PPTP (Point-to-Point Tunneling Protocol) is a legacy VPN protocol that encapsulates PPP packets and relies on PPP-based authentication methods like PAP, CHAP, and MS-CHAP. L2TP (Layer 2 Tunneling Protocol) creates a tunnel but offers no inherent encryption; therefore, it is standard practice to pair it with IPsec to provide data confidentiality (L2TP/IPsec). SSTP (Secure Socket Tunneling Protocol) is designed to tunnel traffic through an SSL/TLS channel (TCP port 443), allowing for high firewall traversal capabilities for remote access. TLS (Transport Layer Security) utilizes asymmetric encryption (public key infrastructure) during its handshake process to authenticate parties and exchange keys for a secure communication session.

IETF RFC 3193, Securing L2TP using IPsec, Abstract. (Defines the necessity of pairing L2TP with IPsec for security).

Microsoft [MS-SSTP], Secure Socket Tunneling Protocol (SSTP) Profile, Section 1.3 "Overview". (Official vendor documentation defining SSTP as a mechanism to transport traffic over SSL/TLS).

IETF RFC 2637, Point-to-Point Tunneling Protocol (PPTP), Section 1. (Describes PPTP tunneling PPP, which uses PAP/CHAP).

NIST SP 800-52 Rev. 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS), Section 1. (Describes TLS usage of asymmetric cryptography for secure session establishment).