On 9 Aug 2016, at 4:05, Tony Finch wrote:
Greetings again. There are six terms that are commonly used when
we talk
about DNSSEC:
- validation and validate
- authentication and authenticate
- verification and verify
Are they defined in any RFCs that we can use for the
terminology-bis
document?
RFC 4949 - Internet Security Glossary
I looked there, but the terms don't fit well for DNSSEC. If there are
bits below that we can pick out, great, but it seems like a stretch.
--Paul Hoffman
$ validate
1. (I) Establish the soundness or correctness of a construct.
Example: certificate validation. (See: validate vs. verify.)
2. (I) To officially approve something, sometimes in relation to
a
standard. Example: NIST validates cryptographic modules for
conformance with [FP140].
$ authenticate
(I) Verify (i.e., establish the truth of) an attribute value
claimed by or for a system entity or system resource. (See:
authentication, validate vs. verify, "relationship between data
integrity service and authentication services" under "data
integrity service".)
Deprecated Usage: In general English usage, this term is used
with
the meaning "to prove genuine" (e.g., an art expert authenticates
a Michelangelo painting); but IDOCs should restrict usage as
follows:
- IDOCs SHOULD NOT use this term to refer to proving or checking
that data has not been changed, destroyed, or lost in an
unauthorized or accidental manner. Instead, use "verify".
- IDOCs SHOULD NOT use this term to refer to proving the truth
or
accuracy of a fact or value such as a digital signature.
Instead, use "verify".
- IDOCs SHOULD NOT use this term to refer to establishing the
soundness or correctness of a construct, such as a digital
certificate. Instead, use "validate".
$ authentication
(I) The process of verifying a claim that a system entity or
system resource has a certain attribute value. (See: attribute,
authenticate, authentication exchange, authentication
information,
credential, data origin authentication, peer entity
authentication, "relationship between data integrity service and
authentication services" under "data integrity service", simple
authentication, strong authentication, verification, X.509.)
$ verification
1. (I) /authentication/ The process of examining information to
establish the truth of a claimed fact or value. (See: validate
vs.
verify, verify. Compare: authentication.)
2. (N) /COMPUSEC/ The process of comparing two levels of system
specification for proper correspondence, such as comparing a
security model with a top-level specification, a top-level
specification with source code, or source code with object code.
[NCS04]
$ verify
(I) To test or prove the truth or accuracy of a fact or value.
(See: validate vs. verify, verification. Compare: authenticate.)
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop