This glossary contains only definitions of new terms in this book that are not in the Sun Global Glossary. For definitions of other terms, see the Sun Global Glossary at http://docs.sun.com:80/ab2/coll.417.1/GLOBALGLOSS/@Ab2TocView.
- address pool
A set of addresses that are designated by the home network administrator for use by mobile nodes that need a home address.
Advanced Encryption Standard. A symmetric 128-bit block data encryption technique. The U.S. government adopted the Rijndael variant of the algorithm as its encryption standard in October 2000. AES replaces DES encryption as the government standard.
- agent advertisement
A message that is periodically sent by home agents and foreign agents to advertise their presence on any attached link.
- agent discovery
The process by which a mobile node determines if it has moved, its current location, and its care-of address on a foreign network.
- anycast address
An IP address that is assigned to more than one interface (typically belonging to different nodes). A packet that is sent to an anycast address is routed to the nearest interface having that address. The packet's route is in compliance with the routing protocol's measure of distance.
- asymmetric key cryptography
An encryption system in which the sender and receiver of a message use different keys to encrypt and decrypt the message. Asymmetric keys are used to establish a secure channel for symmetric key encryption. Diffie-Hellman is an example of an asymmetric key protocol. Contrast with symmetric key cryptography.
- authentication header
An extension header that provides authentication and integrity (without confidentiality) to IP datagrams.
The process of a host automatically configuring its interfaces in IPv6.
- bidirectional tunnel
A tunnel that can transmit datagrams in both directions.
- binding table
A home agent table that associates a home address with a care-of address, including remaining lifetime and time granted.
A symmetric block cipher algorithm that takes a variable-length key from 32 bits to 448 bits. Its author, Bruce Schneier, claims that Blowfish is optimized for applications where the key does not change often.
- care-of address
A mobile node's temporary address that is used as a tunnel exit point when the mobile node is connected to a foreign network.
- Certificate Authority (CA)
A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The CA guarantees that the individual granted the unique certificate is who she or he claims to be.
Data Encryption Standard. A symmetric-key encryption method developed in 1975 and standardized by ANSI in 1981 as ANSI X.3.92. DES uses a 56-bit key.
- digital signature
A digital code that is attached to an electronically transmitted message that uniquely identifies the sender.
Digital Signature Algorithm. A public key algorithm with a variable key size from 512 to 1024 bits. It relies on SHA-1 for input.
- Diffie-Hellman protocol
Also known as public key cryptography. An asymmetric cryptographic key agreement protocol that was developed by Diffie and Hellman in 1976. The protocol enables two users to exchange a secret key over an insecure medium without any prior secrets. Diffie-Hellman is used by the IKE protocol.
- dual stack
In the context of IPv6 transition, a protocol stack that contains both IPv4 and IPv6, with the rest of the stack being identical.
- encapsulating security header
An extension header that provides integrity and confidentiality to datagrams.
The process of a header and payload being placed in the first packet, which is subsequently placed in the second packet's payload.
The process of switching back network access to an interface that has its repair detected.
The process of switching network access from a failed interface to a good physical interface. Network access includes IPv4 unicast, multicast, and broadcast traffic, as well as IPv6 unicast and multicast traffic.
- failure detection
The process of detecting when a NIC or the path from the NIC to some layer 3 device starts operating correctly after a failure.
Any device or software that protects an organization's private network or intranet from intrusion by external networks such as the Internet.