Network Working Group R. Shirey
Request for Comments: 4949 August 2007
FYI: 36
Obsoletes: 2828
Category: Informational
Internet Security Glossary, Version 2
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
RFC Editor Note
This document is both a major revision and a major expansion of the
Security Glossary in RFC 2828. This revised Glossary is an extensive
reference that should help the Internet community to improve the
clarity of documentation and discussion in an important area of
Internet technology. However, readers should be aware of the
following:
(1) The recommendations and some particular interpretations in
definitions are those of the author, not an official IETF position.
The IETF has not taken a formal position either for or against
recommendations made by this Glossary, and the use of RFC 2119
language (e.g., SHOULD NOT) in the Glossary must be understood as
unofficial. In other words, the usage rules, wording interpretations,
and other recommendations that the Glossary offers are personal
opinions of the Glossary's author. Readers must judge for themselves
whether or not to follow his recommendations, based on their own
knowledge combined with the reasoning presented in the Glossary.
(2) The glossary is rich in the history of early network security
work, but it may be somewhat incomplete in describing recent security
work, which has been developing rapidly.
Shirey Informational [Page 1]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Abstract
This Glossary provides definitions, abbreviations, and explanations
of terminology for information system security. The 334 pages of
entries offer recommendations to improve the comprehensibility of
written material that is generated in the Internet Standards Process
(RFC 2026). The recommendations follow the principles that such
writing should (a) use the same term or definition whenever the same
concept is mentioned; (b) use terms in their plainest, dictionary
sense; (c) use terms that are already well-established in open
publications; and (d) avoid terms that either favor a particular
vendor or favor a particular technology or mechanism over other,
competing techniques that already exist or could be developed.
Table of Contents
1. Introduction ....................................................3
2. Format of Entries ...............................................4
2.1. Order of Entries ...........................................4
2.2. Capitalization and Abbreviations ...........................5
2.3. Support for Automated Searching ............................5
2.4. Definition Type and Context ................................5
2.5. Explanatory Notes ..........................................6
2.6. Cross-References ...........................................6
2.7. Trademarks .................................................6
2.8. The New Punctuation ........................................6
3. Types of Entries ................................................7
3.1. Type "I": Recommended Definitions of Internet Origin .......7
3.2. Type "N": Recommended Definitions of Non-Internet Origin ...8
3.3. Type "O": Other Terms and Definitions To Be Noted ..........8
3.4. Type "D": Deprecated Terms and Definitions .................8
3.5. Definition Substitutions ...................................8
4. Definitions .....................................................9
5. Security Considerations .......................................343
6. Normative Reference ...........................................343
7. Informative References ........................................343
8. Acknowledgments ...............................................364
Shirey Informational [Page 2]