> I am trying to wrap of the writing of the cryptography section
> of the new OWASP Dev Guide 2013 and rather than writing all
> my definitions, my thought was to just refer to some good
> glossary of cryptographic terms rather than doing all that work
> over again (and probably not as well).
this is a laudable goal, but what I've found (having contributed to a few
security-related specs over the years) is that there's no Single Canonical
Glossary of Security and Crypto terms, and for projects that have merited the
amount of work (e.g. SAMLv1 and SAMLv2 (and Liberty Alliance, whose work helped
begat SAMLv2), HSTS RFC6797, TLS Server ID check RFC6125), I've helped produce
glossaries specifically for the project. Said glossaries leveraged existing work
as much as possible, often just narrowing the senses of leveraged terms for the
specific project (ie SAML, Liberty, HSTS etc). Thus the bibliography of those
aforementioned gloss's are sources for further digging, if felt worthwhile (eg
the SAML glossaries).
That said, the best compendium-type glossary I'm aware of, which happens to also
be online, is assembled/maintained by Lynn Wheeler, available here..
Security Taxonomy And Glossary
http://www.garlic.com/~lynn/secure.htm
Lynn cites the source materials at the bottom of this page..
http://www.garlic.com/~lynn/
..under the heading "GLOSSARY Notes" (which also lists the other glossaries he
maintains: Payment, Privacy, X9F, Financial.
RFC4949 is also a very useful resource and many specs with
problem-space-specific security terminology needs leverage it.
HTH,
=JeffH
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
