User Guide
Glossary-4
provide additional information about the subject identity, such as postal address, or
a challenge password by which the subject entity may later request certificate
revocation. See PKCS #10
certificate revocation lists
(CRLs) Signed data structures that contain a list of revoked certificates. The
authenticity and integrity of the CRL is provided by a digital signature appended to
it. Usually, the CRL signer is the same entity that signed the issued certificate.
checksumming
A mechanism that computes a value for a message packet, based on the data it
contains, and passes it along with the data to authenticate that the data has not been
tampered with. The recipient of the data recomputes the cryptographic checksum
and compares it with the cryptographic checksum passed with the data; if they
match, it is "probabilistic" proof the data was not tampered with during
transmission.
Cipher Block Chaining (CBC)
An encryption method that protects against block replay attacks by making the
encryption of a cipher block dependenton all blocks that precede it; it is designed to
make unauthorized decryption incrementally more difficult. Oracle Advanced
Security employs outer cipher block chaining because it is more secure than inner
cipher block chaining, with no material performance penalty.
cipher suite
A set of authentication, encryption, and data integrity algorithms used for
exchanging messages between network nodes. During an SSL handshake, for
example, the two nodes negotiate to see which cipher suite they will use when
transmitting messages back and forth.
cipher suite name
Cipher suites describe the kind of cryptographics protection that is used by
connections in a particular session.
ciphertext
Message text that has been encrypted.
cleartext
Unencrypted plain text.










