mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Latest fixes re SDR & pswd mgr.

This commit is contained in:
cotter%netscape.com 2000-06-06 22:23:50 +00:00
Родитель 03d444bba4
Коммит 2933117137
3 изменённых файлов: 36 добавлений и 436 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
security/psm/doc/contents.htm
Просмотреть файл

@ -161,7 +161,7 @@ Glossary
<BR><BR><BR>
&copy; Copyright 1999 Netscape Communications Corporation
&copy; Copyright 2000 Netscape Communications Corporation
</FONT> </CENTER>
<BR>

417
security/psm/doc/glossary.htm
Просмотреть файл

@ -1,417 +0,0 @@
<html><head>
<title></title>
<script languag=javascript>
<!--
if (typeof(crypto.disableRightClick) == "function") {
crypto.disableRightClick();
}
// -->
</script>
</HEAD>
<FONT FACE="arial, helvetica, sans-serif" size="-1">
<a name="TOP">
<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
<table bgcolor="#cccccc" width="100%">
<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
</table>
<BR><BR>
<TABLE CELLPADDING=5 CELLSPACING=2 border=0>
<TR><TD BGCOLOR="#FFFFFF"><a href="help.htm"><IMG SRC="prev.gif" WIDTH=16
HEIGHT=14 ALIGN="texttop" BORDER=0>Previous</a>
</TD>
<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></TD>
</TR>
</TABLE>
<BR> <BR>
</a>
</DIV>
</P>
<h1><A NAME="
"></A><A NAME="996904">
Glossary
</A></h1><dl>
<A NAME="authentication"></A><A NAME="998782">
<B>authentication.</B>&nbsp;
</A><A NAME="1013907">
Assurance that a party to a computerized transaction is not an impostor. Authentication typically involves the use of a password, certificate, personal identification number (PIN), or other information that can be used to validate identity over a computer network. See also <a href="glossary.htm#1014123">password-based authentication</a>, <a href="glossary.htm#1018581">certificate-based authentication</a>, <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
</A>
<A NAME="CA"></A><A NAME="1021395">
<B>CA.</B>&nbsp;
</A><A NAME="1021418">
See <a href="glossary.htm#1020903"></a><a href="glossary.htm#1020903">certificate authority (CA)</a>.<P>
</A>
<A NAME="CA certificate"></A><A NAME="1017503">
<B>CA certificate.</B>&nbsp;
</A><A NAME="1017507">
A certificate that identifies a certificate authority. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#999541">subordinate CA</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
</A>
<A NAME="certificate"></A><A NAME="1018895">
<B>certificate.</B>&nbsp;
</A><A NAME="1018896">
The digital equivalent of an ID card. A certificate specifies the name of an individual, company, or other entity and certifies that a public key, which is included in the certificate, belongs to that entity. When you digitally sign a message or other data, the digital signature for that message is created with the aid of the private key that corresponds to the public key in your certificate. A certificate is issued and digitally signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. A certificate's validity can be verified by checking the CA's <a href="glossary.htm#1013995">digital signature</a>. Also called digital ID, digital passport, public-key certificate X.509 certificate, and security certificate. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
</A>
<A NAME="certificate authority (CA)"></A><A NAME="1020903">
<B>certificate authority (CA).</B>&nbsp;
</A><A NAME="1020904">
A service that issues a certificate after verifying the identity of the person or entity the certificate is intended to identify. A CA also renews and revokes certificates and generates a list of revoked certificates at regular intervals. CAs can be independent vendors (such as the CAs listed at <a href= "https://certs.netscape.com/client.html" TARGET="_blank">Certificate Authority Services</a>) or a person or organization using certificate-issuing server software (such as Netscape Certificate Management System). See also <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1019940">certificate revocation list (CRL)</a>.<P>
</A>
<A NAME="certificate-based authentication"></A><A NAME="1018581">
<B>certificate-based authentication.</B>&nbsp;
</A><A NAME="1018582">
Verification of identity based on certificates and public-key cryptography. See also <a href="glossary.htm#1014123">password-based authentication</a>.<P>
</A>
<A NAME="certificate chain"></A><A NAME="1018500">
<B>certificate chain.</B>&nbsp;
</A><A NAME="1019929">
A hierarchical series of certificates signed by successive certificate authorities. A CA certificate identifies a <a href="glossary.htm#1020903">certificate authority (CA)</a> and is used to sign certificates issued by that authority. A CA certificate can in turn be signed by the CA certificate of a parent CA and so on up to a <a href="glossary.htm#1015631">root CA</a>. <P>
</A>
<A NAME="certificate fingerprint"></A><A NAME="1020297">
<B>certificate fingerprint.</B>&nbsp;
</A><A NAME="1020326">
A unique number associated with a certificate. The number is not part of the certificate itself but is produced by applying a mathematical function to the contents of the certificate. If the contents of the certificate change, even by a single character, the function produces a different number. Certificate fingerprints can therefore be used to verify that certificates have not been tampered with.<P>
</A>
<A NAME="certificate renewal"></A><A NAME="1031319">
<B>certificate renewal.</B>&nbsp;
</A><A NAME="1031323">
The process of renewing a <a href="glossary.htm#1018895">certificate</a> that is about to expire.<P>
</A>
<A NAME="certificate revocation list (CRL)"></A><A NAME="1019940">
<B>certificate revocation list (CRL).</B>&nbsp;
</A><A NAME="1021047">
A list of revoked certificates that is generated and signed by a <a href="glossary.htm#1020903">certificate authority (CA)</a>. You can download the latest CRL to your browser or to a server, then check against it to make sure that certificates are still valid before permitting their use for authentication. <P>
</A>
<A NAME="certificate store"></A><A NAME="1023462">
<B>certificate store.</B>&nbsp;
</A><A NAME="1032978">
The collection of certificates, or electronic IDs, maintained by Personal Security Manager on your behalf. These include your own certificates stored on one or more security devices, other people's certificates, web site certificates, and <a href="glossary.htm#1020903"></a>CA certificates. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1028962">security device</a>.<P>
</A>
<A NAME="certificate verification"></A><A NAME="1025527">
<B>certificate verification.</B>&nbsp;
</A><A NAME="1025531">
When Personal Security Manager verifies a certificate, it confirms that the digital signature was created by a CA whose own CA certificate is both present in the certificate store and marked as trusted for issuing that kind of certificate. It also confirms that the certificate being verified has not been marked as untrusted in the certificate store. Finally, if the <a href="glossary.htm#1029304">Online Certificate Status Protocol (OCSP)</a> has been activated (from the Options panel under the Advanced tab), Personal Security Manager also performs an on-line check. It does so by looking up the certificate in a list of valid certificates maintained at a URL that is specified either in the certificate itself or in the OCSP Settings window. If any of these checks fail, Personal Security Manager marks the certificate as unverified and won't recognize the identity it certifies.<P>
