O <- 4. Definitions -> Q
P
$ P1363
(N) See: IEEE P1363.
Shirey Informational [Page 212]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ PAA
(O) See: policy approving authority.
$ package
(N) /Common Criteria/ A reusable set of either functional or
assurance components, combined in a single unit to satisfy a set
of identified security objectives. (Compare: protection profile.)
Example: The seven EALs defined in Part 3 of the Common Criteria
are predefined assurance packages.
Tutorial: A package is a combination of security requirement
components and is intended to be reusable in the construction of
either more complex packages or protection profiles and security
targets. A package expresses a set of either functional or
assurance requirements that meet some particular need, expressed
as a set of security objectives.
$ packet
(I) A block of data that is carried from a source to a destination
through a communication channel or, more generally, across a
network. (Compare: datagram, PDU.)
$ packet filter
(I) See: secondary definition under "filtering router".
$ packet monkey
(D) /slang/ Someone who floods a system with packets, creating a
denial-of-service condition for the system's users. (See:
cracker.)
Deprecated Term: It is likely that other cultures use different
metaphors for this concept. Therefore, to avoid international
misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
Usage under "Green Book".)
$ pagejacking
(D) /slang/ A contraction of "Web page hijacking". A masquerade
attack in which the attacker copies (steals) a home page or other
material from the target server, rehosts the page on a server the
attacker controls, and causes the rehosted page to be indexed by
the major Web search services, thereby diverting browsers from the
target server to the attacker's server.
Deprecated Term: IDOCs SHOULD NOT use this contraction. The term
is not listed in most dictionaries and could confuse international
readers. (See: Deprecated Usage under "Green Book".)
Shirey Informational [Page 213]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ PAN
(O) See: primary account number.
$ PAP
(I) See: Password Authentication Protocol.
$ parity bit
(I) A checksum that is computed on a block of bits by computing
the binary sum of the individual bits in the block and then
discarding all but the low-order bit of the sum. (See: checksum.)
$ partitioned security mode
(N) A mode of system operation wherein all users having access to
the system have the necessary security clearances for all data
handled by the system, but some users might not have either formal
access approval or need-to-know for all the data. (See: /system
operation/ under "mode", formal access approval, need to know,
protection level, security clearance.)
Usage: Usually abbreviated as "partitioned mode". This term was
defined in U.S. Government policy on system accreditation.
$ PASS
(N) See: personnel authentication system string.
$ passive attack
(I) See: secondary definition under "attack".
$ passive user
(I) See: secondary definition under "system user".
$ passive wiretapping
(I) A wiretapping attack that attempts only to observe a
communication flow and gain knowledge of the data it contains, but
does not alter or otherwise affect that flow. (See: wiretapping.
Compare: passive attack, active wiretapping.)
$ password
1a. (I) A secret data value, usually a character string, that is
presented to a system by a user to authenticate the user's
identity. (See: authentication information, challenge-response,
PIN, simple authentication.)
1b. (O) "A character string used to authenticate an identity."
[CSC2]
Shirey Informational [Page 214]
RFC 4949 Internet Security Glossary, Version 2 August 2007
1c. (O) "A string of characters (letters, numbers, and other
symbols) used to authenticate an identity or to verify access
authorization." [FP140]
1d. (O) "A secret that a claimant memorizes and uses to
authenticate his or her identity. Passwords are typically
character strings." [SP63]
Tutorial: A password is usually paired with a user identifier that
is explicit in the authentication process, although in some cases
the identifier may be implicit. A password is usually verified by
matching it to a stored value held by the access control system
for that identifier.
Using a password as authentication information is based on
assuming that the password is known only by the system entity for
which the identity is being authenticated. Therefore, in a network
environment where wiretapping is possible, simple authentication
that relies on transmission of static (i.e., repetitively used)
passwords in cleartext form is inadequate. (See: one-time
password, strong authentication.)
$ Password Authentication Protocol (PAP)
(I) A simple authentication mechanism in PPP. In PAP, a user
identifier and password are transmitted in cleartext form. [R1334]
(See: CHAP.)
$ password sniffing
(D) /slang/ Passive wiretapping to gain knowledge of passwords.
(See: Deprecated Usage under "sniffing".)
$ path discovery
(I) For a digital certificate, the process of finding a set of
public-key certificates that comprise a certification path from a
trusted key to that specific certificate.
$ path validation
(I) The process of validating (a) all of the digital certificates
in a certification path and (b) the required relationships between
those certificates, thus validating the contents of the last
certificate on the path. (See: certificate validation.)
Tutorial: To promote interoperable PKI applications in the
Internet, RFC 3280 specifies a detailed algorithm for validation
of a certification path.
Shirey Informational [Page 215]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ payment card
(N) /SET/ Collectively refers "to credit cards, debit cards,
charge cards, and bank cards issued by a financial institution and
which reflects a relationship between the cardholder and the
financial institution." [SET2]
$ payment gateway
(O) /SET/ A system operated by an acquirer, or a third party
designated by an acquirer, to provide electronic commerce services
to the merchants in support of the acquirer, and which interfaces
to the acquirer to support the authorization, capture, and
processing of merchant payment messages, including payment
instructions from cardholders. [SET1, SET2]
$ payment gateway certification authority (SET PCA)
(O) /SET/ A CA that issues digital certificates to payment
gateways and is operated on behalf of a payment card brand, an
acquirer, or another party according to brand rules. A SET PCA
issues a CRL for compromised payment gateway certificates. [SET2]
(See: PCA.)
$ PC card
(N) A type of credit card-sized, plug-in peripheral device that
was originally developed to provide memory expansion for portable
computers, but is also used for other kinds of functional
expansion. (See: FORTEZZA, PCMCIA.)
Tutorial: The international PC Card Standard defines a non-
proprietary form factor in three sizes -- Types I, II, and III --
each of which have a 68-pin interface between the card and the
socket into which it plugs. All three types have the same length
and width, roughly the size of a credit card, but differ in their
thickness from 3.3 to 10.5 mm. Examples include storage modules,
modems, device interface adapters, and cryptographic modules.
$ PCA
(D) Abbreviation of various kinds of "certification authority".
(See: Internet policy certification authority, (MISSI) policy
creation authority, (SET) payment gateway certification
authority.)
Deprecated Usage: An IDOC that uses this abbreviation SHOULD
define it at the point of first use.
$ PCI
(N) See: "protocol control information" under "protocol data
unit".
Shirey Informational [Page 216]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ PCMCIA
(N) Personal Computer Memory Card International Association, a
group of manufacturers, developers, and vendors, founded in 1989
to standardize plug-in peripheral memory cards for personal
computers and now extended to deal with any technology that works
in the PC Card form factor. (See: PC card.)
