home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
InfoMagic Standards 1994 January
/
InfoMagic Standards - January 1994.iso
/
ccitt
/
1988
/
troff
/
8_7_03.tro
< prev
next >
Wrap
Text File
|
1991-12-22
|
99KB
|
3,696 lines
.rs
.\" Troff code generated by TPS Convert from ITU Original Files
.\" Not Copyright (~c) 1991
.\"
.\" Assumes tbl, eqn, MS macros, and lots of luck.
.TA 1c 2c 3c 4c 5c 6c 7c 8c
.ds CH
.ds CF
.EQ
delim @@
.EN
.nr LL 40.5P
.nr ll 40.5P
.nr HM 3P
.nr FM 6P
.nr PO 4P
.nr PD 9p
.po 4P
.rs
\v'|.5i'
.LP
\fBMONTAGE: FIN DE LA RECOMMANDATION F.400 EN\(hyT\*\|ETE DE CETTE PAGE\fR
.sp 2P
.LP
\v'11P'
\fBRecommendation\ X.402\fR
.RT
.sp 2P
.ce 1000
\fBMESSAGE\ HANDLING\ SYSTEMS:\fR
.EF '% Fascicle\ VIII.7\ \(em\ Rec.\ X.402''
.OF '''Fascicle\ VIII.7\ \(em\ Rec.\ X.402 %'
.ce 0
.sp 1P
.ce 1000
\fBOVERALL\ ARCHITECTURE\fR
.FS
Recommendation\ X.402
and ISO\ 10021\(hy2 [Information Processing Systems \(em Text Communications
\(em MOTIS \(em Overall Architecture] were developed in close collaboration
and are technically aligned, except for the differences noted in
Annex\ F.
.FE
.ce 0
.sp 1P
.ce 1000
\fI(Melbourne, 1988)\fR
.sp 9p
.RT
.ce 0
.sp 1P
.PP
The establishment in various countries of telematic services and computer\(hybased
store\(hyand\(hyforward message services in association with
public data networks creates a need to produce standards to facilitate
international message exchange between subscribers to such services.
.sp 1P
.RT
.sp 2P
.LP
The\ CCITT,
.sp 1P
.RT
.sp 1P
.LP
\fIconsidering\fR
.sp 9p
.RT
.PP
(a)
the need for Message Handling Systems;
.PP
(b)
the need to transfer and store messages of different
types;
.PP
(c)
that Recommendation X.200 defines the Reference Model of Open Systems Interconnection
for CCITT applications;
.PP
(d)
that Recommendations X.208, X.217, X.218 and X.219
provide the foundation for CCITT applications;
.PP
(e)
that the X.500\(hyseries Recommendations define Directory Systems;
.PP
(f
)
that Message Handling Systems are defined in
a series of Recommendations: X.400, X.402, X.403, X.407, X.408, X.411,
X.413, and\ X.419;
.PP
(g)
that Interpersonal Messaging is defined in
Recommendations\ X.420 and T.330,
.sp 1P
.LP
\fIunanimously declares\fR
.sp 9p
.RT
.PP
(1)
that the abstract models of a Message Handling System
are defined in \(sc\ 2;
.PP
(2)
that the configurations of a Message Handling System are defined in \(sc\ 3;
.PP
(3)
that naming, addressing, and routing within Message
Handling Systems are defined in \(sc\ 4;
.PP
(4)
that the use of the Directory by Message Handling
Systems is defined in \(sc\ 5;
.PP
(5)
that the OSI realization of a Message Handling System is specified in \(sc\ 6.
.LP
.sp 2
.bp
.sp 1P
.ce 1000
TABLE\ OF\ CONTENTS
.ce 0
.sp 1P
.sp 2P
.LP
SECTION\ 1\ \(em\ \fIIntroduction\fR
.sp 1P
.RT
.sp 1P
.LP
0
\fIIntroduction\fR
.sp 9p
.RT
.sp 1P
.LP
1
\fIScope\fR
.sp 9p
.RT
.sp 1P
.LP
2
\fIReferences\fR
.sp 9p
.RT
.LP
2.1
Open systems interconnection
.LP
2.2
Directory systems
.LP
2.3
Message handling systems
.sp 1P
.LP
3
\fIDefinitions\fR
.sp 9p
.RT
.LP
3.1
Open systems interconnection
.LP
3.2
Directory systems
.LP
3.3
Message handling systems
.sp 1P
.LP
4
\fIAbbreviations\fR
.sp 9p
.RT
.sp 1P
.LP
5
\fIConventions\fR
.sp 9p
.RT
.LP
5.1
ASN.1
.LP
5.2
Grade
.LP
5.3
Terms
.sp 2P
.LP
SECTION\ 2\ \(em\ \fIAbstract models\fR
.sp 1P
.RT
.sp 1P
.LP
6
\fIOverview\fR
.sp 9p
.RT
.sp 1P
.LP
7
\fIFunctional model\fR
.sp 9p
.RT
.LP
7.1
Primary functional objects
.LP
7.2
Secondary functional objects
.LP
7.3
Tertiary functional objects
.LP
7.4
Selected AU types
.sp 1P
.LP
8
\fIInformation model\fR
.sp 9p
.RT
.LP
8.1
Messages
.LP
8.2
Probes
.LP
8.3
Reports
.sp 1P
.LP
9
\fIOperational model\fR
.sp 9p
.RT
.LP
9.1
Transmittal
.LP
9.2
Transmittal roles
.LP
9.3
Transmittal steps
.LP
9.4
Transmittal events
.sp 1P
.LP
10
\fISecurity model\fR
.sp 9p
.RT
.LP
10.1
Security policies
.LP
10.2
Security services
.LP
10.3
Security elements
.bp
.sp 2P
.LP
SECTION\ 3\ \(em\ \fIConfigurations\fR
.sp 1P
.RT
.sp 1P
.LP
11
\fIOverview\fR
.sp 9p
.RT
.sp 1P
.LP
12
\fIFunctional configurations\fR
.sp 9p
.RT
.LP
12.1
Regarding the Directory
.LP
12.2
Regarding the message store
.sp 1P
.LP
13
\fIPhysical configurations\fR
.sp 9p
.RT
.LP
13.1
Messaging systems
.LP
13.2
Representative configurations
.sp 1P
.LP
14
\fIOrganizational configurations\fR
.sp 9p
.RT
.LP
14.1
Management domains
.LP
14.2
Representative configurations
.sp 1P
.LP
15
\fIThe global MHS\fR
.sp 9p
.RT
.sp 2P
.LP
SECTION\ 4\ \(em\ \fINaming, addressing and routing\fR
.sp 1P
.RT
.sp 1P
.LP
16
\fIOverview\fR
.sp 9p
.RT
.sp 1P
.LP
17
\fINaming\fR
.sp 9p
.RT
.LP
17.1
Directory names
.LP
17.2
O/R names
.sp 1P
.LP
18
\fIAddressing\fR
.sp 9p
.RT
.LP
18.1
Attribute lists
.LP
18.2
Character sets
.LP
18.3
Standard attributes
.LP
18.4
Attribute list equivalence
.LP
18.5
O/R address forms
.LP
18.6
Conditional attributes
.sp 1P
.LP
19
\fIRouting\fR
.sp 9p
.RT
.sp 2P
.LP
SECTION\ 5\ \(em\ \fIUse of the directory\fR
.sp 1P
.RT
.sp 1P
.LP
20
\fIOverview\fR
.sp 9p
.RT
.sp 1P
.LP
21
\fIAuthentication\fR
.sp 9p
.RT
.sp 1P
.LP
22
\fIName resolution\fR
.sp 9p
.RT
.sp 1P
.LP
23
\fIDL expansion\fR
.sp 9p
.RT
.sp 1P
.LP
24
\fICapability assessment\fR .bp
.sp 9p
.RT
.sp 2P
.LP
SECTION\ 6\ \(em\ \fIOSI realization\fR
.sp 1P
.RT
.sp 1P
.LP
25
\fIOverview\fR
.sp 9p
.RT
.sp 1P
.LP
26
\fIApplication service elements\fR
.sp 9p
.RT
.LP
26.1
The ASE concept
.LP
26.2
Symmetric and asymmetric ASEs
.LP
26.3
Message handling ASEs
.LP
26.4
Supporting ASEs
.sp 1P
.LP
27
\fIApplication contexts\fR
.sp 9p
.RT
.sp 1P
.LP
\fIAnnex\ A\fR \(em
Directory object classes and attributes
.sp 9p
.RT
.LP
\fIAnnex\ B\fR \(em
Reference definition of object identifiers
.LP
\fIAnnex\ C\fR \(em
Reference definition of object classes and attributes
.LP
\fIAnnex\ D\fR \(em
Security threats
.LP
\fIAnnex\ E\fR \(em
Provision of security services in Recommendation X.411
.LP
\fIAnnex\ F\fR \(em
Differences between CCITT Recommendation and ISO standard
.LP
\fIAnnex\ G\fR \(em
Index
.LP
SECTION\ 1\ \(em\ INTRODUCTION
.sp 1P
.RT
.sp 2P
.LP
\fB0\fR \fBIntroduction\fR
.sp 1P
.RT
.PP
This Recommendation is one of a set of Recommendations for Message Handling.
The entire set provides a comprehensive blueprint for a Message
Handling System (MHS) realized by any number of cooperating open systems.
.PP
The purpose of an MHS is to enable users to exchange messages on a
store\(hyand\(hyforward basis. A message submitted on behalf of one user, the
originator, is conveyed by the Message Transfer System (MTS) and subsequently
delivered to the agents of one or more additional users, the recipients.
Access units (AUs) link the MTS to communication systems of other kinds
(e.g.\ postal systems). A user is assisted in the preparation, storage
and display of
messages by a user agent (UA). Optionally, he is assisted in the storage of
messages by a message store (MS). The MTS comprises a number of message
transfer agents (MTAs) which collectively perform the store\(hyand\(hyforward
message transfer function.
.PP
The Recommendation specifies the overall architecture of the MHS and serves
as a technical introduction to it.
.PP
The text of this Recommendation is the subject of joint CCITT\(hyISO
agreement. The corresponding ISO specification is ISO\ 10021\(hy2.
.RT
.sp 2P
.LP
\fB1\fR \fBScope\fR
.sp 1P
.RT
.PP
This Recommendation defines the overall architecture of the MHS and serves
as a technical introduction to it.
.PP
Other aspects of Message Handling are specified in other
Recommendations. A non\(hytechnical overview of Message Handling is provided by
Recommendation\ X.400. The conformance testing of MHS components is described
in Recommendation\ X.403. The conventions used in the definition of the
abstract
services provided by MHS components are defined in Recommendation\ X.407. The
detailed rules by which the MTS converts the contents of messages from one EIT
.PP
to another are defied in Recommendation\ X.408. The abstract service the MTS
provides and the procedures that govern its distributed operation are defined
in Recommendation\ X.411. The abstract service the MS provides is defined
in
Recommendation X.413. The application protocols that govern the interactions
of MHS components are specified in Recommendation\ X.419. The Interpersonal
Messaging System, an application of MHS Handling, is defined in
Recommendation\ X.420. Telematic access to the Interpersonal Messaging System
is specified in Recommendation\ T.330.
.bp
.PP
The CCITT Recommendations and ISO International Standards of Message Handling
are summarized in Table\ 1/X.402.
.RT
.ce
\fBH.T. [T1.402]\fR
.ce
TABLE\ 1/X.402
.ce
\fBSpecifications for message handling systems\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(36p) | cw(36p) | cw(156p) .
CCITT ISO Subject matter
_
.T&
cw(228p) .
Introduction
_
.T&
cw(36p) | cw(36p) | lw(156p) .
X.400 8505\(hy1 Service and system overview
.T&
cw(36p) | cw(36p) | lw(156p) .
X.402 8505\(hy2 Overall architecture
_
.T&
cw(228p) .
