · SPF · PEM1 · MOSS1
|SSL · TLS · PCT1|
Private Communications Technology (PCT) 1.0 was a protocol developed by Microsoft in the mid-1990s. PCT was designed to address security flaws in version 2.0 of Netscape's Secure Sockets Layer protocol and to force Netscape to hand control of the then-proprietary SSL protocol to an open standards body.
PCT has since been superseded by SSLv3 and Transport Layer Security. For a while it was still supported by Internet Explorer, but PCT 1.0 has been disabled since IE 5. It is still found in IIS and in the Windows operating system libraries, although in Windows Server 2003 it is disabled by default.
Due to its near disuse, it is arguably a security risk, in particular because, being rarely used, it has received less attention in testing than commonly used protocols, and there is little incentive for Microsoft to expend effort on maintaining its implementation of it. In particular, one security vulnerability is PCT failing to properly validate message inputs.
- "Internet Explorer Does Not Display Applicable Client Certificates". Microsoft. January 27, 2007. Retrieved 2014-10-20.
- "Vulnerability Note VU#586540 - Microsoft Private Communication Technology (PCT) fails to properly validate message inputs". United States Computer Emergency Readiness Team. 2004-04-13. Retrieved 2009-09-07.
- The Private Communication Technology (PCT) Protocol (published 1995)