$ PDS
(N) See: protective distribution system.
$ PDU
(N) See: protocol data unit.
$ peer entity authentication
(I) "The corroboration that a peer entity in an association is the
one claimed." [I7498-2] (See: authentication.)
$ peer entity authentication service
(I) A security service that verifies an identity claimed by or for
a system entity in an association. (See: authentication,
authentication service.)
Tutorial: This service is used at the establishment of, or at
times during, an association to confirm the identity of one entity
to another, thus protecting against a masquerade by the first
entity. However, unlike data origin authentication service, this
service requires an association to exist between the two entities,
and the corroboration provided by the service is valid only at the
current time that the service is provided. (See: "relationship
between data integrity service and authentication services" under
"data integrity service").
$ PEM
(I) See: Privacy Enhanced Mail.
$ penetrate
1a. (I) Circumvent a system's security protections. (See: attack,
break, violation.)
1b. (I) Successfully and repeatedly gain unauthorized access to a
protected system resource. [Huff]
$ penetration
(I) /threat action/ See: secondary definition under "intrusion".
Shirey Informational [Page 217]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ penetration test
(I) A system test, often part of system certification, in which
evaluators attempt to circumvent the security features of a
system. [NCS04, SP42] (See: tiger team.)
Tutorial: Penetration testing evaluates the relative vulnerability
of a system to attacks and identifies methods of gaining access to
a system by using tools and techniques that are available to
adversaries. Testing may be performed under various constraints
and conditions, including a specified level of knowledge of the
system design and implementation. For a TCSEC evaluation, testers
are assumed to have all system design and implementation
documentation, including source code, manuals, and circuit
diagrams, and to work under no greater constraints than those
applied to ordinary users.
$ perfect forward secrecy
(I) For a key agreement protocol, the property that compromises
long-term keying material does not compromise session keys that
were previously derived from the long-term material. (Compare:
public-key forward secrecy.)
Usage: Some existing RFCs use this term but either do not define
it or do not define it precisely. While preparing this Glossary,
we found this to be a muddled area. Experts did not agree. For all
practical purposes, the literature defines "perfect forward
secrecy" by stating the Diffie-Hellman-Merkle algorithm. The term
"public-key forward secrecy" (suggested by Hilarie Orman) and the
definition stated for it in this Glossary were crafted to be
compatible with current Internet documents, yet be narrow and
leave room for improved terminology.
Challenge to the Internet security community: We need a taxonomy
of terms and definitions to cover the basic properties discussed
here for the full range of cryptographic algorithms and protocols
used in Internet Standards:
Involvement of session keys vs. long-term keys: Experts disagree
about the basic ideas involved:
- One concept of "forward secrecy" is that, given observations of
the operation of a key establishment protocol up to time t, and
given some of the session keys derived from those protocol
runs, you cannot derive unknown past session keys or future
session keys.
- A related property is that, given observations of the protocol
and knowledge of the derived session keys, you cannot derive
one or more of the long-term private keys.
Shirey Informational [Page 218]
RFC 4949 Internet Security Glossary, Version 2 August 2007
- The "I" definition presented above involves a third concept of
"forward secrecy" that refers to the effect of the compromise
of long-term keys.
- All three concepts involve the idea that a compromise of "this"
encryption key is not supposed to compromise the "next" one.
There also is the idea that compromise of a single key will
compromise only the data protected by the single key. In
Internet literature, the focus has been on protection against
decryption of back traffic in the event of a compromise of
secret key material held by one or both parties to a
communication.
Forward vs. backward: Experts are unhappy with the word "forward",
because compromise of "this" encryption key also is not supposed
to compromise the "previous" one, which is "backward" rather than
forward. In S/KEY, if the key used at time t is compromised, then
all keys used prior to that are compromised. If the "long-term"
key (i.e., the base of the hashing scheme) is compromised, then
all keys past and future are compromised; thus, you could say that
S/KEY has neither forward nor backward secrecy.
Asymmetric cryptography vs. symmetric: Experts disagree about
forward secrecy in the context of symmetric cryptographic systems.
In the absence of asymmetric cryptography, compromise of any long-
term key seems to compromise any session key derived from the
long-term key. For example, Kerberos isn't forward secret, because
compromising a client's password (thus compromising the key shared
by the client and the authentication server) compromises future
session keys shared by the client and the ticket-granting server.
Ordinary forward secrecy vs. "perfect" forward secret: Experts
disagree about the difference between these two. Some say there is
no difference, and some say that the initial naming was
unfortunate and suggest dropping the word "perfect". Some suggest
using "forward secrecy" for the case where one long-term private
key is compromised, and adding "perfect" for when both private
keys (or, when the protocol is multi-party, all private keys) are
compromised.
Acknowledgements: Bill Burr, Burt Kaliski, Steve Kent, Paul Van
Oorschot, Jonathan Trostle, Michael Wiener, and, especially,
Hilarie Orman contributed ideas to this discussion.
$ perimeter
See: security perimeter.
Shirey Informational [Page 219]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ periods processing
(I) A mode of system operation in which information of different
sensitivities is processed at distinctly different times by the
same system, with the system being properly purged or sanitized
between periods. (See: color change.)
Tutorial: The security mode of operation and maximum
classification of data handled by the system is established for an
interval of time and then is changed for the following interval of
time. A period extends from the secure initialization of the
system to the completion of any purging of sensitive data handled
by the system during the period.
$ permanent storage
(I) Non-volatile media that, once written into, can never be
completely erased.
$ permission
1a. (I) Synonym for "authorization". (Compare: privilege.)
1b. (N) An authorization or set of authorizations to perform
security-relevant functions in the context of role-based access
control. [ANSI]
Tutorial: A permission is a positively stated authorization for
access that (a) can be associated with one or more roles and (b)
enables a user in a role to access a specified set of system
resources by causing a specific set of system actions to be
performed on the resources.
$ persona certificate
(I) An X.509 certificate issued to a system entity that wishes to
use a persona to conceal its true identity when using PEM or other
Internet services that depend on PKI support. (See: anonymity.)
[R1422]
Tutorial: PEM designers intended that (a) a CA issuing persona
certificates would explicitly not be vouching for the identity of
the system entity to whom the certificate is issued, (b) such
certificates would be issued only by CAs subordinate to a policy
CA having a policy stating that purpose (i.e., that would warn
relying parties that the "subject" field DN represented only a
persona and not a true, vetted user identity), and (c) the CA
would not need to maintain records binding the true identity of
the subject to the certificate.
