tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 4949


Internet Security Glossary, Version 2

Part 7 of 13, p. 161 to 191
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 161 
   $ Internet Protocol Security Option (IPSO)
      (I) Refers to one of three types of IP security options, which are
      fields that may be added to an IP datagram for carrying security
      information about the datagram. (Compare: IPsec.)

      Deprecated Usage: IDOCs SHOULD NOT use this term without a
      modifier to indicate which of the following three types is meant:
      -  "DoD Basic Security Option" (IP option type 130): Defined for
         use on U.S. DoD common-use data networks. Identifies the DoD
         classification level at which the datagram is to be protected
         and the protection authorities whose rules apply to the
         datagram. (A "protection authority" is a National Access
         Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of
         Energy) or Special Access Program that specifies protection
         rules for transmission and processing of the information
         contained in the datagram.) [R1108]
      -  "DoD Extended Security Option" (IP option type 133): Permits
         additional security labeling information, beyond that present
         in the Basic Security Option, to be supplied in the datagram to
         meet the needs of registered authorities. [R1108]
      -  "Common IP Security Option" (CIPSO) (IP option type 134):
         Designed by TSIG to carry hierarchic and non-hierarchic
         security labels. (Formerly called "Commercial IP Security
         Option"; a version 2.3 draft was published 9 March 1993 as an
         Internet-Draft but did not advance to RFC form.) [CIPSO]

   $ Internet Protocol Suite (IPS)
      (I) The set of network communication protocols that are specified
      by the IETF, and approved as Internet Standards by the IESG,
      within the oversight of the IAB. (See: OSIRM Security
      Architecture. Compare: OSIRM.)

      Usage: This set of protocols is popularly known as "TCP/IP"
      because TCP and IP are its most basic and important components.

      For clarity, this Glossary refers to IPS protocol layers by name
      and capitalizes those names, and refers to OSIRM protocol layers
      by number.

      Tutorial: The IPS does have architectural principles [R1958], but
      there is no Internet Standard that defines a layered IPS reference
      model like the OSIRM. Still, Internet community literature has
      referred (inconsistently) to IPS layers since early in the
      Internet's development [Padl].

Top      Up      ToC       Page 162 
      This Glossary treats the IPS as having five protocol layers --
      Application, Transport, Internet, Network Interface, and Network
      Hardware (or Network Substrate) -- which are illustrated in the
      following diagram:

      OSIRM Layers       Examples          IPS Layers     Examples
      ------------------ ---------------  --------------- --------------
      Message Format:    P2   [X420]      Message Format: ARPA (RFC 822)
      +----------------+                  +-------------+
      |7.Application   | P1   [X419]      | Application | SMTP (RFC 821)
      +----------------+ -  -  -  -  -  - |             |
      |6.Presentation  |      [I8823]     |             |
      +----------------+ -  -  -  -  -  - |             |
      |5.Session       |      [I8327]     +-------------+
      +----------------+ -  -  -  -  -  - |  Transport  | TCP  (RFC 793)
      |4.Transport     | TP4  [I8073]     |             |
      +----------------+ -  -  -  -  -  - +-------------+
      |3.Network       | CLNP [I8473]     |  Internet   | IP   (RFC 791)
      |                |                  +-------------+
      |                |                  |   Network   | IP over IEEE
      +----------------+ -  -  -  -  -  - |  Interface  | 802 (RFC 1042)
      |2.Data Link     |                  +-------------+
      |                | LLC  [I8802-2]   -   Network   - The IPS does
      |                | MAC  [I8802-3]   -  Hardware   - not include
      +----------------+                  - (or Network - standards for
      |1.Physical      | Baseband         -  Substrate) - this layer.
      +----------------+ Signaling [Stal] + - - - - - - +

      The diagram approximates how the five IPS layers align with the
      seven OSIRM layers, and it offers examples of protocol stacks that
      provide roughly equivalent electronic mail service over a private
      LAN that uses baseband signaling.

      -  IPS Application Layer: The user runs an application program.
         The program selects the data transport service it needs --
         either a sequence of data messages or a continuous stream of
         data -- and hands application data to the Transport Layer for

      -  IPS Transport Layer: This layer divides application data into
         packets, adds a destination address to each, and communicates
         them end-to-end -- from one application program to another --
         optionally regulating the flow and ensuring reliable (error-
         free and sequenced) delivery.

      -  IPS Internet Layer: This layer carries transport packets in IP
         datagrams. It moves each datagram independently, from its
         source computer to its addressed destination computer, routing

Top      Up      ToC       Page 163 
         the datagram through a sequence of networks and relays and
         selecting appropriate network interfaces en route.

      -  IPS Network Interface Layer: This layer accepts datagrams for
         transmission over a specific network. This layer specifies
         interface conventions for carrying IP over OSIRM Layer 3
         protocols and over Media Access Control sublayer protocols of
         OSIRM Layer 2. An example is IP over IEEE 802 (RFD 1042).

      -  IPS Network Hardware Layer: This layer consists of specific,
         physical communication media. However, the IPS does not specify
         its own peer-to-peer protocols in this layer. Instead, the
         layering conventions specified by the Network Interface Layer
         use Layer 2 and Layer 3 protocols that are specified by bodies
         other than the IETF. That is, the IPS addresses *inter*-network
         functions and does not address *intra*-network functions.

      The two models are most dissimilar in the upper layers, where the
      IPS model does not include Session and Presentation layers.
      However, this omission causes fewer functional differences between
      the models than might be imagined, and the differences have
      relatively few security implications:

      -  Formal separation of OSIRM Layers 5, 6, and 7 is not needed in
         implementations; the functions of these layers sometimes are
         mixed in a single software unit, even in protocols in the OSI

      -  Some OSIRM Layer 5 services -- for example, connection
         termination -- are built into TCP, and the remaining Layer 5
         and 6 functions are built into IPS Application-Layer protocols
         where needed.

      -  The OSIRM does not place any security services in Layer 5 (see:
         OSIRM Security Architecture).

      -  The lack of an explicit Presentation Layer in the IPS sometimes
         makes it simpler to implement security in IPS applications. For
         example, a primary function of Layer 6 is to convert data
         between internal and external forms, using a transfer syntax to
         unambiguously encode data for transmission. If an OSIRM
         application encrypts data to protect against disclosure during
         transmission, the transfer encoding must be done before the
         encryption. If an application does encryption, as is done in
         OSI message handling and directory service protocols, then
         Layer 6 functions must be replicated in Layer 7. [X400, X500].

Top      Up      ToC       Page 164 
      The two models are most alike at the top of OSIRM Layer 3, where
      the OSI Connectionless Network Layer Protocol (CLNP) and the IPS
      IP are quite similar. Connection-oriented security services
      offered in OSIRM Layer 3 are inapplicable in the IPS, because the
      IPS Internet Layer lacks the explicit, connection-oriented service
      offered in the OSIRM.

   $ Internet Security Association and Key Management Protocol (ISAKMP)
      (I) An Internet IPsec protocol [R2408] to negotiate, establish,
      modify, and delete security associations, and to exchange key
      generation and authentication data, independent of the details of
      any specific key generation technique, key establishment protocol,
      encryption algorithm, or authentication mechanism.

      Tutorial: ISAKMP supports negotiation of security associations for
      protocols at all IPS layers. By centralizing management of
      security associations, ISAKMP reduces duplicated functionality
      within each protocol. ISAKMP can also reduce connection setup
      time, by negotiating a whole stack of services at once. Strong
      authentication is required on ISAKMP exchanges, and a digital
      signature algorithm based on asymmetric cryptography is used
      within ISAKMP's authentication component.

      ISAKMP negotiations are conducted in two "phases":
      -  "Phase 1 negotiation". A phase 1 negotiation establishes a
         security association to be used by ISAKMP to protect its own
         protocol operations.
      -  "Phase 2 negotiation". A phase 2 negotiation (which is
         protected by a security association that was established by a
         phase 1 negotiation) establishes a security association to be
         used to protect the operations of a protocol other than ISAKMP,
         such as ESP.

   $ Internet Society (ISOC)
      (I) A professional society concerned with Internet development
      (including technical Internet Standards); with how the Internet is
      and can be used; and with social, political, and technical issues
      that result. The ISOC Board of Trustees approves appointments to
      the IAB from among nominees submitted by the IETF nominating
      committee. (RFC 2026)

   $ Internet Standard
      (I) A specification, approved by the IESG and published as an RFC,
      that is stable and well-understood, is technically competent, has
      multiple, independent, and interoperable implementations with
      substantial operational experience, enjoys significant public
      support, and is recognizably useful in some or all parts of the
      Internet. (RFC 2026) (Compare: RFC.)

Top      Up      ToC       Page 165 
      Tutorial: The "Internet Standards Process" is an activity of the
      ISOC and is organized and managed by the IAB and the IESG. The
      process is concerned with all protocols, procedures, and
      conventions used in or by the Internet, whether or not they are
      part of the IPS. The "Internet Standards Track" has three levels
      of increasing maturity: Proposed Standard, Draft Standard, and
      Standard. (Compare: ISO, W3C.)

   $ internetwork
      (I) A system of interconnected networks; a network of networks.
      Usually shortened to "internet". (See: internet, Internet.)

      Tutorial: An internet can be built using OSIRM Layer 3 gateways to
      implement connections between a set of similar subnetworks. With
      dissimilar subnetworks, i.e., subnetworks that differ in the Layer
      3 protocol service they offer, an internet can be built by
      implementing a uniform internetwork protocol (e.g., IP) that
      operates at the top of Layer 3 and hides the underlying
      subnetworks' heterogeneity from hosts that use communication
      services provided by the internet. (See: router.)

   $ intranet
      (I) A computer network, especially one based on Internet
      technology, that an organization uses for its own internal (and
      usually private) purposes and that is closed to outsiders. (See:
      extranet, VPN.)

   $ intruder
      (I) An entity that gains or attempts to gain access to a system or
      system resource without having authorization to do so. (See:
      intrusion. Compare: adversary, cracker, hacker.)

   $ intrusion
      1. (I) A security event, or a combination of multiple security
      events, that constitutes a security incident in which an intruder
      gains, or attempts to gain, access to a system or system resource
      without having authorization to do so. (See: IDS.)

      2. (I) A type of threat action whereby an unauthorized entity
      gains access to sensitive data by circumventing a system's
      security protections. (See: unauthorized disclosure.)

      Usage: This type of threat action includes the following subtypes:
      -  "Trespass": Gaining physical access to sensitive data by
         circumventing a system's protections.
      -  "Penetration": Gaining logical access to sensitive data by
         circumventing a system's protections.

Top      Up      ToC       Page 166 
      -  "Reverse engineering": Acquiring sensitive data by
         disassembling and analyzing the design of a system component.
      -  "Cryptanalysis": Transforming encrypted data into plain text
         without having prior knowledge of encryption parameters or
         processes. (See: main entry for "cryptanalysis".)

   $ intrusion detection
      (I) Sensing and analyzing system events for the purpose of
      noticing (i.e., becoming aware of) attempts to access system
      resources in an unauthorized manner. (See: anomaly detection, IDS,
      misuse detection. Compare: extrusion detection.) [IDSAN, IDSSC,

      Usage: This includes the following subtypes:
      -  "Active detection": Real-time or near-real-time analysis of
         system event data to detect current intrusions, which result in
         an immediate protective response.
      -  "Passive detection": Off-line analysis of audit data to detect
         past intrusions, which are reported to the system security
         officer for corrective action. (Compare: security audit.)

   $ intrusion detection system (IDS)
      1. (N) A process or subsystem, implemented in software or
      hardware, that automates the tasks of (a) monitoring events that
      occur in a computer network and (b) analyzing them for signs of
      security problems. [SP31] (See: intrusion detection.)

      2. (N) A security alarm system to detect unauthorized entry.

      Tutorial: Active intrusion detection processes can be either host-
      based or network-based:
      -  "Host-based": Intrusion detection components -- traffic sensors
         and analyzers -- run directly on the hosts that they are
         intended to protect.
      -  "Network-based": Sensors are placed on subnetwork components,
         and analysis components run either on subnetwork components or

   $ invalidity date
      (N) An X.509 CRL entry extension that "indicates the date at which
      it is known or suspected that the [revoked certificate's private
      key] was compromised or that the certificate should otherwise be
      considered invalid." [X509].

      Tutorial: This date may be earlier than the revocation date in the
      CRL entry, and may even be earlier than the date of issue of
      earlier CRLs. However, the invalidity date is not, by itself,

Top      Up      ToC       Page 167 
      sufficient for purposes of non-repudiation service. For example,
      to fraudulently repudiate a validly generated signature, a private
      key holder may falsely claim that the key was compromised at some
      time in the past.

   $ IOTP
      (I) See: Internet Open Trading Protocol.

   $ IP
      (I) See: Internet Protocol.

   $ IP address
      (I) A computer's internetwork address that is assigned for use by
      IP and other protocols.

      Tutorial: An IP version 4 address (RFC 791) has four 8-bit parts
      and is written as a series of four decimal numbers separated by
      periods. Example: The address of the host named ""

      An IP version 6 address (RFC 2373) has eight 16-bit parts and is
      written as eight hexadecimal numbers separated by colons.
      Examples: 1080:0:0:0:8:800:200C:417A and

   $ IP Security Option
      (I) See: Internet Protocol Security Option.

   $ IP Security Protocol (IPsec)
      1a. (I) The name of the IETF working group that is specifying an
      architecture [R2401, R4301] and set of protocols to provide
      security services for IP traffic. (See: AH, ESP, IKE, SAD, SPD.
      Compare: IPSO.)

      1b. (I) A collective name for the IP security architecture [R4301]
      and associated set of protocols (primarily AH, ESP, and IKE).

      Usage: In IDOCs that use the abbreviation "IPsec", the letters
      "IP" SHOULD be in uppercase, and the letters "sec" SHOULD NOT.

      Tutorial: The security services provided by IPsec include access
      control service, connectionless data integrity service, data
      origin authentication service, protection against replays
      (detection of the arrival of duplicate datagrams, within a
      constrained window), data confidentiality service, and limited
      traffic-flow confidentiality. IPsec specifies (a) security
      protocols (AH and ESP), (b) security associations (what they are,
      how they work, how they are managed, and associated processing),

Top      Up      ToC       Page 168 
      (c) key management (IKE), and (d) algorithms for authentication
      and encryption. Implementation of IPsec is optional for IP version
      4, but mandatory for IP version 6. (See: transport mode, tunnel

   $ IPLI
      (I) See: Internet Private Line Interface.

