tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 2828


Internet Security Glossary

Part 4 of 8, p. 90 to 119
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 90 
      1. "DoD Basic Security Option" (IP option type 130): Defined for
      use on U.S. Department of Defense common user data networks.
      Identifies the Defense classification level at which the
      datagram is to be protected and the protection authorities
      whose rules apply to the datagram. [R1108]

      A "protection authority" is a National Access Program (e.g.,
      GENSER, SIOP-ESI, SCI, NSA, Department of Energy) or Special
      Access Program that specifies protection rules for transmission
      and processing of the information contained in the datagram.

      2. "DoD Extended Security Option" (IP option type 133): Permits
      additional security labeling information, beyond that present
      in the Basic Security Option, to be supplied in the datagram to
      meet the needs of registered authorities. [R1108]

      3. "Common IP Security Option" (CIPSO) (IP option type 134):
      Designed by TSIG to carry hierarchic and non-hierarchic
      security labels. (Formerly called "Commercial IP Security
      Option".) Was published as Internet-Draft [CIPSO]; not advanced
      to RFC.

   $ Internet Protocol Suite
      See: (secondary definition under) Internet.

   $ Internet Security Association and Key Management Protocol (ISAKMP)
      (I) An Internet IPsec protocol [R2408] to negotiate, establish,
      modify, and delete security associations, and to exchange key
      generation and authentication data, independent of the details of
      any specific key generation technique, key establishment protocol,
      encryption algorithm, or authentication mechanism.

      (C) ISAKMP supports negotiation of security associations for
      protocols at all TCP/IP layers. By centralizing management of
      security associations, ISAKMP reduces duplicated functionality
      within each protocol. ISAKMP can also reduce connection setup
      time, by negotiating a whole stack of services at once. Strong
      authentication is required on ISAKMP exchanges, and a digital
      signature algorithm based on asymmetric cryptography is used
      within ISAKMP's authentication component.

   $ Internet Society (ISOC)
      (I) A professional society concerned with Internet development
      (including technical Internet Standards); with how the Internet is
      and can be used; and with social, political, and technical issues

Top      Up      ToC       Page 91 
      that result. The ISOC Board of Trustees approves appointments to
      the IAB from among nominees submitted by the IETF nominating
      committee. [R2026]

   $ Internet Standard
      (I) A specification, approved by the IESG and published as an RFC,
      that is stable and well-understood, is technically competent, has
      multiple, independent, and interoperable implementations with
      substantial operational experience, enjoys significant public
      support, and is recognizably useful in some or all parts of the
      Internet. [R2026] (See: RFC.)

      (C) The Internet Standards Process is an activity of the ISOC and
      is organized and managed by the IAB and the IESG. The process is
      concerned with all protocols, procedures, and conventions used in
      or by the Internet, whether or not they are part of the Internet
      Protocol Suite. The "Internet Standards Track" has three levels of
      increasing maturity: Proposed Standard, Draft Standard, and
      Standard. (See: (standards levels under) ISO.)

   $ Internet Standards document (ISD)
      (C) In this Glossary, this term refers to an RFC, Internet-Draft,
      or other item that is produced as part of the Internet Standards
      Process [R2026]. However, neither the term nor the abbreviation is
      widely accepted and, therefore, SHOULD NOT be used in an ISD
      unless it is accompanied by an explanation like this. (See:
      Internet Standard.)

   $ internet vs. Internet
      1. (I) Not capitalized: A popular abbreviation for "internetwork".

      2. (I) Capitalized: "The Internet" is the single, interconnected,
      worldwide system of commercial, government, educational, and other
      computer networks that share the set of protocols specified by the
      IAB [R2026] and the name and address spaces managed by the ICANN.

      (C) The protocol set is named the "Internet Protocol Suite". It
      also is popularly known as "TCP/IP", because TCP and IP are two of
      its fundamental components. These protocols enable a user of any
      one of the networks in the Internet to communicate with, or use
      services located on, any of the other networks.

      (C) Although the Internet does have architectural principles
      [R1958], no Internet Standard formally defines a layered reference
      model for the IPS that is similar to the OSIRM. However, Internet
      community documents do refer (inconsistently) to layers:
      application, socket, transport, internetwork, network, data link,

Top      Up      ToC       Page 92 
      and physical. In this Glossary, Internet layers are referred to by
      name to avoid confusing them with OSIRM layers, which are referred
      to by number.

   $ internetwork
      (I) A system of interconnected networks; a network of networks.
      Usually shortened to "internet". (See: internet vs. Internet.)

      (C) An internet is usually built using OSI layer 3 gateways to
      connect a set of subnetworks. When the subnetworks differ in the
      OSI layer 3 protocol service they provide, the gateways sometimes
      implement a uniform internetwork protocol (e.g., IP) that operates
      at the top of layer 3 and hides the underlying heterogeneity from
      hosts that use communication services provided by the internet.
      (See: router.)

   $ intranet
      (I) A computer network, especially one based on Internet
      technology, that an organization uses for its own internal, and
      usually private, purposes and that is closed to outsiders. (See:
      extranet, virtual private network.)

   $ intruder
      (I) An entity that gains or attempts to gain access to a system or
      system resource without having authorization to do so. (See:

   $ intrusion
      See: security intrusion.

   $ intrusion detection
      (I) A security service that monitors and analyzes system events
      for the purpose of finding, and providing real-time or near real-
      time warning of, attempts to access system resources in an
      unauthorized manner.

   $ invalidity date
      (N) An X.509 CRL entry extension that "indicates the date at which
      it is known or suspected that the [revoked certificate's private
      key] was compromised or that the certificate should otherwise be
      considered invalid" [X509].

      (C) This date may be earlier than the revocation date in the CRL
      entry, and may even be earlier than the date of issue of earlier
      CRLs. However, the invalidity date is not, by itself, sufficient
      for purposes of non-repudiation service. For example, to

Top      Up      ToC       Page 93 
      fraudulently repudiate a validly-generated signature, a private
      key holder may falsely claim that the key was compromised at some
      time in the past.

   $ IP
      See: Internet Protocol.

   $ IP address
      (I) A computer's internetwork address that is assigned for use by
      the Internet Protocol and other protocols.

      (C) An IP version 4 [R0791] address is written as a series of four
      8-bit numbers separated by periods. For example, the address of
      the host named "" is

      (C) An IP version 6 [R2373] address is written as x:x:x:x:x:x:x:x,
      where each "x" is the hexadecimal value of one of the eight 16-bit
      parts of the address. For example, 1080:0:0:0:8:800:200C:417A and

   $ IP Security Option
      See: Internet Protocol Security Option.

   $ IPRA
      See: Internet Policy Registration Authority.

   $ IPsec
      See: Internet Protocol security.