Shirey Informational [Page 220]
RFC 4949 Internet Security Glossary, Version 2 August 2007
However, the PEM designers also intended that a CA issuing persona
certificates would establish procedures (d) to enable "the holder
of a PERSONA certificate to request that his certificate be
revoked" and (e) to ensure that it did not issue the same subject
DN to multiple users. The latter condition implies that a persona
certificate is not an organizational certificate unless the
organization has just one member or representative.
$ personal identification number (PIN)
1a. (I) A character string used as a password to gain access to a
system resource. (See: authentication information.)
Example: A cryptographic token typically requires its user to
enter a PIN in order to access information stored in the token and
invoke the token's cryptographic functions.
1b. (O) An alphanumeric code or password used to authenticate an
identity.
Tutorial: Despite the words "identification" and "number", a PIN
seldom serves as a user identifier, and a PIN's characters are not
necessarily all numeric. Retail banking applications use 4-digit
numeric user PINs, but the FORTEZZA PC card uses 12-character
alphanumeric SSO PINs. (See: SSO PIN, user PIN.)
A better name for this concept would have been "personnel
authentication system string" (PASS), in which case, an
alphanumeric character string for this purpose would have been
called, obviously, a "PASSword".
$ personal information
(I) Information about a particular person, especially information
of an intimate or critical nature, that could cause harm or pain
to that person if disclosed to unauthorized parties. Examples:
medical record, arrest record, credit report, academic transcript,
training report, job application, credit card number, Social
Security number. (See: privacy.)
$ personality
1. (I) Synonym for "principal".
2. (O) /MISSI/ A set of MISSI X.509 public-key certificates that
have the same subject DN, together with their associated private
keys and usage specifications, that is stored on a FORTEZZA PC
card to support a role played by the card's user.
Tutorial: When a card's user selects a personality to use in a
FORTEZZA-aware application, the data determines behavior traits
Shirey Informational [Page 221]
RFC 4949 Internet Security Glossary, Version 2 August 2007
(the personality) of the application. A card's user may have
multiple personalities on the card. Each has a "personality
label", a user-friendly character string that applications can
display to the user for selecting or changing the personality to
be used. For example, a military user's card might contain three
personalities: GENERAL HALFTRACK, COMMANDER FORT SWAMPY, and NEW
YEAR'S EVE PARTY CHAIRMAN. Each personality includes one or more
certificates of different types (such as DSA versus RSA), for
different purposes (such as digital signature versus encryption),
or with different authorizations.
$ personnel authentication system string (PASS)
(N) See: Tutorial under "personal identification number".
$ personnel security
(I) Procedures to ensure that persons who access a system have
proper clearance, authorization, and need-to-know as required by
the system's security policy. (See: security architecture.)
$ PGP(trademark)
(O) See: Pretty Good Privacy(trademark).
$ phase 1 negotiation
$ phase 2 negotiation
(I) /ISAKMP/ See: secondary definition under "Internet Security
Association and Key Management Protocol".
$ phishing
(D) /slang/ A technique for attempting to acquire sensitive data,
such as bank account numbers, through a fraudulent solicitation in
email or on a Web site, in which the perpetrator masquerades as a
legitimate business or reputable person. (See: social
engineering.)
Derivation: Possibly from "phony fishing"; the solicitation
usually involves some kind of lure or bait to hook unwary
recipients. (Compare: phreaking.)
Deprecated Term: IDOCs SHOULD NOT use this term; it is not listed
in most dictionaries and could confuse international readers.
(See: Deprecated Usage under "Green Book".)
$ Photuris
(I) A UDP-based, key establishment protocol for session keys,
designed for use with the IPsec protocols AH and ESP. Superseded
by IKE.
Shirey Informational [Page 222]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ phreaking
(D) A contraction of "telephone breaking". An attack on or
penetration of a telephone system or, by extension, any other
communication or information system. [Raym]
Deprecated Term: IDOCs SHOULD NOT use this contraction; it is not
listed in most dictionaries and could confuse international
readers. (See: Deprecated Usage under "Green Book".)
$ physical destruction
(I) /threat action/ See: secondary definition under
"incapacitation".
$ physical security
(I) Tangible means of preventing unauthorized physical access to a
system. Examples: Fences, walls, and other barriers; locks, safes,
and vaults; dogs and armed guards; sensors and alarm bells.
[FP031, R1455] (See: security architecture.)
$ piggyback attack
(I) A form of active wiretapping in which the attacker gains
access to a system via intervals of inactivity in another user's
legitimate communication connection. Sometimes called a "between-
the-lines" attack. (See: hijack attack, man-in-the-middle attack.)
Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term could confuse international
readers.
$ PIN
(I) See: personal identification number.
$ ping of death
(D) A denial-of-service attack that sends an improperly large ICMP
echo request packet (a "ping") with the intent of causing the
destination system to fail. (See: ping sweep, teardrop.)
Deprecated Term: IDOCs SHOULD NOT use this term; instead, use
"ping packet overflow attack" or some other term that is specific
with regard to the attack mechanism.
Tutorial: This attack seeks to exploit an implementation
vulnerability. The IP specification requires hosts to be prepared
to accept datagrams of up to 576 octets, but also permits IP
datagrams to be up to 65,535 octets long. If an IP implementation
does not properly handle very long IP packets, the ping packet may
overflow the input buffer and cause a fatal system error.
Shirey Informational [Page 223]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ ping sweep
(I) An attack that sends ICMP echo requests ("pings") to a range
of IP addresses, with the goal of finding hosts that can be probed
for vulnerabilities. (See: ping of death. Compare: port scan.)
$ PKCS
(N) See: Public-Key Cryptography Standards.
$ PKCS #5
(N) A standard [PKC05] (see: RFC 2898) from the PKCS series;
defines a method for encrypting an octet string with a secret key
derived from a password.
Tutorial: Although the method can be used for arbitrary octet
strings, its intended primary application in public-key
cryptography is for encrypting private keys when transferring them
from one computer system to another, as described in PKCS #8.
$ PKCS #7
(N) A standard [PKC07] (see: RFC 2315) from the PKCS series;
defines a syntax for data that may have cryptography applied to
it, such as for digital signatures and digital envelopes. (See:
CMS.)
$ PKCS #10
(N) A standard [PKC10] (see: RFC 2986) from the PKCS series;
defines a syntax for certification requests. (See: certification
request.)
Tutorial: A PKCS #10 request contains a DN and a public key, and
may contain other attributes, and is signed by the entity making
the request. The request is sent to a CA, who converts it to an
X.509 public-key certificate (or some other form), and returns it,
possibly in PKCS #7 format.
$ PKCS #11
(N) A standard [PKC11] from the PKCS series; defines CAPI called
"Cryptoki" for devices that hold cryptographic information and
perform cryptographic functions.
$ PKI
(I) See: public-key infrastructure.
$ PKINIT
(I) Abbreviation for "Public Key Cryptography for Initial
Authentication in Kerberos" (RFC 4556). (See: Tutorial under
"Kerberos".)
Shirey Informational [Page 224]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ PKIX
1a. (I) A contraction of "Public-Key Infrastructure (X.509)", the
name of the IETF working group that is specifying an architecture
[R3280] and set of protocols [R4210] to provide X.509-based PKI
services for the Internet.
1b. (I) A collective name for that Internet PKI architecture and
associated set of protocols.
Tutorial: The goal of PKIX is to facilitate the use of X.509
public-key certificates in multiple Internet applications and to
promote interoperability between different implementations that
use those certificates. The resulting PKI is intended to provide a
framework that supports a range of trust and hierarchy
environments and a range of usage environments. PKIX specifies (a)
profiles of the v3 X.509 public-key certificate standards and the
v2 X.509 CRL standards for the Internet, (b) operational protocols
used by relying parties to obtain information such as certificates
or certificate status, (c) management protocols used by system
entities to exchange information needed for proper management of
the PKI, and (d) information about certificate policies and CPSs,
covering the areas of PKI security not directly addressed in the
rest of PKIX.
$ plain text
1. (I) /noun/ Data that is input to an encryption process. (See:
plaintext. Compare: cipher text, clear text.)
2. (D) /noun/ Synonym for "clear text".
Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "clear text". Sometimes plain text that is input to an
encryption operation is clear text, but other times plain text is
cipher text that was output from a previous encryption operation.
(See: superencryption.)
$ plaintext
1. (O) /noun/ Synonym for "plain text".
2. (I) /adjective/ Referring to plain text. Usage: Commonly used
instead of "plain-text". (Compare: ciphertext, cleartext.)
3. (D) /noun/ Synonym for "cleartext".
Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "cleartext". Cleartext data is, by definition, not encrypted;
but plaintext data that is input to an encryption operation may be
Shirey Informational [Page 225]
RFC 4949 Internet Security Glossary, Version 2 August 2007
cleartext data or may be ciphertext data that was output from a
previous encryption operation. (See: superencryption.)
$ PLI
(I) See: Private Line Interface.
$ PMA
(N) See: policy management authority.
$ Point-to-Point Protocol (PPP)
(I) An Internet Standard protocol (RFC 1661) for encapsulation and
full-duplex transportation of protocol data packets in OSIRM Layer
3 over an OSIRM Layer 2 link between two peers, and for
multiplexing different Layer 3 protocols over the same link.
Includes optional negotiation to select and use a peer entity
authentication protocol to authenticate the peers to each other
before they exchange Layer 3 data. (See: CHAP, EAP, PAP.)
$ Point-to-Point Tunneling Protocol (PPTP)
(I) An Internet client-server protocol (RFC 2637) (originally
developed by Ascend and Microsoft) that enables a dial-up user to
create a virtual extension of the dial-up link across a network by
tunneling PPP over IP. (See: L2TP.)
Tutorial: PPP can encapsulate any IPS Network Interface Layer
protocol or OSIRM Layer 3 protocol. Therefore, PPTP does not
specify security services; it depends on protocols above and below
it to provide any needed security. PPTP makes it possible to
divorce the location of the initial dial-up server (i.e., the PPTP
Access Concentrator, the client, which runs on a special-purpose
host) from the location at which the dial-up protocol (PPP)
connection is terminated and access to the network is provided
(i.e., at the PPTP Network Server, which runs on a general-purpose
host).
$ policy
1a. (I) A plan or course of action that is stated for a system or
organization and is intended to affect and direct the decisions
and deeds of that entity's components or members. (See: security
policy.)
1b. (O) A definite goal, course, or method of action to guide and
determine present and future decisions, that is implemented or
executed within a particular context, such as within a business
unit. [R3198]
Deprecated Abbreviation: IDOCs SHOULD NOT use "policy" as an
abbreviation of either "security policy" or "certificate policy".
Shirey Informational [Page 226]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Instead, to avoid misunderstanding, use a fully qualified term, at
least at the point of first usage.
Tutorial: The introduction of new technology to replace
traditional systems can result in new systems being deployed
without adequate policy definition and before the implications of
the new technology are fully understand. In some cases, it can be
difficult to establish policies for new technology before the
technology has been operationally tested and evaluated. Thus,
policy changes tend to lag behind technological changes, such that
either old policies impede the technical innovation, or the new
technology is deployed without adequate policies to govern its
use.
When new technology changes the ways that things are done, new
"procedures" must be defined to establish operational guidelines
for using the technology and achieving satisfactory results, and
new "practices" must be established for managing new systems and
monitoring results. Practices and procedures are more directly
coupled to actual systems and business operations than are
polices, which tend to be more abstract.
- "Practices" define how a system is to be managed and what
controls are in place to monitor the system and detect abnormal
behavior or quality problems. Practices are established to
ensure that a system is managed in compliance with stated
policies. System audits are primarily concerned with whether or
not practices are being followed. Auditors evaluate the
controls to make sure they conform to accepted industry
standards, and then confirm that controls are in place and that
control measurements are being gathered. Audit trails are
examples of control measurements that are recorded as part of
system operations.
- "Procedures" define how a system is operated, and relate
closely to issues of what technology is used, who the operators
are, and how the system is deployed physically. Procedures
define both normal and abnormal operating circumstances.
- For every control defined by a practice statement, there should
be corresponding procedures to implement the control and
provide ongoing measurement of the control parameters.
Conversely, procedures require management practices to insure
consistent and correct operational behavior.
$ policy approval authority
(D) /PKI/ Synonym for "policy management authority". [PAG]
Deprecated Term: IDOCs SHOULD NOT use this term as synonym for
"policy management authority". The term suggests a limited,
passive role that is not typical of PMAs.
Shirey Informational [Page 227]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ policy approving authority (PAA)
(O) /MISSI/ The top-level signing authority of a MISSI
certification hierarchy. The term refers both to that
authoritative office or role and to the person who plays that
role. (See: policy management authority, root registry.)
Tutorial: A MISSI PAA (a) registers MISSI PCAs and signs their
X.509 public-key certificates, (b) issues CRLs but does not issue
a CKL, and (c) may issue cross-certificates to other PAAs.