</A>
<A NAME="cipher"></A><A NAME="1021048">
<B>cipher.</B>&nbsp;
</A><A NAME="1021052">
See <a href="glossary.htm#1019976">cryptographic algorithm</a>.<P>
</A>
<A NAME="client"></A><A NAME="1029510">
<B>client.</B>&nbsp;
</A><A NAME="1029547">
Software (such as browser software) that sends requests to and receives information from a <a href="glossary.htm#1029749">server</a>, which is usually running on a different computer. A computer on which client software runs is also described as a client.<P>
</A>
<A NAME="client authentication"></A><A NAME="1021054">
<B>client authentication.</B>&nbsp;
</A><A NAME="1014557">
The process of identifying a <a href="glossary.htm#1029510">client</a> to a <a href="glossary.htm#1029749">server</a>, for example with a name and password or with a <a href="glossary.htm#1014561">client SSL certificate</a> and some digitally signed data. See also <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>, <a href="glossary.htm#1031070">server authentication</a>.<P>
</A>
<A NAME="client SSL certificate"></A><A NAME="1014561">
<B>client SSL certificate.</B>&nbsp;
</A><A NAME="1014562">
A certificate that a <a href="glossary.htm#1029510">client</a> (for example, browser software such as Netscape Communicator) presents to a <a href="glossary.htm#1029749">server</a> to authenticate the identity of the client (or the identity of the person using the client) using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol. See also <a href="glossary.htm#1021054">client authentication</a>.<P>
</A>
<A NAME="cryptographic algorithm"></A><A NAME="1019976">
<B>cryptographic algorithm.</B>&nbsp;
</A><A NAME="1019985">
A set of rules or directions used to perform cryptographic operations such as <a href="glossary.htm#999078">encryption</a> and <a href="glossary.htm#998999">decryption</a>. Sometimes called a <I>cipher.</I><P>
</A>
<A NAME="cryptography"></A><A NAME="1026002">
<B>cryptography.</B>&nbsp;
</A><A NAME="1026018">
The art and practice of scrambling (encrypting) and unscrambling (decrypting) information. For example, cryptographic techniques are used to scramble an unscramble information flowing between commercial web sites and your browser. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
</A>
<A NAME="decryption"></A><A NAME="998999">
<B>decryption.</B>&nbsp;
</A><A NAME="999005">
The process of unscrambling data that has been encrypted. See also <a href="glossary.htm#999078">encryption</a>.<P>
</A>
<A NAME="digital ID"></A><A NAME="999011">
<B>digital ID.</B>&nbsp;
</A><A NAME="999017">
See <a href="glossary.htm#1018895">certificate</a>.<P>
</A>
<A NAME="digital signature"></A><A NAME="1013995">
<B>digital signature.</B>&nbsp;
</A><A NAME="1013996">
A code created from both the data to be signed and the private key of the signer. This code is unique for each new piece of data. Even a single comma added to a message changes the digital signature for that message. Successful validation of your digital signature by appropriate software not only provides evidence that you approved the transaction or message, but also provides evidence that the data has not changed since you digitally signed it. A digital signature has nothing to do with a handwritten signature, although it can sometimes be used for similar legal purposes. See also <a href="glossary.htm#999248">nonrepudiation</a>, <a href="glossary.htm#999618">tamper detection</a>.<P>
</A>
<A NAME="distinguished name (DN)"></A><A NAME="1022191">
<B>distinguished name (DN).</B>&nbsp;
</A><A NAME="1022194">
A specially formatted name that uniquely identifies the subject of a certificate.<P>
</A>
<A NAME="dual key pairs"></A><A NAME="1020489">
<B>dual key pairs.</B>&nbsp;
</A><A NAME="1020619">
Two public-private key pairs--four keys altogether--corresponding to two separate certificates. The private key of one pair is used for signing operations, and the public and private keys of the other pair are used for encryption and decryption operations. Each pair corresponds to a separate <a href="glossary.htm#1018895">certificate</a>. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
</A>
<A NAME="eavesdropping"></A><A NAME="1020620">
<B>eavesdropping.</B>&nbsp;
</A><A NAME="1013975">
Surreptitious interception of information sent over a network by an entity for which the information is not intended.<P>
</A>
<A NAME="encryption"></A><A NAME="999078">
<B>encryption.</B>&nbsp;
</A><A NAME="1024038">
The process of scrambling information in a way that disguises its meaning. For example, encrypted connections between computers make it very difficult for third-parties to unscramble, or <I>decrypt,</I> information flowing over the connection. Encrypted information can be decrypted only by someone who possesses the appropriate key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
</A>
<A NAME="encryption certificate"></A><A NAME="1024953">
<B>encryption certificate.</B>&nbsp;
</A><A NAME="1024978">
A certificate whose public key corresponds to a private key used for encryption only. Encryption certificates are not used for signing operations. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#999493">signing certificate</a>.<P>
</A>
<A NAME="encryption key"></A><A NAME="1021254">
<B>encryption key.</B>&nbsp;
</A><A NAME="1021255">
A private key used for encryption only. An encryption key and its equivalent public key, plus a <a href="glossary.htm#1021282">signing key</a> and its equivalent public key, constitute a <a href="glossary.htm#1020489">dual key pairs</a>.<P>
</A>
<A NAME="fingerprint"></A><A NAME="1020434">
<B>fingerprint.</B>&nbsp;
</A><A NAME="1020450">
See <a href="glossary.htm#1020297">certificate fingerprint</a>.<P>
</A>
<A NAME="FIPS PUBS 140-1"></A><A NAME="1025742">
<B>FIPS PUBS 140-1.</B>&nbsp;
</A><A NAME="1025743">
Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules--that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards.<P>
</A>
<A NAME="key"></A><A NAME="999203">
<B>key.</B>&nbsp;
</A><A NAME="999212">
A large number used by a <a href="glossary.htm#1019976">cryptographic algorithm</a> to encrypt or decrypt data. A person's public key, for example, allows other people to encrypt messages to that person. The encrypted messages must be decrypted with the corresponding private key. See also <a href="glossary.htm#1019178">public-key cryptography</a>.<P>
</A>
<A NAME="Lightweight Directory Access Protocol (LDAP)"></A><A NAME="1022286">
<B>Lightweight Directory Access Protocol (LDAP).</B>&nbsp;
</A><A NAME="1022287">
A protocol for accessing directory services across multiple platforms. LDAP is a simplified version of Directory Access Protocol (DAP), used to access X.500 directories. <P>
</A>
<A NAME="master key"></A><A NAME="1032598">
<B>master key.</B>&nbsp;
</A><A NAME="1032639">
A symmetric key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored identity information. See also <a href="glossary.htm#999604">symmetric encryption</a>.<P>
