rfc2828.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,556 行 · 第 1/5 页
TXT
1,556 行
Network Working Group R. Shirey
Request for Comments: 2828 GTE / BBN Technologies
FYI: 36 May 2000
Category: Informational
Internet Security Glossary
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This Glossary (191 pages of definitions and 13 pages of references)
provides abbreviations, explanations, and recommendations for use of
information system security terminology. The intent is to improve the
comprehensibility of writing that deals with Internet security,
particularly Internet Standards documents (ISDs). To avoid confusion,
ISDs should use the same term or definition whenever the same concept
is mentioned. To improve international understanding, ISDs should use
terms in their plainest, dictionary sense. ISDs should use terms
established in standards documents and other well-founded
publications and should avoid substituting private or newly made-up
terms. ISDs should avoid terms that are proprietary or otherwise
favor a particular vendor, or that create a bias toward a particular
security technology or mechanism versus other, competing techniques
that already exist or might be developed in the future.
Shirey Informational [Page 1]
RFC 2828 Internet Security Glossary May 2000
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Explanation of Paragraph Markings . . . . . . . . . . . . . . 4
2.1 Recommended Terms with an Internet Basis ("I") . . . . . . 4
2.2 Recommended Terms with a Non-Internet Basis ("N") . . . . 5
2.3 Other Definitions ("O") . . . . . . . . . . . . . . . . . 5
2.4 Deprecated Terms, Definitions, and Uses ("D") . . . . . . 6
2.5 Commentary and Additional Guidance ("C") . . . . . . . . . 6
3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 197
5. Security Considerations . . . . . . . . . . . . . . . . . . . 211
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 211
7. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 211
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 212
1. Introduction
This Glossary provides an internally consistent, complementary set of
abbreviations, definitions, explanations, and recommendations for use
of terminology related to information system security. The intent of
this Glossary is to improve the comprehensibility of Internet
Standards documents (ISDs)--i.e., RFCs, Internet-Drafts, and other
material produced as part of the Internet Standards Process [R2026]--
and of all other Internet material, too. Some non-security terms are
included to make the Glossary self-contained, but more complete lists
of networking terms are available elsewhere [R1208, R1983].
Some glossaries (e.g., [Raym]) list terms that are not listed here
but could be applied to Internet security. However, those terms have
not been included in this Glossary because they are not appropriate
for ISDs.
This Glossary marks terms and definitions as being either endorsed or
deprecated for use in ISDs, but this Glossary is not an Internet
standard. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are intended to be interpreted the same way as in an
Internet Standard [R2119], but this guidance represents only the
recommendations of this author. However, this Glossary includes
reasons for the recommendations--particularly for the SHOULD NOTs--so
that readers can judge for themselves whether to follow the
recommendations.
Shirey Informational [Page 2]
RFC 2828 Internet Security Glossary May 2000
This Glossary supports the goals of the Internet Standards Process:
o Clear, Concise, and Easily Understood Documentation
This Glossary seeks to improve comprehensibility of security-
related content of ISDs. That requires wording to be clear and
understandable, and requires the set of security-related terms and
definitions to be consistent and self-supporting. Also, the
terminology needs to be uniform across all ISDs; i.e., the same
term or definition needs to be used whenever and wherever the same
concept is mentioned. Harmonization of existing ISDs need not be
done immediately, but it is desirable to correct and standardize
the terminology when new versions are issued in the normal course
of standards development and evolution.
o Technical Excellence
Just as Internet Standard (STD) protocols should operate
effectively, ISDs should use terminology accurately, precisely,
and unambiguously to enable Internet Standards to be implemented
correctly.
o Prior Implementation and Testing
Just as STD protocols require demonstrated experience and
stability before adoption, ISDs need to use well-established
language. Using terms in their plainest, dictionary sense (when
appropriate) helps to ensure international understanding. ISDs
need to avoid using private, made-up terms in place of generally-
accepted terms from standards and other publications. ISDs need to
avoid substituting new definitions that conflict with established
ones. ISDs need to avoid using "cute" synonyms (e.g., see: Green
Book); no matter how popular a nickname may be in one community,
it is likely to cause confusion in another.
o Openness, Fairness, and Timeliness
ISDs need to avoid terms that are proprietary or otherwise favor a
particular vendor, or that create a bias toward a particular
security technology or mechanism over other, competing techniques
that already exist or might be developed in the future. The set of
terminology used across the set of ISDs needs to be flexible and
adaptable as the state of Internet security art evolves.
Shirey Informational [Page 3]
RFC 2828 Internet Security Glossary May 2000
2. Explanation of Paragraph Markings
Section 3 marks terms and definitions as follows:
o Capitalization: Only terms that are proper nouns are capitalized.
o Paragraph Marking: Definitions and explanations are stated in
paragraphs that are marked as follows:
- "I" identifies a RECOMMENDED Internet definition.
