== Glossary / Definitions == ASN.1: A horrible way to encode data. Usually used together with X.509 BER: Basic Encoding Rules for ASN.1 CER: Canonical Encoding Rules for ASN.1 CSR: Certificate Signing Request, request to get some public key signed CSRF: Cross Site Request Forgery, attach technique breaching causality of requests DER: Distinguished Encoding Rules for ASN.1 ECMA: European Computer Manufacturers Association ETSI: European Telecommunications Standards Institute GnuPG: GNU Privacy Guard, Some implementation using the OpenPGP standard HPKP: HTTP Public Key Pinning, a way to restrict the set of keys that may be used to secure a connection HSTS: Hypertext Strict Transport Security, Protection Mechanism against casual MitM in networks and SSL Stripping, governed by RFC 6797 HTTP: Hypertext Transfer Protocol ITU: International Telecommunication Union, standards body responsible for most standards with a dot in their names JS: JavaScript, standard by ECMA JSON: JavaScript Object Notation, standardized way to encode data for easy parsing MIME: Multipurpose Internet Mail Extensions, some way to stuff multiple messages into one message MitM: Man-in-the-Middle, common form of attack against encrpytion systems OAuth: OpenAuthentication standard for SSO OpenPGP: Signature and Encryption format governed by RFC 4880 et. al. OTP: One-Time-Password PKI: Public Key Infrastructure PKIX: PKI using X.509 SPKAC: Signed Public Key and Challenge, interactive variant of a CSR SSL: Secure Socket Layer, predecessor of TLS, cf. TLS SSO: Single Sign On, mechanism for authentication across different domains/systems using a central identity TLS: Transport Layer Security, Protocol for secure communication between a client and a server, governed by various RFCs X.509: An ITU standard describing contents of things (usually abused for PKIX certificates) XSS: Cross-Site Scripting, attack technique breaching same-origin boundaries