V <- 4. Definitions -> X
W
$ W3
(D) Synonym for WWW.
Deprecated Abbreviation: This abbreviation could be confused with
W3C; use "WWW" instead.
$ W3C
(N) See: World Wide Web Consortium.
$ war dialer
(I) /slang/ A computer program that automatically dials a series
of telephone numbers to find lines connected to computer systems,
and catalogs those numbers so that a cracker can try to break the
systems.
Deprecated Usage: IDOCs that use this term SHOULD state a
definition for it because the term could confuse international
readers.
$ Wassenaar Arrangement
(N) The Wassenaar Arrangement on Export Controls for Conventional
Arms and Dual-Use Goods and Technologies is a global, multilateral
agreement approved by 33 countries in July 1996 to contribute to
regional and international security and stability, by promoting
information exchange concerning, and greater responsibility in,
transfers of arms and dual-use items, thus preventing
destabilizing accumulations. (See: International Traffic in Arms
Regulations.)
Tutorial: The Arrangement began operations in September 1996 with
headquarters in Vienna. The participating countries were
Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech
Republic, Denmark, Finland, France, Germany, Greece, Hungary,
Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand,
Norway, Poland, Portugal, Republic of Korea, Romania, Russian
Shirey Informational [Page 334]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey,
Ukraine, United Kingdom, and United States.
Participating countries seek through their national policies to
ensure that transfers do not contribute to the development or
enhancement of military capabilities that undermine the goals of
the arrangement, and are not diverted to support such
capabilities. The countries maintain effective export controls for
items on the agreed lists, which are reviewed periodically to
account for technological developments and experience gained.
Through transparency and exchange of views and information,
suppliers of arms and dual-use items can develop common
understandings of the risks associated with their transfer and
assess the scope for coordinating national control policies to
combat these risks. Members provide semi-annual notification of
arms transfers, covering seven categories derived from the UN
Register of Conventional Arms. Members also report transfers or
denials of transfers of certain controlled dual-use items.
However, the decision to transfer or deny transfer of any item is
the sole responsibility of each participating country. All
measures undertaken with respect to the arrangement are in
accordance with national legislation and policies and are
implemented on the basis of national discretion.
$ watermarking
See: digital watermarking.
$ weak key
(I) In the context of a particular cryptographic algorithm, a key
value that provides poor security. (See: strong.)
Example: The DEA has four "weak keys" [Schn] for which encryption
produces the same result as decryption. It also has ten pairs of
"semi-weak keys" [Schn] (a.k.a. "dual keys" [FP074]) for which
encryption with one key in the pair produces the same result as
decryption with the other key.
$ web, Web
1. (I) /not capitalized/ IDOCs SHOULD NOT capitalize "web" when
using the term (usually as an adjective) to refer generically to
technology -- such as web browsers, web servers, HTTP, and HTML --
that is used in the Web or similar networks.
2. (I) /capitalized/ IDOCs SHOULD capitalize "Web" when using the
term (as either a noun or an adjective) to refer specifically to
the World Wide Web. (Similarly, see: internet.)
Shirey Informational [Page 335]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Usage: IDOCs SHOULD NOT use "web" or "Web" in a way that might
confuse these definitions with the PGP "web of trust". When using
Web as an abbreviation for "World Wide Web", IDOCs SHOULD fully
spell out the term at the first instance of usage.
$ web of trust
(D) /PGP/ A PKI architecture in which each certificate user
defines their own trust anchor(s) by depending on personal
relationships. (See: trust anchor. Compare: hierarchical PKI, mesh
PKI.)
Deprecated Usage: IDOCs SHOULD NOT use this term except with
reference to PGP. This term mixes concepts in potentially
misleading ways; e.g., this architecture does not depend on World
Wide Web technology. Instead of this term, IDOCs MAY use "trust-
file PKI". (See: web, Web).
Tutorial: This type of architecture does not usually include
public repositories of certificates. Instead, each certificate
user builds their own, private repository of trusted public keys
by making personal judgments about being able to trust certain
people to be holding properly certified keys of other people. It
is this set of person-to-person relationships from which the
architecture gets its name.
$ web server
(I) A software process that runs on a host computer connected to a
network and responds to HTTP requests made by client web browsers.
$ WEP
(N) See: Wired Equivalency Protocol.
$ Wired Equivalent Privacy (WEP)
(N) A cryptographic protocol that is defined in the IEEE 802.11
standard and encapsulates the packets on wireless LANs. Usage:
a.k.a. "Wired Equivalency Protocol".
Tutorial: The WEP design, which uses RC4 to encrypt both the plain
text and a CRC, has been shown to be flawed in multiple ways; and
it also has often suffered from flawed implementation and
management.
$ wiretapping
(I) An attack that intercepts and accesses information contained
in a data flow in a communication system. (See: active
wiretapping, end-to-end encryption, passive wiretapping, secondary
definition under "interception".)
Shirey Informational [Page 336]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Usage: Although the term originally referred to making a
mechanical connection to an electrical conductor that links two
nodes, it is now used to refer to accessing information from any
sort of medium used for a link or even from a node, such as a
gateway or subnetwork switch.
Tutorial: Wiretapping can be characterized according to intent:
- "Active wiretapping" attempts to alter the data or otherwise
affect the flow.
- "Passive wiretapping" only attempts to observe the data flow
and gain knowledge of information contained in it.
$ work factor
1a. (I) /COMPUSEC/ The estimated amount of effort or time that can
be expected to be expended by a potential intruder to penetrate a
system, or defeat a particular countermeasure, when using
specified amounts of expertise and resources. (See: brute force,
impossible, strength.)
1b. (I) /cryptography/ The estimated amount of computing power and
time needed to break a cryptographic system. (See: brute force,
impossible, strength.)
$ World Wide Web ("the Web", WWW)
(N) The global, hypermedia-based collection of information and
services that is available on Internet servers and is accessed by
browsers using Hypertext Transfer Protocol and other information
retrieval mechanisms. (See: web vs. Web, [R2084].)
$ World Wide Web Consortium (W3C)
(N) Created in October 1994 to develop and standardize protocols
to promote the evolution and interoperability of the Web, and now
consisting of hundreds of member organizations (commercial firms,
governmental agencies, schools, and others).
Tutorial: W3C Recommendations are developed through a process
similar to that of the standards published by other organizations,
such as the IETF. The W3 Recommendation Track (i.e., standards
track) has four levels of increasing maturity: Working, Candidate
Recommendation, Proposed Recommendation, and W3C Recommendation.
W3C Recommendations are similar to the standards published by
other organizations. (Compare: Internet Standard, ISO.)
$ worm
(I) A computer program that can run independently, can propagate a
complete working version of itself onto other hosts on a network,
and may consume system resources destructively. (See: mobile code,
Morris Worm, virus.)
Shirey Informational [Page 337]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ wrap
1. (N) To use cryptography to provide data confidentiality service
for keying material. (See: encrypt, wrapping algorithm, wrapping
key. Compare: seal, shroud.)
2. (D) To use cryptography to provide data confidentiality service
for data in general.
Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2
because that duplicates the meaning of the more widely understood
"encrypt".
$ wrapping algorithm
(N) An encryption algorithm that is specifically intended for use
in encrypting keys. (See: KEK, wrap.)
$ wrapping key
(N) Synonym for "KEK". (See: encrypt. Compare: seal, shroud.)
$ write
(I) /security model/ A system operation that causes a flow of
information from a subject to an object. (See: access mode.
Compare: read.)
$ WWW
(I) See: World Wide Web.
V <- 4. Definitions -> X