   $ IPRA
      (I) See: Internet Policy Registration Authority.

   $ IPS
      (I) See: Internet Protocol Suite.

   $ IPsec
      (I) See: IP Security Protocol.

   $ IPSO
      (I) See: Internet Protocol Security Option.

      (I) See: Internet Security Association and Key Management

   $ ISO
      (I) International Organization for Standardization, a voluntary,
      non-treaty, non-governmental organization, established in 1947,
      with voting members that are designated standards bodies of
      participating nations and non-voting observer organizations.
      (Compare: ANSI, IETF, ITU-T, W3C.)

      Tutorial: Legally, ISO is a Swiss, non-profit, private
      organization. ISO and the IEC (the International Electrotechnical
      Commission) form the specialized system for worldwide
      standardization. National bodies that are members of ISO or IEC
      participate in developing international standards through ISO and
      IEC technical committees that deal with particular fields of
      activity. Other international governmental and non-governmental
      organizations, in liaison with ISO and IEC, also take part. (ANSI
      is the U.S. voting member of ISO. ISO is a class D member of ITU-

      The ISO standards development process has four levels of
      increasing maturity: Working Draft (WD), Committee Draft (CD),
      Draft International Standard (DIS), and International Standard
      (IS). (Compare: "Internet Standards Track" under "Internet
      Standard".) In information technology, ISO and IEC have a joint
      technical committee, ISO/IEC JTC 1. DISs adopted by JTC 1 are

Top      Up      ToC       Page 169 
      circulated to national bodies for voting, and publication as an IS
      requires approval by at least 75% of the national bodies casting a

   $ ISO 17799
      (N) An International Standard that is a code of practice, derived
      from Part 1 of British Standard 7799, for managing the security of
      information systems in an organization. This standard does not
      provide definitive or specific material on any security topic. It
      provides general guidance on a wide variety of topics, but
      typically does not go into depth. (See: IATF, [SP14].)

   $ ISOC
      (I) See: Internet Society.

   $ issue
      (I) /PKI/ Generate and sign a digital certificate (or a CRL) and,
      usually, distribute it and make it available to potential
      certificate users (or CRL users). (See: certificate creation.)

      Usage: The term "issuing" is usually understood to refer not only
      to creating a digital certificate (or a CRL) but also to making it
      available to potential users, such as by storing it in a
      repository or other directory or otherwise publishing it. However,
      the ABA [DSG] explicitly limits this term to the creation process
      and excludes any related publishing or distribution process.

   $ issuer
      1. (I) /certificate, CRL/ The CA that signs a digital certificate
      or CRL.

      Tutorial: An X.509 certificate always includes the issuer's name.
      The name may include a common name value.

      2. (O) /payment card, SET/ "The financial institution or its agent
      that issues the unique primary account number to the cardholder
      for the payment card brand." [SET2]

      Tutorial: The institution that establishes the account for a
      cardholder and issues the payment card also guarantees payment for
      authorized transactions that use the card in accordance with card
      brand regulations and local legislation. [SET1]

   $ ITAR
      (O) See: International Traffic in Arms Regulations.

   $ ITSEC
      (N) See: Information Technology System Evaluation Criteria.

Top      Up      ToC       Page 170 
   $ ITU-T
      (N) International Telecommunications Union, Telecommunication
      Standardization Sector (formerly "CCITT"), a United Nations treaty
      organization that is composed mainly of postal, telephone, and
      telegraph authorities of the member countries and that publishes
      standards called "Recommendations". (See: X.400, X.500.)

      Tutorial: The Department of State represents the United States.
      ITU-T works on many kinds of communication systems. ITU-T
      cooperates with ISO on communication protocol standards, and many
      Recommendations in that area are also published as an ISO standard
      with an ISO name and number.

   $ IV
      (I) See: initialization value.

   $ jamming
      (N) An attack that attempts to interfere with the reception of
      broadcast communications. (See: anti-jam, denial of service.
      Compare: flooding.)

      Tutorial: Jamming uses "interference" as a type of "obstruction"
      intended to cause "disruption". Jamming a broadcast signal is
      typically done by broadcasting a second signal that receivers
      cannot separate from the first one. Jamming is mainly thought of
      in the context of wireless communication, but also can be done in
      some wired technologies, such as LANs that use contention
      techniques to share a broadcast medium.

   $ KAK
      (D) See: key-auto-key. (Compare: KEK.)

   $ KDC
      (I) See: Key Distribution Center.

   $ KEA
      (N) See: Key Exchange Algorithm.

   $ KEK
      (I) See: key-encrypting key. (Compare: KAK.)

   $ Kerberos
      (I) A system developed at the Massachusetts Institute of
      Technology that depends on passwords and symmetric cryptography
      (DES) to implement ticket-based, peer entity authentication
      service and access control service distributed in a client-server
      network environment. [R4120, Stei] (See: realm.)

Top      Up      ToC       Page 171 
      Tutorial: Kerberos was originally developed by Project Athena and
      is named for the mythical three-headed dog that guards Hades. The
      system architecture includes authentication servers and ticket-
      granting servers that function as an ACC and a KDC.

      RFC 4556 describes extensions to the Kerberos specification that
      modify the initial authentication exchange between a client and
      the KDC. The extensions employ public-key cryptography to enable
      the client and KDC to mutually authenticate and establish shared,
      symmetric keys that are used to complete the exchange. (See:

   $ kernel
      (I) A small, trusted part of a system that provides services on
      which the other parts of the system depend. (See: security

   $ Kernelized Secure Operating System (KSOS)
      (O) An MLS computer operating system, designed to be a provably
      secure replacement for UNIX Version 6, and consisting of a
      security kernel, non-kernel security-related utility programs, and
      optional UNIX application development and support environments.

      Tutorial: KSOS-6 was the implementation on a SCOMP. KSOS-11 was
      the implementation by Ford Aerospace and Communications
      Corporation on the DEC PDP-11/45 and PDP-11/70 computers.

   $ key
      1a. (I) /cryptography/ An input parameter used to vary a
      transformation function performed by a cryptographic algorithm.
      (See: private key, public key, storage key, symmetric key, traffic
      key. Compare: initialization value.)

      1b. (O) /cryptography/ Used in singular form as a collective noun
      referring to keys or keying material. Example: A fill device can
      be used transfer key between two cryptographic devices.

      2. (I) /anti-jam/ An input parameter used to vary a process that
      determines patterns for an anti-jam measure. (See: frequency
      hopping, spread spectrum.)

      Tutorial: A key is usually specified as a sequence of bits or
      other symbols. If a key value needs to be kept secret, the
      sequence of symbols that comprise it should be random, or at least
      pseudorandom, because that makes the key harder for an adversary
      to guess. (See: brute-force attack, cryptanalysis, strength.)

Top      Up      ToC       Page 172 
   $ key agreement (algorithm or protocol)
      1. (I) A key establishment method (especially one involving
      asymmetric cryptography) by which two or more entities, without
      prior arrangement except a public exchange of data (such as public
      keys), each can generate the same key value. That is, the method
      does not send a secret from one entity to the other; instead, both
      entities, without prior arrangement except a public exchange of
      data, can compute the same secret value, but that value cannot be
      computed by other, unauthorized entities. (See: Diffie-Hellman-
      Merkle, key establishment, KEA, MQV. Compare: key transport.)