$ policy authority
(D) /PKI/ Synonym for "policy management authority". [PAG]
Deprecated Term: IDOCs SHOULD NOT use this term as synonym for
"policy management authority". The term is unnecessarily vague and
thus may be confused with other PKI entities, such as CAs and RAs,
that enforce of apply various aspects of PKI policy.
$ policy certification authority (Internet PCA)
(I) An X.509-compliant CA at the second level of the Internet
certification hierarchy, under the IPRA. Each PCA operates under
its published security policy (see: certificate policy, CPS) and
within constraints established by the IPRA for all PCAs. [R1422].
(See: policy creation authority.)
$ policy creation authority (MISSI PCA)
(O) /MISSI/ The second level of a MISSI certification hierarchy;
the administrative root of a security policy domain of MISSI users
and other, subsidiary authorities. The term refers both to that
authoritative office or role and to the person who fills that
office. (See: policy certification authority.)
Tutorial: A MISSI PCA's certificate is issued by a PAA. The PCA
registers the CAs in its domain, defines their configurations, and
issues their X.509 public-key certificates. (The PCA may also
issue certificates for SCAs, ORAs, and other end entities, but a
PCA does not usually do this.) The PCA periodically issues CRLs
and CKLs for its domain.
$ policy management authority (PMA)
(I) /PKI/ A person, role, or organization within a PKI that is
responsible for (a) creating or approving the content of the
certificate policies and CPSs that are used in the PKI; (b)
ensuring the administration of those policies; and (c) approving
any cross-certification or interoperability agreements with CAs
external to the PKI and any related policy mappings. The PMA may
also be the accreditor for the PKI as a whole or for some of its
Shirey Informational [Page 228]
RFC 4949 Internet Security Glossary, Version 2 August 2007
components or applications. [DoD9, PAG] (See: policy approving
authority.)
Example: In the U.S. Department of Defense, an organization called
the Policy Management Authority is responsible for DoD PKI [DoD9].
$ policy mapping
(I) "Recognizing that, when a CA in one domain certifies a CA in
another domain, a particular certificate policy in the second
domain may be considered by the authority of the first domain to
be equivalent (but not necessarily identical in all respects) to a
particular certificate policy in the first domain." [X509]
$ policy rule
(I) A building block of a security policy; it (a) defines a set of
system conditions and (b) specifies a set of system actions that
are to be performed if those conditions occur. [R3198]
$ POP3
(I) See: Post Office Protocol, version 3.
$ POP3 APOP
(I) A POP3 command (better described as a transaction type, or
subprotocol) by which a POP3 client optionally uses a keyed hash
(based on MD5) to authenticate itself to a POP3 server and,
depending on the server implementation, to protect against replay
attacks. (See: CRAM, POP3 AUTH, IMAP4 AUTHENTICATE.)
Tutorial: The server includes a unique time stamp in its greeting
to the client. The subsequent APOP command sent by the client to
the server contains the client's name and the hash result of
applying MD5 to a string formed from both the time stamp and a
shared secret value that is known only to the client and the
server. APOP was designed to provide an alternative to using
POP3's USER and PASS (i.e., password) command pair, in which the
client sends a cleartext password to the server.
$ POP3 AUTH
(I) A POP3 command [R1734] (better described as a transaction
type, or subprotocol) by which a POP3 client optionally proposes a
mechanism to a POP3 server to authenticate the client to the
server and provide other security services. (See: POP3 APOP, IMAP4
AUTHENTICATE.)
Tutorial: If the server accepts the proposal, the command is
followed by performing a challenge-response authentication
protocol and, optionally, negotiating a protection mechanism for
Shirey Informational [Page 229]
RFC 4949 Internet Security Glossary, Version 2 August 2007
subsequent POP3 interactions. The security mechanisms used by POP3
AUTH are those used by IMAP4.
$ port scan
(I) A technique that sends client requests to a range of service
port addresses on a host. (See: probe. Compare: ping sweep.)
Tutorial: A port scan can be used for pre-attack surveillance,
with the goal of finding an active port and subsequently
exploiting a known vulnerability of that port's service. A port
scan can also be used as a flooding attack.
$ positive authorization
(I) The principle that a security architecture should be designed
so that access to system resources is permitted only when
explicitly granted; i.e., in the absence of an explicit
authorization that grants access, the default action shall be to
refuse access. (See: authorization, access.)
$ POSIX
(N) Portable Operating System Interface for Computer Environments,
a standard [FP151, I9945] (originally IEEE Standard P1003.1) that
defines an operating system interface and environment to support
application portability at the source code level. It is intended
to be used by both application developers and system implementers.
Tutorial: P1003.1 supports security functionality like that on
most UNIX systems, including discretionary access control and
privileges. IEEE Draft Standard P1003.6 specifies additional
functionality not provided in the base standard, including (a)
discretionary access control, (b) audit trail mechanisms, (c)
privilege mechanisms, (d) mandatory access control, and (e)
information label mechanisms.
$ Post Office Protocol, version 3 (POP3)
(I) An Internet Standard protocol (RFC 1939) by which a client
workstation can dynamically access a mailbox on a server host to
retrieve mail messages that the server has received and is holding
for the client. (See: IMAP4.)
Tutorial: POP3 has mechanisms for optionally authenticating a
client to a server and providing other security services. (See:
POP3 APOP, POP3 AUTH.)
$ PPP
(I) See: Point-to-Point Protocol.
Shirey Informational [Page 230]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ PPTP
(I) See: Point-to-Point Tunneling Protocol.
$ preauthorization
(N) /PKI/ A CAW feature that enables certification requests to be
automatically validated against data provided in advance to the CA
by an authorizing entity.
$ precedence
1. (I) /information system/ A ranking assigned to events or data
objects that determines the relative order in which they are
processed.
2. (N) /communication system/ A designation assigned to a
communication (i.e., packet, message, data stream, connection,
etc.) by the originator to state the importance or urgency of that
communication versus other communications, and thus indicate to
the transmission system the relative order of handling, and
indicate to the receiver the order in which the communication is
to be noted. [F1037] (See: availability, critical, preemption.)
Example: The "Precedence" subfield of the "Type of Service" field
of the IPv4 header supports the following designations (in
descending order of importance): 111 Network Control, 110
Internetwork Control, 101 CRITIC/ECP (Critical Intelligence
Communication/Emergency Command Precedence), 100 Flash Override,
011 Flash, 010 Immediate, 001 Priority, and 000 Routine. These
designations were adopted from U.S. DoD systems that existed
before ARPANET.
