RFC relevance of glossary

As per Relevance of the word glossary, we have this rfc below:

Network Working Group R.
Request for Comments: 2828 GTE / BBN
FYI: 36 May 2000
Category:

Internet Security

Status of this

This memo provides information for the Internet community. It
not specify an Internet standard of any kind. Distribution of
memo is unlimited

Copyright

Copyright (C) The Internet Society (2000). All Rights Reserved

This Glossary (191 pages of definitions and 13 pages of references
provides abbreviations, explanations, and recommendations for use
information system security terminology. The intent is to improve
comprehensibility of writing that deals with Internet security
particularly Internet Standards documents (ISDs). To avoid confusion
ISDs should use the same term or definition whenever the same
is mentioned. To improve international understanding, ISDs should
terms in their plainest, dictionary sense. ISDs should use
established in standards documents and other well-
publications and should avoid substituting private or newly made-
terms. ISDs should avoid terms that are proprietary or
favor a particular vendor, or that create a bias toward a
security technology or mechanism versus other, competing
that already exist or might be developed in the future

Shirey Informational [Page 1]

RFC 2828 Internet Security Glossary May 2000

Table of

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Explanation of Paragraph Markings . . . . . . . . . . . . . . 4
2.1 Recommended Terms with an Internet Basis ("I") . . . . . . 4
2.2 Recommended Terms with a Non-Internet Basis ("N") . . . . 5
2.3 Other Definitions ("O") . . . . . . . . . . . . . . . . . 5
2.4 Deprecated Terms, Definitions, and Uses ("D") . . . . . . 6
2.5 Commentary and Additional Guidance ("C") . . . . . . . . . 6
3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 197
5. Security Considerations . . . . . . . . . . . . . . . . . . . 211
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 211
7. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 211
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 212

1.

This Glossary provides an internally consistent, complementary set
abbreviations, definitions, explanations, and recommendations for
of terminology related to information system security. The intent
this Glossary is to improve the comprehensibility of
Standards documents (ISDs)--i.e., RFCs, Internet-Drafts, and
material produced as part of the Internet Standards Process [R2026]--
and of all other Internet material, too. Some non-security terms
included to make the Glossary self-contained, but more complete
of networking terms are available elsewhere [R1208, R1983].

Some glossaries (e.g., [Raym]) list terms that are not listed
but could be applied to Internet security. However, those terms
not been included in this Glossary because they are not
for ISDs

This Glossary marks terms and definitions as being either endorsed
deprecated for use in ISDs, but this Glossary is not an
standard. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are intended to be interpreted the same way as in
Internet Standard [R2119], but this guidance represents only
recommendations of this author. However, this Glossary
reasons for the recommendations--particularly for the SHOULD NOTs--
that readers can judge for themselves whether to follow
recommendations

Shirey Informational [Page 2]

RFC 2828 Internet Security Glossary May 2000

This Glossary supports the goals of the Internet Standards Process

o Clear, Concise, and Easily Understood

This Glossary seeks to improve comprehensibility of security
related content of ISDs. That requires wording to be clear
understandable, and requires the set of security-related terms
definitions to be consistent and self-supporting. Also,
terminology needs to be uniform across all ISDs; i.e., the
term or definition needs to be used whenever and wherever the
concept is mentioned. Harmonization of existing ISDs need not
done immediately, but it is desirable to correct and
the terminology when new versions are issued in the normal
of standards development and evolution

o Technical

Just as Internet Standard (STD) protocols should
effectively, ISDs should use terminology accurately, precisely
and unambiguously to enable Internet Standards to be
correctly

o Prior Implementation and

Just as STD protocols require demonstrated experience
stability before adoption, ISDs need to use well-
language. Using terms in their plainest, dictionary sense (
appropriate) helps to ensure international understanding.
need to avoid using private, made-up terms in place of generally
accepted terms from standards and other publications. ISDs need
avoid substituting new definitions that conflict with
ones. ISDs need to avoid using "cute" synonyms (e.g., see:
Book); no matter how popular a nickname may be in one community
it is likely to cause confusion in another

o Openness, Fairness, and

ISDs need to avoid terms that are proprietary or otherwise favor
particular vendor, or that create a bias toward a
security technology or mechanism over other, competing
that already exist or might be developed in the future. The set
terminology used across the set of ISDs needs to be flexible
adaptable as the state of Internet security art evolves

Shirey Informational [Page 3]

RFC 2828 Internet Security Glossary May 2000

2. Explanation of Paragraph

Section 3 marks terms and definitions as follows

o Capitalization: Only terms that are proper nouns are capitalized

o Paragraph Marking: Definitions and explanations are stated
paragraphs that are marked as follows

- "I" identifies a RECOMMENDED Internet definition
- "N" identifies a RECOMMENDED non-Internet definition
- "O" identifies a definition that is not recommended as the
choice for Internet documents but is something that authors
Internet documents need to know
- "D" identifies a term or definition that SHOULD NOT be used
Internet documents
- "C" identifies commentary or additional usage guidance

The rest of Section 2 further explains these five markings

2.1 Recommended Terms with an Internet Basis ("I")

The paragraph marking "I" (as opposed to "O") indicates a
that SHOULD be the first choice for use in ISDs. Most terms
definitions of this type MAY be used in ISDs; however, some "I
definitions are accompanied by a "D" paragraph that
against using the term. Also, some "I" definitions are preceded by
indication of a contextual usage limitation (e.g., see
certification), and ISDs should not the term and definition
that

An "I" (as opposed to an "N") also indicates that the definition
an Internet basis. That is, either the Internet Standards Process
authoritative for the term, or the term is sufficiently generic
this Glossary can freely state a definition without contradicting
non-Internet authority (e.g., see: attack).