</A>
<A NAME="misrepresentation"></A><A NAME="1014057">
<B>misrepresentation.</B>&nbsp;
</A><A NAME="1014058">
Presentation of an entity as a person or organization that it is not. For example, a web site might pretend to be a furniture store when it is really just a site that takes credit card payments but never sends any goods. See also <a href="glossary.htm#1014366">spoofing</a>.<P>
</A>
<A NAME="Netscape Certificate Management System"></A><A NAME="1018306">
<B>Netscape Certificate Management System.</B>&nbsp;
</A><A NAME="1018308">
A highly configurable set of software components and tools for creating, deploying, and managing certificates. You enroll with the system to obtain certificates of all kinds; the system maintains information about the certificates it issues.<P>
</A>
<A NAME="nonrepudiation"></A><A NAME="999248">
<B>nonrepudiation.</B>&nbsp;
</A><A NAME="999254">
The inability, of the sender of a message, to deny having sent the message. A regular hand-written signature provides one form of nonrepudiation. A <a href="glossary.htm#1013995">digital signature</a> provides another.<P>
</A>
<A NAME="object signing"></A><A NAME="1014095">
<B>object signing.</B>&nbsp;
</A><A NAME="1014096">
A technology that allows software developers to sign Java code, JavaScript scripts, or any kind of file, and that allows users to identify the signers and control access by signed code to local system resources.<P>
</A>
<A NAME="object-signing certificate"></A><A NAME="1014097">
<B>object-signing certificate.</B>&nbsp;
</A><A NAME="1014098">
A certificate whose corresponding private key is used to sign objects such as code files. See also <a href="glossary.htm#1014095">object signing</a>.<P>
</A>
<A NAME="Online Certificate Status Protocol (OCSP)"></A><A NAME="1029304">
<B>Online Certificate Status Protocol (OCSP).</B>&nbsp;
</A><A NAME="1029312">
A set of rules that Personal Security Manager follows to perform an online check of an email certificate's validity each time the certificate is used. This process involves checking the certificate against a list of valid certificates maintained at a specified web site. Your computer must be online for OCSP to work.<P>
</A>
<A NAME="password-based authentication"></A><A NAME="1014123">
<B>password-based authentication.</B>&nbsp;
</A><A NAME="1014124">
Confident identification by means of a name and password. See also <a href="glossary.htm#998782">authentication</a>.<P>
</A>
<A NAME="Personal Security Password"></A><A NAME="1032744">
<B>Personal Security Password.</B>&nbsp;
</A><A NAME="1032748">
A password used by Personal Security Manager to protect the master key and/or private keys stored on a <a href="glossary.htm#1028962">security device</a>. Personal Security Manager needs to access your private keys, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site. It needs to access your master key when it encrypts or decrypts information on behalf of another application&#151;for example, when Netscape 6 needs to store or access your email password. You can set or change your personal security password from the Certificates tab in Personal Security Manager. Each security device requires a separate Personal Security Password. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
</A>
<A NAME="PKCS #11"></A><A NAME="1025194">
<B>PKCS #11.</B>&nbsp;
</A><A NAME="1025195">
The public-key cryptography standard that governs security devices such as smart cards. See also <a href="glossary.htm#1028962">security device</a>, <a href="glossary.htm#1027625">smart card</a>.<P>
</A>
<A NAME="PKCS #11 module"></A><A NAME="1025197">
<B>PKCS #11 module.</B>&nbsp;
</A><A NAME="1025271">
A program on your computer that manages cryptographic services such as encryption and decryption using the PKCS #11 standard. PKCS #11 modules (also called <I>cryptographic modules</I>, <I>cryptographic service providers,</I> or <I>security modules</I>) can be thought of as drivers for cryptographic devices that can be implemented in either hardware or software. A PKCS #11 module always controls one or more slots<B>,</B> which may be implemented as physical hardware slots in some form of physical reader (for example, for smart cards) or as conceptual slots in software. Each slot for a PKCS #11 module can in turn contain a <a href="glossary.htm#1028962">security device</a> (also called <I>token</I>)<B>,</B> which is the hardware or software device that actually provides cryptographic services and optionally stores certificates and keys. Personal Security Manager provides a built-in PKCS #11 module. You may install additional modules on your computer to control smart card readers or other hardware devices.<P>
</A>
<A NAME="portable security password"></A><A NAME="1024655">
<B>portable security password.</B>&nbsp;
</A><A NAME="1024670">
A password that protects a certificate that you are backing up or have previously backed up. Personal Security Manager asks you to set this password when you back up a certificate, and requests it when you attempt to restore a certificate that has previously been backed up. <P>
</A>
<A NAME="private key"></A><A NAME="1015387">
<B>private key.</B>&nbsp;
</A><A NAME="1015391">
One of a pair of keys used in public-key cryptography. The private key is kept secret and is used to decrypt data that has been encrypted with the corresponding public key.<P>
</A>
<A NAME="PSM Private Keys security device"></A><A NAME="1032045">
<B>PSM Private Keys security device.</B>&nbsp;
</A><A NAME="1032110">
The default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager to store private keys associated with your certificates. In addition to private keys, the PSM Private Keys security device stores the master key used by Netscape 6 to encrypt email passwords, web site passwords, and other identity information. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
</A>
<A NAME="public key"></A><A NAME="1019172">
<B>public key.</B>&nbsp;
</A><A NAME="1019173">
One of a pair of keys used in public-key cryptography. The public key is distributed freely and published as part of a <a href="glossary.htm#1018895">certificate</a>. It is typically used to encrypt data sent to the public key's owner, who then decrypts the data with the corresponding private key.<P>
</A>
<A NAME="public-key cryptography"></A><A NAME="1019178">
<B>public-key cryptography.</B>&nbsp;
</A><A NAME="1023765">
A set of well-established techniques and standards that allow an entity (such as a person, an organization, or hardware such as a router) to verify its identity electronically or to sign and encrypt electronic data. Two keys are involved: a <a href="glossary.htm#1019172">public key</a> and a <a href="glossary.htm#1015387">private key</a>. The public key is published as part of a <a href="glossary.htm#1018895">certificate</a>, which associates that key with a particular identity. The corresponding private key is kept secret. Data encrypted with the public key can be decrypted only with the private key. <P>
</A>
<A NAME="public-key infrastructure (PKI)"></A><A NAME="999412">
<B>public-key infrastructure (PKI).</B>&nbsp;
</A><A NAME="1014263">
The standards and services that facilitate the use of public-key cryptography and certificates in a networked environment.<P>
</A>
<A NAME="root CA"></A><A NAME="1015631">
<B>root CA.</B>&nbsp;
</A><A NAME="1015635">
The <a href="glossary.htm#1020903">certificate authority (CA)</a> with a self-signed certificate at the top of a <a href="glossary.htm#1018500">certificate chain</a>. See also <a href="glossary.htm#999541">subordinate CA</a>.<P>
</A>
<A NAME="Secure Sockets Layer (SSL)"></A><A NAME="999463">
<B>Secure Sockets Layer (SSL).</B>&nbsp;
</A><A NAME="999472">
A protocol that allows mutual authentication between a <a href="glossary.htm#1029510">client</a> and a <a href="glossary.htm#1029749">server</a> for the purpose of establishing an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. The new Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL. See also <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>.<P>
</A>
<A NAME="security certificate"></A><A NAME="1028900">
<B>security certificate.</B>&nbsp;
</A><A NAME="1028904">
See <a href="glossary.htm#1018895">certificate</a>.<P>
</A>
<A NAME="security device"></A><A NAME="1028962">
<B>security device.</B>&nbsp;
</A><A NAME="1028963">
A hardware or software device that provides cryptographic services such as encryption and decryption and can store certificates and keys. A smart card is one example of a hardware security device. Personal Security Manager contains its own internal security device, called the <a href="glossary.htm#1032045">PSM Private Keys security device</a>, that is implemented in software. Each security device is protected by its own <a href="glossary.htm#1032744">Personal Security Password</a>.<P>
</A>
<A NAME="security module"></A><A NAME="1029083">
<B>security module.</B>&nbsp;
</A><A NAME="1029097">
See <a href="glossary.htm#1025197">PKCS #11 module</a>.<P>
</A>
<A NAME="security token"></A><A NAME="1028905">
<B>security token.</B>&nbsp;
</A><A NAME="1028909">
See <a href="glossary.htm#1028962">security device</a>.<P>
</A>
<A NAME="server"></A><A NAME="1029749">
<B>server.</B>&nbsp;
</A><A NAME="1029869">
Software (such as software that serves up web pages) that receives requests from and sends information to a <a href="glossary.htm#1029510">client</a>, which is usually running on a different computer. A computer on which server software runs is also described as a server.<P>
</A>
<A NAME="server authentication"></A><A NAME="1031070">
<B>server authentication.</B>&nbsp;
</A><A NAME="1031080">
The process of identifying a <a href="glossary.htm#1029749">server</a> to a <a href="glossary.htm#1029510">client</a> by using a <a href="glossary.htm#1029874">server SSL certificate</a>. See also <a href="glossary.htm#1021054">client authentication</a>, <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
</A>
<A NAME="server SSL certificate"></A><A NAME="1029874">
<B>server SSL certificate.</B>&nbsp;
</A><A NAME="999500">
A certificate that a <a href="glossary.htm#1029749">server</a> presents to a <a href="glossary.htm#1029510">client</a> to authenticate the server's identity using the <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a> protocol.<P>
</A>
<A NAME="signing certificate"></A><A NAME="999493">
<B>signing certificate.</B>&nbsp;
</A><A NAME="999507">
A certificate whose corresponding <a href="glossary.htm#1015387">private key</a> is used to sign transmitted data, so that the receiver can verify the identity of the sender. Certificate authorities (CAs) often issue a signing certificate that will be used to sign email messages at the same time as an <a href="glossary.htm#1024953">encryption certificate</a> that will be used to encrypt email messages. See also <a href="glossary.htm#1020489">dual key pairs</a>, <a href="glossary.htm#1013995">digital signature</a>.<P>
</A>
<A NAME="signing key"></A><A NAME="1021282">
<B>signing key.</B>&nbsp;
</A><A NAME="1021283">
A private key used for signing only. A signing key and its equivalent public key, together with an <a href="glossary.htm#1021254">encryption key</a> and its equivalent public key, constitute <a href="glossary.htm#1020489">dual key pairs</a>.<P>
</A>
<A NAME="slot"></A><A NAME="1025218">
<B>slot.</B>&nbsp;
</A><A NAME="1025222">
A piece of hardware, or its equivalent in software, that is controlled by a <a href="glossary.htm#1025197">PKCS #11 module</a> and designed to contain a <a href="glossary.htm#1028962">security device</a>. <P>
</A>
<A NAME="smart card"></A><A NAME="1027625">
<B>smart card.</B>&nbsp;
</A><A NAME="1027626">
A small device, typically about the size of a credit card, that contains a microprocessor and is capable of storing cryptographic information (such as keys and certificates) and performing cryptographic operations. Smart cards use the <a href="glossary.htm#1025194">PKCS #11</a> standard. A smart card is one kind of <a href="glossary.htm#1028962">security device</a>. <P>
</A>
<A NAME="spoofing"></A><A NAME="1014366">
<B>spoofing.</B>&nbsp;
</A><A NAME="1014367">
Pretending to be someone else. For example, a person can pretend to have the email address <FONT FACE="courier, courier new, monospace">jdoe@mozilla.com</FONT>, or a computer can identify itself as a site called <FONT FACE="courier, courier new, monospace">www.mozilla.com</FONT> when it is not. Spoofing is one form of <a href="glossary.htm#1014057">misrepresentation</a>.<P>
</A>
<A NAME="SSL"></A><A NAME="999533">
<B>SSL.</B>&nbsp;
</A><A NAME="999539">
See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>. <P>
</A>
<A NAME="subject"></A><A NAME="1013880">
<B>subject.</B>&nbsp;
</A><A NAME="1013881">
The entity (such as a person, organization, or router) identified by a <a href="glossary.htm#1018895">certificate</a>. In particular, the subject field of a certificate contains the certified entity's <a href="glossary.htm#1021328">subject name</a> and other characteristics.<P>
</A>
<A NAME="subject name"></A><A NAME="1021328">
<B>subject name.</B>&nbsp;
</A><A NAME="1021338">
A <a href="glossary.htm#1022191">distinguished name (DN)</a> that uniquely describes the <a href="glossary.htm#1013880">subject</a> of a <a href="glossary.htm#1018895">certificate</a>.<P>
</A>
<A NAME="subordinate CA"></A><A NAME="999541">
<B>subordinate CA.</B>&nbsp;
</A><A NAME="999591">
A <a href="glossary.htm#1020903">certificate authority (CA)</a> whose certificate is signed by another subordinate CA or by the root CA. See also <a href="glossary.htm#1018500">certificate chain</a>, <a href="glossary.htm#1015631">root CA</a>.<P>
</A>
<A NAME="symmetric encryption"></A><A NAME="999604">
<B>symmetric encryption.</B>&nbsp;
</A><A NAME="999625">
An encryption method that uses a single cryptographic key to both encrypt and decrypt a given message.<P>
</A>
<A NAME="tamper detection"></A><A NAME="999618">
<B>tamper detection.</B>&nbsp;
</A><A NAME="999631">
A mechanism ensuring that data received in electronic form has not been tampered with; that is, that the data received corresponds entirely with the original version of the same data.<P>
</A>
<A NAME="TLS"></A><A NAME="1027427">
<B>TLS.</B>&nbsp;
</A><A NAME="1027428">
See <a href="glossary.htm#999463">Secure Sockets Layer (SSL)</a>.<P>
</A>
<A NAME="token"></A><A NAME="1024528">
