Internet Security Glossary, Version 2
RFC 4949

Document Type RFC - Informational (August 2007; No errata)
Obsoletes RFC 2828
Also known as FYI 36
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html bibtex
Stream ISE state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4949 (Informational)
Telechat date
Responsible AD Russ Housley
IESG note FYI 0036
Send notices to RShirey@bbn.com
Network Working Group                                          R. Shirey
Request for Comments: 4949                                   August 2007
FYI: 36
Obsoletes: 2828
Category: Informational

                 Internet Security Glossary, Version 2

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

RFC Editor Note

   This document is both a major revision and a major expansion of the
   Security Glossary in RFC 2828. This revised Glossary is an extensive
   reference that should help the Internet community to improve the
   clarity of documentation and discussion in an important area of
   Internet technology. However, readers should be aware of the
   following:

   (1) The recommendations and some particular interpretations in
   definitions are those of the author, not an official IETF position.
   The IETF has not taken a formal position either for or against
   recommendations made by this Glossary, and the use of RFC 2119
   language (e.g., SHOULD NOT) in the Glossary must be understood as
   unofficial. In other words, the usage rules, wording interpretations,
   and other recommendations that the Glossary offers are personal
   opinions of the Glossary's author. Readers must judge for themselves
   whether or not to follow his recommendations, based on their own
   knowledge combined with the reasoning presented in the Glossary.

   (2) The glossary is rich in the history of early network security
   work, but it may be somewhat incomplete in describing recent security
   work, which has been developing rapidly.

Shirey                       Informational                      [Page 1]
RFC 4949         Internet Security Glossary, Version 2       August 2007

Abstract

   This Glossary provides definitions, abbreviations, and explanations
   of terminology for information system security. The 334 pages of
   entries offer recommendations to improve the comprehensibility of
   written material that is generated in the Internet Standards Process
   (RFC 2026). The recommendations follow the principles that such
   writing should (a) use the same term or definition whenever the same
   concept is mentioned; (b) use terms in their plainest, dictionary
   sense; (c) use terms that are already well-established in open
   publications; and (d) avoid terms that either favor a particular
   vendor or favor a particular technology or mechanism over other,
   competing techniques that already exist or could be developed.

Table of Contents

   1. Introduction ....................................................3
   2. Format of Entries ...............................................4
      2.1. Order of Entries ...........................................4
      2.2. Capitalization and Abbreviations ...........................5
      2.3. Support for Automated Searching ............................5
      2.4. Definition Type and Context ................................5
      2.5. Explanatory Notes ..........................................6
      2.6. Cross-References ...........................................6
      2.7. Trademarks .................................................6
      2.8. The New Punctuation ........................................6
   3. Types of Entries ................................................7
      3.1. Type "I": Recommended Definitions of Internet Origin .......7
      3.2. Type "N": Recommended Definitions of Non-Internet Origin ...8
      3.3. Type "O": Other Terms and Definitions To Be Noted ..........8
      3.4. Type "D": Deprecated Terms and Definitions .................8
      3.5. Definition Substitutions ...................................8
   4. Definitions .....................................................9
   5. Security Considerations .......................................343
   6. Normative Reference ...........................................343
   7. Informative References ........................................343
   8. Acknowledgments ...............................................364

Shirey                       Informational                      [Page 2]
RFC 4949         Internet Security Glossary, Version 2       August 2007

1. Introduction

   This Glossary is *not* an Internet Standard, and its recommendations
   represent only the opinions of its author. However, this Glossary
   gives reasons for its recommendations -- especially for the SHOULD
   NOTs -- so that readers can judge for themselves what to do.

   This Glossary provides an internally consistent and self-contained
   set of terms, abbreviations, and definitions -- supported by
Show full document text