Various aspects
_
.T&
cw(36p) | cw(36p) | lw(156p) .
X.403 \(em Conformance testing
.T&
cw(36p) | cw(36p) | lw(156p) .
X.407 8883\(hy2 T{
Abstract service definition conventions
T}
.T&
cw(36p) | cw(36p) | lw(156p) .
X.408 \(em T{
Encoded information type conversion rules
T}
_
.T&
cw(228p) .
Abstract services
_
.T&
cw(36p) | cw(36p) | lw(156p) .
X.411 8883\(hy1 T{
MTS abstract service definition and procedures for distributed
operation
T}
.T&
cw(36p) | cw(36p) | lw(156p) .
X.413 TBS\(hy1 T{
MS abstract service definition
T}
_
.T&
cw(228p) .
Protocols
_
.T&
cw(36p) | cw(36p) | lw(156p) .
X.419 8505\(hy2 Protocol specifications
_
.T&
cw(228p) .
T{
Interpersonal messaging system
T}
_
.T&
cw(36p) | cw(36p) | lw(156p) .
X.420 9065 T{
Interpersonal messaging system
T}
.T&
cw(36p) | cw(36p) | lw(156p) .
T.330 \(em Telematic access to IPMS
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 1/X.402 [T1.402], p.\fR
.sp 1P
.RT
.ad b
.RT
.LP
.sp 2
.PP
The Directory, the principal means for disseminating
communication\(hyrelated information among MHS components, is defined in the
X.500\(hyseries Recommendations (see Table\ 2/X.402).
.PP
The architectural foundation for Message Handling is provided
by other Recommendations. The OSI Reference Model is defined in
Recommendation\ X.200. The notation for specifying the data structures of
abstract services and application protocols, ASN.1, and the associated
encoding rules are defined in Recommendations\ X.208 and\ X.209. The means
for
establishing and releasing associations, the ACSE, is defined in
Recommendations\ X.217 and\ X.227. The means for reliably conveying APDUs over
associations, the RTSE, is defined by Recommendations\ X.218 and\ X.228. The
means for making requests of other open systems, the ROSE, is defined in
Recommendations\ X.219 and\ X.229.
.PP
The CCITT Recommendations and ISO International Standards basic to
Message Handling are summa
rized in Table\ 3/X.402.
.bp
.RT
.ce
\fBH.T. [T2.402]\fR
.ce
TABLE\ 2/X.402
.ce
\fBSpecifications for directories\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(36p) | cw(36p) | cw(108p) .
CCITT ISO Subject matter
_
.T&
cw(180p) .
Model
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.200 7498 OSI reference model
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.500 9594\(hy1 Overview
.T&
cw(36p) | cw(36p) | lw(108p) .
X.501 9594\(hy2 Models
.T&
cw(36p) | cw(36p) | lw(108p) .
X.509 9594\(hy8 Authentication framework
.T&
cw(36p) | cw(36p) | lw(108p) .
X.511 9594\(hy3 Abstract service definition
.T&
cw(36p) | cw(36p) | lw(108p) .
X.518 9594\(hy4 T{
Procedures for distributed operation
T}
.T&
cw(36p) | cw(36p) | lw(108p) .
X.519 9594\(hy5 Protocol specifications
.T&
cw(36p) | cw(36p) | lw(108p) .
X.520 9594\(hy6 Selected attribute types
.T&
cw(36p) | cw(36p) | lw(108p) .
X.521 9594\(hy7 Selected object classes
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 2/X.402 [T2.402], p. 2\fR
.sp 1P
.RT
.ad b
.RT
.ce
\fBH.T. [T3.402]\fR
.ce
TABLE\ 3/X.402
.ce
\fBSpecifications for MHS foundations\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(36p) | cw(36p) | cw(108p) .
CCITT ISO Subject matter
_
.T&
cw(180p) .
Model
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.200 7498 OSI reference model
_
.T&
cw(180p) .
ASN.1
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.208 8824 Abstract syntax notation
.T&
cw(36p) | cw(36p) | lw(108p) .
X.209 8825 Basic encoding rules
_
.T&
cw(180p) .
Association control
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.217 8649 Service definition
.T&
cw(36p) | cw(36p) | lw(108p) .
X.227 8650 Protocol specification
_
.T&
cw(180p) .
Reliable transfer
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.218 9066\(hy1 Service definition
.T&
cw(36p) | cw(36p) | lw(108p) .
X.228 9066\(hy2 Protocol specification
_
.T&
cw(180p) .
Remote operations
_
.T&
cw(36p) | cw(36p) | lw(108p) .
X.219 9072\(hy1 Service definition
.T&
cw(36p) | cw(36p) | lw(108p) .
X.229 9072\(hy2 Protocol specification
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 3/X.402 [T3.402], p. 3\fR
.sp 1P
.RT
.ad b
.RT
.LP
.bp
.PP
This Recommendation is structured as follows. Section\ 1 is this
introduction. Section\ 2 presents abstract models of Message Handling.
Section\ 3 specifies
how one can configure the MHS to satisfy any of a variety of functional,
physical and organizational requirements. Section\ 4 describes the naming and
addressing of users and distribution lists and the routing of information
objects to them. Section\ 5 describes the uses the MHS may make of the
Directory. Section\ 6
describes how the MHS is realized by means of OSI. Annexes provide important
supplemental information.
.PP
No requirements for conformance to this Recommendation are
imposed.
.RT
.sp 2P
.LP
\fB2\fR \fBReferences\fR
.sp 1P
.RT
.PP
This Recommendation and others in the set cite the documents
below.
.RT
.sp 1P
.LP
2.1
\fIOpen systems interconnection\fR
.sp 9p
.RT
.PP
This Recommendation and others in the set cite the following OSI
specifications:
.RT
.LP
X.200
Reference model of open systems interconnection for CCITT applications
(see also ISO\ 7498)
.LP
X.208
Specification of abstract syntax notation one (ASN.1)
(see also ISO\ 8824)
.LP
X.209
Specification of basic encoding rules for abstract
syntax notation (see also ISO\ 8825)
.LP
X.217
Association control service definition for open systems interconnection
for CCITT applications (see also ISO\ 8649)
.LP
X.218
Reliable transfer: Model and service definition (see also ISO\ 9066\(hy1)
.LP
X.219
Remote operations: Model, notation and service definition (see also ISO\
9072\(hy1)
.LP
X.227
Association control: Protocol specification for open
systems interconnection for CCITT applications (see also ISO\ 8650)
.LP
X.228
Reliable transfer: Protocol specification (see also
ISO\ 9066\(hy2)
.LP
X.229
Remote operations: Protocol specification (see also
ISO\ 9072\(hy2)
.sp 1P
.LP
2.2
\fIDirectory systems\fR
.sp 9p
.RT
.PP
This Recommendation and others in the set cite the following
Directory System specifications:
.RT
.LP
X.500
The directory \(em Overview of concepts, models, and
services (see also ISO\ 9594\(hy1)
.LP
X.501
The directory \(em Models (see also ISO 9594\(hy2)
.LP
X.509
The directory \(em Authentication framework (see also
ISO\ 9594\(hy8)
.LP
X.511
The directory \(em Abstract service definition (see also
ISO\ 9594\(hy3)
.LP
X.518
The directory \(em Procedures for distributed operation (see also ISO
9594\(hy4)
.LP
X.519
The directory \(em Protocol specifications (see also ISO
9594\(hy5)
.LP
X.520
The directory \(em Selected attribute types (see also ISO
9594\(hy6)
.LP
X.521
The directory \(em Selected object classes (see also ISO
9594\(hy7)
.sp 1P
.LP
2.3
\fIMessage handling systems\fR
.sp 9p
.RT
.PP
This Recommendation and others in the set cite the following
message handling system specifications:
.RT
.LP
T.330
Telematic access to interpersonal messaging system
.LP
X.400
Message handling: System and service overview (see also ISO\ 10021\(hy1)
.LP
X.403
Message handling systems: Conformance testing
.LP
X.407
Message handling systems: Abstract service definition
conventions (see also ISO\ 10021\(hy3)
.LP
X.408
Message handling systems: Encoded information type
conversion rules
.LP
X.411
Message handling systems: Message transfer system:
Abstract service definition and procedures (see also ISO\ 10021\(hy4)
.bp
.LP
X.413
Message handling systems: Message store: Abstract service definition
(see also ISO 10021\(hy5)
.LP
X.419
Message handling systems: Protocol specifications (see
also ISO 10021\(hy6)
.LP
X.420
Message handling systems: Interpersonal messaging system (see also ISO
10021\(hy7)
.sp 2P
.LP
\fB3\fR \fBDefinitions\fR
.sp 1P
.RT
.PP
For the purposes of this Recommendation and others in the set, the definitions
below apply.
.RT
.sp 2P
.LP
3.1
\fIOpen systems interconnection\fR
.sp 1P
.RT
.PP
3.1.1
This Recommendation and others in the set use the following
terms defined in Recommendation X.200, as well as the names of the seven
layers of the Reference Model:
.sp 9p
.RT
.LP
a)
abstract syntax;
.LP
b)
application entity (AE);
.LP
c)
application process;
.LP
d)
application protocol data unit (APDU);
.LP
e)
application service element (ASE);
.LP
f
)
distributed information processing task;
.LP
g)
layer;
.LP
h)
open system;
.LP
i)
open systems interconnection (OSI);
.LP
j
)
peer;
.LP
k)
presentation context;
.LP
l)
protocol;
.LP
m)
reference model;
.LP
n)
transfer syntax;
.LP
o)
user element (UE).
.PP
3.1.2\fR This Recommendation and others in the set use the following
terms defined in Recommendations X.208 and X.209, as well as the names
of ASN.1 data types and values:
.LP
a)
Abstract Syntax Notation One (ASN.1);
.LP
b)
Basic Encoding Rules;
.LP
c)
explicit;
.LP
d)
export;
.LP
e)
implicit;
.LP
f
)
import;
.LP
g)
macro;
.LP
h)
module;
.LP
i)
tag;
.LP
j
)
type; and
.LP
k)
value.
.PP
3.1.3
This Recommendation and others in the set use the following
terms defined in Recommendation X.217:
.LP
a)
application association; association;
.LP
b)
application context (AC);
.LP
c)
association control service element (ACSE);
.LP
d)
initiator;
.LP
e)
responder.
.PP
3.1.4
This Recommendation and others in the set use the following
terms defined in Recommendation X.218:
.LP
a)
Reliable transfer (RT); and
.LP
b)
Reliable transfer service element (RTSE).
.bp
.PP
3.1.5
This Recommendation and others in the set use the following terms defined
in Recommendation\ X.219:
.LP
a)
argument;
.LP
b)
asynchronous;
.LP
c)
bind;
.LP
d)
parameter;
.LP
e)
remote error;
.LP
f
)
remote operation;
.LP
g)
remote operations (RO);
.LP
h)
remote operations service element (ROSE);
.LP
i)
result;
.LP
j
)
synchronous; and
.LP
k)
unbind.
.sp 1P
.LP
3.2
\fIDirectory systems\fR
.sp 9p
.RT
.PP
This Recommendation and others in the set use the following terms defined
in the X.500\(hyseries Recommendations:
.RT
.LP
a)
attribute;
.LP
b)
certificate;
.LP
c)
certification authority;
.LP
d)
certification path;
.LP
e)
directory entry; entry;
.LP
f
)
directory system agent (DSA);
.LP
g)
directory;
.LP
h)
hash function;
.LP
i)
name;
.LP
j
)
object class;
.LP
k)
object;
.LP
l)
simple authentication;
.LP
m)
strong authentication.
.sp 1P
.LP
3.3
\fIMessage handling systems\fR
.sp 9p
.RT
.PP
For the purposes of this Recommendation and others in the set, the definitions
indexed in Annex\ G apply.
.RT
.sp 2P
.LP
\fB4\fR \fBAbbreviations\fR
.sp 1P
.RT
.PP
For the purposes of this Recommendation and others in the set, the abbreviations
indexed in Annex\ G apply.
