Tech-invite3GPPspecsGlossariesIETFRFCsGroupsSIPABNFsWorld Map

RFC 4949


Internet Security Glossary, Version 2

Part 12 of 13, p. 310 to 342
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 310 
   $ token restore
      (I) A token management operation that loads a security token with
      data for the purpose of recreating (duplicating) the contents
      previously held by that or another token. (See: recovery.)

   $ token storage key
      (I) A cryptographic key used to protect data that is stored on a
      security token.

   $ top CA
      (I) Synonym for "root" in a certification hierarchy. (See: apex
      trust anchor.)

   $ top-level specification
      (I) "A non-procedural description of system behavior at the most
      abstract level; typically a functional specification that omits
      all implementation details." [NCS04] (See: formal top-level
      specification, Tutorial under "security policy".)

      Tutorial: A top-level specification is at a level of abstraction
      below "security model" and above "security architecture" (see:
      Tutorial under "security policy").

      A top-level specification may be descriptive or formal:
      -  "Descriptive top-level specification": One that is written in a
         natural language like English or an informal design notation.
      -  "Formal top-level specification": One that is written in a
         formal mathematical language to enable theorems to be proven
         that show that the specification correctly implements a set of
         formal requirements or a formal security model. (See:
         correctness proof.)

   $ TPM
      (N) See: Trusted Platform Module.

   $ traceback
      (I) Identification of the source of a data packet. (See:
      masquerade, network weaving.)

   $ tracker
      (N) An attack technique for achieving unauthorized disclosure from
      a statistical database. [Denns] (See: Tutorial under "inference

   $ traffic analysis
      1. (I) Gaining knowledge of information by inference from
      observable characteristics of a data flow, even if the information
      is not directly available (e.g., when the data is encrypted).

Top      Up      ToC       Page 311 
      These characteristics include the identities and locations of the
      source(s) and destination(s) of the flow, and the flow's presence,
      amount, frequency, and duration of occurrence. The object of the
      analysis might be information in SDUs, information in the PCI, or
      both. (See: inference, traffic-flow confidentiality, wiretapping.
      Compare: signal analysis.)

      2. (O) "The inference of information from observation of traffic
      flows (presence, absence, amount, direction, and frequency)."

   $ traffic-flow analysis
      (I) Synonym for "traffic analysis".

   $ traffic-flow confidentiality (TFC)
      1. (I) A data confidentiality service to protect against traffic
      analysis. (See: communications cover.)

      2. (O) "A confidentiality service to protect against traffic
      analysis." [I7498-2]

      Tutorial: Confidentiality concerns involve both direct and
      indirect disclosure of data, and the latter includes traffic
      analysis. However, operational considerations can make TFC
      difficult to achieve. For example, if Alice sends a product idea
      to Bob in an email message, she wants data confidentiality for the
      message's content, and she might also want to conceal the
      destination of the message to hide Bob's identity from her
      competitors. However, the identity of the intended recipient, or
      at least a network address for that recipient, needs to be made
      available to the mail system. Thus, complex forwarding schemes may
      be needed to conceal the ultimate destination as the message
      travels through the open Internet (see: onion routing).

      Later, if Alice uses an ATM during a clandestine visit to
      negotiate with Bob, she might prefer that her bank conceal the
      origin of her transaction, because knowledge of the ATM's location
      might allow a competitor to infer Bob's identity. The bank, on the
      other hand, might prefer to protect only Alice's PIN (see:
      selective-field confidentiality).

      A TFC service can be either full or partial:
      -  "Full TFC": This type of service conceals all traffic
      -  "Partial TFC": This type of service either (a) conceals some
         but not all of the characteristics or (b) does not completely
         conceal some characteristic.

Top      Up      ToC       Page 312 
      On point-to-point data links, full TFC can be provided by
      enciphering all PDUs and also generating a continuous, random data
      stream to seamlessly fill all gaps between PDUs. To a wiretapper,
      the link then appears to be carrying an unbroken stream of
      enciphered data. In other cases -- including on a shared or
      broadcast medium, or end-to-end in a network -- only partial TFC
      is possible, and that may require a combination of techniques. For
      example, a LAN that uses "carrier sense multiple access with
      collision detection" (CSMA/CD; a.k.a. "listen while talk") to
      control access to the medium, relies on detecting intervals of
      silence, which prevents using full TFC. Partial TFC can be
      provided on that LAN by measures such as adding spurious PDUs,
      padding PDUs to a constant size, or enciphering addresses just
      above the Physical Layer; but these measures reduce the efficiency
      with which the LAN can carry traffic. At higher protocol layers,
      SDUs can be protected, but addresses and other items of PCI must
      be visible at the layers below.

   $ traffic key
      (I) A cryptographic key used by a device for protecting
      information that is being transmitted between devices, as opposed
      to protecting information that being is maintained in the device.
      (Compare: storage key.)

   $ traffic padding
      (I) "The generation of spurious instances of communication,
      spurious data units, and/or spurious data within data units."

   $ tranquility property
      (N) /formal model/ Property of a system whereby the security level
      of an object cannot change while the object is being processed by
      the system. (See: Bell-LaPadula model.)

   $ transaction
      1. (I) A unit of interaction between an external entity and a
      system, or between components within a system, that involves a
      series of system actions or events.

      2. (O) "A discrete event between user and systems that supports a
      business or programmatic purpose." [M0404]

      Tutorial: To maintain secure state, transactions need to be
      processed coherently and reliably. Usually, they need to be
      designed to be atomic, consistent, isolated, and durable [Gray]:
      -  "Atomic": All actions and events that comprise the transaction
         are guaranteed to be completed successfully, or else the result
         is as if none at all were executed.

Top      Up      ToC       Page 313 
      -  "Consistent": The transaction satisfies correctness constraints
         defined for the data that is being processed.
      -  "Isolated": If two transactions are performed concurrently,
         they do not interfere with each other, and it appears as though
         the system performs one at a time.
      -  "Durable": System state and transaction semantics survive
         system failures.

      (I) See: transmission security.

   $ Transmission Control Code field (TCC field)
      (I) A data field that provides a means to segregate traffic and
      define controlled communities of interest in the security option
      (option type = 130) of IPv4's datagram header format. The TCC
      values are alphanumeric trigraphs assigned by the U.S. Government
      as specified in RFC 791.

   $ Transmission Control Protocol (TCP)
      (I) An Internet Standard, Transport-Layer protocol (RFC 793) that
      reliably delivers a sequence of datagrams from one computer to
      another in a computer network. (See: TCP/IP.)

      Tutorial: TCP is designed to fit into a layered suite of protocols
      that support internetwork applications. TCP assumes it can obtain
      a simple but potentially unreliable end-to-end datagram service
      (such as IP) from the lower-layer protocols.

   $ transmission security (TRANSEC)
      (I) COMSEC measures that protect communications from interception
      and exploitation by means other than cryptanalysis. Example:
      frequency hopping. (Compare: anti-jam, traffic flow

   $ Transport Layer
      See: Internet Protocol Suite, OSIRM.

   $ Transport Layer Security (TLS)
      (I) TLS is an Internet protocol [R4346] that is based on, and very
      similar to, SSL Version 3.0. (Compare: TLSP.)

      Tutorial: The TLS protocol is misnamed. The name misleadingly
      suggests that TLS is situated in the IPS Transport Layer, but TLS
      is always layered above a reliable Transport-Layer protocol
      (usually TCP) and either layered immediately below or integrated
      with an Application-Layer protocol (often HTTP).

Top      Up      ToC       Page 314 
   $ Transport Layer Security Protocol (TLSP)
      (N) An end-to-end encryption protocol (ISO 10736) that provides
      security services at the bottom of OSIRM Layer 4, i.e., directly
      above Layer 3. (Compare: TLS.)

      Tutorial: TLSP evolved directly from SP4.

   $ transport mode
      (I) One of two ways to apply AH or ESP to protect data packets; in
      this mode, the IPsec protocol encapsulates (i.e., the protection
      applies to) the packets of an IPS Transport-Layer protocol (e.g.,
      TCP, UDP), which normally is carried directly above IP in an IPS
      protocol stack. (Compare: tunnel mode.)

      Tutorial: An IPsec transport-mode security association is always
      between two hosts; neither end has the role of a security gateway.
      Whenever either end of an IPsec security association is a security
      gateway, the association is required to be in tunnel mode.

   $ transposition
      (I) /cryptography/ A method of encryption in which elements of the
      plain text retain their original form but undergo some change in
      their sequential position. (Compare: substitution.)

   $ trap door
      (I) Synonym for "back door".

   $ trespass
      (I) /threat action/ See: secondary definition under "intrusion".

   $ Triple Data Encryption Algorithm
      (I) A block cipher that transforms each 64-bit plaintext block by
      applying the DEA three successive times, using either two or three
      different keys for an effective key length of 112 or 168 bits.
      [A9052, SP67]

      Example: A variation proposed for IPsec's ESP uses a 168-bit key,
      consisting of three independent 56-bit values used by the DEA, and
      a 64-bit initialization vector. Each datagram contains an IV to
      ensure that each received datagram can be decrypted even when
      other datagrams are dropped or a sequence of datagrams is
      reordered in transit. [R1851]

   $ triple-wrapped
      (I) /S-MIME/ Data that has been signed with a digital signature,
      then encrypted, and then signed again. [R2634]

Top      Up      ToC       Page 315 
   $ Trojan horse
      (I) A computer program that appears to have a useful function, but
      also has a hidden and potentially malicious function that evades
      security mechanisms, sometimes by exploiting legitimate
      authorizations of a system entity that invokes the program. (See:
      malware, spyware. Compare: logic bomb, virus, worm.)

   $ trust
      1. (I) /information system/ A feeling of certainty (sometimes
      based on inconclusive evidence) either (a) that the system will
      not fail or (b) that the system meets its specifications (i.e.,
      the system does what it claims to do and does not perform unwanted
      functions). (See: trust level, trusted system, trustworthy system.
      Compare: assurance.)

      Tutorial: Components of a system can be grouped into three classes
      of trust [Gass]:
      -  "Trusted": The component is responsible for enforcing security
         policy on other components; the system's security depends on
         flawless operation of the component. (See: trusted process.)
      -  "Benign": The component is not responsible for enforcing
         security policy, but it has sensitive authorizations. It must
         be trusted not to intentionally violate security policy, but
         security violations are assumed to be accidental and not likely
         to affect overall system security.
      -  "Untrusted": The component is of unknown or suspicious
         provenance and must be treated as deliberately malicious. (See:
         malicious logic.)

      2. (I) /PKI/ A relationship between a certificate user and a CA in
      which the user acts according to the assumption that the CA
      creates only valid digital certificates.

      Tutorial: "Generally, an entity is said to 'trust' a second entity
      when the first entity makes the assumption that the second entity
      will behave exactly as the first entity expects. This trust may
      apply only for some specific function. The key role of trust in
      [X.509] is to describe the relationship between an entity [i.e., a
      certificate user] and a [CA]; an entity shall be certain that it
      can trust the CA to create only valid and reliable certificates."

   $ trust anchor
      (I) /PKI/ An established point of trust (usually based on the
      authority of some person, office, or organization) from which a
      certificate user begins the validation of a certification path.
      (See: apex trust anchor, path validation, trust anchor CA, trust
      anchor certificate, trust anchor key.)

Top      Up      ToC       Page 316 
      Usage: IDOCs that use this term SHOULD state a definition for it
      because it is used in various ways in existing IDOCs and other PKI
      literature. The literature almost always uses this term in a sense
      that is equivalent to this definition, but usage often differs
      with regard to what constitutes the point of trust.

      Tutorial: A trust anchor may be defined as being based on a public
      key, a CA, a public-key certificate, or some combination or
      variation of those:

      -  1. A public key as a point of trust: Although a certification
         path is defined as beginning with a "sequence of public-key
         certificates", an implementation of a path validation process
         might not explicitly handle a root certificate as part of the
         path, but instead begin the process by using a trusted root key
         to verify the signature on a certificate that was issued by the

         Therefore, "trust anchor" is sometimes defined as just a public
         key. (See: root key, trust anchor key, trusted key.)

      -  2. A CA as a point of trust: A trusted public key is just one
         of the data elements needed for path validation; the IPS path
         validation algorithm [R3280] also needs the name of the CA to
         which that key belongs, i.e., the DN of the issuer of the first
         X.509 certificate to be validated on the path. (See: issue.)

         Therefore, "trust anchor" is sometimes defined as either just a
         CA (where some public key is implied) or as a CA together with
         a specified public key belonging to that CA. (See: root, trust
         anchor CA, trusted CA.)

         Example: "A public key and the name of a [CA] that is used to
         validate the first certificate in a sequence of certificates.
         The trust anchor public key is used to verify the signature on
         a certificate issued by a trust anchor [CA]." [SP57]

      -  3. A public-key certificate as a point of trust: Besides the
         trusted CA's public key and name, the path validation algorithm
         needs to know the digital signature algorithm and any
         associated parameters with which the public key is used, and
         also any constraints that have been placed on the set of paths
         that may be validated using the key. All of this information is
         available from a CA's public-key certificate.

         Therefore, "trust anchor" is sometimes defined as a public-key
         certificate of a CA. (See: root certificate, trust anchor
         certificate, trusted certificate.)

Top      Up      ToC       Page 317 
      -  4. Combinations: Combinations and variations of the first three
         definitions are also used in the PKI literature.

         Example: "trust anchor information". The IPS standard for path
         validation [R3280] specifies the information that describes "a
         CA that serves as a trust anchor for the certification path.
         The trust anchor information includes: (a) the trusted issuer
         name, (b) the trusted public key algorithm, (c) the trusted
         public key, and (d) optionally, the trusted public key
         parameters associated with the public key. The trust anchor
         information may be provided to the path processing procedure in
         the form of a self-signed certificate. The trusted anchor
         information is trusted because it was delivered to the path
         processing procedure by some trustworthy out-of-band procedure.
         If the trusted public key algorithm requires parameters, then
         the parameters are provided along with the trusted public key."

   $ trust anchor CA
      (I) A CA that is the subject of a trust anchor certificate or
      otherwise establishes a trust anchor key. (See: root, trusted CA.)

      Tutorial: The selection of a CA to be a trust anchor is a matter
      of policy. Some of the possible choices include (a) the top CA in
      a hierarchical PKI, (b) the CA that issued the verifier's own
      certificate, or (c) any other CA in a network PKI. Different
      applications may rely on different trust anchors, or may accept
      paths that begin with any of a set of trust anchors. The IPS path
      validation algorithm is the same, regardless of the choice.

   $ trust anchor certificate
      (I) A public-key certificate that is used to provide the first
      public key in a certification path. (See: root certificate, trust
      anchor, trusted certificate.)

   $ trust anchor key
      (I) A public key that is used as the first public key in a
      certification path. (See: root key, trust anchor, trusted public

   $ trust anchor information
      (I) See: secondary definition under "trust anchor".

   $ trust chain
      (D) Synonym for "certification path". (See: trust anchor, trusted

Top      Up      ToC       Page 318 
      Deprecated Term: IDOCs SHOULD NOT use this term, because it
      unnecessarily duplicates the meaning of the internationally
      standardized term.

      Also, the term mixes concepts in a potentially misleading way.
      Having "trust" involves factors unrelated to simply verifying
      signatures and performing other tests as specified by a standard
      algorithm for path validation (e.g., RFC 3280). Thus, even if a
      user is able to validate a certification path algorithmically, the
      user still might distrust one of the CAs that issued certificates
      in that path or distrust some other aspects of the PKI.

   $ trust-file PKI
      (I) A non-hierarchical PKI in which each certificate user has its
      own local file (which is used by application software) of trust
      anchors, i.e., either public keys or public-key certificates that
      the user trusts as starting points for certification paths. (See:
      trust anchor, web of trust. Compare: hierarchical PKI, mesh PKI.)

      Example: Popular browsers are distributed with an initial file of
      trust anchor certificates, which often are self-signed
      certificates. Users can add certificates to the file or delete
      from it. The file may be directly managed by the user, or the
      user's organization may manage it from a centralized server.

   $ trust hierarchy
      (D) Synonym for "certification hierarchy".

      Deprecated Usage: IDOCs SHOULD NOT use this term because it mixes
      concepts in a potentially misleading way, and because a trust
      hierarchy could be implemented in other ways. (See: trust, trust
      chain, web of trust.)

   $ trust level
      (N) A characterization of a standard of security protection to be
      met by an information system. (See: Common Criteria, TCSEC.)

      Tutorial: A trust level is based not only on (a) the presence of
      security mechanisms, but also on the use of (b) systems
      engineering discipline to properly structure the system and (c)
      implementation analysis to ensure that the system provides an
      appropriate degree of trust.

   $ trusted
      (I) See: secondary definition under "trust".

Top      Up      ToC       Page 319 
   $ trusted CA
      (I) A CA upon which a certificate user relies as issuing valid
      certificates; especially a CA that is used as a trust anchor CA.
      (See: certification path, root, trust anchor CA, validation.)

      Tutorial. This trust is transitive to the extent that the X.509
      certificate extensions permit; that is, if a trusted CA issues a
      certificate to another CA, a user that trusts the first CA also
      trusts the second CA if the user succeeds in validating the
      certificate path (see: path validation).

   $ trusted certificate
      (I) A digital certificate that a certificate user accepts as being
      valid "a priori", i.e., without testing the certificate to
      validate it as the final certificate on a certification path;
      especially a certificate that is used as a trust anchor
      certificate. (See: certification path, root certificate, trust
      anchor certificate, trust-file PKI, validation.)

      Tutorial: The acceptance of a certificate as trusted is a matter
      of policy and choice. Usually, a certificate is accepted as
      trusted because the user obtained it by reliable, out-of-band
      means that cause the user to believe the certificate accurately
      binds its subject's name to the subject's public key or other
      attribute values. Many choices are possible; e.g., a trusted
      public-key certificate might be (a) the root certificate in a
      hierarchical PKI, (b) the certificate of the CA that issued the
      user's own certificate in a mesh PKI, or (c) a certificate
      provided with an application that uses a trust-file PKI.

   $ Trusted Computer System Evaluation Criteria (TCSEC)
      (N) A standard for evaluating the security provided by operating
      systems [CSC1, DoD1]. Known as the "Orange Book" because of the
      color of its cover; first document in the Rainbow Series. (See:
      Common Criteria, Deprecated Usage under "Green Book", Orange Book,
      trust level, trusted system. Compare: TSEC.)

      Tutorial: The TCSEC defines classes of hierarchically ordered
      assurance levels for rating computer systems. From highest to
      lowest, the classes are as follows:
      -  Division A:  Verified protection.
           Beyond A1    Beyond current technology. (See: beyond A1.)
           Class  A1    Verified design. (See: SCOMP.)
      -  Division B:  Mandatory protection.
           Class  B3    Security domains.
           Class  B2    Structured protection. (See: Multics.)
           Class  B1    Labeled security protection.

Top      Up      ToC       Page 320 
      -  Division C:  Discretionary protection.
           Class  C2    Controlled access protection.
           Class  C1    Discretionary security protection.
      -  Division D:  Minimal protection, i.e., has been evaluated but
         does not meet the requirements for a higher evaluation class.

   $ trusted computing base (TCB)
      (N) "The totality of protection mechanisms within a computer
      system, including hardware, firmware, and software, the
      combination of which is responsible for enforcing a security
      policy." [NCS04] (See: "trusted" under "trust". Compare: TPM.)

   $ Trusted Computing Group (TCG)
      (N) A not-for-profit, industry standards organization formed to
      develop, define, and promote open standards for hardware-enabled
      trusted computing and security technologies, including hardware
      building blocks and software interfaces, across multiple
      platforms, peripherals, and devices. (See: TPM, trusted system.
      Compare: TSIG.)

   $ trusted distribution
      (I) /COMPUSEC/ "A trusted method for distributing the TCB
      hardware, software, and firmware components, both originals and
      updates, that provides methods for protecting the TCB from
      modification during distribution and for detection of any changes
      to the TCB that may occur." [NCS04] (See: code signing,
      configuration control.)

   $ trusted key
      (D) Abbreviation for "trusted public key" and also for other types
      of keys. (See: root key, trust anchor key.)

      Deprecated Usage: IDOCs SHOULD either (a) state a definition for
      this term or (b) use a different, less ambiguous term. This term
      is ambiguous when it stands alone; e.g., it could refer to a
      trusted public key or to a private key or symmetric key that is
      believed to be secure (i.e., not compromised).

   $ trusted path
      1a. (I) /COMPUSEC/ A mechanism by which a computer system user can
      communicate directly and reliably with the TCB and that can only
      be activated by the user or the TCB and cannot be imitated by
      untrusted software within the computer. [NCS04]

      1b. (I) /COMSEC/ A mechanism by which a person or process can
      communicate directly with a cryptographic module and that can only
      be activated by the person, process, or module, and cannot be
      imitated by untrusted software within the module. [FP140]

Top      Up      ToC       Page 321 
   $ Trusted Platform Module (TPM)
      (N) The name of a specification, published by the TCG, for a
      microcontroller that can store secured information; and also the
      general name of implementations of that specification. (Compare:

   $ trusted process
      (I) A system component that has privileges that enable it to
      affect the state of system security and that can, therefore,
      through incorrect or malicious execution, violate the system's
      security policy. (See: privileged process, trusted system.)

   $ trusted public key
      (I) A public key upon which a user relies; especially a public key
      that is used as a trust anchor key. (See: certification path, root
      key, trust anchor key, validation.)

      Tutorial: A trusted public key could be (a) the root key in a
      hierarchical PKI, (b) the key of the CA that issued the user's own
      certificate in a mesh PKI, or (c) any key accepted by the user in
      a trust-file PKI.

   $ trusted recovery
      (I) A process that, after a system has experienced a failure or an
      attack, restores the system to normal operation (or to a secure
      state) without causing a security compromise. (See: recovery.)

   $ trusted subnetwork
      (I) A subnetwork containing hosts and routers that trust each
      other not to engage in active or passive attacks. (There also is
      an assumption that the underlying communication channels, such as
      telephone lines or a LAN, are protected from attack.)

   $ trusted system
      1. (I) /information system/ A system that operates as expected,
      according to design and policy, doing what is required -- despite
      environmental disruption, human user and operator errors, and
      attacks by hostile parties -- and not doing other things [NRC98].
      (See: trust level, trusted process. Compare: trustworthy.)

      2. (N) /multilevel secure/ "A [trusted system is a] system that
      employs sufficient hardware and software assurance measures to
      allow its use for simultaneous processing of a range of sensitive
      or classified information." [NCS04] (See: multilevel security

Top      Up      ToC       Page 322 
   $ Trusted Systems Interoperability Group (TSIG)
      (N) A forum of computer vendors, system integrators, and users
      devoted to promoting interoperability of trusted computer systems.
      (See: trusted system. Compare: TCG.)

   $ trustworthy system
      1. (I) A system that not only is trusted, but also warrants that
      trust because the system's behavior can be validated in some
      convincing way, such as through formal analysis or code review.
      (See: trust. Compare: trusted.)

      2. (O) /Digital Signature Guidelines/ "Computer hardware,
      software, and procedures that: (a) are reasonably secure from
      intrusion and misuse; (b) provide a reasonably reliable level of
      availability, reliability, and correct operation; (c) are
      reasonably suited to performing their intended functions; and (d)
      adhere to generally accepted security principles." [DSG]

   $ TSEC
      (O) See: Telecommunications Security Nomenclature System.
      (Compare: TCSEC.)

   $ TSIG
      1. (N) See: Trusted System Interoperability Group.

      2. (I) A mnemonic (presumed to be derived from "Transaction
      SIGnature") referring to an Internet protocol (RFC 2845) for data
      origin authentication and data integrity for certain DNS
      operations. (See: TKEY.)

   $ tunnel
      1. (I) A communication channel created in a computer network by
      encapsulating (i.e., layering) a communication protocol's data
      packets in (i.e., above) a second protocol that normally would be
      carried above, or at the same layer as, the first one. (See: L2TP,
      tunnel mode, VPN. Compare: covert channel.)

      Tutorial: Tunneling can involve almost any two IPS protocol
      layers. For example, a TCP connection between two hosts could
      conceivably be carried above SMTP (i.e., in SMTP messages) as a
      covert channel to evade access controls that a security gateway
      applies to the normal TCP layer that is below SMTP.

      Usually, however, a tunnel is a logical point-to-point link --
      i.e., an OSIRM Layer 2 connection -- created by encapsulating the
      Layer 2 protocol in one of the following three types of IPS
      protocols: (a) an IPS Transport-Layer protocol (such as TCP), (b)
      an IPS Network-Layer or Internet-Layer protocol (such as IP), or

Top      Up      ToC       Page 323 
      (c) another Layer 2 protocol. In many cases, the encapsulation is
      accomplished with an extra, intermediate protocol (i.e., a
      "tunneling protocol"; e.g., L2TP) that is layered below the
      tunneled Layer 2 protocol and above the encapsulating protocol.

      Tunneling can be used to move data between computers that use a
      protocol not supported by the network connecting them. Tunneling
      also can enable a computer network to use the services of a second
      network as though the second network were a set of point-to-point
      links between the first network's nodes. (See: VPN.)

      2. (O) /SET/ The name of a SET private extension that indicates
      whether the CA or the payment gateway supports passing encrypted
      messages to the cardholder through the merchant. If so, the
      extension lists OIDs of symmetric encryption algorithms that are

   $ tunnel mode
      (I) One of two ways to apply the IPsec protocols (AH and ESP) to
      protect data packets; in this mode, the IPsec protocol
      encapsulates (i.e., the protection applies to) IP packets, rather
      than the packets of higher-layer protocols. (See: tunnel. Compare:
      transport mode.)

      Tutorial: Each end of a tunnel-mode security association may be
      either a host or a security gateway. Whenever either end of an
      IPsec security association is a security gateway, the association
      is required to be in tunnel mode.

   $ two-person control
      (I) The close surveillance and control of a system, a process, or
      materials (especially with regard to cryptography) at all times by
      a minimum of two appropriately authorized persons, each capable of
      detecting incorrect and unauthorized procedures with respect to
      the tasks to be performed and each familiar with established
      security requirements. (See: dual control, no-lone zone.)

   $ Twofish
      (O) A symmetric, 128-bit block cipher with variable key length
      (128, 192, or 256 bits), developed by Counterpane Labs as a
      candidate for the AES. (See: Blowfish.)

   $ type 0 product
      (O) /cryptography, U.S. Government/ Classified cryptographic
      equipment endorsed by NSA for use (when appropriately keyed) in
      electronically distributing bulk keying material.

Top      Up      ToC       Page 324 
   $ type 1 key
      (O) /cryptography, U.S. Government/ "Generated and distributed
      under the auspices of NSA for use in a cryptographic device for
      the protection of classified and sensitive national security
      information." [C4009]

   $ type 1 product
      (O) /cryptography, U.S. Government/ "Cryptographic equipment,
      assembly or component classified or certified by NSA for
      encrypting and decrypting classified and sensitive national
      security information when appropriately keyed. Developed using
      established NSA business processes and containing NSA approved
      algorithms. Used to protect systems requiring the most stringent
      protection mechanisms." [C4009]

      Tutorial: The current definition of this term is less specific
      than an earlier version: "Classified or controlled cryptographic
      item endorsed by the NSA for securing classified and sensitive
      U.S. Government information, when appropriately keyed. The term
      refers only to products, and not to information, key, services, or
      controls. Type 1 products contain classified NSA algorithms. They
      are available to U.S. Government users, their contractors, and
      federally sponsored non-U.S. Government activities subject to
      export restrictions in accordance with International Traffic in
      Arms Regulation." [from an earlier version of C4009] (See: ITAR.)

   $ type 2 key
      (O) /cryptography, U.S. Government/ "Generated and distributed
      under the auspices of NSA for use in a cryptographic device for
      the protection of unclassified national security information."

   $ type 2 product
      (O) /cryptography, U.S. Government/ "Cryptographic equipment,
      assembly, or component certified by NSA for encrypting or
      decrypting sensitive national security information when
      appropriately keyed. Developed using established NSA business
      processes and containing NSA approved algorithms. Used to protect
      systems requiring protection mechanisms exceeding best commercial
      practices including systems used for the protection of
      unclassified national security information." [C4009]

      Tutorial: The current definition of this term is less specific
      than an earlier version: "Unclassified cryptographic equipment,
      assembly, or component, endorsed by the NSA, for use in national
      security systems as defined in Title 40 U.S.C. Section 1452."
      [from an earlier version of C4009] (See: national security system.
      Compare: EUCI.)

Top      Up      ToC       Page 325 
   $ type 3 key
      (O) /cryptography, U.S. Government/ "Used in a cryptographic
      device for the protection of unclassified sensitive information,
      even if used in a Type 1 or Type 2 product." [C4009]

   $ type 3 product
      (O) /cryptography, U.S. Government/ "Unclassified cryptographic
      equipment, assembly, or component used, when appropriately keyed,
      for encrypting or decrypting unclassified sensitive U.S.
      Government or commercial information, and to protect systems
      requiring protection mechanisms consistent with standard
      commercial practices. Developed using established commercial
      standards and containing NIST approved cryptographic
      algorithms/modules or successfully evaluated by the National
      Information Assurance Partnership (NIAP)." [C4009]

   $ type 4 key
      (O) /cryptography, U.S. Government/ "Used by a cryptographic
      device in support of its Type 4 functionality; i.e., any provision
      of key that lacks U.S. Government endorsement or oversight."

   $ type 4 product
      (O) /cryptography, U.S. Government/ "Unevaluated commercial
      cryptographic equipment, assemblies, or components that neither
      NSA nor NIST certify for any Government usage. These products are
      typically delivered as part of commercial offerings and are
      commensurate with the vendor's commercial practices. These
      products may contain either vendor proprietary algorithms,
      algorithms registered by NIST, or algorithms registered by NIST
      and published in a FIPS." [C4009]

   $ UDP
      (I) See: User Datagram Protocol.

   $ UDP flood
      (I) A denial-of-service attack that takes advantage of (a) one
      system's UDP test function that generates a series of characters
      for each packet it receives and (b) another system's UPD test
      function that echoes any character it receives; the attack
      connects (a) to (b) to cause a nonstop flow of data between the
      two systems. (See: flooding.)

   $ unauthorized disclosure
      (I) A circumstance or event whereby an entity gains access to
      information for which the entity is not authorized.

Top      Up      ToC       Page 326 
      Tutorial: This type of threat consequence can be caused by the
      following types of threat actions: exposure, interception,
      inference, and intrusion. Some methods of protecting against this
      consequence include access control, flow control, and inference
      control. (See: data confidentiality.)

   $ unauthorized user
      (I) /access control/ A system entity that accesses a system
      resource for which the entity has not received an authorization.
      (See: user. Compare: authorized user, insider, outsider.)

      Usage: IDOCs that use this term SHOULD state a definition for it
      because the term is used in many ways and could easily be

   $ uncertainty
      (N) An information-theoretic measure (usually stated as a number
      of bits) of the minimum amount of plaintext information that needs
      to be recovered from cipher text to learn the entire plain text
      that was encrypted. [SP63] (See: entropy.)

   $ unclassified
      (I) Not classified. (Compare: FOUO.)

   $ unencrypted
      (I) Not encrypted.

   $ unforgeable
      (I) /cryptography/ The property of a cryptographic data structure
      (i.e., a data structure that is defined using one or more
      cryptographic functions, e.g., "digital certificate") that makes
      it computationally infeasible to construct (i.e., compute) an
      unauthorized but correct value of the structure without having
      knowledge of one of more keys.

      Tutorial: This definition is narrower than general English usage,
      where "unforgeable" means unable to be fraudulently created or
      duplicated. In that broader sense, anyone can forge a digital
      certificate containing any set of data items whatsoever by
      generating the to-be-signed certificate and signing it with any
      private key whatsoever. But for PKI purposes, the forged data
      structure is invalid if it is not signed with the true private key
      of the claimed issuer; thus, the forgery will be detected when a
      certificate user uses the true public key of the claimed issuer to
      verify the signature.

Top      Up      ToC       Page 327 
   $ uniform resource identifier (URI)
      (I) A type of formatted identifier (RFC 3986) that encapsulates
      the name of an Internet object, and labels it with an
      identification of the name space, thus producing a member of the
      universal set of names in registered name spaces and of addresses
      referring to registered protocols or name spaces.

      Example: HTML uses URIs to identify the target of hyperlinks.

      Usage: "A URI can be classified as a locator (see: URL), a name
      (see: URN), or both. ... Instances of URIs from any given scheme
      may have the characteristics of names or locators or both, often
      depending on the persistence and care in the assignment of
      identifiers by the naming authority, rather than on any quality of
      the scheme." IDOCs SHOULD "use the general term 'URI' rather than
      the more restrictive terms 'URL' and 'URN'." (RFC 3986)

   $ uniform resource locator (URL)
      (I) A URI that describes the access method and location of an
      information resource object on the Internet. (See: Usage under
      "URI". Compare: URN.)

      Tutorial: The term URL "refers to the subset of URIs that, besides
      identifying a resource, provide a means of locating the resource
      by describing its primary access mechanism (e.g., its network
      'location')." (RFC 3986)

      A URL provides explicit instructions on how to access the named
      object. For example,
      "" is a URL.
      The part before the colon specifies the access scheme or protocol,
      and the part after the colon is interpreted according to that
      access method. Usually, two slashes after the colon indicate the
      host name of a server (written as a domain name). In an FTP or
      HTTP URL, the host name is followed by the path name of a file on
      the server. The last (optional) part of a URL may be either a
      fragment identifier that indicates a position in the file, or a
      query string.

   $ uniform resource name (URN)
      (I) A URI with the properties of a name. (See: Usage under "URI".
      Compare: URL.)

      Tutorial: The term URN "has been used historically to refer to
      both URIs under the "urn" scheme (RFC 2141), which are required to
      remain globally unique and persistent even when the resource
      ceases to exist or becomes unavailable, and to any other URI with
      the properties of a name." (RFC 3986)

Top      Up      ToC       Page 328 
   $ untrusted
      (I) See: secondary definition under "trust".

   $ untrusted process
      1. (I) A system component that is not able to affect the state of
      system security through incorrect or malicious operation. Example:
      A component that has its operations confined by a security kernel.
      (See: trusted process.)

      2. (I) A system component that (a) has not been evaluated or
      examined for adherence to a specified security policy and,
      therefore, (b) must be assumed to contain logic that might attempt
      to circumvent system security.

   $ UORA
      (O) See: user-PIN ORA.

   $ update
      See: "certificate update" and "key update".

   $ upgrade
      (I) /data security/ Increase the classification level of data
      without changing the information content of the data. (See:
      classify, downgrade, regrade.)

   $ URI
      (I) See: uniform resource identifier.

   $ URL
      (I) See: uniform resource locator.

   $ URN
      (I) See: uniform resource name.

   $ user
      See: system user.

      Usage: IDOCs that use this term SHOULD state a definition for it
      because the term is used in many ways and could easily be

   $ user authentication service
      (I) A security service that verifies the identity claimed by an
      entity that attempts to access the system. (See: authentication,

Top      Up      ToC       Page 329 
   $ User Datagram Protocol (UDP)
      (I) An Internet Standard, Transport-Layer protocol (RFC 768) that
      delivers a sequence of datagrams from one computer to another in a
      computer network. (See: UPD flood.)

      Tutorial: UDP assumes that IP is the underlying protocol. UDP
      enables application programs to send transaction-oriented data to
      other programs with minimal protocol mechanism. UDP does not
      provide reliable delivery, flow control, sequencing, or other end-
      to-end service guarantees that TCP does.

   $ user identifier
      (I) See: identifier.

   $ user identity
      (I) See: identity.

   $ user PIN
      (O) /MISSI/ One of two PINs that control access to the functions
      and stored data of a FORTEZZA PC card. Knowledge of the user PIN
      enables a card user to perform the FORTEZZA functions that are
      intended for use by an end user. (See: PIN. Compare: SSO PIN.)

   $ user-PIN ORA (UORA)
      (O) /MISSI/ A MISSI organizational RA that operates in a mode in
      which the ORA performs only the subset of card management
      functions that are possible with knowledge of the user PIN for a
      FORTEZZA PC card. (See: no-PIN ORA, SSO-PIN ORA.)

   $ usurpation
      (I) A circumstance or event that results in control of system
      services or functions by an unauthorized entity. This type of
      threat consequence can be caused by the following types of threat
      actions: misappropriation, misuse. (See: access control.)

   $ UTCTime
      (N) The ASN.1 data type "UTCTime" contains a calendar date
      (YYMMDD) and a time to a precision of either one minute (HHMM) or
      one second (HHMMSS), where the time is either (a) Coordinated
      Universal Time or (b) the local time followed by an offset that
      enables Coordinated Universal Time to be calculated. (See:
      Coordinated Universal Time. Compare: GeneralizedTime.)

      Usage: If you care about centuries or millennia, you probably need
      to use the GeneralizedTime data type instead of UTCTime.

Top      Up      ToC       Page 330 
   $ v1 certificate
      (N) An abbreviation that ambiguously refers to either an "X.509
      public-key certificate in version 1 format" or an "X.509 attribute
      certificate in version 1 format".

      Deprecated Usage: IDOCs MAY use this term as an abbreviation of
      "version 1 X.509 public-key certificate", but only after using the
      full term at the first instance. Otherwise, the term is ambiguous,
      because X.509 specifies both v1 public-key certificates and v1
      attribute certificates. (See: X.509 attribute certificate, X.509
      public-key certificate.)

   $ v1 CRL
      (N) Abbreviation of "X.509 CRL in version 1 format".

      Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
      term at its first occurrence and define the abbreviation there.

   $ v2 certificate
      (N) Abbreviation of "X.509 public-key certificate in version 2

      Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
      term at its first occurrence and define the abbreviation there.

   $ v2 CRL
      (N) Abbreviation of "X.509 CRL in version 2 format".

      Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
      term at its first occurrence and define the abbreviation there.