Many terms with "I" definitions are proper nouns (e.g., see
Internet Protocol). For such terms, the "I" definition is
only to provide basic information; the authoritative definition
found elsewhere

For a proper noun identified as an "Internet protocol", please
to the current edition of "Internet Official Protocol Standards" (
1) for the standardization state and status of the protocol

Shirey Informational [Page 4]

RFC 2828 Internet Security Glossary May 2000

2.2 Recommended Terms with a Non-Internet Basis ("N")

The paragraph marking "N" (as opposed to "O") indicates a
that SHOULD be the first choice for the term, if the term is used
all in Internet documents. Terms and definitions of this type MAY
used in Internet documents (e.g., see: X.509 public-key certificate).

However, an "N" (as opposed to an "I") also indicates a
that has a non-Internet basis or origin. Many such definitions
preceded by an indication of a contextual usage limitation, and
Glossary's endorsement does not apply outside that context. Also
some contexts are rarely if ever expected to occur in a
document (e.g., see: baggage). In those cases, the listing exists
make Internet authors aware of the non-Internet usage so that
can avoid conflicts with non-Internet documents

Many terms with "N" definitions are proper nouns (e.g., see
Computer Security Objects Register). For such terms, the "N
definition is intended only to provide basic information;
authoritative definition is found elsewhere

2.3 Other Definitions ("O")

The paragraph marking "O" indicates a definition that has a non
Internet basis, but indicates that the definition SHOULD NOT be
in ISDs *except* in cases where the term is specifically
as non-Internet

For example, an ISD might mention "BCA" (see: brand
authority) or "baggage" as an example to illustrate some concept;
that case, the document should specifically say "SET(trademark) BCA
or "SET(trademark) baggage" and include the definition of the term

For some terms that have a definition published by a non-
authority--government (see: object reuse), industry (see: Secure
Exchange), national (see: Data Encryption Standard), or
(see: data confidentiality)--this Glossary marks the definition "N",
recommending its use in Internet documents. In other cases, the non
Internet definition of a term is inadequate or inappropriate
ISDs. For example, it may be narrow or outdated, or it may
clarification by substituting more careful or more
wording using other terms that are defined in this Glossary. In
cases, this Glossary marks the tern "O" and provides an "I
definition (or sometimes a different "N" definition), which
and supersedes the definition marked "O".

Shirey Informational [Page 5]

RFC 2828 Internet Security Glossary May 2000

In most of the cases where this Glossary provides a definition
supersede one from a non-Internet standard, the substitute
intended to subsume the meaning of the superseded "O" definition
not conflict with it. For the term "security service", for example
the "O" definition deals narrowly with only communication
provided by layers in the OSI model and is inadequate for the
range of ISD usage; the "I" definition can be used in more
and for more kinds of service. However, the "O" definition is
provided here so that ISD authors will be aware of the context
which the term is used more narrowly

When making substitutions, this Glossary attempts to
understandable English that does not contradict any non-
authority. Still, terminology differs between the standards of
American Bar Association, OSI, SET, the U.S. Department of Defense
and other authorities, and this Glossary probably is not
aligned with all of them

2.4 Deprecated Terms, Definitions, and Uses ("D")

If this Glossary recommends that a term or definition SHOULD NOT
used in ISDs, then either the definition has the paragraph
"D", or the restriction is stated in a "D" paragraph that
follows the term or definition

2.5 Commentary and Additional Guidance ("C")

The paragraph marking "C" identifies text that is advisory
tutorial. This text MAY be reused in other Internet documents.
text is not intended to be authoritative, but is provided to
the definitions and to enhance this Glossary so that
security novices can use it as a tutorial

3.

Note: Each acronym or other abbreviation (except items of
English usage, such as "e.g.", "etc.", "i.e.", "vol.", "pp.", "U.S.")
that is used in this Glossary, either in a definition or as a
of a defined term, is also defined in this Glossary

$ 3
See: triple DES

$ *-
(N) (Pronounced "star property".) See: "confinement property
under Bell-LaPadula Model

Shirey Informational [Page 6]

RFC 2828 Internet Security Glossary May 2000

$ ABA
(N) "American Bar Association (ABA) Digital Signature Guidelines
[ABA], a framework of legal principles for using
signatures and digital certificates in electronic commerce

$ Abstract Syntax Notation One (ASN.1)
(N) A standard for describing data objects. [X680]

(C) OSI standards use ASN.1 to specify data formats for protocols
OSI defines functionality in layers. Information objects at
layers are abstractly defined to be implemented with objects
lower layers. A higher layer may define transfers of
objects between computers, and a lower layer may define
concretely as strings of bits. Syntax is needed to define
objects, and encoding rules are needed to transform
abstract objects and bit strings. (See: Basic Encoding Rules.)