   $ IPsec Key Exchange (IKE)
      (I) An Internet, IPsec, key-establishment protocol [R2409] (partly
      based on OAKLEY) that is intended for putting in place
      authenticated keying material for use with ISAKMP and for other
      security associations, such as in AH and ESP.

   $ IPSO
      See: Internet Protocol Security Option.

      See: Internet Security Association and Key Management Protocol.

   $ ISD
      See: Internet Standards document.

   $ ISO
      (I) International Organization for Standardization, a voluntary,
      non-treaty, non-government organization, established in 1947, with
      voting members that are designated standards bodies of

Top      Up      ToC       Page 94 
      participating nations and non-voting observer organizations. (See:
      ANSI, ITU-T.)

      (C) Legally, ISO is a Swiss, non-profit, private organization. ISO
      and the IEC (the International Electrotechnical Commission) form
      the specialized system for worldwide standardization. National
      bodies that are members of ISO or IEC participate in developing
      international standards through ISO and IEC technical committees
      that deal with particular fields of activity. Other international
      governmental and non-governmental organizations, in liaison with
      ISO and IEC, also take part. (ANSI is the U.S. voting member of
      ISO. ISO is a class D member of ITU-T.)

      (C) The ISO standards development process has four levels of
      increasing maturity: Working Draft (WD), Committee Draft (CD),
      Draft International Standard (DIS), and International Standard
      (IS). (See: (standards track levels under) Internet Standard.) In
      information technology, ISO and IEC have a joint technical
      committee, ISO/IEC JTC 1. DISs adopted by JTC 1 are circulated to
      national bodies for voting, and publication as an IS requires
      approval by at least 75% of the national bodies casting a vote.

   $ ISOC
      See: Internet Society.

   $ issue (a digital certificate or CRL)
      (I) Generate and sign a digital certificate (or CRL) and, usually,
      distribute it and make it available to potential certificate users
      (or CRL users). (See: certificate creation.)

      (C) The ABA Guidelines [ABA] explicitly limit this term to
      certificate creation, and exclude the act of publishing. In
      general usage, however, "issuing" a digital certificate (or CRL)
      includes not only certificate creation but also making it
      available to potential users, such as by storing it in a
      repository or other directory or otherwise publishing it.

   $ issuer
      1. (I) "Issuer" of a certificate or CRL: The CA that signs the
      digital certificate or CRL.

      (C) An X.509 certificate always includes the issuer's name. The
      name may include a common name value.

      2. (N) "Issuer" of a payment card: SET usage: "The financial
      institution or its agent that issues the unique primary account
      number to the cardholder for the payment card brand." [SET2]

Top      Up      ToC       Page 95 
      (C) The institution that establishes the account for a cardholder
      and issues the payment card also guarantees payment for authorized
      transactions that use the card in accordance with card brand
      regulations and local legislation. [SET1]

   $ ITAR
      See: International Traffic in Arms Regulations.

   $ ITSEC
      See: Information Technology System Evaluation Criteria.

   $ ITU-T
      (N) International Telecommunications Union, Telecommunication
      Standardization Sector (formerly "CCITT"), a United Nations treaty
      organization that is composed mainly of postal, telephone, and
      telegraph authorities of the member countries and that publishes
      standards called "Recommendations". (See: X.400, X.500.)

      (C) The Department of State represents the United States. ITU-T
      works on many kinds of communication systems. ITU-T cooperates
      with ISO on communication protocol standards, and many
      Recommendations in that area are also published as an ISO standard
      with an ISO name and number.

   $ IV
      See: initialization value.

   $ KDC
      See: Key Distribution Center.

   $ KEA
      See: Key Exchange Algorithm.

   $ KEK
      See: key-encrypting key.

   $ Kerberos
      (N) A system developed at the Massachusetts Institute of
      Technology that depends on passwords and symmetric cryptography
      (DES) to implement ticket-based, peer entity authentication
      service and access control service distributed in a client-server
      network environment. [R1510, Stei]

      (C) Kerberos was developed by Project Athena and is named for the
      three-headed dog guarding Hades.

   $ key
      See: cryptographic key.

Top      Up      ToC       Page 96 
   $ key agreement (algorithm or protocol)
      (I) A key establishment method (especially one involving
      asymmetric cryptography) by which two or more entities, without
      prior arrangement except a public exchange of data (such as public
      keys), each computes the same key value. I.e., each can
      independently generate the same key value, but that key cannot be
      computed by other entities. (See: Diffie-Hellman, key
      establishment, Key Exchange Algorithm, key transport.)

      (O) "A method for negotiating a key value on line without
      transferring the key, even in an encrypted form, e.g., the Diffie-
      Hellman technique." [X509]

      (O) "The procedure whereby two different parties generate shared
      symmetric keys such that any of the shared symmetric keys is a
      function of the information contributed by all legitimate
      participants, so that no party [alone] can predetermine the value
      of the key." [A9042]

      (C) For example, a message originator and the intended recipient
      can each use their own private key and the other's public key with
      the Diffie-Hellman algorithm to first compute a shared secret
      value and, from that value, derive a session key to encrypt the

   $ key authentication
      (N) "The assurance of the legitimate participants in a key
      agreement that no non-legitimate party possesses the shared
      symmetric key." [A9042]

   $ key center
      (I) A centralized key distribution process (used in symmetric
      cryptography), usually a separate computer system, that uses key-
      encrypting keys (master keys) to encrypt and distribute session
      keys needed in a community of users.

      (C) An ANSI standard [A9017] defines two types of key center: key
      distribution center and key translation center.

   $ key confirmation
      (N) "The assurance of the legitimate participants in a key
      establishment protocol that the intended parties sharing the
      symmetric key actually possess the shared symmetric key." [A9042]

   $ key distribution
      (I) A process that delivers a cryptographic key from the location
      where it is generated to the locations where it is used in a
      cryptographic algorithm. (See: key management.)

Top      Up      ToC       Page 97 
   $ key distribution center (KDC)
      (I) A type of key center (used in symmetric cryptography) that
      implements a key distribution protocol to provide keys (usually,
      session keys) to two (or more) entities that wish to communicate
      securely. (See: key translation center.)

      (C) A KDC distributes keys to Alice and Bob, who (a) wish to
      communicate with each other but do not currently share keys, (b)
      each share a KEK with the KDC, and (c) may not be able to generate
      or acquire keys by themselves. Alice requests the keys from the
      KDC. The KDC generates or acquires the keys and makes two
      identical sets. The KDC encrypts one set in the KEK it shares with
      Alice, and sends that encrypted set to Alice. The KDC encrypts the
      second set in the KEK it shares with Bob, and either sends that
      encrypted set to Alice for her to forward to Bob, or sends it
      directly to Bob (although the latter option is not supported in
      the ANSI standard [A9017]).

   $ key encapsulation
      See: (secondary definition under) key recovery.

   $ key-encrypting key (KEK)
      (I) A cryptographic key that is used to encrypt other keys, either
      DEKs or other KEKs, but usually is not used to encrypt application

   $ key escrow
      See: (secondary definition under) key recovery.

   $ key establishment (algorithm or protocol)
      (I) A process that combines the key generation and key
      distribution steps needed to set up or install a secure
      communication association. (See: key agreement, key transport.)

      (O) "The procedure to share a symmetric key among different
      parties by either key agreement or key transport." [A9042]

      (C) Key establishment involves either key agreement or key

       - Key transport: One entity generates a secret key and securely
         sends it to the other entity. (Or each entity generates a
         secret value and securely sends it to the other entity, where
         the two values are combined to form a secret key.)

       - Key agreement: No secret is sent from one entity to another.
         Instead, both entities, without prior arrangement except a
         public exchange of data, compute the same secret value. I.e.,

Top      Up      ToC       Page 98 
         each can independently generate the same value, but that value
         cannot be computed by other entities.

   $ Key Exchange Algorithm (KEA)
      (N) A key agreement algorithm [NIST] that is similar to the
      Diffie-Hellman algorithm, uses 1024-bit asymmetric keys, and was
      developed and formerly classified at the "Secret" level by NSA.

      (C) On 23 June 1998, the NSA announced that KEA had been

   $ key generation
      (I) A process that creates the sequence of symbols that comprise a
      cryptographic key. (See: key management.)

   $ key generator
      1. (I) An algorithm that uses mathematical rules to
      deterministically produce a pseudo-random sequence of
      cryptographic key values.

      2. (I) An encryption device that incorporates a key generation
      mechanism and applies the key to plaintext (e.g., by exclusive OR-
      ing the key bit string with the plaintext bit string) to produce

   $ key length
      (I) The number of symbols (usually bits) needed to be able to
      represent any of the possible values of a cryptographic key. (See:
      key space.)

   $ key lifetime
      (N) MISSI usage: An attribute of a MISSI key pair that specifies a
      time span that bounds the validity period of any MISSI X.509
      public-key certificate that contains the public component of the
      pair. (See: cryptoperiod.)

   $ key management
      (I) The process of handling and controlling cryptographic keys and
      related material (such as initialization values) during their life
      cycle in a cryptographic system, including ordering, generating,
      distributing, storing, loading, escrowing, archiving, auditing,
      and destroying the material. (See: key distribution, key escrow,
      keying material, public-key infrastructure.)

      (O) "The generation, storage, distribution, deletion, archiving
      and application of keys in accordance with a security policy."
      [I7498 Part 2]

Top      Up      ToC       Page 99 
      (O) "The activities involving the handling of cryptographic keys
      and other related security parameters (e.g., IVs, counters) during
      the entire life cycle of the keys, including their generation,
      storage, distribution, entry and use, deletion or destruction, and
      archiving." [FP140]

   $ Key Management Protocol (KMP)
      (N) A protocol to establish a shared symmetric key between a pair
      (or a group) of users. (One version of KMP was developed by SDNS,
      and another by SILS.)

   $ key material identifier (KMID)
      (N) MISSI usage: A 64-bit identifier that is assigned to a key
      pair when the public key is bound in a MISSI X.509 public-key

   $ key pair
      (I) A set of mathematically related keys--a public key and a
      private key--that are used for asymmetric cryptography and are
      generated in a way that makes it computationally infeasible to
      derive the private key from knowledge of the public key (e.g.,
      see: Diffie-Hellman, Rivest-Shamir-Adleman).

      (C) A key pair's owner discloses the public key to other system
      entities so they can use the key to encrypt data, verify a digital
      signature, compute a protected checksum, or generate a key in a
      key agreement algorithm. The matching private key is kept secret
      by the owner, who uses it to decrypt data, generate a digital
      signature, verify a protected checksum, or generate a key in a key
      agreement algorithm.

   $ key recovery
      1. (I) A process for learning the value of a cryptographic key
      that was previously used to perform some cryptographic operation.
      (See: cryptanalysis.)

      2. (I) Techniques that provide an intentional, alternate (i.e.,
      secondary) means to access the key used for data confidentiality
      service in an encrypted association. [DOD4]

      (C) We assume that the encryption mechanism has a primary means of
      obtaining the key through a key establishment algorithm or
      protocol. For the secondary means, there are two classes of key
      recovery techniques--key escrow and key encapsulation:

Top      Up      ToC       Page 100 
       - "Key escrow": A key recovery technique for storing knowledge of
         a cryptographic key or parts thereof in the custody of one or
         more third parties called "escrow agents", so that the key can
         be recovered and used in specified circumstances.

         Key escrow is typically implemented with split knowledge
         techniques. For example, the Escrowed Encryption Standard
         [FP185] entrusts two components of a device-unique split key to
         separate escrow agents. The agents provide the components only
         to someone legally authorized to conduct electronic
         surveillance of telecommunications encrypted by that specific
         device. The components are used to reconstruct the device-
         unique key, and it is used to obtain the session key needed to
         decrypt communications.

       - "Key encapsulation": A key recovery technique for storing
         knowledge of a cryptographic key by encrypting it with another
         key and ensuring that that only certain third parties called
         "recovery agents" can perform the decryption operation to
         retrieve the stored key.

         Key encapsulation typically allows direct retrieval of the
         secret key used to provide data confidentiality.

   $ key space
      (I) The range of possible values of a cryptographic key; or the
      number of distinct transformations supported by a particular
      cryptographic algorithm. (See: key length.)

   $ key translation center
      (I) A type of key center (used in a symmetric cryptography) that
      implements a key distribution protocol to convey keys between two
      (or more) parties who wish to communicate securely. (See: key
      distribution center.)

      (C) A key translation center translates keys for future
      communication between Bob and Alice, who (a) wish to communicate
      with each other but do not currently share keys, (b) each share a
      KEK with the center, and (c) have the ability to generate or
      acquire keys by themselves. Alice generates or acquires a set of
      keys for communication with Bob. Alice encrypts the set in the KEK
      she shares with the center and sends the encrypted set to the
      center. The center decrypts the set, reencrypts the set in the KEK
      it shares with Bob, and either sends that encrypted set to Alice
      for her to forward to Bob, or sends it directly to Bob (although
      direct distribution is not supported in the ANSI standard

Top      Up      ToC       Page 101 
   $ key transport (algorithm or protocol)
      (I) A key establishment method by which a secret key is generated
      by one entity in a communication association and securely sent to
      another entity in the association. (See: key agreement.)

      (O) "The procedure to send a symmetric key from one party to other
      parties. As a result, all legitimate participants share a common
      symmetric key in such a way that the symmetric key is determined
      entirely by one party." [A9042]

      (C) For example, a message originator can generate a random
      session key and then use the Rivest-Shamir-Adleman algorithm to
      encrypt that key with the public key of the intended recipient.