      2. (O) "A method for negotiating a key value on line without
      transferring the key, even in an encrypted form, e.g., the Diffie-
      Hellman technique." [X509] (See: Diffie-Hellman-Merkle.)

      3. (O) "The procedure whereby two different parties generate
      shared symmetric keys such that any of the shared symmetric keys
      is a function of the information contributed by all legitimate
      participants, so that no party [alone] can predetermine the value
      of the key." [A9042]

      Example: A message originator and the intended recipient can each
      use their own private key and the other's public key with the
      Diffie-Hellman-Merkle algorithm to first compute a shared secret
      value and, from that value, derive a session key to encrypt the

   $ key authentication
      (N) "The assurance of the legitimate participants in a key
      agreement [i.e., in a key-agreement protocol] that no non-
      legitimate party possesses the shared symmetric key." [A9042]

   $ key-auto-key (KAK)
      (D) "Cryptographic logic [i.e., a mode of operation] using
      previous key to produce key." [C4009, A1523] (See: CTAK,
      /cryptographic operation/ under "mode".)

      Deprecated Term: IDOCs SHOULD NOT use this term; it is neither
      well-known nor precisely defined. Instead, use terms associated
      with modes that are defined in standards, such as CBC, CFB, and

   $ key center
      (I) A centralized, key-distribution process (used in symmetric
      cryptography), usually a separate computer system, that uses
      master keys (i.e., KEKs) to encrypt and distribute session keys
      needed by a community of users.

Top      Up      ToC       Page 173 
      Tutorial: An ANSI standard [A9017] defines two types of key
      center: "key distribution center" and "key translation center".

   $ key confirmation
      (N) "The assurance [provided to] the legitimate participants in a
      key establishment protocol that the [parties that are intended to
      share] the symmetric key actually possess the shared symmetric
      key." [A9042]

   $ key distribution
      (I) A process that delivers a cryptographic key from the location
      where it is generated to the locations where it is used in a
      cryptographic algorithm. (See: key establishment, key management.)

   $ key distribution center (KDC)
      1. (I) A type of key center (used in symmetric cryptography) that
      implements a key-distribution protocol to provide keys (usually,
      session keys) to two (or more) entities that wish to communicate
      securely. (Compare: key translation center.)

      2. (N) "COMSEC facility generating and distributing key in
      electrical form." [C4009]

      Tutorial: A KDC distributes keys to Alice and Bob, who (a) wish to
      communicate with each other but do not currently share keys, (b)
      each share a KEK with the KDC, and (c) may not be able to generate
      or acquire keys by themselves. Alice requests the keys from the
      KDC. The KDC generates or acquires the keys and makes two
      identical sets. The KDC encrypts one set in the KEK it shares with
      Alice, and sends that encrypted set to Alice. The KDC encrypts the
      second set in the KEK it shares with Bob, and either (a) sends
      that encrypted set to Alice for her to forward to Bob or (b) sends
      it directly to Bob (although the latter option is not supported in
      the ANSI standard [A9017]).

   $ key encapsulation
      (N) A key recovery technique for storing knowledge of a
      cryptographic key by encrypting it with another key and ensuring
      that only certain third parties called "recovery agents" can
      perform the decryption operation to retrieve the stored key. Key
      encapsulation typically permits direct retrieval of a secret key
      used to provide data confidentiality. (Compare: key escrow.)

   $ key-encrypting key (KEK)
      (I) A cryptographic key that (a) is used to encrypt other keys
      (either DEKs or other TEKs) for transmission or storage but (b)
      (usually) is not used to encrypt application data. Usage:
      Sometimes called "key-encryption key".

Top      Up      ToC       Page 174 
   $ key escrow
      (N) A key recovery technique for storing knowledge of a
      cryptographic key or parts thereof in the custody of one or more
      third parties called "escrow agents", so that the key can be
      recovered and used in specified circumstances. (Compare: key

      Tutorial: Key escrow is typically implemented with split knowledge
      techniques. For example, the Escrowed Encryption Standard [FP185]
      entrusts two components of a device-unique split key to separate
      escrow agents. The agents provide the components only to someone
      legally authorized to conduct electronic surveillance of
      telecommunications encrypted by that specific device. The
      components are used to reconstruct the device-unique key, and it
      is used to obtain the session key needed to decrypt

   $ key establishment (algorithm or protocol)
      1. (I) A procedure that combines the key-generation and key-
      distribution steps needed to set up or install a secure
      communication association.

      2. (I) A procedure that results in keying material being shared
      among two or more system entities. [A9042, SP56]

      Tutorial: The two basic techniques for key establishment are "key
      agreement" and "key transport".

   $ Key Exchange Algorithm (KEA)
      (N) A key-agreement method [SKIP, R2773] that is based on the
      Diffie-Hellman-Merkle algorithm and uses 1024-bit asymmetric keys.

      Tutorial: KEA was developed by NSA and formerly classified at the
      U.S. DoD "Secret" level. On 23 June 1998, the NSA announced that
      KEA had been declassified.

   $ key generation
      (I) A process that creates the sequence of symbols that comprise a
      cryptographic key. (See: key management.)

   $ key generator
      1. (I) An algorithm that uses mathematical rules to
      deterministically produce a pseudorandom sequence of cryptographic
      key values.

      2. (I) An encryption device that incorporates a key-generation
      mechanism and applies the key to plain text to produce cipher text

Top      Up      ToC       Page 175 
      (e.g., by exclusive OR-ing (a) a bit-string representation of the
      key with (b) a bit-string representation of the plaintext).

   $ key length
      (I) The number of symbols (usually stated as a number of bits)
      needed to be able to represent any of the possible values of a
      cryptographic key. (See: key space.)

   $ key lifetime
      1. (D) Synonym for "cryptoperiod".

      Deprecated Definition: IDOCs SHOULD NOT use this term with
      definition 1 because a key's cryptoperiod may be only a part of
      the key's lifetime. A key could be generated at some time prior to
      when its cryptoperiod begins and might not be destroyed (i.e.,
      zeroized) until some time after its cryptoperiod ends.

      2. (O) /MISSI/ An attribute of a MISSI key pair that specifies a
      time span that bounds the validity period of any MISSI X.509
      public-key certificate that contains the public component of the
      pair. (See: cryptoperiod.)

   $ key loader
      (N) Synonym for "fill device".

   $ key loading and initialization facility (KLIF)
      (N) A place where ECU hardware is activated after being
      fabricated. (Compare: CLEF.)

      Tutorial: Before going to its KLIF, an ECU is not ready to be
      fielded, usually because it is not yet able to receive DEKs. The
      KLIF employs trusted processes to complete the ECU by installing
      needed data such as KEKs, seed values, and, in some cases,
      cryptographic software. After KLIF processing, the ECU is ready
      for deployment.

   $ key management
      1a. (I) The process of handling keying material during its life
      cycle in a cryptographic system; and the supervision and control
      of that process. (See: key distribution, key escrow, keying
      material, public-key infrastructure.)

