1<html>
2<head>
3<title>mod_ssl: Glossary</title>
4
5<!--
6  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
7
8  Redistribution and use in source and binary forms, with or without
9  modification, are permitted provided that the following conditions
10  are met:
11
12  1. Redistributions of source code must retain the above
13     copyright notice, this list of conditions and the following
14     disclaimer.
15
16  2. Redistributions in binary form must reproduce the above
17     copyright notice, this list of conditions and the following
18     disclaimer in the documentation and/or other materials
19     provided with the distribution.
20
21  3. All advertising materials mentioning features or use of this
22     software must display the following acknowledgment:
23     "This product includes software developed by
24      Ralf S. Engelschall <rse@engelschall.com> for use in the
25      mod_ssl project (http://www.modssl.org/)."
26
27  4. The name "mod_ssl" must not be used to endorse or promote
28     products derived from this software without prior written
29     permission.
30
31  5. Redistributions of any form whatsoever must retain the
32     following acknowledgment:
33     "This product includes software developed by
34      Ralf S. Engelschall <rse@engelschall.com> for use in the
35      mod_ssl project (http://www.modssl.org/)."
36
37  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
38  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
41  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48  OF THE POSSIBILITY OF SUCH DAMAGE.
49-->
50<style type="text/css"><!--
51A:link {
52    text-decoration: none;
53    color: #6666cc;
54}
55A:active {
56    text-decoration: none;
57    color: #6666cc;
58}
59A:visited {
60    text-decoration: none;
61    color: #6666cc;
62}
63#sf {
64    font-family: arial,helvetica;
65    font-variant: normal;
66    font-style: normal;
67}
68H1 {
69    font-weight: bold;
70    font-size: 24pt;
71    line-height: 24pt;
72    font-family: arial,helvetica;
73    font-variant: normal;
74    font-style: normal;
75}
76H2 {
77    font-weight: bold;
78    font-size: 18pt;
79    line-height: 18pt;
80    font-family: arial,helvetica;
81    font-variant: normal;
82    font-style: normal;
83}
84H3 {
85    font-weight: bold;
86    font-size: 14pt;
87    line-height: 14pt;
88    font-family: arial,helvetica;
89    font-variant: normal;
90    font-style: normal;
91}
92H4 {
93    font-weight: bold;
94    font-size: 12pt;
95    line-height: 12pt;
96    font-family: arial,helvetica;
97    font-variant: normal;
98    font-style: normal;
99}
100#H {
101}
102#D {
103    background-color: #f0f0f0;
104}
105#faq {
106    font-weight: bold;
107    font-size: 16pt;
108    line-height: 16pt;
109    font-family: arial,helvetica;
110    font-variant: normal;
111    font-style: normal;
112}
113#howto {
114    font-weight: bold;
115    font-size: 16pt;
116    line-height: 16pt;
117    font-family: arial,helvetica;
118    font-variant: normal;
119    font-style: normal;
120}
121#term {
122    font-weight: bold;
123    font-size: 16pt;
124    line-height: 16pt;
125    font-family: arial,helvetica;
126    font-variant: normal;
127    font-style: normal;
128}
129--></style>
130<script type="text/javascript" language="JavaScript">
131<!-- Hiding the code
132function ro_imgNormal(imgName) {
133    if (document.images) {
134        document[imgName].src = eval(imgName + '_n.src');
135        self.status = '';
136    }
137}
138function ro_imgOver(imgName, descript) {
139    if (document.images) {
140        document[imgName].src = eval(imgName + '_o.src');
141        self.status = descript;
142    }
143}
144// done hiding -->
145</script>
146<script type="text/javascript" language="JavaScript">
147<!-- Hiding the code
148if (document.images) {
149    ro_img_prev_top_n = new Image();
150    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
151    ro_img_prev_top_o = new Image();
152    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
153}
154// done hiding -->
155</script>
156<script type="text/javascript" language="JavaScript">
157<!-- Hiding the code
158if (document.images) {
159    ro_img_prev_bot_n = new Image();
160    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
161    ro_img_prev_bot_o = new Image();
162    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
163}
164// done hiding -->
165</script>
166</head>
167<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
168<div align="center">
169<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
170<tr>
171  <td>
172      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
173      <table width="600" cellspacing="0" cellpadding="0" summary="">
174      <tr>
175        <td>
176        <table width="600" summary="">
177        <tr>
178            <td align="left" valign="bottom">
179            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
180            </td>
181            <td align="right">
182              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-7.gif" alt="7" width="74" height="89">
183            </td>
184        </tr>
185        </table>
186        </td>
187      </tr>
188      <tr>
189        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
190      </tr>
191      <tr>
192        <td>
193           <table width="600" border="0" summary="">
194           <tr>
195            <td valign="top" align="left" width="250">
196<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
197            </td>
198            <td valign="top" align="right" width="250">
199            </td>
200           </tr>
201           </table>
202         </td>
203      </tr>
204      <tr>
205        <td>
206          <br>
207          <img src="ssl_template.title-gloss.gif" alt="Glossary" width="456" height="60">
208        </td>
209      </tr>
210      </table>
211<div align="right">
212<table cellspacing="0" cellpadding="0" width="300" summary="">
213<tr>
214<td>
215<em>
216``I know you believe you understand what you think I said, but I am not sure you
217realize that what you heard is not what I meant.''
