Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ISO/IEC 11577:1995
Information technology—
Open Systems Interconnection—
Network layer security protocol
AS/NZS 4471:1997
Information technology—
Open Systems Interconnection—
Network layer security protocol
STANDARDS AUSTRALIA
1 The Crescent,
Homebush NSW 2140 Australia
PREFACE
This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee IT/1,
Information Systems—Interconnection. It is identical with and has been reproduced from
ISO/IEC 11577:1995, Information technology—Open Systems Interconnection—Network layer security
protocol.
The objective of this Standard is to provide users of computer networks with a specification of a
protocol to be used by end systems and intermediate systems in order to provide security services in
the network layer of the OSI 7-layer model.
Users of this Standard are advised by Standards Australia and Standards New Zealand, under
arrangements made with ISO and IEC, as well as certain other Standards organizations, that the number
of this Standard is not reproduced on each page; its identity is shown only on the cover and title pages.
For the purpose of this Standard, the source text should be modified as follows:
(a) Terminology The words ‘this Australian/New Zealand Standard’ should replace the words ‘this
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
ISO/IEC AS
8825 Information technology— 3626 Information technology—
Open Systems Interconnection— Open Systems Interconnection—
Specification of basic encoding rules Specification of basic encoding rules
for Abstract Syntax Notation One for Abstract Syntax Notation One
(ASN.1) (ASN.1)
AS/NZS
8878 Information technology— 3604 Information technology—
Telecommunications and information Telecommunications and information
exchange between systems— exchange between systems—
Use of X.25 to provide the OSI Use of X.25 to provide the OSI
connection-mode network service connection-mode network service
AS
9594 Information technology— 4019 Information technology—
Open Systems Interconnection— Open Systems Interconnection— The
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
CCITT AS
X.25 Interface between Data Terminal —
Equipment (DTE) and Data Circuit-
Terminating Equipment (DEC) for
terminals operating in Packet Mode
and connected to public data
networks by dedicated circuits
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
CONTENTS
Page
1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . .. .. . . . .. . . . . .. . . . 3
3.1 Reference Model definitions . . . . . . . . . . . . . . . . . . . . . . .. .. . .. ... . . .. . . . . .. . . . 3
3.2 Security Architecture definitions . . . . . . . . . . . . . . . . . . . .. .. . .. ... . . .. . . . . .. . . . 3
3.3 Service Convention definitions . . . . . . . . . . . . . . . . . . . . . .. .. . .. . .. . . .. . . . . .. . . . 4
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
4 Abbreviations . . . . . . . . . . . . . . .. . . . .. . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 5
4.1 Data Units . . . . . . . . . . . .. . . . ... . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 5
4.2 Protocol Data Unit Fields .. . . . . .. . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 5
4.3 Parameters . . . . . . . . . . . .. . . . ... . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 5
4.4 Miscellaneous . . . . . . . . . . . . . ... . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . 5
Page
8 Protocol Functions for NLSP-CO . . . . . . . . . . . ..... .. ... . . ... . . . .. . . . .. .. . . .. . . . . 19
8.1 Services Provided by NLSP-CO . . . . .. . .. .. . .. .. . . . .. . . . . .. . . . .. .. . . .. . . . . 19
8.2 Services Assumed . . . . . . . . . . . . . . .. . .... . .. ... . . .. . . . . .. . . . .. . . . . .. . . . . 20
8.3 Security Association Attributes . . . . .. . .. .. . .. .. . . . .. . . . . .. . . . .. .. . . .. . . . . 21
8.4 Checks and other Common Functions .. . . .. .. . . . .. . . . .. . . . .. . . . .. .. . . .. .. . . 21
8.5 NLSP-Connect Functions . . . . . . . . . .. . ..... .. .. . . . ... . . . .. . . . .. .. . . .. .. . . 22
8.6 NLSP-DATA Functions . . . . . . . . . . .. . .. ... .. ... . . .. . . . . .. . . . .. .. . . .. .. . . 33
8.7 NLSP-EXPEDITED-DATA Functions .. . . .. .. . . . .. . . . .. . . . .. . . . .. .. . . .. .. . . 34
8.8 RESET Functions . . . . . . . . . . . . . . .. . .... . .. ... . . ... . . . .. . . . .. . . . . .. . . . . 35
8.9 NLSP-DATA ACKNOWLEDGE . . . . . . ... .. .. ... . . ... . . . .. . . . .. .. . . .. .. . . 36
8.10 NLSP-DISCONNECT . . . . . . . . . . . .. . .. ... .. ... . . ... . . . .. . . . .. .. . . .. .. . . 36
8.11 Other Functions . . . . . . . . . . . . . . . . . . ... .. .. ... . . ... . . . .. . . . .. .. . . .. .. . . 39
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
14 Conformance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .. .. . . .. . . . . ... . . . . 59
14.1 Static Conformance Requirements . . . . . . . . . . . . . .. . . . .. . .. .. . . .. . . . . ... . . . . 59
14.2 Dynamic Conformance Requirements . . . . . . . . . . . .. . . . .. . .. .. . . .. . . . . ... . . . . 61
14.3 Protocol Implementation Conformance Statement . . . .. . . . .. . .. .. . . .. . . . . .. . . . . . 61
vii
Page
Annex A – Mapping UN primitives to CCITT Rec. X.213 ISO 8348 . . . . . . . . . . . . . . . . . . . . . . . 62
Annex C – Security Association Protocol Using Key Token Exchange and Digital Signatures . ... .. . 64
C.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .... ............ . . ... .. . 64
C.2 Key Token Exchange (KTE) . . . . . . . . . . . . . . . . . . . . . ................ . . .. .. . 65
C.3 SA-Protocol Authentication . . . . . . . . . . . . . . . . . . . . . ................. . ... . . . 65
C.4 SA Attribute Negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . .. . .. . .. . . . .. . . .. . . . . 66
C.5 SA Abort/Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . ........... .... .. . ... .. . 67
C.6 Mapping of SA-Protocol Functions to Protocol Exchanges .... .. ... .. ..... . ... . . . 67
C.7 SA PDU – SA Contents . . . . . . . . . . . . . . . . . . . . . . . ................ . . .. . . . . 70
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
viii
NOTES
This is a free 11 page sample. Access the full version at http://infostore.saiglobal.com.
1
This is a free preview. Purchase the entire publication at the link below: