Glossary

  Table of Contents

  Glossary

  Index

Glossary

Apache Web Server 

A freely available UNIX-based Web server. It is currently the most commonly used server on Internet connected sites. HP's implementation of the Apache Web Server is called the Secure Web Server for Tru64 UNIX. For Internet Express Version 6.0 and later, two versions of the Apache Web Server are offered: 1.3 and 2.0.


certificate authority 

A third party organization that confirms the relationship between a party to the https transaction and that party's public key. Certification authorities may be widely known and trusted institutions for Internet-based transactions. Where https is used on a company's internal network, an internal department within the company may fulfill this role.


digital certificate 

A token which underpins the principle of trust in SSL-encrypted transactions. The information within a certificate includes the issuer (the Certificate Authority that issued the certificate), the organization that owns the certificate, the public key, the validity period (usually one year) of the certificate, and the host name for which the certificate was issued. It is digitally signed by the Certificate Authority so that none of the details can be changed without invalidating the signature. See also certificate authority, digital signature.


digital signature 

A use of public key cryptography to authenticate a message. Digital signatures use a private key to indicate that the signature was made by the owner of that key. See also public key cryptography, private key.


distinguished name 

Also called DN. A sequence of relative distinguished names (RDNs). See also relative distinguished name.


DN 

See distinguished name.


DNS 

Domain Name System. A general-purpose, distributed, replicated data query service chiefly used on the Internet to translate host names into Internet addresses. See also fully qualified domain name.


Domain Name System 

See DNS.


dynamic module 

A module that provides the means for building program code in a format that can be loaded into the address space of an executable program at run time. Dynamic modules are loaded into the server process space only when necessary and assure that overall memory usage is reduced.


firewall 

Hardware and software that lies between two networks, such as an internal network and an Internet service provider. The firewall protects your network by blocking unwanted users from gaining access and by disallowing messages to specific recipients outside the network.


FQDN 

See fully qualified domain name.


fully qualified domain name 

Also called FQDN. The full name of a system, consisting of its local host name and its domain name. A fully qualified domain name is usually precise enough to determine an Internet address for any host on the Internet.


HTTP 

Hyper Text Transfer Protocol. The protocol used between a Web browser and a server to request a document and transfer its contents. The specification is maintained and developed by the World Wide Web Consortium. See also HTTPS.


HTTPS 

Ordinary HTTP exchanged over an SSL-encrypted session.


port 

A logical channel in a communications system.


private key 

The part of the key in a public key system that is kept secret and is used only by its owner. This is the key used for decrypting messages, and for making digital signatures. Compare with public key.


public key 

The part of the key in a public key system which is distributed widely and is not kept secure. This is the key used for encryption (as opposed to decryption) or for verifying signatures. Compare with private key.


public key cryptography 

Public key cryptography uses a key for encryption and a different key for decryption. Although the keys are related, it is not possible to calculate the decryption key from only the encryption key in any reasonable amount of computation time. In most practical systems, the public key system is used for encoding a session key which is used with a symmetric system to encode the actual data. RSA is an example of a public key algorithm.


RDN 

See relative distinguished name.


relative distinguished name 

Also called RDN. One or more attribute/value pairs stored on an LDAP server that uniquely identify an entry from its sibling in an object tree.


secret key 

Part of a symmetric cipher in which the same key is used for encryption and decryption. SSL encryption uses a secret-key nested within a public key and authenticated through certificates. Secret-key encryption provides faster access than public-key encryption alone. See also public key cryptology.


Secure Socket Layer 

See SSL.


session key 

A key used for one message or set of messages. In a typical system, a random session key is generated for use with a symmetric algorithm to encode the bulk of the data. Only the session key is communicated using public key encryption. See also public key cryptology.


SSL 

Secure Socket Layer. A protocol developed by Netscape for encrypted transmission over TCP/IP networks. SSL sets up a secure end-to-end link over which http or any other application protocol can operate. The most common application of SSL is https for SSL-encrypted HTTP.


TCP/IP 

Transmission Control Protocol/Internet Protocol. Ethernet protocols incorporated into 4.2 BSD UNIX. While TCP and IP specify two protocols, the combined term is used to refer to the entire Department of Defense protocol suite, including Telnet and FTP.


Telnet 

The Internet standard protocol for remote logins. UNIX BSD includes the telnet program, which uses the protocol, and acts as a terminal emulator for remote login sessions.


VeriSign 

A dominant certificate authority on the Internet, though many of its certificates are signed as RSA Data Security. Early versions of Microsoft and Netscape browsers had RSA Data Security configured as the only trusted certificate authority. This mandated that users who want to use certificates on the internet must obtain them from VeriSign and use server software accredited by VeriSign. Current versions of the Microsoft and Netscape browsers allow users to add new certificate authorities. As older versions of the browsers are replaced, new certificate authorities (such as Thawte) have emerged.


virtual host 

An alias name assigned to an FTP server.


Web server 

A server process, running at a Web site, that sends out Web pages in response to HTTP requests from remote browsers.