      Usage: Usually understood to include ordering, generating,
      storing, archiving, escrowing, distributing, loading, destroying,
      auditing, and accounting for the material.

      1b. (O) /NIST/ "The activities involving the handling of
      cryptographic keys and other related security parameters (e.g.,

Top      Up      ToC       Page 176 
      IVs, counters) during the entire life cycle of the keys, including
      their generation, storage, distribution, entry and use, deletion
      or destruction, and archiving." [FP140, SP57]

      2. (O) /OSIRM/ "The generation, storage, distribution, deletion,
      archiving and application of keys in accordance with a security
      policy." [I7498-2]

   $ Key Management Protocol (KMP)
      (N) A protocol to establish a shared symmetric key between a pair
      (or a group) of users. (One version of KMP was developed by SDNS,
      and another by SILS.) Superseded by ISAKMP and IKE.

   $ key material
      (D) Synonym for "keying material".

      Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for
      "keying material".

   $ key pair
      (I) A set of mathematically related keys -- a public key and a
      private key -- that are used for asymmetric cryptography and are
      generated in a way that makes it computationally infeasible to
      derive the private key from knowledge of the public key. (See:
      Diffie-Hellman-Merkle, RSA.)

      Tutorial: A key pair's owner discloses the public key to other
      system entities so they can use the key to (a) encrypt data, (b)
      verify a digital signature, or (c) generate a key with a key-
      agreement algorithm. The matching private key is kept secret by
      the owner, who uses it to (a') decrypt data, (b') generate a
      digital signature, or (c') generate a key with a key-agreement

   $ key recovery
      1. (I) /cryptanalysis/ A process for learning the value of a
      cryptographic key that was previously used to perform some
      cryptographic operation. (See: cryptanalysis, recovery.)

      2. (I) /backup/ Techniques that provide an intentional, alternate
      means to access the key used for data confidentiality service in
      an encrypted association. [DoD4] (Compare: recovery.)

      Tutorial: It is assumed that the cryptographic system includes a
      primary means of obtaining the key through a key-establishment
      algorithm or protocol. For the secondary means, there are two
      classes of key recovery techniques: key encapsulation and key

Top      Up      ToC       Page 177 
   $ key space
      (I) The range of possible values of a cryptographic key; or the
      number of distinct transformations supported by a particular
      cryptographic algorithm. (See: key length.)

   $ key translation center
      (I) A type of key center that implements a key-distribution
      protocol (based on symmetric cryptography) to convey keys between
      two (or more) parties who wish to communicate securely. (Compare:
      key distribution center.)

      Tutorial: A key translation center transfers keys for future
      communication between Bob and Alice, who (a) wish to communicate
      with each other but do not currently share keys, (b) each share a
      KEK with the center, and (c) have the ability to generate or
      acquire keys by themselves. Alice generates or acquires a set of
      keys for communication with Bob. Alice encrypts the set in the KEK
      she shares with the center and sends the encrypted set to the
      center. The center decrypts the set, reencrypts the set in the KEK
      it shares with Bob, and either (a) sends that reencrypted set to
      Alice for her to forward to Bob or (b) sends it directly to Bob
      (although direct distribution is not supported in the ANSI
      standard [A9017]).

   $ key transport (algorithm or protocol)
      1. (I) A key establishment method by which a secret key is
      generated by a system entity in a communication association and
      securely sent to another entity in the association. (Compare: key

      Tutorial: Either (a) one entity generates a secret key and
      securely sends it to the other entity, or (b) each entity
      generates a secret value and securely sends it to the other
      entity, where the two values are combined to form a secret key.
      For example, a message originator can generate a random session
      key and then use the RSA algorithm to encrypt that key with the
      public key of the intended recipient.

      2. (O) "The procedure to send a symmetric key from one party to
      other parties. As a result, all legitimate participants share a
      common symmetric key in such a way that the symmetric key is
      determined entirely by one party." [A9042]

   $ key update
      1. (I) Derive a new key from an existing key. (Compare: rekey.)

      2. (O) Irreversible cryptographic process that modifies a key to
      produce a new key. [C4009]

Top      Up      ToC       Page 178 
   $ key validation
      1. (I) "The procedure for the receiver of a public key to check
      that the key conforms to the arithmetic requirements for such a
      key in order to thwart certain types of attacks." [A9042] (See:
      weak key)

      2. (D) Synonym for "certificate validation".

      Deprecated Usage: IDOCs SHOULD NOT use the term as a synonym for
      "certificate validation"; that would unnecessarily duplicate the
      meaning of the latter term and mix concepts in a potentially
      misleading way. In validating an X.509 public-key certificate, the
      public key contained in the certificate is normally treated as an
      opaque data object.

   $ keyed hash
      (I) A cryptographic hash (e.g., [R1828]) in which the mapping to a
      hash result is varied by a second input parameter that is a
      cryptographic key. (See: checksum.)

      Tutorial: If the input data object is changed, a new,
      corresponding hash result cannot be correctly computed without
      knowledge of the secret key. Thus, the secret key protects the
      hash result so it can be used as a checksum even when there is a
      threat of an active attack on the data. There are two basic types
      of keyed hash:
      -  A function based on a keyed encryption algorithm. Example: Data
         Authentication Code.
      -  A function based on a keyless hash that is enhanced by
         combining (e.g., by concatenating) the input data object
         parameter with a key parameter before mapping to the hash
         result. Example: HMAC.

   $ keying material
      1. (I) Data that is needed to establish and maintain a
      cryptographic security association, such as keys, key pairs, and

      2. (O) "Key, code, or authentication information in physical or
      magnetic form." [C4009] (Compare: COMSEC material.)

   $ keying material identifier (KMID)
      1. (I) An identifier assigned to an item of keying material.

      2. (O) /MISSI/ A 64-bit identifier that is assigned to a key pair
      when the public key is bound in a MISSI X.509 public-key

Top      Up      ToC       Page 179 
   $ Khafre
      (N) A patented, symmetric block cipher designed by Ralph C. Merkle
      as a plug-in replacement for DES. [Schn]

      Tutorial: Khafre was designed for efficient encryption of small
      amounts of data. However, because Khafre does not precompute
      tables used for encryption, it is slower than Khufu for large
      amounts of data.

   $ Khufu
      (N) A patented, symmetric block cipher designed by Ralph C. Merkle
      as a plug-in replacement for DES. [Schn]

      Tutorial: Khufu was designed for fast encryption of large amounts
      of data. However, because Khufu precomputes tables used in
      encryption, it is less efficient than Khafre for small amounts of

   $ KLIF
      (N) See: key loading and initialization facility.

   $ KMID
      (I) See: keying material identifier.

   $ known-plaintext attack
      (I) A cryptanalysis technique in which the analyst tries to
      determine the key from knowledge of some plaintext-ciphertext
      pairs (although the analyst may also have other clues, such as
      knowing the cryptographic algorithm).

   $ kracker
      (O) Old spelling for "cracker".

   $ KSOS, KSOS-6, KSOS-11
      (O) See: Kernelized Secure Operating System.

   $ L2F
      (N) See: Layer 2 Forwarding Protocol.

   $ L2TP
      (N) See: Layer 2 Tunneling Protocol.

   $ label
      See: time stamp, security label.

