Appendix F:Glossary 819
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Odyssey An 802.1X security and access control application for wireless LANs (WLANs), developed by
Funk Software, Inc.
OFDM Orthogonal frequency division multiplexing. A modulation technique that sends data across a
number of narrow subcarriers within a specified frequency band. The wireless networking standards IEEE
802.11a and IEEE 802.11g are based on OFDM.
orthogonal frequency division multiplexing See OFDM.
pairwise master key See PMK.
pairwise transient key See PTK.
PAT Port address translation. A type of network address translation (NAT) in which each computer on a LAN
is assigned the same IP address, but a different port number. See also NAT.
PEAP Protected Extensible Authentication Protocol. A draft extension to the Extensible Authentication
Protocol with Transport Layer Security (EAP-TLS), developed by Microsoft Corporation, Cisco Systems, and
RSA Data Security, Inc. TLS is used in PEAP Part 1 to authenticate the server only, and thus avoids having to
distribute user certificates to every client. PEAP Part 2 performs mutual authentication between the EAP client
and the server. Compare EAP-TLS.
PEM Privacy-Enhanced Mail. A protocol, defined in RFC 1422 through RFC 1424, for transporting digital
certificates and certificate signing requests over the Internet. PEM format encodes the certificates on the basis
of an X.509 hierarchy of certificate authorities (CAs). Base64 encoding is used to convert the certificates to
ASCII text, and the encoded text is enclosed between BEGIN CERTIFICATE and END CERTIFICATE
delimiters.
Per-VLAN Spanning Tree protocol See PVST+.
PIM Protocol Independent Multicast protocol. A protocol-independent multicast routing protocol that
supports thousands of groups, a variety of multicast applications, and existing Layer 2 subnetwork
technologies. PIM can be operated in two modes: dense and sparse. In PIM dense mode (PIM-DM), packets
are flooded on all outgoing interfaces to many receivers. PIM sparse mode (PIM-SM) limits data distribution
to a minimal number of widely distributed routers. PIM-SM packets are sent only if they are explicitly
requested at a rendezvous point (RP).
PKCS Public-Key Cryptography Standards. A group of specifications produced by RSA Laboratories and
secure systems developers, and first published in 1991. Among many other features and functions, the
standards define syntax for digital certificates, certificate signing requests, and key transportation.
PKI Public-key infrastructure. Software that enables users of an insecure public network such as the Internet
to exchange information securely and privately. The PKI uses public-key cryptography (also known as
asymmetric cryptography) to authenticate the message sender and encrypt the message by means of a pair of
cryptographic keys, one public and one private. A trusted certificate authority (CA) creates both keys
simultaneously with the same algorithm. A registration authority (RA) must verify the certificate authority
before a digital certificate is issued to a requestor.
The PKI uses the digital certificate to identify an individual or an organization. The private key is given only to
the requesting party and is never shared, and the public key is made publicly available (as part of the digital
certificate) in a directory that all parties can access. You use the private key to decrypt text that has been
encrypted with your public key by someone else. The certificates are stored (and, when necessary, revoked) by
directory services and managed by a certificate management system. See also certificate authority (CA);
registration authority (RA).