   $ v3 certificate
      (N) Abbreviation of "X.509 public-key certificate in version 3

      Usage: IDOCs MAY use this abbreviation, but SHOULD use the full
      term at its first occurrence and define the abbreviation there.

   $ valid certificate
      1. (I) A digital certificate that can be validated successfully.
      (See: validate, verify.)

      2. (I) A digital certificate for which the binding of the data
      items can be trusted.

   $ valid signature
      (D) Synonym for "verified signature".

Top      Up      ToC       Page 331 
      Deprecated Term: IDOCs SHOULD NOT use this synonym. This Glossary
      recommends saying "validate the certificate" and "verify the
      signature"; therefore, it would be inconsistent to say that a
      signature is "valid". (See: validate, verify.)

   $ validate
      1. (I) Establish the soundness or correctness of a construct.
      Example: certificate validation. (See: validate vs. verify.)

      2. (I) To officially approve something, sometimes in relation to a
      standard. Example: NIST validates cryptographic modules for
      conformance with [FP140].

   $ validate vs. verify
      Usage: To ensure consistency and align with ordinary English
      usage, IDOCs SHOULD comply with the following two rules:
      -  Rule 1: Use "validate" when referring to a process intended to
         establish the soundness or correctness of a construct (e.g.,
         "certificate validation"). (See: validate.)
      -  Rule 2: Use "verify" when referring to a process intended to
         test or prove the truth or accuracy of a fact or value (e.g.,
         "authenticate"). (See: verify.)

      Tutorial: The Internet security community sometimes uses these two
      terms inconsistently, especially in a PKI context. Most often,
      however, we say "verify the signature" but say "validate the
      certificate". That is, we "verify" atomic truths but "validate"
      data structures, relationships, and systems that are composed of
      or depend on verified items. This usage has a basis in Latin:

      The word "valid" derives from a Latin word that means "strong".
      Thus, to validate means to check that a construct is sound. For
      example, a certificate user validates a public-key certificate to
      establish trust in the binding that the certificate asserts
      between an identity and a key. This can include checking various
      aspects of the certificate's construction, such as verifying the
      digital signature on the certificate by performing calculations,
      verifying that the current time is within the certificate's
      validity period, and validating a certification path involving
      additional certificates.

      The word "verify" derives from a Latin word that means "true".
      Thus, to verify means to check the truth of an assertion by
      examining evidence or performing tests. For example, to verify an
      identity, an authentication process examines identification
      information that is presented or generated. To validate a
      certificate, a certificate user verifies the digital signature on
      the certificate by performing calculations, verifies that the

Top      Up      ToC       Page 332 
      current time is within the certificate's validity period, and may
      need to validate a certification path involving additional

   $ validation
      (I) See: validate vs. verify.

   $ validity period
      (I) /PKI/ A data item in a digital certificate that specifies the
      time period for which the binding between data items (especially
      between the subject name and the public key value in a public-key
      certificate) is valid, except if the certificate appears on a CRL
      or the key appears on a CKL. (See: cryptoperiod, key lifetime.)

   $ value-added network (VAN)
      (I) A computer network or subnetwork (usually a commercial
      enterprise) that transmits, receives, and stores EDI transactions
      on behalf of its users.

      Tutorial: A VAN may also provide additional services, ranging from
      EDI format translation, to EDI-to-FAX conversion, to integrated
      business systems.

   $ VAN
      (I) See: value-added network.

   $ verification
      1. (I) /authentication/ The process of examining information to
      establish the truth of a claimed fact or value. (See: validate vs.
      verify, verify. Compare: authentication.)

      2. (N) /COMPUSEC/ The process of comparing two levels of system
      specification for proper correspondence, such as comparing a
      security model with a top-level specification, a top-level
      specification with source code, or source code with object code.

   $ verified design
      (O) See: TCSEC Class A1.

   $ verify
      (I) To test or prove the truth or accuracy of a fact or value.
      (See: validate vs. verify, verification. Compare: authenticate.)

   $ vet
      (I) /verb/ To examine or evaluate thoroughly. (Compare:
      authenticate, identity proofing, validate, verify.)

Top      Up      ToC       Page 333 
   $ violation
      See: security violation.

   $ virtual private network (VPN)
      (I) A restricted-use, logical (i.e., artificial or simulated)
      computer network that is constructed from the system resources of
      a relatively public, physical (i.e., real) network (e.g., the
      Internet), often by using encryption (located at hosts or
      gateways), and often by tunneling links of the virtual network
      across the real network. (See: tunnel.)

      Tutorial: A VPN is generally less expensive to build and operate
      than a dedicated real network, because the virtual network shares
      the cost of system resources with other users of the underlying
      real network. For example, if a corporation has LANs at several
      different sites, each connected to the Internet by a firewall, the
      corporation could create a VPN by using encrypted tunnels to
      connect from firewall to firewall across the Internet.

   $ virus
      (I) A self-replicating (and usually hidden) section of computer
      software (usually malicious logic) that propagates by infecting --
      i.e., inserting a copy of itself into and becoming part of --
      another program. A virus cannot run by itself; it requires that
      its host program be run to make the virus active.

   $ Visa Cash
      (O) A smartcard-based electronic money system that incorporates
      cryptography and can be used to make payments via the Internet.
      (See: IOTP.)

   $ volatile media
      (I) Storage media that require an external power supply to
      maintain stored information. (Compare: non-volatile media,
      permanent storage.)

   $ VPN
      (I) See: virtual private network.

   $ vulnerability
      (I) A flaw or weakness in a system's design, implementation, or
      operation and management that could be exploited to violate the
      system's security policy. (See: harden.)

      Tutorial: A system can have three types of vulnerabilities: (a)
      vulnerabilities in design or specification; (b) vulnerabilities in
      implementation; and (c) vulnerabilities in operation and
      management. Most systems have one or more vulnerabilities, but

Top      Up      ToC       Page 334 
      this does not mean that the systems are too flawed to use. Not
      every threat results in an attack, and not every attack succeeds.
      Success depends on the degree of vulnerability, the strength of
      attacks, and the effectiveness of any countermeasures in use. If
      the attacks needed to exploit a vulnerability are very difficult
      to carry out, then the vulnerability may be tolerable. If the
      perceived benefit to an attacker is small, then even an easily
      exploited vulnerability may be tolerable. However, if the attacks
      are well understood and easily made, and if the vulnerable system
      is employed by a wide range of users, then it is likely that there
      will be enough motivation for someone to launch an attack.

   $ W3
      (D) Synonym for WWW.

      Deprecated Abbreviation: This abbreviation could be confused with
      W3C; use "WWW" instead.

   $ W3C
      (N) See: World Wide Web Consortium.

   $ war dialer
      (I) /slang/ A computer program that automatically dials a series
      of telephone numbers to find lines connected to computer systems,
      and catalogs those numbers so that a cracker can try to break the

      Deprecated Usage: IDOCs that use this term SHOULD state a
      definition for it because the term could confuse international

   $ Wassenaar Arrangement
      (N) The Wassenaar Arrangement on Export Controls for Conventional
      Arms and Dual-Use Goods and Technologies is a global, multilateral
      agreement approved by 33 countries in July 1996 to contribute to
      regional and international security and stability, by promoting
      information exchange concerning, and greater responsibility in,
      transfers of arms and dual-use items, thus preventing
      destabilizing accumulations. (See: International Traffic in Arms

      Tutorial: The Arrangement began operations in September 1996 with
      headquarters in Vienna. The participating countries were
      Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech
      Republic, Denmark, Finland, France, Germany, Greece, Hungary,
      Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand,
      Norway, Poland, Portugal, Republic of Korea, Romania, Russian

Top      Up      ToC       Page 335 
      Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey,
      Ukraine, United Kingdom, and United States.

      Participating countries seek through their national policies to
      ensure that transfers do not contribute to the development or
      enhancement of military capabilities that undermine the goals of
      the arrangement, and are not diverted to support such
      capabilities. The countries maintain effective export controls for
      items on the agreed lists, which are reviewed periodically to
      account for technological developments and experience gained.
      Through transparency and exchange of views and information,
      suppliers of arms and dual-use items can develop common
      understandings of the risks associated with their transfer and
      assess the scope for coordinating national control policies to
      combat these risks. Members provide semi-annual notification of
      arms transfers, covering seven categories derived from the UN
      Register of Conventional Arms. Members also report transfers or
      denials of transfers of certain controlled dual-use items.
      However, the decision to transfer or deny transfer of any item is
      the sole responsibility of each participating country. All
      measures undertaken with respect to the arrangement are in
      accordance with national legislation and policies and are
      implemented on the basis of national discretion.

   $ watermarking
      See: digital watermarking.

   $ weak key
      (I) In the context of a particular cryptographic algorithm, a key
      value that provides poor security. (See: strong.)

      Example: The DEA has four "weak keys" [Schn] for which encryption
      produces the same result as decryption. It also has ten pairs of
      "semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which
      encryption with one key in the pair produces the same result as
      decryption with the other key.

   $ web, Web
      1. (I) /not capitalized/ IDOCs SHOULD NOT capitalize "web" when
      using the term (usually as an adjective) to refer generically to
      technology -- such as web browsers, web servers, HTTP, and HTML --
      that is used in the Web or similar networks.

      2. (I) /capitalized/ IDOCs SHOULD capitalize "Web" when using the
      term (as either a noun or an adjective) to refer specifically to
      the World Wide Web. (Similarly, see: internet.)

Top      Up      ToC       Page 336 
      Usage: IDOCs SHOULD NOT use "web" or "Web" in a way that might
      confuse these definitions with the PGP "web of trust". When using
      Web as an abbreviation for "World Wide Web", IDOCs SHOULD fully
      spell out the term at the first instance of usage.

   $ web of trust
      (D) /PGP/ A PKI architecture in which each certificate user
      defines their own trust anchor(s) by depending on personal
      relationships. (See: trust anchor. Compare: hierarchical PKI, mesh

      Deprecated Usage: IDOCs SHOULD NOT use this term except with
      reference to PGP. This term mixes concepts in potentially
      misleading ways; e.g., this architecture does not depend on World
      Wide Web technology. Instead of this term, IDOCs MAY use "trust-
      file PKI". (See: web, Web).

      Tutorial: This type of architecture does not usually include
      public repositories of certificates. Instead, each certificate
      user builds their own, private repository of trusted public keys
      by making personal judgments about being able to trust certain
      people to be holding properly certified keys of other people. It
      is this set of person-to-person relationships from which the
      architecture gets its name.

   $ web server
      (I) A software process that runs on a host computer connected to a
      network and responds to HTTP requests made by client web browsers.

   $ WEP
      (N) See: Wired Equivalency Protocol.

   $ Wired Equivalent Privacy (WEP)
      (N) A cryptographic protocol that is defined in the IEEE 802.11
      standard and encapsulates the packets on wireless LANs. Usage:
      a.k.a. "Wired Equivalency Protocol".

      Tutorial: The WEP design, which uses RC4 to encrypt both the plain
      text and a CRC, has been shown to be flawed in multiple ways; and
      it also has often suffered from flawed implementation and

   $ wiretapping
      (I) An attack that intercepts and accesses information contained
      in a data flow in a communication system. (See: active
      wiretapping, end-to-end encryption, passive wiretapping, secondary
      definition under "interception".)

Top      Up      ToC       Page 337 
      Usage: Although the term originally referred to making a
      mechanical connection to an electrical conductor that links two
      nodes, it is now used to refer to accessing information from any
      sort of medium used for a link or even from a node, such as a
      gateway or subnetwork switch.

      Tutorial: Wiretapping can be characterized according to intent:
      -  "Active wiretapping" attempts to alter the data or otherwise
         affect the flow.
      -  "Passive wiretapping" only attempts to observe the data flow
         and gain knowledge of information contained in it.

   $ work factor
      1a. (I) /COMPUSEC/ The estimated amount of effort or time that can
      be expected to be expended by a potential intruder to penetrate a
      system, or defeat a particular countermeasure, when using
      specified amounts of expertise and resources. (See: brute force,
      impossible, strength.)

      1b. (I) /cryptography/ The estimated amount of computing power and
      time needed to break a cryptographic system. (See: brute force,
      impossible, strength.)

   $ World Wide Web ("the Web", WWW)
      (N) The global, hypermedia-based collection of information and
      services that is available on Internet servers and is accessed by
      browsers using Hypertext Transfer Protocol and other information
      retrieval mechanisms. (See: web vs. Web, [R2084].)

   $ World Wide Web Consortium (W3C)
      (N) Created in October 1994 to develop and standardize protocols
      to promote the evolution and interoperability of the Web, and now
      consisting of hundreds of member organizations (commercial firms,
      governmental agencies, schools, and others).

      Tutorial: W3C Recommendations are developed through a process
      similar to that of the standards published by other organizations,
      such as the IETF. The W3 Recommendation Track (i.e., standards
      track) has four levels of increasing maturity: Working, Candidate
      Recommendation, Proposed Recommendation, and W3C Recommendation.
      W3C Recommendations are similar to the standards published by
      other organizations. (Compare: Internet Standard, ISO.)

   $ worm
      (I) A computer program that can run independently, can propagate a
      complete working version of itself onto other hosts on a network,
      and may consume system resources destructively. (See: mobile code,
      Morris Worm, virus.)

Top      Up      ToC       Page 338 
   $ wrap
      1. (N) To use cryptography to provide data confidentiality service
      for keying material. (See: encrypt, wrapping algorithm, wrapping
      key. Compare: seal, shroud.)

      2. (D) To use cryptography to provide data confidentiality service
      for data in general.

      Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2
      because that duplicates the meaning of the more widely understood

   $ wrapping algorithm
      (N) An encryption algorithm that is specifically intended for use
      in encrypting keys. (See: KEK, wrap.)

   $ wrapping key
      (N) Synonym for "KEK". (See: encrypt. Compare: seal, shroud.)

   $ write
      (I) /security model/ A system operation that causes a flow of
      information from a subject to an object. (See: access mode.
      Compare: read.)

   $ WWW
      (I) See: World Wide Web.

   $ X.400
      (N) An ITU-T Recommendation [X400] that is one part of a joint
      ITU-T/ISO multi-part standard (X.400-X.421) that defines the
      Message Handling Systems. (The ISO equivalent is IS 10021, parts
      1-7.) (See: Message Handling Systems.)

   $ X.500
      (N) An ITU-T Recommendation [X500] that is one part of a joint
      ITU-T/ISO multi-part standard (X.500-X.525) that defines the X.500
      Directory, a conceptual collection of systems that provide
      distributed directory capabilities for OSI entities, processes,
      applications, and services. (The ISO equivalent is IS 9594-1 and
      related standards, IS 9594-x.) (See: directory vs. Directory,

      Tutorial: The X.500 Directory is structured as a tree (the
      Directory Information Tree), and information is stored in
      directory entries. Each entry is a collection of information about
      one object, and each object has a DN. A directory entry is
      composed of attributes, each with a type and one or more values.
      For example, if a PKI uses the Directory to distribute

Top      Up      ToC       Page 339 
      certificates, then the X.509 public-key certificate of an end user
      is normally stored as a value of an attribute of type
      "userCertificate" in the Directory entry that has the DN that is
      the subject of the certificate.

   $ X.509
      (N) An ITU-T Recommendation [X509] that defines a framework to
      provide and support data origin authentication and peer entity
      authentication, including formats for X.509 public-key
      certificates, X.509 attribute certificates, and X.509 CRLs. (The
      ISO equivalent is IS 9498-4.) (See: X.500.)

      Tutorial: X.509 describes two "levels" of authentication: "simple
      authentication" and "strong authentication". It recommends, "While
      simple authentication offers some limited protection against
      unauthorized access, only strong authentication should be used as
      the basis for providing secure services."

   $ X.509 attribute certificate
      (N) An attribute certificate in the version 1 (v1) format defined
      by X.509. (The v1 designation for an X.509 attribute certificate
      is disjoint from the v1 designation for an X.509 public-key
      certificate, and from the v1 designation for an X.509 CRL.)

      Tutorial: An X.509 attribute certificate has a "subject" field,
      but the attribute certificate is a separate data structure from
      that subject's public-key certificate. A subject may have multiple
      attribute certificates associated with each of its public-key
      certificates, and an attribute certificate may be issued by a
      different CA than the one that issued the associated public-key

      An X.509 attribute certificate contains a sequence of data items
      and has a digital signature that is computed from that sequence.
      Besides the signature, an attribute certificate contains items 1
      through 9 listed below:

      1. version                 Identifies v1.
      2. subject                 Is one of the following:
         2a. baseCertificateID   Issuer and serial number of an
                                 X.509 public-key certificate.
         2b. subjectName         DN of the subject.
      3. issuer                  DN of the issuer (the CA who signed).
      4. signature               OID of algorithm that signed the cert.
      5. serialNumber            Certificate serial number;
                                 an integer assigned by the issuer.
      6. attCertValidityPeriod   Validity period; a pair of UTCTime
                                 values: "not before" and "not after".

Top      Up      ToC       Page 340 
      7. attributes              Sequence of attributes describing the
      8. issuerUniqueId          Optional, when a DN is not sufficient.
      9. extensions              Optional.

   $ X.509 certificate
      (N) Synonym for "X.509 public-key certificate".

      Usage: IDOCs MAY use this term as an abbreviation of "X.509
      public-key certificate", but only after using the full term at the
      first instance. Otherwise, the term is ambiguous, because X.509
      specifies both public-key certificates and attribute certificates.
      (See: X.509 attribute certificate, X.509 public-key certificate.)

      Deprecated Usage: IDOCs SHOULD NOT use this term as an
      abbreviation of "X.509 attribute certificate", because the term is
      much more commonly used to mean "X.509 public-key certificate"
      and, therefore, is likely to be misunderstood.

   $ X.509 certificate revocation list (CRL)
      (N) A CRL in one of the formats defined by X.509 -- version 1 (v1)
      or version 2 (v2). (The v1 and v2 designations for an X.509 CRL
      are disjoint from the v1 and v2 designations for an X.509 public-
      key certificate, and from the v1 designation for an X.509
      attribute certificate.) (See: certificate revocation.)

      Usage: IDOCs SHOULD NOT refer to an X.509 CRL as a digital
      certificate; however, note that an X.509 CRL does meet this
      Glossary's definition of "digital certificate". That is, like a
      digital certificate, an X.509 CRL makes an assertion and is signed
      by a CA. But instead of binding a key or other attributes to a
      subject, an X.509 CRL asserts that certain previously issued,
      X.509 certificates have been revoked.

      Tutorial: An X.509 CRL contains a sequence of data items and has a
      digital signature computed on that sequence. Besides the
      signature, both v1 and v2 contain items 2 through 6b listed below.
      Version 2 contains item 1 and may optionally contain 6c and 7.

      1. version                 Optional. If present, identifies v2.
      2. signature               OID of the algorithm that signed CRL.
      3. issuer                  DN of the issuer (the CA who signed).
      4. thisUpdate              A UTCTime value.
      5. nextUpdate              A UTCTime value.
      6. revokedCertificates     3-tuples of 6a, 6b, and (optional) 6c:
         6a. userCertificate     A certificate's serial number.
         6b. revocationDate      UTCTime value for the revocation date.
         6c. crlEntryExtensions  Optional.

Top      Up      ToC       Page 341 
      7. crlExtensions           Optional.

   $ X.509 public-key certificate
      (N) A public-key certificate in one of the formats defined by
      X.509 -- version 1 (v1), version 2 (v2), or version 3 (v3). (The
      v1 and v2 designations for an X.509 public-key certificate are
      disjoint from the v1 and v2 designations for an X.509 CRL, and
      from the v1 designation for an X.509 attribute certificate.)

      Tutorial: An X.509 public-key certificate contains a sequence of
      data items and has a digital signature computed on that sequence.
      Besides the signature, all three versions contain items 1 through
      7 listed below. Only v2 and v3 certificates may also contain items
      8 and 9, and only v3 may contain item 10.

      1. version                 Identifies v1, v2, or v3.
      2. serialNumber            Certificate serial number;
                                 an integer assigned by the issuer.
      3. signature               OID of algorithm that was used to
                                 sign the certificate.
      4. issuer                  DN of the issuer (the CA who signed).
      5. validity                Validity period; a pair of UTCTime
                                 values: "not before" and "not after".
      6. subject                 DN of entity who owns the public key.
      7. subjectPublicKeyInfo    Public key value and algorithm OID.
      8. issuerUniqueIdentifier  Defined for v2, v3; optional.
      9. subjectUniqueIdentifier Defined for v2, v2; optional.
      10. extensions             Defined only for v3; optional.

   $ X9
      (N) See: "Accredited Standards Committee X9" under "ANSI".

   $ XML
      (N) See: Extensible Markup Language.

   $ XML-Signature.
      (N) A W3C Recommendation (i.e., approved standard) that specifies
      XML syntax and processing rules for creating and representing
      digital signatures (based on asymmetric cryptography) that can be
      applied to any digital content (i.e., any data object) including
      other XML material.

   $ Yellow Book
      (D) /slang/ Synonym for "Computer Security Requirements: Guidance
      for Applying the [U.S.] Department of Defense Trusted Computer
      System Evaluation Criteria in Specific Environments" [CSC3] (See:
      "first law" under "Courtney's laws".)

Top      Up      ToC       Page 342 
      Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
      that or any other document. Instead, use the full proper name of
      the document or, in subsequent references, a conventional
      abbreviation. (See: Deprecated Usage under "Green Book", Rainbow

   $ zero-knowledge proof
      (I) /cryptography/ A proof-of-possession protocol whereby a system
      entity can prove possession of some information to another entity,
      without revealing any of that information. (See: proof-of-
      possession protocol.)

   $ zeroize
      1. (I) Synonym for "erase". (See: sanitize.) Usage: Particularly
      with regard to erasing keys that are stored in a cryptographic

      2. (O) Erase electronically stored data by altering the contents
      of the data storage so as to prevent the recovery of the data.

      3. (O) "To remove or eliminate the key from a cryptoequipment or
      fill device." [C4009]

      Usage: The phrase "zeroize the device" normally is used to mean
      erasing all keys stored in the device, but sometimes means erasing
      all keying material in the device, or all cryptographic
      information in the device, or even all sensitive information in
      the device.

   $ zombie
      (I) /slang/ An Internet host computer that has been
      surreptitiously penetrated by an intruder that installed malicious
      daemon software to cause the host to operate as an accomplice in
      attacking other hosts, particularly in distributed attacks that
      attempt denial of service through flooding.

      Deprecated Usage: Other cultures likely use different metaphorical
      terms (such as "robot") for this concept, and some use this term
      for different concepts. Therefore, to avoid international
      misunderstanding, IDOCs SHOULD NOT use this term. Instead, use
      "compromised, coopted computer" or other explicitly descriptive
      terminology. (See: Deprecated Usage under "Green Book".)

   $ zone of control
      (O) /EMSEC/ Synonym for "inspectable space". [C4009] (See:

Next RFC Part