.RT
.sp 2P
.LP
\fB5\fR \fBConventions\fR
.sp 1P
.RT
.PP
This Recommendation uses the descriptive conventions identified
below.
.RT
.sp 1P
.LP
5.1
\fIASN.1\fR
.sp 9p
.RT
.PP
This Recommendation uses several ASN.1\(hybased descriptive
conventions in Annexes\ A and\ C to define the Message Handling\(hyspecific
information the Directory may hold. In particular, it uses the OBJECT\(hyCLASS,
ATTRIBUTE, and ATTRIBUTE\(hySYNTAX macros of Recommendation\ X.501 to define
Message Handling\(hyspecific object classes, attributes, and attribute
syntaxes.
.PP
ASN.1 appears both in Annex A to aid the exposition, and again,
largely redundantly, in Annex\ C for reference. If differences are found
between the two, a specification error is indicated.
.PP
Note that ASN.1 tags are implicit throughout the ASN.1 module that
Annex\ C defines; the module is definitive in that respect.
.bp
.RT
.sp 1P
.LP
5.2
\fIGrade\fR
.sp 9p
.RT
.PP
Whenever this Recommendation describes a class of data structure
(e.g., O/R addresses) having components (e.g., attributes), each component
is assigned one of the following \fBgrades\fR :
.RT
.LP
a)
\fBmandatory (M)\fR : a mandatory component shall be
present in every instance of the class.
.LP
b)
\fBoptional (O)\fR : an optional component shall be
present in an instance of the class at the discretion of the object
(e.g.,\ user) supplying that instance. There is no default value.
.LP
c)
\fBdefaultable (D)\fR : a defaultable component shall be present in an
instance of the class at the discretion of the object (e.g.,\ user)
supplying that instance. In its absence a default value, specified by this
Recommendation, applies.
.LP
d)
\fBconditional (C)\fR : a conditional component shall
be present in an instance of the class as dictated by this
Recommendation.
.sp 1P
.LP
5.3
\fITerms\fR
.sp 9p
.RT
.PP
Throughout the remainder of this Recommendation, terms are rendered in
\fBbold\fR when defined, in \fIitalic\fR when referenced prior to their
definitions, without emphasis upon other occasions.
.PP
Terms that are proper nouns are capitalized, generic terms are
not.
.RT
.LP
SECTION 2\ \(em\ ABSTRACT MODELS
.sp 1P
.RT
.sp 2P
.LP
\fB6\fR \fBOverview\fR
.sp 1P
.RT
.PP
This section presents abstract models of \fIMessage Handling\fR which provide
the architectural basis for the more detailed specifications that
appear in other Recommendations in the set.
.PP
\fBMessage Handling\fR is a distributed information processing task
that integrates the following intrinsically related sub\(hytasks:
.RT
.LP
a)
\fBMessage Transfer\fR :\| The non\(hyreal\(hytime carriage of
information objects between parties using computers as
intermediaries.
.LP
b)
\fBMessage Storage\fR :\| The automatic storage for later
retrieval of information objects conveyed by means of
Message Transfer.
.PP
This section covers the following topics:
.LP
a)
functional model;
.LP
b)
information model;
.LP
c)
operational model;
.LP
d)
security model.
.PP
\fINote\fR \ \(em\ Message Handling has a variety of applications, one of
which is Interpersonal Messaging, described in Recommendation\ X.420.
.sp 2P
.LP
\fB7\fR \fBFunctional model\fR
.sp 1P
.RT
.PP
This clause provides a functional model of Message Handling. The
concrete realization of the model is the subject of other Recommendations in
the set.
.PP
The \fBMessage Handling Environment\fR ; comprises
\*Qprimary\*U functional objects of several types, the \fIMessage Handling
System\fR \fI(MHS), users\fR , \|and \fIdistribution lists\fR .\| The MHS
in turn can be decomposed into lesser, \*Qsecondary\*U functional objects
of several types, the
\fIMessage Transfer System (MTS), user agents, message stores\fR , and
\fIaccess units\fR . The MTS in turn can be decomposed into still lesser,
\*Qtertiary\*U functional objects of a single type, message transfer agents.
.PP
The primary, secondary, and tertiary functional object types and
selected \fIaccess unit\fR \| types are individually defined and described
below.
.bp
.PP
As detailed below, functional objects are sometimes tailored to one or
more applications of Message Handling, e.g., Interpersonal Messaging (see
Recommendations X.420 and T.330). A functional object that has been tailored
to an application understands the syntax and semantics of the contents
of messages exchanged in that application.
.PP
As a local matter, functional objects may have capabilities beyond
those specified in this Recommendation or others in the set. In particular,
a typical \fIuser agent\fR \| has message preparation, rendition, and storage
capabilities that are not standardized.
.RT
.sp 1P
.LP
7.1
\fIPrimary functional objects\fR
.sp 9p
.RT
.PP
The MHE comprises the \fIMessage Handling System\fR , \fIusers\fR , and
\fIdistribution lists\fR . These primary functional objects interact with one
another. Their types are defined and described below.
.PP
The situation is depicted in Figure 1/X.402.
.RT
.LP
.rs
.sp 14P
.ad r
\fBFigure 1/X.402, (N), p.\fR
.sp 1P
.RT
.ad b
.RT
.sp 1P
.LP
7.1.1
\fIMessage Handling System\fR
.sp 9p
.RT
.PP
The principal purpose of Message Handling is to convey information objects
from one party to another. The functional object by means of which this
is accomplished is called the \fBMessage Handling System\fR .
.PP
The MHE comprises a single MHS.
.RT
.sp 1P
.LP
7.1.2
\fIUsers\fR
.sp 9p
.RT
.PP
The principal purpose of the MHS is to convey information objects between
\fIusers\fR . A functional object (e.g., a person) that engages in (rather
than provides) Message Handling is called a \fBuser\fR .
.PP
The following kinds of user are distinguished:
.RT
.LP
a)
\fBdirect user\fR : A user that engages in Message Handling by direct
use of the MHS.
.LP
b)
\fBindirect user\fR : A user that engages in Message Handling by indirect
use of the MHS, i.e., through another communication system (e.g., a postal
system or the telex network) to which the MHS is linked.
.PP
The MHE comprises any number of users.
.sp 1P
.LP
7.1.3
\fIDistribution lists\fR
.sp 9p
.RT
.PP
By means of the MHS a user can convey information objects to
pre\(hyspecified groups of users as well as to individual users. The functional
object that represents a pre\(hyspecified group of users and other DLs
is called a \fBdistribution list (DL)\fR .
.PP
A DL identifies zero or more users and DLs called its \fBmembers\fR .
The latter DLs (if any) are said to be nested. Asking the MHS to convey
an information object (e.g., a \fImessage\fR ) to a DL is tantamount to
asking that it convey the object to its members. Note that this is recursive.
.bp
.PP
The right, or permission, to convey \fImessages\fR \| to a particular DL
may be controlled. This right is called \fBsubmit permission\fR . As a
local matter the use of a DL can be further restricted.
.PP
The MHE comprises any number of DLs.
.PP
\fINote\fR \ \(em\ A DL might be further restricted, e.g., to the conveyance
of \fImessages\fR \| of a prescribed \fIcontent type\fR .
.RT
.sp 1P
.LP
7.2
\fISecondary functional objects\fR
.sp 9p
.RT
.PP
The MHS comprises the \fIMessage Transfer System, user agents\fR ,
\fImessage stores\fR , and \fIaccess units\fR . These secondary functional
objects
interact with one another. Their types are defined and described below.
.PP
The situation is depicted in Figure 2/X.402.
.RT
.LP
.rs
.sp 16P
.ad r
\fBFigure 2/X.402, (N), p.\fR
.sp 1P
.RT
.ad b
.RT
.sp 1P
.LP
7.2.1
\fIMessage Transfer System\fR
.sp 9p
.RT
.PP
The MHS conveys information objects to individual users and to the members
of DLs. The functional object that actually does this is called the
\fBMessage Transfer System (MTS)\fR . The MTS is a store\(hyand\(hyforward
communication system and can be considered the backbone of the MHS.
.PP
The MTS is general\(hypurpose, supporting all applications of Message
Handling. Additionally, the MTS may be tailored to one or more particular
applications so it can carry out \fIconversion\fR .
.PP
The MHS comprises a single MTS.
.RT
.sp 1P
.LP
7.2.2
\fIUser agents\fR
.sp 9p
.RT
.PP
The functional object by means of which a single direct user
engages in Message Handling is called a \fBuser agent (UA)\fR .
.PP
A typical UA is tailored to one or more particular applications of
Message Handling.
.PP
The MHS comprises any number of UAs.
.PP
\fINote\fR \ \(em\ A UA that serves a human user typically interacts with
him by means of inputB/Foutput devices (e.g., a keyboard, display, scanner,
printer, or combination of these).
.RT
.sp 1P
.LP
7.2.3
\fIMessage stores\fR
.sp 9p
.RT
.PP
A typical user must store the information objects it receives. The functional
object that provides a (single) direct user with capabilities for
Message Storage is called a \fBmessage store (MS)\fR . Each MS is associated
with one UA, but not every UA has an associated MS.
.bp
.PP
Every MS is general\(hypurpose, supporting all applications of Message
Handling. Additionally, an MS may be tailored to one or more particular
applications so that it can more capably \fIsubmit\fR \| and support the
\fIretrieval of messages\fR \| associated with that application.
.PP
The MHS comprises any number of MSs.
.PP
\fINote\fR \ \(em\ As a local matter a UA may provide for information objects
storage that either supplements or replaces that of an MS.
.RT
.sp 1P
.LP
7.2.4
\fIAccess units\fR
.sp 9p
.RT
.PP
The functional object that links another communication system
(e.g., a postal system or the telex network) to the MTS and via
which its patrons engage in Message Handling as indirect users is called an
\fBaccess unit (AU)\fR .
.PP
A typical AU is tailored to a particular communication system and to one
or more particular applications of Message Handling.
.PP
The MHS comprises any number of AUs.
.RT
.sp 1P
.LP
7.3
\fITertiary functional objects\fR
.sp 9p
.RT
.PP
The MTS comprises \fImessage transfer agents\fR . These tertiary
functional objects interact. Their type is defined and described below.
.PP
The situation is depicted in Figure 3/X.402.
.RT
.LP
.rs
.sp 13P
.ad r
\fBFigure 3/X.402, (N), p.\fR
.sp 1P
.RT
.ad b
.RT
.sp 1P
.LP
7.3.1
\fIMessage transfer agents\fR
.sp 9p
.RT
.PP
The MTS conveys information objects to users and DLs in a
store\(hyand\(hyforward manner. A functional object that provides one link
in the
MTS' store\(hyand\(hyforward chain is called a \fBmessage transfer agent
(MTA)\fR .
.PP
Every MTA is general\(hypurpose, supporting all applications of Message
Handling. Additionally, an MTA may be tailored to one or more particular
applications so it can carry out \fIconversion\fR .
.PP
The MTS comprises any number of MTAs.
.RT
.sp 1P
.LP
7.4
\fISelected AU types\fR
.sp 9p
.RT
.PP
As described above, the MHS interworks with communication systems of other
types via AUs. Several selected AU types\(em\fIphysical delivery\fR ,
telematic, and telex\(emare introduced in the clauses below.
.RT
.sp 1P
.LP
7.4.1
\fIPhysical delivery\fR
.sp 9p
.RT
.PP
A \fBphysical delivery access unit (PDAU)\fR \| is an AU that subjects
\fImessages\fR (but neither \fIprobes\fR \| nor \fIreports\fR ) to \fIphysical
rendition\fR and
that conveys the resulting \fIphysical messages\fR \| to a \fIphysical
delivery\fR
\fIsystem\fR .
.bp
.PP
The transformation of a \fImessage\fR \| into a \fIphysical message\fR \| is
called \fBphysical rendition\fR . A \fBphysical message\fR is a physical
object (e.g., a letter and its paper envelope) that embodies a \fImessage\fR .
.PP
A \fBphysical delivery system (PDS)\fR \| is a system that performs
\fIphysical delivery\fR . One important kind of PDS is postal systems.
\fBPhysical delivery\fR is the conveyance of a physical message to a patron of
a PDS, one of the indirect users to which the PDAU provides Message Handling
capabilities.
.PP
Among the applications of Message Handling supported by every PDAU is Interpersonal
Messaging
(see\ Recommendation X.420).
.RT
.sp 1P
.LP
7.4.2
\fITelematic\fR
.sp 9p
.RT
.PP
Telematic access units, which support Interpersonal Messaging
exclusively, are introduced in Recommendation X.420.
.RT
.sp 1P
.LP
7.4.3
\fITelex\fR
.sp 9p
.RT
.PP
Telex access units, which support Interpersonal Messaging
exclusively, are introduced in Recommen
dation\ X.420.
.RT
.sp 2P
.LP
\fB8\fR \fBInformation model\fR
.sp 1P
.RT
.PP
This clause provides an information model of Message Handling. The concrete
realization of the model is the subject of other Recommendations in
the set.
.PP
The MHS and MTS can convey information objects of three classes:
\fImessages\fR , \fIprobes\fR \| and \fIreports\fR . These classes are
listed in the first
column of Table 4/X.402. For each listed class, the second column indicates
the kinds of functional objects \(em users, UAs, MSs, MTAs, and AUs \(em
that are the
ultimate sources and destinations for such objects.
.RT
.ce
\fBH.T. [T4.402]\fR
.ce
TABLE\ 4/X.402
.ce
\fBConveyable information objects\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(48p) | cw(36p) sw(18p) sw(18p) sw(18p) sw(18p) , ^ | c | c | c | c | c.
Information object Functional object
User UA MS MTA AU
_
.T&
lw(48p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Message SD \(em \(em \(em \(em
.T&
lw(48p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Probe S \(em \(em D \(em
.T&
lw(48p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Report D \(em \(em S T{
\(em
S
Ultimate source
.parag
D
Ultimate destination
.parag
T}
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 4/X.402 [T4.402], p.\fR
.sp 1P
.RT
.ad b
.RT
.LP
.sp 2
.PP
The information objects, summarized in Table\ 4/X.402, are
individually defined and described below.
.sp 1P
.LP
8.1
\fIMessages\fR
.sp 9p
.RT
.PP
The primary purpose of Message Transfer is to convey information
objects called \fBmessages\fR \| from one user to others. A message has the
following parts, as depicted in Figure 4/X.402:
.RT
.LP
a)
\fBenvelope\fR : An information object whose composition
varies from one \fItransmittal step\fR \| to another and that variously
identifies
the message's \fIoriginator\fR \| and \fIpotential recipients\fR ,\| documents
its previous conveyance and directs its subsequent conveyance by the MTS,
and characterizes its \fIcontent\fR .
.LP
b)
\fBcontent\fR : An information object that the MTS neither
examines nor modifies, except for \fIconversion\fR ,\| during its conveyance
of the message.
.bp
.LP
.rs
.sp 15P
.ad r
\fBFigure 4/X.402, (N), p.\fR
.sp 1P
.RT
.ad b
.RT
.PP
One piece of information borne by the envelope identifies the type of the
content. The \fBcontent type\fR \| is an identifier (an ASN.1 Object
Identifier or Integer) that denotes the syntax and semantics of the content
overall. This identifier enables the MTS to determine the message's
\fIdeliverability\fR to particular users, and enables UAs and MSs to interpret
and process the content.
.PP
Another piece of information borne by the envelope identifies the
types of encoded information represented in the content. An \fBencoded\fR
\fBinformation type (EIT)\fR is an identifier (an ASN.1 Object Identifier or
Integer) that denotes the medium and format (e.g., IA5 text or Group 3
facsimile) of individual portions of the content. It further enables the
MTS to determine the message's deliverability to particular users, and
to identify
opportunities for it to \fImake\fR the message deliverable by converting
a portion of the content from one EIT to another.
.RT
.sp 1P
.LP
8.2
\fIProbes\fR
.sp 9p
.RT
.PP
A second purpose of Message Transfer is to convey information
objects called \fBprobes\fR \| from one user up to but just short of other
users
(i.e., to the MTAs serving those users). A probe describes a class of message
and is used to determine the \fIdeliverability\fR \| of such messages.
.PP
A message described by a probe is called a
\fBdescribed\fR
\fBmessage\fR .
.PP
A probe comprises an envelope alone. This envelope contains much the same
information as that for a message. Besides bearing the content type and
encoded information types of a described message, the probe's envelope bears
the length of its content.
.PP
The \fIsubmission\fR \| of a probe elicits from the MTS largely the same
behavior as would submission of any described message, except that
\fIDL expansion\fR and \fIdelivery\fR are forgone in the case of the probe. In
particular, and apart from the consequences of the suppression of
\fIDL expansion\fR , the probe provokes the same \fIreports\fR \| as would
any described message. This fact gives probes their utility.
.RT
.sp 1P
.LP
8.3
\fIReports\fR
.sp 9p
.RT
.PP
A third purpose of Message Transfer is to convey information
objects called \fBreports\fR to users. Generated by the MTS, a report relates
the outcome or progress of a message's or probe's \fItransmittal\fR \|
to one or more
potential recipients.
.PP
The message or probe that is the subject of a report is called its
\fBsubject message\fR \| or \fBsubject probe\fR .
.PP
A report concerning a particular potential recipient is conveyed to
the \fIoriginator\fR \| of the subject message or probe unless the \fIpotential\fR
\fIrecipient\fR is a \fImember recipient\fR . In the latter case, the report is
conveyed to the DL of which the \fImember recipient\fR is a member. As a local
matter (i.e., by policy established for that particular DL), the report
may be further conveyed to the DL's owner; either to another, containing
DL (in the
case of nesting) or to the originator of the subject message (otherwise); or
both.
.bp
.PP
The outcomes that a single report may relate are of the following
kinds:
.RT
.LP
a)
\fBdelivery report\fR \fIdelivery, export\fR , \|or \fIaffirmation\fR
\| of the subject message or probe, or \fIDL expansion\fR .
.LP
b)
\fBnon\(hydelivery report\fR \fInon\(hydelivery\fR \| or
\fInon\(hyaffirmation\fR \| of the subject message or probe.
.PP
A report may comprise one or more delivery and/or non\(hydelivery
reports.
.PP
A message or probe may provoke several delivery and/or non\(hydelivery
reports concerning a particular \fIpotential recipient\fR . Each marks
the passage of a different transmittal \fIstep\fR or \fIevent\fR .
.RT
.sp 2P
.LP
\fB9\fR \fBOperational model\fR
.sp 1P
.RT
.PP
This clause provides an operational model of Message Handling. The concrete
realization of the model is the subject of other Recommendations in
the set.
.PP
The MHS can convey an information object to individual users, DLs, or a
mix of the two. Such conveyance is accomplished by a process called
\fItransmittal\fR comprising \fIsteps\fR and \fIevents\fR . The process,
its parts, and
the roles that users and DLs play in it are defined and described
below.
.RT
.sp 1P
.LP
9.1
\fITransmittal\fR
.sp 9p
.RT
.PP
The conveyance or attempted conveyance of a message or probe is
called \fBtransmittal\fR . Transmittal encompasses a message's conveyance
from its \fIoriginator\fR to its \fIpotential recipients\fR , and a probe's
conveyance from its \fIoriginator\fR to MTAs able to \fIaffirm\fR the described
messages'
\fIdeliverability\fR to the probe's \fIpotential recipients\fR . Transmittal
also
encompasses the conveyance or attempted conveyance to the \fIoriginator\fR
of any reports the message or probe may provoke.
.PP
A transmittal comprises a sequence of \fItransmittal steps\fR \| and
\fIevents\fR . A \fBtransmittal step\fR (or \fBstep\fR ) is the conveyance
of a message,
probe,
or report from one functional object to another \*Qadjacent\*U to it. A
\fBtransmittal\fR \fBevent\fR (or \fBevent\fR ) is processing of a message,
probe, or report within a
functional object that may influence the functional object's selection
of the next transmittal step or event.
.PP
The information flow of transmittal is depicted in Figure 5/X.402. The
figure shows the kinds of functional objects \(em direct users, indirect
users,
UAs, MSs, MTAs, and AUs \(em that may be involved in a transmittal, the
information
objects \(em messages, probes, and reports \(em that may be conveyed between
them,
and the names of the transmittal steps by means of which those conveyances
are accomplished.
.RT
.LP
.rs
.sp 22P
.ad r
\fBFigure 5/X.402, (N), p.\fR
.sp 1P
.RT
.ad b
.RT
.LP
.bp
.PP
The Figure highlights the facts that a message or report may be
retrieved repeatedly and that only the first conveyance of a retrieved
object from UA to user constitutes \fIreceipt\fR .
.PP
One event plays a distinguished role in transmittal. \fISplitting\fR \|
replicates a message or probe and divides responsibility for its \fIimmediate\fR
\fIrecipients\fR \| among the resulting information objects. The potential
recipients associated with a particular instance of a message or probe
are called the
\fBimmediate recipients\fR . An MTA stages a splitting if the next step or
event required in the conveyance of a message or probe to some immediate
recipients differs from that required in its conveyance to others. Each
of the step and event descriptions which follow assumes that the step or
event is
appropriate for all immediate recipients, a situation that can be created,
if necessary, by splitting.
.RT
.sp 1P
.LP
9.2
\fITransmittal roles\fR
.sp 9p
.RT
.PP
Users and DLs play a variety of roles in a message's or probe's
transmittal. These roles are informally categorized as \*Qsource\*U roles,
\*Qdestination\*U roles, or statuses to which users or DLs can be elevated.
.RT
.PP
9.2.1
A user may play the following \*Qsource\*U role in the transmittal of a
message or probe:
.LP
a)
\fBoriginator\fR : The user (but not DL) that is the
ultimate source of a message or probe.
.PP
9.2.2
A user or DL may play any of the following \*Qdestination\*U roles in
the transmittal of a message or probe:
.LP
a)
\fBintended recipient\fR : One of the users and DLs the
originator specifies as a message's or probe's intended destinations.
.LP
b)
\fBoriginator\(hyspecified alternate recipient\fR : The user
or DL (if any) to which the originator requests that a
message or probe be conveyed if it cannot be conveyed to a
particular intended recipient.
.LP
c)
\fBmember recipient\fR : A user or DL to which a message (but
not a probe) is conveyed as a result of
DL\ \fIexpansion\fR .
.LP
d)
\fBrecipient\(hyassigned alternate recipient\fR : The user or DL
(if any) to which an intended, originator\(hy
specified
alternate, or member recipient may have elected to
\fIredirect\fR messages.
.PP
9.2.3
A user or DL may attain any of the following statuses in
the course of a message's or probe's transmittal:
.LP
a)
\fBpotential recipient\fR : Any user or DL to (i.e., toward)
which a message or probe is conveyed at any point during
the course of transmittal. Necessarily an intended,
originator\(hyspecified alternate, member, or recipient\(hyassigned
alternate recipient.
.LP
b)
\fBactual recipient\fR (or \fBrecipient\fR ): A potential
recipient for which \fIdelivery\fR \| or \fIaffirmation\fR takes
place.
.sp 1P
.LP
9.3
\fITransmittal steps\fR
.sp 9p
.RT
.PP
The kinds of steps that may occur in a transmittal are listed in
the first column of Table 5/X.402. For each listed kind, the second column
indicates whether this Recommendation and others in the set standardize such
steps, the third column the kinds of information objects \(em messages, probes,
and
reports \(em that may be conveyed in such a step, the fourth column the
kinds of functional objects \(em users, UAs, MSs, MTAs, and AUs \(em that
may participate in such a step as the object's source or destination.
