CA/Terminology: Difference between revisions

Jump to navigation Jump to search

CA/Terminology (view source)

Revision as of 20:22, 27 August 2012

2,491 bytes removed ,  27 August 2012
no edit summary
(Created page with "{{draft}} Terminology related to Mozilla's CA Certificate Policy and practices. Certificate: An electronic document that uses a digital signature to bind a public key and an id...")
 
No edit summary
Line 1: Line 1:
{{draft}}
{{draft}}


Terminology related to Mozilla's CA Certificate Policy and practices.
== Terminology related to Mozilla's CA Certificate Policy and practices ==


Certificate: An electronic document that uses a digital signature to bind a public key and an identity.
'''Certificate:''' An electronic document that uses a digital signature to bind a public key and an identity. Certificates are used in three primary functions within Mozilla software: to connect to an SSL-enabled web server or other SSL-enabled servers, to read digitally signed email from another user, to download and execute digitally signed code.  


Certificate Policy: A set of rules that indicates the applicability of a named Certificate to a particular community and/or PKI implementation with common security requirements.
'''Certificate Policy:''' A set of rules that indicates the applicability of a named Certificate to a particular community and/or PKI implementation with common security requirements.


Certificate Revocation List: A regularly updated time-stamped list of revoked Certificates that is created and
'''Certification Authority:''' An organization that is responsible for the creation, issuance, revocation, and management of Certificates. The term applies equally to both Roots CAs and Subordinate CAs.
digitally signed by the CA that issued the Certificates.


Certification Authority: An organization that is responsible for the creation, issuance, revocation, and
'''Certification Practice Statement:''' One of several documents forming the governance framework in which Certificates are created, issued, managed, and used.
management of Certificates. The term applies equally to both Roots CAs and Subordinate CAs.


Certification Practice Statement: One of several documents forming the governance framework in which
'''End-Entity Certificate:''' A Certificate that does not sign other Certificates.
Certificates are created, issued, managed, and used.


Cross Certificate: A certificate that is used to establish a trust relationship between two Root CAs.
'''Intermediate Certificate:''' A Certificate that is signed by either a Root Certificate or another Intermediate Certificate, and that signs either end-entity Certificates or other Intermediate Certificates.


Domain Name: The label assigned to a node in the Domain Name System.
'''Root CA:''' The top level Certification Authority whose Root Certificate is included in NSS.


Enterprise RA: An employee or agent of an organization unaffiliated with the CA who authorizes issuance of
'''Root Certificate:''' The self-signed Certificate issued by the Root CA to identify itself and to facilitate verification of Certificates issued to its Subordinate CAs.
Certificates to that organization.


Fully-Qualified Domain Name: A Domain Name that includes the labels of all superior nodes in the Internet
'''Subordinate CA:''' A Certification Authority whose Certificate is signed by the Root CA, or another Subordinate CA.
Domain Name System.


Government Entity: A government-operated legal entity, agency, department, ministry, branch, or similar element
'''Trust Anchor:''' A Certificate that is included in NSS, this is usually a Root Certificate, but under certain circumstances may be an Intermediate Certificate.
of the government of a country, or political subdivision within such country (such as a state, province, city, county,
etc.).
 
Internal Server Name: A Server Name (which may or may not include an Unregistered Domain Name) that is not
resolvable using the public DNS.
 
Issuing CA: In relation to a particular Certificate, the CA that issued the Certificate. This could be either a Root CA or a Subordinate CA.
 
OCSP Responder: An online server operated under the authority of the CA and connected to its Repository for
processing Certificate status requests. See also, Online Certificate Status Protocol.
 
Online Certificate Status Protocol: An online Certificate-checking protocol that enables relying-party application software to determine the status of an identified Certificate. See also OCSP Responder.
 
Private Key: The key of a Key Pair that is kept secret by the holder of the Key Pair, and that is used to create
Digital Signatures and/or to decrypt electronic records or files that were encrypted with the corresponding Public Key.
 
Public Key: The key of a Key Pair that may be publicly disclosed by the holder of the corresponding Private Key
and that is used by a Relying Party to verify Digital Signatures created with the holder's corresponding Private Key and/or to encrypt messages so that they can be decrypted only with the holder's corresponding Private Key.
 
Public Key Infrastructure: A set of hardware, software, people, procedures, rules, policies, and obligations used
to facilitate the trustworthy creation, issuance, management, and use of Certificates and keys based on Public Key Cryptography.
 
Registration Authority (RA): Any Legal Entity that is responsible for identification and authentication of subjects of Certificates, but is not a CA, and hence does not sign or issue Certificates. An RA may assist in the certificate application process or revocation process or both. When “RA” is used as an adjective to describe a role or function, it does not necessarily imply a separate body, but can be part of the CA.
 
Repository: An online database containing publicly-disclosed PKI governance documents (such as Certificate
Policies and Certification Practice Statements) and Certificate status information, either in the form of a CRL or an OCSP response.
 
Root CA: The top level Certification Authority whose Root Certificate is distributed by Application Software
Suppliers and that issues Subordinate CA Certificates.
 
Root Certificate: The self-signed Certificate issued by the Root CA to identify itself and to facilitate verification of Certificates issued to its Subordinate CAs.
 
Subordinate CA: A Certification Authority whose Certificate is signed by the Root CA, or another Subordinate
CA.
 
Subscriber: A natural person or Legal Entity to whom a Certificate is issued and who is legally bound by a
Subscriber or Terms of Use Agreement.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/464561"

Navigation menu