tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 2828


Internet Security Glossary

Part 5 of 8, p. 120 to 149
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 120 
   $ output feedback (OFB)
      (N) A block cipher mode [FP081] that modifies electronic codebook
      mode to operate on plaintext segments of variable length less than
      or equal to the block length.

      (C) This mode operates by directly using the algorithm's
      previously generated output block as the algorithm's next input
      block (i.e., by "feeding back" the output block) and combining
      (exclusive OR-ing) the output block with the next plaintext
      segment (of block length or less) to form the next ciphertext

   $ outside attack
   $ outsider attack
      See: (secondary definition under) attack.

   $ P1363
      See: IEEE P1363.

   $ PAA
      See: policy approving authority.

   $ packet filter
      See: (secondary definition under) filtering router.

   $ pagejacking
      (I) A contraction of "Web page hijacking". A masquerade attack in
      which the attacker copies (steals) a home page or other material
      from the target server, rehosts the page on a server the attacker
      controls, and causes the rehosted page to be indexed by the major
      Web search services, thereby diverting browsers from the target
      server to the attacker's server.

      (D) ISDs SHOULD NOT use this term without including a definition,
      because the term is not listed in most dictionaries and could
      confuse international readers. (See: (usage note under) Green

   $ PAN
      See: primary account number.

   $ PAP
      See: Password Authentication Protocol.

Top      Up      ToC       Page 121 
   $ partitioned security mode
      (N) A mode of operation of an information system, wherein all
      users have the clearance, but not necessarily formal access
      authorization and need-to-know, for all information handled by the
      system. This mode is defined in U.S. Department of Defense policy
      regarding system accreditation. [DoD2]

   $ passive attack
      See: (secondary definition under) attack.

   $ passive wiretapping
      See: (secondary definition under) wiretapping.

   $ password
      (I) A secret data value, usually a character string, that is used
      as authentication information. (See: challenge-response.)

      (C) A password is usually matched with a user identifier that is
      explicitly presented in the authentication process, but in some
      cases the identity may be implicit.

      (C) Using a password as authentication information assumes that
      the password is known only by the system entity whose identity is
      being authenticated. Therefore, in a network environment where
      wiretapping is possible, simple authentication that relies on
      transmission of static (i.e., repetitively used) passwords as
      cleartext is inadequate. (See: one-time password, strong

   $ Password Authentication Protocol (PAP)
      (I) A simple authentication mechanism in PPP. In PAP, a user
      identifier and password are transmitted in cleartext. [R1334]
      (See: CHAP.)

   $ password sniffing
      (I) Passive wiretapping, usually on a local area network, to gain
      knowledge of passwords. (See: (usage note under) sniffing.)

   $ path discovery
      (I) For a digital certificate, the process of finding a set of
      public-key certificates that comprise a certification path from a
      trusted key to that specific certificate.

   $ path validation
      (I) The process of validating (a) all of the digital certificates
      in a certification path and (b) the required relationships between
      those certificates, thus validating the contents of the last
      certificate on the path. (See: certificate validation.)

Top      Up      ToC       Page 122 
   $ payment card
      (N) SET usage: Collectively refers "to credit cards, debit cards,
      charge cards, and bank cards issued by a financial institution and
      which reflects a relationship between the cardholder and the
      financial institution." [SET2]

   $ payment gateway
      (O) SET usage: A system operated by an acquirer, or a third party
      designated by an acquirer, for the purpose of providing electronic
      commerce services to the merchants in support of the acquirer, and
      which interfaces to the acquirer to support the authorization,
      capture, and processing of merchant payment messages, including
      payment instructions from cardholders. [SET1, SET2]

   $ payment gateway certification authority (SET PCA)
      (O) SET usage: A CA that issues digital certificates to payment
      gateways and is operated on behalf of a payment card brand, an
      acquirer, or another party according to brand rules. A SET PCA
      issues a CRL for compromised payment gateway certificates. [SET2]
      (See: PCA.)

   $ PC card
      (N) A type of credit card-sized, plug-in peripheral device that
      was originally developed to provide memory expansion for portable
      computers, but is also used for other kinds of functional
      expansion. (See: FORTEZZA, PCMCIA.)

      (C) The international PC Card Standard defines a non-proprietary
      form factor in three standard sizes--Types I, II and III--each of
      which have a 68-pin interface between the card and the socket into
      which it plugs.  All three types have the same length and width,
      roughly the size of a credit card, but differ in their thickness
      from 3.3 to 10.5 mm. Examples include storage modules, modems,
      device interface adapters, and cryptographic modules.

   $ PCA
      (D) ISDs SHOULD NOT use this acronym without a qualifying
      adjective because that would be ambiguous. (See: Internet policy
      certification authority, (MISSI) policy creation authority, (SET)
      payment gateway certification authority.)

      (N) Personal Computer Memory Card International Association, a
      group of manufacturers, developers, and vendors, founded in 1989
      to standardize plug-in peripheral memory cards for personal
      computers and now extended to deal with any technology that works
      in the PC card form factor. (See: PC card.)

Top      Up      ToC       Page 123 
   $ peer entity authentication
      (I) "The corroboration that a peer entity in an association is the
      one claimed." [I7498 Part 2] (See: authentication.)

   $ peer entity authentication service
      (I) A security service that verifies an identity claimed by or for
      a system entity in an association. (See: authentication,
      authentication service.)

      (C) This service is used at the establishment of, or at times
      during, an association to confirm the identity of one entity to
      another, thus protecting against a masquerade by the first entity.
      However, unlike data origin authentication service, this service
      requires an association to exist between the two entities, and the
      corroboration provided by the service is valid only at the current
      time that the service is provided.

      (C) See: "relationship between data integrity service and
      authentication services" under data integrity service.

   $ PEM
      See: Privacy Enhanced Mail.

   $ penetration
      (I) Successful, repeatable, unauthorized access to a protected
      system resource. (See: attack, violation.)

   $ penetration test
      (I) A system test, often part of system certification, in which
      evaluators attempt to circumvent the security features of the
      system. [NCS04]

      (C) Penetration testing may be performed under various constraints
      and conditions. However, for a TCSEC evaluation, testers are
      assumed to have all system design and implementation
      documentation, including source code, manuals, and circuit
      diagrams, and to work under no greater constraints than those
      applied to ordinary users.

   $ perfect forward secrecy
      See: (discussion under) public-key forward secrecy.

   $ perimeter
      See: security perimeter.

Top      Up      ToC       Page 124 
   $ periods processing
      (I) A mode of system operation in which information of different
      sensitivities is processed at distinctly different times by the
      same system, with the system being properly purged or sanitized
      between periods. (See: color change.)

   $ permission
      (I) A synonym for "authorization", but "authorization" is
      preferred in the PKI context. (See: privilege.)