.PP
The Table is divided into three sections. The steps in the first
section apply to the \*Qcreation\*U of messages and probes, those in the
last to
the \*Qdisposal\*U of messages and reports, and those in the middle section
to the \*Qrelaying\*U of messages, probes, and reports.
.RT
.PP
The kinds of transmittal steps, summarized in Table\ 5/X.402, are individually
defined and described below.
.bp
.ce
\fBH.T. [T5.402]\fR
.ce
TABLE\ 5/X.402
.ce
\fBTransmittal steps\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(36p) | cw(36p) | cw(18p) sw(18p) sw(18p) | cw(30p) sw(18p) sw(18p) sw(18p) sw(18p) , ^ | ^ | c | c | c | c | c | c | c | c.
Transmittal step Standardized? Information objects Functional objects
M P R User UA MS MTA AU
_
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Origination No X X \(em S D \(em \(em \(em
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Submission Yes X X \(em \(em S SD D \(em
_
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Import No X X X \(em \(em \(em D S
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Transfer Yes X X X \(em \(em\fR \(em SD \(em
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Export No X X X \(em \(em \(em S D
_
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Delivery Yes X \(em X \(em D D S \(em
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Retrieval Yes X \(em X \(em D S \(em \(em
.T&
lw(36p) | cw(36p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Reception No X \(em X D S \(em \(em T{
\(em
M
Message
S
Source
.parag
P
Probe
D
Destination
.parag
R
Report
X
Permitted
.parag
T}
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 5/X.402 [T5.402], p.\fR
.sp 1P
.RT
.ad b
.RT
.LP
.sp 2
.sp 1P
.LP
9.3.1
\fIOrigination\fR
.sp 9p
.RT
.PP
In an \fBorigination\fR step, either a direct user conveys a message or
probe to its UA, or an indirect user conveys a message or probe to the
communication system that serves it. This step gives birth to the message or
probe and is the first step in its transmittal.
.PP
The user above constitutes the message's or probe's originator. In
this step, the originator identifies the message's or probe's intended
recipients. Additionally, for each intended recipient, the originator may
(but need not) identify an originator\(hyspecified alternate recipient.
.RT
.sp 1P
.LP
9.3.2
\fISubmission\fR
.sp 9p
.RT
.PP
In a \fBsubmission\fR step, a message or probe is conveyed to an
MTA and thus entrusted to the MTS. Two kinds of submission are
distinguished:
.RT
.LP
a)
\fBindirect submission\fR : A transmittal step in which the
originator's UA conveys a message or probe to its MS and in which the MS
effects direct submission. Such a step follows origination.
.LP
This step may be taken only if the user is equipped with
an MS.
.LP
b)
\fBdirect submission\fR : A transmittal step in which the
originator's UA or MS conveys a message or probe to an MTA. Such a step
follows origination or occurs as part of indirect submission.
.LP
This step may be taken whether or not the user is equipped with an MS.
.PP
Indirect and direct submission are functionally equivalent except that
additional capabilities may be available with the former. Indirect
submission may differ from direct submission in other respects (e.g., the
number of open systems with which that embodying a UA must interact) and for
that reason be preferable to direct submission.
.PP
The UA or MS involved in direct submission is called the
\fBsubmission agent\fR . A submission agent is made known to the MTS by a
process of registration, as a result of which the submission agent and
MTS keep one another informed of their names, their locations, and any
other
characteristics required for their interaction.
.bp
.RT
.sp 1P
.LP
9.3.3
\fIImport\fR
.sp 9p
.RT
.PP
In an \fBimport\fR step, an AU conveys a message, probe, or report
to an MTA. This step injects into the MTS an information object born in
another communication system, and follows its conveyance by that system.
.PP
\fINote\fR \ \(em\ The concept of importing is a generic one. How this
step is effected varies, of course, from one type of AU to another.
.RT
.sp 1P
.LP
9.3.4
\fITransfer\fR
.sp 9p
.RT
.PP
In a \fBtransfer\fR step, one MTA conveys a message, probe, or report to
another. This step transports an information object over physical and sometimes
organizational distances and follows direct submission, import, or (a prior)
transfer.
.PP
This step may be taken, of course, only if the MTS comprises several MTAs.
.PP
The following kinds of transfer are distinguished, on the basis of the
number of MDs involved:
.RT
.LP
a)
\fBinternal transfer\fR : A transfer involving MTAs within a single \fIMD\fR
.
.LP
b)
\fBexternal transfer\fR : A transfer involving MTAs in
different \fIMD\fR s.
.sp 1P
.LP
9.3.5
\fIExport\fR
.sp 9p
.RT
.PP
In an \fBexport\fR step, an MTA conveys a message, probe, or
report to an AU. This step ejects from the MTS an information object bound
for another communication system. It follows direct submission, import,
or
transfer.
.PP
As part of this step, the MTA may generate a delivery report.
.PP
\fINote\fR \ \(em\ The concept of exporting is a generic one. How this
step is effected varies, of course, from one type of AU to another.
.RT
.sp 1P
.LP
9.3.6
\fIDelivery\fR
.sp 9p
.RT
.PP
In a \fBdelivery\fR step, an MTA conveys a message or report to an MS or
UA. The MS and UA are those of a potential recipient of the message, or
the originator of the report's subject message or probe. This step entrusts
the
information object to a representative of the user and follows direct
submission, import, or transfer. It also elevates the user in question
to the status of an actual recipient.
.PP
As part of this step, in the case of a message, the MTA may generate a
delivery report.
.PP
The MS or UA involved is called the \fBdelivery agent\fR . A delivery agent
is made known to the MTS by a process of registration, as a result of which
the delivery agent and MTS keep one another informed of their names, their
locations, and any other characteristics required for their
interaction.
.RT
.sp 1P
.LP
9.3.7
\fIRetrieval\fR
.sp 9p
.RT
.PP
In a \fBretrieval\fR step, a user's MS conveys a message or report to its
UA. The user in question is an actual recipient of the message or the
originator of the subject message or probe. This step non\(hydestructively
retrieves the information object from storage. This step follows delivery
or (a prior) retrieval.
.PP
This step may be taken only if the user is equipped with
an MS.
.RT
.sp 1P
.LP
9.3.8
\fIReceipt\fR
.sp 9p
.RT
.PP
In a \fBreceipt\fR step, either a UA conveys a message or report to its
direct user, or the communication system that serves an indirect user conveys
such an information object to that user. In either case, this step conveys
the object to its ultimate destination.
.PP
In the case of a direct user, this step follows the object's delivery or
first retrieval (only). In the case of an indirect user, it follows the
information object's conveyance by the communication system serving the
user. In either case, the user is a potential recipient (and, in the case
of a direct user, an actual recipient) of the message in question, or the
originator of the subject message or probe.
.bp
.RT
.sp 1P
.LP
9.4
\fITransmittal events\fR
.sp 9p
.RT
.PP
The kinds of events that may occur in a transmittal are listed in the first
column of Table\ 6/X.402. For each listed kind, the second column
indicates the kinds of information objects \(em messages, probes, and reports
\(em
for which such events may be staged, the third column the kinds of functional
objects \(em users, UAs, MSs, MTAs, and AUs \(em that may stage such events.
.PP
All the events occur within the MTS.
.RT
.ce
\fBH.T. [T6.402]\fR
.ce
TABLE\ 6/X.402
.ce
\fBTransmittal events\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(60p) | cw(18p) sw(18p) sw(18p) | cw(30p) sw(18p) sw(18p) sw(18p) sw(18p) , ^ | c | c | c | c | c | c | c | c.
Transmittal event Functional objets Functional objects
M P R User UA MS MTA AU
_
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Splitting X X \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Joining X X X \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Name resolution X X \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
DL expansion X \(em \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Redirection X X \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Conversion X X \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Non\(hydelivery X \(em X \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Non\(hyaffirmation \(em X \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Affirmation \(em X \(em \(em \(em \(em X \(em
.T&
lw(60p) | cw(18p) | cw(18p) | cw(18p) | cw(30p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Routing X X X \(em \(em \(em X T{
\(em
M
Message
.parag
P
Probe
.parag
R
Report
.parag
X
Permitted
.parag
T}
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 6/X.402 [T6.402], p.\fR
.sp 1P
.RT
.ad b
.RT
.LP
.sp 2
.PP
The kinds of transmittal events, summarized in Table\ 6/X.402, are individually
defined and described below.
.sp 1P
.LP
9.4.1
\fISplitting\fR
.sp 9p
.RT
.PP
In a \fBsplitting\fR event, an MTA replicates a message or probe,
dividing responsibility for its immediate recipients among the resulting
information objects. This event effectively allows an MTA to independently
convey an object to various potential recipients.
.PP
An MTA stages a splitting when the next step or event required in the conveyance
of a message or probe to some immediate recipients differs from that required
in its conveyance to others.
.RT
.sp 1P
.LP
9.4.2
\fIJoining\fR
.sp 9p
.RT
.PP
In a \fBjoining\fR event, an MTA combines several instances of the same
message or probe, or two or more delivery and/or non\(hydelivery reports
for the same subject message or probe.
.PP
An MTA may, but need not stage a joining when it determines that the same
events and next step are required to convey several highly related
information objects to their destinations.
.bp
.RT
.sp 1P
.LP
9.4.3
\fIName resolution\fR
.sp 9p
.RT
.PP
In a \fBname resolution\fR event, an MTA adds the corresponding
\fIO/R\ address\fR \| to the \fIO/R\ name\fR \| that identifies one of
a message's or probe's immediate recipients.
.RT
.sp 1P
.LP
9.4.4
\fIDL expansion\fR
.sp 9p
.RT
.PP
In a \fBDL expansion\fR event, an MTA resolves a DL among a message's (but
not a probe's) immediate recipients to its members which are thereby made
member recipients. This event removes indirection from the immediate
recipients' specification.
.PP
A particular DL is always subjected to DL expansion at a
pre\(hyestablished location within the MTS. This location is called the DL's
\fBexpansion point\fR and is identified by an \fIO/R\ address\fR .
.PP
As part of this event, the MTA may generate a delivery report.
.PP
DL expansion is subject to submit permission. In the case of a nested DL,
that permission must have been granted to the DL of which the nested DL
is a member. Otherwise, it must have been granted to the originator.
.RT
.sp 1P
.LP
9.4.5
\fIRedirection\fR
.sp 9p
.RT
.PP
In a \fBredirection\fR event, an MTA replaces a user or DL among a
message's or probe's immediate recipients with an originator\(hyspecified or
recipient\(hyassigned alternate recipient.
.RT
.sp 1P
.LP
9.4.6
\fIConversion\fR
.sp 9p
.RT
.PP
In a \fBconversion\fR event, an MTA transforms parts of a message's
content from one EIT to another, or alters a probe so it appears that the
described messages were so modified. This event increases the likelihood
that an information object can be delivered or affirmed by tailoring it
to its
immediate recipients.
.PP
The following kinds of conversion are distinguished, on the basis of how
the EIT of the information to be converted and the EIT to result from the
conversion are selected:
.RT
.LP
a)
\fBexplicit conversion\fR : A conversion in which the
originator selects both the initial and final EITs.
.LP
b)
\fBimplicit conversion\fR : A conversion in which the MTA
selects the final EITs based upon the initial EITs and the capabilities
of the UA.
.sp 1P
.LP
9.4.7
\fINon\(hydelivery\fR
.sp 9p
.RT
.PP
In a \fBnon\(hydelivery\fR event, an MTA determines that the MTS cannot
deliver a message to its immediate recipients, or cannot deliver a report to
the originator of its subject message or probe. This event halts the conveyance
of an object the MTS deems unconveyable.
.PP
As part of this event, in the case of a message, the MTA generates a non\(hydelivery
report.