- "N" identifies a RECOMMENDED non-Internet definition.
- "O" identifies a definition that is not recommended as the first
choice for Internet documents but is something that authors of
Internet documents need to know.
- "D" identifies a term or definition that SHOULD NOT be used in
Internet documents.
- "C" identifies commentary or additional usage guidance.
The rest of Section 2 further explains these five markings.
2.1 Recommended Terms with an Internet Basis ("I")
The paragraph marking "I" (as opposed to "O") indicates a definition
that SHOULD be the first choice for use in ISDs. Most terms and
definitions of this type MAY be used in ISDs; however, some "I"
definitions are accompanied by a "D" paragraph that recommends
against using the term. Also, some "I" definitions are preceded by an
indication of a contextual usage limitation (e.g., see:
certification), and ISDs should not the term and definition outside
that context
An "I" (as opposed to an "N") also indicates that the definition has
an Internet basis. That is, either the Internet Standards Process is
authoritative for the term, or the term is sufficiently generic that
this Glossary can freely state a definition without contradicting a
non-Internet authority (e.g., see: attack).
Many terms with "I" definitions are proper nouns (e.g., see:
Internet Protocol). For such terms, the "I" definition is intended
only to provide basic information; the authoritative definition is
found elsewhere.
For a proper noun identified as an "Internet protocol", please refer
to the current edition of "Internet Official Protocol Standards" (STD
1) for the standardization state and status of the protocol.
Shirey Informational [Page 4]
RFC 2828 Internet Security Glossary May 2000
2.2 Recommended Terms with a Non-Internet Basis ("N")
The paragraph marking "N" (as opposed to "O") indicates a definition
that SHOULD be the first choice for the term, if the term is used at
all in Internet documents. Terms and definitions of this type MAY be
used in Internet documents (e.g., see: X.509 public-key certificate).
However, an "N" (as opposed to an "I") also indicates a definition
that has a non-Internet basis or origin. Many such definitions are
preceded by an indication of a contextual usage limitation, and this
Glossary's endorsement does not apply outside that context. Also,
some contexts are rarely if ever expected to occur in a Internet
document (e.g., see: baggage). In those cases, the listing exists to
make Internet authors aware of the non-Internet usage so that they
can avoid conflicts with non-Internet documents.
Many terms with "N" definitions are proper nouns (e.g., see:
Computer Security Objects Register). For such terms, the "N"
definition is intended only to provide basic information; the
authoritative definition is found elsewhere.
2.3 Other Definitions ("O")
The paragraph marking "O" indicates a definition that has a non-
Internet basis, but indicates that the definition SHOULD NOT be used
in ISDs *except* in cases where the term is specifically identified
as non-Internet.
For example, an ISD might mention "BCA" (see: brand certification
authority) or "baggage" as an example to illustrate some concept; in
that case, the document should specifically say "SET(trademark) BCA"
or "SET(trademark) baggage" and include the definition of the term.
For some terms that have a definition published by a non-Internet
authority--government (see: object reuse), industry (see: Secure Data
Exchange), national (see: Data Encryption Standard), or international
(see: data confidentiality)--this Glossary marks the definition "N",
recommending its use in Internet documents. In other cases, the non-
Internet definition of a term is inadequate or inappropriate for
ISDs. For example, it may be narrow or outdated, or it may need
clarification by substituting more careful or more explanatory
wording using other terms that are defined in this Glossary. In those
cases, this Glossary marks the tern "O" and provides an "I"
definition (or sometimes a different "N" definition), which precedes
and supersedes the definition marked "O".
Shirey Informational [Page 5]
RFC 2828 Internet Security Glossary May 2000
In most of the cases where this Glossary provides a definition to
supersede one from a non-Internet standard, the substitute is
intended to subsume the meaning of the superseded "O" definition and
not conflict with it. For the term "security service", for example,
the "O" definition deals narrowly with only communication services
provided by layers in the OSI model and is inadequate for the full
range of ISD usage; the "I" definition can be used in more situations
and for more kinds of service. However, the "O" definition is also
provided here so that ISD authors will be aware of the context in
which the term is used more narrowly.
When making substitutions, this Glossary attempts to use
understandable English that does not contradict any non-Internet
authority. Still, terminology differs between the standards of the
American Bar Association, OSI, SET, the U.S. Department of Defense,
and other authorities, and this Glossary probably is not exactly
aligned with all of them.
2.4 Deprecated Terms, Definitions, and Uses ("D")
If this Glossary recommends that a term or definition SHOULD NOT be
used in ISDs, then either the definition has the paragraph marking
"D", or the restriction is stated in a "D" paragraph that immediately
follows the term or definition.
2.5 Commentary and Additional Guidance ("C")
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?