g2150.htm

The Open–source PKI Book Version 2.4.6 Edition Copyright &copy 1999, 2000 by Symeon (Simos) Xenite

<HTML
><HEAD
><TITLE
>Glossary</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.55"><LINK
REL="HOME"
TITLE="The Open&#8211;source PKI Book"
HREF="ospki-book.htm"><LINK
REL="PREVIOUS"
TITLE="Colophon"
HREF="z2128.htm"><LINK
REL="NEXT"
TITLE="Bibliography"
HREF="b2431.htm"></HEAD
><BODY
CLASS="GLOSSARY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Open&#8211;source PKI Book: A guide to PKIs and Open&#8211;source Implementations</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="z2128.htm"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="b2431.htm"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="GLOSSARY"
><H1
><A
NAME="AEN2150"
>Glossary</A
></H1
><DL
><DT
><B
>CAServer (OpenCA terminology)</B
></DT
><DD
><P
>The Certification Authority. In this document it is used to describe the 
	<SPAN
CLASS="ACRONYM"
>CA</SPAN
> as described in 
	<A
HREF="impl-openca.htm#OPENCA-LAYOUT"
>Figure 7-1</A
></P
></DD
><DT
><B
>RAServer (OpenCA terminology)</B
></DT
><DD
><P
>The Registration Authority. In this document it is used to describe the
	<SPAN
CLASS="ACRONYM"
>RA</SPAN
> as described in                                           <A
HREF="impl-openca.htm#OPENCA-LAYOUT"
>Figure 7-1</A
></P
></DD
><DT
><B
>RAOperator (OpenCA terminology)</B
></DT
><DD
><P
>The front&#8211;end of the Registration Authority that interacts with 
	the users. In this document its functionality is described at
	<A
HREF="impl-openca.htm#OPENCA-LAYOUT"
>Figure 7-1</A
></P
></DD
><DT
><B
>Entity authentication mechanisms</B
></DT
><DD
><P
>	Entity authentication mechanisms allow the verification, of an entity's
	claimed identity, by another entity. The authenticity of the entity
	can be ascertained only for the instance of the authentication exchange.
	</P
></DD
><DT
><B
>Peer entity authentication</B
></DT
><DD
><P
>	Peer entity authentication is the corroboration that a peer entity
	in an association is the one claimed. This service is provided for use
	at the establishment of, or at times during, the data transfer
	phase of a connection to confirm the identities of one or more of the
	entities connected to one or more of the other entities.
	</P
></DD
><DT
><B
>Algorithm</B
></DT
><DD
><P
>	An unambiguous formula or set of rules for solving a problem in a
        finite number of steps. Algorithms for encryption are usually called
        Ciphers.
	</P
></DD
><DT
><B
>Certification Authority (CA)</B
></DT
><DD
><P
>	An entity that attests to the
     	identity of a person or an organisation.  A Certificate
        Authority might be an external company such as VeriSign that
        offers certificate services or they might be an internal
        organisation such as a corporate MIS department.  The
        Certificate Authority's chief function is to verify the
        identity of entities and issue digital certificates attesting
        to that identity.
	</P
><P
>The acronym CA can be found in different variations.
	<P
></P
><UL
><LI
><P
>Certification Authority (Used in this document and found in most documents)</P
></LI
><LI
><P
>Certifying Authority (Found in the <A
HREF="http://www.rsasecurity.com/rsalabs/faq/index.html"
TARGET="_top"
>	  RSA Security Crypto FAQ</A
>)
	  </P
></LI
><LI
><P
>Certificate Authority (Found in various documents)
	  </P
></LI
></UL
>
	</P
></DD
><DT
><B
>Certificate Request</B
></DT
><DD
><P
>	An unsigned certificate for submission to a Certification Authority,
     	which signs it with the Private Key. Once the
     	certificate request gets signed, it becomes a Certificate.
	This term is used in <SPAN
CLASS="ACRONYM"
>PKIX</SPAN
> terminology and it is
	the same with the Certificate Signing Request. We use both terms to describe the same
	thing.
	</P
></DD
><DT
><B
>Certificate Signing Request (CSR) (OpenCA terminology)</B
></DT
><DD
><P
>	An unsigned certificate for submission to a Certification Authority,
     	which signs it with the Private Key of their CA Certificate. Once the
     	CSR is signed, it becomes a real certificate.
	</P
></DD
><DT
><B
>Cipher</B
></DT
><DD
><P
>	An algorithm or system for data encryption. Examples are DES, IDEA,
     	RC4, etc.
	</P
></DD
><DT
><B
>Ciphertext</B
></DT
><DD
><P
>	The result of the encryption of ciphertext, using a cipher.