   $ personal identification number (PIN)
      (I) A character string used as a password to gain access to a
      system resource. (See: authentication information.)

      (C) Despite the words "identification" and "number", a PIN seldom
      serves as a user identifier, and a PIN's characters are not
      necessarily all numeric. A better name for this concept would have
      been "personal authentication system string (PASS)".

      (C) Retail banking applications commonly use 4-digit PINs.
      FORTEZZA PC card's use up to 12 characters for user or SSO PINs.

   $ personality
   $ personality label
      (O) MISSI usage: A set of MISSI X.509 public-key certificates that
      have the same subject DN, together with their associated private
      keys and usage specifications, that is stored on a FORTEZZA PC
      card to support a role played by the card's user.

      (C) When a card's user selects a personality to use in a FORTEZZA-
      aware application, the data determines behavior traits (the
      personality) of the application. A card's user may have multiple
      personalities on the card. Each has a "personality label", a user-
      friendly character string that applications can display to the
      user for selecting or changing the personality to be used. For
      example, a military user's card might contain three personalities:
      CHAIRMAN. Each personality includes one or more certificates of
      different types (such as DSA versus RSA), for different purposes
      (such as digital signature versus encryption), or with different

   $ personnel security
      (I) Procedures to ensure that persons who access a system have
      proper clearance, authorization, and need-to-know as required by
      the system's security policy.

Top      Up      ToC       Page 125 
   $ PGP(trademark)
      See: Pretty Good Privacy.

   $ Photuris
      (I) A UDP-based, key establishment protocol for session keys,
      designed for use with the IPsec protocols AH and ESP. Superseded
      by IKE.

   $ phreaking
      (I) A contraction of "telephone breaking". An attack on or
      penetration of a telephone system or, by extension, any other
      communication or information system. [Raym]

      (D) ISDs SHOULD NOT use this term because it is not listed in most
      dictionaries and could confuse international readers.

   $ physical security
      (I) Tangible means of preventing unauthorized physical access to a
      system. E.g., fences, walls, and other barriers; locks, safes, and
      vaults; dogs and armed guards; sensors and alarm bells. [FP031,

   $ piggyback attack
      (I) A form of active wiretapping in which the attacker gains
      access to a system via intervals of inactivity in another user's
      legitimate communication connection. Sometimes called a "between-
      the-lines" attack. (See: hijack attack, man-in-the-middle attack.)

   $ PIN
      See: personal identification number.

   $ ping of death
      (I) An attack that sends an improperly large ICMP [R0792] echo
      request packet (a "ping") with the intent of overflowing the input
      buffers of the destination machine and causing it to crash.

   $ ping sweep
      (I) An attack that sends ICMP [R0792] echo requests ("pings") to a
      range of IP addresses, with the goal of finding hosts that can be
      probed for vulnerabilities.

   $ PKCS
      See: Public-Key Cryptography Standards.

   $ PKCS #7
      (N) A standard [PKC07, R2315] from the PKCS series; defines a
      syntax for data that may have cryptography applied to it, such as
      for digital signatures and digital envelopes.

Top      Up      ToC       Page 126 
   $ PKCS #10
      (N) A standard [PKC10] from the PKCS series; defines a syntax for
      requests for public-key certificates. (See: certification

      (C) A PKCS #10 request contains a DN and a public key, and may
      contain other attributes, and is signed by the entity making the
      request. The request is sent to a CA, who converts it to an X.509
      public-key certificate (or some other form) and returns it,
      possibly in PKCS #7 format.

   $ PKCS #11
      (N) A standard [PKC11] from the PKCS series; defines a software
      CAPI called Cryptoki (pronounced "crypto-key"; short for
      "cryptographic token interface") for devices that hold
      cryptographic information and perform cryptographic functions.

   $ PKI
      See: public-key infrastructure.

   $ PKIX
      (I) (1.) A contraction of "Public-Key Infrastructure (X.509)", the
      name of the IETF working group that is specifying an architecture
      and set of protocols needed to support an X.509-based PKI for the
      Internet. (2.) A collective name for that architecture and set of

      (C) The goal of PKIX is to facilitate the use of X.509 public-key
      certificates in multiple Internet applications and to promote
      interoperability between different implementations that use those
      certificates. The resulting PKI is intended to provide a framework
      that supports a range of trust and hierarchy environments and a
      range of usage environments. PKIX specifies (a) profiles of the v3
      X.509 public-key certificate standards and the v2 X.509 CRL
      standards for the Internet; (b) operational protocols used by
      relying parties to obtain information such as certificates or
      certificate status; (c) management protocols used by system
      entities to exchange information needed for proper management of
      the PKI; and (d) information about certificate policies and CPSs,
      covering the areas of PKI security not directly addressed in the
      rest of PKIX.

   $ PKIX private extension
      (I) PKIX defines a private extension to identify an on-line
      verification service supporting the issuing CA.

Top      Up      ToC       Page 127 
   $ plaintext
      (I) Data that is input to and transformed by an encryption
      process, or that is output by a decryption process.

      (C) Usually, the plaintext input to an encryption operation is
      cleartext. But in some cases, the input is ciphertext that was
      output from another encryption operation. (See: superencryption.)

   $ Point-to-Point Protocol (PPP)
      (I) An Internet Standard protocol [R1661] for encapsulation and
      full-duplex transportation of network layer (mainly OSI layer 3)
      protocol data packets over a link between two peers, and for
      multiplexing different network layer protocols over the same link.
      Includes optional negotiation to select and use a peer entity
      authentication protocol to authenticate the peers to each other
      before they exchange network layer data. (See: CHAP, EAP, PAP.)

   $ Point-to-Point Tunneling Protocol (PPTP)
      (I) An Internet client-server protocol (originally developed by
      Ascend and Microsoft) that enables a dial-up user to create a
      virtual extension of the dial-up link across a network by
      tunneling PPP over IP. (See: L2TP.)

      (C) PPP can encapsulate any Internet Protocol Suite network layer
      protocol (or OSI layer 3 protocol). Therefore, PPTP does not
      specify security services; it depends on protocols above and below
      it to provide any needed security. PPTP makes it possible to
      divorce the location of the initial dial-up server (i.e., the PPTP
      Access Concentrator, the client, which runs on a special-purpose
      host) from the location at which the dial-up protocol (PPP)
      connection is terminated and access to the network is provided
      (i.e., the PPTP Network Server, which runs on a general-purpose

   $ policy
      (D) ISDs SHOULD NOT use this word as an abbreviation for either
      "security policy" or "certificate policy". Instead, to avoid
      misunderstanding, use the fully qualified term, at least at the
      point of first usage.

   $ policy approving authority (PAA)
      (O) MISSI usage: The top-level signing authority of a MISSI
      certification hierarchy. The term refers both to that
      authoritative office or role and to the person who plays that
      role. (See: root registry.)

Top      Up      ToC       Page 128 
      (C) A PAA registers MISSI PCAs and signs their X.509 public-key
      certificates. A PAA issues CRLs but does not issue a CKL. A PAA
      may issue cross-certificates to other PAAs.

   $ policy certification authority (Internet PCA)
      (I) An X.509-compliant CA at the second level of the Internet
      certification hierarchy, under the Internet Policy Registration
      Authority (IPRA). Each PCA operates in accordance with its
      published security policy (see: certification practice statement)
      and within constraints established by the IPRA for all PCAs.
      [R1422]. (See: policy creation authority.)

   $ policy creation authority (MISSI PCA)
      (O) MISSI usage: The second level of a MISSI certification
      hierarchy; the administrative root of a security policy domain of
      MISSI users and other, subsidiary authorities. The term refers
      both to that authoritative office or role and to the person who
      fills that office. (See: policy certification authority.)

      (C) A MISSI PCA's certificate is issued by a policy approving
      authority. The PCA registers the CAs in its domain, defines their
      configurations, and issues their X.509 public-key certificates.
      (The PCA may also issue certificates for SCAs, ORAs, and other end
      entities, but a PCA does not usually do this.) The PCA
      periodically issues CRLs and CKLs for its domain.

   $ Policy Management Authority
      (N) Canadian usage: An organization responsible for PKI oversight
      and policy management in the Government of Canada.

   $ policy mapping
      (I) "Recognizing that, when a CA in one domain certifies a CA in
      another domain, a particular certificate policy in the second
      domain may be considered by the authority of the first domain to
      be equivalent (but not necessarily identical in all respects) to a
      particular certificate policy in the first domain." [X509]

   $ POP3
      See: Post Office Protocol, version 3.

   $ POP3 APOP
      (I) A POP3 "command" (better described as a transaction type, or a
      protocol-within-a-protocol) by which a POP3 client optionally uses
      a keyed hash (based on MD5) to authenticate itself to a POP3
      server and, depending on the server implementation, to protect
      against replay attacks. (See: CRAM, POP3 AUTH, IMAP4

Top      Up      ToC       Page 129 
      (C) The server includes a unique timestamp in its greeting to the
      client. The subsequent APOP command sent by the client to the
      server contains the client's name and the hash result of applying
      MD5 to a string formed from both the timestamp and a shared secret
      that is known only to the client and the server. APOP was designed
      to provide as an alternative to using POP3's USER and PASS (i.e.,
      password) command pair, in which the client sends a cleartext
      password to the server.

   $ POP3 AUTH
      (I) A "command" [R1734] (better described as a transaction type,
      or a protocol-within-a-protocol) in POP3, by which a POP3 client
      optionally proposes a mechanism to a POP3 server to authenticate
      the client to the server and provide other security services.

      (C) If the server accepts the proposal, the command is followed by
      performing a challenge-response authentication protocol and,
      optionally, negotiating a protection mechanism for subsequent POP3
      interactions. The security mechanisms used by POP3 AUTH are those
      used by IMAP4.

   $ port scan
      (I) An attack that sends client requests to a range of server port
      addresses on a host, with the goal of finding an active port and
      exploiting a known vulnerability of that service.

   $ POSIX
      (N) Portable Operating System Interface for Computer Environments,
      a standard [FP151, IS9945-1] (originally IEEE Standard P1003.1)
      that defines an operating system interface and environment to
      support application portability at the source code level. It is
      intended to be used by both application developers and system

      (C) P1003.1 supports security functionality like those on most
      UNIX systems, including discretionary access control and
      privilege. IEEE Draft Standard P1003.6.1 specifies additional
      functionality not provided in the base standard, including (a)
      discretionary access control, (b) audit trail mechanisms, (c)
      privilege mechanisms, (d) mandatory access control, and (e)
      information label mechanisms.

   $ Post Office Protocol, version 3 (POP3)
      (I) An Internet Standard protocol [R1939] by which a client
      workstation can dynamically access a mailbox on a server host to
      retrieve mail messages that the server has received and is holding
      for the client. (See: IMAP4.)

Top      Up      ToC       Page 130 
      (C) POP3 has mechanisms for optionally authenticating a client to
      a server and providing other security services. (See: POP3 APOP,
      POP3 AUTH.)

   $ PPP
      See: Point-to-Point Protocol.

   $ PPTP
      See: Point-to-Point Tunneling Protocol.

   $ pre-authorization
      (I) A capability of a CAW that enables certification requests to
      be automatically validated against data provided in advance to the
      CA by an authorizing entity.

   $ Pretty Good Privacy(trademark) (PGP(trademark))
      (O) Trademarks of Network Associates, Inc., referring to a
      computer program (and related protocols) that uses cryptography to
      provide data security for electronic mail and other applications
      on the Internet. (See: MOSS, PEM, S/MIME.)

      (C) PGP encrypts messages with IDEA in CFB mode, distributes the
      IDEA keys by encrypting them with RSA, and creates digital
      signatures on messages with MD5 and RSA. To establish ownership of
      public keys, PGP depends on the web of trust. (See: Privacy
      Enhanced Mail.)

   $ primary account number (PAN)
      (O) SET usage: "The assigned number that identifies the card
      issuer and cardholder. This account number is composed of an
      issuer identification number, an individual account number
      identification, and an accompanying check digit as defined by ISO
      7812-1985." [SET2, IS7812] (See: bank identification number.)

      (C) The PAN is embossed, encoded, or both on a magnetic-strip-
      based credit card. The PAN identifies the issuer to which a
      transaction is to be routed and the account to which it is to be
      applied unless specific instructions indicate otherwise. The
      authority that assigns the bank identification number part of the
      PAN is the American Bankers Association.

   $ privacy
      (I) The right of an entity (normally a person), acting in its own
      behalf, to determine the degree to which it will interact with its
      environment, including the degree to which the entity is willing
      to share information about itself with others. (See: anonymity.)

Top      Up      ToC       Page 131 
      (O) "The right of individuals to control or influence what
      information related to them may be collected and stored and by
      whom and to whom that information may be disclosed." [I7498 Part

      (D) ISDs SHOULD NOT use this term as a synonym for "data
      confidentiality" or "data confidentiality service", which are
      different concepts. Privacy is a reason for security rather than a
      kind of security. For example, a system that stores personal data
      needs to protect the data to prevent harm, embarrassment,
      inconvenience, or unfairness to any person about whom data is
      maintained, and to protect the person's privacy. For that reason,
      the system may need to provide data confidentiality service.