Top      Up      ToC       Page 180 
   $ laboratory attack
      (O) "Use of sophisticated signal recovery equipment in a
      laboratory environment to recover information from data storage
      media." [C4009]

   $ LAN
      (I) Abbreviation for "local area network" [R1983]. (See: [FP191].)

   $ land attack
      (I) A denial-of-service attack that sends an IP packet that (a)
      has the same address in both the Source Address and Destination
      Address fields and (b) contains a TCP SYN packet that has the same
      port number in both the Source Port and Destination Port fields.

      Derivation: This single-packet attack was named for "land", the
      program originally published by the cracker who invented this
      exploit. Perhaps that name was chosen because the inventor thought
      of multi-packet (i.e., flooding) attacks as arriving by sea.

   $ Language of Temporal Ordering Specification (LOTOS)
      (N) A language (ISO 8807-1990) for formal specification of
      computer network protocols; describes the order in which events

   $ lattice
      (I) A finite set together with a partial ordering on its elements
      such that for every pair of elements there is a least upper bound
      and a greatest lower bound.

      Example: A lattice is formed by a finite set S of security levels
      -- i.e., a set S of all ordered pairs (x,c), where x is one of a
      finite set X of hierarchically ordered classification levels X(1),
      non-hierarchical categories C(1), ..., C(M) -- together with the
      "dominate" relation. Security level (x,c) is said to "dominate"
      (x',c') if and only if (a) x is greater (higher) than or equal to
      x' and (b) c includes at least all of the elements of c'. (See:
      dominate, lattice model.)

      Tutorial: Lattices are used in some branches of cryptography, both
      as a basis for hard computational problems upon which
      cryptographic algorithms can be defined, and also as a basis for
      attacks on cryptographic algorithms.

   $ lattice model
      1. (I) A description of the semantic structure formed by a finite
      set of security levels, such as those used in military
      organizations. (See: dominate, lattice, security model.)

Top      Up      ToC       Page 181 
      2. (I) /formal model/ A model for flow control in a system, based
      on the lattice that is formed by the finite security levels in a
      system and their partial ordering. [Denn]

   $ Law Enforcement Access Field (LEAF)
      (N) A data item that is automatically embedded in data encrypted
      by devices (e.g., CLIPPER chip) that implement the Escrowed
      Encryption Standard.

   $ Layer 1, 2, 3, 4, 5, 6, 7
      (N) See: OSIRM.

   $ Layer 2 Forwarding Protocol (L2F)
      (N) An Internet protocol (originally developed by Cisco
      Corporation) that uses tunneling of PPP over IP to create a
      virtual extension of a dial-up link across a network, initiated by
      the dial-up server and transparent to the dial-up user. (See:

   $ Layer 2 Tunneling Protocol (L2TP)
      (N) An Internet client-server protocol that combines aspects of
      PPTP and L2F and supports tunneling of PPP over an IP network or
      over frame relay or other switched network. (See: VPN.)

      Tutorial: PPP can in turn encapsulate any OSIRM Layer 3 protocol.
      Thus, L2TP does not specify security services; it depends on
      protocols layered above and below it to provide any needed

   $ LDAP
      (I) See: Lightweight Directory Access Protocol.

   $ least common mechanism
      (I) The principle that a security architecture should minimize
      reliance on mechanisms that are shared by many users.

      Tutorial: Shared mechanisms may include cross-talk paths that
      permit a breach of data security, and it is difficult to make a
      single mechanism operate in a correct and trusted manner to the
      satisfaction of a wide range of users.

   $ least privilege
      (I) The principle that a security architecture should be designed
      so that each system entity is granted the minimum system resources
      and authorizations that the entity needs to do its work. (Compare:
      economy of mechanism, least trust.)

Top      Up      ToC       Page 182 
      Tutorial: This principle tends to limit damage that can be caused
      by an accident, error, or unauthorized act. This principle also
      tends to reduce complexity and promote modularity, which can make
      certification easier and more effective. This principle is similar
      to the principle of protocol layering, wherein each layer provides
      specific, limited communication services, and the functions in one
      layer are independent of those in other layers.

   $ least trust
      (I) The principle that a security architecture should be designed
      in a way that minimizes (a) the number of components that require
      trust and (b) the extent to which each component is trusted.
      (Compare: least privilege, trust level.)

   $ legacy system
      (I) A system that is in operation but will not be improved or
      expanded while a new system is being developed to supersede it.

   $ legal non-repudiation
      (I) See: secondary definition under "non-repudiation".

   $ leap of faith
      1. (I) /general security/ Operating a system as though it began
      operation in a secure state, even though it cannot be proven that
      such a state was established (i.e., even though a security
      compromise might have occurred at or before the time when
      operation began).

      2. (I) /COMSEC/ The initial part, i.e., the first communication
      step, or steps, of a protocol that is vulnerable to attack
      (especially a man-in-the-middle attack) during that part but, if
      that part is completed without being attacked, is subsequently not
      vulnerable in later steps (i.e., results in a secure communication
      association for which no man-in-the-middle attack is possible).

      Usage: This term is listed in English dictionaries, but their
      definitions are broad and can be interpreted in many ways in
      Internet contexts. Similarly, the definition stated here can be
      interpreted in several ways. Therefore, IDOCs that use this term
      (especially IDOCs that are protocol specifications) SHOULD state a
      more specific definition for it.

      Tutorial: In a protocol, a leap of faith typically consists of
      accepting a claim of peer identity, data origin, or data integrity
      without authenticating that claim. When a protocol includes such a
      step, the protocol might also be designed so that if a man-in-
      the-middle attack succeeds during the vulnerable first part, then
      the attacker must remain in the middle for all subsequent

Top      Up      ToC       Page 183 
      exchanges or else one of the legitimate parties will be able to
      detect the attack.

   $ level of concern
      (N) /U.S. DoD/ A rating assigned to an information system that
      indicates the extent to which protective measures, techniques, and
      procedures must be applied. (See: critical, sensitive, level of

   $ level of robustness
      (N) /U.S. DoD/ A characterization of (a) the strength of a
      security function, mechanism, service, or solution and (b) the
      assurance (or confidence) that it is implemented and functioning.
      [Cons, IATF] (See: level of concern.)

   $ Liberty Alliance
      (O) An international consortium of more than 150 commercial,
      nonprofit, and governmental organizations that was created in 2001
      to address technical, business, and policy problems of identity
      and identity-based Web services and develop a standard for
      federated network identity that supports current and emerging
      network devices.

   $ Lightweight Directory Access Protocol (LDAP)
      (I) An Internet client-server protocol (RFC 3377) that supports
      basic use of the X.500 Directory (or other directory servers)
      without incurring the resource requirements of the full Directory
      Access Protocol (DAP).

      Tutorial: Designed for simple management and browser applications
      that provide simple read/write interactive directory service.
      Supports both simple authentication and strong authentication of
      the client to the directory server.

   $ link
      1a. (I) A communication facility or physical medium that can
      sustain data communications between multiple network nodes, in the
      protocol layer immediately below IP. (RFC 3753)

      1b. (I) /subnetwork/ A communication channel connecting subnetwork
      relays (especially one between two packet switches) that is
      implemented at OSIRM Layer 2. (See: link encryption.)