(C) In ASN.1, formal names are written without spaces,
separate words in a name are indicated by capitalizing the
letter of each word except the first word. For example, the
of a CRL is "certificateRevocationList".

$
See: access control center

$
(I) The ability and means to communicate with or
interact with a system in order to use system resources to
handle information or gain knowledge of the information the
contains

(O) "A specific type of interaction between a subject and
object that results in the flow of information from one to
other." [NCS04]

(C) In this Glossary, "access" is intended to cover any ability
communicate with a system, including one-way communication
either direction. In actual practice, however, entities outside
security perimeter that can receive output from the system
cannot provide input or otherwise directly interact with
system, might be treated as not having "access" and, therefore,
exempt from security policy requirements, such as the need for
security clearance

$ access
(I) Protection of system resources against unauthorized access;
process by which use of system resources is regulated according
a security policy and is permitted by only authorized

Shirey Informational [Page 7]

RFC 2828 Internet Security Glossary May 2000

(users, programs, processes, or other systems) according to
policy. (See: access, access control service.)

(O) "The prevention of unauthorized use of a resource,
the prevention of use of a resource in an unauthorized manner."
[I7498 Part 2]

$ access control center (ACC
(I) A computer containing a database with entries that define
security policy for an access control service

(C) An ACC is sometimes used in conjunction with a key center
implement access control in a key distribution system
symmetric cryptography

$ access control list (ACL
(I) A mechanism that implements access control for a
resource by enumerating the identities of the system entities
are permitted to access the resource. (See: capability.)

$ access control
(I) A security service that protects against a system entity
a system resource in a way not authorized by the system's
policy; in short, protection of system resources
unauthorized access. (See: access control, discretionary
control, identity-based security policy, mandatory access control
rule-based security policy.)

(C) This service includes protecting against use of a resource
an unauthorized manner by an entity that is authorized to use
resource in some other manner. The two basic mechanisms
implementing this service are ACLs and tickets

$ access
(I) A distinct type of data processing operation--e.g., read
write, append, or execute--that a subject can potentially
on an object in a computer system

$
(I) The property of a system (including all of its
resources) that ensures that the actions of a system entity may
traced uniquely to that entity, which can be held responsible
its actions. (See: audit service.)

(C) Accountability permits detection and subsequent
of security breaches

Shirey Informational [Page 8]

RFC 2828 Internet Security Glossary May 2000

$
$
(I) An administrative declaration by a designated authority
an information system is approved to operate in a
security configuration with a prescribed set of safeguards
[FP102] (See: certification.)

(C) An accreditation is usually based on a technical
of the system's security mechanisms. The terms "certification"
"accreditation" are used more in the U.S. Department of
and other government agencies than in commercial organizations
However, the concepts apply any place where managers are
to deal with and accept responsibility for security risks.
American Bar Association is developing accreditation criteria
CAs

$
See: access control list

$
(N) SET usage: "The financial institution that establishes
account with a merchant and processes payment card
and payments." [SET1]

(O) "The institution (or its agent) that acquires from the
acceptor the financial data relating to the transaction
initiates that data into an interchange system." [SET2]

$ active
See: (secondary definition under) attack

$ active
See: (secondary definition under) wiretapping

$ add-on
(I) "The retrofitting of protection mechanisms, implemented
hardware or software, after the [automatic data processing]
has become operational." [FP039]

$ administrative
(I) Management procedures and constraints to prevent
access to a system. (See: security architecture.)

(O) "The management constraints, operational procedures
accountability procedures, and supplemental controls
to provide an acceptable level of protection for sensitive data."
[FP039]

Shirey Informational [Page 9]

RFC 2828 Internet Security Glossary May 2000

(C) Examples include clear delineation and separation of duties
and configuration control

$ Advanced Encryption Standard (AES
(N) A future FIPS publication being developed by NIST to
DES. Intended to specify an unclassified, publicly-disclosed
symmetric encryption algorithm, available royalty-free worldwide

$
(I) An entity that attacks, or is a threat to, a system

$
(I) A circumstance in which a collection of information items
required to be classified at a higher security level than any
the individual items that comprise it

$
See: Authentication

$
(I) A finite set of step-by-step instructions for a problem
solving or computation procedure, especially one that can
implemented by a computer. (See: cryptographic algorithm.)

$
(I) A name that an entity uses in place of its real name,
for the purpose of either anonymity or deception

$ American National Standards Institute (ANSI
(N) A private, not-for-profit association of users, manufacturers
and other organizations, that administers U.S. private
voluntary standards

(C) ANSI is the sole U.S. representative to the two major non
treaty international standards organizations, ISO and, via
U.S. National Committee (USNC), the International
Commission (IEC).

$
(I) The condition of having a name that is unknown or concealed
(See: anonymous login.)