<B>token.</B>&nbsp;
</A><A NAME="1024586">
See <a href="glossary.htm#1028962">security device</a>.<P>
</A>
<A NAME="trust"></A><A NAME="1019748">
<B>trust.</B>&nbsp;
</A><A NAME="1020186">
Confident reliance on a person or other entity. In the context of <a href="glossary.htm#999412">public-key infrastructure (PKI)</a>, trust usually refers to the relationship between the user of a certificate and the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued the certificate. If you use Personal Security Manager to specify that you trust a CA, Personal Security Manager trusts valid certificates issued by that CA unless you specify otherwise in the settings for individual certificates. You use the Authorities panel of the Certificates tab in Personal Security Manager to specify the kinds of certificates you trust or don't trust different CAs to issue. <P>
</A>
<A NAME="1028719">
<B></B><a href="glossary.htm#1028962"></a><P>
</A>
</dl>
<BR>
&copy; Copyright 2000 Netscape Communications Corporation
</FONT> </CENTER>
<BR>
</BODY>
</HTML>

53
security/psm/doc/help.htm
Просмотреть файл

@ -60,7 +60,7 @@ The sections that follow provide basic information you should know before using
About Personal Security Manager Help</FONT></h2>
<A NAME="1045557">
The document you are reading contains information about every Personal Security Manager window:</P></A>
<ul><P><A NAME="1045563"><LI>If you have a question about a Personal Security Manager panel that is currently visible, click the Help button near the lower-right corner of the panel. Each Help button brings you straight to the section of this document that describes how to use that panel.</LI></A><P><A NAME="1044577"><LI>If you scroll to the top of this document, you can use the Previous, Next, Glossary, and Topics buttons to navigate to the list of topics and the glossary. <B></B></LI></A><P><A NAME="1044581"><LI>If you want to perform a specific task but aren't sure where to begin, see <a href="help.htm#1043598">What You Can Do with Personal Security Manager</a>.</LI></A></ul><A NAME="1044592">
<ul><P><A NAME="1045563"><LI>If you have a question about a Personal Security Manager panel that is currently visible, click the Help button near the lower-right corner of the panel. Each Help button brings you straight to the section of this document that describes how to use that panel.</LI></A><P><A NAME="1044577"><LI>If you scroll to the top of this document, you can use the Previous, Next, Glossary, and Topics buttons to navigate to the list of topics and the glossary. </LI></A><P><A NAME="1044581"><LI>If you want to perform a specific task but aren't sure where to begin, see <a href="help.htm#1043598">What You Can Do with Personal Security Manager</a>.</LI></A></ul><A NAME="1044592">
Terms in Personal Security Manager panels that are underlined and followed by a blue "i" icon are linked to glossary definitions: just click the term to see the definition. Similarly, you can click underlined terms in this help system to see a glossary definition: for example, <a href="glossary.htm#1018895">certificate</a>. To get back to the help section you were viewing before clicking a glossary definition, press the key equivalent to the Back button in your browser. For example, on Windows and most Unix machines, press and hold the Alt key and press the left arrow key. Some Unix machines use the Diamond key and the left arrow key for this shortcut.</P></A>
<A NAME="What You Can Do with Personal Security Manager"></A><A NAME="1043598">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
@ -587,7 +587,7 @@ It's easy to tell when the web site you are viewing is using an encrypted connec
For many people, the lock icon provides sufficient information about a page's encryption status. If you want additional warnings, you can select one or more of the warning checkboxes in the Navigator section of the Applications tab. Think carefully about whether you want such warnings, since they can be annoying.</P></A>
<A NAME="1030978">
These are the choices you can make about Navigator warnings:</P></A>
<ul><P><A NAME="1030851"><LI>If you want to be reminded whenever you are entering or leaving a web site that supports encryption, select one or both of "Entering a site that supports encryption" and "Leaving a site that supports encryption." </LI></A><P><A NAME="1030919"><LI>If you want to be warned when you are viewing pages containing a mix of encrypted and unencrypted material (a situation in which the lock icon is unlocked), select "Viewing a page with an encrypted/unencrypted mix."</LI></A><P><A NAME="1030933"><LI>If you want some assurance that you won't inadvertently send personal information to a web site that doesn't provide an encrypted connection, select "Sending unencrypted information to a site." You may want to select this option even if you don't want any of the others.</LI></A></ul><A NAME="Selection of Certificate"></A><A NAME="1031040">&nbsp</A>
<ul><P><A NAME="1030851"><LI>If you want to be reminded whenever you are entering or leaving a web site that supports encryption, select one or both of "Entering a site that supports encryption" and "Leaving a site that supports encryption." </LI></A><P><A NAME="1030919"><LI>If you want to be warned when you are viewing pages containing a mix of encrypted and unencrypted material (a situation in which the lock icon is unlocked), select "Viewing a page with an encrypted/unencrypted mix."</LI></A><P><A NAME="1030933"><LI>If you want some assurance that you won't inadvertently send sensitive information to a web site that doesn't provide an encrypted connection, select "Sending unencrypted information to a site." You may want to select this option even if you don't want any of the others.</LI></A></ul><A NAME="Selection of Certificate"></A><A NAME="1031040">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Selection of Certificate</FONT></b></p><A NAME="1031021">
@ -657,7 +657,7 @@ When you click the Certificates tab in Personal Security Manager, you can view a
Certificates&#151;Mine</FONT></h2>
<A NAME="1035110">
The Mine panel of the Certificates tab in Personal Security Manager allows you to examine and work with the certificates in your certificate store that identify you, and to set related security passwords. For instructions on how to use this panel, read the sections that follow.</P></A>
<ul><A NAME="1035985"><LI><a href="help.htm#1031427">Work with Certificates that Identify You</a></LI></A><BR><A NAME="1036010"><LI><a href="help.htm#1051739">Choose a Personal Security Password</a></LI></A><BR><A NAME="1036019"><LI><a href="help.htm#1031615">Choose a Portable Security Password</a></LI></A><BR><A NAME="1036930"><LI><a href="help.htm#1036816">Delete My Certificate</a></LI></A><BR></ul><A NAME="1048040">