      Tutorial: The relay computers assume that links are logically
      passive. If a computer at one end of a link sends a sequence of
      bits, the sequence simply arrives at the other end after a finite
      time, although some bits may have been changed either accidentally
      (errors) or by active wiretapping.

Top      Up      ToC       Page 184 
      2. (I) /World Wide Web/ See: hyperlink.

   $ link encryption
      (I) Stepwise (link-by-link) protection of data that flows between
      two points in a network, provided by encrypting data separately on
      each network link, i.e., by encrypting data when it leaves a host
      or subnetwork relay and decrypting when it arrives at the next
      host or relay. Each link may use a different key or even a
      different algorithm. [R1455] (Compare: end-to-end encryption.)

   $ liveness
      (I) A property of a communication association or a feature of a
      communication protocol that provides assurance to the recipient of
      data that the data is being freshly transmitted by its originator,
      i.e., that the data is not being replayed, by either the
      originator or a third party, from a previous transmission. (See:
      fresh, nonce, replay attack.)

   $ logic bomb
      (I) Malicious logic that activates when specified conditions are
      met. Usually intended to cause denial of service or otherwise
      damage system resources. (See: Trojan horse, virus, worm.)

   $ login
      1a. (I) An act by which a system entity establishes a session in
      which the entity can use system resources. (See: principal,

      1b. (I) An act by which a system user has its identity
      authenticated by the system. (See: principal, session.)

      Usage: Usually understood to be accomplished by providing an
      identifier and matching authentication information (e.g., a
      password) to a security mechanism that authenticates the user's
      identity; but sometimes refers to establishing a connection with a
      server when no authentication or specific authorization is

      Derivation: Refers to "log" file, a security audit trail that
      records (a) security events, such as the beginning of a session,
      and (b) the names of the system entities that initiate events.

   $ long title
      (O) /U.S. Government/ "Descriptive title of [an item of COMSEC
      material]." [C4009] (Compare: short title.)

Top      Up      ToC       Page 185 
   $ low probability of detection
      (I) Result of TRANSEC measures used to hide or disguise a

   $ low probability of intercept
      (I) Result of TRANSEC measures used to prevent interception of a

   $ LOTOS
      (N) See: Language of Temporal Ordering Specification.

   $ MAC
      (N) See: mandatory access control, Message Authentication Code.

      Deprecated Usage: IDOCs that use this term SHOULD state a
      definition for it because this abbreviation is ambiguous.

   $ magnetic remanence
      (N) Magnetic representation of residual information remaining on a
      magnetic medium after the medium has been cleared. [NCS25] (See:
      clear, degauss, purge.)

   $ main mode
      (I) See: /IKE/ under "mode".

   $ maintenance hook
      (N) "Special instructions (trapdoors) in software allowing easy
      maintenance and additional feature development. Since maintenance
      hooks frequently allow entry into the code without the usual
      checks, they are a serious security risk if they are not removed
      prior to live implementation." [C4009] (See: back door.)

   $ malicious logic
      (I) Hardware, firmware, or software that is intentionally included
      or inserted in a system for a harmful purpose. (See: logic bomb,
      Trojan horse, spyware, virus, worm. Compare: secondary definitions
      under "corruption", "incapacitation", "masquerade", and "misuse".)

   $ malware
      (D) A contraction of "malicious software". (See: malicious logic.)

      Deprecated Term: IDOCs SHOULD NOT use this term; it is not listed
      in most dictionaries and could confuse international readers.

   $ MAN
      (I) metropolitan area network.

Top      Up      ToC       Page 186 
   $ man-in-the-middle attack
      (I) A form of active wiretapping attack in which the attacker
      intercepts and selectively modifies communicated data to
      masquerade as one or more of the entities involved in a
      communication association. (See: hijack attack, piggyback attack.)

      Tutorial: For example, suppose Alice and Bob try to establish a
      session key by using the Diffie-Hellman-Merkle algorithm without
      data origin authentication service. A "man in the middle" could
      (a) block direct communication between Alice and Bob and then (b)
      masquerade as Alice sending data to Bob, (c) masquerade as Bob
      sending data to Alice, (d) establish separate session keys with
      each of them, and (e) function as a clandestine proxy server
      between them to capture or modify sensitive information that Alice
      and Bob think they are sending only to each other.

   $ manager
      (I) A person who controls the service configuration of a system or
      the functional privileges of operators and other users. (See:
      administrative security. Compare: operator, SSO, user.)

   $ mandatory access control
      1. (I) An access control service that enforces a security policy
      based on comparing (a) security labels, which indicate how
      sensitive or critical system resources are, with (b) security
      clearances, which indicate that system entities are eligible to
      access certain resources. (See: discretionary access control, MAC,
      rule-based security policy.)

      Derivation: This kind of access control is called "mandatory"
      because an entity that has clearance to access a resource is not
      permitted, just by its own volition, to enable another entity to
      access that resource.

      2. (O) "A means of restricting access to objects based on the
      sensitivity (as represented by a label) of the information
      contained in the objects and the formal authorization (i.e.,
      clearance) of subjects to access information of such sensitivity."

   $ manipulation detection code
      (D) Synonym for "checksum".

      Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
      "checksum"; the word "manipulation" implies protection against
      active attacks, which an ordinary checksum might not provide.
      Instead, if such protection is intended, use "protected checksum"
      or some particular type thereof, depending on which is meant. If

Top      Up      ToC       Page 187 
      such protection is not intended, use "error detection code" or
      some specific type of checksum that is not protected.

   $ marking
      See: time stamp, security marking.

   $ MARS
      (O) A symmetric, 128-bit block cipher with variable key length
      (128 to 448 bits), developed by IBM as a candidate for the AES.

   $ Martian
      (D) /slang/ A packet that arrives unexpectedly at the wrong
      address or on the wrong network because of incorrect routing or
      because it has a non-registered or ill-formed IP address. [R1208]

      Deprecated Term: It is likely that other cultures use different
      metaphors for this concept. Therefore, to avoid international
      misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
      Usage under "Green Book".)

   $ masquerade
      (I) A type of threat action whereby an unauthorized entity gains
      access to a system or performs a malicious act by illegitimately
      posing as an authorized entity. (See: deception.)

      Usage: This type of threat action includes the following subtypes:
      -  "Spoof": Attempt by an unauthorized entity to gain access to a
         system by posing as an authorized user.
      -  "Malicious logic": In context of masquerade, any hardware,
         firmware, or software (e.g., Trojan horse) that appears to
         perform a useful or desirable function, but actually gains
         unauthorized access to system resources or tricks a user into
         executing other malicious logic. (See: corruption,
         incapacitation, main entry for "malicious logic", misuse.)

   $ MCA
      (O) See: merchant certification authority.

   $ MD2
      (N) A cryptographic hash [R1319] that produces a 128-bit hash
      result, was designed by Ron Rivest, and is similar to MD4 and MD5
      but slower.

      Derivation: Apparently, an abbreviation of "message digest", but
      that term is deprecated by this Glossary.

Top      Up      ToC       Page 188 
   $ MD4
      (N) A cryptographic hash [R1320] that produces a 128-bit hash
      result and was designed by Ron Rivest. (See: Derivation under
      "MD2", SHA-1.)

   $ MD5
      (N) A cryptographic hash [R1321] that produces a 128-bit hash
      result and was designed by Ron Rivest to be an improved version of
      MD4. (See: Derivation under "MD2".)