(C) An application may require security services that
anonymity of users or other system entities, perhaps to
their privacy or hide them from attack. To hide an entity's
name, an alias may be used. For example, a financial
may assign an account number. Parties to a transaction can
remain relatively anonymous, but can also accept the

Shirey Informational [Page 10]

RFC 2828 Internet Security Glossary May 2000

as legitimate. Real names of the parties cannot be
determined by observers of the transaction, but an
third party may be able to map an alias to a real name, such as
presenting the institution with a court order. In
applications, anonymous entities may be completely untraceable

$ anonymous
(I) An access control feature (or, rather, an access
weakness) in many Internet hosts that enables users to gain
to general-purpose or public services and resources on a
(such as allowing any user to transfer data using File
Protocol) without having a pre-established, user-specific
(i.e., user name and secret password).

(C) This feature exposes a system to more threats than when
the users are known, pre-registered entities that are
accountable for their actions. A user logs in using a special
publicly known user name (e.g., "anonymous", "guest", or "ftp").
To use the public login name, the user is not required to know
secret password and may not be required to input anything at
except the name. In other cases, to complete the normal
of steps in a login protocol, the system may require the user
input a matching, publicly known password (such as "anonymous")
may ask the user for an e-mail address or some other
character string

$
See: POP3 APOP

$
(I) (1.) Noun: A collection of data that is stored for
relatively long period of time for historical and other purposes
such as to support audit service, availability service, or
integrity service. (See: backup.) (2.) Verb: To store data in
a way. (See: back up.)

(C) A digital signature may need to be verified many years
the signing occurs. The CA--the one that issued the
containing the public key needed to verify that signature--may
stay in operation that long. So every CA needs to provide
long-term storage of the information needed to verify
signatures of those to whom it issues certificates

$
(N) Advanced Research Projects Agency Network, a pioneer packet
switched network that was built in the early 1970s under
to the U.S. Government, led to the development of today'
Internet, and was decommissioned in June 1990.

Shirey Informational [Page 11]

RFC 2828 Internet Security Glossary May 2000

$ ASN.1
See: Abstract Syntax Notation One

$
(I) A cooperative relationship between system entities,
for the purpose of transferring information between them. (See
security association.)

$
(I) (1.) An attribute of an information system that
grounds for having confidence that the system operates such
the system security policy is enforced. (2.) A procedure
ensures a system is developed and operated as intended by
system's security policy

$ assurance
(I) Evaluation usage: A specific level on a hierarchical
representing successively increased confidence that a target
evaluation adequately fulfills the requirements. (E.g., see
TCSEC.)

$ asymmetric
(I) A modern branch of cryptography (popularly known as "public
key cryptography") in which the algorithms employ a pair of
(a public key and a private key) and use a different component
the pair for different steps of the algorithm. (See: key pair.)

(C) Asymmetric algorithms have key management advantages
equivalently strong symmetric ones. First, one key of the
does not need to be known by anyone but its owner; so it can
easily be kept secret. Second, although the other key of the
is shared by all entities that use the algorithm, that key
not need to be kept secret from other, non-using entities; so
key distribution part of key management can be done more easily

(C) For encryption: In an asymmetric encryption algorithm (e.g.,
see: RSA), when Alice wants to ensure confidentiality for data
sends to Bob, she encrypts the data with a public key provided
Bob. Only Bob has the matching private key that is needed
decrypt the data

(C) For signature: In an asymmetric digital signature
(e.g., see: DSA), when Alice wants to ensure data integrity
provide authentication for data she sends to Bob, she uses
private key to sign the data (i.e., create a digital
based on the data). To verify the signature, Bob uses the
public key that Alice has provided

Shirey Informational [Page 12]

RFC 2828 Internet Security Glossary May 2000

(C) For key agreement: In an asymmetric key agreement
(e.g., see: Diffie-Hellman), Alice and Bob each send their
public key to the other person. Then each uses their own
key and the other's public key to compute the new key value

$
(I) An assault on system security that derives from an
threat, i.e., an intelligent act that is a deliberate
(especially in the sense of a method or technique) to
security services and violate the security policy of a system
(See: penetration, violation, vulnerability.)

- Active vs. passive: An "active attack" attempts to alter
resources or affect their operation. A "passive attack
attempts to learn or make use of information from the
but does not affect system resources. (E.g., see: wiretapping.)

- Insider vs. outsider: An "inside attack" is an attack
by an entity inside the security perimeter (an "insider"),
i.e., an entity that is authorized to access system
but uses them in a way not approved by those who granted
authorization. An "outside attack" is initiated from
the perimeter, by an unauthorized or illegitimate user of
system (an "outsider"). In the Internet, potential
attackers range from amateur pranksters to organized criminals
international terrorists, and hostile governments

(C) The term "attack" relates to some other basic security
as shown in the following diagram

+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+

$ attribute
(I) A CA that issues attribute certificates

(O) "An authority, trusted by the verifier to delegate privilege
which issues attribute certificates." [FPDAM

Shirey Informational [Page 13]

RFC 2828 Internet Security Glossary May 2000

$ attribute
(I) A digital certificate that binds a set of descriptive
items, other than a public key, either directly to a subject
or to the identifier of another certificate that is a public-
certificate. [X509]

(O) "A set of attributes of a user together with some
information, rendered unforgeable by the digital signature
using the private key of the CA which issued it." [X509]