   $ Privacy Enhanced Mail (PEM)
      (I) An Internet protocol to provide data confidentiality, data
      integrity, and data origin authentication for electronic mail.
      [R1421, R1422]. (See: MOSS, MSP, PGP, S/MIME.)

      (C) PEM encrypts messages with DES in CBC mode, provides key
      distribution of DES keys by encrypting them with RSA, and signs
      messages with RSA over either MD2 or MD5. To establish ownership
      of public keys, PEM uses a certification hierarchy, with X.509
      public-key certificates and X.509 CRLs that are signed with RSA
      and MD2. (See: Pretty Good Privacy.)

      (C) PEM is designed to be compatible with a wide range of key
      management methods, but is limited to specifying security services
      only for text messages and, like MOSS, has not been widely
      implemented in the Internet.

   $ private component
      (I) A synonym for "private key".

      (D) In most cases, ISDs SHOULD NOT use this term; to avoid
      confusing readers, use "private key" instead. However, the term
      MAY be used when specifically discussing a key pair; e.g., "A key
      pair has a public component and a private component."

   $ private extension
      See: (secondary definition under) extension.

   $ private key
      (I) The secret component of a pair of cryptographic keys used for
      asymmetric cryptography. (See: key pair, public key.)

      (O) "(In a public key cryptosystem) that key of a user's key pair
      which is known only by that user." [X509]

Top      Up      ToC       Page 132 
   $ privilege
      (I) An authorization or set of authorizations to perform security-
      relevant functions, especially in the context of a computer
      operating system.

   $ privilege management infrastructure
      (N) "The complete set of processes required to provide an
      authorization service", i.e., processes concerned with attribute
      certificates. [FPDAM] (See: PKI.)

      (D) ISDs SHOULD NOT use this term and its definition because the
      definition is vague, and there is no consensus on an alternate

   $ privileged process
      (I) An computer process that is authorized (and, therefore,
      trusted) to perform some security-relevant functions that ordinary
      processes are not. (See: privilege, trusted process.)

   $ procedural security
      (D) ISDs SHOULD NOT use this term as a synonym for "administrative
      security". Any type of security may involve procedures; therefore,
      the term may be misleading. Instead, use "administrative
      security", "communication security", "computer security",
      "emanations security", "personnel security", "physical security",
      or whatever specific type is meant. (See: security architecture.)

   $ proprietary
      (I) Refers to information (or other property) that is owned by an
      individual or organization and for which the use is restricted by
      that entity.

   $ protected checksum
      (I) A checksum that is computed for a data object by means that
      protect against active attacks that would attempt to change the
      checksum to make it match changes made to the data object. (See:
      digital signature, keyed hash, (discussion under) checksum.

   $ protected distribution system
      (I) A wireline or fiber-optic system that includes sufficient
      safeguards (acoustic, electric, electromagnetic, and physical) to
      permit its use for unencrypted transmission of (cleartext) data.

   $ protection authority
      See: (secondary definition under) Internet Protocol Security

Top      Up      ToC       Page 133 
   $ protection ring
      (I) One of a hierarchy of privileged operation modes of a system
      that gives certain access rights to processes authorized to
      operate in that mode.

   $ protocol
      (I) A set of rules (i.e., formats and procedures) to implement and
      control some type of association (e.g., communication) between
      systems. (E.g., see: Internet Protocol.)

      (C) In particular, a series of ordered steps involving computing
      and communication that are performed by two or more system
      entities to achieve a joint objective. [A9042]

   $ protocol suite
      (I) A complementary collection of communication protocols used in
      a computer network. (See: Internet, OSI.)

   $ proxy server
      (I) A computer process--often used as, or as part of, a firewall--
      that relays a protocol between client and server computer systems,
      by appearing to the client to be the server and appearing to the
      server to be the client. (See: SOCKS.)

      (C) In a firewall, a proxy server usually runs on a bastion host,
      which may support proxies for several protocols (e.g., FTP, HTTP,
      and TELNET). Instead of a client in the protected enclave
      connecting directly to an external server, the internal client
      connects to the proxy server which in turn connects to the
      external server. The proxy server waits for a request from inside
      the firewall, forwards the request to the remote server outside
      the firewall, gets the response, then sends the response back to
      the client. The proxy may be transparent to the clients, or they
      may need to connect first to the proxy server, and then use that
      association to also initiate a connection to the real server.

      (C) Proxies are generally preferred over SOCKS for their ability
      to perform caching, high-level logging, and access control. A
      proxy can provide security service beyond that which is normally
      part of the relayed protocol, such as access control based on peer
      entity authentication of clients, or peer entity authentication of
      servers when clients do not have that capability. A proxy at OSI
      layer 7 can also provide finer-grained security service than can a
      filtering router at OSI layer 3. For example, an FTP proxy could
      permit transfers out of, but not into, a protected network.

Top      Up      ToC       Page 134 
   $ pseudo-random
      (I) A sequence of values that appears to be random (i.e.,
      unpredictable) but is actually generated by a deterministic
      algorithm. (See: random.)

   $ pseudo-random number generator
      (I) A process used to deterministically generate a series of
      numbers (usually integers) that appear to be random according to
      certain statistical tests, but actually are pseudo-random.

      (C) Pseudo-random number generators are usually implemented in

   $ public component
      (I) A synonym for "public key".

      (D) In most cases, ISDs SHOULD NOT use this term; to avoid
      confusing readers, use "private key" instead. However, the term
      MAY be used when specifically discussing a key pair; e.g., "A key
      pair has a public component and a private component."

   $ public key
      (I) The publicly-disclosable component of a pair of cryptographic
      keys used for asymmetric cryptography. (See: key pair, private

      (O) "(In a public key cryptosystem) that key of a user's key pair
      which is publicly known." [X509]

   $ public-key certificate
      (I) A digital certificate that binds a system entity's identity to
      a public key value, and possibly to additional data items; a
      digitally-signed data structure that attests to the ownership of a
      public key. (See: X.509 public-key certificate.)

      (C) The digital signature on a public-key certificate is
      unforgeable. Thus, the certificate can be published, such as by
      posting it in a directory, without the directory having to protect
      the certificate's data integrity.

      (O) "The public key of a user, together with some other
      information, rendered unforgeable by encipherment with the private
      key of the certification authority which issued it." [X509]

   $ public-key cryptography
      (I) The popular synonym for "asymmetric cryptography".

Top      Up      ToC       Page 135 
   $ Public-Key Cryptography Standards (PKCS)
      (I) A series of specifications published by RSA Laboratories for
      data structures and algorithm usage for basic applications of
      asymmetric cryptography. (See: PKCS #7, PKCS #10, PKCS #11.)

      (C) The PKCS were begun in 1991 in cooperation with industry and
      academia, originally including Apple, Digital, Lotus, Microsoft,
      Northern Telecom, Sun, and MIT. Today, the specifications are
      widely used, but they are not sanctioned by an official standards
      organization, such as ANSI, ITU-T, or IETF. RSA Laboratories
      retains sole decision-making authority over the PKCS.

   $ public-key forward secrecy (PFS)
      (I) For a key agreement protocol based on asymmetric cryptography,
      the property that ensures that a session key derived from a set of
      long-term public and private keys will not be compromised if one
      of the private keys is compromised in the future.

      (C) Some existing RFCs use the term "perfect forward secrecy" but
      either do not define it or do not define it precisely. While
      preparing this Glossary, we tried to find a good definition for
      that term, but found this to be a muddled area. Experts did not
      agree. For all practical purposes, the literature defines "perfect
      forward secrecy" by stating the Diffie-Hellman algorithm. The term
      "public-key forward secrecy" (suggested by Hilarie Orman) and the
      "I" definition stated for it here were crafted to be compatible
      with current Internet documents, yet be narrow and leave room for
      improved terminology.

      (C) Challenge to the Internet security community: We need a
      taxonomy--a family of mutually exclusive and collectively
      exhaustive terms and definitions to cover the basic properties
      discussed here--for the full range of cryptographic algorithms and
      protocols used in Internet Standards:

      (C) Involvement of session keys vs. long-term keys: Experts
      disagree about the basic ideas involved.

       - One concept of "forward secrecy" is that, given observations of
      the operation of a key establishment protocol up to time t, and
      given some of the session keys derived from those protocol runs,
      you cannot derive unknown past session keys or future session

       - A related property is that, given observations of the protocol
      and knowledge of the derived session keys, you cannot derive one
      or more of the long-term private keys.

Top      Up      ToC       Page 136 
       - The "I" definition presented above involves a third concept of
      "forward secrecy" that refers to the effect of the compromise of
      long-term keys.

       - All three concepts involve the idea that a compromise of "this"
      encryption key is not supposed to compromise the "next" one. There
      also is the idea that compromise of a single key will compromise
      only the data protected by the single key. In Internet literature,
      the focus has been on protection against decryption of back
      traffic in the event of a compromise of secret key material held
      by one or both parties to a communication.

      (C) Forward vs. backward: Experts are unhappy with the word
      "forward", because compromise of "this" encryption key also is not
      supposed to compromise the "previous" one, which is "backward"
      rather than forward. In S/KEY, if the key used at time t is
      compromised, then all keys used prior to that are compromised. If
      the "long-term" key (i.e., the base of the hashing scheme) is
      compromised, then all keys past and future are compromised; thus,
      you could say that S/KEY has neither forward nor backward secrecy.

      (C) Asymmetric cryptography vs. symmetric: Experts disagree about
      forward secrecy in the context of symmetric cryptographic systems.
      In the absence of asymmetric cryptography, compromise of any long-
      term key seems to compromise any session key derived from the
      long-term key. For example, Kerberos isn't forward secret, because
      compromising a client's password (thus compromising the key shared
      by the client and the authentication server) compromises future
      session keys shared by the client and the ticket-granting server.

      (C) Ordinary forward secrecy vs. "perfect" forward secret: Experts
      disagree about the difference between these two. Some say there is
      no difference, and some say that the initial naming was
      unfortunate and suggest dropping the word "perfect". Some suggest
      using "forward secrecy" for the case where one long-term private
      key is compromised, and adding "perfect" for when both private
      keys (or, when the protocol is multi-party, all private keys) are

      (C) Acknowledgements: Bill Burr, Burt Kaliski, Steve Kent, Paul
      Van Oorschot, Michael Wiener, and, especially, Hilarie Orman
      contributed ideas to this discussion.

   $ public-key infrastructure (PKI)
      (I) A system of CAs (and, optionally, RAs and other supporting
      servers and agents) that perform some set of certificate
      management, archive management, key management, and token

Top      Up      ToC       Page 137 
      management functions for a community of users in an application of
      asymmetric cryptography. (See: hierarchical PKI, mesh PKI,
      security management infrastructure, trust-file PKI.)

      (O) PKIX usage: The set of hardware, software, people, policies,
      and procedures needed to create, manage, store, distribute, and
      revoke digital certificates based on asymmetric cryptography.

      (C) The core PKI functions are (a) to register users and issue
      their public-key certificates, (b) to revoke certificates when
      required, and (c) to archive data needed to validate certificates
      at a much later time. Key pairs for data confidentiality may be
      generated (and perhaps escrowed) by CAs or RAs, but requiring a
      PKI client to generate its own digital signature key pair helps
      maintain system integrity of the cryptographic system, because
      then only the client ever possesses the private key it uses. Also,
      an authority may be established to approve or coordinate CPSs,
      which are security policies under which components of a PKI

      (C) A number of other servers and agents may support the core PKI,
      and PKI clients may obtain services from them. The full range of
      such services is not yet fully understood and is evolving, but
      supporting roles may include archive agent, certified delivery
      agent, confirmation agent, digital notary, directory, key escrow
      agent, key generation agent, naming agent who ensures that issuers
      and subjects have unique identifiers within the PKI, repository,
      ticket-granting agent, and time stamp agent.

   $ RA
      See: registration authority.

   $ RA domains
      (I) A capability of a CAW that allows a CA to divide the
      responsibility for certification requests among multiple RAs.

      (C) This capability might be used to restrict access to private
      authorization data that is provided with a certification request,
      and to distribute the responsibility to review and approve
      certification requests in high volume environments. RA domains
      might segregate certification requests according to an attribute
      of the certificate subject, such as an organizational unit.

      See: Remote Authentication Dial-In User Service.

Top      Up      ToC       Page 138 
   $ Rainbow Series
      (O) A set of more than 30 technical and policy documents with
      colored covers, issued by the NCSC, that discuss in detail the
      TCSEC and provide guidance for meeting and applying the criteria.
      (See: Green Book, Orange Book, Red Book, Yellow Book.)

   $ random
      (I) General usage: In mathematics, random means "unpredictable". A
      sequence of values is called random if each successive value is
      obtained merely by chance and does not depend on the preceding
      values of the sequence, and a selected individual value is called
      random if each of the values in the total population of
      possibilities has equal probability of being selected. [Knuth]
      (See: cryptographic key, pseudo-random, random number generator.)

      (I) Security usage: In cryptography and other security
      applications, random means not only unpredictable, but also
      "unguessable". When selecting data values to use for cryptographic
      keys, "the requirement is for data that an adversary has a very
      low probability of guessing or determining." It is not sufficient
      to use data that "only meets traditional statistical tests for
      randomness or which is based on limited range sources, such as
      clocks. Frequently such random quantities are determinable [i.e.,
      guessable] by an adversary searching through an embarrassingly
      small space of possibilities." [R1750]

   $ random number generator
      (I) A process used to generate an unpredictable, uniformly
      distributed series of numbers (usually integers). (See: pseudo-
      random, random.)