<ul><A NAME="1035985"><LI><a href="help.htm#1031427">Work with Certificates that Identify You</a></LI></A><BR><A NAME="1036010"><LI><a href="help.htm#1051739">Choose a Personal Security Password</a></LI></A><BR><A NAME="1056167"><LI><a href="help.htm#1035146">Choose a Good Password</a></LI></A><BR><A NAME="1056175"><LI><a href="help.htm#1055908">Set the Frequency of Password Requests</a></LI></A><BR><A NAME="1056183"><LI><a href="help.htm#1056037">What To Do If You Forget Your Personal Security Password</a></LI></A><BR><A NAME="1036019"><LI><a href="help.htm#1056221">Choose a Portable Security Password</a></LI></A><BR><A NAME="1036930"><LI><a href="help.htm#1036816">Delete My Certificate</a></LI></A><BR></ul><A NAME="1048040">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1032744">Personal Security Password</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1044151">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Work with Certificates that Identify You"></A><A NAME="1031427">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
@ -672,35 +672,52 @@ The following actions don't require a certificate to be selected first:</P></A>
Choose a Personal Security Password</FONT></b></p><A NAME="1055635">
Your Personal Security Password protects keys associated with your identity, such as the key that protects your stored passwords or a private key associated with a certificate. These keys are stored on a <a href="glossary.htm#1028962">security device</a>, such as the default device maintained internally by Personal Security Manager (called PSM Private Keys security device) or an external <a href="glossary.htm#1027625">smart card</a>. </P></A>
<A NAME="1055831">
The Personal Security Password for the default PSM Private Keys security device also protects your master key, which is a special key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored identity information.</P></A>
The Personal Security Password for the default PSM Private Keys security device also protects your master key, which is a special key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored sensitive information.</P></A>
<A NAME="1055833">
If someone uses your computer who knows or can guess the personal security password for any security device available to Personal Security Manager, that person can use email or access web sites while pretending to be you. This can be dangerous&#151;for example, if you digitally sign important email messages or manage your financial accounts over the Internet. Therefore, it's important to select a personal security password that is difficult to guess. It's also important to record the password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as web sites that require passwords or certificates, or encrypted mail stored on your computer. </P></A>
If someone uses your computer who knows or can guess the Personal Security Password for any security device available to Personal Security Manager, that person may be able to email or access web sites while pretending to be you. This can be dangerous&#151;for example, if you digitally sign important email messages or manage your financial accounts over the Internet. Therefore, it's important to select a Personal Security Password that is difficult to guess. For help creating a password that's hard to guess, see <a href="help.htm#1035146">Choose a Good Password</a>.</P></A>
<A NAME="1056050">
It's also important to record your Personal Security Password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as web sites that require passwords or certificates or encrypted mail stored on your computer. For more information about the consequences of losing your Personal Security Password, see <a href="help.htm#1056037">What To Do If You Forget Your Personal Security Password</a>.</P></A>
<A NAME="1056162">
For instructions on controlling the frequency with which Personal Security Manager requests your password, see <a href="help.htm#1055908">Set the Frequency of Password Requests</a>.</P></A>
<A NAME="1055927">
Note that each security device requires a separate Personal Security Password. For example, if you are using one or more smart cards to store some of your certificates, you must set a separate Personal Security Password for each one.</P></A>
<A NAME="Choose a Good Password"></A><A NAME="1035146"><FONT FACE="Palatino, Serif" SIZE="-1" COLOR="black"> <B>
Choose a Good Password</B></FONT></A><P><A NAME="1055935">
Note that each security device requires a separate Personal Security Password. For example, if you are using one or more smart cards to store some of your certificates, you must set a separate Personal Security Password for each one. </P></A>
<A NAME="Choose a Good Password"></A><A NAME="1035146">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Good Password</FONT></b></p><A NAME="1055935">
Good passwords have the following characteristics:</P></A>
<ul><A NAME="1035148"><LI>Passwords should be 6 to 14 characters long. (Note: If you're using a Macintosh, you cannot create passwords with more than 8 characters.)</LI></A><BR><A NAME="1035178"><LI>Do not use the "illegal" characters: *, ", or spaces. </LI></A><BR><A NAME="1035151"><LI>Do not use words that are in any dictionary, for any language.</LI></A><BR><A NAME="1035190"><LI>Include characters from as many of these categories as possible:</LI></A><BR><ul>
<A NAME="1035153"><LI>Uppercase letters </LI></A><BR><A NAME="1035154"><LI>Lowercase letters </LI></A><BR><A NAME="1035155"><LI>Numbers </LI></A><BR><A NAME="1055797"><LI>Symbols </LI></A><BR></ul>
</ul><A NAME="Set the Frequency of Password Requests"></A><A NAME="1055908"><FONT FACE="Palatino, Serif" SIZE="-1" COLOR="black"> <B>
Set the Frequency of Password Requests</B></FONT></A><P><A NAME="1055939">
</ul><A NAME="Set the Frequency of Password Requests"></A><A NAME="1055908">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Set the Frequency of Password Requests</FONT></b></p><A NAME="1055939">
The Personal Security Password window also allows you to set how often Personal Security Manager requires your Personal Security Password. Here are some things you should consider when selecting these options:</P></A>
<ul><P><A NAME="1035297"><LI><B>First time a certificate or stored identity information is requested.</B> If you work in an office with strong physical security measures or if you feel that the consequences of somebody else using your computer to impersonate you are not extreme, click this radio button. This setting causes Personal Security Manager to request your Personal Security Password only the first time it is required after you launch your browser. Personal Security Manager will not request it again until after you exit and relaunch your browser. This setting provides the lowest level of protection.</LI></A><P><A NAME="1035296"><LI><B>Every time a certificate or stored identity information is requested.</B> If you are very concerned about the possibility that somebody else might be able to use your computer to impersonate you, click this radio button. This setting ensures that Personal Security Manager will never access the private key database without first requesting your Personal Security Password. This setting provides the highest level of protection.</LI></A><P><A NAME="1035375"><LI><B>After </B><I>blank</I><B> minutes of inactivity on an encrypted site.</B> If you are somewhat concerned about the possibility that somebody else might be able to use your computer to impersonate you, but not enough to type in your personal security password at frequent intervals, click this radio button and fill in the box with a value you feel comfortable with (for best protection, this should be a fairly low number of minutes, such as 20). This setting is appropriate if you sometimes send or receive confidential information to or from web sites that support encryption. <B>Note that this setting provides little protection against someone using your computer to send a signed email message in your name. </B></LI></A></ul><A NAME="Choose a Portable Security Password"></A><A NAME="1031615">&nbsp</A>