(O) "A data structure that includes some attribute values
identification information about the owner of the
certificate, all digitally signed by an Attribute Authority.
authority's signature serves as the guarantee of the
between the attributes and their owner." [FPDAM

(C) A public-key certificate binds a subject name to a public
value, along with information needed to perform
cryptographic functions. Other attributes of a subject, such as
security clearance, may be certified in a separate kind of
certificate, called an attribute certificate. A subject may
multiple attribute certificates associated with its name or
each of its public-key certificates

(C) An attribute certificate might be issued to a subject in
following situations

- Different lifetimes: When the lifetime of an attribute
is shorter than that of the related public-key certificate,
when it is desirable not to need to revoke a subject's
key just to revoke an attribute

- Different authorities: When the authority responsible for
attributes is different than the one that issues the public-
certificate for the subject. (There is no requirement that
attribute certificate be issued by the same CA that issued
associated public-key certificate.)

$ audit
(I) A security service that records information needed
establish accountability for system events and for the actions
system entities that cause them. (See: security audit.)

$ audit
See: security audit trail

Shirey Informational [Page 14]

RFC 2828 Internet Security Glossary May 2000

$
See: POP3 AUTH

$ authentic
(I) A signature (particularly a digital signature) that can
trusted because it can be verified. (See: validate vs. verify.)

$
(I) Verify (i.e., establish the truth of) an identity claimed
or for a system entity. (See: authentication.)

(D) In general English usage, this term usually means "to
genuine" (e.g., an art expert authenticates a
painting). But the recommended definition carries a much
meaning. For example, to be precise, an ISD SHOULD NOT say "
host authenticates each received datagram". Instead, the
SHOULD say "the host authenticates the origin of each
datagram". In most cases, we also can say "and verifies
datagram's integrity", because that is usually implied. (See
("relationship between data integrity service and
services" under) data integrity service.)

(D) ISDs SHOULD NOT talk about authenticating a digital
or digital certificate. Instead, we "sign" and then "verify
digital signatures, and we "issue" and then "validate"
certificates. (See: validate vs. verify.)

$
(I) The process of verifying an identity claimed by or for
system entity. (See: authenticate, authentication exchange
authentication information, credential, data
authentication, peer entity authentication.)

(C) An authentication process consists of two steps

1. Identification step: Presenting an identifier to the
system. (Identifiers should be assigned carefully,
authenticated identities are the basis for other
services, such as access control service.)

2. Verification step: Presenting or generating
information that corroborates the binding between the
and the identifier. (See: verification.)

(C) See: ("relationship between data integrity service
authentication services" under) data integrity service

Shirey Informational [Page 15]

RFC 2828 Internet Security Glossary May 2000

$ authentication
(D) ISDs SHOULD NOT use this term as a synonym for any form
checksum, whether cryptographic or not. The word "authentication
is misleading because the mechanism involved usually serves a
integrity function rather than an authentication function, and
word "code" is misleading because it implies that either
or encryption is involved or that the term refers to
software. (See: message authentication code.)

$ authentication
(I) A mechanism to verify the identity of an entity by means
information exchange

(O) "A mechanism intended to ensure the identity of an entity
means of information exchange." [I7498 Part 2]

$ Authentication Header (AH
(I) An Internet IPsec protocol [R2402] designed to
connectionless data integrity service and data
authentication service for IP datagrams, and (optionally)
provide protection against replay attacks

(C) Replay protection may be selected by the receiver when
security association is established. AH authenticates upper-
protocol data units and as much of the IP header as possible
However, some IP header fields may change in transit, and
value of these fields, when the packet arrives at the receiver
may not be predictable by the sender. Thus, the values of
fields cannot be protected end-to-end by AH; protection of the
header by AH is only partial when such fields are present

(C) AH may be used alone, or in combination with the IPsec
protocol, or in a nested fashion with tunneling. Security
can be provided between a pair of communicating hosts, between
pair of communicating security gateways, or between a host and
gateway. ESP can provide the same security services as AH, and
can also provide data confidentiality service. The main
between authentication services provided by ESP and AH is
extent of the coverage; ESP does not protect IP header
unless they are encapsulated by AH

$ authentication
(I) Information used to verify an identity claimed by or for
entity. (See: authentication, credential.)

(C) Authentication information may exist as, or be derived from
one of the following

Shirey Informational [Page 16]

RFC 2828 Internet Security Glossary May 2000

- Something the entity knows. (See: password).
- Something the entity possesses. (See: token.)
- Something the entity is. (See: biometric authentication.)

$ authentication
(I) A security service that verifies an identity claimed by or
an entity. (See: authentication.)

(C) In a network, there are two general forms of
service: data origin authentication service and peer
authentication service

$
(I) The property of being genuine and able to be verified and
trusted. (See: authenticate, authentication, validate vs. verify

$
(D) "An entity, responsible for the issuance of certificates."
[FPDAM

(C) ISDs SHOULD NOT use this term as a synonym for AA, CA, RA
ORA, or similar terms, because it may cause confusion. Instead
use the full term at the first instance of usage and then, if
is necessary to shorten text, use the style of
defined in this Glossary

(C) ISDs SHOULD NOT use this definition for any PKI entity
because the definition is ambiguous with regard to whether
entity actually issues certificates (e.g., attribute authority
certification authority) or just has accountability for
that precede or follow signing (e.g., registration authority).
(See: issue.)

