9 Glossary
- Within this section:
- CA (Certification Authority)
- CP (Certificate Policy)
- CPS (Certification Practice Statement)
- CRL (Certificate Revocation List)
- DN (Distinguished Name)
- EAL (Evaluation Assurance Level)
- End-entity
- FIPS (Federal Information Processing Standards)
- HTTP (Hypertext Transfer Protocol)
- IETF PKIX (Internet Engineering Task Force PKI X.509)
- IN-CONFIDENCE
- ITSEC (IT Security Evaluation Criteria)
- LDAP (Lightweight Directory Access Protocol)
- NZSIT (NZ Security of IT)
- OCSP (Online Certificate Status Protocol)
- OID (Object Identifier)
- PKCS (Public Key Cryptographic Standard)
- RA (Registration Agent/Authority)
- S.E.E. (Secure Electronic Environment)
- SENSITIVE
- SIGD
- Sponsor
- Steering Group (SG)
- Subscriber
- URL (Universal Resource Locator)
CA (Certification Authority)
An entity trusted by users to issue and manage X.509 public key certificates and CRLs.
CP (Certificate Policy)
A standard by which public key certificates and keys are issued and managed. The CP that a specific certificate is issued under should be referenced in the certificate's certificatePolicy field.
CPS (Certification Practice Statement)
A Certification Authority's security plan and standard operating procedures.
CRL (Certificate Revocation List)
An electronically signed list of certificates that should no longer be trusted but have not yet expired. Each CA will issue one or more CRLs. The location of the relevant CRL for a specific certificate will be defined in the certificate's CRL Distribution Point (CDP) field.
DN (Distinguished Name)
An ISO X.500 term defining a standard for unique identifiers for people, devices or other objects.
EAL (Evaluation Assurance Level)
International Common Criteria IT product security testing evaluation level. EAL1 is the lowest level of testing; EAL7 is the highest.
End-entity
The users of the certificates and keys, for instance, Subscribers, Webservers, S.E.E. Mail gateways, etc.
FIPS (Federal Information Processing Standards)
A set of IT security standards promulgated by the US National Institute of Standards and Technology.
HTTP (Hypertext Transfer Protocol)
The primary application-level communications protocol of the World Wide Web.
IETF PKIX (Internet Engineering Task Force PKI X.509)
References the Internet Working Group on PKI and their resulting standards.
IN-CONFIDENCE
Compromise of such information would be likely to prejudice the maintenance of law and order, impede the effective conduct of government in New Zealand, or affect adversely the privacy of its citizens.
ITSEC (IT Security Evaluation Criteria)
UK Government IT product security testing criteria. Evaluations go from E1 (lowest assurance = EAL2) to E6 (mathematically proven = EAL7)
LDAP (Lightweight Directory Access Protocol)
An Internet protocol for communicating with directories.
NZSIT (NZ Security of IT)
A set of IT security publications promulgated by the Government Communications Security Bureau.
OCSP (Online Certificate Status Protocol)
An Internet protocol used by a client to obtain from a server the validity status and other information concerning a digital certificate. OCSP provides more up-to-date status than is possible with CRLs at the expense of increased network traffic, latency and dependence on the OCSP service. The location of the relevant OCSP service for a specific certificate will be defined in the certificate's Authority Information Access field.
OID (Object Identifier)
The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. Certificate policies and cryptographic algorithms are two such classes.
PKCS (Public Key Cryptographic Standard)
Cryptographic guidelines promulgated by RSA Inc.
RA (Registration Agent/Authority)
An entity that is responsible for the identification and authentication of Subscribers before certificate issuance, but does not actually create or issue the certificates. The RA is a delegated agent of the CA.
S.E.E. (Secure Electronic Environment)
NZ Government initiative to provide secure interaction and collaboration between Government departments and agencies across the Internet.
SENSITIVE
Compromise of such information would be likely to damage the interests of the New Zealand government or endanger the safety of its citizens.
SIGD
Security in Government Departments manual available at http://www.security.govt.nz/sigd/
Sponsor
The department or public servant that has nominated an individual or organisation to be issued a certificate. The Sponsor is responsible for either supplying or confirming an individual's requirement for a certificate and the attribute details in the certificate. The Sponsor is also responsible for informing the CA or RA if the department's relationship with the Subscriber is terminated or changed such that the certificate should be revoked or updated. Some organisations may combine the Sponsor and Registration Agent roles.
Steering Group (SG)
The body responsible for setting, implementing and administering this Certificate Policy statement and overseeing the CA's issuing certificates under it. The S.E.E. Steering Group is the Policy Management Authority (PMA) for S.E.E. PKI.
Subscriber
An individual or organisation whose public key is certified in a public key certificate. In the Government context this could be a public servant, a citizen, or a Government client or supplier.
URL (Universal Resource Locator)
World Wide Web address of a computer or file.
[ Previous ]