rfc2828.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                                          R. Shirey
Request for Comments: 2828                        GTE / BBN Technologies
FYI: 36                                                         May 2000
Category: Informational


                       Internet Security Glossary

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This Glossary (191 pages of definitions and 13 pages of references)
   provides abbreviations, explanations, and recommendations for use of
   information system security terminology. The intent is to improve the
   comprehensibility of writing that deals with Internet security,
   particularly Internet Standards documents (ISDs). To avoid confusion,
   ISDs should use the same term or definition whenever the same concept
   is mentioned. To improve international understanding, ISDs should use
   terms in their plainest, dictionary sense. ISDs should use terms
   established in standards documents and other well-founded
   publications and should avoid substituting private or newly made-up
   terms. ISDs should avoid terms that are proprietary or otherwise
   favor a particular vendor, or that create a bias toward a particular
   security technology or mechanism versus other, competing techniques
   that already exist or might be developed in the future.

















Shirey                       Informational                      [Page 1]

RFC 2828               Internet Security Glossary               May 2000


Table of Contents

   1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . .   2
   2. Explanation of Paragraph Markings  . . . . . . . . . . . . . .   4
      2.1 Recommended Terms with an Internet Basis ("I") . . . . . .   4
      2.2 Recommended Terms with a Non-Internet Basis ("N")  . . . .   5
      2.3 Other Definitions ("O")  . . . . . . . . . . . . . . . . .   5
      2.4 Deprecated Terms, Definitions, and Uses ("D")  . . . . . .   6
      2.5 Commentary and Additional Guidance ("C") . . . . . . . . .   6
   3. Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .   6
   4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 197
   5. Security Considerations  . . . . . . . . . . . . . . . . . . . 211
   6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 211
   7. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 211
   8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 212

1. Introduction

   This Glossary provides an internally consistent, complementary set of
   abbreviations, definitions, explanations, and recommendations for use
   of terminology related to information system security. The intent of
   this Glossary is to improve the comprehensibility of Internet
   Standards documents (ISDs)--i.e., RFCs, Internet-Drafts, and other
   material produced as part of the Internet Standards Process [R2026]--
   and of all other Internet material, too. Some non-security terms are
   included to make the Glossary self-contained, but more complete lists
   of networking terms are available elsewhere [R1208, R1983].

   Some glossaries (e.g., [Raym]) list terms that are not listed here
   but could be applied to Internet security. However, those terms have
   not been included in this Glossary because they are not appropriate
   for ISDs.

   This Glossary marks terms and definitions as being either endorsed or
   deprecated for use in ISDs, but this Glossary is not an Internet
   standard. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are intended to be interpreted the same way as in an
   Internet Standard [R2119], but this guidance represents only the
   recommendations of this author. However, this Glossary includes
   reasons for the recommendations--particularly for the SHOULD NOTs--so
   that readers can judge for themselves whether to follow the
   recommendations.









Shirey                       Informational                      [Page 2]

RFC 2828               Internet Security Glossary               May 2000


   This Glossary supports the goals of the Internet Standards Process:

   o Clear, Concise, and Easily Understood Documentation

      This Glossary seeks to improve comprehensibility of security-
      related content of ISDs. That requires wording to be clear and
      understandable, and requires the set of security-related terms and
      definitions to be consistent and self-supporting. Also, the
      terminology needs to be uniform across all ISDs; i.e., the same
      term or definition needs to be used whenever and wherever the same
      concept is mentioned. Harmonization of existing ISDs need not be
      done immediately, but it is desirable to correct and standardize
      the terminology when new versions are issued in the normal course
      of standards development and evolution.

   o Technical Excellence

      Just as Internet Standard (STD) protocols should operate
      effectively, ISDs should use terminology accurately, precisely,
      and unambiguously to enable Internet Standards to be implemented
      correctly.

   o Prior Implementation and Testing

      Just as STD protocols require demonstrated experience and
      stability before adoption, ISDs need to use well-established
      language. Using terms in their plainest, dictionary sense (when
      appropriate) helps to ensure international understanding. ISDs
      need to avoid using private, made-up terms in place of generally-
      accepted terms from standards and other publications. ISDs need to
      avoid substituting new definitions that conflict with established
      ones. ISDs need to avoid using "cute" synonyms (e.g., see: Green
      Book); no matter how popular a nickname may be in one community,
      it is likely to cause confusion in another.

   o Openness, Fairness, and Timeliness

      ISDs need to avoid terms that are proprietary or otherwise favor a
      particular vendor, or that create a bias toward a particular
      security technology or mechanism over other, competing techniques
      that already exist or might be developed in the future. The set of
      terminology used across the set of ISDs needs to be flexible and
      adaptable as the state of Internet security art evolves.








Shirey                       Informational                      [Page 3]

RFC 2828               Internet Security Glossary               May 2000


2. Explanation of Paragraph Markings

   Section 3 marks terms and definitions as follows:

   o Capitalization: Only terms that are proper nouns are capitalized.

   o Paragraph Marking: Definitions and explanations are stated in
      paragraphs that are marked as follows:

      - "I" identifies a RECOMMENDED Internet definition.
      - "N" identifies a RECOMMENDED non-Internet definition.
      - "O" identifies a definition that is not recommended as the first
        choice for Internet documents but is something that authors of
        Internet documents need to know.
      - "D" identifies a term or definition that SHOULD NOT be used in
        Internet documents.
      - "C" identifies commentary or additional usage guidance.