$ authority
(D) "A certificate issued to an authority (e.g. either to
certification authority or to an attribute authority)." [FPDAM
(See: authority.)

(C) ISDs SHOULD NOT use this term or definition because they
ambiguous with regard to which specific types of PKI entities
address

$ authority revocation list (ARL
(I) A data structure that enumerates digital certificates
were issued to CAs but have been invalidated by their issuer
to when they were scheduled to expire. (See:
expiration, X.509 authority revocation list.)

Shirey Informational [Page 17]

RFC 2828 Internet Security Glossary May 2000

(O) "A revocation list containing a list of public-
certificates issued to authorities, which are no longer
valid by the certificate issuer." [FPDAM

$
$
(I) (1.) An "authorization" is a right or a permission that
granted to a system entity to access a system resource. (2.)
"authorization process" is a procedure for granting such rights
(3.) To "authorize" means to grant such a right or permission
(See: privilege.)

(O) SET usage: "The process by which a properly appointed
or persons grants permission to perform some action on behalf
an organization. This process assesses transaction risk,
that a given transaction does not raise the account holder's
above the account's credit limit, and reserves the
amount of credit. (When a merchant obtains authorization,
for the authorized amount is guaranteed--provided, of course,
the merchant followed the rules associated with the
process.)" [SET2]

$ automated information
(I) An organized assembly of resources and procedures--i.e.,
computing and communications equipment and services, with
supporting facilities and personnel--that collect, record
process, store, transport, retrieve, or display information
accomplish a specified set of functions

$
(I) The property of a system or a system resource being
and usable upon demand by an authorized system entity,
to performance specifications for the system; i.e., a system
available if it provides services according to the system
whenever users request them. (See: critical, denial of service
reliability, survivability.)

(O) "The property of being accessible and usable upon demand by
authorized entity." [I7498 Part 2]

$ availability
(I) A security service that protects a system to ensure
availability

(C) This service addresses the security concerns raised by denial
of-service attacks. It depends on proper management and control
system resources, and thus depends on access control service
other security services

Shirey Informational [Page 18]

RFC 2828 Internet Security Glossary May 2000

$ back
(I) A hardware or software mechanism that (a) provides access to
system and its resources by other than the usual procedure, (b
was deliberately left in place by the system's designers
maintainers, and (c) usually is not publicly known. (See:
door.)

(C) For example, a way to access a computer other than through
normal login. Such access paths do not necessarily have
intent; e.g., operating systems sometimes are shipped by
manufacturer with privileged accounts intended for use by
service technicians or the vendor's maintenance programmers. (See
trap door.)

$ back up vs.
(I) Verb "back up": To store data for the purpose of creating
backup copy. (See: archive.)

(I) Noun/adjective "backup": (1.) A reserve copy of data that
stored separately from the original, for use if the
becomes lost or damaged. (See: archive.) (2.) Alternate means
permit performance of system functions despite a disaster
system resources. (See: contingency plan.)

$
(D) ISDs SHOULD NOT use this term to describe a data
except when stated as "SET(trademark) baggage" with the
meaning

(O) SET usage: An "opaque encrypted tuple, which is included in
SET message but appended as external data to the PKCS
data. This avoids superencryption of the previously
tuple, but guarantees linkage with the PKCS portion of
message." [SET2]

$
(I) Commonly used to mean the capacity of a communication
to pass data through the channel in a given amount of time
Usually expressed in bits per second

$ bank identification number (BIN
(N) The digits of a credit card number that identify the
bank. (See: primary account number.)

(O) SET usage: The first six digits of a primary account number

Shirey Informational [Page 19]

RFC 2828 Internet Security Glossary May 2000

$ Basic Encoding Rules (BER
(I) A standard for representing ASN.1 data types as strings
octets. [X690] (See: Distinguished Encoding Rules.)

$ bastion
(I) A strongly protected computer that is in a network
by a firewall (or is part of a firewall) and is the only host (
one of only a few hosts) in the network that can be
accessed from networks on the other side of the firewall

(C) Filtering routers in a firewall typically restrict
from the outside network to reaching just one host, the
host, which usually is part of the firewall. Since only this
host can be directly attacked, only this one host needs to be
strongly protected, so security can be maintained more easily
less expensively. However, to allow legitimate internal
external users to access application resources through
firewall, higher layer protocols and services need to be
and forwarded by the bastion host. Some services (e.g., DNS
SMTP) have forwarding built in; other services (e.g., TELNET
FTP) require a proxy server on the bastion host

$
See: brand certification authority

$
See: brand CRL identifier

$ Bell-LaPadula
(N) A formal, mathematical, state-transition model of
policy for multilevel-secure computer systems. [Bell

