Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-15 14:25:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revised section on Personal Security Password w/ SDR info, plus related glossary items.

Browse Source
This commit is contained in:
cotter%netscape.com 2000-05-20 01:23:34 +00:00
parent 400300bbf9
commit cb9767f89b
2 changed files with 31 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
security/psm/doc/glossary.htm
View File

@ -96,7 +96,7 @@ A list of revoked certificates that is generated and signed by a <a href="glossa
</A>
<A NAME="certificate store"></A><A NAME="1023462">
<B>certificate store.</B>&nbsp;
</A><A NAME="1023463">
</A><A NAME="1032978">
The collection of certificates, or electronic IDs, maintained by Personal Security Manager on your behalf. These include your own certificates stored on one or more security devices, other people's certificates, web site certificates, and <a href="glossary.htm#1020903"></a>CA certificates. See also <a href="glossary.htm#1020903">certificate authority (CA)</a>, <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1028962">security device</a>.<P>
</A>
<A NAME="certificate verification"></A><A NAME="1025527">
@ -199,6 +199,11 @@ A large number used by a <a href="glossary.htm#1019976">cryptographic algorithm<
</A><A NAME="1022287">
A protocol for accessing directory services across multiple platforms. LDAP is a simplified version of Directory Access Protocol (DAP), used to access X.500 directories. <P>
</A>
<A NAME="master key"></A><A NAME="1032598">
<B>master key.</B>&nbsp;
</A><A NAME="1032639">
A symmetric key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored identity information. See also <a href="glossary.htm#999604">symmetric encryption</a>.<P>
</A>
<A NAME="misrepresentation"></A><A NAME="1014057">
<B>misrepresentation.</B>&nbsp;
</A><A NAME="1014058">
@ -234,10 +239,10 @@ A set of rules that Personal Security Manager follows to perform an online check
</A><A NAME="1014124">
Confident identification by means of a name and password. See also <a href="glossary.htm#998782">authentication</a>.<P>
</A>
<A NAME="personal security password"></A><A NAME="1024355">
<B>personal security password.</B>&nbsp;
</A><A NAME="1024372">
A password used by Personal Security Manager to protect private keys stored on a <a href="glossary.htm#1028962">security device</a>. Personal Security Manager needs to access your private keys, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site. You can set or change the password from the Certificates tab in Personal Security Manager. You can also control when you will be asked for the password: the first time Personal Security Manager starts up, every time one of your certificates is requested, or after a specified period of inactivity while you are visiting a site that supports encryption. Each security device requires a separate personal security password.<P>
<A NAME="Personal Security Password"></A><A NAME="1032744">
<B>Personal Security Password.</B>&nbsp;
</A><A NAME="1032748">
A password used by Personal Security Manager to protect the master key and/or private keys stored on a <a href="glossary.htm#1028962">security device</a>. Personal Security Manager needs to access your private keys, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site. It needs to access your master key when it encrypts or decrypts information on behalf of another application&#151;for example, when Netscape 6 needs to store or access your email password. You can set or change your personal security password from the Certificates tab in Personal Security Manager. Each security device requires a separate Personal Security Password. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
</A>
<A NAME="PKCS #11"></A><A NAME="1025194">
<B>PKCS #11.</B>&nbsp;
@ -262,7 +267,7 @@ One of a pair of keys used in public-key cryptography. The private key is kept s
<A NAME="PSM Private Keys security device"></A><A NAME="1032045">
<B>PSM Private Keys security device.</B>&nbsp;
</A><A NAME="1032110">
The default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager to store certificates and private keys.<P>
The default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager to store private keys associated with your certificates. In addition to private keys, the PSM Private Keys security device stores the master key used by Netscape 6 to encrypt email passwords, web site passwords, and other identity information. See also <a href="glossary.htm#1015387">private key</a>, <a href="glossary.htm#1032598">master key</a>.<P>
</A>
<A NAME="public key"></A><A NAME="1019172">
<B>public key.</B>&nbsp;
@ -297,7 +302,7 @@ See <a href="glossary.htm#1018895">certificate</a>.<P>
<A NAME="security device"></A><A NAME="1028962">
<B>security device.</B>&nbsp;
</A><A NAME="1028963">
A hardware or software device that provides cryptographic services such as encryption and decryption and can store certificates and keys. A smart card is one example of a hardware security device. Personal Security Manager contains its own internal security device, called the <a href="glossary.htm#1032045">PSM Private Keys security device</a>, that is implemented in software. Each security device is protected by its own <a href="glossary.htm#1024355">personal security password</a>.<P>
A hardware or software device that provides cryptographic services such as encryption and decryption and can store certificates and keys. A smart card is one example of a hardware security device. Personal Security Manager contains its own internal security device, called the <a href="glossary.htm#1032045">PSM Private Keys security device</a>, that is implemented in software. Each security device is protected by its own <a href="glossary.htm#1032744">Personal Security Password</a>.<P>
