From: Vincent Bray Date: Thu, 13 Nov 2008 01:23:00 +0000 (+0000) Subject: Grammar fixes X-Git-Tag: 2.3.0~113 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0efc0ea5faa348e874ab24c4439bf409f3e94e9a;p=apache Grammar fixes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@713605 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/ssl/ssl_intro.xml b/docs/manual/ssl/ssl_intro.xml index 554cf22ec3..56a034c319 100644 --- a/docs/manual/ssl/ssl_intro.xml +++ b/docs/manual/ssl/ssl_intro.xml @@ -125,16 +125,16 @@ integrity, and authentication.

A summary such as this is called a message digest, one-way function or hash function. Message digests are used to create a short, fixed-length representation of a longer, variable-length message. - Digest algorithms are designed to produce a unique digests for each + Digest algorithms are designed to produce a unique digest for each message. Message digests are designed to make it impractically difficult - to determine the message from the digest, and (in theory) impossible to + to determine the message from the digest and (in theory) impossible to find two different messages which create the same digest -- thus eliminating the possibility of substituting one message for another while maintaining the same digest.

Another challenge that Alice faces is finding a way to send the digest to the bank securely; if the digest is not sent securely, its integrity may - be compromised, and with it, the possibility for the bank to determine the + be compromised and with it the possibility for the bank to determine the integrity of the original message. Only if the digest is sent securely can the integrity of the associated message be determined.

@@ -148,7 +148,7 @@ message is really from her, so an intruder cannot request a transaction involving her account. A digital signature, created by Alice and included with the message, serves this purpose.

-

Digital signatures are created by encrypting a digest of the message, and +

Digital signatures are created by encrypting a digest of the message and other information (such as a sequence number) with the sender's private key. Though anyone can decrypt the signature using the public key, only the sender knows the private key. This means that only the sender can have signed @@ -166,16 +166,16 @@ the bank from a fraudulent claim from Alice that she did not send the message

Certificates

Although Alice could have sent a private message to the bank, signed -it, and ensured the integrity of the message, she still needs to be sure +it and ensured the integrity of the message, she still needs to be sure that she is really communicating with the bank. This means that she needs to be sure that the public key she is using is part of the bank's key-pair, and not an intruder's. Similarly, the bank needs to verify that the message signature really was signed by the private key that belongs to Alice.

If each party has a certificate which validates the other's identity, -confirms the public key, and is signed by a trusted agency, then both +confirms the public key and is signed by a trusted agency, then both can be assured that they are communicating with whom they think they are. -Such a trusted agency is called a Certificate Authority, and +Such a trusted agency is called a Certificate Authority and certificates are used for authentication.

@@ -183,9 +183,9 @@ certificates are used for authentication.

A certificate associates a public key with the real identity of an individual, server, or other entity, known as the subject. As shown in Table 1, information about the subject - includes identifying information (the distinguished name), and the + includes identifying information (the distinguished name) and the public key. It also includes the identification and signature of the - Certificate Authority that issued the certificate, and the period of + Certificate Authority that issued the certificate and the period of time during which the certificate is valid. It may have additional information (or extensions) as well as administrative information for the Certificate Authority's use, such as a serial number.

@@ -212,7 +212,7 @@ certificates are used for authentication.

context -- for instance, an individual might have a personal certificate as well as one for their identity as an employee. Distinguished names are defined by the X.509 standard [X509], which defines the fields, field names, and + href="#X509">X509], which defines the fields, field names and abbreviations used to refer to the fields (see Table 2).

@@ -254,7 +254,7 @@ certificates are used for authentication.

A Certificate Authority may define a policy specifying which - distinguished field names are optional, and which are required. It + distinguished field names are optional and which are required. It may also place requirements upon the field contents, as may users of certificates. For example, a Netscape browser requires that the Common Name for a certificate representing a server matches a wildcard @@ -263,7 +263,7 @@ certificates are used for authentication.

The binary format of a certificate is defined using the ASN.1 notation [X208] [PKCS]. This - notation defines how to specify the contents, and encoding rules + notation defines how to specify the contents and encoding rules define how this information is translated into binary form. The binary encoding of the certificate is defined using Distinguished Encoding Rules (DER), which are based on the more general Basic Encoding Rules @@ -351,21 +351,21 @@ dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==

Certificate Management

Establishing a Certificate Authority is a responsibility which - requires a solid administrative, technical, and management + requires a solid administrative, technical and management framework. Certificate Authorities not only issue certificates, they also manage them -- that is, they determine for how long - certificates remain valid, they renew them, and they keep lists of + certificates remain valid, they renew them and keep lists of certificates that were issued in the past but are no longer valid (Certificate Revocation Lists, or CRLs).

For example, if Alice is entitled to a certificate as an - employee of a company, but has now left + employee of a company but has now left that company, her certificate may need to be revoked. Because certificates are only issued after the subject's identity has - been verified, and can then be passed around to all those with whom + been verified and can then be passed around to all those with whom the subject may communicate, it is impossible to tell from the certificate alone that it has been revoked. - When examining certificates for validity, therefore, + Therefore when examining certificates for validity it is necessary to contact the issuing Certificate Authority to check CRLs -- this is usually not an automated part of the process.

@@ -389,15 +389,15 @@ dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ== placed between a reliable connection-oriented network layer protocol (e.g. TCP/IP) and the application protocol layer (e.g. HTTP). SSL provides for secure communication between client and server by allowing mutual -authentication, the use of digital signatures for integrity, and encryption +authentication, the use of digital signatures for integrity and encryption for privacy.

The protocol is designed to support a range of choices for specific -algorithms used for cryptography, digests, and signatures. This allows +algorithms used for cryptography, digests and signatures. This allows algorithm selection for specific servers to be made based on legal, export -or other concerns, and also enables the protocol to take advantage of new -algorithms. Choices are negotiated between client and server at the start -of establishing a protocol session.

+or other concerns and also enables the protocol to take advantage of new +algorithms. Choices are negotiated between client and server when +establishing a protocol session.

Table 4: Versions of the SSL protocol @@ -411,7 +411,7 @@ of establishing a protocol session.

SSL v2.0 Vendor Standard (from Netscape Corp.) [SSL2] - First SSL protocol for which implementations exists + First SSL protocol for which implementations exist - NS Navigator 1.x/2.x
- MS IE 3.x
- Lynx/2.8+OpenSSL @@ -419,7 +419,7 @@ of establishing a protocol session.

Expired Internet Draft (from Netscape Corp.) [SSL3] Revisions to prevent specific security attacks, add non-RSA - ciphers, and support for certificate chains + ciphers and support for certificate chains - NS Navigator 2.x/3.x/4.x
- MS IE 3.x/4.x
- Lynx/2.8+OpenSSL