.PP
An MTA stages a non\(hydelivery, e.g., when it determines that the
immediate recipients are improperly specified, that they do not accept
delivery of messages like that at hand, or that the message has not been
delivered to
them within pre\(hyspecified time limits.
.RT
.sp 1P
.LP
9.4.8
\fINon\(hyaffirmation\fR
.sp 9p
.RT
.PP
In a \fBnon\(hyaffirmation\fR event, an MTA determines that the MTS could
not deliver a described message to a probe's immediate recipients. This
event partially or fully determines the answer to the question posed by
a probe.
.PP
As part of this event, the MTA generates a non\(hydelivery report.
.PP
An MTA stages a non\(hyaffirmation, e.g., when it determines that the
immediate recipients are improperly specified or would not accept delivery
of a described message.
.RT
.sp 1P
.LP
9.4.9
\fIAffirmation\fR
.sp 9p
.RT
.PP
In an \fBaffirmation\fR event, an MTA determines that the MTS could
deliver any described message to a probe's immediate recipients. This event
partially or fully determines the answer to the question posed by a probe,
and elevates the immediate recipients to the status of actual recipients.
.PP
As part of this event, the MTA may generate a delivery report.
.bp
.PP
An MTA stages an affirmation once it determines that the immediate
recipients are properly specified and, if the immediate recipients are users
(but not DLs), would accept delivery of any described message. If the
immediate recipients are DLs, and MTA stages an affirmation if the DL exists
and the originator has the relevant submit permission.
.RT
.sp 1P
.LP
9.4.10
\fIRouting\fR
.sp 9p
.RT
.PP
In a \fBrouting\fR event, an MTA selects the \*Qadjacent\*U MTA to which
it will transfer a message, probe, or report. This event incrementally
determines an information object's route through the MTS and (obviously)
may be taken only if the MTS comprises several MTAs.
.PP
The following kinds of routing are distinguished, on the basis of the kind
of transfer for which they prepare:
.RT
.LP
a)
\fBinternal routing\fR : A routing preparatory to an internal transfer
(i.e., a transfer within an MD).
.LP
b)
\fBexternal routing\fR : A routing preparatory to an external transfer
(i.e., a transfer between MDs).
.PP
An MTA stages a routing when it determines that it can stage no
other event, and take no step, regarding an object.
.sp 2P
.LP
\fB10\fR \fBSecurity model\fR
.sp 1P
.RT
.PP
This clause provides an abstract security model for Message
Transfer. The concrete realization of the model is the subject of other
Recommendations in the set. The security model provides a framework for
describing the security services that counter potential threats (see Annex\
D) to the MTS and the security elements that support those services.
.PP
The security features are an optional extension to the MHS that can be
used to minimise the risk of exposure of assets and resources to violations
of a security policy (threats). Their aim is to provide features independently
of the communications services provided by other lower or higher entities.
Threats may be countered by the use of physical security, computer security
(COMPUSEC), or security services provided by the MHS. Depending on the
perceived threats, certain of the MHS security services will be selected
in combination with
appropriate physical security and COMPUSEC measures. The security services
supported by the MHS are described below. The naming and structuring of the
services are based on ISO\ 7498\(hy2.
.PP
\fINote\fR \ \(em\ Despite these security features, certain attacks may by be
mounted against communication between a user and the MHS or against
user\(hyto\(hyuser communication (e.g. in the case of users accessing their
UAs). To counter these attacks requires extensions to the present security
model and
services which are for further study.
.PP
In many cases, the broad classes of threats are covered by several of the
services listed.
.PP
The security services are supported through use of service elements of
the Message Transfer Service message envelope. The envelope contains security
relevant arguments as described in Recommendation\ X.411. The description
of the security services takes the following general form. In\ \(sc\ 10.2
the services are listed, with, in each case, a definition of the service
and an indication of
how it may be provided using the security elements in Recommendation\ X.411.
In\ \(sc\ 10.3 the security elements are individually described, with,
in each case, a definition of the service element and references to its
constituent arguments in Recommendation\ X.411.
.PP
Many of the techniques employed rely on encryption mechanisms. The
security services in the MHS allow for flexibility in the choice of algorithms.
However, in some cases only the use of asymmetric encryption has been fully
defined in this Recommendation. A future version of this Recommendation may
make use of alternative mechanisms based on symmetric encipherment.
.PP
\fINote\fR \ \(em\ The use of the terms \*Qsecurity service\*U and \*Qsecurity
element\*U in this clause are not to be confused with the terms \*Qservice\*U
and
\*Qelement of service\*U as used in Recommendation\ X.400. The former terms
are used in the present clause to maintain consistency with ISO\ 7498\(hy2.
.bp
.RT
.sp 1P
.LP
10.1
\fISecurity policies\fR
.sp 9p
.RT
.PP
Security services in the MHS must be capable of supporting a wide range
of security policies which extend beyond the confines of the MHS itself.
The services selected and the threats addressed will depend on the individual
application and levels of trust in parts of the system.
.PP
A security policy defines how the risk to and exposure of assets can be
reduced to an acceptable level.
.PP
In addition, operation between different domains, each with their own security
policy, will be required. As each domain will be subject to its own
overall security policy, covering more than just the MHS, a bilateral agreement
on interworking between two domains will be required. This must be defined
so as not to conflict with the security policies for either domain and
effectively becomes part of the overall security policy for each domain.
.RT
.sp 1P
.LP
10.2
\fISecurity services\fR
.sp 9p
.RT
.PP
This defines the Message Transfer security services. The
naming and structuring of the services are based on ISO 7498\(hy2.
.PP
Message Transfer security services fall into several broad classes.
These classes and the services in each are listed in Table 7/X.402.
.RT
.PP
Throughout the security service definitions that follow, reference is made
to Figure\ 6/X.402, which reiterates the MHS functional model in
simplified form. The numeric labels are referenced in the text.
.sp 1P
.LP
10.2.1
\fIOrigin Authentication security services\fR
.sp 9p
.RT
.PP
These security services provide for the authentication of the
identity of communicating peer entities and sources of data.
.RT
.sp 1P
.LP
10.2.1.1
\fIData Origin Authentication security services\fR
.sp 9p
.RT
.PP
These security services provide corroboration of the origin of a
message, probe, or report to all concerned entities (i.e., MTAs or recipient
MTS\(hyusers). These security services cannot protect against duplication of
messages, probes, or reports.
.RT
.sp 1P
.LP
10.2.1.1.1
\fIMessage Origin Authentication security service\fR
.sp 9p
.RT
.PP
The Message Origin Authentication service enables the corroboration of
the source of a message.
.PP
This security service can be provided using either the Message Origin Authentication
or the Message Argument Integrity security element. The former can be used
to provide the security service to any of the parties concerned
(1\(hy5 inclusive in Figure\ 6/X.402), whereas the latter can only be used to
provide the security service to MTS\(hyusers (1\ or\ 5 in Figure\ 6/X.402). The
security element chosen depends on the prevailing security policy.
.RT
.sp 1P
.LP
10.2.1.1.2
\fIProbe Origin Authentication security service\fR
.sp 9p
.RT
.PP
The Probe Origin Authentication security service enables the
corroboration of the source of a probe.
.PP
This security service can be provided by using the Probe Origin
Authentication security element. This security element can be used to provide
the security service to any of the MTAs through which the probe is transferred
(2\(hy4 inclusive in Figure\ 6/X.402).
.RT
.sp 1P
.LP
10.2.1.1.3
\fIReport Origin Authentication security service\fR
.sp 9p
.RT
.PP
The Report Origin Authentication security service enables the
corroboration of the source of a report.
.PP
This security service can be provided by using the Report Origin
Authentication security element. This security element can be used to provide
the security service to the originator of the subject message or probe,
as well as to any MTA through which the report is transferred (1\(hy5 inclusive
in
Figure\ 6/X.402).
.bp
.RT
.ce
\fBH.T. [T7.402]\fR
.ce
TABLE\ 7/X.402
.ce
\fBMessage transfer security services\fR
.ps 9
.vs 11
.nr VS 11
.nr PS 9
.TS
center box;
cw(84p) | cw(18p) sw(18p) sw(18p) sw(18p) sw(18p) sw(18p) sw(18p) sw(18p) , ^ | c | c | c | c | c | c | c | l.
Service UA/ UA
MS/ MTA MTA/ MS MTA/ UA UA/ MS UA/ MTA MTA/ MTA MS/ UA
_
.T&
lw(84p) | lw(18p) | lw(18p) | lw(18p) | lw(18p) | lw(18p) | lw(18p) | lw(18p) | lw(18p) .
T{
\fIOrigin authentication\fR
T}
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
Message origin authentication
T} *\fR * \(em * \(em \(em \(em \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Probe origin authentication \(em\fR \(em * * \(em \(em \(em \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Report origin authentication \(em\fR \(em \(em \(em * * * \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Proof of submission \(em\fR \(em \(em \(em \(em \(em * \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Proof of delivery *\fR \(em \(em \(em \(em \(em \(em \ua\d\u)\d
_
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
\fISecure access management\fR
T}
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Peer entity authentication \(em\fR * * * * * * *
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Security context \(em\fR * * * * * * *
_
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
\fIData confidentiality\fR
T}
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Connection confidentiality \(em\fR * * * * * * *
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Connection confidentiality *\fR \(em \(em \(em \(em \(em \(em \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Message flow confidentiality *\fR \(em \(em \(em \(em \(em \(em \(em
_
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
\fIData integrity services\fR
T}
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Connection integrity \(em\fR * * * * * * *
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Content integrity *\fR \(em \(em \(em \(em \(em \(em \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Message sequence integrity *\fR \(em \(em \(em \(em \(em \(em \(em
_
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
\fINon\(hyrepudiation\fR
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Non\(hyrepudiation of origin *\fR \(em \(em * \(em \(em \(em \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
Non\(hyrepudiation of submission
T} \(em\fR \(em \(em \(em \(em \(em * \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
Non\(hyrepudation of delivery
T} *\fR \(em \(em \(em \(em \(em \(em \(em
_
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
\fIMessage security labelling\fR
T}
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Message security labelling *\fR * * * * * * *
_
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
T{
\fISecurity management service\fR
T}
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Change credentials \(em\fR * \(em * * * * \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
Register \(em\fR * \(em * \(em \(em \(em \(em
.T&
lw(84p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) | cw(18p) .
MS\(hyregister \(em\fR * \(em \(em \(em \(em \(em T{
\(em
*
An asterisk under the heading of the form \fIX/Y\fR
indicates that
the service can be provided from a functional object of type\ \fIX\fR
to one
of type\ \fIY\fR
.
.parag
\ua\d\u)\d
This service is provided by the recipient's MS to the
originator's UA.
.parag
T}
_
.TE
.nr PS 9
.RT
.ad r
\fBTableau 7/X.402 [T7.402], p. 12\fR
.sp 1P
.RT
.ad b
.RT
.LP
.rs
.sp 3P
.ad r
Blanc
.ad b
.RT
.LP
.bp
.LP
.rs
.sp 12P
.ad r
\fBFigure 6/X.402, (N), p. 13\fR
.sp 1P
.RT
.ad b
.RT
.sp 1P
.LP
10.2.1.2
\fIProof of Submission security service\fR
.sp 9p
.RT
.PP
This security service enables the originator of a message to obtain corroboration
that it has been received by the MTS for delivery to the
originally specified recipient(s).
.PP
This security service can be provided by using the Proof of Submission
security element.
.RT
.sp 1P
.LP
10.2.1.3
\fIProof of Delivery security service\fR
.sp 9p
.RT
.PP
This security service enables the originator of a message to obtain corroboration
that it has been delivered by the MTS to its intended
recipient(s).
.PP
This security service can be provided by using the Proof of Delivery security
element.
.RT
.sp 1P
.LP
10.2.2
\fISecure Access Management security service\fR
.sp 9p
.RT
.PP
The Secure Access Management security service is concerned with
providing protection for resources against their unauthorised use. It can be
divided into two components, namely the Peer Entity Authentication and the
Security Context security services.
.RT
.sp 1P
.LP
10.2.2.1
\fIPeer Entity Authentication security service\fR
.sp 9p
.RT
.PP
This security service is provided for use at the establishment of a connection
to confirm the identity of the connecting entity. It may be used on the
links 1\(hy2, 2\(hy3, 3\(hy4, or 4\(hy5 in Figure\ 6/X.402 and provides
confidence, at the time of usage only, that an entity is not attempting
a masquerade or an
unauthorised replay of a previous connection.
.PP
This security service is supported by the Authentication Exchange
security element. Note that use of this security element may yield other
data as a result of its operation that in certain circumstances can be
used to
support a Connection Confidentiality and/or a Connection Integrity security
service.
.RT
.sp 1P
.LP
10.2.2.2
\fISecurity Context security service\fR
.sp 9p
.RT
.PP
This security service is used to limit the scope of passage of
messages between entities by reference to the Security Labels associated
with messages. This security service is therefore closely related to the
Message
Security Labelling security service, which provides for the association of
messages and Security Labels.
.PP
The Security Context security service is supported by the Security
Context and the Register security elements.
.RT
.sp 1P
.LP
10.2.3
\fIData Confidentiality security services\fR
.sp 9p
.RT
.PP
These security services provide for the protection of data against unauthorised
disclosure.
.bp
.RT
.sp 1P
.LP
10.2.3.1
\fIConnection Confidentiality security service\fR
.sp 9p
.RT
.PP
The MHS does not provide a Connection Confidentiality security
service. However, data for the invocation of such a security service in
underlying layers may be provided as a result of using the Authentication
Exchange security element to provide the Peer Entity Authentication security
service. The security service may be required on any of links 1\(hy2, 2\(hy3,
3\(hy4, or 4\(hy5 in Figure\ 6/X.402.
.RT
.sp 1P
.LP
10.2.3.2
\fIContent Confidentiality security service\fR
.sp 9p
.RT
.PP
The Content Confidentiality security service provides assurance
that the content of a message is only known to the sender and recipient of a
message.
.PP
It may be provided using a combination of the Content Confidentiality and
the Message Argument Confidentiality security elements. The Message
Argument Confidentiality security element can be used to transfer a secret
key which is used with the Content Confidentiality security element to
encipher the message content. Using these security elements the service
is provided from
MTS\(hyuser 1 to MTS\(hyuser 5 in the figure, with the message content being
unintelligible to MTAs.
.RT
.sp 1P
.LP
10.2.3.3
\fIMessage Flow Confidentiality security service\fR
.sp 9p
.RT
.PP
This security service provides for the protection of information
which might be derived from observation of message flow. Only a limited
form of this security service is provided by the MHS.
.PP
The Double Enveloping Technique enables a complete message to become the
content of another message. This could be used to hide addressing
information from certain parts of the MTS. Used in conjunction with traffic
padding (which is beyond the current scope of this Recommendation) this
could be used to provide message flow confidentiality. Other elements of
this
service, such as routing control or pseudonyms, are also beyond the scope of
this Recommendation.
.RT
.sp 1P
.LP
10.2.4
\fIData Integrity security services\fR
.sp 9p
.RT
.PP
These security services are provided to counter active threats to the MHS.
.RT
.sp 1P
.LP
10.2.4.1
\fIConnection Integrity security service\fR
.sp 9p
.RT
.PP
The MHS does not provide a Connection Integrity security service. However,
data for the invocation of such a security service in underlying
layers may be provided by using the Authentication Exchange security element
to provide the Peer Entity Authentication security service. The security
service may be required on any of links 1\(hy2, 2\(hy3, 3\(hy4, or 4\(hy5
in Figure\ 6/X.402.
.RT
.sp 1P
.LP
10.2.4.2
\fIContent Integrity security service\fR
.sp 9p
.RT
.PP
This security service provides for the integrity of the contents of a single
message. This takes the form of enabling the determination of whether the
message content has been modified. This security service does not enable
the detection of message replay, which is provided by the Message Sequence
Integrity security service.
.PP
This security service can be provided in two different ways using two different
combinations of security elements.
.PP
The Content Integrity security element together with the Message
Argument Integrity security element and, in some cases, the Message Argument
Confidentiality security element can be used to provide the security service
to a message recipient, i.e., for communication from MTS\(hyuser 1 to MTS\(hyuser
5 in Figure\ 6/X.402. The Content Integrity security element is used to
compute a
Content Integrity Check as a function of the entire message content. Depending
on the method used to compute the Content Integrity Check, a secret key
may be required, which may be confidentially sent to the message recipient
using the Message Argument Confidentiality security element. The Content
Integrity Check is protected against change using the Message Argument
Integrity security
element. The integrity of any confidential message arguments is provided
using the Message Argument Confidentiality security element.
.PP
The Message Origin Authentication security element can also be used to
provide this security service.
.bp
.RT
.sp 1P
.LP
10.2.4.3
\fIMessage Sequence Integrity security service\fR
.sp 9p
.RT
.PP
This security service protects the originator and recipient of a
sequence of messages against re\(hyordering of the sequence. In doing so it
protects against replay of messages.
.PP
This security service may be provided using a combination of the
Message Sequence Integrity and the Message Argument Integrity security
elements. The former provides a sequence number to each message, which
may be protected against change by use of the latter. Simultaneous confidentiality
and integrity of the Message Sequence Number may be provided by use of
the Message Argument Confidentiality security element.
.PP
These security elements provide the service for communication from
MTS\(hyuser 1 to MTS\(hyuser 5 in Figure\ 6/X.402, and not to the
intermediate\ MTAs.
.RT
.sp 1P
.LP
10.2.5
\fINon\(hyrepudiation security services\fR
.sp 9p
.RT
.PP
These security services provide irrevocable proof to a third party after
the message has been submitted, sent, or delivered, that the submission,
sending, or receipt did occur as claimed. Note that for this to function
correctly, the security policy must explicitly cover the management of
asymmetric keys for the purpose of non\(hyrepudiation services if asymmetric
algorithms are being used.
.RT
.sp 1P
.LP
10.2.5.1
\fINon\(hyrepudiation of origin security service\fR
.sp 9p
.RT
.PP
This security service provides the recipient(s) of a message with irrevocable
proof of the origin of the message, its content, and its associated Message
Security Label.
.PP
This security service can be provided in two different ways using two different
combinations of security elements. Note that its provision is very
similar to the provision of the (weaker) Content Integrity security service.
.PP
The Content Integrity security element together with the Message
Argument Integrity security element and, in some cases, the Message Argument
Confidentiality security element can be used to provide the service to a
message recipient, i.e., for communication from MTS\(hyuser 1 to MTS\(hyuser
5 in
Figure\ 6/X.402. The Content Integrity security element is used to compute a
Content Integrity Check as a function of the entire message content. Depending
on the method used to compute the Content Integrity Check, a secret key
may be required, which may be confidentially sent to the message recipient
using the Message Argument Confidentiality security element. The Content
Integrity Check and, if required, the Message Security Label are protected
against change
and/or repudiation using the Message Argument Integrity security element.
Any confidential message arguments are protected against change and/or
repudiation using the Message Argument Confidentiality security element.
.PP
If the Content Confidentiality security service is not required, the Message
Origin Authentication security element may also be used as a basis for
this security service. In this case the security service may be provided
to all elements of the MHS, i.e., for all of 1\(hy5 in Figure\ 6/X.402.
.RT
.sp 1P
.LP
10.2.5.2
\fINon\(hyrepudiation of Submission security service\fR
.sp 9p
.RT
.PP
This security service provides the originator of the message with irrevocable
proof that the message was submitted to the MTS for delivery to the originally
specified recipient(s).
.PP
This security service is provided using the Proof of Submission
security element in much the same way as that security element is used to
support the (weaker) Proof of Submission security service.
.RT
.sp 1P
.LP
10.2.5.3
\fINon\(hyrepudiation of Delivery security service\fR
.sp 9p
.RT
.PP
This security service provides the originator of the message with irrevocable
proof that the message was delivered to its originally specified
recipient(s).
.PP
This security service is provided using the Proof of Delivery security
element in much the same way as that security element is used to support
the
(weaker) Proof of Delivery security service.
.RT
.sp 1P
.LP
10.2.6
\fIMessage Security Labelling security service\fR
.sp 9p
.RT
.PP
This security service allows Security Labels to be associated with all
entities in the MHS, i.e., MTAs and MTS\(hyusers. In conjunction with the
Security Context security service it enables the implementation of security
policies defining which parts of the MHS may handle messages with specified
associated Security Labels.
.bp
.PP
This security service is provided by the Message Security Label
security element. The integrity and confidentiality of the label are provided
by the Message Argument Integrity and the Message Argument Confidentiality
security elements.
.RT
.sp 1P
.LP
10.2.7
\fISecurity management services\fR
.sp 9p
.RT
.PP
A number of security management services are needed by the MHS. The only
management services provided within Recommendation X.411 are concerned
with changing credentials and registering MTS\(hyuser security labels.
.RT
.sp 1P
.LP
10.2.7.1
\fIChange Credentials security service\fR
.sp 9p
.RT
.PP
This security service enables one entity in the MHS to change the credentials
concerning it held by another entity in the MHS. It may be
provided using the Change Credentials security element.
.RT
.sp 1P
.LP
10.2.7.2
\fIRegister security service\fR
.sp 9p
.RT
.PP
This security service enables the establishment at an MTA of the
Security Labels which are permissible for one particular MTS\(hyuser. It
may be provided using the Register security element.
.RT
.sp 1P
.LP
10.2.7.3
\fIMS\(hyregister security service\fR
.sp 9p
.RT
.PP
The security service enables the establishment of the security
label which ar permissible for the MS\(hyuser.
.RT
.sp 1P
.LP
10.3
\fISecurity elements\fR
.sp 9p
.RT
.PP
The following clauses describe the security elements available in the protocols
described within Recommendation X.411 to support the security
services in the MHS. These security elements relate directly to arguments in
various services described in Recommendation X.411. The objective of this
clause is to separate out each element of the Recommendation X.411 service
definitions that relate to security, and to define the function of each of
these identified security elements.
.RT
.sp 1P
.LP
10.3.1
\fIAuthentication security elements\fR
.sp 9p
.RT
.PP
These security elements are defined in order to support
authentication and integrity security services.
.RT
.sp 1P
.LP
10.3.1.1
\fIAuthentication exchange security element\fR
.sp 9p
.RT
.PP
The Authentication Exchange security element is designed to
authenticate, possibly mutually, the identity of an MTS\(hyuser to an MTA,
an MTA to an MTA, an MTA to an MTA\(hyuser,
an MS to a UA, or a UA to an MS. It is based on the exchange or
use of secret data, either passwords, asymmetrically encrypted tokens, or
symmetrically encrypted tokens. The result of the exchange is corroboration
of the identity of the other party, and, optionally, the transfer of confidential
data which may be used in providing the Connection Confidentiality and/or
the Connection Integrity security service in underlying layers. Such an
authentication is only valid for the instant that it is made and the continuing
validity of the authenticated identity depends on whether the exchange
of
confidential data, or some other mechanism, is used to establish a secure
communication path.
The establishment and use of a secure communication path is outside the
scope of this Recommendation.
.PP
This security element uses the Initiator Credentials argument and the Responder
Credentials result of the MTS\(hybind, MS\(hybind and MTA\(hybind services.
The transferred credentials are either passwords or tokens.
.RT
.sp 1P
.LP
10.3.1.2
\fIData Origin Authentication security elements\fR
.sp 9p
.RT
.PP
These security elements are specifically designed to support data origin
authentication services, although they may also be used to support
certain data integrity services.
.RT
.sp 1P
.LP
10.3.1.2.1
\fIMessage Origin Authentication security element\fR
.sp 9p
.RT
.PP
The Message Origin Authentication security element enables anyone who receives
or transfers a message to authenticate the identity of the
MTS\(hyuser
that originated the message. This may mean the provision of the Message
Origin Authentication or the Non\(hyrepudiation of Origin security service.