</A>
<A NAME="security module"></A><A NAME="1029083">
<B>security module.</B>&nbsp;

36
security/psm/doc/help.htm
View File

@ -658,7 +658,7 @@ Certificates&#151;Mine</FONT></h2>
<A NAME="1035110">
The Mine panel of the Certificates tab in Personal Security Manager allows you to examine and work with the certificates in your certificate store that identify you, and to set related security passwords. For instructions on how to use this panel, read the sections that follow.</P></A>
<ul><A NAME="1035985"><LI><a href="help.htm#1031427">Work with Certificates that Identify You</a></LI></A><BR><A NAME="1036010"><LI><a href="help.htm#1051739">Choose a Personal Security Password</a></LI></A><BR><A NAME="1036019"><LI><a href="help.htm#1031615">Choose a Portable Security Password</a></LI></A><BR><A NAME="1036930"><LI><a href="help.htm#1036816">Delete My Certificate</a></LI></A><BR></ul><A NAME="1048040">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1024355">personal security password</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1044151">Introduction to Personal Security Manager</a>.</P></A>
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1032744">Personal Security Password</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1044151">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Work with Certificates that Identify You"></A><A NAME="1031427">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
@ -669,29 +669,31 @@ The following actions don't require a certificate to be selected first:</P></A>
<ul><P><A NAME="1035962"><LI>To restore a certificate that was previously backed up, click Restore. When you click Restore, Personal Security Manager first asks you to locate the file that contains the backup. The names of certificate backup files typically end in <FONT FACE="courier, courier new, monospace">.p12</FONT>; for example, <FONT FACE="courier, courier new, monospace">MyCert.p12</FONT>. After you select the file to be restored, Personal Security Manager asks you to enter the portable security password that was set when the certificate was backed up.</LI></A><P><A NAME="1035966"><LI>To see information about applying for a new certificate, click Obtain New.</LI></A><P><A NAME="1054993"><LI>To initiate the process of backing up all the certificates stored on the default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager (called the PSM Private Keys security device), click Backup All. Note that certificates stored on any other security device, such as a smart card in a smart card reader attached to your computer, cannot be backed up by this method. To back up such a certificate, you must first select it, then click Backup.</LI></A></ul><A NAME="Choose a Personal Security Password"></A><A NAME="1051739">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Personal Security Password</FONT></b></p><A NAME="1051740">
A personal security password protects a <a href="glossary.htm#1028962">security device</a> that contains your certificates and their associated private keys. Personal Security Manager asks for this password, for example, when you sign email messages or use one of your own certificates to identify yourself to a web site.</P></A>
<A NAME="1048318">
A security device may be the one that is maintained internally by Personal Security Manager (called PSM Private Keys security device), or it may be an external hardware device, such as a <a href="glossary.htm#1027625">smart card</a>. Each security device requires a separate personal security password.</P></A>
<A NAME="1047662">
For example, if you are using one or more smart cards to store some of your certificates, you must set a separate personal security password for each one. If you also use the internal PSM security device to store some certificates, you must set a separate personal security password for it as well.</P></A>
<A NAME="1035462">
If someone uses your computer who knows or can guess the personal security password for any security device available to Personal Security Manager, that person can send messages or access web sites while pretending to be you. This can have negative consequences&#151;for example, if you digitally sign important email messages or manage your financial accounts over the Internet. Therefore, it's important to select a password that is difficult to guess. It's also important to record the password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you may not be able to read any encrypted mail stored on your computer. </P></A>
<A NAME="1035146">
Choose a Personal Security Password</FONT></b></p><A NAME="1055635">
Your Personal Security Password protects keys associated with your identity, such as the key that protects your stored passwords or a private key associated with a certificate. These keys are stored on a <a href="glossary.htm#1028962">security device</a>, such as the default device maintained internally by Personal Security Manager (called PSM Private Keys security device) or an external <a href="glossary.htm#1027625">smart card</a>. </P></A>
<A NAME="1055831">
The Personal Security Password for the default PSM Private Keys security device also protects your master key, which is a special key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored identity information.</P></A>
<A NAME="1055833">
