RFC 1704 (rfc1704) - Page 2 of 17


On Internet Authentication



Alternative Format: Original Text Document



RFC 1704               On Internet Authentication           October 1994


2. DEFINITION OF TERMS

   This section briefly defines some of the terms used in this paper to
   aid the reader in understanding these suggestions.  Other references
   on this subject might be using slightly different terms and
   definitions because the security community has not reached full
   consensus on all definitions.  The definitions provided here are
   specifically focused on the matters discussed in this particular
   document.

   Active Attack:  An attempt to improperly modify data, gain
          authentication, or gain authorization by inserting false
          packets into the data stream or by modifying packets
          transiting the data stream. (See passive attacks and replay
          attacks.)

   Asymmetric Cryptography:  An encryption system that uses different
          keys, for encryption and decryption.  The two keys have an
          intrinsic mathematical relationship to each other.  Also
          called Public~Key~Cryptography.  (See Symmetric Cryptography)

   Authentication:  The verification of the identity of the source of
          information.

   Authorization:  The granting of access rights based on an
          authenticated identity.

   Confidentiality: The protection of information so that someone not
          authorized to access the information cannot read the
          information even though the unauthorized person might see the
          information's container (e.g., computer file or network
          packet).

   Encryption: A mechanism often used to provide confidentiality.

   Integrity:  The protection of information from unauthorized
          modification.

   Key Certificate: A data structure consisting of a public key, the
          identity of the person, system, or role associated with that
          key, and information authenticating both the key and the
          association between that identity and that public key.  The
          keys used by PEM are one example of a key certificate
          [Kent93].

   Passive Attack:  An attack on an authentication system that inserts
          no data into the stream, but instead relies on being able to
          passively monitor information being sent between other



Haller & Atkinson