$ preemption
(N) The seizure, usually automatic, of system resources that are
being used to serve a lower-precedence communication, in order to
serve immediately a higher-precedence communication. [F1037]
$ Pretty Good Privacy(trademark) (PGP(trademark))
(O) Trademarks of Network Associates, Inc., referring to a
computer program (and related protocols) that uses cryptography to
provide data security for electronic mail and other applications
on the Internet. (Compare: DKIM, MOSS, MSP, PEM, S/MIME.)
Tutorial: PGP encrypts messages with a symmetric algorithm
(originally, IDEA in CFB mode), distributes the symmetric keys by
encrypting them with an asymmetric algorithm (originally, RSA),
and creates digital signatures on messages with a cryptographic
hash and an asymmetric encryption algorithm (originally, MD5 and
RSA). To establish ownership of public keys, PGP depends on the
"web of trust".
Shirey Informational [Page 231]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ prevention
(I) See: secondary definition under "security".
$ primary account number (PAN)
(O) /SET/ "The assigned number that identifies the card issuer and
cardholder. This account number is composed of an issuer
identification number, an individual account number
identification, and an accompanying check digit as defined by ISO
7812-1985." [SET2, I7812] (See: bank identification number.)
Tutorial: The PAN is embossed, encoded, or both on a magnetic-
strip-based credit card. The PAN identifies the issuer to which a
transaction is to be routed and the account to which it is to be
applied unless specific instructions indicate otherwise. The
authority that assigns the BIN part of the PAN is the American
Bankers Association.
$ principal
(I) A specific identity claimed by a user when accessing a system.
Usage: Usually understood to be an identity that is registered in
and authenticated by the system; equivalent to the notion of login
account identifier. Each principal is normally assigned to a
single user, but a single user may be assigned (or attempt to use)
more than one principal. Each principal can spawn one or more
subjects, but each subject is associated with only one principal.
(Compare: role, subject, user.)
(I) /Kerberos/ A uniquely identified (i.e., uniquely named) client
or server instance that participates in a network communication.
$ priority
(I) /information system/ Precedence for processing an event or
data object, determined by security importance or other factors.
(See: precedence.)
$ privacy
1. (I) The right of an entity (normally a person), acting in its
own behalf, to determine the degree to which it will interact with
its environment, including the degree to which the entity is
willing to share its personal information with others. (See:
HIPAA, personal information, Privacy Act of 1974. Compare:
anonymity, data confidentiality.) [FP041]
2. (O) "The right of individuals to control or influence what
information related to them may be collected and stored and by
whom and to whom that information may be disclosed." [I7498-2]
Shirey Informational [Page 232]
RFC 4949 Internet Security Glossary, Version 2 August 2007
3. (D) Synonym for "data confidentiality".
Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
for "data confidentiality" or "data confidentiality service",
which are different concepts. Privacy is a reason for security
rather than a kind of security. For example, a system that stores
personal data needs to protect the data to prevent harm,
embarrassment, inconvenience, or unfairness to any person about
whom data is maintained, and to protect the person's privacy. For
that reason, the system may need to provide data confidentiality
service.
Tutorial: The term "privacy" is used for various separate but
related concepts, including bodily privacy, territorial privacy,
personal information privacy, and communication privacy. IDOCs are
expected to address only communication privacy, which in this
Glossary is defined primarily by "data confidentiality" and
secondarily by "data integrity".
IDOCs are not expected to address information privacy, but this
Glossary provides definition 1 for that concept because personal
information privacy is often confused with communication privacy.
IDOCs are not expected to address bodily privacy or territorial
privacy, and this Glossary does not define those concepts because
they are not easily confused with communication privacy.
$ Privacy Act of 1974
(O) A U.S. Federal law (Section 552a of Title 5, United States
Code) that seeks to balance the U.S. Government's need to maintain
data about individuals with the rights of individuals to be
protected against unwarranted invasions of their privacy stemming
from federal agencies' collection, maintenance, use, and
disclosure of personal data. (See: privacy.)
Tutorial: In 1974, the U.S. Congress was concerned with the
potential for abuses that could arise from the Government's
increasing use of computers to store and retrieve personal data.
Therefore, the Act has four basic policy objectives:
- To restrict disclosure of personally identifiable records
maintained by Federal agencies.
- To grant individuals increased rights of access to Federal
agency records maintained on themselves.
- To grant individuals the right to seek amendment of agency
records maintained on themselves upon a showing that the
records are not accurate, relevant, timely, or complete.
- To establish a code of "fair information practices" that
requires agencies to comply with statutory norms for
collection, maintenance, and dissemination of records.
Shirey Informational [Page 233]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ Privacy Enhanced Mail (PEM)
(I) An Internet protocol to provide data confidentiality, data
integrity, and data origin authentication for electronic mail.
[R1421, R1422]. (Compare: DKIM, MOSS, MSP, PGP, S/MIME.)
Tutorial: PEM encrypts messages with a symmetric algorithm
(originally, DES in CBC mode), provides distribution for the
symmetric keys by encrypting them with an asymmetric algorithm
(originally, RSA), and signs messages with an asymmetric
encryption algorithm over a cryptographic hash (originally, RSA
over either MD2 or MD5). To establish ownership of public keys,
PEM uses a certification hierarchy, with X.509 public-key
certificates and X.509 CRLs that are signed with an asymmetric
encryption algorithm over a cryptographic hash (originally, RSA
over MD2).
PEM is designed to be compatible with a wide range of key
management methods, but is limited to specifying security services
only for text messages and, like MOSS, has not been widely
implemented in the Internet.
$ private component
(I) Synonym for "private key".
Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term;
instead, to avoid confusing readers, use "private key". However,
the term MAY be used when discussing a key pair; e.g., "A key pair
has a public component and a private component."
$ private extension
(I) See: secondary definition under "extension".
$ private key
1. (I) The secret component of a pair of cryptographic keys used
for asymmetric cryptography. (See: key pair, public key, secret
key.)
2. (O) In a public key cryptosystem, "that key of a user's key
pair which is known only by that user." [X509]
$ Private Line Interface (PLI)
(I) The first end-to-end packet encryption system for a computer
network, developed by BBN starting in 1975 for the U.S. DoD,
incorporating U.S. Government-furnished, military-grade COMSEC
equipment (TSEC/KG-34). [B1822] (Compare: IPLI.)
Shirey Informational [Page 234]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ privilege
1a. (I) /access control/ A synonym for "authorization". (See
authorization. Compare: permission.)
1b. (I) /computer platform/ An authorization to perform a
security-relevant function in the context of a computer's
operating system.
$ privilege management infrastructure
(O) "The infrastructure able to support the management of
privileges in support of a comprehensive authorization service and
in relationship with a" PKI; i.e., processes concerned with
attribute certificates. [X509]
Deprecated Usage: IDOCs SHOULD NOT use this term with this
definition. This definition is vague, and there is no consensus on
a more specific one.