	</P
></DD
><DT
><B
>Configuration Directive</B
></DT
><DD
><P
>	A configuration command that controls one or more aspects of a
     	program's behavior. In Apache context these are all the command names
     	in the first column of the configuration files.
	</P
></DD
><DT
><B
>Cross&#8211;certificate</B
></DT
><DD
><P
>	A cross&#8211;certificate is a certificate issued by one CA to
	another CA which contains a CA signature key used for issuing 
	certificates.
	</P
></DD
><DT
><B
>DER format</B
></DT
><DD
><P
>	A binary format to encode certificates.
	</P
></DD
><DT
><B
>Digital Signature</B
></DT
><DD
><P
>	A method of signing electronic documents (otherwise digital data)
	using Public Key Cryptography.
	</P
></DD
><DT
><B
>Digital Timestamp</B
></DT
><DD
><P
>	An electronic record that mathematically links a document 
	to a time and date. 
	</P
></DD
><DT
><B
>Electronic Commerce</B
></DT
><DD
><P
>	The exchange of goods, services and fiduciary information
	or instruments via distributed computer and communication networks.
	</P
></DD
><DT
><B
>Export&#8211;Crippled</B
></DT
><DD
><P
>	Diminished in cryptographic strength (and security) in order to comply
     	with the United States' Export Administration Regulations (EAR).
     	Export&#8211;crippled cryptographic software is limited to a small 
	key size, resulting in Ciphertext which usually can be decrypted 
	by brute force.
	</P
><P
>	Currently there is draft policy in the United States that provides
	substantial freedom to the availability of cryptographic software.
	This policy remains to be finalised and voted in order to become
	effective. Similar legislation is expected to be voted in the 
	European Parliament soon.
	</P
></DD
><DT
><B
>Fully&#8211;Qualified Domain&#8211;Name (FQDN)</B
></DT
><DD
><P
>	The unique name of a network entity, consisting of a hostname and a
     	domain name that can resolve to an IP address. For example, www is a
     	hostname, whatever.com is a domain name, and www.whatever.com is a
     	fully&#8211;qualified domain name.
	</P
></DD
><DT
><B
>HyperText Transfer Protocol (HTTP)</B
></DT
><DD
><P
>	The HyperText Transport Protocol is the standard transmission protocol
     	used on the World Wide Web.
	</P
></DD
><DT
><B
>HTTPS</B
></DT
><DD
><P
>     	The HyperText Transport Protocol (Secure), the standard encrypted
     	communication mechanism on the World Wide Web. This is actually just
     	HTTP over SSL.
	</P
></DD
><DT
><B
>Keyholder</B
></DT
><DD
><P
>	The entity (often a person) that controls a private key.
	</P
></DD
><DT
><B
>Key recovery</B
></DT
><DD
><P
>	The ability of an individual, organisation or their authorised
	agents to obtain an extra copy of a key (or other information
	necessary for decryption) that enables them to decrypt the 
	ciphertext.
	</P
></DD
><DT
><B
>Lightweight Directory Access Protocol (LDAP)</B
></DT
><DD
><P
>	LDAP is a specification for a client&#8211;server protocol to retrieve 
	and manage directory information. 
	</P
></DD
><DT
><B
>Message Digest</B
></DT
><DD
><P
>	A hash of a message, which can be used to verify that the contents of
     	the message have not been altered in transit.
	</P
></DD
><DT
><B
>OpenLDAP</B
></DT
><DD
><P
>	OpenLDAP is an open&#8211;source implementation of LDAP. 
	It provides a stand&#8211;alone LDAP server, a stand&#8211;alone LDAP 
	replication server, libraries implementing the LDAP protocol,
	and other relevant software. For more information on OpenLDAP, 
	see http://www.openldap.org/.
	</P
></DD
><DT
><B
>OpenSSL</B
></DT
><DD
><P
>	An open&#8211;source implementation of the SSL/TLS protocol. 
	It is based on SSLeay. For more about 
	OpenSSL, see <A
HREF="http://www.openssl.org/"
TARGET="_top"
>	http://www.openssl.org/</A
>.
	</P
></DD
><DT
><B
>Pass Phrase</B
></DT
><DD
><P
>	The word or phrase that protects private key files. It prevents
     	unauthorized users from encrypting them. 	
	</P
></DD
><DT
><B
>PEM format</B
></DT
><DD
><P
>	A text (<SPAN
CLASS="ACRONYM"
>ASCII</SPAN
>) format that can be
	used to encode Certificates. It is essentially the Certificate
	in DER format that has been encoded with Base64 and had
	a header and footer added.
	</P
></DD
><DT
><B
>Plaintext</B
></DT
><DD
><P
>	The text that will be encrypted. If we decrypt succesfully a
	ciphertext, the result is the plaintext.
	</P
></DD
><DT
><B
>Private Key</B
></DT