Rfc 4949 Internet Security Glossary Bibliography (CloudMonk.io)
RFC 4949 Internet Security Glossary Bibliography
Return to Cybersecurity Bibliography, RFC 4949 Internet Security Glossary Definitions, RFC 4949 Internet Security Glossary, RFC 4949 Internet Security Glossary Bibliography, Cybersecurity, Awesome Security
RFC 4949: RFC 4949 Internet Security Glossary Definitions Symbols | #, RFC 4949 Internet Security Glossary Definitions A | A, RFC 4949 Internet Security Glossary Definitions B | B, RFC 4949 Internet Security Glossary Definitions C | C, RFC 4949 Internet Security Glossary Definitions D | D, RFC 4949 Internet Security Glossary Definitions E | E, RFC 4949 Internet Security Glossary Definitions F | F, RFC 4949 Internet Security Glossary Definitions G | G, RFC 4949 Internet Security Glossary Definitions H | H, RFC 4949 Internet Security Glossary Definitions I | I, RFC 4949 Internet Security Glossary Definitions J | J, RFC 4949 Internet Security Glossary Definitions K | K, RFC 4949 Internet Security Glossary Definitions L | L, RFC 4949 Internet Security Glossary Definitions M | M, RFC 4949 Internet Security Glossary Definitions N | N, RFC 4949 Internet Security Glossary Definitions O | O, RFC 4949 Internet Security Glossary Definitions P | P, RFC 4949 Internet Security Glossary Definitions Q | Q, RFC 4949 Internet Security Glossary Definitions R | R, RFC 4949 Internet Security Glossary Definitions S | S, RFC 4949 Internet Security Glossary Definitions T | T, RFC 4949 Internet Security Glossary Definitions U | U, RFC 4949 Internet Security Glossary Definitions V | V, RFC 4949 Internet Security Glossary Definitions W | W, RFC 4949 Internet Security Glossary Definitions X | X, RFC 4949 Internet Security Glossary Definitions Y | Y, RFC 4949 Internet Security Glossary Definitions Z | Z (navbar_rfc4949)
----
5. Security Considerations
This document mainly defines security terms and recommends how to use
them. It also provides limited tutorial information about security
aspects of Internet protocols, but it does not describe in detail the
vulnerabilities of, or threats to, specific protocols and does not
definitively describe mechanisms that protect specific protocols.
6. Normative Reference
(R2119) Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
7. Informative References
This Glossary focuses on the Internet Standards Process. Therefore,
this set of informative references emphasizes international,
governmental, and industrial standards documents. Some RFCs that are
especially relevant to Internet security are mentioned in Glossary
entries in square brackets (e.g., "[R1457]" in the entry for
"security label") and are listed here; some other RFCs are mentioned
in parentheses (e.g., "(RFC 959)" in the entry for "File Transport
Protocol") but are not listed here.
(A1523) American National Standards Institute, "American National
Standard Telecom Glossary", ANSI T1.523-2001.
[A3092] ---, "American National Standard Data Encryption Algorithm",
ANSI X3.92-1981, 30 December 1980.
[A9009] ---, "Financial Institution Message Authentication
(Wholesale)", ANSI X9.9-1986, 15 August 1986.
[A9017] ---, "Financial Institution Key Management (Wholesale)",
X9.17, 4 April 1985. (Defines procedures for manual and
automated management of keying material and uses DES to
provide key management for a variety of operational
environments.)
[A9042] ---, "Public key Cryptography for the Financial Service
Industry: Agreement of Symmetric Keys Using Diffie-Hellman
and MQV Algorithms", X9.42, 29 January 1999. (See: Diffie-
Hellman-Merkle.)
[A9052] ---, "Triple Data Encryption Algorithm Modes of Operation",
X9.52-1998, ANSI approval 9 November 1998.
Shirey Informational Page 343]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[A9062] ---, "Public Key Cryptography for the Financial Services
Industry: The Elliptic Curve Digital Signature Algorithm
(ECDSA)", X9.62-1998, ANSI approval 7 January 1999.
[A9063] ---, "Public Key Cryptography for the Financial Services
Industry: Key Agreement and Key Transport Using Elliptic
Curve Cryptography", X9.63-2001.
ACM Association for Computing Machinery, "Communications of the
ACM", July 1998 issue with: M. Yeung, "Digital
Watermarking"; N. Memom and P. Wong, "Protecting Digital
Media Content"; and S. Craver, B.-L. Yeo, and M. Yeung,
"Technical Trials and Legal Tribulations".
[Ande]Anderson, J., "Computer Security Technology Planning Study",
ESD-TR-73-51, Vols. I and II, USAF Electronics Systems Div.,
Bedford, MA, October 1972. (Available as AD-758206/772806,
National Technical Information Service, Springfield, VA.)
ANSI - American National Standards Institute, "Role Based Access
Control", Secretariat, Information Technology Industry
Council, BSR INCITS 359, DRAFT, 10 November 2003.
ArmyU.S. Army Corps of Engineers, "Electromagnetic Pulse (EMP)
and Tempest Protection for Facilities", EP 1110-3-2, 31
December 1990.
[B1822] Bolt Baranek and Newman Inc., "Appendix H: Interfacing a
Host to a Private Line Interface", in "Specifications for
the Interconnection of a Host and an IMP", BBN Report No.
1822, revised, December 1983.
[B4799] ---, "A History of the Arpanet: The First Decade", BBN
Report No. 4799, April 1981.