If someone uses your computer who knows or can guess the personal security password for any security device available to Personal Security Manager, that person can use email or access web sites while pretending to be you. This can be dangerous&#151;for example, if you digitally sign important email messages or manage your financial accounts over the Internet. Therefore, it's important to select a personal security password that is difficult to guess. It's also important to record the password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as web sites that require passwords or certificates, or encrypted mail stored on your computer. </P></A>
<A NAME="1055927">
Note that each security device requires a separate Personal Security Password. For example, if you are using one or more smart cards to store some of your certificates, you must set a separate Personal Security Password for each one.</P></A>
<A NAME="Choose a Good Password"></A><A NAME="1035146"><FONT FACE="Palatino, Serif" SIZE="-1" COLOR="black"> <B>
Choose a Good Password</B></FONT></A><P><A NAME="1055935">
Good passwords have the following characteristics:</P></A>
<ul><A NAME="1035148"><LI>Passwords should be 6 to 14 characters long. (Note: If you're using a Macintosh, you cannot create passwords with more than 8 characters.)</LI></A><BR><A NAME="1035178"><LI>Do not use the "illegal" characters: *, ", or spaces. </LI></A><BR><A NAME="1035151"><LI>Do not use words that are in any dictionary, for any language.</LI></A><BR><A NAME="1035190"><LI>Include characters from as many of these categories as possible:</LI></A><BR><ul>
<A NAME="1035153"><LI>Uppercase letters </LI></A><BR><A NAME="1035154"><LI>Lowercase letters </LI></A><BR><A NAME="1035155"><LI>Numbers </LI></A><BR><A NAME="1035156"><LI>Symbols </LI></A><BR></ul>
</ul><A NAME="1035266">
The Personal Security Password window allows you to change the password and to set how often Personal Security Manager requires it. Here are some things you should consider when selecting these options</P></A>
<ul><P><A NAME="1035297"><LI><B>First time my security certificate is requested.</B> If you work in an office with strong physical security measures or if you feel that the consequences of somebody else using your computer to impersonate you are not extreme, click this radio button. This setting causes Personal Security Manager to request your password only the first time it is required after you launch your browser. Personal Security Manager will not request your password again until after you exit your browser and relaunch it. This setting provides the lowest level of protection.</LI></A><P><A NAME="1035296"><LI><B>Every time my security certificate is requested.</B> If you are very concerned about the possibility that somebody else might be able to use your computer to impersonate you, click this radio button. This setting ensures that Personal Security Manager will never access the private key database without first requesting your Personal Security Password. This setting provides the highest level of protection.</LI></A><P><A NAME="1035375"><LI><B>After </B><I>blank</I><B> minutes of inactivity on an encrypted site.</B> If you are somewhat concerned about the possibility that somebody else might be able to use your computer to impersonate you, but not enough to type in your password at frequent intervals, click this radio button and fill in the box with a value you feel comfortable with (for best protection, this should be a fairly low number of minutes, such as 20). This setting is appropriate if you sometimes send or receive confidential information to or from web sites that support encryption. <B>Note that this setting provides little protection against someone using your computer to send a signed email message in your name. </B></LI></A></ul><A NAME="Choose a Portable Security Password"></A><A NAME="1031615">&nbsp</A>
<A NAME="1035153"><LI>Uppercase letters </LI></A><BR><A NAME="1035154"><LI>Lowercase letters </LI></A><BR><A NAME="1035155"><LI>Numbers </LI></A><BR><A NAME="1055797"><LI>Symbols </LI></A><BR></ul>
</ul><A NAME="Set the Frequency of Password Requests"></A><A NAME="1055908"><FONT FACE="Palatino, Serif" SIZE="-1" COLOR="black"> <B>
Set the Frequency of Password Requests</B></FONT></A><P><A NAME="1055939">
The Personal Security Password window also allows you to set how often Personal Security Manager requires your Personal Security Password. Here are some things you should consider when selecting these options:</P></A>
<ul><P><A NAME="1035297"><LI><B>First time a certificate or stored identity information is requested.</B> If you work in an office with strong physical security measures or if you feel that the consequences of somebody else using your computer to impersonate you are not extreme, click this radio button. This setting causes Personal Security Manager to request your Personal Security Password only the first time it is required after you launch your browser. Personal Security Manager will not request it again until after you exit and relaunch your browser. This setting provides the lowest level of protection.</LI></A><P><A NAME="1035296"><LI><B>Every time a certificate or stored identity information is requested.</B> If you are very concerned about the possibility that somebody else might be able to use your computer to impersonate you, click this radio button. This setting ensures that Personal Security Manager will never access the private key database without first requesting your Personal Security Password. This setting provides the highest level of protection.</LI></A><P><A NAME="1035375"><LI><B>After </B><I>blank</I><B> minutes of inactivity on an encrypted site.</B> If you are somewhat concerned about the possibility that somebody else might be able to use your computer to impersonate you, but not enough to type in your personal security password at frequent intervals, click this radio button and fill in the box with a value you feel comfortable with (for best protection, this should be a fairly low number of minutes, such as 20). This setting is appropriate if you sometimes send or receive confidential information to or from web sites that support encryption. <B>Note that this setting provides little protection against someone using your computer to send a signed email message in your name. </B></LI></A></ul><A NAME="Choose a Portable Security Password"></A><A NAME="1031615">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Portable Security Password</FONT></b></p><A NAME="1031616">
