Table of Contents

RFC 4949 Internet Security Glossary Definitions W

Return to RFC 4949 Internet Security Glossary Definitions, RFC 4949 Internet Security Glossary, RFC 4949 Internet Security Glossary Bibliography, Cybersecurity, Awesome Security

RFC 4949: #, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z (navbar_rfc4949)


([[Fair Use]] [[Source]]: [[RFC 4949])


(D) Synonym for WWW.

Deprecated Abbreviation: This abbreviation could be confused with W3C; use “WWW” instead.

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) See: World Wide Web Consortium.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) /slang/ A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break the systems.

Deprecated Usage: IDOCs that use this term SHOULD state a definition for it because the term could confuse international readers.

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a global, multilateral agreement approved by 33 countries in July 1996 to contribute to regional and international security and stability, by promoting information exchange concerning, and greater responsibility in, transfers of arms and dual-use items, thus preventing destabilizing accumulations. (See: International Traffic in Arms Regulations.)

Tutorial: The Arrangement began operations in September 1996 with headquarters in Vienna. The participating countries were Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian

Shirey Informational Page 334]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States.

Participating countries seek through their national policies to ensure that transfers do not contribute to the development or enhancement of military capabilities that undermine the goals of the arrangement, and are not diverted to support such capabilities. The countries maintain effective export controls for items on the agreed lists, which are reviewed periodically to account for technological developments and experience gained. Through transparency and exchange of views and information, suppliers of arms and dual-use items can develop common understandings of the risks associated with their transfer and assess the scope for coordinating national control policies to combat these risks. Members provide semi-annual notification of arms transfers, covering seven categories derived from the UN Register of Conventional Arms. Members also report transfers or denials of transfers of certain controlled dual-use items. However, the decision to transfer or deny transfer of any item is the sole responsibility of each participating country. All measures undertaken with respect to the arrangement are in accordance with national legislation and policies and are implemented on the basis of national discretion.

([[Fair Use]] [[Source]]: [[RFC 4949])


See: digital watermarking.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) In the context of a particular cryptographic algorithm, a key value that provides poor security. (See: strong.)

Example: The DEA has four “weak keys” [Schn] for which encryption produces the same result as decryption. It also has ten pairs of “semi-weak keys” [Schn] (a.k.a. “dual keys” [FP074]) for which encryption with one key in the pair produces the same result as decryption with the other key.

([[Fair Use]] [[Source]]: [[RFC 4949])


1. (I) /not capitalized/ IDOCs SHOULD NOT capitalizeweb” when using the term (usually as an adjective) to refer generically to technology – such as web browsers, web servers, HTTP, and HTML – that is used in the Web or similar networks.

2. (I) /capitalized/ IDOCs SHOULD capitalizeWeb” when using the term (as either a noun or an adjective) to refer specifically to the World Wide Web. (Similarly, see: internet.)

Shirey Informational Page 335]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Usage: IDOCs SHOULD NOT use “web” or “Web” in a way that might confuse these definitions with the PGP “web of trust”. When using Web as an abbreviation for “World Wide Web”, IDOCs SHOULD fully spell out the term at the first instance of usage.

([[Fair Use]] [[Source]]: [[RFC 4949])


(D) /PGP/ A PKI architecture in which each certificate user defines their own trust anchor(s) by depending on personal relationships. (See: trust anchor. Compare: hierarchical PKI, mesh PKI.)

Deprecated Usage: IDOCs SHOULD NOT use this term except with reference to PGP. This term mixes concepts in potentially misleading ways; e.g., this architecture does not depend on World Wide Web technology. Instead of this term, IDOCs MAY use “trust- file PKI”. (See: web, Web).

Tutorial: This type of architecture does not usually include public repositories of certificates. Instead, each certificate user builds their own, private repository of trusted public keys by making personal judgments about being able to trust certain people to be holding properly certified keys of other people. It is this set of person-to-person relationships from which the architecture gets its name.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) A software process that runs on a host computer connected to a network and responds to HTTP requests made by client web browsers.

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) See: Wired Equivalency Protocol.

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) A cryptographic protocol that is defined in the IEEE 802.11 standard and encapsulates the packets on wireless LANs. Usage: a.k.a.Wired Equivalency Protocol”.

Tutorial: The WEP design, which uses RC4 to encrypt both the plain text and a CRC, has been shown to be flawed in multiple ways; and it also has often suffered from flawed implementation and management.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) An attack that intercepts and accesses information contained in a data flow in a communication system. (See: active wiretapping, end-to-end encryption, passive wiretapping, secondary definition under “interception”.)

Shirey Informational Page 336]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Usage: Although the term originally referred to making a mechanical connection to an electrical conductor that links two nodes, it is now used to refer to accessing information from any sort of medium used for a link or even from a node, such as a gateway or subnetwork switch.

Tutorial: Wiretapping can be characterized according to intent:

affect the flow.

and gain knowledge of information contained in it.

([[Fair Use]] [[Source]]: [[RFC 4949])


1a. (I) /COMPUSEC/ The estimated amount of effort or time that can be expected to be expended by a potential intruder to penetrate a system, or defeat a particular countermeasure, when using specified amounts of expertise and resources. (See: brute force, impossible, strength.)

1b. (I) /cryptography/ The estimated amount of computing power and time needed to break a cryptographic system. (See: brute force, impossible, strength.)

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms. (See: web vs. Web, [R2084].)

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) Created in October 1994 to develop and standardize protocols to promote the evolution and interoperability of the Web, and now consisting of hundreds of member organizations (commercial firms, governmental agencies, schools, and others).

Tutorial: W3C Recommendations are developed through a process similar to that of the standards published by other organizations, such as the IETF. The W3 Recommendation Track (i.e., standards track) has four levels of increasing maturity: Working, Candidate Recommendation, Proposed Recommendation, and W3C Recommendation. W3C Recommendations are similar to the standards published by other organizations. (Compare: Internet Standard, ISO.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume system resources destructively. (See: mobile code, Morris Worm, virus.)

Shirey Informational Page 337]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])


1. ( N) To use cryptography to provide data confidentiality service for keying material. (See: encrypt, wrapping algorithm, wrapping key. Compare: seal, shroud.)

2. (D) To use cryptography to provide data confidentiality service for data in general.

Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2 because that duplicates the meaning of the more widely understoodencrypt”.

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) An encryption algorithm that is specifically intended for use in encrypting keys. (See: KEK, wrap.)

([[Fair Use]] [[Source]]: [[RFC 4949])


( N) Synonym for “KEK”. (See: encrypt. Compare: seal, shroud.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) /security model/ A system operation that causes a flow of information from a subject to an object. (See: access mode. Compare: read.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) See: World Wide Web.


Fair Use Sources

Fair Use Sources:

Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;

, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security

Python Security - Django Security - Flask Security - Pandas Security,

Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security (Valkey Security), Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Infinispan Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),

Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C# Security, 5. C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F# Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);

OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Passkeys, Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy)

Request for Comments (RFC): List of RFCs, GitHub RFCs, Awesome RFCs, (navbar_rfc)


© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers

SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.