rfc2828.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,556 行 · 第 1/5 页
TXT
1,556 行
Netherlands, Australia, and New Zealand and might be proposed as
an ISO standard or adapted to be part of the Common Criteria.
$ browser
(I) An client computer program that can retrieve and display
information from servers on the World Wide Web.
(C) For example, Netscape's Navigator and Communicator, and
Microsoft's Explorer.
$ brute force
(I) A cryptanalysis technique or other kind of attack method
involving an exhaustive procedure that tries all possibilities,
one-by-one.
(C) For example, for ciphertext where the analyst already knows
the decryption algorithm, a brute force technique to finding the
original plaintext is to decrypt the message with every possible
key.
$ BS7799
See: British Standard 7799.
$ byte
(I) A fundamental unit of computer storage; the smallest
addressable unit in a computer's architecture. Usually holds one
character of information and, today, usually means eight bits.
(See: octet.)
(C) Larger than a "bit", but smaller than a "word". Although
"byte" almost always means "octet" today, bytes had other sizes
(e.g., six bits, nine bits) in earlier computer architectures.
$ CA
See: certification authority.
Shirey Informational [Page 23]
RFC 2828 Internet Security Glossary May 2000
$ CA certificate
(I) "A [digital] certificate for one CA issued by another CA."
[X509]
(C) That is, a digital certificate whose holder is able to issue
digital certificates. A v3 X.509 public-key certificate may have a
"basicConstraints" extension containing a "cA" value that
specifically "indicates whether or not the public key may be used
to verify certificate signatures."
$ call back
(I) An authentication technique for terminals that remotely access
a computer via telephone lines. The host system disconnects the
caller and then calls back on a telephone number that was
previously authorized for that terminal.
$ capability
(I) A token, usually an unforgeable data value (sometimes called a
"ticket") that gives the bearer or holder the right to access a
system resource. Possession of the token is accepted by a system
as proof that the holder has been authorized to access the
resource named or indicated by the token. (See: access control
list, credential, digital certificate.)
(C) This concept can be implemented as a digital certificate.
(See: attribute certificate.)
$ CAPI
See: cryptographic application programming interface.
$ CAPSTONE chip
(N) An integrated circuit (the Mykotronx, Inc. MYK-82) with a Type
II cryptographic processor that implements SKIPJACK, KEA, DSA,
SHA, and basic mathematical functions to support asymmetric
cryptography, and includes the key escrow feature of the CLIPPER
chip. (See: FORTEZZA card.)
$ card
See: cryptographic card, FORTEZZA card, payment card, PC card,
smart card, token.
$ card backup
See: token backup.
$ card copy
See: token copy.
Shirey Informational [Page 24]
RFC 2828 Internet Security Glossary May 2000
$ card restore
See: token restore.
$ cardholder
(I) An entity that has been issued a card.
(O) SET usage: "The holder of a valid payment card account and
user of software supporting electronic commerce." [SET2] A
cardholder is issued a payment card by an issuer. SET ensures that
in the cardholder's interactions with merchants, the payment card
account information remains confidential. [SET1]
$ cardholder certificate
(O) SET usage: A digital certificate that is issued to a
cardholder upon approval of the cardholder's issuing financial
institution and that is transmitted to merchants with purchase
requests and encrypted payment instructions, carrying assurance
that the account number has been validated by the issuing
financial institution and cannot be altered by a third party.
[SET1]
$ cardholder certification authority (CCA)
(O) SET usage: A CA responsible for issuing digital certificates
to cardholders and operated on behalf of a payment card brand, an
issuer, or another party according to brand rules. A CCA maintains
relationships with card issuers to allow for the verification of
cardholder accounts. A CCA does not issue a CRL but does
distribute CRLs issued by root CAs, brand CAs, geopolitical CAs,
and payment gateway CAs. [SET2]
$ CAST
(N) A design procedure for symmetric encryption algorithms, and a
resulting family of algorithms, invented by C.A. (Carlisle Adams)
and S.T. (Stafford Tavares). [R2144, R2612]
$ category
(I) A grouping of sensitive information items to which a non-
hierarchical restrictive security label is applied to increase
protection of the data. (See: compartment.)
$ CAW
See: certification authority workstation.
$ CBC
See: cipher block chaining.
$ CCA
See: cardholder certification authority.
Shirey Informational [Page 25]
RFC 2828 Internet Security Glossary May 2000
$ CCITT
(N) Acronym for French translation of International Telephone and
Telegraph Consultative Committee. Now renamed ITU-T.