Bell - Bell, D. and L. LaPadula, "Secure Computer Systems:
Mathematical Foundations and Model", M74-244, The MITRE Corporation, Bedford, MA, May 1973. (Available as AD-771543,
National Technical Information Service, Springfield, VA.)
[Biba] - K. Biba, "Integrity Considerations for Secure Computer
Systems", ESD-TR-76-372, USAF Electronic Systems Division,
Bedford, MA, April 1977.
[BN89] - Brewer, D. and M. Nash, "The Chinese wall security policy",
in "Proceedings of IEEE Symposium on Security and Privacy",
May 1989, pp. 205-214.
Shirey Informational Page 344
RFC 4949 Internet Security Glossary, Version 2 August 2007
[BS7799] British Standards Institution, "Information Security
Management, Part 1: Code of Practice for Information
Security Management", BS 7799-1:1999, 15 May 1999.
---, "Information Security Management, Part 2: Specification
for Information Security Management Systems", BS 7799-
2:1999, 15 May 1999.
[C4009] Committee on National Security Systems (U.S. Government),
"National Information Assurance (IA) Glossary", CNSS
Instruction No. 4009, revised June 2006.
[CCIB]Common Criteria Implementation Board, "Common Criteria for
Information Technology Security Evaluation, Part 1:
Introduction and General Model", version 2.0, CCIB-98-026,
May 1998.
[Chau]D. Chaum, "Untraceable Electronic Mail, Return Addresses,
and Digital Pseudonyms", in "Communications of the ACM",
vol. 24, no. 2, February 1981, pp. 84-88.
[Cheh]Cheheyl, M., Gasser, M., Huff, G., and J. Millen, "Verifying
Security", in "ACM Computing Surveys", vol. 13, no. 3,
September 1981, pp. 279-339.
[Chris] Chrissis, M. et al, 1993. "SW-CMM Capability Maturity Model
for Software Version", Release 3.0, Software Engineering
Institute, Carnegie Mellon University, August 1996.
[CIPSO] Trusted Systems Interoperability Working Group, "Common IP
Security Option", version 2.3, 9 March 1993.
[Clark] Clark, D. and D. Wilson, "A Comparison of Commercial and
Military computer Security Policies", in "Proceedings of the
IEEE Symposium on Security and Privacy", April 1987, pp.
184-194.
[Cons]NSA, "Consistency Instruction Manual for Development of U.S. Government Protection Profiles for Use in Basic Robustness
Environments", Release 2.0, 1 March 2004
CORBA Object Management Group, Inc., "CORBAservices: Common Object
Service Specification", December 1998.
[CSC1]U.S. DoD Computer Security Center, "Department of Defense
Trusted Computer System Evaluation Criteria", CSC-STD-001-
83, 15 August 1983. (Superseded by DoD1].)
Shirey Informational Page 345]
RFC 4949 Internet Security Glossary, Version 2 August 2007
BUDDHA
[CSC2]---, "Department of Defense Password Management Guideline",
CSC-STD-002-85, 12 April 1985.
[CSC3]---, "Computer Security Requirements: Guidance for Applying
the Department of Defense Trusted Computer System Evaluation
Criteria in Specific Environments", CSC-STD-003-85, 25 June
1985.
[CSOR]U.S. Department of Commerce, "General Procedures for
Registering Computer Security Objects", National Institute
of Standards Interagency Report 5308, December 1993.
[Daem]Daemen, J. and V. Rijmen, "Rijndael, the advanced encryption
standard", in "Dr. Dobb's Journal", vol. 26, no. 3, March
2001, pp. 137-139.
[DC6/9] Director of Central Intelligence, "Physical Security
Standards for Sensitive Compartmented Information
Facilities", DCI Directive 6/9, 18 November 2002.
[Denn]Denning, D., "A Lattice Model of Secure Information Flow",
in "Communications of the ACM", vol. 19, no. 5, May 1976,
pp. 236-243.
[Denns] Denning, D. and P. Denning, "Data Security", in "ACM
Computing Surveys", vol. 11, no. 3, September 1979, pp. 227-
249.
[DH76]Diffie, W. and M. Hellman, "New Directions in Cryptography",
in "IEEE Transactions on Information Theory", vol. IT-22,
no. 6, November 1976, pp. 644-654. (See: Diffie-Hellman-
Merkle.)
DoD1]U.S. DoD, "Department of Defense Trusted Computer System
Evaluation Criteria", DoD 5200.28-STD, 26 December 1985.
(Supersedes [CSC1].) (Superseded by DoD Directive 8500.1.)
DoD4]---, "NSA Key Recovery Assessment Criteria", 8 June 1998.
DoD5]---, Directive 5200.1, "DoD Information Security Program",
13 December 1996.
DoD6]---, "Department of Defense Technical Architecture Framework
for Information Management, Volume 6: Department of Defense
(DoD) Goal Security Architecture", Defense Information
Systems Agency, Center for Standards, version 3.0, 15 April
1996.
Shirey Informational Page 346]
RFC 4949 Internet Security Glossary, Version 2 August 2007
DoD7]---, "X.509 Certificate Policy for the United States
Department of Defense", version 7, 18 December 2002.
(Superseded by DoD9].)
DoD9]---, "X.509 Certificate Policy for the United States
Department of Defense", version 9, 9 February 2005.
DoD10] ---, "DoD Architecture Framework, Version 1: Deskbook", 9
February 2004.
[DSG] American Bar Association, "Digital Signature Guidelines:
Legal Infrastructure for Certification Authorities and
Secure Electronic Commerce", Chicago, IL, 1 August 1996.
