g2150.htm

The Open–source PKI Book Version 2.4.6 Edition Copyright &copy 1999, 2000 by Symeon (Simos) Xenite

><DD
><P
>     	The secret key in a Public Key Cryptography system, used to decrypt
     	incoming messages and sign outgoing ones.
	</P
></DD
><DT
><B
>Public Key</B
></DT
><DD
><P
>     	The publically available key in a Public Key Cryptography system, used
     	to encrypt messages bound for its owner and to verify signatures made
     	by its owner.
	</P
></DD
><DT
><B
>Public Key Cryptography</B
></DT
><DD
><P
>     	The study and application of asymmetric encryption systems, which use
     	one key for encryption and another for decryption. A corresponding pair
     	of such keys constitutes a key pair. Also called Asymmetric
     	Cryptography.
	</P
></DD
><DT
><B
>Public Key Cryptography Standards <SPAN
CLASS="ACRONYM"
>PKCS</SPAN
></B
></DT
><DD
><P
>	A series of cryptographic standards dealing with public-key issues, 
	published by RSA Laboratories.
	</P
></DD
><DT
><B
>S&#8211;expressions</B
></DT
><DD
><P
>	Data structures that are suitable for representing arbitrary 
	complex data structures.
	</P
></DD
><DT
><B
>Secure Sockets Layer (SSL)</B
></DT
><DD
><P
>     	A protocol created by Netscape Communications Corporation for general
     	communication authentication and encryption over TCP/IP networks. The
     	most popular usage is HTTPS, i.e. the HyperText Transfer Protocol
     	(HTTP) over SSL.
	</P
></DD
><DT
><B
>Single Sign&#8211;On (<SPAN
CLASS="ACRONYM"
>SSO</SPAN
>)</B
></DT
><DD
><P
>	The ability to authenticate once and use several security services
	based on that authentication.
	</P
></DD
><DT
><B
>SSLeay</B
></DT
><DD
><P
>     	The original SSL/TLS implementation library developed by 
	<A
HREF="mailto:eay@aus.rsa.com"
TARGET="_top"
>Eric A. Young</A
>;
     	see <A
HREF="http://www.ssleay.org/"
TARGET="_top"
>http://www.ssleay.org/</A
>.
	Now it has been renamed to OpenSSL; see OpenSSL.
	</P
></DD
><DT
><B
>Symmetric Cryptography</B
></DT
><DD
><P
>     	The study and application of Ciphers that use a single secret key for
     	both encryption and decryption operations.
	</P
></DD
><DT
><B
>Transport Layer Security (TLS)</B
></DT
><DD
><P
>     	The successor protocol to SSL, created by the Internet Engineering Task
     	Force (IETF) for general communication authentication and encryption
     	over TCP/IP networks. The current version, TLS version 1, is nearly 
	identical with SSL version 3.
	</P
></DD
><DT
><B
>Trusted Third Party (TTP)</B
></DT
><DD
><P
>	Another description for the Certification Authority that stresses that the keeper
	of the <SPAN
CLASS="ACRONYM"
>CA</SPAN
> private key should be an
	organisation or an entity that has no interests or ties 
	of any kind with the clients. 
	</P
></DD
><DT
><B
>Uniform Resource Locator (URL)</B
></DT
><DD
><P
>     	The formal identifier to locate various resources on the World Wide
     	Web. The most popular <SPAN
CLASS="ACRONYM"
>URL</SPAN
> scheme is http. 
	<SPAN
CLASS="ACRONYM"
>SSL</SPAN
> uses the scheme <SPAN
CLASS="ACRONYM"
>HTTPS</SPAN
>.
	</P
></DD
><DT
><B
>X.500</B
></DT
><DD
><P
>	A <SPAN
CLASS="ACRONYM"
>CCITT</SPAN
> specification for directory services.
	</P
></DD
><DT
><B
>X.509</B
></DT
><DD
><P
>     	An authentication certificate scheme recommended by the International
     	Telecommunication Union (ITU&#8211;T) which is used for <SPAN
CLASS="ACRONYM"
>SSL/TLS
	</SPAN
> authentication.
	</P
></DD
><DT
><B
>Attribute Authority (<SPAN
CLASS="ACRONYM"
>AA</SPAN
>)</B
></DT
><DD
><P
> 	An authority trusted by one or more
        users to create and sign attribute certificates. It is important
       	to note that the Attribute Authority is responsible for the 
	attribute certificates during their whole lifetime, not just 
	for issuing them.
	</P
></DD
><DT
><B
>Attribute Certificate (<SPAN
CLASS="ACRONYM"
>AC</SPAN
>)</B
></DT
><DD
><P
>	A data structure containing a set of
	attributes for an end-entity and some other information, which is
	digitally signed with the private key of the AA which issued it.
