X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=doc%2Fdefinitions.md;fp=doc%2Fdefinitions.md;h=f048d04fb5ada906bf3095ff6d3d8f227552084b;hp=0000000000000000000000000000000000000000;hb=b9e0dda112b86c2c7fa4af0a4455d221246b0d2d;hpb=08c941629aea14473e5c42ab6f5d590be4af4bf8

diff --git a/doc/definitions.md b/doc/definitions.md
new file mode 100644
index 00000000..f048d04f
--- /dev/null
+++ b/doc/definitions.md
@@ -0,0 +1,57 @@
+== Glossary / Definitions ==
+
+ASN.1: A horrible way to encode data. Usually used together with X.509
+
+BER: Basic Encoding Rules for ASN.1
+
+CER: Canonical Encoding Rules for ASN.1
+
+CSR: Certificate Signing Request, request to get some public key signed
+
+CSRF: Cross Site Request Forgery, attach technique breaching causality of requests
+
+DER: Distinguished Encoding Rules for ASN.1
+
+ECMA: European Computer Manufacturers Association
+
+ETSI: European Telecommunications Standards Institute
+
+GnuPG: GNU Privacy Guard, Some implementation using the OpenPGP standard
+
+HPKP: HTTP Public Key Pinning, a way to restrict the set of keys that may be used to secure a connection
+
+HSTS: Hypertext Strict Transport Security, Protection Mechanism against casual MitM in networks and SSL Stripping, governed by RFC 6797
+
+HTTP: Hypertext Transfer Protocol
+
+ITU: International Telecommunication Union, standards body responsible for most standards with a dot in their names
+
+JS: JavaScript, standard by ECMA
+
+JSON: JavaScript Object Notation, standardized way to encode data for easy parsing
+
+MIME: Multipurpose Internet Mail Extensions, some way to stuff multiple messages into one message
+
+MitM: Man-in-the-Middle, common form of attack against encrpytion systems
+
+OAuth: OpenAuthentication standard for SSO
+
+OpenPGP: Signature and Encryption format governed by RFC 4880 et. al.
+
+OTP: One-Time-Password
+
+PKI: Public Key Infrastructure
+
+PKIX: PKI using X.509
+
+SPKAC: Signed Public Key and Challenge, interactive variant of a CSR
+
+SSL: Secure Socket Layer, predecessor of TLS, cf. TLS
+
+SSO: Single Sign On, mechanism for authentication across different domains/systems using a central identity
+
+TLS: Transport Layer Security, Protocol for secure communication between a client and a server, governed by various RFCs
+
+X.509: An ITU standard describing contents of things (usually abused for PKIX certificates)
+
+XSS: Cross-Site Scripting, attack technique breaching same-origin boundaries