   $ merchant
      (O) /SET/ "A seller of goods, services, and/or other information
      who accepts payment for these items electronically." [SET2] A
      merchant may also provide electronic selling services and/or
      electronic delivery of items for sale. With SET, the merchant can
      offer its cardholders secure electronic interactions, but a
      merchant that accepts payment cards is required to have a
      relationship with an acquirer. [SET1, SET2]

   $ merchant certificate
      (O) /SET/ A public-key certificate issued to a merchant. Sometimes
      used to refer to a pair of such certificates where one is for
      digital signature use and the other is for encryption.

   $ merchant certification authority (MCA)
      (O) /SET/ A CA that issues digital certificates to merchants and
      is operated on behalf of a payment card brand, an acquirer, or
      another party according to brand rules. Acquirers verify and
      approve requests for merchant certificates prior to issuance by
      the MCA. An MCA does not issue a CRL, but does distribute CRLs
      issued by root CAs, brand CAs, geopolitical CAs, and payment
      gateway CAs. [SET2]

   $ mesh PKI
      (I) A non-hierarchical PKI architecture in which there are several
      trusted CAs rather than a single root. Each certificate user bases
      path validations on the public key of one of the trusted CAs,
      usually the one that issued that user's own public-key
      certificate. Rather than having superior-to-subordinate
      relationships between CAs, the relationships are peer-to-peer, and
      CAs issue cross-certificates to each other. (Compare: hierarchical
      PKI, trust-file PKI.)

   $ Message Authentication Code (MAC), message authentication code
      1. (N) /capitalized/ A specific ANSI standard for a checksum that
      is computed with a keyed hash that is based on DES. [A9009] Usage:
      a.k.a. Data Authentication Code, which is a U.S. Government
      standard. [FP113] (See: MAC.)

Top      Up      ToC       Page 189 
      2. (D) /not capitalized/ Synonym for "error detection code".

      Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form
      "message authentication code". Instead, use "checksum", "error
      detection code", "hash", "keyed hash", "Message Authentication
      Code", or "protected checksum", depending on what is meant. (See:
      authentication code.)

      The uncapitalized form mixes concepts in a potentially misleading
      way. The word "message" is misleading because it implies that the
      mechanism is particularly suitable for or limited to electronic
      mail (see: Message Handling Systems). The word "authentication" is
      misleading because the mechanism primarily serves a data integrity
      function rather than an authentication function. The word "code"
      is misleading because it implies that either encoding or
      encryption is involved or that the term refers to computer

   $ message digest
      (D) Synonym for "hash result". (See: cryptographic hash.)

      Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
      "hash result"; this term unnecessarily duplicates the meaning of
      the other, more general term and mixes concepts in a potentially
      misleading way. The word "message" is misleading because it
      implies that the mechanism is particularly suitable for or limited
      to electronic mail (see: Message Handling Systems).

   $ message handling system
      (D) Synonym for the Internet electronic mail system.

      Deprecated Term: IDOCs SHOULD NOT use this term, because it could
      be confused with Message Handling System. Instead, use "Internet
      electronic mail" or some other, more specific term.

   $ Message Handling System
      (O) An ITU-T system concept that encompasses the notion of
      electronic mail but defines more comprehensive OSI systems and
      services that enable users to exchange messages on a store-and-
      forward basis. (The ISO equivalent is "Message Oriented Text
      Interchange System".) (See: X.400.)

   $ message indicator
      1. (D) /cryptographic function/ Synonym for "initialization
      value". (Compare: indicator.)

      2. (D) "Sequence of bits transmitted over a communications system
      for synchronizing cryptographic equipment." [C4009]

Top      Up      ToC       Page 190 
      Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
      "initialization value"; the term mixes concepts in a potentially
      misleading way. The word "message" is misleading because it
      suggests that the mechanism is specific to electronic mail. (See:
      Message Handling System.)

   $ message integrity check
   $ message integrity code (MIC)
      (D) Synonyms for some form of "checksum".

      Deprecated Term: IDOCs SHOULD NOT use these terms for any form of
      checksum. Instead, use "checksum", "error detection code", "hash",
      "keyed hash", "Message Authentication Code", or "protected
      checksum", depending on what is meant.

      These two terms mix concepts in potentially misleading ways. The
      word "message" is misleading because it suggests that the
      mechanism is particularly suitable for or limited to electronic
      mail. The word "integrity" is misleading because the checksum may
      be used to perform a data origin authentication function rather
      than an integrity function. The word "code" is misleading because
      it suggests either that encoding or encryption is involved or that
      the term refers to computer software.

   $ Message Security Protocol (MSP)
      (N) A secure message handling protocol [SDNS7] for use with X.400
      and Internet mail protocols. Developed by NSA's SDNS program and
      used in the U.S. DoD's Defense Message System.

   $ meta-data
      (I) Descriptive information about a data object; i.e., data about
      data, or data labels that describe other data. (See: security
      label. Compare: metadata)

      Tutorial: Meta-data can serve various management purposes:
      -  System management: File name, type, size, creation date.
      -  Application management: Document title, version, author.
      -  Usage management: Data categories, keywords, classifications.

      Meta-data can be associated with a data object in two basic ways:
      -  Explicitly: Be part of the data object (e.g., a header field of
         a data file or packet) or be linked to the object.
      -  Implicitly: Be associated with the data object because of some
         other, explicit attribute of the object.

   $ metadata, Metadata(trademark), METADATA(trademark)
      (D) Proprietary variants of "meta-data". (See: SPAM(trademark).)

Top      Up      ToC       Page 191 
      Deprecated Usage: IDOCs SHOULD NOT use these unhypenated forms;
      IDOCs SHOULD use only the uncapitalized, hyphenated "meta-data".
      The terms "Metadata" and "METADATA" are claimed as registered
      trademarks (numbers 1,409,260 and 2,185,504) owned by The Metadata
      Company, originally known as Metadata Information Partners, a
      company founded by Jack Myers. The status of "metadata" is

   $ MHS
      (N) See: message handling system.

   $ MIC
      (D) See: message integrity code.

   $ MIME
      (I) See: Multipurpose Internet Mail Extensions.

   $ MIME Object Security Services (MOSS)
      (I) An Internet protocol [R1848] that applies end-to-end
      encryption and digital signature to MIME message content, using
      symmetric cryptography for encryption and asymmetric cryptography
      for key distribution and signature. MOSS is based on features and
      specifications of PEM. (See: S/MIME.)

   $ Minimum Interoperability Specification for PKI Components (MISPC)
      (N) A technical description to provide a basis for interoperation
      between PKI components from different vendors; consists primarily
      of a profile of certificate and CRL extensions and a set of
      transactions for PKI operation. [SP15]

   $ misappropriation
      (I) A type of threat action whereby an entity assumes unauthorized
      logical or physical control of a system resource. (See:

      Usage: This type of threat action includes the following subtypes:
      -  Theft of data: Unauthorized acquisition and use of data
         contained in a system.
      -  Theft of service: Unauthorized use of a system service.
      -  Theft of functionality: Unauthorized acquisition of actual
         hardware, firmware, or software of a system component.

   $ MISPC
      (N) See: Minimum Interoperability Specification for PKI

Next RFC Part