   $ key update
      (I) Derive a new key from an existing key. (See: certificate

   $ key validation
      (N) "The procedure for the receiver of a public key to check that
      the key conforms to the arithmetic requirements for such a key in
      order to thwart certain types of attacks." [A9042]

   $ keyed hash
      (I) A cryptographic hash (e.g., [R1828]) in which the mapping to a
      hash result is varied by a second input parameter that is a
      cryptographic key. (See: checksum.)

      (C) If the input data object is changed, a new hash result cannot
      be correctly computed without knowledge of the secret key. Thus,
      the secret key protects the hash result so it can be used as a
      checksum even when there is a threat of an active attack on the
      data. There are least two forms of keyed hash:

       - A function based on a keyed encryption algorithm. (E.g., see:
         Data Authentication Code.)

      -  A function based on a keyless hash that is enhanced by
         combining (e.g., by concatenating) the input data object
         parameter with a key parameter before mapping to the hash
         result. (E.g., see: HMAC.)

   $ keying material
      (I) Data (such as keys, key pairs, and initialization values)
      needed to establish and maintain a cryptographic security

Top      Up      ToC       Page 102 
   $ KMID
      See: key material identifier.

   $ known-plaintext attack
      (I) A cryptanalysis technique in which the analyst tries to
      determine the key from knowledge of some plaintext-ciphertext
      pairs (although the analyst may also have other clues, such as the
      knowing the cryptographic algorithm).

   $ L2F
      See: Layer 2 Forwarding Protocol.

   $ L2TP
      See: Layer 2 Tunneling Protocol.

   $ label
      See: security label.

   $ Language of Temporal Ordering Specification (LOTOS)
      (N) A language (ISO 8807-1990) for formal specification of
      computer network protocols; describes the order in which events

   $ lattice model
      (I) A security model for flow control in a system, based on the
      lattice that is formed by the finite security levels in a system
      and their partial ordering. [Denn] (See: flow control, security
      level, security model.)

      (C) The model describes the semantic structure formed by a finite
      set of security levels, such as those used in military

      (C) A lattice is a finite set together with a partial ordering on
      its elements such that for every pair of elements there is a least
      upper bound and a greatest lower bound. For example, a lattice is
      formed by a finite set S of security levels -- i.e., a set S of all
      ordered pairs (x, c), where x is one of a finite set X of
      hierarchically ordered classification levels (X1, ..., Xm), and c
      is a (possibly empty) subset of a finite set C of non-hierarchical
      categories (C1, ..., Cn) -- together with the "dominate" relation.
      (See: dominate.)

   $ Law Enforcement Access Field (LEAF)
      (N) A data item that is automatically embedded in data encrypted
      by devices (e.g., see: CLIPPER chip) that implement the Escrowed
      Encryption Standard.

Top      Up      ToC       Page 103 
   $ Layer 2 Forwarding Protocol (L2F)
      (N) An Internet protocol (originally developed by Cisco
      Corporation) that uses tunneling of PPP over IP to create a
      virtual extension of a dial-up link across a network, initiated by
      the dial-up server and transparent to the dial-up user. (See:

   $ Layer 2 Tunneling Protocol (L2TP)
      (N) An Internet client-server protocol that combines aspects of
      PPTP and L2F and supports tunneling of PPP over an IP network or
      over frame relay or other switched network. (See: virtual private

      (C) PPP can in turn encapsulate any OSI layer 3 protocol. Thus,
      L2TP does not specify security services; it depends on protocols
      layered above and below it to provide any needed security.

   $ LDAP
      See: Lightweight Directory Access Protocol.

   $ least privilege
      (I) The principle that a security architecture should be designed
      so that each system entity is granted the minimum system resources
      and authorizations that the entity needs to do its work. (See:
      economy of mechanism.)

      (C) This principle tends to limit damage that can be caused by an
      accident, error, or unauthorized act.

   $ Lightweight Directory Access Protocol (LDAP)
      (N) A client-server protocol that supports basic use of the X.500
      Directory (or other directory servers) without incurring the
      resource requirements of the full Directory Access Protocol (DAP).

      (C) Designed for simple management and browser applications that
      provide simple read/write interactive directory service. Supports
      both simple authentication and strong authentication of the client
      to the directory server.

   $ link
      (I) World Wide Web usage: See: hyperlink.

      (I) Subnetwork usage: A point-to-point communication channel
      connecting two subnetwork relays (especially one between two
      packet switches) that is implemented at OSI layer 2. (See: link

Top      Up      ToC       Page 104 
      (C) The relay computers assume that links are logically passive.
      If a computer at one end of a link sends a sequence of bits, the
      sequence simply arrives at the other end after a finite time,
      although some bits may have been changed either accidentally
      (errors) or by active wiretapping.

   $ link-by-link encryption
   $ link encryption
      (I) Stepwise protection of data that flows between two points in a
      network, provided by encrypting data separately on each network
      link, i.e., by encrypting data when it leaves a host or subnetwork
      relay and decrypting when it arrives at the next host or relay.
      Each link may use a different key or even a different algorithm.
      [R1455] (See: end-to-end encryption.)

   $ logic bomb
      (I) Malicious logic that activates when specified conditions are
      met. Usually intended to cause denial of service or otherwise
      damage system resources. (See: Trojan horse, virus, worm.)

   $ login
      (I) The act of a system entity gaining access to a session in
      which the entity can use system resources; usually accomplished by
      providing a user name and password to an access control system
      that authenticates the user.

      (C) Derives from "log" file", a security audit trail that records
      security events, such as the beginning of sessions, and who
      initiates them.

   $ LOTOS
      See: Language of Temporal Ordering Specification.

   $ MAC
      See: mandatory access control, Message Authentication Code.

   $ malicious logic
      (I) Hardware, software, or firmware that is intentionally included
      or inserted in a system for a harmful purpose. (See: logic bomb,
      Trojan horse, virus, worm.)

   $ malware
      (I) A contraction of "malicious software". (See: malicious logic.)

      (D) ISDs SHOULD NOT use this term because it is not listed in most
      dictionaries and could confuse international readers.

Top      Up      ToC       Page 105 
   $ man-in-the-middle
      (I) A form of active wiretapping attack in which the attacker
      intercepts and selectively modifies communicated data in order to
      masquerade as one or more of the entities involved in a
      communication association. (See: hijack attack, piggyback attack.)

      (C) For example, suppose Alice and Bob try to establish a session
      key by using the Diffie-Hellman algorithm without data origin
      authentication service. A "man in the middle" could (a) block
      direct communication between Alice and Bob and then (b) masquerade
      as Alice sending data to Bob, (c) masquerade as Bob sending data
      to Alice, (d) establish separate session keys with each of them,
      and (e) function as a clandestine proxy server between them in
      order to capture or modify sensitive information that Alice and
      Bob think they are sending only to each other.

