Skip to content

Commit e9bf295

Browse files
author
Takashi Sato
committed
Merge r713605 from trunk:
Grammar fixes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@723371 13f79535-47bb-0310-9956-ffa450edef68
1 parent 5ab0271 commit e9bf295

1 file changed

Lines changed: 24 additions & 24 deletions

File tree

docs/manual/ssl/ssl_intro.xml

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -125,16 +125,16 @@ integrity, and authentication.</p>
125125
<p>A summary such as this is called a <dfn>message digest</dfn>, <em>one-way
126126
function</em> or <em>hash function</em>. Message digests are used to create
127127
a short, fixed-length representation of a longer, variable-length message.
128-
Digest algorithms are designed to produce a unique digests for each
128+
Digest algorithms are designed to produce a unique digest for each
129129
message. Message digests are designed to make it impractically difficult
130-
to determine the message from the digest, and (in theory) impossible to
130+
to determine the message from the digest and (in theory) impossible to
131131
find two different messages which create the same digest -- thus
132132
eliminating the possibility of substituting one message for another while
133133
maintaining the same digest.</p>
134134

135135
<p>Another challenge that Alice faces is finding a way to send the digest
136136
to the bank securely; if the digest is not sent securely, its integrity may
137-
be compromised, and with it, the possibility for the bank to determine the
137+
be compromised and with it the possibility for the bank to determine the
138138
integrity of the original message. Only if the digest is sent securely can
139139
the integrity of the associated message be determined.</p>
140140

@@ -148,7 +148,7 @@ message is really from her, so an intruder cannot request a transaction
148148
involving her account. A <em>digital signature</em>, created by Alice and
149149
included with the message, serves this purpose.</p>
150150

151-
<p>Digital signatures are created by encrypting a digest of the message, and
151+
<p>Digital signatures are created by encrypting a digest of the message and
152152
other information (such as a sequence number) with the sender's private key.
153153
Though anyone can <em>decrypt</em> the signature using the public key, only the
154154
sender knows the private key. This means that only the sender can have signed
@@ -166,26 +166,26 @@ the bank from a fraudulent claim from Alice that she did not send the message
166166
<section id="certificates">
167167
<title>Certificates</title>
168168
<p>Although Alice could have sent a private message to the bank, signed
169-
it, and ensured the integrity of the message, she still needs to be sure
169+
it and ensured the integrity of the message, she still needs to be sure
170170
that she is really communicating with the bank. This means that she needs
171171
to be sure that the public key she is using is part of the bank's key-pair,
172172
and not an intruder's. Similarly, the bank needs to verify that the message
173173
signature really was signed by the private key that belongs to Alice.</p>
174174

175175
<p>If each party has a certificate which validates the other's identity,
176-
confirms the public key, and is signed by a trusted agency, then both
176+
confirms the public key and is signed by a trusted agency, then both
177177
can be assured that they are communicating with whom they think they are.
178-
Such a trusted agency is called a <em>Certificate Authority</em>, and
178+
Such a trusted agency is called a <em>Certificate Authority</em> and
179179
certificates are used for authentication.</p>
180180

181181
<section id="certificatecontents">
182182
<title>Certificate Contents</title>
183183
<p>A certificate associates a public key with the real identity of
184184
an individual, server, or other entity, known as the subject. As
185185
shown in <a href="#table1">Table 1</a>, information about the subject
186-
includes identifying information (the distinguished name), and the
186+
includes identifying information (the distinguished name) and the
187187
public key. It also includes the identification and signature of the
188-
Certificate Authority that issued the certificate, and the period of
188+
Certificate Authority that issued the certificate and the period of
189189
time during which the certificate is valid. It may have additional
190190
information (or extensions) as well as administrative information
191191
for the Certificate Authority's use, such as a serial number.</p>
@@ -212,7 +212,7 @@ certificates are used for authentication.</p>
212212
context -- for instance, an individual might have a personal
213213
certificate as well as one for their identity as an employee.
214214
Distinguished names are defined by the X.509 standard [<a
215-
href="#X509">X509</a>], which defines the fields, field names, and
215+
href="#X509">X509</a>], which defines the fields, field names and
216216
abbreviations used to refer to the fields (see <a href="#table2">Table
217217
2</a>).</p>
218218