$ CERT
See: computer emergency response team.
$ certificate
(I) General English usage: A document that attests to the truth of
something or the ownership of something.
(C) Security usage: See: capability, digital certificate.
(C) PKI usage: See: attribute certificate, public-key certificate.
$ certificate authority
(D) ISDs SHOULD NOT use this term because it looks like sloppy use
of "certification authority", which is the term standardized by
X.509.
$ certificate chain
(D) ISDs SHOULD NOT use this term because it duplicates the
meaning of a standardized term. Instead, use "certification path".
$ certificate chain validation
(D) ISDs SHOULD NOT use this term because it duplicates the
meaning of standardized terms and mixes concepts in a potentially
misleading way. Instead, use "certificate validation" or "path
validation", depending on what is meant. (See: validate vs.
verify.)
$ certificate creation
(I) The act or process by which a CA sets the values of a digital
certificate's data fields and signs it. (See: issue.)
$ certificate expiration
(I) The event that occurs when a certificate ceases to be valid
because its assigned lifetime has been exceeded. (See: certificate
revocation, validity period.)
$ certificate extension
See: extension.
Shirey Informational [Page 26]
RFC 2828 Internet Security Glossary May 2000
$ certificate holder
(D) ISDs SHOULD NOT use this term as a synonym for the subject of
a digital certificate because the term is potentially ambiguous.
For example, the term could also refer to a system entity, such as
a repository, that simply has possession of a copy of the
certificate. (See: certificate owner.)
$ certificate management
(I) The functions that a CA may perform during the life cycle of a
digital certificate, including the following:
- Acquire and verify data items to bind into the certificate.
- Encode and sign the certificate.
- Store the certificate in a directory or repository.
- Renew, rekey, and update the certificate.
- Revoke the certificate and issue a CRL.
(See: archive management, certificate management, key management,
security architecture, token management.)
$ certificate owner
(D) ISDs SHOULD NOT use this term as a synonym for the subject of
a digital certificate because the term is potentially ambiguous.
For example, the term could also refer to a system entity, such as
a corporation, that has acquired a certificate to operate some
other entity, such as a Web server. (See: certificate holder.)
$ certificate policy
(I) "A named set of rules that indicates the applicability of a
certificate to a particular community and/or class of application
with common security requirements." [X509] (See: certification
practice statement.)
(C) A certificate policy can help a certificate user decide
whether a certificate should be trusted in a particular
application. "For example, a particular certificate policy might
indicate applicability of a type of certificate for the
authentication of electronic data interchange transactions for the
trading goods within a given price range." [R2527]
(C) A v3 X.509 public-key certificate may have a
"certificatePolicies" extension that lists certificate policies,
recognized by the issuing CA, that apply to the certificate and
govern its use. Each policy is denoted by an object identifier and
may optionally have certificate policy qualifiers.
Shirey Informational [Page 27]
RFC 2828 Internet Security Glossary May 2000
(C) SET usage: Every SET certificate specifies at least one
certificate policy, that of the SET root CA. SET uses certificate
policy qualifiers to point to the actual policy statement and to
add qualifying policies to the root policy. (See: SET qualifier.)
$ certificate policy qualifier
(I) Information that pertains to a certificate policy and is
included in a "certificatePolicies" extension in a v3 X.509
public-key certificate.
$ certificate reactivation
(I) The act or process by which a digital certificate, which a CA
has designated for revocation but not yet listed on a CRL, is
returned to the valid state.
$ certificate rekey
(I) The act or process by which an existing public-key certificate
has its public key value changed by issuing a new certificate with
a different (usually new) public key. (See: certificate renewal,
certificate update, rekey.)
(C) For an X.509 public-key certificate, the essence of rekey is
that the subject stays the same and a new public key is bound to
that subject. Other changes are made, and the old certificate is
revoked, only as required by the PKI and CPS in support of the
rekey. If changes go beyond that, the process is a "certificate
update".
(O) MISSI usage: To rekey a MISSI X.509 public-key certificate
means that the issuing authority creates a new certificate that is
identical to the old one, except the new one has a new, different
KEA key; or a new, different DSS key; or new, different KEA and
DSS keys. The new certificate also has a different serial number
and may have a different validity period. A new key creation date
and maximum key lifetime period are assigned to each newly
generated key. If a new KEA key is generated, that key is assigned
a new KMID. The old certificate remains valid until it expires,
but ⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?