139 lines
6.4 KiB
HTML
139 lines
6.4 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Building a Secure RedHat Apache Server HOWTO: Glossary</TITLE>
|
|
<LINK HREF="SSL-RedHat-HOWTO-5.html" REL=previous>
|
|
<LINK HREF="SSL-RedHat-HOWTO.html#toc6" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
Next
|
|
<A HREF="SSL-RedHat-HOWTO-5.html">Previous</A>
|
|
<A HREF="SSL-RedHat-HOWTO.html#toc6">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s6">6. Glossary</A></H2>
|
|
|
|
<P>
|
|
<DL>
|
|
<DT><B>Authentication</B><DD><P>The positive identification of a network entity such as a
|
|
server, a client, or a user. In SSL context, authentication represents the
|
|
server and client Certificate verification process.
|
|
<P>
|
|
<DT><B>Access Control</B><DD><P>The restriction of access to network realms. In Apache
|
|
context usually the restriction of access to certain URLs.
|
|
<P>
|
|
<DT><B>Algorithm</B><DD><P>An unambiguous formula or set of rules for solving a problem in
|
|
a finite number of steps. Algorithms for encryption are usually called
|
|
Ciphers.
|
|
<P>
|
|
<DT><B>Certificate</B><DD><P>A data record used for authenticating network entities such as
|
|
a server or a client. A certificate contains X.509 information pieces about
|
|
its owner (called the subject) and the signing Certificate Authority (called
|
|
the issuer), plus the owner's public key and the signature made by the CA.
|
|
Network entities verify these signatures using CA certificates.
|
|
<P>
|
|
<DT><B>Certificate Authority (CA)</B><DD><P>A trusted third party whose purpose is to sign
|
|
certificates for network entities that it has authenticated using secure
|
|
means. Other network entities can check the signature to verify that a CA
|
|
has authenticated the bearer of a certificate.
|
|
<P>
|
|
<DT><B>Certificate Signing Request (CSR)</B><DD><P>An unsigned certificate for submission
|
|
to a Certification Authority, which signs it with the Private Key of their
|
|
CA Certificate. Once the CSR is signed, it becomes a real certificate.
|
|
Cipher An algorithm or system for data encryption. Examples are DES, IDEA,
|
|
RC4, etc.
|
|
<P>
|
|
<DT><B>Ciphertext</B><DD><P>The result after a Plaintext passed a Cipher.
|
|
<P>
|
|
<DT><B>Configuration Directive</B><DD><P>A configuration command that controls one or more
|
|
aspects of a program's behavior. In Apache context these are all the command
|
|
names in the first column of the configuration files.
|
|
<P>
|
|
<DT><B>Cryptography - Symmetric</B><DD><P>The client and server use the same key to encrypt and to
|
|
decrypt data.
|
|
<P>
|
|
<DT><B>Cryptography - Asymmetric</B><DD><P>Consists of a key pair (public and private). PKI is
|
|
Asymmetric Cryptography
|
|
<P>
|
|
<DT><B>Digital Signatures</B><DD><P>A piece of data that is sent with an encrypted message
|
|
that identifies the originator and verifies that it has not been altered.
|
|
<P>
|
|
<DT><B>HTTPS</B><DD><P>The HyperText Transport Protocol (Secure), the standard encrypted
|
|
communication mechanism on the World Wide Web. This is actually just HTTP
|
|
over SSL.
|
|
<P>
|
|
<DT><B>Message Digest</B><DD><P>A hash of a message, which can be used to verify that the
|
|
contents of the message have not been altered in transit.
|
|
<P>
|
|
<DT><B>Non-repudiation</B><DD><P>A service that provides proof of the integrity and origin
|
|
of data, both in an non-forgeable relationship, which can be verified by any
|
|
third party at any time, or, an authentication that with high assurance can
|
|
be asserted to be genuine.
