diff options
| author | Werner Koch <wk@gnupg.org> | 2007-08-14 18:50:27 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2007-08-14 18:50:27 +0200 |
| commit | d20d11a0eeb306feb9c256eadd1b4b606b15934e (patch) | |
| tree | 9d5671631dc8599fa44aafd9572b1c282ddb4110 /doc/glossary.texi | |
| parent | Implemented the chain model for X.509 validation. (diff) | |
| download | gnupg2-d20d11a0eeb306feb9c256eadd1b4b606b15934e.tar.xz gnupg2-d20d11a0eeb306feb9c256eadd1b4b606b15934e.zip | |
Documentaion updates.
Support doe Dirmngr under W32.
Fixed a yat2m bug.
Diffstat (limited to 'doc/glossary.texi')
| -rw-r--r-- | doc/glossary.texi | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/doc/glossary.texi b/doc/glossary.texi index 22bd7adc5..ff68f9d42 100644 --- a/doc/glossary.texi +++ b/doc/glossary.texi @@ -12,6 +12,21 @@ @acronym{CRL} but used for @acronym{CA}s and not for end user certificates. +@item Chain model + Verification model for X.509 which uses the creation date of a +signature as the date the validation starts and in turn checks that each +certificate has been issued within the time frame, the issuing +certificate was valid. This allows the verification of signatures after +the the CA's certificate expired. The validation test also required an +online check of the certificate status. The chain model is required by +the German signature law. See also @emph{Shell model}. + +@item CMS + The @emph{Cryptographic Message Standard} describes a message +format for encryption and digital signing. It is closely related to the +X.509 certificate format. @acronym{CMS} was formerly known under the +name @code{PKCS#7} and is described by @code{RFC3369}. + @item CRL The @emph{Certificate Revocation List} is a list containing certificates revoked by the issuer. @@ -21,6 +36,12 @@ certificates revoked by the issuer. ask them to issue a new certificate. The data format of such a signing request is called PCKS#10. +@item OpenPGP + A data format used to build a PKI and to exchange encrypted or +signed messages. In contrast to X.509, OpenPGP also includes the +message format but does not explicilty demand a specific PKI. However +any kind of PKI may be build upon the OpenPGP protocol. + @item Keygrip This term is used by GnuPG to describe a 20 byte hash value used to identify a certain key without referencing to a concrete protocol. @@ -37,4 +58,15 @@ store private keys. This is either a smartcard or a collection of files on a disk; the latter is often called a Soft-PSE. +@item Shell model +The standard model for validation of certificates under X.509. At the +time of the verification all certifciates must be valid and not expired. +See also @emph{Chain mode}. + + +@item X.509 +Description of a PKI used with CMS. It is for example +defined by @code{RFC3280}. + + @end table |