(C) The model separates computer system elements into a set
subjects and a set of objects. To determine whether or not
subject is authorized for a particular access mode on an object
the clearance of the subject is compared to the classification
the object. The model defines the notion of a "secure state",
which the only permitted access modes of subjects to objects
in accordance with a specified security policy. It is proven
each state transition preserves security by moving from
state to secure state, thereby proving that the system is secure

(C) In this model, a multilevel-secure system satisfies
rules, including the following

Shirey Informational [Page 20]

RFC 2828 Internet Security Glossary May 2000

- "Confinement property" (also called "*-property",
"star property"): A subject has write access to an object
if classification of the object dominates the clearance of
subject

- "Simple security property": A subject has read access to
object only if the clearance of the subject dominates
classification of the object

- "Tranquillity property": The classification of an object
not change while the object is being processed by the system

$
See: Basic Encoding Rules

$ beyond A
(O) (1.) Formally, a level of security assurance that is
the highest level of criteria specified by the TCSEC. (2.)
Informally, a level of trust so high that it cannot be provided
verified by currently available assurance methods,
particularly not by currently available formal methods

$
See: bank identification number

$
(I) To inseparably associate by applying some mechanism, such
when a CA uses a digital signature to bind together a subject
a public key in a public-key certificate

$ biometric
(I) A method of generating authentication information for a
by digitizing measurements of a physical characteristic, such as
fingerprint, a hand shape, a retina pattern, a speech
(voiceprint), or handwriting

$
(I) The smallest unit of information storage; a contraction of
term "binary digit"; one of two symbols--"0" (zero) and "1" (one
--that are used to represent binary numbers

$
(I) Designation for information system equipment or
that handle (and for data that contains) only ciphertext (or
depending on the context, only unclassified information), and
such data itself. This term derives from U.S. Government
terminology. (See: RED, RED/BLACK separation.)

Shirey Informational [Page 21]

RFC 2828 Internet Security Glossary May 2000

$ block
(I) An encryption algorithm that breaks plaintext into fixed-
segments and uses the same key to transform each plaintext
into a fixed-size segment of ciphertext. (See: mode,
cipher.)

(C) For example, Blowfish, DEA, IDEA, RC2, and SKIPJACK. However
a block cipher can be adapted to have a different
interface, such as that of a stream cipher, by using a mode
operation to "package" the basic algorithm

$
(N) A symmetric block cipher with variable-length key (32 to 448
bits) designed in 1993 by Bruce Schneier as an unpatented
license-free, royalty-free replacement for DES or IDEA. [Schn

$
(I) A distinctive mark or name that identifies a product
business entity

(O) SET usage: The name of a payment card. Financial
and other companies have founded payment card brands, protect
advertise the brands, establish and enforce rules for use
acceptance of their payment cards, and provide networks
interconnect the financial institutions. These brands combine
roles of issuer and acquirer in interactions with cardholders
merchants. [SET1]

$ brand certification authority (BCA
(O) SET usage: A CA owned by a payment card brand, such
MasterCard, Visa, or American Express. [SET2] (See:
hierarchy, SET.)

$ brand CRL identifier (BCI
(O) SET usage: A digitally signed list, issued by a BCA, of
names of CAs for which CRLs need to be processed when
signatures in SET messages. [SET2]

$
(I) Cryptographic usage: To successfully perform cryptanalysis
thus succeed in decrypting data or performing some
cryptographic function, without initially having knowledge of
key that the function requires. (This term applies to
data or, more generally, to a cryptographic algorithm
cryptographic system.)

Shirey Informational [Page 22]

RFC 2828 Internet Security Glossary May 2000

$
(I) A computer that is a gateway between two networks (usually
LANs) at OSI layer 2. (See: router.)

$ British Standard 7799
(N) Part 1 is a standard code of practice and provides guidance
how to secure an information system. Part 2 specifies
management framework, objectives, and control requirements
information security management systems [B7799]. The
scheme works like ISO 9000. It is in use in the UK,
Netherlands, Australia, and New Zealand and might be proposed
an ISO standard or adapted to be part of the Common Criteria

$
(I) An client computer program that can retrieve and
information from servers on the World Wide Web

(C) For example, Netscape's Navigator and Communicator,
Microsoft's Explorer

$ brute
(I) A cryptanalysis technique or other kind of attack
involving an exhaustive procedure that tries all possibilities
one-by-one

(C) For example, for ciphertext where the analyst already
the decryption algorithm, a brute force technique to finding
original plaintext is to decrypt the message with every
key

$ BS7799
See: British Standard 7799.

$
(I) A fundamental unit of computer storage; the
addressable unit in a computer's architecture. Usually holds
character of information and, today, usually means eight bits
(See: octet.)

(C) Larger than a "bit", but smaller than a "word".
"byte" almost always means "octet" today, bytes had other
(e.g., six bits, nine bits) in earlier computer architectures

$
See: certification authority

Shirey Informational [Page 23]

RFC 2828 Internet Security Glossary May 2000

$ CA
(I) "A [digital] certificate for one CA issued by another CA."
[X509]

(C) That is, a digital certificate whose holder is able to
digital certificates. A v3 X.509 public-key certificate may have
"basicConstraints" extension containing a "cA" value
specifically "indicates whether or not the public key may be
to verify certificate signatures."