	</P
></DD
><DT
><B
>Certificate</B
></DT
><DD
><P
>	Can refer to either an Attribute Certificate or a Public Key Certificate certificate.  
	Where there is no distinction made the context
        should be assumed to apply to both an AC and a public key
        certificate.
	</P
></DD
><DT
><B
>Certification Authority (<SPAN
CLASS="ACRONYM"
>CA</SPAN
>)</B
></DT
><DD
><P
>	An authority trusted by one or
        more users to create and assign public key certificates.
        Optionally the Certification Authority may create the user's keys. 
	It is important to note that the Certification Authority is responsible for the 
	public key certificates during their whole lifetime, not just 
	for issuing them. 
	</P
></DD
><DT
><B
>Certificate Policy (<SPAN
CLASS="ACRONYM"
>CP</SPAN
>)</B
></DT
><DD
><P
>	A named set of rules that indicates the
       	applicability of a public key certificate to a particular
        community or class of application with common security
        requirements. For example, a particular certificate policy might
       	indicate applicability of a type of public key certificate to the
        authentication of electronic data interchange transactions for
        the trading of goods within a given price range.
	</P
></DD
><DT
><B
>Certification Practice Statement (<SPAN
CLASS="ACRONYM"
>CPS</SPAN
>)</B
></DT
><DD
><P
>	A statement of the
        practices which a Certification Authority employs in issuing public key certificates. 
	</P
></DD
><DT
><B
>End&#8211;entity (<SPAN
CLASS="ACRONYM"
>EE</SPAN
>)</B
></DT
><DD
><P
>	A subject of a certificate who is not a Certification Authority in the
        Public Key Infrastructure or an Attribute Authority in the Priviledge Management Infrastructure. (An End&#8211;entity from the Public Key Infrastructure can be 
	an Attribute Authority in the Priviledge Management Infrastructure.)
	</P
></DD
><DT
><B
>Public Key Certificate (<SPAN
CLASS="ACRONYM"
>PKC</SPAN
>)</B
></DT
><DD
><P
>	A data structure containing the
	public key of an end-entity and some other information, which is
	digitally signed with the private key of the Certification Authority which issued it.
	</P
></DD
><DT
><B
>Public Key Infrastructure (<SPAN
CLASS="ACRONYM"
>PKI</SPAN
>)</B
></DT
><DD
><P
>	The set of hardware, software,
	people, policies and procedures needed to create, manage, store,
	distribute, and revoke PKCs based on public-key cryptography.
	</P
></DD
><DT
><B
>Priviledge Management Infrastructure (<SPAN
CLASS="ACRONYM"
>PMI</SPAN
>)</B
></DT
><DD
><P
>	A collection of Attribute Certificates,
	with their issuing Attribute Authority's, subjects, relying parties, and
	repositories, is referred to as a Priviledge Management Infrastructure
	</P
></DD
><DT
><B
>Registration Authority (<SPAN
CLASS="ACRONYM"
>RA</SPAN
>)</B
></DT
><DD
><P
>	An optional entity given
        responsibility for performing some of the administrative tasks
        necessary in the registration of subjects, such as: confirming
        the subject's identity; validating that the subject is entitled
        to have the values requested in a Public Key Certificate and verifying that the
        subject has possession of the private key associated with the
        public key requested for a Public Key Certificate.
	</P
></DD
><DT
><B
>Relying Party</B
></DT
><DD
><P
>	A user or agent (e.g., a client or server) who
        relies on the data in a certificate in making decisions.
	</P
></DD
><DT
><B
>Root CA</B
></DT
><DD
><P
>	A Certification Authority that is directly trusted by an End&#8211;entity; that is,
        securely acquiring the value of a Root CA public key requires
        some out-of-band step(s). This term is not meant to imply that a
        Root CA is necessarily at the top of any hierarchy, simply that
        the CA in question is trusted directly.
	</P
></DD
><DT
><B
>Subordinate CA</B
></DT
><DD
><P
>	A <I
CLASS="EMPHASIS"
>subordinate CA</I
> is one that is not a Root CA
	for the End&#8211;entity in question. Often, a subordinate CA will not be a
	Root CA for any entity but this is not mandatory.
	</P
></DD
><DT
><B
>Subject</B
></DT
><DD
><P
>	A subject is the entity (Attribute Authority, Certification Authority, or End&#8211;entity) named in a
	certificate. Subjects can be human users, computers (as
	represented by Domain Name Service (DNS) names or Internet
	Protocol (IP) addresses), or even software agents.
	</P
></DD
><DT
><B
>Top CA</B
></DT
><DD
><P
>	A Certification Authority that is at the top of a PKI hierarchy.
	</P
></DD
></DL
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="z2128.htm"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ospki-book.htm"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="b2431.htm"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Colophon</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Bibliography</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>