<ul><P><A NAME="1035297"><LI><B>First time sensitive information (such as your certificate) is requested.</B> If you work in an office with strong physical security measures or if you feel that the consequences of somebody else using your computer to impersonate you are not extreme, click this radio button. This setting causes Personal Security Manager to request your Personal Security Password only the first time it is required after you launch your browser. Personal Security Manager will not request it again until after you exit and relaunch your browser. This setting provides the lowest level of protection.</LI></A><P><A NAME="1035296"><LI><B>Every time sensitive information (such as your certificate) is requested.</B> If you are very concerned about the possibility that somebody else might be able to use your computer to impersonate you, click this radio button. This setting ensures that Personal Security Manager will never access the private key database without first requesting your Personal Security Password. This setting provides the highest level of protection.</LI></A><P><A NAME="1035375"><LI><B>After </B><I>blank</I><B> minutes of inactivity on an encrypted site.</B> If you are somewhat concerned about the possibility that somebody else might be able to use your computer to impersonate you, but not enough to type in your Personal Security Password at frequent intervals, click this radio button and fill in the box with a value you feel comfortable with (for best protection, this should be a fairly low number of minutes, such as 20). This setting is appropriate if you sometimes send or receive confidential information to or from web sites that support encryption. <B>Note that this setting provides little protection against someone using your computer to send a signed email message in your name. </B></LI></A></ul><A NAME="What To Do If You Forget Your Personal Security Password"></A><A NAME="1056037">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
What To Do If You Forget Your Personal Security Password</FONT></b></p><A NAME="1056045">
The consequences of forgetting your Personal Security Password vary depending on your use of certificates and, if you are using Netscape 6, your use of the Password Manager:</P></A>
<ul><P><A NAME="1056219"><LI>If one or more of your own certificates are stored on a security device protected by a Personal Security Password and you forget the password, you will no longer be able to access those certificates. If you have made backups of your certificates, you can reset the Personal Security Password as described here and restore your backed up certificates. If you haven't backed up your certificates, you need to obtain new ones from the certificate authority that originally issued them. Also, if you haven't backed up your certificates, any stored email that you may have encrypted with the aid of an email certificate will not longer be accessible.</LI></A><P><A NAME="1056240"><LI>If you are using the Netscape 6 Password Manager to store passwords and other sensitive information in encrypted form and you forget the password for the PSM Private Keys security device, you will no longer be able to access that information. You will need to reset the Personal Security Password as described here and reenter all the passwords that the Password Manager was previously storing.</LI></A></ul><A NAME="1056236">
Steps for resetting the Personal Security Password vary depending on which security device is involved. Unless you are using a smart card, the only one available is the PSM Private Keys security device, which is also where the master key used by the Netscape 6 Password Manager is stored</P></A>
<A NAME="1056253">
To reset the Personal Security Password for the PSM Private Keys security device, follow these steps:</P></A>
<ol>
<P><a name="1056254"><B><FONT FACE="ARIAL"><LI></FONT></B>Exit the browser (Communicator or Netscape 6).</LI></a><P><a name="1056258"><B><FONT FACE="ARIAL"><LI></FONT></B>Delete your cert7.db and key3.db files. These are typically located in your user profile directory on Windows 95/98/NT (located by default in <FONT FACE="courier, courier new, monospace">C:\\Program Files\Netscape\Users\</FONT>), or in the directory in which the Netscape executable resides on Unix.</LI></a><P><a name="1056278"><B><FONT FACE="ARIAL"><LI></FONT></B>Relaunch the browser.</LI></a><P><a name="1056283"><B><FONT FACE="ARIAL"><LI></FONT></B>Click the lock icon to open Personal Security Manager.</LI></a><P><a name="1056300"><B><FONT FACE="ARIAL"><LI></FONT></B>Click the Certificates tab, then click the Passwords button.</LI></a><P><a name="1056301"><B><FONT FACE="ARIAL"><LI></FONT></B>Before setting your new Personal Security password, determine what the new password will be according to the instructions in <a href="help.htm#1035146">Choose a Good Password</a>. Record your new password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else.</LI></a><P><a name="1056331"><B><FONT FACE="ARIAL"><LI></FONT></B>Set the new Personal Security Password according to the instructions on the screen.</LI></a><P><a name="1056336"><B><FONT FACE="ARIAL"><LI></FONT></B>Click Restore to restore your old certificates (if any). Unless you backed up all your certificates at once, you need to repeat this operation for each certificate.</LI></a><P><a name="1056353"><B><FONT FACE="ARIAL"><LI></FONT></B>If you previously set up the Netscape 6 Password Manager to encrypt stored passwords and other sensitive information, you will need to reenter each of your passwords again as they are requested.</LI></a></ol>
<A NAME="Choose a Portable Security Password"></A><A NAME="1056221">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Portable Security Password</FONT></b></p><A NAME="1031616">
A portable security password protects one or more certificates that you are backing up using the Backup or Backup All button in the Mine section of the Certificates tab. Personal Security Manager asks you to set a portable security password when you back up certificates, and requests it when you attempt to restore certificates that have previously been backed up. </P></A>
<A NAME="1054758">
<B>Important:</B> When you click the Backup All button, Personal Security Manager attempts to back up all of your certificates associated private keys stored on the default PSM Private Keys security device. Certificates backed up in this manner cannot be restored unless you are using Comunicator 4.71 or later versions, or unless you are using Communicator 4.7 with Personal Security Manager. </P></A>