   The rest of Section 2 further explains these five markings.

2.1 Recommended Terms with an Internet Basis ("I")

   The paragraph marking "I" (as opposed to "O") indicates a definition
   that SHOULD be the first choice for use in ISDs. Most terms and
   definitions of this type MAY be used in ISDs; however, some "I"
   definitions are accompanied by a "D" paragraph that recommends
   against using the term. Also, some "I" definitions are preceded by an
   indication of a contextual usage limitation (e.g., see:
   certification), and ISDs should not the term and definition outside
   that context

   An "I" (as opposed to an "N") also indicates that the definition has
   an Internet basis. That is, either the Internet Standards Process is
   authoritative for the term, or the term is sufficiently generic that
   this Glossary can freely state a definition without contradicting a
   non-Internet authority (e.g., see: attack).

   Many terms with "I" definitions are proper nouns (e.g., see:
   Internet Protocol). For such terms, the "I" definition is intended
   only to provide basic information; the authoritative definition is
   found elsewhere.

   For a proper noun identified as an "Internet protocol", please refer
   to the current edition of "Internet Official Protocol Standards" (STD
   1) for the standardization state and status of the protocol.






Shirey                       Informational                      [Page 4]

RFC 2828               Internet Security Glossary               May 2000


2.2 Recommended Terms with a Non-Internet Basis ("N")

   The paragraph marking "N" (as opposed to "O") indicates a definition
   that SHOULD be the first choice for the term, if the term is used at
   all in Internet documents. Terms and definitions of this type MAY be
   used in Internet documents (e.g., see: X.509 public-key certificate).

   However, an "N" (as opposed to an "I") also indicates a definition
   that has a non-Internet basis or origin. Many such definitions are
   preceded by an indication of a contextual usage limitation, and this
   Glossary's endorsement does not apply outside that context.  Also,
   some contexts are rarely if ever expected to occur in a Internet
   document (e.g., see: baggage). In those cases, the listing exists to
   make Internet authors aware of the non-Internet usage so that they
   can avoid conflicts with non-Internet documents.

   Many terms with "N" definitions are proper nouns (e.g., see:
   Computer Security Objects Register). For such terms, the "N"
   definition is intended only to provide basic information; the
   authoritative definition is found elsewhere.

2.3 Other Definitions ("O")

   The paragraph marking "O" indicates a definition that has a non-
   Internet basis, but indicates that the definition SHOULD NOT be used
   in ISDs *except* in cases where the term is specifically identified
   as non-Internet.

   For example, an ISD might mention "BCA" (see: brand certification
   authority) or "baggage" as an example to illustrate some concept; in
   that case, the document should specifically say "SET(trademark) BCA"
   or "SET(trademark) baggage" and include the definition of the term.

   For some terms that have a definition published by a non-Internet
   authority--government (see: object reuse), industry (see: Secure Data
   Exchange), national (see: Data Encryption Standard), or international
   (see: data confidentiality)--this Glossary marks the definition "N",
   recommending its use in Internet documents. In other cases, the non-
   Internet definition of a term is inadequate or inappropriate for
   ISDs. For example, it may be narrow or outdated, or it may need
   clarification by substituting more careful or more explanatory
   wording using other terms that are defined in this Glossary. In those
   cases, this Glossary marks the tern "O" and provides an "I"
   definition (or sometimes a different "N" definition), which precedes
   and supersedes the definition marked "O".






Shirey                       Informational                      [Page 5]

RFC 2828               Internet Security Glossary               May 2000


   In most of the cases where this Glossary provides a definition to
   supersede one from a non-Internet standard, the substitute is
   intended to subsume the meaning of the superseded "O" definition and
   not conflict with it. For the term "security service", for example,
   the "O" definition deals narrowly with only communication services
   provided by layers in the OSI model and is inadequate for the full
   range of ISD usage; the "I" definition can be used in more situations
   and for more kinds of service. However, the "O" definition is also
   provided here so that ISD authors will be aware of the context in
   which the term is used more narrowly.

   When making substitutions, this Glossary attempts to use
   understandable English that does not contradict any non-Internet
   authority. Still, terminology differs between the standards of the
   American Bar Association, OSI, SET, the U.S. Department of Defense,
   and other authorities, and this Glossary probably is not exactly
   aligned with all of them.

2.4 Deprecated Terms, Definitions, and Uses ("D")

   If this Glossary recommends that a term or definition SHOULD NOT be
   used in ISDs, then either the definition has the paragraph marking
   "D", or the restriction is stated in a "D" paragraph that immediately
   follows the term or definition.

2.5 Commentary and Additional Guidance ("C")

   The paragraph marking "C" identifies text that is advisory or
   tutorial. This text MAY be reused in other Internet documents.  This
   text is not intended to be authoritative, but is provided to clarify
   the definitions and to enhance this Glossary so that Internet
   security novices can use it as a tutorial.