   $ mandatory access control (MAC)
      (I) An access control service that enforces a security policy
      based on comparing (a) security labels (which indicate how
      sensitive or critical system resources are) with (b) security
      clearances (which indicate system entities are eligible to access
      certain resources). (See: discretionary access control, rule-based
      security policy.)

      (C) This kind of access control is called "mandatory" because an
      entity that has clearance to access a resource may not, just by
      its own volition, enable another entity to access that resource.

      (O) "A means of restricting access to objects based on the
      sensitivity (as represented by a label) of the information
      contained in the objects and the formal authorization (i.e.,
      clearance) of subjects to access information of such sensitivity."

   $ manipulation detection code
      (D) ISDs SHOULD NOT use this term as a synonym for "checksum"
      because the word "manipulation" implies protection against active
      attacks, which an ordinary checksum might not provide. Instead, if
      such protection is intended, use "protected checksum" or some
      particular type thereof, depending on which is meant. If such
      protection is not intended, use "error detection code" or some
      specific type of checksum that is not protected.

   $ masquerade attack
      (I) A type of attack in which one system entity illegitimately
      poses as (assumes the identity of) another entity. (See: spoofing

Top      Up      ToC       Page 106 
   $ MCA
      See: merchant certificate authority.

   $ MD2
      (N) A cryptographic hash [R1319] that produces a 128-bit hash
      result, was designed by Ron Rivest, and is similar to MD4 and MD5
      but slower. (See: message digest.)

   $ MD4
      (N) A cryptographic hash [R1320] that produces a 128-bit hash
      result and was designed by Ron Rivest. (See: message digest and

   $ MD5
      (N) A cryptographic hash [R1321] that produces a 128-bit hash
      result and was designed by Ron Rivest to be an improved version of

   $ merchant
      (O) SET usage: "A seller of goods, services, and/or other
      information who accepts payment for these items electronically."
      [SET2] A merchant may also provide electronic selling services
      and/or electronic delivery of items for sale. With SET, the
      merchant can offer its cardholders secure electronic interactions,
      but a merchant that accepts payment cards is required to have a
      relationship with an acquirer. [SET1, SET2]

   $ merchant certificate
      (O) SET usage: A public-key certificate issued to a merchant.
      Sometimes used to refer to a pair of such certificates where one
      is for digital signature use and the other is for encryption.

   $ merchant certification authority (MCA)
      (O) SET usage: A CA that issues digital certificates to merchants
      and is operated on behalf of a payment card brand, an acquirer, or
      another party according to brand rules. Acquirers verify and
      approve requests for merchant certificates prior to issuance by
      the MCA. An MCA does not issue a CRL, but does distribute CRLs
      issued by root CAs, brand CAs, geopolitical CAs, and payment
      gateway CAs. [SET2]

   $ mesh PKI
      (I) A non-hierarchical PKI architecture in which there are several
      trusted CAs rather than a single root. Each certificate user bases
      path validations on the public key of one of the trusted CAs,
      usually the one that issued that user's own public-key
      certificate. Rather than having superior-to-subordinate

Top      Up      ToC       Page 107 
      relationships between CAs, the relationships are peer-to-peer, and
      CAs issue cross-certificates to each other. (See: hierarchical
      PKI, trust-file PKI.)

   $ message authentication code vs. Message Authentication Code (MAC)
      1. (N) Capitalized: "(The) Message Authentication Code" refers to
      an ANSI standard for a checksum that is computed with a keyed hash
      that is based on DES. [A9009] (Also known as the U.S. Government
      standard Data Authentication Code. [FP113])

      (C) The ANSI standard MAC algorithm is equivalent to cipher block
      chaining with IV = 0.

      2. (D) Not capitalized: ISDs SHOULD NOT use the uncapitalized form
      "message authentication code", because this term mixes concepts in
      a potentially misleading way. Instead, use "checksum", "error
      detection code", "hash", "keyed hash", "Message Authentication
      Code", or "protected checksum", depending on what is meant. (See:
      authentication code.)

      (C) In the uncapitalized form, the word "message" is misleading
      because it implies that the mechanism is particularly suitable for
      or limited to electronic mail (see: Message Handling Systems), the
      word "authentication" is misleading because the mechanism
      primarily serves a data integrity function rather than an
      authentication function, and the word "code" is misleading because
      it implies that either encoding or encryption is involved or that
      the term refers to computer software.

   $ message digest
      (D) ISDs SHOULD NOT use this term as a synonym for "hash result"
      because it unnecessarily duplicates the meaning of the other, more
      general term and mixes concepts in a potentially misleading way.
      (See: cryptographic hash, Message Handling System.)

   $ Message Handling Systems
      (I) A ITU-T/ISO system concept, which encompasses the notion of
      electronic mail but defines more comprehensive OSI systems and
      services that enable users to exchange messages on a store-and-
      forward basis. (The ISO equivalent is "Message Oriented Text
      Interchange System".) (See: X.400.)

   $ message indicator
      (D) ISDs SHOULD NOT use this term as a synonym for "initialization
      value" because it mixes concepts in a potentially misleading way.

Top      Up      ToC       Page 108 
   $ message integrity check
   $ message integrity code
      (D) ISDs SHOULD NOT use these terms because they mix concepts in a
      potentially misleading way. (The word "message" is misleading
      because it suggests that the mechanism is particularly suitable
      for or limited to electronic mail. The word "code" is misleading
      because it suggests that either encoding or encryption is
      involved, or that the term refers to computer software.) Instead,
      use "checksum", "error detection code", "hash", "keyed hash",
      "Message Authentication Code", or "protected checksum", depending
      on what is meant.

   $ Message Security Protocol (MSP)
      (N) A secure message handling protocol [SDNS7] for use with X.400
      and Internet mail protocols. Developed by NSA's SDNS program and
      used in the U.S. Defense Message System.

   $ MHS
      See: message handling system.

   $ MIME
      See: Multipurpose Internet Mail Extensions.

   $ MIME Object Security Services (MOSS)
      (I) An Internet protocol [R1848] that applies end-to-end
      encryption and digital signature to MIME message content, using
      symmetric cryptography for encryption and asymmetric cryptography
      for key distribution and signature. MOSS is based on features and
      specifications of PEM. (See: S/MIME.)

   $ Minimum Interoperability Specification for PKI Components (MISPC)
      (N) A technical description to provide a basis for interoperation
      between PKI components from different vendors; consists primarily
      of a profile of certificate and CRL extensions and a set of
      transactions for PKI operation. [MISPC]

   $ MISPC
      See: Minimum Interoperability Specification for PKI Components.