.bp
.PP
The security element involves transmitting, as part of the message, a Message
Origin Authentication Check, computed as a function of the message
content, the message Content Identifier, and the Message Security Label.
If the Content Confidentiality security service is also required, the Message
Origin Authentication Check is computed as a function of the enciphered
rather than
the unenciphered message content. By operating on the message content as
conveyed in the overall message (i.e., after the optional Content
Confidentiality security element), any MHS entity can check the overall
message integrity without the need to see the plaintext message content.
However, if
the Content Confidentiality security service is used, the Message Origin
Authentication security element cannot be used to provide the Non\(hyrepudiation
of Origin security service.
.PP
The security element uses the Message Origin Authentication Check,
which is one of the arguments of the Message Submission, Message Transfer,
and Message Delivery services.
.RT
.sp 1P
.LP
10.3.1.2.2
\fIProbe Origin Authentication security element\fR
.sp 9p
.RT
.PP
Similar to the Message Origin Authentication security element, the Probe
Origin Authentication security element enables any MTA to authenticate
the identity of the MTS\(hyuser which originated a probe.
.PP
This security element uses the Probe Origin Authentication Check,
which is one of the arguments of the Probe Submission service.
.RT
.sp 1P
.LP
10.3.1.2.3
\fIReport Origin Authentication security element\fR
.sp 9p
.RT
.PP
Similar to the Message Origin Authentication security element, the Report
Origin Authentication security element enables any MTA or MTS\(hyuser who
receives a report to authenticate the identity of the MTA which originated
the report.
.PP
This security element uses the Report Origin Authentication Check,
which is one of the arguments of the Report Delivery service.
.RT
.sp 1P
.LP
10.3.1.3
\fIProof of Submission security element\fR
.sp 9p
.RT
.PP
This security element provides the originator of a message with the means
to establish that a message was accepted by the MHS for transmission.
.PP
The security element is made up of two arguments: a request for Proof of
Submission, sent with a message at submission time, and the Proof of
Submission, returned to the MTS\(hyuser as part of the Message Submission
results. The Proof of Submission is generated by the MTS, and is computed
as a function of all the arguments of the submitted message, the Message
Submission
Identifier, and the Message Submission Time.
.PP
The Proof of Submission argument can be used to support the Proof of Submission
security service. Depending on the security policy in force, it may also
be able to support the (stronger) Non\(hyrepudiation of Submission security
service.
.PP
The Proof of Submission Request is an argument of the Message
Submission service. The Proof of Submission is one of the results of the
Message Submission service.
.RT
.sp 1P
.LP
10.3.1.4
\fIProof of Delivery security element\fR
.sp 9p
.RT
.PP
This security element provides the originator of a message with the means
to establish that a message was delivered to the
destination by the MHS.
.PP
The security element is made up of a number of arguments. The message originator
includes a Proof of Delivery Request with the submitted message, and this
request is delivered to each recipient with the message. A recipient may
then compute the Proof of Delivery as a function of a number of arguments
associated with the message. The proof of delivery is returned by the MTS to
the message originator, as part of a report on the results of the original
Message Submission.
.PP
The Proof of Delivery can be used to support the Proof of Delivery
security service. Depending on the security policy in force, it may also be
able to support the (stronger) Non\(hyrepudiation of Delivery security
service.
.PP
The Proof of Delivery Request is an argument of the Message
Submission, Message Transfer, and Message Delivery services. The Proof of
Delivery is both one of the results of the Message Delivery service and
one of the arguments of the Report Transfer and Report Delivery services.
.PP
\fINote\fR \ \(em\ Non\(hyreceipt of a Proof of Delivery does not imply
non\(hydelivery.
.RT
.sp 1P
.LP
10.3.2
\fISecure Access Management security elements\fR
.sp 9p
.RT
.PP
These security elements are defined in order to support the Secure Access
Management security service and the security management services.
.bp
.RT
.sp 1P
.LP
10.3.2.1
\fISecurity Context security element\fR
.sp 9p
.RT
.PP
When an MTS\(hyuser or an MTA binds to an MTA or MTS\(hyuser, the bind
operation specifies the security context of the connection. This limits the
scope of passage of messages by reference to the labels associated with
messages. Secondly, the Security Context of the connection may be temporarily
altered for submitted or delivered messages.
.PP
The Security Context itself consists of one or more Security Labels
defining the sensitivity of interactions that may occur in line with the
security policy in force.
.PP
Security Context is an argument of the MTS\(hybind and MTA\(hybind
services.
.RT
.sp 1P
.LP
10.3.2.2
\fIRegister security element\fR
.sp 9p
.RT
.PP
The Register security element allows the establishment at an MTA of an
MTS\(hyuser's permissible security labels.
.PP
This security element is provided by the Register service. The
Register service enables an MTS\(hyuser to change arguments, held by the MTS,
relating to delivery of messages to that MTS\(hyuser.
.RT
.sp 1P
.LP
10.3.2.3
\fIMS\(hyRegister security element\fR
.sp 9p
.RT
.PP
The MS\(hyRegister security element allows the establishment of the
MS\(hyuser's permissible security labels.
.PP
This security element is provided by the MS\(hyRegister service. The
MS\(hyRegister services enables an MS\(hyuser to change arguments held
by the MS
relating to the retrieval of messages to that MS\(hyuser.
.RT
.sp 1P
.LP
10.3.3
\fIData Confidentiality security elements\fR
.sp 9p
.RT
.PP
These security elements, based on the use of encipherment, are all concerned
with the provision of confidentiality of data passed from one MHS
entity to another.
.RT
.sp 1P
.LP
10.3.3.1
\fIContent Confidentiality security element\fR
.sp 9p
.RT
.PP
The Content Confidentiality security element provides assurance
that the content of the message is protected from eavesdropping during
transmission by use of an encipherment security element. The security element
operates such that only the recipient and sender of the message know the
plaintext message content.
.PP
The specification of the encipherment algorithm, the key used, and any
other initialising data are conveyed using the Message Argument Confidentiality
and the Message Argument Integrity security elements. The algorithm and
key
are then used to encipher or decipher the message contents.
.PP
The Content Confidentiality security element uses the Content
Confidentiality Algorithm Identifier, which is an argument of the Message
Submission, Message Transfer, and Message Delivery services.
.RT
.sp 1P
.LP
10.3.3.2
\fIMessage Argument Confidentiality security element\fR
.sp 9p
.RT
.PP
The Message Argument Confidentiality security element provides for the
confidentiality, integrity, and, if required, the irrevocability of
recipient data associated with a message. Specifically, this data will
comprise any cryptographic keys and related data that is necessary for
the
confidentiality and integrity security elements to function properly, if
these optional security elements are invoked.
.PP
The security element operates by means of the Message Token. The data to
be protected by the Message Argument Confidentiality security element
constitutes the Encrypted Data within the Message Token. The Encrypted Data
within the Message Token is unintelligible to all MTAs.
.PP
The Message Token is an argument of the Message Submission, Message
Transfer, and Message Delivery services.
.RT
.sp 1P
.LP
10.3.4
\fIData Integrity security elements\fR
.sp 9p
.RT
.PP
These security elements are provided to support the provision of
data integrity, data authentication, and non\(hyrepudiation services.
.bp
.RT
.sp 1P
.LP
10.3.4.1
\fIContent Integrity security element\fR
.sp 9p
.RT
.PP
The Content Integrity security element provides protection for the content
of a message against modification during transmission.
.PP
This security element operates by use of one or more cryptographic
algorithms. The specification of the algorithm(s), the key(s) used, and any
other initialising data are conveyed using the Message Argument Confidentiality
and the Message Argument Integrity security elements. The result of the
application of the algorithms and key is the Content Integrity Check, which
is sent in the message envelope. The security element is only available
to the
recipient(s) of the message as it operates on the plaintext message contents.
.PP
If the Content Integrity Check is protected using the Message Argument
Integrity security element then, depending on the prevailing security policy,
it may be used to help provide the Non\(hyrepudiation of Origin security
service.
.PP
The Content Integrity Check is an argument of the Message Submission, Message
Transfer, and Message Delivery services.
.RT
.sp 1P
.LP
10.3.4.2
\fIMessage Argument Integrity security element\fR
.sp 9p
.RT
.PP
The Message Argument Integrity security element provides for the
integrity, and, if required, the irrevocability of certain arguments associated
with a message. Specifically, these arguments may comprise any selection
of the Content Confidentiality Algorithm Identifier, the Content Integrity
Check, the Message Security Label, the Proof of Delivery Request, and the
Message Sequence Number.
.PP
The security element operates by means of the Message Token. The data to
be protected by the Message Argument Integrity security element constitutes
the signed\(hydata within the Message Token.
.PP
The Message Token is an argument of the Message Submission, Message
Transfer, and Message Delivery services.
.RT
.sp 1P
.LP
10.3.4.3
\fIMessage Sequence Integrity security element\fR
.sp 9p
.RT
.PP
The Message Sequence Integrity security element provides protection for
the sender and recipient of a message against receipt of messages in the
wrong order, or duplicated messages.
.PP
A Message Sequence Number is associated with an individual message.
This number identifies the position of a message in a sequence from one
originator to one recipient. Therefore each originator\(hyrecipient pair
requiring to use this security element will have to maintain a distinct
sequence of
message numbers. This security element does not provide for initialisation
or synchronisation of Message Sequence Numbers.
.RT
.sp 1P
.LP
10.3.5
\fINon\(hyrepudiation security elements\fR
.sp 9p
.RT
.PP
There are no specific Non\(hyrepudiation security elements defined in Recommendation
X.411. The non\(hy
repudiation services may be provided using a combination of other security
elements.
.RT
.sp 1P
.LP
10.3.6
\fISecurity Label security elements\fR
.sp 9p
.RT
.PP
These security elements exist to support security labelling in the MHS.
.RT
.sp 1P
.LP
10.3.6.1
\fIMessage Security Label security element\fR
.sp 9p
.RT
.PP
Messages may be labelled with data as specified in the prevailing security
policy. The Message Security Label is available for use by
intermediate MTAs as part of the overall security policy of the system.
.PP
A Message Security Label may be sent as a message argument, and may be
protected by the Message Argument Integrity or the Message Origin
Authentication security element, in the same manner as other message
arguments.
.PP
Alternatively, if both confidentiality and integrity are required, the
Message Security Label may be protected using the Message Argument
Confidentiality security element. In this case the Message Security Label so
protected is an originator\(hyrecipient argument, and may differ from the
Message Security Label in the message envelope.
.bp
.RT
.sp 2P
.LP
10.3.7
\fISecurity Management security elements\fR
.sp 1P
.RT
.sp 1P
.LP
10.3.7.1
\fIChange Credentials security element\fR
.sp 9p
.RT
.PP
The Change Credentials security element allows the credentials of an MTS\(hyuser
or an MTA to be updated.
.PP
The security element is provided by the MTS Change Credentials
service.
.RT
.sp 1P
.LP
10.3.8
\fIDouble Enveloping Technique\fR
.sp 9p
.RT
.PP
Additional protection may be provided to a complete message,
including the envelope parameters, by the ability to specify that the content
of a message is itself a complete message, i.e., a Double Enveloping Technique
is available.
.PP
This technique is available though the use of the Content Type
argument which makes it possible to specify that the content of a message
is an Inner Envelope. This Content Type means that the content is itself
a message
(envelope and content) for forwarding by the recipient named on the outer
envelope to the recipient named on the Inner Envelope.
.PP
The Content Type is an argument of the Message Submission, Message
Transfer, and Message Delivery services.
.RT
.LP
.rs
.sp 34P
.sp 2P
.LP
\fBMONTAGE: SECTION 3 SUR LE RESTE DE CETTE PAGE\fR
.sp 1P
.RT
.LP
.bp