CA - A Certification Authority is an entity that issues digital Certificates which are typically used to make secure connections to a server over the Internet..

Certificates - A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made by the private key that corresponds to the certified public key.

DANE - DNS-based Authentication of Named Entities is a protocol to allow X.509 Certificates, commonly used for TLS, to be bound to DNS names using DNSSEC. It is proposed in RFC 6698 as a way to authenticate TLS client and server entities without a CA.

DNS - The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names, which can be easily memorized by humans, to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

DNSKEY - Resource Record type in DNSSEC that contains the public key that a DNS resolver uses to verify DNSSEC signatures in RRSIG-records.

DNSSEC - DNS Security Extensions is a suite of specifications for securing certain kinds of information provided by the DNS. t is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

DS - Resource Record type in DNSSEC that holds the name of a delegated zone. You place the DS record in the parent zone along with the delegating NS-records. References a DNSKEY-record in the sub-delegated zone.

DTLS - the Datagram Transport Layer Security protocol provides communications privacy for datagram protocols used on packet-switched networks where the delivery, arrival time, and order of arrival need not be guaranteed by the network. It is based on TLS.

HTTPS - Hypertext Transfer Protocol Secure is a communications protocol for secure communication over the internet mainly to prevent wiretapping and man-in-the-middle attacks.

IETF - Internet Engineering Task Force develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet protocol suite (TCP/IP).

NSEC - Resource Record type in DNSSEC that contains a link to the next record name in the zone and lists the record types that exist for the record's name. DNS Resolvers use NSEC records to verify the non-existence of a record name and type as part of DNSSEC validation.

NSEC3 - Resource Record type in DNSSEC that contains links to the next record name in the zone (in hashed name sorting order) and lists the record types that exist for the name covered by the hash value in the first label of the NSEC3-record's own name. These records can be used by resolvers to verify the non-existence of a record name and type as part of DNSSEC validation. NSEC3 records are similar to NSEC records, but NSEC3 uses cryptographically hashed record names to avoid the enumeration of the record names in a zone.

NSEC3PARAM - Resource Record type in DNSSEC that is used by authoritative DNS servers to calculate and determine which NSEC3-records to include in responses to DNSSEC requests for non-existing names/types.

PKI - a Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital Certificates. Key component of a PKI is a CA.

PKIX - PKI for X.509 is the standard used for securing most internet communications.

Public-key cryptography - class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked.

Resource Record - basic data element in the DNS. Each record has a type (A, MX, etc.), an expiration time limit, a class, and some type-specific data.

RFC - a Request for Comments is a publication of the IETF describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. The IETF adopts some of the proposals published as RFCs as Internet standards.

RRSIG - Resource Record type in DNSSEC that contains the DNSSEC signature for a record set. DNS resolvers verify the signature with a public key, stored in a DNSKEY-record.

SIPS - Secure Session Initiation Protocol is a standardized, encrypted (using TLS) set of formats for communicating messages used to initiate, control, and terminate interactive user sessions with multimedia services such as Internet telephone calls, video conferencing, chat, file transfer, and online games.

SRTP - Secure Real-time Transport Protocol defines a standardized, encrypted (using TLS) packet format for delivering audio and video over IP networks.

SSL - Secure Sockets Layer, is being replaced by TLS.

TLS - Transport-Layer Security is a cryptographic protocol designed to provide communication security over the Internet using X.509 certificates.

TLSA - Resource Record type in a DNSSEC server to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a "TLSA certificate association".

Trust anchor - authoritative entity for which trust is assumed and not derived. Web browsers have a built-in list of Trusted CA root certificates of well renowned parties, from which a chain of trust to lower-level certificates can be derived.

Trusted CA - CA that is trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.

X.509 - a standard for a PKI that pecifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

ZRTP - "Z" Real-time Transport Protocol is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol (VoIP) phone telephony call using SRTP.