428
DWS-1008 User’s Manual
D-Link Systems, Inc.
Appendix D - Glossary
PEAP
Protected Extensible Authentication Protocol. A draft extension to the Extensible Authentication
Protocol with Transport Layer Security (EAP-TLS), developed by Microsoft Corporation,
Cisco Systems, and RSA Data Security, Inc. TLS is used in PEAP Part 1 to authenticate the
server only, and thus avoids having to distribute user certificates to every client. PEAP Part 2
performs mutual authentication between the EAP client and the server. Compare
EAPTLS
.
PEM
Privacy-Enhanced Mail. A protocol, defined in RFC 1422 through RFC 1424, for transporting
digital certificates and certificate signing requests over the Internet. PEM format encodes
the certificates on the basis of an X.509 hierarchy of certificate authorities (CAs).
Base64
encoding is used to convert the certificates to ASCII text, and the encoded text is enclosed
between BEGIN CERTIFICATE and END CERTIFICATE delimiters.
Per-VLAN Spanning Tree protocol
See
PVST+
.
PIM
Protocol Independent Multicast protocol. A protocol-independent multicast routing protocol
that supports thousands of groups, a variety of multicast applications, and existing Layer 2
subnetwork technologies. PIM can be operated in two modes: dense and sparse. In PIM
dense mode (PIM-DM), packets are flooded on all outgoing interfaces to many receivers.
PIM sparse mode (PIM-SM) limits data distribution to a minimal number of widely distributed
routers. PIM-SM packets are sent only if they are explicitly requested at a rendezvous point
(RP).
PKCS
Public-Key Cryptography Standards. A group of specifications produced by RSA Laboratories
and secure systems developers, and first published in 1991. Among many other features and
functions, the standards define syntax for digital certificates, certificate signing requests, and
key transportation.
PKI
Public-key infrastructure. Software that enables users of an insecure public network such
as the Internet to exchange information securely and privately. The PKI uses public-key
cryptography (also known as
asymmetric cryptography
) to authenticate the message sender
and encrypt the message by means of a pair of cryptographic keys, one public and one
private. A trusted certificate authority (CA) creates both keys simultaneously with the same
algorithm. A registration authority (RA) must verify the certificate authority before a digital
certificate is issued to a requestor.
The PKI uses the digital certificate to identify an individual or an organization. The private key
is given only to the requesting party and is never shared, and the public key is made publicly
available (as part of the digital certificate) in a directory that all parties can access. You use the
private key to decrypt text that has been encrypted with your public key by someone else. The
certificates are stored (and, when necessary, revoked) by directory services and managed by
a certificate management system. See also
certificate authority (CA)
;
registration authority
(RA)
.
Summary of Contents for DWS-1008
Page 1: ......