1 == Glossary / Definitions ==
3 ASN.1: A horrible way to encode data. Usually used together with X.509
5 BER: Basic Encoding Rules for ASN.1
7 CER: Canonical Encoding Rules for ASN.1
9 CSR: Certificate Signing Request, request to get some public key signed
11 CSRF: Cross Site Request Forgery, attach technique breaching causality of requests
13 DER: Distinguished Encoding Rules for ASN.1
15 ECMA: European Computer Manufacturers Association
17 ETSI: European Telecommunications Standards Institute
19 GnuPG: GNU Privacy Guard, Some implementation using the OpenPGP standard
21 HPKP: HTTP Public Key Pinning, a way to restrict the set of keys that may be used to secure a connection
23 HSTS: Hypertext Strict Transport Security, Protection Mechanism against casual MitM in networks and SSL Stripping, governed by RFC 6797
25 HTTP: Hypertext Transfer Protocol
27 ITU: International Telecommunication Union, standards body responsible for most standards with a dot in their names
29 JS: JavaScript, standard by ECMA
31 JSON: JavaScript Object Notation, standardized way to encode data for easy parsing
33 MIME: Multipurpose Internet Mail Extensions, some way to stuff multiple messages into one message
35 MitM: Man-in-the-Middle, common form of attack against encrpytion systems
37 OAuth: OpenAuthentication standard for SSO
39 OpenPGP: Signature and Encryption format governed by RFC 4880 et. al.
41 OTP: One-Time-Password
43 PKI: Public Key Infrastructure
47 SPKAC: Signed Public Key and Challenge, interactive variant of a CSR
49 SSL: Secure Socket Layer, predecessor of TLS, cf. TLS
51 SSO: Single Sign On, mechanism for authentication across different domains/systems using a central identity
53 TLS: Transport Layer Security, Protocol for secure communication between a client and a server, governed by various RFCs
55 X.509: An ITU standard describing contents of things (usually abused for PKIX certificates)
57 XSS: Cross-Site Scripting, attack technique breaching same-origin boundaries