A portable security password protects one or more certificates that you are backing up using the Backup or Backup All button in the Mine section of the Certificates tab. Personal Security Manager asks you to set a portable security password when you back up certificates, and requests it when you attempt to restore certificates that have previously been backed up. </P></A>
<A NAME="1054758">
<B>Important:</B> When you click the Backup All button, Personal Security Manager attempts to back up all of your certificates that are stored on the default PSM Private Keys security device. Certificates backed up in this manner cannot be restored unless you are using Comunicator 4.71 or later versions, or unless you are using Communicator 4.7 with Personal Security Manager. </P></A>
<B>Important:</B> When you click the Backup All button, Personal Security Manager attempts to back up all of your certificates associated private keys stored on the default PSM Private Keys security device. Certificates backed up in this manner cannot be restored unless you are using Comunicator 4.71 or later versions, or unless you are using Communicator 4.7 with Personal Security Manager. </P></A>
<A NAME="1054840">
The Backup All button does<I> not</I> back up any certificates that are stored on security devices other than the default PSM Private Keys device. For example, Backup All will not back up any certificates in the list that are stored on a smart card inserted in a smart card reader attached to your computer. Certificates stored on security device s other than PSM Private Keys must each be backed up individually by selecting the name of the certificate and clicking the Backup button.</P></A>
The Backup All button does<I> not</I> back up any certificates that are stored on security devices other than the default PSM Private Keys device. For example, Backup All will not back up any certificates in the list that are stored on a smart card inserted in a smart card reader attached to your computer. Certificates stored on security devices other than PSM Private Keys must each be backed up individually by selecting the name of the certificate and clicking the Backup button.</P></A>
<A NAME="1035482">
If someone obtains the file containing a certificate that you have backed up and successfully restores the certificate, that person can send messages or access web sites while pretending to be you. This can have negative consequences, for example, if you digitally sign important email messages or manage your bank or investment accounts over the Internet. Therefore, it's important to select a Portable Security Password that is difficult to guess. It's also important to record the password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you can't restore the backup of your certificate.</P></A>
<A NAME="1035483">
@ -803,7 +805,7 @@ Modules</FONT></h2>
<A NAME="1048962">
A Public Key Cryptography Standard (PKCS) #11 module (sometimes called a <I>security module</I>) is a program that works with Personal Security Manager to manage cryptographic services such as encryption and decryption. PKCS #11 modules control security devices that can be implemented in either hardware or software.</P></A>
<A NAME="1048967">
A PKCS #11 module controls one or more security devices (sometimes called <I>tokens</I>) in much the same way that a software driver controls an external device such as a printer or modem. A security device, which can be implemented in software or hardware, provides cryptographic services such as encryption and decryption and optionally stores certificates and keys. Personal Security Manager contains its own internal software security devices. A smart card is one example of an external hardware security device. Each security device is protected by its own <a href="glossary.htm#1024355">personal security password</a>. </P></A>
A PKCS #11 module controls one or more security devices (sometimes called <I>tokens</I>) in much the same way that a software driver controls an external device such as a printer or modem. A security device, which can be implemented in software or hardware, provides cryptographic services such as encryption and decryption and optionally stores certificates and keys. Personal Security Manager contains its own internal software security devices. A smart card is one example of an external hardware security device. Each security device is protected by its own <a href="glossary.htm#1032744">Personal Security Password</a>. </P></A>
<A NAME="1040800">
Personal Security Manager provides a built-in PKCS #11 module that controls the internal Personal Security Manager security devices. You may install additional modules on your computer to control smart cards or other external security devices. </P></A>
<A NAME="1052615">