You are here

Glossary

  • CA
    Certificate Authority : an entity which issues digital certificates for use by other parties.
     
  • Certificate
    Computer data object, constituted by 3 main parts :

    - owner's identity information,
    - cryptographic data (public key),
    - certificate's validity information. This part uses PKI mechanisms.

    A hidden part is the private key associated with the public key, but it is not present in the certificate.

  • CRL
    Certificate Revocation List : a list of serial numbers of certificates that have been discarded in a PKI; these certificates cannot be used anymore.
     
  • Cryptography
    The art of hiding information to unauthorized eyes.
     
  • DCV
    Domain Control Validation: a procedure to validate domain's ownership for a certificate request.
  • PGP
    Pretty Good Privacy : a computer program for the encryption and decryption of data, mainly emails.
     
  • CSR
    Certificate Signing Request : document containing all data needed to be signed to issue a certificate (public key and identity) by a certificate authority.
     
  • OCSP
    Online Certificate Status Protocol: a internet protocol used to verify the revocation status of a digital certificate. It was developed to solve the problems with CRL:
    - it can provide more timely information regarding the status of a certificate,
    - it removes the need for the user to download CRL
    - there is no need for the client to parse the CRL themselves.
     
  • PKI
    Public Key Infrastructure : operational deployement of a public key cryptographic system, using certificates, CA, RA, etc. Its purpose is to let different parties verify digital indentities of persons or servers. While not mandatory, PKI uses certificates as its basic building block.
     
  • RA
    Registration Authority : an entity which approves digital certificate signing requests further signed by a CA.
     
  • TCS
    TERENA Certificates Service : a TERENA project established to provide low costs servers certificates to some local NREN's R&E customers. It is the successor of the previous project called Server Certificate Service.