[cryptography] Recommendations for glossary of cryptographic terms

=JeffH Jeff.Hodges at KingsMountain.com
Thu Jul 4 21:10:29 EDT 2013


 > I am trying to wrap of the writing of the cryptography section
 > of the new OWASP Dev Guide 2013 and rather than writing all
 > my definitions, my thought was to just refer to some good
 > glossary of cryptographic terms rather than doing all that work
 > over again (and probably not as well).

this is a laudable goal, but what I've found (having contributed to a few 
security-related specs over the years) is that there's no Single Canonical 
Glossary of Security and Crypto terms, and for projects that have merited the 
amount of work (e.g. SAMLv1 and SAMLv2 (and Liberty Alliance, whose work helped 
begat SAMLv2), HSTS RFC6797, TLS Server ID check RFC6125), I've helped produce 
glossaries specifically for the project. Said glossaries leveraged existing work 
as much as possible, often just narrowing the senses of leveraged terms for the 
specific project (ie SAML, Liberty, HSTS etc). Thus the bibliography of those 
aforementioned gloss's are sources for further digging, if felt worthwhile (eg 
the SAML glossaries).

That said, the best compendium-type glossary I'm aware of, which happens to also 
be online, is assembled/maintained by Lynn Wheeler, available here..

   Security Taxonomy And Glossary
   http://www.garlic.com/~lynn/secure.htm

Lynn cites the source materials at the bottom of this page..

   http://www.garlic.com/~lynn/

..under the heading "GLOSSARY Notes" (which also lists the other glossaries he 
maintains: Payment, Privacy, X9F, Financial.

RFC4949 is also a very useful resource and many specs with 
problem-space-specific security terminology needs leverage it.


HTH,

=JeffH





More information about the cryptography mailing list