Terms Used In VPNs

The following is a list of terms that are commonly found in discussions of virtual private networks (VPNs) and brief descriptions of the terms. If you are looking for a term that you do not find here, please send a message to Paul Hoffman, director of VPNC, so that we can add it to the list.

RFC 2828 is an extensive glossary of security terms.

Term Definition Reference

ASN.1 Abstract Syntax Notation (1). A method for describing data that is used in many other standards. CCITT, Recommendation X.208, "Specification of Abstract Syntax Notation One (ASN.1)"

CAST A cryptographic encryption algorithm that is an optional part of some standards. RFC 2144

CE Customer edge. The router that is on the customer's side of the customer-provider interface.

CPE Customer premise equipment. Systems that are at a customer's site (as compared systems that are in a service provider's network).

cryptography The study and practice of keeping data secure. Two common applications of cryptography are privacy (preventing unauthorized viewing of data) and authentication (proving one's identity to access data or as the source of a message). Cryptography links kept at Counterpane Systems

DES Data Encryption Standard. A cryptographic encryption algorithm that is part of many standards. American National Standards Institute, ANSI X3.106, "American National Standard for Information Systems - Data Link Encryption"

Diffie-Hellman A cryptographic key-exchange algorithm that is part of many standards. See also X9.42.

digital signature A method for proving that the holder of a private key is the originator of a message

DSS Digital Signature Standard. A cryptographic signature algorithm that is part of many standards. Also called DSA (Digital Signature Algorithm). National Institute of Standards and Technology, FIPS Pub 186: Digital Signature Standard.

FAQ Frequently Asked Question. Usually, this is a document that lists frequently asked questions on a particular topic and gives answers to the questions.

IAB Internet Architecture Board. The body that helps define the overall architecture and design of Internet protocols. The IAB is the technical advisory group of the ISOC. http://www.iab.org/iab/

IESG Internet Engineering Steering Group. The group who oversees the IETF working group process and determines which proposals become standards. http://www.ietf.org/iesg.html

IETF Internet Engineering Task Force. The main organization that creates protocol standards for the Internet. http://www.ietf.org/

IKE Internet Key Exchange. The protocol used to exchange symmetric keys for performing IPsec. RFC 2409

Internet Draft A document that is offered for review to the IETF. VPNC's list of VPN standards and drafts

IPsec IP Security. The protocol used to give authentication and/or encryption to IP packets. RFC 2401 and many others

ISAKMP Internet Security Association and Key Manangement Protocol. The basis for IKE. RFC 2408

ISOC Internet Society. The longest-standing organization promoting the use of the Internet. http://www.isoc.org/

L2TP Layer 2 Tunneling Protocol. Provides a means for tunneling IP traffic in layer 2. Can be used with IPsec to provide authentication. RFC 2661

LDAP Lightweight Directory Access Protocol. A simpler protocol for directory access than X.500. RFC 2251

LDP Label distribution protocol RFC 3036

LSR Label switching router. A router that can read and respond to labelled layer 2 datagrams

MPLS Multiprotocol label switching protocol RFC 3031

Oakley A protocol in which two authenticated parties can agree on secret keys. RFC 2412

PE Provider edge. The router that is on the provider's side of the customer-provider interface.

PKI Public Key Infrastructure. The mechanisms used both to allow a recipient of a signed message to trust the signature and to allow a sender to find the encryption key for a recipient.

PKIX Internet X.509 Public Key Infrastructure. The name of the IETF working group creating standards for PKI on the Internet. http://www.imc.org/ietf-pkix/

PPTP Point-to-Point Tunneling Protocol. Provides a means for tunneling IP traffic in layer 2. RFC 2637

PPVPN Provider-provisioned VPN. A VPN that is managed by a service provider, not the user of the VPN.

public key cryptography A method for creating two keys (also called a key pair) that can be used to encrypt and decrypt messages. One of the two keys, the public key, is widely published, while the other key, the private key is kept secret. When you want to encrypt a message for a recipient, you use that recipient's public key; only someone with the private key can decrypt the message. When you want to digitally sign a message, you use your private key; anyone with your public key can then check the signature and verify that only you could have signed the message.

QoS Quality of Service. There are many meanings for this term, but they generally revolve around guarantees of service levels for Internet connections. With respect to VPNs, QoS generally means the amount of throughput and/or the number of simultaneous connections that can be sustained over a connection that uses IPsec.

RFC Request For Comments. The primary mechanism used by the IETF to publish documents, including standards. VPNC's list of VPN standards and drafts

RSA Rivest-Shamir-Adelman. The name of a cryptographic key-exchange algorithm popular in many security protocols. Also the name of the company which controls the US patent on the algorithm. RFC 2313

SSL Secure Sockets Layer. A protocol for encryption and authentication of Internet connections. See TLS.

TLS Transport Layer Security. The standardized version of SSL.

Triple DES A cryptographic algorithm for repeated DES operations that have the effect of increasing the security of the encrypted message. American National Standards Institute, ANSI X9.52-1998, "Triple Data Encryption Algorithm Modes of Operation"

VPN A private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

VPNC Virtual Private Network Consortium. The trade association for manufacturers and providers in the VPN market. http://www.vpnc.org/

WG Working Group. Usually used with reference to the IETF.

X.509 Specification of the format of digital certificates. See also PKIX. ITU-T Recommendation X.509 (1997), ISO/IEC 9594-8:1997, Information technology - Open Systems Interconnection - The Directory: Authentication framework.

X9.42 A specification for methods of using the Diffie-Hellman algorithms. American National Standards Institute, "Agreement Of Symmetric Keys Using Diffie-Hellman and MQV Algorithms", ANSI draft, 1998.