<B>Important:</B> When you click the Backup All button, Personal Security Manager attempts to back up all of your certificates associated private keys stored on the default PSM Private Keys security device. Certificates backed up in this manner cannot be restored unless you are using Communicator 4.71 or later versions, or unless you are using Communicator 4.7 with Personal Security Manager. </P></A>
<A NAME="1054840">
The Backup All button does<I> not</I> back up any certificates that are stored on security devices other than the default PSM Private Keys device. For example, Backup All will not back up any certificates in the list that are stored on a smart card inserted in a smart card reader attached to your computer. Certificates stored on security devices other than PSM Private Keys must each be backed up individually by selecting the name of the certificate and clicking the Backup button.</P></A>
<A NAME="1035482">
If someone obtains the file containing a certificate that you have backed up and successfully restores the certificate, that person can send messages or access web sites while pretending to be you. This can have negative consequences, for example, if you digitally sign important email messages or manage your bank or investment accounts over the Internet. Therefore, it's important to select a Portable Security Password that is difficult to guess. It's also important to record the password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you can't restore the backup of your certificate.</P></A>
<A NAME="1035483">
Good passwords have the following characteristics:</P></A>
<ul><A NAME="1035484"><LI>Passwords should be 6 to 14 characters long. (Note: If you're using a Macintosh, you cannot create passwords with more than 8 characters.)</LI></A><BR><A NAME="1035485"><LI>Do not use the "illegal" characters: *, ", or spaces. </LI></A><BR><A NAME="1035486"><LI>Do not use words that are in any dictionary, for any language.</LI></A><BR><A NAME="1035487"><LI>Include characters from as many of these categories as possible:</LI></A><BR><ul>
<A NAME="1035488"><LI>Uppercase letters </LI></A><BR><A NAME="1035489"><LI>Lowercase letters </LI></A><BR><A NAME="1035490"><LI>Numbers </LI></A><BR><A NAME="1035491"><LI>Symbols </LI></A><BR></ul>
</ul><A NAME="Delete My Certificate"></A><A NAME="1036816">&nbsp</A>
For help in choosing a good password, see <a href="help.htm#1035146">Choose a Good Password</a>.</P></A>
<A NAME="Delete My Certificate"></A><A NAME="1036816">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Delete My Certificate</FONT></b></p><A NAME="1047932">
@ -876,7 +893,7 @@ View Security Certificate</FONT></b></p><A NAME="1055405">
The View Security Certificate window displays information about the certificate you selected in one of the panels available under the Certificate tab. You can also click View More Info in the top right corner of the window to see a complete text version of the certificate (normally of interest to IS professionals only).</P></A>
<A NAME="1049027">
The View Security Certificate window shows the following information about the selected certificate: </P></A>
<ul><P><A NAME="1049028"><LI>Whether the certificate has been verified, and if so for what uses. See <a href="glossary.htm#1025527">certificate verification</a> for a discussion of how Personal Security Manager verifies certificates. Uses can include any of the following: <B></B></LI></A><ul>
<ul><P><A NAME="1049028"><LI>Whether the certificate has been verified, and if so for what uses. See <a href="glossary.htm#1025527">certificate verification</a> for a discussion of how Personal Security Manager verifies certificates. Uses can include any of the following: </LI></A><ul>
<P><A NAME="1037565"><LI><B>SSL Client.</B> Certificate used to identify you to web sites.</LI></A><P><A NAME="1037569"><LI><B>SSL Server.</B> Certificate used to identify a web site server to browsers.</LI></A><P><A NAME="1037570"><LI><B>Email Signer.</B> Certificate used to identify you for the purposes of digitally signing email messages.</LI></A><P><A NAME="1037571"><LI><B>Email Recipient.</B> Certificate used to identify someone else, for example so you can send that person encrypted email.</LI></A><P><A NAME="1037572"><LI><B>Status Responder.</B> Certificate used to identify an on-line status responder that uses the Online Certificate Status Protocol (OCSP) to check the validity of certificates. For more information about OCSP, see <a href="help.htm#1049128">OCSP Settings</a>.</LI></A><P><A NAME="1037574"><LI><B>Certificate Authority.</B> Certificate used to identify a certificate authority&#151;that is, a service that issues certificates for use as identification over computer networks.</LI></A></ul>
<P><A NAME="1037620"><LI><B>Name.</B> The name of the person or other entity that the certificate identifies.</LI></A><P><A NAME="1037684"><LI><B>Issued Under.</B> The name of the organization that issued the certificate. You can click this name to view the issuer's certificate (if it is available to Personal Security Manager) in a new View Security Certificate window. By clicking the "Issued Under" name in successive View Security Certificate windows, you can view each certificate in the original certificate's <a href="glossary.htm#1018500">certificate chain</a>.</LI></A><P><A NAME="1037628"><LI><B>Serial Number.</B> The certificate's serial number.</LI></A><P><A NAME="1037629"><LI><B>Validity.</B> The period of time during which the certificate can be used.</LI></A><P><A NAME="1037642"><LI><B>Fingerprint.</B> A unique number associated with a certificate. The number is produced by applying a mathematical function to the contents of the certificate. A certificate's fingerprint can be used to verify that the certificate has not been tampered with.</LI></A></ul><A NAME="1049045">
For a short definition, click <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1044151">Introduction to Personal Security Manager</a>.</P></A>
@ -1052,7 +1069,7 @@ Request for Signature</FONT></h2>
Personal Security Manager displays the Request for Signature window right before submitting a form that requires your digital signature. The upper portion of the window displays the exact text that needs to be signed. If you have more than one certificate available, the drop-down menu near the bottom of the window allows you to choose which of your certificates Personal Security Manager should use when it creates the digital signature. Choose the one that is most likely to be recognized by the web site that is requesting the signature. For example, if the web site is run by a brokerage firm that has issued you a certificate, choose that certificate.</P></A>
<A NAME="1040672">
When you choose a certificate and click OK, Personal Security Manager sends that certificate along with the digital signature and the signed text. When the server receives the signed data, it uses the public key and other information in the certificate to verify that the signature is valid.</P></A>
<A NAME="1049573">
<A NAME="1056075">
For brief definitions, click <a href="glossary.htm#1018895">certificate</a> or <a href="glossary.htm#1013995">digital signature</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1044151">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="1040513">
</P></A>