$ privileged process
(I) A computer process that is authorized (and, therefore,
trusted) to perform some security-relevant functions that ordinary
processes are not. (See: privilege, trusted process.)
$ privileged user
(I) An user that has access to system control, monitoring, or
administration functions. (See: privilege, /UNIX/ under "root",
superuser, user.)
Tutorial: Privileged users include the following types:
- Users with near or complete control of a system, who are
authorized to set up and administer user accounts, identifiers,
and authentication information, or are authorized to assign or
change other users' access to system resources.
- Users that are authorized to change control parameters (e.g.,
network addresses, routing tables, processing priorities) on
routers, multiplexers, and other important equipment.
- Users that are authorized to monitor or perform troubleshooting
for a system's security functions, typically using special
tools and features that are not available to ordinary users.
$ probe
(I) /verb/ A technique that attempts to access a system to learn
something about the system. (See: port scan.)
Tutorial: The purpose of a probe may be offensive, e.g., an
attempt to gather information for circumventing the system's
protections; or the purpose may be defensive, e.g., to verify that
the system is working properly.
Shirey Informational [Page 235]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ procedural security
(D) Synonym for "administrative security".
Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"administrative security". The term may be misleading because any
type of security may involve procedures, and procedures may be
either external to the system or internal. Instead, use
"administrative security", "communication security", "computer
security", "emanations security", "personnel security", "physical
security", or whatever specific type is meant. (See: security
architecture.)
$ profile
See: certificate profile, protection profile.
$ proof-of-possession protocol
(I) A protocol whereby a system entity proves to another that it
possesses and controls a cryptographic key or other secret
information. (See: zero-knowledge proof.)
$ proprietary
(I) Refers to information (or other property) that is owned by an
individual or organization and for which the use is restricted by
that entity.
$ protected checksum
(I) A checksum that is computed for a data object by means that
protect against active attacks that would attempt to change the
checksum to make it match changes made to the data object. (See:
digital signature, keyed hash, Tutorial under "checksum".)
$ protective packaging
(N) "Packaging techniques for COMSEC material that discourage
penetration, reveal a penetration has occurred or was attempted,
or inhibit viewing or copying of keying material prior to the time
it is exposed for use." [C4009] (See: tamper-evident, tamper-
resistant. Compare: QUADRANT.)
$ protection authority
(I) See: secondary definition under "Internet Protocol Security
Option".
$ protection level
(N) /U.S. Government/ An indication of the trust that is needed in
a system's technical ability to enforce security policy for
confidentiality. (Compare: /system operation/ under "mode of
operation".)
Shirey Informational [Page 236]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: An organization's security policy could define
protection levels that are based on comparing (a) the sensitivity
of information handled by a system to (b) the authorizations of
users that receive information from the system without manual
intervention and reliable human review. For each level, the policy
could specify security features and assurances that must be
included in any system that was intended to operate at that level.
Example: Given some set of data objects that are classified at one
or more hierarchical levels and in one or more non-hierarchical
categories, the following table defines five protection levels for
systems that would handle that data. Beginning with PL1 and
evolving to PL5, each successive level would require stronger
features and assurances to handle the dataset. (See: clearance,
formal access approval, and need-to-know.)
Lowest Clearance Formal Access Need-To-Know
Among All Users Approval of Users of Users
+-------------------+-------------------+-------------------+
PL5 | Some user has no | [Does not matter.]| [Does not matter.]|
High | clearance at all. | | |
+-------------------+-------------------+-------------------+
PL4 | All are cleared | [Does not matter.]| [Does not matter.]|
| for some data. | | |
+-------------------+-------------------+-------------------+
PL3 | All are cleared | Some not approved | [Does not matter.]|
| for all data. | for all data. | |
+-------------------+-------------------+-------------------+
PL2 | All are cleared | All are approved | Some don't need to|
| for all data. | for all data. | to know all data. |
+-------------------+-------------------+-------------------+
PL1 | All are cleared | All are approved | All have a need |
Low | for all data. | for all data. | to know all data. |
+-------------------+-------------------+-------------------+
Each of these protection levels can be viewed as being equivalent to
one or more modes of system operation defined in this Glossary:
- PL5 is equivalent to multilevel security mode.
- PL4 is equivalent to either multilevel or compartmented
security mode, depending on the details of users' clearances.
- PL3 is equivalent to partitioned security mode.
- PL2 is equivalent to system-high security mode.
- PL1 is equivalent to dedicated security mode.
$ protection profile
(N) /Common Criteria/ An implementation-independent set of
security requirements for a category of targets of evaluation that
Shirey Informational [Page 237]
RFC 4949 Internet Security Glossary, Version 2 August 2007
meet specific consumer needs. [CCIB] Example: [IDSAN]. (See:
target of evaluation. Compare: certificate profile, package.)
Tutorial: A protection profile (PP) is the kind of document used
by consumers to specify functional requirements they want in a
product, and a security target (ST) is the kind of document used
by vendors to make functional claims about a product.
A PP is intended to be a reusable statement of product security
needs, which are known to be useful and effective, for a set of
information technology security products that could be built. A PP
contains a set of security requirements, preferably taken from the
catalogs in Parts 2 and 3 of the Common Criteria, and should
include an EAL. A PP could be developed by user communities,
product developers, or any other parties interested in defining a
common set of requirements.
$ protection ring
(I) One of a hierarchy of privileged operation modes of a system
that gives certain access rights to processes authorized to
operate in that mode. (See: Multics.)
$ protective distribution system (PDS)
(N) A wireline or fiber-optic communication system used to
transmit cleartext classified information through an area of
lesser classification or control. [N7003]
$ protocol
1a. (I) A set of rules (i.e., formats and procedures) to implement
and control some type of association (e.g., communication) between
systems. Example: Internet Protocol.
1b. (I) A series of ordered computing and communication steps that
are performed by two or more system entities to achieve a joint
objective. [A9042]
$ protocol control information (PCI)
(N) See: secondary definition under "protocol data unit".
$ protocol data unit (PDU)
(N) A data packet that is defined for peer-to-peer transfers in a
protocol layer.
Tutorial: A PDU consists of two disjoint subsets of data: the SDU
and the PCI. (Although these terms -- PDU, SDU, and PCI --
originated in the OSIRM, they are also useful and permissible in
an IPS context.)
Shirey Informational [Page 238]
RFC 4949 Internet Security Glossary, Version 2 August 2007
- The "service data unit" (SDU) in a packet is data that the
protocol transfers between peer protocol entities on behalf of
the users of that layer's services. For Layers 1 through 6, the
layer's users are peer protocol entities at a higher layer; for
Layer 7, the users are application entities outside the scope
of the OSIRM.
- The "protocol control information" (PCI) in a packet is data
that peer protocol entities exchange between themselves to
control their joint operation of the layer.
$ protocol suite
(I) A complementary collection of communication protocols used in
a computer network. (See: IPS, OSI.)
$ proxy
1. (I) A computer process that acts on behalf of a user or client.
2. (I) A computer process -- often used as, or as part of, a
firewall -- that relays application transactions or a protocol
between client and server computer systems, by appearing to the
client to be the server and appearing to the server to be the
client. (See: SOCKS.)
Tutorial: In a firewall, a proxy server usually runs on a bastion
host, which may support proxies for several applications and
protocols (e.g., FTP, HTTP, and TELNET). Instead of a client in
the protected enclave connecting directly to an external server,
the internal client connects to the proxy server, which in turn
connects to the external server. The proxy server waits for a
request from inside the firewall, forwards the request to the
server outside the firewall, gets the response, then sends the
response back to the client. The proxy may be transparent to the
clients, or they may need to connect first to the proxy server,
and then use that association to also initiate a connection to the
real server.
Proxies are generally preferred over SOCKS for their ability to
perform caching, high-level logging, and access control. A proxy
can provide security service beyond that which is normally part of
the relayed protocol, such as access control based on peer entity
authentication of clients, or peer entity authentication of
servers when clients do not have that ability. A proxy at OSIRM
Layer 7 can also provide finer-grained security service than can a
filtering router at Layer 3. For example, an FTP proxy could
permit transfers out of, but not into, a protected network.
Shirey Informational [Page 239]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ proxy certificate
(I) An X.509 public-key certificate derived from an end-entity
certificate, or from another proxy certificate, for the purpose of
establishing proxies and delegating authorizations in the context
of a PKI-based authentication system. [R3820]
Tutorial: A proxy certificate has the following properties:
- It contains a critical extension that (a) identifies it as a
proxy certificate and (b) may contain a certification path
length constraint and policy constraints.
- It contains the public component of a key pair that is distinct
from that associated with any other certificate.
- It is signed by the private component of a key pair that is
associated with an end-entity certificate or another proxy
certificate.
- Its associated private key can be used to sign only other proxy
certificates (not end-entity certificates).
- Its "subject" DN is derived from its "issuer" DN and is unique.
- Its "issuer" DN is the "subject" DN of an end-entity
certificate or another proxy certificate.
$ pseudorandom
(I) A sequence of values that appears to be random (i.e.,
unpredictable) but is actually generated by a deterministic
algorithm. (See: compression, random, random number generator.)
$ pseudorandom number generator
(I) See: secondary definition under "random number generator".
$ public component
(I) Synonym for "public key".
Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term;
to avoid confusing readers, use "private key" instead. However,
the term MAY be used when discussing a key pair; e.g., "A key pair
has a public component and a private component."
$ public key
1. (I) The publicly disclosable component of a pair of
cryptographic keys used for asymmetric cryptography. (See: key
pair. Compare: private key.)
2. (O) In a public key cryptosystem, "that key of a user's key
pair which is publicly known." [X509]
Shirey Informational [Page 240]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ public-key certificate
1. (I) A digital certificate that binds a system entity's
identifier to a public key value, and possibly to additional,
secondary data items; i.e., a digitally signed data structure that
attests to the ownership of a public key. (See: X.509 public-key
certificate.)
2. (O) "The public key of a user, together with some other
information, rendered unforgeable by encipherment with the private
key of the certification authority which issued it." [X509]
Tutorial: The digital signature on a public-key certificate is
unforgeable. Thus, the certificate can be published, such as by
posting it in a directory, without the directory having to protect
the certificate's data integrity.
$ public-key cryptography
(I) Synonym for "asymmetric cryptography".
$ Public-Key Cryptography Standards (PKCS)
(N) A series of specifications published by RSA Laboratories for
data structures and algorithms used in basic applications of
asymmetric cryptography. [PKCS] (See: PKCS #5 through PKCS #11.)
Tutorial: The PKCS were begun in 1991 in cooperation with industry
and academia, originally including Apple, Digital, Lotus,
Microsoft, Northern Telecom, Sun, and MIT. Today, the
specifications are widely used, but they are not sanctioned by an
official standards organization, such as ANSI, ITU-T, or IETF. RSA
Laboratories retains sole decision-making authority over the PKCS.
$ public-key forward secrecy (PFS)
(I) For a key-agreement protocol based on asymmetric cryptography,
the property that ensures that a session key derived from a set of
long-term public and private keys will not be compromised if one
of the private keys is compromised in the future. (See: Usage note
and other discussion under "perfect forward secrecy".)
$ public-key Kerberos
(I) See: Tutorial under "Kerberos", PKINIT.
$ public-key infrastructure (PKI)
1. (I) A system of CAs (and, optionally, RAs and other supporting
servers and agents) that perform some set of certificate
management, archive management, key management, and token
management functions for a community of users in an application of
asymmetric cryptography. (See: hierarchical PKI, mesh PKI,
security management infrastructure, trust-file PKI.)
Shirey Informational [Page 241]
RFC 4949 Internet Security Glossary, Version 2 August 2007
2. (I) /PKIX/ The set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke
digital certificates based on asymmetric cryptography.
Tutorial: The core PKI functions are (a) to register users and
issue their public-key certificates, (b) to revoke certificates
when required, and (c) to archive data needed to validate
certificates at a much later time. Key pairs for data
confidentiality may be generated (and perhaps escrowed) by CAs or
RAs, but requiring a PKI client to generate its own digital
signature key pair helps maintain system integrity of the
cryptographic system, because then only the client ever possesses
the private key it uses. Also, an authority may be established to
approve or coordinate CPSs, which are security policies under
which components of a PKI operate.
A number of other servers and agents may support the core PKI, and
PKI clients may obtain services from them, such as certificate
validation services. The full range of such services is not yet
fully understood and is evolving, but supporting roles may include
archive agent, certified delivery agent, confirmation agent,
digital notary, directory, key escrow agent, key generation agent,
naming agent who ensures that issuers and subjects have unique
identifiers within the PKI, repository, ticket-granting agent,
time-stamp agent, and validation agent.
$ purge
1. (I) Synonym for "erase".
2. (O) /U.S. Government/ Use degaussing or other methods to render
magnetically stored data unusable and irrecoverable by any means,
including laboratory methods. [C4009] (Compare: /U.S. Government/
erase.)
O <- 4. Definitions -> Q