Term	Definition	Reference
ASN.1	Abstract Syntax Notation (1). A method for describing data that is used in many other standards.	CCITT, Recommendation X.208, "Specification of Abstract Syntax Notation One (ASN.1)"
CAST	A cryptographic encryption algorithm that is an optional part of some standards.	RFC 2144
CE	Customer edge. The router that is on the customer's side of the customer-provider interface.
CPE	Customer premise equipment. Systems that are at a customer's site (as compared systems that are in a service provider's network).
cryptography	The study and practice of keeping data secure. Two common applications of cryptography are privacy (preventing unauthorized viewing of data) and authentication (proving one's identity to access data or as the source of a message).	Cryptography links kept at Counterpane Systems
DES	Data Encryption Standard. A cryptographic encryption algorithm that is part of many standards.	American National Standards Institute, ANSI X3.106, "American National Standard for Information Systems - Data Link Encryption"
Diffie-Hellman	A cryptographic key-exchange algorithm that is part of many standards. See also X9.42.
digital signature	A method for proving that the holder of a private key is the originator of a message
DSS	Digital Signature Standard. A cryptographic signature algorithm that is part of many standards. Also called DSA (Digital Signature Algorithm).	National Institute of Standards and Technology, FIPS Pub 186: Digital Signature Standard.
FAQ	Frequently Asked Question. Usually, this is a document that lists frequently asked questions on a particular topic and gives answers to the questions.
IAB	Internet Architecture Board. The body that helps define the overall architecture and design of Internet protocols. The IAB is the technical advisory group of the ISOC.	http://www.iab.org/iab/
IESG	Internet Engineering Steering Group. The group who oversees the IETF working group process and determines which proposals become standards.	http://www.ietf.org/iesg.html
IETF	Internet Engineering Task Force. The main organization that creates protocol standards for the Internet.	http://www.ietf.org/
IKE	Internet Key Exchange. The protocol used to exchange symmetric keys for performing IPsec.	RFC 2409
Internet Draft	A document that is offered for review to the IETF.	VPNC's list of VPN standards and drafts
IPsec	IP Security. The protocol used to give authentication and/or encryption to IP packets.	RFC 2401 and many others
ISAKMP	Internet Security Association and Key Manangement Protocol. The basis for IKE.	RFC 2408
ISOC	Internet Society. The longest-standing organization promoting the use of the Internet.	http://www.isoc.org/
L2TP	Layer 2 Tunneling Protocol. Provides a means for tunneling IP traffic in layer 2. Can be used with IPsec to provide authentication.	RFC 2661
LDAP	Lightweight Directory Access Protocol. A simpler protocol for directory access than X.500.	RFC 2251
LDP	Label distribution protocol	RFC 3036
LSR	Label switching router. A router that can read and respond to labelled layer 2 datagrams
MPLS	Multiprotocol label switching protocol	RFC 3031
Oakley	A protocol in which two authenticated parties can agree on secret keys.	RFC 2412
PE	Provider edge. The router that is on the provider's side of the customer-provider interface.
PKI	Public Key Infrastructure. The mechanisms used both to allow a recipient of a signed message to trust the signature and to allow a sender to find the encryption key for a recipient.
PKIX	Internet X.509 Public Key Infrastructure. The name of the IETF working group creating standards for PKI on the Internet.	http://www.imc.org/ietf-pkix/
PPTP	Point-to-Point Tunneling Protocol. Provides a means for tunneling IP traffic in layer 2.	RFC 2637
PPVPN	Provider-provisioned VPN. A VPN that is managed by a service provider, not the user of the VPN.
public key cryptography	A method for creating two keys (also called a key pair) that can be used to encrypt and decrypt messages. One of the two keys, the public key, is widely published, while the other key, the private key is kept secret. When you want to encrypt a message for a recipient, you use that recipient's public key; only someone with the private key can decrypt the message. When you want to digitally sign a message, you use your private key; anyone with your public key can then check the signature and verify that only you could have signed the message.
QoS	Quality of Service. There are many meanings for this term, but they generally revolve around guarantees of service levels for Internet connections. With respect to VPNs, QoS generally means the amount of throughput and/or the number of simultaneous connections that can be sustained over a connection that uses IPsec.
RFC	Request For Comments. The primary mechanism used by the IETF to publish documents, including standards.	VPNC's list of VPN standards and drafts
RSA	Rivest-Shamir-Adelman. The name of a cryptographic key-exchange algorithm popular in many security protocols. Also the name of the company which controls the US patent on the algorithm.	RFC 2313
SSL	Secure Sockets Layer. A protocol for encryption and authentication of Internet connections. See TLS.
TLS	Transport Layer Security. The standardized version of SSL.
Triple DES	A cryptographic algorithm for repeated DES operations that have the effect of increasing the security of the encrypted message.	American National Standards Institute, ANSI X9.52-1998, "Triple Data Encryption Algorithm Modes of Operation"
VPN	A private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
VPNC	Virtual Private Network Consortium. The trade association for manufacturers and providers in the VPN market.	http://www.vpnc.org/
WG	Working Group. Usually used with reference to the IETF.
X.509	Specification of the format of digital certificates. See also PKIX.	ITU-T Recommendation X.509 (1997), ISO/IEC 9594-8:1997, Information technology - Open Systems Interconnection - The Directory: Authentication framework.
X9.42	A specification for methods of using the Diffie-Hellman algorithms.	American National Standards Institute, "Agreement Of Symmetric Keys Using Diffie-Hellman and MQV Algorithms", ANSI draft, 1998.