$ call
(I) An authentication technique for terminals that remotely
a computer via telephone lines. The host system disconnects
caller and then calls back on a telephone number that
previously authorized for that terminal

$
(I) A token, usually an unforgeable data value (sometimes called
"ticket") that gives the bearer or holder the right to access
system resource. Possession of the token is accepted by a
as proof that the holder has been authorized to access
resource named or indicated by the token. (See: access
list, credential, digital certificate.)

(C) This concept can be implemented as a digital certificate
(See: attribute certificate.)

$
See: cryptographic application programming interface

$ CAPSTONE
(N) An integrated circuit (the Mykotronx, Inc. MYK-82) with a
II cryptographic processor that implements SKIPJACK, KEA, DSA
SHA, and basic mathematical functions to support
cryptography, and includes the key escrow feature of the
chip. (See: FORTEZZA card.)

$
See: cryptographic card, FORTEZZA card, payment card, PC card
smart card, token

$ card
See: token backup

$ card
See: token copy

Shirey Informational [Page 24]

RFC 2828 Internet Security Glossary May 2000

$ card
See: token restore

$
(I) An entity that has been issued a card

(O) SET usage: "The holder of a valid payment card account
user of software supporting electronic commerce." [SET2]
cardholder is issued a payment card by an issuer. SET ensures
in the cardholder's interactions with merchants, the payment
account information remains confidential. [SET1]

$ cardholder
(O) SET usage: A digital certificate that is issued to
cardholder upon approval of the cardholder's issuing
institution and that is transmitted to merchants with
requests and encrypted payment instructions, carrying
that the account number has been validated by the
financial institution and cannot be altered by a third party
[SET1]

$ cardholder certification authority (CCA
(O) SET usage: A CA responsible for issuing digital
to cardholders and operated on behalf of a payment card brand,
issuer, or another party according to brand rules. A CCA
relationships with card issuers to allow for the verification
cardholder accounts. A CCA does not issue a CRL but
distribute CRLs issued by root CAs, brand CAs, geopolitical CAs
and payment gateway CAs. [SET2]

$
(N) A design procedure for symmetric encryption algorithms, and
resulting family of algorithms, invented by C.A. (Carlisle Adams
and S.T. (Stafford Tavares). [R2144, R2612]

$
(I) A grouping of sensitive information items to which a non
hierarchical restrictive security label is applied to
protection of the data. (See: compartment.)

$
See: certification authority workstation

$
See: cipher block chaining

$
See: cardholder certification authority

Shirey Informational [Page 25]

RFC 2828 Internet Security Glossary May 2000

$
(N) Acronym for French translation of International Telephone
Telegraph Consultative Committee. Now renamed ITU-T

$
See: computer emergency response team

$
(I) General English usage: A document that attests to the truth
something or the ownership of something

(C) Security usage: See: capability, digital certificate

(C) PKI usage: See: attribute certificate, public-key certificate

$ certificate
(D) ISDs SHOULD NOT use this term because it looks like sloppy
of "certification authority", which is the term standardized
X.509.

$ certificate
(D) ISDs SHOULD NOT use this term because it duplicates
meaning of a standardized term. Instead, use "certification path".

$ certificate chain
(D) ISDs SHOULD NOT use this term because it duplicates
meaning of standardized terms and mixes concepts in a
misleading way. Instead, use "certificate validation" or "
validation", depending on what is meant. (See: validate vs
verify.)

$ certificate
(I) The act or process by which a CA sets the values of a
certificate's data fields and signs it. (See: issue.)

$ certificate
(I) The event that occurs when a certificate ceases to be
because its assigned lifetime has been exceeded. (See:
revocation, validity period.)

$ certificate
See: extension

Shirey Informational [Page 26]

RFC 2828 Internet Security Glossary May 2000

$ certificate
(D) ISDs SHOULD NOT use this term as a synonym for the subject
a digital certificate because the term is potentially ambiguous
For example, the term could also refer to a system entity, such
a repository, that simply has possession of a copy of
certificate. (See: certificate owner.)

$ certificate
(I) The functions that a CA may perform during the life cycle of
digital certificate, including the following

- Acquire and verify data items to bind into the certificate
- Encode and sign the certificate
- Store the certificate in a directory or repository
- Renew, rekey, and update the certificate
- Revoke the certificate and issue a CRL

(See: archive management, certificate management, key management
security architecture, token management.)

$ certificate
(D) ISDs SHOULD NOT use this term as a synonym for the subject
a digital certificate because the term is potentially ambiguous
For example, the term could also refer to a system entity, such
a corporation, that has acquired a certificate to operate
other entity, such as a Web server. (See: certificate holder.)

$ certificate
(I) "A named set of rules that indicates the applicability of
certificate to a particular community and/or class of
with common security requirements." [X509] (See:
practice statement.)

(C) A certificate policy can help a certificate user
whether a certificate should be trusted in a
application. "For example, a particular certificate policy
indicate applicability of a type of certificate for
authentication of electronic data interchange transactions for
trading goods within a given price range." [R2527]

(C) A v3 X.509 public-key certificate may have
"certificatePolicies" extension that lists certificate policies
recognized by the issuing CA, that apply to th