|
|
<P>A property achieved through cryptographic methods which prevents an
|
|
individual or entity from denying having performed a particular action
|
|
related to data (such as mechanisms for non-rejection or authority (origin);
|
|
for proof of obligation, intent, or commitment, or for proof of ownership).
|
|
<P>
|
|
<DT><B>OpenSSL</B><DD><P>The Open Source toolkit for SSL/TLS; see
|
|
<A HREF="http://www.openssl.org/">http://www.openssl.org/</A><P>
|
|
<DT><B>Pass Phrase</B><DD><P>The word or phrase that protects private key files. It
|
|
prevents unauthorized users from encrypting them. Usually it's just the
|
|
secret encryption/decryption key used for Ciphers.
|
|
<P>
|
|
<DT><B>Plaintext</B><DD><P>The unencrypted text.
|
|
<P>
|
|
<DT><B>Private Key</B><DD><P>The secret key in a Public Key Cryptography system, used to
|
|
decrypt incoming messages and sign outgoing ones.
|
|
<P>
|
|
<DT><B>Public Key</B><DD><P>The publicly available key in a Public Key Cryptography system,
|
|
used to encrypt messages bound for its owner and to decrypt signatures made
|
|
by its owner.
|
|
<P>
|
|
<DT><B>Public Key Cryptography</B><DD><P>The study and application of asymmetric encryption
|
|
systems, which use one key for encryption and another for decryption. A
|
|
corresponding pair of such keys constitutes a key pair. Also called
|
|
Asymmetric Cryptography.
|
|
<P>
|
|
<DT><B>Secure Sockets Layer (SSL)</B><DD><P>A protocol created by Netscape Communications
|
|
Corporation for general communication authentication and encryption over
|
|
TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText
|
|
Transfer Protocol (HTTP) over SSL.
|
|
<P>
|
|
<DT><B>Session</B><DD><P>The context information of an SSL communication.
|
|
<P>
|
|
<DT><B>SSLeay</B><DD><P>The original SSL/TLS implementation library developed by Eric A.
|
|
Young <eay@aus.rsa.com>;
|
|
see
|
|
<A HREF="http://www.ssleay.org/">http://www.ssleay.org/</A><P>
|
|
<DT><B>Symmetric Cryptography</B><DD><P>The study and application of Ciphers that use a
|
|
single secret key for both encryption and decryption operations.
|
|
<P>
|
|
<DT><B>Transport Layer Security (TLS)</B><DD><P>The successor protocol to SSL, created by
|
|
the Internet Engineering Task Force (IETF) for general communication
|
|
authentication and encryption over TCP/IP networks. TLS version 1 and is
|
|
nearly identical with SSL version 3.
|
|
<P>
|
|
<DT><B>Uniform Resource Locator (URL)</B><DD><P>The formal identifier to locate various
|
|
resources on the World Wide Web. The most popular URL scheme is http. SSL
|
|
uses the scheme https
|
|
<P>
|
|
<DT><B>X.509</B><DD><P>An authentication certificate scheme recommended by the
|
|
International Telecommunication Union (ITU-T) and used for SSL/TLS
|
|
authentication.
|
|
<P>
|
|
<DT><B>ITU-T</B><DD><P>Recommendation X.509 [CCI88c] specifies the authentication service for
|
|
X.500 directories, as well as the X.509 certificate syntax. Directory
|
|
authentication in X.509 can be carried out using either secret-key
|
|
techniques or public-key techniques; the latter is based on public-key
|
|
certificates. The standard does not specify a particular cryptographic
|
|
algorithm, although an informative annex of the standard describes the RSA
|
|
algorithm.
|
|
</DL>
|
|
<P>
|
|
<HR>
|
|
Next
|
|
<A HREF="SSL-RedHat-HOWTO-5.html">Previous</A>
|
|
<A HREF="SSL-RedHat-HOWTO.html#toc6">Contents</A>
|
|
</BODY>
|
|
</HTML>
|