(See: [PAG].)
[ElGa]El Gamal, T., "A Public-Key Cryptosystem and a Signature
Scheme Based on Discrete Logarithms", in "IEEE Transactions
on Information Theory", vol. IT-31, no. 4, 1985, pp. 469-
472.
[EMV1]Europay International S.A., MasterCard International
Incorporated, and Visa International Service Association,
"EMV '96 Integrated Circuit Card Specification for Payment
Systems", version 3.1.1, 31 May 1998.
[EMV2]---, "EMV '96 Integrated Circuit Card Terminal Specification
for Payment Systems", version 3.1.1, 31 May 1998.
[EMV3]---, "EMV '96 Integrated Circuit Card Application
Specification for Payment Systems", version 3.1.1, 31 May
1998.
[F1037] U.S. General Services Administration, "Glossary of
Telecommunications Terms", FED STD 1037C, 7 August 1996.
[For94] Ford, W., "Computer Communications Security: Principles,
Standard Protocols and Techniques", ISBN 0-13-799453-2,
1994.
[For97] --- and M. Baum, "Secure Electronic Commerce: Building the
Infrastructure for Digital Signatures and Encryption", ISBN
0-13-476342-4, 1994.
[FP001] U.S. Department of Commerce, "Code for Information
Interchange", Federal Information Processing Standards
Publication (FIPS PUB) 1, 1 November 1968.
Shirey Informational Page 347]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[FP031] ---, "Guidelines for Automatic Data Processing Physical
Security and Risk Management", FIPS PUB 31, June 1974.
[FP039] ---, "Glossary for Computer Systems Security", FIPS PUB 39,
15 February 1976.
[FP041] ---, "Computer Security Guidelines for Implementing the
Privacy Act of 1974", FIPS PUB 41, 30 May 1975.
[FP046] ---, "Data Encryption Standard (DES)", FIPS PUB 46-3, 25
October 1999.
[FP074] ---, "Data Encryption Standard (DES)", FIPS PUB 46-3, 25
October 1999.
[FP081] ---, "DES Modes of Operation", FIPS PUB 81, 2 December 1980.
[FP087] ---, "Guidelines for ADP Contingency Planning", FIPS PUB 87,
27 March 1981.
[FP102] ---, "Guideline for Computer Security Certification and
Accreditation", FIPS PUB 102, 27 September 1983.
[FP113] ---, "Computer Data Authentication", FIPS PUB 113, 30 May
1985.
[FP140] ---, "Security Requirements for Cryptographic Modules", FIPS
PUB 140-2, 25 May 2001; with change notice 4, 3 December
2002.
[FP151] ---, "Portable Operating System Interface (POSIX) -- System
Application Program Interface C Language", FIPS PUB 151-2,
12 May 1993
[FP180] ---, "Secure Hash Standard", FIPS PUB 180-2, August 2000;
with change notice 1, 25 February 2004.
[FP185] ---, "Escrowed Encryption Standard", FIPS PUB 185, 9
February 1994.
[FP186] ---, "Digital Signature Standard (DSS)", FIPS PUB 186-2, 27
June 2000; with change notice 1, 5 October 2001.
[FP188] ---, "Standard Security Label for Information Transfer",
FIPS PUB 188, 6 September 1994.
[FP191] ---, "Guideline for the Analysis of Local Area Network
Security", FIPS PUB 191, 9 November 1994.
Shirey Informational Page 348]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[FP197] ---, "Advanced Encryption Standard", FIPS PUB 197, 26
November 2001.
[FP199] ---, "Standards for Security Categorization of Federal
Information and Information Systems ", FIPS PUB 199,
December 2003.
[FPKI---, "Public Key Infrastructure (PKI) Technical
Specifications: Part A -- Technical Concept of Operations",
NIST, 4 September 1998.
[Gass]Gasser, M., "Building a Secure Computer System", Van
Nostrand Reinhold Company, New York, 1988, ISBN 0-442-
23022-2.
[Gray]Gray, J. and A. Reuter, "Transaction Processing: Concepts
and Techniques", Morgan Kaufmann Publishers, Inc., 1993.
[Hafn]Hafner, K. and M. Lyon, "Where Wizards Stay Up Late: The
Origins of the Internet", Simon & Schuster, New York, 1996.
[Huff]Huff, G., "Trusted Computer Systems -- Glossary", MTR 8201,
The MITRE Corporation, March 1981.
[I3166] International Standards Organization, "Codes for the
Representation of Names of Countries and Their Subdivisions,
Part 1: Country Codes", ISO 3166-1:1997.
---, "Codes for the Representation of Names of Countries and
Their Subdivisions, Part 2: Country Subdivision Codes",
ISO/DIS 3166-2.
---, "Codes for the Representation of Names of Countries and
Their Subdivisions, Part 3: Codes for Formerly Used Names of
Countries", ISO/DIS 3166-3.
[I7498-1] ---, "Information Processing Systems -- Open Systems
Interconnection Reference Model, [Part 1:] Basic Reference
Model", ISO/IEC 7498-1. (Equivalent to ITU-T Recommendation
X.200.)
[I7498-2] ---, "Information Processing Systems -- Open Systems
Interconnection Reference Model, Part 2: Security
Architecture", ISO/IEC 7499-2.
[I7498-4] ---, "Information Processing Systems -- Open Systems
Interconnection Reference Model, Part 4: Management
Framework", ISO/IEC 7498-4.
Shirey Informational Page 349]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[I7812] ---, "Identification cards -- Identification of Issuers,
Part 1: Numbering System", ISO/IEC 7812-1:1993
---, "Identification cards -- Identification of Issuers,
Part 2: Application and Registration Procedures", ISO/IEC
7812-2:1993.
[I8073] ---, "Information Processing Systems -- Open Systems
Interconnection, Transport Protocol Specification", ISO IS
8073.
[I8327] ---, "Information Processing Systems -- Open Systems
Interconnection, Session Protocol Specification", ISO IS
8327.
[I8473] ---, "Information Processing Systems -- Open Systems
Interconnection, Protocol for Providing the Connectionless
Network Service", ISO IS 8473.
[I8802-2] ---, "Information Processing Systems -- Local Area
Networks, Part 2: Logical Link Control", ISO IS 8802-2.
(Equivalent to IEEE 802.2.)
[I8802-3] ---, "Information Processing Systems -- Local Area
Networks, Part 3: Carrier Sense Multiple Access with
Collision Detection (CSMA/CD) Access Method and Physical
Layer Specifications", ISO IS 8802-3. (Equivalent to IEEE
802.3.)
[I8823] ---, "Information Processing Systems -- Open Systems
Interconnection -- Connection-Oriented Presentation Protocol
Specification", ISO IS 8823.
[I9945] "Portable Operating System Interface for Computer
Environments", ISO/IEC 9945-1: 1990.
[IATF]NSA, "Information Assurance Technical Framework", Release 3,
NSA, September 2000. (See: IATF.)
[IDSAN] ---, "Intrusion Detection System Analyzer Protection
Profile", version 1.1, NSA, 10 December 2001.
[IDSSC] ---, "Intrusion Detection System Scanner Protection
Profile", version 1.1, NSA, 10 December 2001.
[IDSSE] ---, "Intrusion Detection System Sensor Protection Profile",
version 1.1, NSA, 10 December 2001.
Shirey Informational Page 350]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[IDSSY] ---, "Intrusion Detection System", version 1.4, NSA, 4
February 2002.
[Ioan]Ioannidis, J. and M. Blaze, "The Architecture and
Implementation of Network Layer Security in UNIX", in "UNIX
Security IV Symposium", October 1993, pp. 29-39.
[ITSEC] "Information Technology Security Evaluation Criteria
(ITSEC): Harmonised Criteria of France, Germany, the
Netherlands, and the United Kingdom", version 1.2, U.K.
Department of Trade and Industry, June 1991.
[JP1] U.S. DoD, "Department of Defense Dictionary of Military and
Associated Terms", Joint Publication 1-02, as amended
through 13 June 2007.
[John]Johnson, N. and S. Jajodia, "Exploring Steganography; Seeing
the Unseen", in "IEEE Computer", February 1998, pp. 26-34.
[Kahn]Kahn, D., "The Codebreakers: The Story of Secret Writing",
The Macmillan Company, New York, 1967.
[Knut]Knuth, D., Chapter 3 ("Random Numbers") of Volume 2
("Seminumerical Algorithms") of "The Art of Computer
Programming", Addison-Wesley, Reading, MA, 1969.
[Kuhn]Kuhn, M. and R. Anderson, "Soft Tempest: Hidden Data
Transmission Using Electromagnetic Emanations", in David
Aucsmith, ed., "Information Hiding, Second International
Workshop, IH'98", Portland, Oregon, USA, 15-17 April 1998,
LNCS 1525, Springer-Verlag, ISBN 3-540-65386-4, pp. 124-142.
[Land]Landwehr, C., "Formal Models for Computer Security", in "ACM
Computing Surveys", vol. 13, no. 3, September 1981, pp. 247-
278.
[Larm]Larmouth, J., "ASN.1 Complete", Open System Solutions, 1999
(a freeware book).
[M0404] U.S. Office of Management and Budget, "E-Authentication
Guidance for Federal Agencies", Memorandum M-04-04, 16
December 2003.
[Mene]Menezes, A. et al, "Some Key Agreement Protocols Providing
Implicit Authentication", in "The 2nd Workshop on Selected
Areas in Cryptography", 1995.
Shirey Informational Page 351]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[Moor]Moore, A. et al, "Attack Modeling for Information Security
and Survivability", Carnegie Mellon University / Software
Engineering Institute, CMU/SEI-2001-TN-001, March 2001.
[Murr]Murray, W., "Courtney's Laws of Security", in "Infosecurity
News", March/April 1993, p. 65.
[N4001] National Security Telecommunications and Information System
Security Committee, "Controlled Cryptographic Items",
NSTISSI No. 4001, 25 March 1985.
[N4006] ---, "Controlled Cryptographic Items", NSTISSI No. 4006, 2
December 1991.
[N7003] ---, "Protective Distribution Systems", NSTISSI No. 7003, 13
December 1996.
[NCS01] National Computer Security Center, "A Guide to Understanding
Audit in Trusted Systems", NCSC-TG-001, 1 June 1988. (See:
Rainbow Series.)
[NCS03] ---, "Information System Security Policy Guideline", I942-
TR-003, version 1, July 1994. (See: Rainbow Series.)
[NCS04] ---, "Glossary of Computer Security Terms", NCSC-TG-004,
version 1, 21 October 1988. (See: Rainbow Series.)
[NCS05] ---, "Trusted Network Interpretation of the Trusted Computer
System Evaluation Criteria", NCSC-TG-005, version 1, 31 July
1987. (See: Rainbow Series.)
[NCS25] ---, "A Guide to Understanding Data Remanence in Automated
Information Systems", NCSC-TG-025, version 2, September
1991. (See: Rainbow Series.)
[NCSSG] National Computer Security Center, "COMPUSECese: Computer
Security Glossary", NCSC-WA-001-85, Edition 1, 1 October
1985. (See: Rainbow Series.)
[NRC91] National Research Council, "Computers At Risk: Safe
Computing in the Information Age", National Academy Press,
1991.
[NRC98] Schneider, F., ed., "Trust in Cyberspace", National Research
Council, National Academy of Sciences, 1998.
[Padl]Padlipsky, M., "The Elements of Networking Style", 1985,
ISBN 0-13-268111-0.
Shirey Informational Page 352]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[PAG] American Bar Association, "PKI Assessment Guidelines",
version 1.0, 10 May 2002. (See: [DSG].)
[Park]Parker, D., "Computer Security Management", ISBN 0-8359-
0905-0, 1981
[Perr]Perrine, T. et al, "An Overview of the Kernelized Secure
Operating System (KSOS)", in "Proceedings of the 7th DoD/NBS
Computer Security Conference", 24-26 September 1984.
[PGP] Garfinkel, S.. "PGP: Pretty Good Privacy", O'Reilly &
Associates, Inc., Sebastopol, CA, 1995.
[PKCS]Kaliski Jr., B., "An Overview of the PKCS Standards", RSA
Data Security, Inc., 3 June 1991.
[PKC05] RSA Laboratories, "PKCS #5: Password-Based Encryption
Standard ", version 1.5, 1 November 1993. (See: RFC 2898.)
[PKC07] ---, "PKCS #7: Cryptographic Message Syntax Standard",
version 1.5, 1 November 1993. (See: RFC 2315.)
[PKC10] ---, "PKCS #10: Certification Request Syntax Standard",
version 1.0, 1 November 1993.
[PKC11] ---, "PKCS #11: Cryptographic Token Interface Standard",
version 1.0, 28 April 1995.
[PKC12] ---, "PKCS #12: Personal Information Exchange Syntax",
version 1.0, 24 June 1995.
[R1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, November 1991.
[R1135] Reynolds, J., "The Helminthiasis of the Internet", RFC 1135,
December 1989
[R1208] Jacobsen, O. and D. Lynch, "A Glossary of Networking Terms",
RFC 1208, March 1991.
[R1281] Pethia, R., Crocker, S., and B. Fraser, "Guidelines for
Secure Operation of the Internet", RFC 1281, November 1991.
[R1319] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319,
April 1992.
[R1320] Rivest, R., "The MD4 Message-Digest Algorithm", RFC 1320,
April 1992.
Shirey Informational Page 353]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[R1321] ---, "The MD5 Message-Digest Algorithm", RFC 1321, April
1992.
[R1334] Lloyd, B. and W. Simpson, "PPP Authentication Protocols",
RFC 1334, October 1992.
[R1413] St. Johns, M., "Identification Protocol", RFC 1413, February
1993.
[R1421] Linn, J., "Privacy Enhancement for Internet Electronic Mail,
Part I: Message Encryption and Authentication Procedures",
RFC 1421, February 1993.
[R1422] Kent, S., "Privacy Enhancement for Internet Electronic Mail,
Part II: Certificate-Based Key Management", RFC 1422,
February 1993.
[R1455] Eastlake 3rd, D., "Physical Link Security Type of Service",
RFC 1455, May 1993.
[R1457] Housley, R., "Security Label Framework for the Internet",
RFC 1457, May 1993.
[R1492] Finseth, C., "An Access Control Protocol, Sometimes Called
TACACS", RFC 1492, July 1993.
[R1507] Kaufman, C., "DASS: Distributed Authentication Security
Service", RFC 1507, September 1993.
[R1731] Myers, J., "IMAP4 Authentication Mechanisms", RFC 1731,
December 1994.
[R1734] ---, "POP3 AUTHentication Command", RFC 1734, Dec, 1994.
[R1760] Haller, N., "The S/KEY One-Time Password System", RFC 1760,
February 1995.
[R1824] Danisch, H., "The Exponential Security System TESS: An
Id[[entity-Based Cryptographic Protocol for Authenticated Key-
Exchange (E.I.S.S.-Report 1995/4)", RFC 1824, August 1995.
[R1828] Metzger, P. and W. Simpson, "IP Authentication using Keyed
MD5", RFC 1828, August 1995.
[R1829] Karn, P., Metzger, P., and W. Simpson, "The ESP DES-CBC
Transform", RFC 1829, August 1995.
Shirey Informational Page 354]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[R1848] Crocker, S., Freed, N., Galvin, J., and S. Murphy, "MIME
Object Security Services", RFC 1848, October 1995.
[R1851] Karn, P., Metzger, P., and W. Simpson, "The ESP Triple DES
Transform", RFC 1851, September 1995.
[R1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and L.
Jones, "SOCKS Protocol Version 5", RFC 1928, March 1996.
[R1958] Carpenter, B., "Architectural Principles of the Internet",
RFC 1958, June 1996.
[R1983 Malkin, G., "Internet Users' Glossary", FYI 18, RFC 1983,
August 1996.
[R1994 Simpson, W., "PPP Challenge Handshake Authentication
Protocol (CHAP)", RFC 1994, August 1996.
[R2078] Linn, J., "Generic Security Service Application Program
Interface, Version 2", RFC 2078, January 1997. (Superseded
by RFC 2743.)
[R2084] Bossert, G., Cooper, S., and W. Drummond, "Considerations
for Web Transaction Security", RFC 2084, January 1997.
[R2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, February
1997.
[R2144] Adams, C., "The CAST-128 Encryption Algorithm", RFC 2144,
May 1997.
[R2179] Gwinn, A., "Network Security For Trade Shows", RFC 2179,
July 1997.
[R2195] Klensin, J., Catoe, R., and P. Krumviede, "IMAP/POP
AUTHorize Extension for Simple Challenge/Response", RFC
2195, September 1997.
[R2196] Fraser, B., "Site Security Handbook", FYI 8, RFC 2196,
September 1997.
[R2202] Cheng, P. and R. Glenn, "Test Cases for HMAC-MD5 and HMAC-
SHA-1", RFC 2202, Sep. 1997.
[R2222] Myers, J., "Simple Authentication and Security Layer
(SASL)", RFC 2222, October 1997.
Shirey Informational Page 355]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[R2289] Haller, N., Metz, C., Nesser, P., and M. Straw, "A One-Time
Password System", STD 61, RFC 2289, February 1998.
[R2323] Ramos, A., "IETF Identification and Security Guidelines",
RFC 2323, 1 April 1998. (Intended for humorous entertainment
-- "please laugh loud and hard" -- and does not contain
serious security information.)
[R2350] Brownlee, N. and E. Guttman, "Expectations for Computer
Security Incident Response", BCP 21, RFC 2350, June 1998.
[R2356] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal
for Mobile IP", RFC 2356, June 1998.
[R2401] Kent, S. and R. Atkinson, "Security Architecture for the
Internet Protocol", RFC 2401, November 1998.
[R2402] ---, "IP Authentication Header", RFC 2402, November 1998.
[R2403] Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 within ESP
and AH", RFC 2403, November 1998.
[R2404] ---, "The Use of HMAC-SHA-1-96 within ESP and AH", RFC 2404,
November 1998.
[R2405] Madson, C. and N. Doraswamy, "The ESP DES-CBC Cipher
Algorithm With Explicit IV", RFC 2405, November 1998.
[R2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload
(ESP)", RFC 2406, November 1998.
[R2407] Piper, D. "The Internet IP Security Domain of Interpretation
for ISAKMP", RFC 2407, November 1998.
[R2408] Maughan, D., Schertler, M., Schneider, M., and J. Turner,
"Internet Security Association and Key Management Protocol
(ISAKMP)", RFC 2408, November 1998.
[R2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm and
Its Use With IPsec", RFC 2410, November 1998.
[R2412] Orman, H., "The OAKLEY Key Determination Protocol", RFC
2412, November 1998.
[R2451] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher
Algorithms", RFC 2451, November 1998.
Shirey Informational Page 356]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[R2504] Guttman, E., Leong, L., and G. Malkin, "Users' Security
Handbook", RFC 2504, February 1999.
[R2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C.
Adams, "X.509 Internet Public Key Infrastructure Online
Certificate Status Protocol - OCSP", RFC 2560, June 1999.
[R2612] Adams, C. and J. Gilchrist, "The CAST-256 Encryption
Algorithm", RFC 2612, June 1999.
[R2628] Smyslov, V., "Simple Cryptographic Program Interface (Crypto
API)", RFC 2628, June 1999.
[R2631] Rescorla, E., "Diffie-Hellman Key Agreement Method", RFC
2631, June 1999. (See: Diffie-Hellman-Merkle.)
[R2634] Hoffman, P., "Enhanced Security Services for S/MIME", RFC
2634, June 1999.
[R2635] Hambridge, S. and A. Lunde, "DON'T SPEW: A Set of Guidelines
for Mass Unsolicited Mailings and Postings", RFC 2635, June
1999.
[R2660] Rescorla, E. and A. Schiffman, "The Secure HyperText
Transfer Protocol", RFC 2660, August 1999.
[R2743] Linn, J., "Generic Security Service Application Program
Interface Version 2, Update 1", RFC 2743, January 2000.
[R2773] Housley, R., Yee, P., and W. Nace, "Encryption using KEA and
SKIPJACK", RFC 2773, February 2000.
[R2801] Burdett, D., "Internet Open Trading Protocol - IOTP, Version
1.0", RFC 2801, April 2000.
[R2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000.
[R2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC 2865,
June 2000.
[R3060] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen,
"Policy Core Information Model -- Version 1 Specification",
RFC 3060, February 2001.
Shirey Informational Page 357]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[R3198] Westerinen, A., Schnizlein, J., Strassner, J., Scherling,
M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry,
J., and S. Waldbusser, "Terminology for Policy-Based
Management", RFC 3198, November 2001.
[R3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 3280, April 2002.
[R3547] Baugher, M., Weis, B., Hardjono, T., and H. Harney, "Group
Domain of Interpretation", RFC 3547, July 2003.
[R3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text
on Security Considerations", RFC 3552, July 2003.
[R3647] Chokhani, S., Ford, W., Sabett, R., Merrill, C., and S. Wu,
"Internet X.509 Public Key Infrastructure Certificate Policy
and Certification Practices Framework", RFC 3647, November
2003.
[R3739] Santesson, S., Nystrom, M., and T. Polk, "Internet X.509
Public Key Infrastructure: Qualified Certificates Profile",
RFC 3739, March 2004.
[R3740] Hardjono, T. and B. Weis, "The Multicast Group Security
Architecture", RFC 3740, March 2004.
[R3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, "Extensible Authentication Protocol (EAP)", RFC
3748, June 2004.
[R3766] Orman, H. and P. Hoffman, "Determining Strengths For Public
Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766,
April 2004.
[R3820] Tuecke, S., Welch, V., Engert, D., Pearlman, L., and M.
Thompson, "Internet X.509 Public Key Infrastructure (PKI)
Proxy Certificate Profile", RFC 3820, June 2004.
[R3851] Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions
(S/MIME) Version 3.1 Message Specification", RFC 3851, July
2004.
[R3871] Jones, G., "Operational Security Requirements for Large
Internet Service Provider (ISP) IP Network Infrastructure",
RFC 3871, September 2004.
Shirey Informational Page 358]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[R4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", RFC
4033, March 2005.
[R4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security Extensions",
RFC 4034, March 2005.
[R4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005.
[R4086] Eastlake, D., 3rd, Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005.
[R4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The
Kerberos Network Authentication Service (V5)", RFC 4120,
July 2005.
[R4158] Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., and R.
Nicholas, "Internet X.509 Public Key Infrastructure:
Certification Path Building", RFC 4158, September 2005.
[R4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, "Internet
X.509 Public Key Infrastructure Certificate Management
Protocol (CMP)", RFC 4210, September 2005.
[R4301] Kent, S. and K. Seo, "Security Architecture for the Internet
Protocol", RFC 4301, December 2005.
[R4302] Kent, S., "IP Authentication Header", RFC 4302, December
2005.
[R4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
4303, December 2005.
[R4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC
4306, December 2005.
[R4346] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.1", RFC 4346, April 2006.
[R4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and
Security Layer (SASL)", RFC 4422, June 2006.
Shirey Informational Page 359]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[Raym]Raymond, E., ed., "The On-Line Hacker Jargon File", version
4.0.0, 24 July 1996. (See: http://www.catb.org/~esr/jargon
for the latest version. Also, "The New Hacker's Dictionary",
3rd edition, MIT Press, September 1996, ISBN 0-262-68092-0.)
[Roge]Rogers, H., "An Overview of the CANEWARE Program", in
"Proceedings of the 10th National Computer Security
Conference", NIST and NCSC, September 1987.
[RSA78] Rivest, R., A. Shamir, and L. Adleman, "A Method for
Obtaining Digital Signatures and Public-Key Cryptosystems",
in "Communications of the ACM", vol. 21, no. 2, February
1978, pp. 120-126.
[RSCG]NSA, "Router Security Configuration Guide: Principles and
Guidance for Secure Configuration of IP Routers, with
Detailed Instructions for Cisco Systems Routers", version
1.1c, C4-040R-02, 15 December 2005, available at
http://www.nsa.gov/snac/routers/C4-040R-02.pdf.
[Russ]Russell, D. et al, Chapter 10 ("TEMPEST") of "Computer
Security Basics", ISBN 0-937175-71-4, 1991.
SAMLOrganization for the Advancement of Structured Information
Standards (OASIS), "Assertions and Protocol for the OASIS
Security Assertion Markup Language (SAML)", version 1.1, 2
September 2003.
[Sand]Sandhu, R. et al, "Role-Based Access Control Models", in
"IEEE Computer", vol. 29, no. 2, February 1996, pp. 38-47.
[Schn] - Schneier, B., "Applied Cryptography Second Edition", John
Wiley & Sons, Inc., New York, 1996.
[SDNS3] U.S. DoD, NSA, "Secure Data Network Systems, Security
Protocol 3 (SP3)", document SDN.301, Revision 1.5, 15 May
1989.
[SDNS4] ---, "Secure Data Network Systems, Security Protocol 4
(SP4)", document SDN.401, Revision 1.2, 12 July 1988.
[SDNS7] ---, "Secure Data Network Systems, Message Security Protocol
(MSP)", SDN.701, Revision 4.0, 7 June 1996, with
"Corrections to Message Security Protocol, SDN.701, Rev 4.0,
96-06-07", 30 Aug, 1996.
Shirey Informational Page 360]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[SET1] - MasterCard and Visa, "SET Secure Electronic Transaction
Specification, Book 1: Business Description", version 1.0,
31 May 1997.
[SET2]---, "SET Secure Electronic Transaction Specification, Book
2: Programmer's Guide", version 1.0, 31 May 1997.
SKEME Krawczyk, H., "SKEME: A Versatile Secure Key Exchange
Mechanism for Internet", in "Proceedings of the 1996
Symposium on Network and Distributed Systems Security".
[SKIP] - "SKIPJACK and KEA Algorithm Specifications", version 2.0, 22
May 1998, and "Clarification to the SKIPJACK Algorithm
Specification", 9 May 2002 (available from NIST Computer
Security Resource Center).
[SP12] -= NIST, "An Introduction to Computer Security: The NIST
Handbook", Special Publication 800-12.
[SP14] - Swanson, M. et al (NIST), "Generally Accepted Principles and
Practices for Security Information Technology Systems",
Special Publication 800-14, September 1996.
[SP15] - Burr, W. et al (NIST), "Minimum Interoperability
Specification for PKI Components (MISPC), Version 1",
Special Publication 800-15, September 1997.
[SP22] - Rukhin, A. et al (NIST), "A Statistical Test Suite for
Random and Pseudorandom Number Generators for Cryptographic
Applications", Special Publication 800-15, 15 May 2001.
[SP27] - Stoneburner, G. et al (NIST), "Engineering Principles for
Information Technology Security (A Baseline for Achieving
Security)", Special Publication 800-27 Rev A, June 2004.
[SP28] - Jansen, W. (NIST), "Guidelines on Active Content and Mobile
Code", Special Publication 800-28, October 2001.
[SP30] - Stoneburner, G. et al (NIST), "Risk Management Guide for
Information Technology Systems", Special Publication 800-30,
October 2001.
[SP31] - Bace, R. et al (NIST), "Intrusion Detection Systems",
Special Publication 800-31.
[SP32]Kuhn, D. (NIST), "Introduction to Public Key Technology and
the Federal PKI Infrastructure ", Special Publication
800-32, 26 February 2001.
Shirey Informational Page 361]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[SP33] - Stoneburner, G. (NIST), "Underlying Technical Models for
Information Technology Security", Special Publication
800-33, December 2001.
[SP37]Ross, R. et al (NIST), "Guide for the Security Certification
and Accreditation of Federal Information Systems", Special
Publication 800-37, May 2004.
[SP38A] Dworkin, M. (NIST), "Recommendation for Block Cipher Modes
of Operation: Methods and Techniques", Special Publication
800-38A, 2001 Edition, December 2001.
[SP38B] ---, "Recommendation for Block Cipher Modes of Operation:
The CMAC Mode for Authentication", Special Publication
800-38B, May 2005.
[SP38C] ---, "Recommendation for Block Cipher Modes of Operation:
The CCM Mode for Authentication and Confidentiality",
Special Publication 800-38C, May 2004.
[SP41]Wack, J. et al (NIST), "Guidelines on Firewalls and Firewall Policy", Special Publication 800-41, January 2002.
[SP42]---, "Guideline on Network Security Testing", Special
Publication 800-42, October 2003.
[SP56] - NIST, "Recommendations on Key Establishment Schemes", Draft
2.0, Special Publication 800-63, January 2003.
[SP57]---, "Recommendation for Key Management", Part 1 "General
Guideline" and Part 2 "Best Practices for Key Management
Organization", Special Publication 800-57, DRAFT, January
2003.
[SP61] - Grance, T. et al (NIST), "Computer Security Incident Handling Guide", Special Publication 800-57, January 2003.
[SP63] - Burr, W. et al (NIST), "Electronic Authentication
Guideline", Special Publication 800-63, June 2004
[SP67] - Barker, W. (NIST), "Recommendation for the Triple Data
Encryption Algorithm (TDEA) Block Cipher", Special
Publication 800-67, May 2004
[Stal] - Stallings, W., "Local Networks", 1987, ISBN 0-02-415520-9.
Shirey Informational Page 362]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[Stei]Steiner, J. et al, "Kerberos: An Authentication Service for
Open Network Systems", in "Usenix Conference Proceedings",
February 1988.
[Weis]Weissman, C., "Blacker: Security for the DDN: Examples of A1
Security Engineering Trades", in "Symposium on Security and
Privacy", IEEE Computer Society Press, May 1992, pp. 286-
292.
X400 - International Telecommunications Union -- Telecommunication
Standardization Sector (formerly "CCITT"), Recommendation
X.400, "Message Handling Services: Message Handling System
and Service Overview".
[X419] ---, "Message Handling Systems: Protocol Specifications",
ITU-T Recommendation X.419. (Equivalent to ISO 10021-6).
[X420]---, "Message Handling Systems: Interpersonal Messaging
System", ITU-T Recommendation X.420. (Equivalent to ISO
10021-7.).
[X500]---, Recommendation X.500, "Information Technology -- Open Systems Interconnection -- The Directory: Overview of
Concepts, Models, and Services". (Equivalent to ISO 9594-1.)
[X501]---, Recommendation X.501, "Information Technology -- Open Systems Interconnection -- The Directory: Models".
[X509]---, Recommendation X.509, "Information Technology -- Open Systems Interconnection -- The Directory: Authentication
Framework", COM 7-250-E Revision 1, 23 February 2001.
(Equivalent to ISO 9594-8.)
[X519]---, Recommendation X.519, "Information Technology -- Open
Systems Interconnection -- The Directory: Protocol
Specifications".
[X520]---, Recommendation X.520, "Information Technology -- Open
Systems Interconnection -- The Directory: Selected Attribute
Types".
[X680]---, Recommendation X.680, "Information Technology --
Abstract Syntax Notation One (ASN.1) -- Specification of
Basic Notation", 15 November 1994. (Equivalent to ISO/IEC
8824-1.)
Shirey Informational Page 363]
RFC 4949 Internet Security Glossary, Version 2 August 2007
[X690]---, Recommendation X.690, "Information Technology -- ASN.1
Encoding Rules -- Specification of Basic Encoding Rules
(BER), Canonical Encoding Rules (CER) and Distinguished
Encoding Rules (DER)", 15 November 1994. (Equivalent to
ISO/IEC 8825-1.)
7. Acknowledgments
George Huff had a good idea! [Huff]
Author's Address
Dr. Robert W. Shirey
3516 N. Kensington St.
Arlington, Virginia 22207-1328
USA
EMail: rwshirey4949@verizon.net
Shirey Informational Page 364]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78 and at www.rfc-editor.org/copyright.html, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Shirey Informational Page 365]
* RFC 4949 Internet Security Glossary Bibliography
* RFC 4949 Internet Security Glossary Index
Request for Comments (RFC): List of RFCs, GitHub RFCs, Awesome RFCs, (navbar_rfc - see also navbar_network_security, navbar_security, navbar_networking)
----
Cloud Monk is Retired (impermanence |for now). Buddha with you. Copyright | © Beginningless Time - Present Moment - Three Times: The Buddhas or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.
----