      (C) True random number generators are hardware-based devices that
      depend on the output of a "noisy diode" or other physical
      phenomena. [R1750]

   $ RBAC
      See: Role-Based Access Control.

   $ RC2
   $ RC4
      See: Rivest Cipher #2, Rivest Cipher #4.

   $ realm
      (O) Kerberos usage: The domain of authority of a Kerberos server
      (consisting of an authentication server and a ticket-granting
      server), including the Kerberized clients and the Kerberized
      application servers

Top      Up      ToC       Page 139 
   $ RED
      (I) Designation for information system equipment or facilities
      that handle (and for data that contains) only plaintext (or,
      depending on the context, classified information), and for such
      data itself. This term derives from U.S. Government COMSEC
      terminology. (See: BLACK, RED/BLACK separation.)

   $ Red Book
      (D) ISDs SHOULD NOT use this term as a synonym for "Trusted
      Network Interpretation of the Trusted Computer System Evaluation
      Criteria" [NCS05]. Instead, use the full proper name of the
      document or, in subsequent references, a more conventional
      abbreviation. (See: TCSEC, Rainbow Series, (usage note under)
      Green Book.)

   $ RED/BLACK separation
      (I) An architectural concept for cryptographic systems that
      strictly separates the parts of a system that handle plaintext
      (i.e., RED information) from the parts that handle ciphertext
      (i.e., BLACK information). This term derives from U.S. Government
      COMSEC terminology. (See: BLACK, RED.)

   $ reference monitor
      (I) "An access control concept that refers to an abstract machine
      that mediates all accesses to objects by subjects." [NCS04] (See:
      security kernel.)

      (C) A reference monitor should be (a) complete (i.e., it mediates
      every access), (b) isolated (i.e., it cannot be modified by other
      system entities), and (c) verifiable (i.e., small enough to be
      subjected to analysis and tests to ensure that it is correct).

   $ reflection attack
      (I) A type of replay attack in which transmitted data is sent back
      to its originator.

   $ register
   $ registration
      (I) An administrative act or process whereby an entity's name and
      other attributes are established for the first time at a CA, prior
      to the CA issuing a digital certificate that has the entity's name
      as the subject. (See: registration authority.)

      (C) Registration may be accomplished either directly, by the CA,
      or indirectly, by a separate RA. An entity is presented to the CA
      or RA, and the authority either records the name(s) claimed for
      the entity or assigns the entity's name(s). The authority also
      determines and records other attributes of the entity that are to

Top      Up      ToC       Page 140 
      be bound in a certificate (such as a public key or authorizations)
      or maintained in the authority's database (such as street address
      and telephone number). The authority is responsible, possibly
      assisted by an RA, for authenticating the entity's identity and
      verifying the correctness of the other attributes, in accordance
      with the CA's CPS.

      (C) Among the registration issues that a CPS may address are the
      following [R2527]:

       - How a claimed identity and other attributes are verified.
       - How organization affiliation or representation is verified.
       - What forms of names are permitted, such as X.500 DN, domain
         name, or IP address.
       - Whether names are required to be meaningful or unique, and
         within what domain.
       - How naming disputes are resolved, including the role of
       - Whether certificates are issued to entities that are not
       - Whether a person is required to appear before the CA or RA, or
         can instead be represented by an agent.
       - Whether and how an entity proves possession of the private key
         matching a public key.

   $ registration authority (RA)
      (I) An optional PKI entity (separate from the CAs) that does not
      sign either digital certificates or CRLs but has responsibility
      for recording or verifying some or all of the information
      (particularly the identities of subjects) needed by a CA to issue
      certificates and CRLs and to perform other certificate management
      functions. (See: organizational registration authority,

      (C) Sometimes, a CA may perform all certificate management
      functions for all end users for which the CA signs certificates.
      Other times, such as in a large or geographically dispersed
      community, it may be necessary or desirable to offload secondary
      CA functions and delegate them to an assistant, while the CA
      retains the primary functions (signing certificates and CRLs). The
      tasks that are delegated to an RA by a CA may include personal
      authentication, name assignment, token distribution, revocation
      reporting, key generation, and archiving. An RA is an optional PKI
      component, separate from the CA, that is assigned secondary
      functions. The duties assigned to RAs vary from case to case but
      may include the following:

Top      Up      ToC       Page 141 
       - Verifying a subject's identity, i.e., performing personal
         authentication functions.
       - Assigning a name to a subject. (See: distinguished name.)
       - Verifying that a subject is entitled to have the attributes
         requested for a certificate.
       - Verifying that a subject possesses the private key that matches
         the public key requested for a certificate.
       - Performing functions beyond mere registration, such as
         generating key pairs, distributing tokens, and handling
         revocation reports. (Such functions may be assigned to a PKI
         element that is separate from both the CA and the RA.)

      (I) PKIX usage: An optional PKI component, separate from the
      CA(s). The functions that the RA performs will vary from case to
      case but may include identity authentication and name assignment,
      key generation and archiving of key pairs, token distribution, and
      revocation reporting. [R2510]

      (O) SET usage: "An independent third-party organization that
      processes payment card applications for multiple payment card
      brands and forwards applications to the appropriate financial
      institutions." [SET2]

   $ regrade
      (I) Deliberately change the classification level of information in
      an authorized manner.

   $ rekey
      (I) Change the value of a cryptographic key that is being used in
      an application of a cryptographic system. (See: certificate

      (C) For example, rekey is required at the end of a cryptoperiod or
      key lifetime.

   $ reliability
      (I) The ability of a system to perform a required function under
      stated conditions for a specified period of time. (See:
      availability, survivability.)

   $ relying party
      (N) A synonym for "certificate user". Used in a legal context to
      mean a recipient of a certificate who acts in reliance on that
      certificate. (See: ABA Guidelines.)

   $ Remote Authentication Dial-In User Service (RADIUS)
      (I) An Internet protocol [R2138] for carrying dial-in users'
      authentication information and configuration information between a

Top      Up      ToC       Page 142 
      shared, centralized authentication server (the RADIUS server) and
      a network access server (the RADIUS client) that needs to
      authenticate the users of its network access ports. (See: TACACS.)

      (C) A user of the RADIUS client presents authentication
      information to the client, and the client passes that information
      to the RADIUS server. The server authenticates the client using a
      shared secret value, then checks the user's authentication
      information, and finally returns to the client all authorization
      and configuration information needed by the client to deliver
      service to the user.

   $ renew
      See: certificate renewal.

   $ replay attack
      (I) An attack in which a valid data transmission is maliciously or
      fraudulently repeated, either by the originator or by an adversary
      who intercepts the data and retransmits it, possibly as part of a
      masquerade attack. (See: active wiretapping.)

   $ repository
      (I) A system for storing and distributing digital certificates and
      related information (including CRLs, CPSs, and certificate
      policies) to certificate users. (See: directory.)

      (O) "A trustworthy system for storing and retrieving certificates
      or other information relevant to certificates." [ABA]

      (C) A certificate is published to those who might need it by
      putting it in a repository. The repository usually is a publicly
      accessible, on-line server. In the Federal Public-key
      Infrastructure, for example, the expected repository is a
      directory that uses LDAP, but also may be the X.500 Directory that
      uses DAP, or an HTTP server, or an FTP server that permits
      anonymous login.

   $ repudiation
      (I) Denial by a system entity that was involved in an association
      (especially an association that transfers information) of having
      participated in the relationship. (See: accountability, non-
      repudiation service.)

      (O) "Denial by one of the entities involved in a communication of
      having participated in all or part of the communication." [I7498
      Part 2]

Top      Up      ToC       Page 143 
   $ Request for Comment (RFC)
      (I) One of the documents in the archival series that is the
      official channel for ISDs and other publications of the Internet
      Engineering Steering Group, the Internet Architecture Board, and
      the Internet community in general. [R2026, R2223] (See: Internet

      (C) This term is *not* a synonym for "Internet Standard".

   $ residual risk
      (I) The risk that remains after countermeasures have been applied.

   $ restore
      See: card restore.

   $ revocation
      See: certificate revocation.

   $ revocation date
      (N) In an X.509 CRL entry, a date-time field that states when the
      certificate revocation occurred, i.e., when the CA declared the
      digital certificate to be invalid. (See: invalidity date.)

      (C) The revocation date may not resolve some disputes because, in
      the worst case, all signatures made during the validity period of
      the certificate may have to be considered invalid. However, it may
      be desirable to treat a digital signature as valid even though the
      private key used to sign was compromised after the signing. If
      more is known about when the compromise actually occurred, a
      second date-time, an "invalidity date", can be included in an
      extension of the CRL entry.

   $ revocation list
      See: certificate revocation list.

   $ revoke
      See: certificate revocation.

   $ RFC
      See: Request for Comment.

   $ risk
      (I) An expectation of loss expressed as the probability that a
      particular threat will exploit a particular vulnerability with a
      particular harmful result.

Top      Up      ToC       Page 144 
      (O) SET usage: "The possibility of loss because of one or more
      threats to information (not to be confused with financial or
      business risk)." [SET2]

   $ risk analysis
   $ risk assessment
      (I) A process that systematically identifies valuable system
      resources and threats to those resources, quantifies loss
      exposures (i.e., loss potential) based on estimated frequencies
      and costs of occurrence, and (optionally) recommends how to
      allocate resources to countermeasures so as to minimize total

      (C) The analysis lists risks in order of cost and criticality,
      thereby determining where countermeasures should be applied first.
      It is usually financially and technically infeasible to counteract
      all aspects of risk, and so some residual risk will remain, even
      after all available countermeasures have been deployed. [FP031,

   $ risk management
      (I) The process of identifying, controlling, and eliminating or
      minimizing uncertain events that may affect system resources.
      (See: risk analysis.)

   $ Rivest Cipher #2 (RC2)
      (N) A proprietary, variable-key-length block cipher invented by
      Ron Rivest for RSA Data Security, Inc. (now a wholly-owned
      subsidiary of Security Dynamics, Inc.).

   $ Rivest Cipher #4 (RC4)
      (N) A proprietary, variable-key-length stream cipher invented by
      Ron Rivest for RSA Data Security, Inc. (now a wholly-owned
      subsidiary of Security Dynamics, Inc.).

   $ Rivest-Shamir-Adleman (RSA)
      (N) An algorithm for asymmetric cryptography, invented in 1977 by
      Ron Rivest, Adi Shamir, and Leonard Adleman [RSA78, Schn].

      (C) RSA uses exponentiation modulo the product of two large prime
      numbers. The difficulty of breaking RSA is believed to be
      equivalent to the difficulty of factoring integers that are the
      product of two large prime numbers of approximately equal size.

      (C) To create an RSA key pair, randomly choose two large prime
      numbers, p and q, and compute the modulus, n = pq. Randomly choose
      a number e, the public exponent, that is less than n and
      relatively prime to (p-1)(q-1). Choose another number d, the

Top      Up      ToC       Page 145 
      private exponent, such that ed-1 evenly divides (p-1)(q-1). The
      public key is the set of numbers (n,e), and the private key is the
      set (n,d).

      (C) It is assumed to be difficult to compute the private key (n,d)
      from the public key (n,e). However, if n can be factored into p
      and q, then the private key d can be computed easily. Thus, RSA
      security depends on the assumption that it is computationally
      difficult to factor a number that is the product of two large
      prime numbers. (Of course, p and q are treated as part of the
      private key, or else destroyed after computing n.)

      (C) For encryption of a message, m, to be sent to Bob, Alice uses
      Bob's public key (n,e) to compute m**e (mod n) = c. She sends c to
      Bob. Bob computes c**d (mod n) = m. Only Bob knows d, so only Bob
      can compute c**d (mod n) = m to recover m.

      (C) To provide data origin authentication of a message, m, to be
      sent to Bob, Alice computes m**d (mod n) = s, where (d,n) is
      Alice's private key. She sends m and s to Bob. To recover the
      message that only Alice could have sent, Bob computes s**e (mod n)
      = m, where (e,n) is Alice's public key.

      (C) To ensure data integrity in addition to data origin
      authentication requires extra computation steps in which Alice and
      Bob use a cryptographic hash function h (as explained for digital
      signature). Alice computes the hash value h(m) = v, and then
      encrypts v with her private key to get s. She sends m and s. Bob
      receives m' and s', either of which might have been changed from
      the m and s that Alice sent. To test this, he decrypts s' with
      Alice's public key to get v'. He then computes h(m') = v". If v'
      equals v", Bob is assured that m' is the same m that Alice sent.

   $ role-based access control (RBAC)
      (I) A form of identity-based access control where the system
      entities that are identified and controlled are functional
      positions in an organization or process.

   $ root
      (I) A CA that is directly trusted by an end entity. Acquiring the
      value of a root CA's public key involves an out-of-band procedure.

      (I) Hierarchical PKI usage: The CA that is the highest level (most
      trusted) CA in a certification hierarchy; i.e., the authority upon
      whose public key all certificate users base their trust. (See: top

Top      Up      ToC       Page 146 
      (C) In a hierarchical PKI, a root issues public-key certificates
      to one or more additional CAs that form the second highest level.
      Each of these CAs may issue certificates to more CAs at the third
      highest level, and so on. To initialize operation of a
      hierarchical PKI, the root's initial public key is securely
      distributed to all certificate users in a way that does not depend
      on the PKI's certification relationships. The root's public key
      may be distributed simply as a numerical value, but typically is
      distributed in a self-signed certificate in which the root is the
      subject. The root's certificate is signed by the root itself
      because there is no higher authority in a certification hierarchy.
      The root's certificate is then the first certificate in every
      certification path.

      (O) MISSI usage: A name previously used for a MISSI policy
      creation authority, which is not a root as defined above for
      general usage, but is a CA at the second level of the MISSI
      hierarchy, immediately subordinate to a MISSI policy approving

      (O) UNIX usage: A user account (also called "superuser") that has
      all privileges (including all security-related privileges) and
      thus can manage the system and its other user accounts.

   $ root certificate
      (I) A certificate for which the subject is a root.

      (I) Hierarchical PKI usage: The self-signed public-key certificate
      at the top of a certification hierarchy.

   $ root key
      (I) A public key for which the matching private key is held by a

   $ root registry
      (O) MISSI usage: A name previously used for a MISSI policy
      approving authority.

   $ router
      (I) A computer that is a gateway between two networks at OSI layer
      3 and that relays and directs data packets through that
      internetwork. The most common form of router operates on IP
      packets. (See: bridge.)

      (I) Internet usage: In the context of the Internet protocol suite,
      a networked computer that forwards Internet Protocol packets that
      are not addressed to the computer itself. (See: host.)

Top      Up      ToC       Page 147 
   $ RSA
      See: Rivest-Shamir-Adleman.

   $ rule-based security policy
      (I) "A security policy based on global rules imposed for all
      users. These rules usually rely on comparison of the sensitivity
      of the resource being accessed and the possession of corresponding
      attributes of users, a group of users, or entities acting on
      behalf of users." [I7498 Part 2] (See: identity-based security

   $ safety
      (I) The property of a system being free from risk of causing harm
      to system entities and outside entities.

   $ SAID
      See: security association identifier.

   $ salt
      (I) A random value that is concatenated with a password before
      applying the one-way encryption function used to protect passwords
      that are stored in the database of an access control system. (See:
      initialization value.)

      (C) Salt protects a password-based access control system against a
      dictionary attack.

   $ sanitize
      (I) Delete sensitive data from a file, a device, or a system; or
      modify data so as to be able to downgrade its classification

   $ SASL
      See: Simple Authentication and Security Layer.

   $ SCA
      See: subordinate certification authority.

   $ scavenging
      See: (secondary definition under) threat consequence.

   $ screening router
      (I) A synonym for "filtering router".

   $ SDE
      See: Secure Data Exchange.

Top      Up      ToC       Page 148 
   $ SDNS
      See: Secure Data Network System.

   $ seal
      (O) To use cryptography to provide data integrity service for a
      data object. (See: sign, wrap.)

      (D) ISDs SHOULD NOT use this definition; instead, use language
      that is more specific with regard to the mechanism(s) used, such
      as "sign" when the mechanism is digital signature.

   $ secret
      (I) (1.) Adjective: The condition of information being protected
      from being known by any system entities except those who are
      intended to know it. (2.) Noun: An item of information that is
      protected thusly.

      (C) This term applies to symmetric keys, private keys, and

   $ secret-key cryptography
      (I) A synonym for "symmetric cryptography".

   $ Secure Data Exchange (SDE)
      (N) A local area network security protocol defined by the IEEE
      802.10 standard.

   $ Secure Data Network System (SDNS)
      (N) An NSA program that developed security protocols for
      electronic mail (Message Security Protocol), OSI layer 3 (SP3),
      OSI layer 4 (SP4), and key management (KMP).

   $ Secure Hash Standard (SHS)
      (N) The U.S. Government standard [FP180] that specifies the Secure
      Hash Algorithm (SHA-1), a cryptographic hash function that
      produces a 160-bit output (hash result) for input data of any
      length < 2**64 bits.

   $ Secure Hypertext Transfer Protocol (Secure-HTTP, S-HTTP)
      (I) A Internet protocol for providing client-server security
      services for HTTP communications. (See: https.)

      (C) S-HTTP was originally specified by CommerceNet, a coalition of
      businesses interested in developing the Internet for commercial
      uses. Several message formats may be incorporated into S-HTTP
      clients and servers, particularly CMS and MOSS. S-HTTP supports
      choice of security policies, key management mechanisms, and
      cryptographic algorithms through option negotiation between

Top      Up      ToC       Page 149 
      parties for each transaction. S-HTTP supports both asymmetric and
      symmetric key operation modes. S-HTTP attempts to avoid presuming
      a particular trust model, but it attempts to facilitate multiply-
      rooted hierarchical trust and anticipates that principals may have
      many public key certificates.

   $ Secure/MIME (S/MIME)
      (I) Secure/Multipurpose Internet Mail Extensions, an Internet
      protocol [R2633] to provide encryption and digital signatures for
      Internet mail messages.

   $ Secure Sockets Layer (SSL)
      (N) An Internet protocol (originally developed by Netscape
      Communications, Inc.) that uses connection-oriented end-to-end
      encryption to provide data confidentiality service and data
      integrity service for traffic between a client (often a web
      browser) and a server, and that can optionally provide peer entity
      authentication between the client and the server. (See: Transport
      Layer Security.)

      (C) SSL is layered below HTTP and above a reliable transport
      protocol (TCP). SSL is independent of the application it
      encapsulates, and any higher level protocol can layer on top of
      SSL transparently. However, many Internet applications might be
      better served by IPsec.

      (C) SSL has two layers: (a) SSL's lower layer, the SSL Record
      Protocol, is layered on top of the transport protocol and
      encapsulates higher level protocols. One such encapsulated
      protocol is SSL Handshake Protocol. (b) SSL's upper layer provides
      asymmetric cryptography for server authentication (verifying the
      server's identity to the client) and optional client
      authentication (verifying the client's identity to the server),
      and also enables them to negotiate a symmetric encryption
      algorithm and secret session key (to use for data confidentiality)
      before the application protocol transmits or receives data. A
      keyed hash provides data integrity service for encapsulated data.

   $ secure state
      (I) A system condition in which no subject can access any object
      in an unauthorized manner. (See: (secondary definition under)
      Bell-LaPadula Model, clean system.)

   $ security
      (I) (1.) Measures taken to protect a system. (2.) The condition of
      a system that results from the establishment and maintenance of

Next RFC Part