@@ -254,7 +254,7 @@ certificates are used for authentication.</p>
254254
</section>
255255

256256
<p>A Certificate Authority may define a policy specifying which
257-
distinguished field names are optional, and which are required. It
257+
distinguished field names are optional and which are required. It
258258
may also place requirements upon the field contents, as may users of
259259
certificates. For example, a Netscape browser requires that the
260260
Common Name for a certificate representing a server matches a wildcard
@@ -263,7 +263,7 @@ certificates are used for authentication.</p>
263263

264264
<p>The binary format of a certificate is defined using the ASN.1
265265
notation [<a href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>]. This
266-
notation defines how to specify the contents, and encoding rules
266+
notation defines how to specify the contents and encoding rules
267267
define how this information is translated into binary form. The binary
268268
encoding of the certificate is defined using Distinguished Encoding
269269
Rules (DER), which are based on the more general Basic Encoding Rules
@@ -351,21 +351,21 @@ dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
351351
<section id="certificatemanagement">
352352
<title>Certificate Management</title>
353353
<p>Establishing a Certificate Authority is a responsibility which
354-
requires a solid administrative, technical, and management
354+
requires a solid administrative, technical and management
355355
framework. Certificate Authorities not only issue certificates,
356356
they also manage them -- that is, they determine for how long
357-
certificates remain valid, they renew them, and they keep lists of
357+
certificates remain valid, they renew them and keep lists of
358358
certificates that were issued in the past but are no longer valid
359359
(Certificate Revocation Lists, or CRLs).</p>
360360

361361
<p>For example, if Alice is entitled to a certificate as an
362-
employee of a company, but has now left
362+
employee of a company but has now left
363363
that company, her certificate may need to be revoked.
364364
Because certificates are only issued after the subject's identity has
365-
been verified, and can then be passed around to all those with whom
365+
been verified and can then be passed around to all those with whom
366366
the subject may communicate, it is impossible to tell from the
367367
certificate alone that it has been revoked.
368-
When examining certificates for validity, therefore,
368+
Therefore when examining certificates for validity
369369
it is necessary to contact the issuing Certificate Authority to
370370
check CRLs -- this is usually not an automated part of the process.</p>
371371

@@ -389,15 +389,15 @@ dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
389389
placed between a reliable connection-oriented network layer protocol
390390
(e.g. TCP/IP) and the application protocol layer (e.g. HTTP). SSL provides
391391
for secure communication between client and server by allowing mutual
392-
authentication, the use of digital signatures for integrity, and encryption
392+
authentication, the use of digital signatures for integrity and encryption
393393
for privacy.</p>
394394

395395
<p>The protocol is designed to support a range of choices for specific
396-
algorithms used for cryptography, digests, and signatures. This allows
396+
algorithms used for cryptography, digests and signatures. This allows
397397
algorithm selection for specific servers to be made based on legal, export
398-
or other concerns, and also enables the protocol to take advantage of new
399-
algorithms. Choices are negotiated between client and server at the start
400-
of establishing a protocol session.</p>
398+
or other concerns and also enables the protocol to take advantage of new
399+
algorithms. Choices are negotiated between client and server when
400+
establishing a protocol session.</p>
401401

402402
<section id="table4">
403403
<title>Table 4: Versions of the SSL protocol</title>
@@ -411,15 +411,15 @@ of establishing a protocol session.</p>
411411
<tr><td>SSL v2.0</td>
412412
<td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2"
413413
>SSL2</a>]</td>
414-
<td>First SSL protocol for which implementations exists</td>
414+
<td>First SSL protocol for which implementations exist</td>
415415
<td>- NS Navigator 1.x/2.x<br />
416416
- MS IE 3.x<br />
417417
- Lynx/2.8+OpenSSL</td></tr>
418418
<tr><td>SSL v3.0</td>
419419
<td>Expired Internet Draft (from Netscape Corp.) [<a href="#SSL3"
420420
>SSL3</a>]</td>
421421
<td>Revisions to prevent specific security attacks, add non-RSA
422-
ciphers, and support for certificate chains</td>
422+
ciphers and support for certificate chains</td>
423423
<td>- NS Navigator 2.x/3.x/4.x<br />
424424
- MS IE 3.x/4.x<br />
425425
- Lynx/2.8+OpenSSL</td></tr>

0 commit comments

Comments
 (0)