Secure Sockets Layer (SSL) [3] and Secure Hypertext Transport Protocol (S-HTTP) [11] allow for the exchange of multiple messages between two processes. The main difference between these protocols and PGP and PEM is that SSL and S-HTTP use a session model, and thus the security mechanisms and parameters used during a session can be negotiated. This allows the degree and kind of security to be varied according to such factors as the nature of the data being exchanged and the vulnerabilities of the underlying communication media. SSL and S-HTTP were designed primarily for WWW-based commerce.
In terms of implementation, SSL fits between the session and transport layers, and is implemented as a replacement for the sockets API to be used by applications requiring secure communications. S-HTTP, on the other hand, is similar to PEM in terms of implementation - its data are passed in named text fields in the HTTP header.