   $ MISSI
      (N) Multilevel Information System Security Initiative, an NSA
      program to encourage development of interoperable, modular
      products for constructing secure network information systems in
      support of a wide variety of Government missions. (See: MSP.)

Top      Up      ToC       Page 109 
   $ MISSI user
      (O) MISSI usage: A system entity that is the subject of one or
      more MISSI X.509 public-key certificates issued under a MISSI
      certification hierarchy. (See: personality.)

      (C) MISSI users include both end users and the authorities that
      issue certificates. A MISSI user is usually a person but may be a
      machine or other automated process. Some machines are required to
      operate non-stop. To avoid downtime needed to exchange the
      FORTEZZA cards of machine operators at shift changes, the machines
      may be issued their own cards, as if they were persons.

   $ mode
   $ mode of operation
      (I) Encryption usage: A technique for enhancing the effect of a
      cryptographic algorithm or adapting the algorithm for an
      application, such as applying a block cipher to a sequence of data
      blocks or a data stream. (See: electronic codebook, cipher block
      chaining, cipher feedback, output feedback.)

      (I) System operation usage: A type of security policy that states
      the range of classification levels of information that a system is
      permitted to handle and the range of clearances and authorizations
      of users who are permitted to access the system. (See: dedicated
      security mode, multilevel security mode, partitioned security
      mode, system high security mode.)

   $ modulus
      (I) The defining constant in modular arithmetic, and usually a
      part of the public key in asymmetric cryptography that is based on
      modular arithmetic. (See: Diffie-Hellman, Rivest-Shamir-Adleman.)

   $ Morris Worm
      (I) A worm program written by Robert T. Morris, Jr. that flooded
      the ARPANET in November, 1988, causing problems for thousands of
      hosts. (See: worm.)

   $ MOSS
      See: MIME Object Security Services.

   $ MSP
      See: Message Security Protocol.

   $ multilevel secure (MLS)
      (I) A class of system that has system resources (particularly
      stored information) at more than one security level (i.e., has
      different types of sensitive resources) and that permits

Top      Up      ToC       Page 110 
      concurrent access by users who differ in security clearance and
      need-to-know, but is able to prevent each user from accessing
      resources for which the user lacks authorization.

   $ multilevel security mode
      (I) A mode of operation of an information system, that allows two
      or more classification levels of information to be processed
      concurrently within the same system when not all users have a
      clearance or formal access authorization for all data handled by
      the system.

      (C) This mode is defined formally in U.S. Department of Defense
      policy regarding system accreditation [DOD2], but the term is also
      used outside the Defense Department and outside the Government.

   $ Multipurpose Internet Mail Extensions (MIME)
      (I) An Internet protocol [R2045] that enhances the basic format of
      Internet electronic mail messages [R0822] to be able to use
      character sets other than US-ASCII for textual headers and text
      content, and to carry non-textual and multi-part content. (See:

   $ mutual suspicion
      (I) The state that exists between two interacting system entities
      in which neither entity can trust the other to function correctly
      with regard to some security requirement.

   $ National Computer Security Center (NCSC)
      (N) A U.S. Department of Defense organization, housed in NSA, that
      has responsibility for encouraging widespread availability of
      trusted computer systems throughout the Federal Government. It has
      established criteria for, and performs evaluations of, computer
      and network systems that have a trusted computing base. (See:
      Evaluated Products List, Rainbow Series, TCSEC.)

   $ National Information Assurance Partnership (NIAP)
      (N) An organization created by NIST and NSA to enhance the quality
      of commercial products for information security and increase
      consumer confidence in those products through objective evaluation
      and testing methods.

      (C) NIAP is registered, through the U.S. Department of Defense, as
      a National Performance Review Reinvention Laboratory. NIAP
      functions include the following:

       - Developing tests, test methods, and other tools that developers
         and testing laboratories may use to improve and evaluate
         security products.

Top      Up      ToC       Page 111 
       - Collaborating with industry and others on research and testing
       - Using the Common Criteria to develop protection profiles and
         associated test sets for security products and systems.
       - Cooperating with the NIST National Voluntary Laboratory
         Accreditation Program to develop a program to accredit private-
         sector laboratories for the testing of information security
         products using the Common Criteria.
       - Working to establish a formal, international mutual recognition
         scheme for a Common Criteria-based evaluation.

   $ National Institute of Standards and Technology (NIST)
      (N) A U.S. Department of Commerce agency that promotes U.S.
      economic growth by working with industry to develop and apply
      technology, measurements, and standards. Has primary Government
      responsibility for INFOSEC standards for unclassified but
      sensitive information. (See: ANSI, DES, DSA, DSS, FIPS, NIAP,

   $ National Security Agency (NSA)
      (N) A U.S. Department of Defense intelligence agency that has
      primary Government responsibility for INFOSEC for classified
      information and for unclassified but sensitive information handled
      by national security systems. (See: FORTEZZA, KEA, MISSI, NIAP,

   $ need-to-know
      (I) The necessity for access to, knowledge of, or possession of
      specific information required to carry out official duties.

      (C) This criterion is used in security procedures that require a
      custodian of sensitive information, prior to disclosing the
      information to someone else, to establish that the intended
      recipient has proper authorization to access the information.

   $ network
      See: computer network.

   $ NIAP
      See: National Information Assurance Partnership.

   $ NIST
      See: National Institute of Standards and Technology.

   $ NLSP
      Network Layer Security Protocol. An OSI protocol (IS0 11577) for
      end-to-end encryption services at the top of OSI layer 3. NLSP is
      derived from an SDNS protocol, SP3, but is much more complex.

Top      Up      ToC       Page 112 
   $ no-lone zone
      (I) A room or other space to which no person may have
      unaccompanied access and that, when occupied, is required to be
      occupied by two or more appropriately authorized persons. (See:
      dual control.)

   $ nonce
      (I) A random or non-repeating value that is included in data
      exchanged by a protocol, usually for the purpose of guaranteeing
      liveness and thus detecting and protecting against replay attacks.

   $ non-critical
      See: critical (extension of certificate).

   $ non-repudiation service
      (I) A security service that provide protection against false
      denial of involvement in a communication. (See: repudiation.)

      (C) Non-repudiation service does not and cannot prevent an entity
      from repudiating a communication. Instead, the service provides
      evidence that can be stored and later presented to a third party
      to resolve disputes that arise if and when a communication is
      repudiated by one of the entities involved. There are two basic
      kinds of non-repudiation service:

       - "Non-repudiation with proof of origin" provides the recipient
         of data with evidence that proves the origin of the data, and
         thus protects the recipient against an attempt by the
         originator to falsely deny sending the data. This service can
         be viewed as a stronger version of an data origin
         authentication service, in that it proves authenticity to a
         third party.

       - "Non-repudiation with proof of receipt" provides the originator
         of data with evidence that proves the data was received as
         addressed, and thus protects the originator against an attempt
         by the recipient to falsely deny receiving the data.

      (C) Phases of a Non-Repudiation Service: Ford [For94, For97] uses
      the term "critical action" to refer to the act of communication
      that is the subject of the service:

Top      Up      ToC       Page 113 
      --------   --------   --------   --------   --------   . --------
      Phase 1:   Phase 2:   Phase 3:   Phase 4:   Phase 5:   . Phase 6:
      Request    Generate   Transfer   Verify     Retain     . Resolve
      Service    Evidence   Evidence   Evidence   Evidence   . Dispute
      --------   --------   --------   --------   --------   . --------

      Service    Critical   Evidence   Evidence   Archive    . Evidence
      Request => Action  => Stored  => Is      => Evidence   . Is
      Is Made    Occurs     For Later  Tested     In Case    . Verified
                 and        Use |          ^      Critical   .     ^
                 Evidence       v          |      Action Is  .     |
                 Is         +-------------------+ Repudiated .     |
                 Generated  |Verifiable Evidence|------> ... . ----+

      Phase / Explanation
      1. Before the critical action, the service requester asks, either
         implicitly or explicitly, to have evidence of the action be
      2. When the critical action occurs, evidence is generated by a
         process involving the potential repudiator and possibly also a
         trusted third party.
      3. The evidence is transferred to the requester, or stored by a
         third party, for later use if needed.
      4. The entity that holds the evidence tests to be sure that it
         will suffice if a dispute arises.
      5. The evidence is retained for possible future retrieval and use.
      6. In this phase, which occurs only if the critical action is
         repudiated, the evidence is retrieved from storage, presented,
         and verified to resolve the dispute.

   $ no-PIN ORA (NORA)
      (O) MISSI usage: An organizational RA that operates in a mode in
      which the ORA performs no card management functions and,
      therefore, does not require knowledge of either the SSO PIN or
      user PIN for an end user's FORTEZZA PC card.

   $ NORA
      See: no-PIN ORA.

   $ notarization
      (I) Registration of data under the authority or in the care of a
      trusted third party, thus making it possible to provide subsequent
      assurance of the accuracy of characteristics claimed for the data,
      such as content, origin, time, and delivery. [I7498 Part 2] (See:
      digital notary.)

Top      Up      ToC       Page 114 
   $ NULL encryption algorithm
      (I) An algorithm [R2410] that does nothing to transform plaintext
      data; i.e., a no-op. It originated because of IPsec ESP, which
      always specifies the use of an encryption algorithm to provide
      confidentiality. The NULL encryption algorithm is a convenient way
      to represent the option of not applying encryption in ESP (or in
      any other context where this is needed).

      (I) A key establishment protocol (proposed for IPsec but
      superseded by IKE) based on the Diffie-Hellman algorithm and
      designed to be a compatible component of ISAKMP. [R2412]

      (C) OAKLEY establishes a shared key with an assigned identifier
      and associated authenticated identities for parties. I.e., OAKLEY
      provides authentication service to ensure the entities of each
      other's identity, even if the Diffie-Hellman exchange is
      threatened by active wiretapping. Also, provides public-key
      forward secrecy for the shared key and supports key updates,
      incorporation of keys distributed by out-of-band mechanisms, and
      user-defined abstract group structures for use with Diffie-

   $ object
      (I) Trusted computer system modeling usage: A system element that
      contains or receives information. (See: Bell-LaPadula Model,
      trusted computer system.)

   $ object identifier (OID)
      (I) An official, globally unique name for a thing, written as a
      sequence of integers (which are formed and assigned as defined in
      the ASN.1 standard) and used to reference the thing in abstract
      specifications and during negotiation of security services in a

      (O) "A value (distinguishable from all other such values) which is
      associated with an object." [X680]

      (C) Objects named by OIDs are leaves of the object identifier tree
      (which is similar to but different from the X.500 Directory
      Information Tree). Each arc (i.e., each branch of the tree) is
      labeled with a non-negative integer. An OID is the sequence of
      integers on the path leading from the root of the tree to a named

      (C) The OID tree has three arcs immediately below the root: {0}
      for use by ITU-T, {1} for use by ISO, and {2} for use by both
      jointly. Below ITU-T are four arcs, where {0 0} is for ITU-T

Top      Up      ToC       Page 115 
      recommendations. Below {0 0} are 26 arcs, one for each series of
      recommendations starting with the letters A to Z, and below these
      are arcs for each recommendation. Thus, the OID for ITU-T
      Recommendation X.509 is {0 0 24 509}. Below ISO are four arcs,
      where {1 0 }is for ISO standards, and below these are arcs for
      each ISO standard. Thus, the OID for ISO/IEC 9594-8 (the ISO
      number for X.509) is {1 0 9594 8}.

      (C) The following are additional examples: ANSI registers
      organization names below the branch {joint-iso-ccitt(2)
      country(16) US(840) organization(1)}. The NIST CSOR records PKI
      objects below the branch {joint-iso-ccitt(2) country(16) us(840)
      gov(101) csor(3) pki(4)}. The U.S. Department of Defense registers
      INFOSEC objects below the branch {joint-iso-ccitt(2) country(16)
      us(840) organization(1) gov(101) dod(2) infosec(1)}. The OID for
      the PKIX private extension is defined in an arc below the arc for
      the PKIX name space, as {iso(1) identified-organization(3) dod(6)
      internet(1) security(5) mechanisms(5) pkix(7) 1 1}.

   $ object reuse
      (N) "The reassignment and reuse of a storage medium (e.g., page
      frame, disk sector, magnetic tape) that once contained one or more
      [information] objects. To be securely reused and assigned to a new
      subject, storage media must contain no residual data (magnetic
      remanence) from the object(s) previously contained in the media."

   $ OCSP
      See: On-line Certificate Status Protocol.

   $ octet
      (I) A data unit of eight bits. (See: byte.)

      (c) This term is used in networking (especially in OSI standards)
      in preference to "byte", because some systems use "byte" for data
      storage units of a size other than eight.

   $ OFB
      See: output feedback.

   $ ohnosecond
      (C) That minuscule fraction of time in which you realize that your
      private key has been compromised.

   $ OID
      See: object identifier.

Top      Up      ToC       Page 116 
   $ On-line Certificate Status Protocol (OCSP)
      (I) An Internet protocol used by a client to obtain from a server
      the validity status and other information concerning a digital

      (C) In some applications, such as those involving high-value
      commercial transactions, it may be necessary to obtain certificate
      revocation status that is more timely than is possible with CRLs
      or to obtain other kinds of status information. OCSP may be used
      to determine the current revocation status of a digital
      certificate, in lieu of or as a supplement to checking against a
      periodic CRL. An OCSP client issues a status request to an OCSP
      server and suspends acceptance of the certificate in question
      until the server provides a response.