218</em>
219</td>
220</tr>
221<tr>
222<td align="right">
223<font size="-1">
224Richard Nixon
225</font>
226</td>
227</tr>
228</table>
229</div>
230<dl>
231<dt><div id="term">Authentication</div>
232<dd>The positive identification of a network entity such as a server, a
233    client, or a user. In SSL context the server and client
234    <em>Certificate</em> verification process.
235<p>
236<dt><div id="term">Access Control</div>
237<dd>The restriction of access to network realms. In Apache context
238    usually the restriction of access to certain <em>URLs</em>.
239<p>
240<dt><div id="term">Algorithm</div>
241<dd>An unambiguous formula or set of rules for solving a problem in a finite
242    number of steps. Algorithms for encryption are usually called <em>Ciphers</em>.
243<p>
244<dt><div id="term">Certificate</div>
245<dd>A data record used for authenticating network entities such
246    as a server or a client. A certificate contains X.509 information pieces
247    about its owner (called the subject) and the signing <em>Certificate
248    Authority</em> (called the issuer), plus the owner's public key and the
249    signature made by the CA. Network entities verify these signatures using
250    CA certificates.
251<p>
252<dt><div id="term">Certification Authority (CA)</div>
253<dd>A trusted third party whose purpose is to sign certificates for network
254    entities it has authenticated using secure means. Other network entities
255    can check the signature to verify that a CA has authenticated the bearer
256    of a certificate.
257<p>
258<dt><div id="term">Certificate Signing Request (CSR)</div>
259<dd>An unsigned certificate for submission to a <em>Certification Authority</em>,
260    which signs it with the <em>Private Key</em> of their CA <em>Certificate</em>. Once
261    the CSR is signed, it becomes a real certificate.
262<p>
263<dt><div id="term">Cipher</div>
264<dd>An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
265<p>
266<dt><div id="term">Ciphertext</div>
267<dd>The result after a <em>Plaintext</em> passed a <em>Cipher</em>.
268<p>
269<dt><div id="term">Configuration Directive</div>
270<dd>A configuration command that controls one or more aspects of a program's
271    behavior. In Apache context these are all the command names in the first
272    column of the configuration files.
273<p>
274<dt><div id="term">CONNECT</div>
275<dd>A HTTP command for proxying raw data channels over HTTP. It can be used to
276    encapsulate other protocols, such as the SSL protocol.
277<p>
278<dt><div id="term">Digital Signature</div>
279<dd>An encrypted text block that validates a certificate or other file. A
280    <em>Certification Authority</em> creates a signature by generating a
281    hash of the <em>Public Key</em> embedded in a <em>Certificate</em>, then
282    encrypting the hash with its own <em>Private Key</em>. Only the CA's
283    public key can decrypt the signature, verifying that the CA has
284    authenticated the network entity that owns the <em>Certificate</em>.
285<p>
286<dt><div id="term">Export-Crippled</div>
287<dd>Diminished in cryptographic strength (and security) in order to comply
288    with the United States' Export Administration Regulations (EAR).
289    Export-crippled cryptographic software is limited to a small key size,
290    resulting in <em>Ciphertext</em> which usually can be decrypted by brute
291    force.
292<p>
293<dt><div id="term">Fully-Qualified Domain-Name (FQDN)</div>
294<dd>The unique name of a network entity, consisting of a hostname and a domain
295    name that can resolve to an IP address. For example, <code>www</code> is a
296    hostname, <code>whatever.com</code> is a domain name, and
297    <code>www.whatever.com</code> is a fully-qualified domain name.
298<p>
299<dt><div id="term">HyperText Transfer Protocol (HTTP)</div>
300<dd>The HyperText Transport Protocol is the standard transmission protocol used
301    on the World Wide Web.
302<p>
303<dt><div id="term">HTTPS</div>
304<dd>The HyperText Transport Protocol (Secure), the standard encrypted
305    communication mechanism on the World Wide Web. This is actually just HTTP
306    over SSL.
307<p>
308<dt><div id="term">Message Digest</div>
309<dd>A hash of a message, which can be used to verify that the contents of
310    the message have not been altered in transit.
311<p>
312<dt><div id="term">OpenSSL</div>
313<dd>The Open Source toolkit for SSL/TLS;
314    see <a href="http://www.openssl.org/">http://www.openssl.org/</a>
315<p>
316<dt><div id="term">Pass Phrase</div>
317<dd>The word or phrase that protects private key files.
318    It prevents unauthorized users from encrypting them. Usually it's just
319    the secret encryption/decryption key used for <em>Ciphers</em>.
320<p>
321<dt><div id="term">Plaintext</div>
322<dd>The unencrypted text.
323<p>
324<dt><div id="term">Private Key</div>
325<dd>The secret key in a <em>Public Key Cryptography</em> system, used to
326    decrypt incoming messages and sign outgoing ones.
327<p>
328<dt><div id="term">Public Key</div>
329<dd>The publically available key in a <em>Public Key Cryptography</em> system, used to
330    encrypt messages bound for its owner and to decrypt signatures made by its
331    owner.
332<p>
333<dt><div id="term">Public Key Cryptography</div>
334<dd>The study and application of asymmetric encryption systems, which use one
335    key for encryption and another for decryption. A corresponding pair of
336    such keys constitutes a key pair. Also called Asymmetric Crypography.
337<p>
338<dt><div id="term">Secure Sockets Layer (SSL)</div>
339<dd>A protocol created by Netscape Communications Corporation for
340    general communication authentication and encryption over TCP/IP networks.
341    The most popular usage is <em>HTTPS</em>, i.e. the HyperText Transfer
342    Protocol (HTTP) over SSL.
343<p>
344<dt><div id="term">Session</div>
345<dd>The context information of an SSL communication.
346<p>
347<dt><div id="term">SSLeay</div>
348<dd>The original SSL/TLS implementation library developed by
349    Eric A. Young &lt;eay@aus.rsa.com&gt;;
350    see <a href="http://www.ssleay.org/">http://www.ssleay.org/</a>
351<p>
352<dt><div id="term">Symmetric Cryptography</div>
353<dd>The study and application of <em>Ciphers</em> that use a single secret key
354    for both encryption and decryption operations.
355<p>
356<dt><div id="term">Transport Layer Security (TLS)</div>
357<dd>The successor protocol to SSL, created by the Internet Engineering Task
358    Force (IETF) for general communication authentication and encryption over
359    TCP/IP networks. TLS version 1 and is nearly identical with SSL version 3.
360<p>
361<dt><div id="term">Uniform Resource Locator (URL)</div>
362<dd>The formal identifier to locate various resources on the World Wide Web.
363    The most popular URL scheme is <code>http</code>. SSL uses the
364    scheme <code>https</code>
365<p>
366<dt><div id="term">X.509</div>
367<dd>An authentication certificate scheme recommended by the International
368    Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.
369</dl>
370      <p>
371      <br>
372      <table summary="">
373      <tr>
374        <td>
375           <table width="600" border="0" summary="">
376           <tr>
377            <td valign="top" align="left" width="250">
378<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font>
379            </td>
380            <td valign="top" align="right" width="250">
381            </td>
382           </tr>
383           </table>
384         </td>
385      </tr>
386      <tr>
387        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
388      </tr>
389      <tr>
390        <td><table width="598" summary="">
391        <tr>
392        <td align="left"><font face="Arial,Helvetica">
393        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
394        The Apache Interface to OpenSSL
395        </font>
396        </td>
397        <td align="right"><font face="Arial,Helvetica">
398        Copyright &copy; 1998-2001
399        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
400        All Rights Reserved<br>
401        </font>
402        </td>
403        </tr>
404        </table>
405        </td>
406      </tr>
407      </table>
408  </td>
409</tr>
410</table>
411</div>
412</body>
413</html>
414