May 23, 2014

Security Standards and Name Changes in the Browser Wars

The Netscape/Microsoft browser wars in the mid-90's were really vicious and competitive. They really had it out for each other.

Netscape had developed the SSL protocol. The initial version had cryptographic flaws and was broken pretty quickly, and never released. The first production version was SSL 2, which was in use for a few years. (I don't know the exact versions of Navigator it shipped in.)

SSL 2 had some flaws, both cryptographic and practical; not dramatic enough to make replacing it a crisis, but it clearly needed some work from early on.

As a part of the cutthroat competition, Microsoft decided to revise the SSL 2 protocol with some additions of their own, and specified a protocol called "PCT" that was derived from SSL 2. It was only supported in IE and IIS.

Netscape also wanted to address SSL 2 issues, but wasn't going to let Microsoft take leadership/ownership in the standard, so they developed SSL 3.0, which was a more significant departure.

Various people in the industry & community didn't want a fork, so we (Consensus Development, where I worked with Christopher Allen at the time, and where I had written the SSL 3.0 reference implementation under contract to Netscape) hosted a meeting between representatives from Netscape and Microsoft; I forget everyone who was there, but I recall that Bruce Schneier was there (before he was famous), and probably Paul Kocher, who had designed the SSL 3 protocol; Barbara Fox represented Microsoft. And we negotiated a deal where Microsoft and Netscape would both support the IETF taking over the protocol and standardizing it in an open process, which led to me editing the RFC.

As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason). And thus was born TLS 1.0 (which was really SSL 3.1). And of course, now, in retrospect, the whole thing looks silly.

4 comments:

Yuhong Bao said...

SSLv2 shipped in Netscape 1.1 in 1995. SSLv3 shipped in Netscape 2 in 1996.

Tim Dierks said...

Thanks for the timeline clarification. I remember it as longer, but I'm sure you're right—I wrote the SSL 3 reference implementation in summer/fall of 1996, I'm pretty sure.

Yuhong Bao said...

On this matter, anyone remember the Netscape random number generator bug:
http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html
Notice the paragraph at the end about RSA Data Security!

bob said...

Yuhong, I remember that! My computer security professor this past semester was David Wagner, and and mentioned it in class.