   $ one-time pad
      (I) An encryption algorithm in which the key is a random sequence
      of symbols and each symbol is used for encryption only one time--
      to encrypt only one plaintext symbol to produce only one
      ciphertext symbol--and a copy of the key is used similarly for

      (C) To ensure one-time use, the copy of the key used for
      encryption is destroyed after use, as is the copy used for
      decryption. This is the only encryption algorithm that is truly
      unbreakable, even given unlimited resources for cryptanalysis
      [Schn], but key management costs and synchronization problems make
      it impractical except in special situations.

   $ one-time password
   $ One-Time Password (OTP)
      1. Not capitalized: A "one-time password" is a simple
      authentication technique in which each password is used only once
      as authentication information that verifies an identity. This
      technique counters the threat of a replay attack that uses
      passwords captured by wiretapping.

      2. Capitalized: "One-Time Password" is an Internet protocol
      [R1938] that is based on S/KEY and uses a cryptographic hash
      function to generate one-time passwords for use as authentication
      information in system login and in other processes that need
      protection against replay attacks.

   $ one-way encryption
      (I) Irreversible transformation of plaintext to ciphertext, such
      that the plaintext cannot be recovered from the ciphertext by
      other than exhaustive procedures even if the cryptographic key is
      known. (See: encryption.)

Top      Up      ToC       Page 117 
   $ one-way function
      (I) "A (mathematical) function, f, which is easy to compute, but
      which for a general value y in the range, it is computationally
      difficult to find a value x in the domain such that f(x) = y.
      There may be a few values of y for which finding x is not
      computationally difficult." [X509]

      (D) ISDs SHOULD NOT use this term as a synonym for "cryptographic

   $ open security environment
      (O) U.S. Department of Defense usage: A system environment that
      meets at least one of the following conditions: (a) Application
      developers (including maintainers) do not have sufficient
      clearance or authorization to provide an acceptable presumption
      that they have not introduced malicious logic. (b) Configuration
      control does not provide sufficient assurance that applications
      and the equipment are protected against the introduction of
      malicious logic prior to and during the operation of system
      applications. [NCS04] (See: closed security environment.)

   $ Open Systems Interconnection (OSI) Reference Model (OSIRM)
      (N) A joint ISO/ITU-T standard [I7498 Part 1] for a seven-layer,
      architectural communication framework for interconnection of
      computers in networks.

      (C) OSI-based standards include communication protocols that are
      mostly incompatible with the Internet Protocol Suite, but also
      include security models, such as X.509, that are used in the

      (C) The OSIRM layers, from highest to lowest, are (7) Application,
      (6) Presentation, (5) Session, (4) Transport, (3) Network, (2)
      Data Link, and (1) Physical. In this Glossary, these layers are
      referred to by number to avoid confusing them with Internet
      Protocol Suite layers, which are referred to by name.

      (C) Some unknown person described how the OSI layers correspond to
      the seven deadly sins:

      7. Wrath: Application is always angry at the mess it sees below
         itself. (Hey! Who is it to be pointing fingers?)
      6. Sloth: Presentation is too lazy to do anything productive by
      5. Lust: Session is always craving and demanding what truly
         belongs to Application's functionality.
      4. Avarice: Transport wants all of the end-to-end functionality.
         (Of course, it deserves it, but life isn't fair.)

Top      Up      ToC       Page 118 
      3. Gluttony: (Connection-Oriented) Network is overweight and
         overbearing after trying too often to eat Transport's lunch.
      2. Envy: Poor Data Link is always starved for attention. (With
         Asynchronous Transfer Mode, maybe now it is feeling less
      1. Pride: Physical has managed to avoid much of the controversy,
         and nearly all of the embarrassment, suffered by the others.

      (C) John G. Fletcher described how the OSI layers also correspond
      to Snow White's dwarf friends:

      7. Doc: Application acts as if it is in charge, but sometimes
         muddles its syntax.
      6. Sleepy: Presentation is indolent, being guilty of the sin of
      5. Dopey: Session is confused because its charter is not very
      4. Grumpy: Transport is irritated because Network has encroached
         on Transport's turf.
      3. Happy: Network smiles for the same reason that Transport is
      2. Sneezy: Data Link makes loud noises in the hope of attracting
      1. Bashful: Physical quietly does its work, unnoticed by the

   $ operational integrity
      (I) A synonym for "system integrity"; emphasizes the actual
      performance of system functions rather than just the ability to
      perform them.

   $ operations security (OPSEC)
      (I) A process to identify, control, and protect evidence of the
      planning and execution of sensitive activities and operations, and
      thereby prevent potential adversaries from gaining knowledge of
      capabilities and intentions.

   $ OPSEC
      See: operations security.

   $ ORA
      See: organizational registration authority.

   $ Orange Book
      (D) ISDs SHOULD NOT use this term as a synonym for "Trusted
      Computer System Evaluation Criteria" [CSC001, DOD1]. Instead, use

Top      Up      ToC       Page 119 
      the full, proper name of the document or, in subsequent
      references, the abbreviation "TCSEC". (See: (usage note under)
      Green Book.)

   $ organizational certificate
      (O) MISSI usage: A type of MISSI X.509 public-key certificate that
      is issued to support organizational message handling for the U.S.
      Government's Defense Message System.

   $ organizational registration authority (ORA)
      (I) General usage: An RA for an organization.

      (O) MISSI usage: The MISSI implementation of RA. A MISSI end
      entity that (a) assists a PCA, CA, or SCA to register other end
      entities, by gathering, verifying, and entering data and
      forwarding it to the signing authority and (b) may also assist
      with card management functions. An ORA is a local administrative
      authority, and the term refers both to the office or role, and to
      the person who fills that office. An ORA does not sign
      certificates, CRLs, or CKLs. (See: no-PIN ORA, SSO-PIN ORA, user-
      PIN ORA.)

   $ origin authentication
   $ origin authenticity
      (D) ISDs SHOULD NOT use these terms because they look like
      careless use of an internationally standardized term. Instead, use
      "data origin authentication" or "peer entity authentication",
      depending which is meant.

   $ OSI
   $ OSIRM
      See: Open Systems Interconnection Reference Model.

   $ OTP
      See: One-Time Password.

   $ out of band
      (I) Transfer of information using a channel that is outside (i.e.,
      separate from) the channel that is normally used. (See: covert

      (C) Out-of-band mechanisms are often used to distribute shared
      secrets (e.g., a symmetric key) or other sensitive information
      items (e.g., a root key) that are needed to initialize or
      otherwise enable the operation of cryptography or other security
      mechanisms. (See: key distribution.)

Next RFC Part