In addition to Kerberos, NT 5.0 will also support the NT 4.0 authentication, Distributed Password Authentication (DPA), and Transport Layer Security (TLS). NT 4.0 authentication provides backward compatibility for workstations and servers running older versions of NT, and will allow NT 5.0 domains to establish one-way, point-to-point, non-transitive trust relationships with NT 4.0 (and earlier) domains. In addition, NT 5.0 servers will continue to support LAN Manager-style authentication for Windows 3.1, Windows for Workgroups, and Windows 95 clients for those who require backward compatibility and who are willing to accept the security weaknesses entailed. Distributed Password Authentication is a shared-secret authentication protocol used by large Internet membership organizations such as MSN and CompuServe, and is part of the Microsoft Commercial Internet System (MCIS). The protocol allows users to log in once to an Internet membership organization and connect to multiple sites without re-authenticating themselves. TLS is an Internet standard version of Secure Socket Layer version 3 (SSL3), a protocol that uses public key certificates and establishes secure sessions between Web browsers and servers. A TLS secure channel to an NT 5.0 server will use certificates issued by trusted certificate authorities and won't require an online authentication server.