Secure Computing SG300 User Manual page 280

Certificates A digitally signed statement that contains information about an entity
and the entity's public key, thus binding these two pieces of information
together. A certificate is issued by a trusted organization (or entity)
called a Certification Authority (CA) after the CA has verified that the
entity is who it says it is.
Certificate A Certificate Authority is a trusted third party, which certifies public
Authority key's to truly belong to their claimed owners. It is a key part of any
Public Key Infrastructure, since it allows users to trust that a given
public key is the one they wish to use, either to send a private message
to its owner or to verify the signature on a message sent by that owner.
Certificate A list of certificates that have been revoked by the CA before they
expired. This may be necessary if the private key certificate has been
Revocation List
compromised or if the holder of the certificate is to be denied the ability
to establish a tunnel to the SG unit.
Data Encryption The Data Encryption Standard is a block cipher with 64-bit blocks and a
Standard (DES) 56-bit key.
Dead Peer The method of detecting if the remote party has a stale set of keys and
Detection if the tunnel requires rekeying. To interoperate with the SG unit, it must
conform to the draft draft-ietf-ipsec-dpd-00.txt
DHCP Dynamic Host Configuration Protocol. A communications protocol that
assigns IP addresses to computers when they are connected to the
network.
Diffie-Hellman The groups used as the basis of Diffie-Hellman key exchange in the
Group or Oakley Oakley protocol, and in IKE.
Group
Diffie-Hellman A protocol that allows two parties without any initial shared secret to
Key Exchange create one in a manner immune to eavesdropping. Once they have
done this, they can communicate privately by using that shared secret
as a key for a block cipher or as the basis for key exchange.
Distinguished A list of attributes that defines the description of the certificate. These
Name attributes include: country, state, locality, organization, organizational
unit and common name.
DNS Domain Name System that allocates Internet domain names and
translates them into IP addresses. A domain name is a meaningful and
easy to remember name for an IP address.
DUN Dial Up Networking.
Encapsulating Encapsulated Security Payload is the IPSec protocol which provides
Security Payload encryption and can also provide authentication service.
(ESP)
Encryption The technique for converting a readable message (plaintext) into
apparently random material (ciphertext) which cannot be read if
intercepted. The proper decryption key is required to read the
message.
Ethernet A physical layer protocol based upon IEEE standards.
Appendix A – Terminology
276