InfoMagic Standards 1993 July

home *** CD-ROM | disk | FTP | other *** search

/ InfoMagic Standards 1993 July / Disc.iso / ccitt / 1992 / x / x402_a.asc < prev next >

Wrap

Text File | 1993-08-17 | 41.8 KB | 1,496 lines

Annexes Annex A (to Recommendation X.402) Directory Object Classes and Attributes This annex is an integral part of this Recommendation. Several Directory object classes, attributes, and attribute syntaxes are specific to Message Handling. These are defined in the present annex using the OBJECT-CLASS, ATTRIBUTE, and ATTRIBUTE-SYNTAX macros of Recommendation X.501, respectively. Temporary note The details of this annex are subject to modification as a result of the final meeting of the CCITT Special Rapporteur on Directory Systems (Q35/VII) in Gloucester in November 1987. A.1 Object Classes The object classes specific to Message Handling are those specified below. A.1.1 MHS Distribution List An .I.ot:MHS Distribution List; object is a DL. The attributes in its entry identify its common name, submit permissions, and O/R addresses and, to the extent that the relevant attributes are present, describe the DL, identify its organization, organizational units, and owner; cite related objects; and identify its deliverable content types, deliverable EITs, members, and preferred delivery methods. .I.va:mhs-distribution-list; OBJECT-CLASS SUBCLASS OF top MUST CONTAIN { commonName, mhs-dl-submit-permissions, mhs-or- addresses} MAY CONTAIN { description, organization, organization- alUnitName, owner, seeAlso, mhs-deliverable-content-types, mhs-deliver- able-eits, mhs-dl-members, mhs-preferred-delivery-methods} ::= id-oc- mhs-distribution-list A.1.2 MHS Message Store An .I.ot:MHS Message Store; object is an AE that realizes an MS. The attributes in its entry, to the extent that they are present, describe the MS, identify its owner, and enumerate the optional attributes, automatic actions, and content types it supports. .I.va:mhs-message-store; OBJECT-CLASS SUBCLASS OF application- Entity MAY CONTAIN { description, owner, mhs-supported-optional- attributes, mhs-supported-automatic-actions, mhs-supported-content- types} ::= id-oc-mhs-message-store A.1.3 MHS Message Transfer Agent An .I.ot:MHS Message Transfer Agent; object is an AE that implements an MTA. The attributes in its entry, to the extent that they are present, describe the MTA and identify its owner and its deliverable content length. .I.va:mhs-message-transfer-agent; OBJECT-CLASS SUBCLASS OF applicationEntity MAY CONTAIN { description, owner, mhs-deliverable-content-length} ::= id-oc-mhs-message-transfer-agent A.1.4 MHS User An MHS User object is a generic MHS user. (The generic user can have, for example, a business address, a residential address, or both.) The attributes in its entry identify the user's O/R address and, to the extent that the relevant attributes are present, identify the user's deliverable content length, content types, and EITs; its MS; and its preferred delivery meth- ods. .I.va:mhs-user; OBJECT-CLASS SUBCLASS OF ORGANIZATION- ALPERSON MUST CONTAIN { mhs-or-addresses} MAY CONTAIN { mhs-deliverable-content-length, mhs-deliverable- content-types, mhs- deliverable-eits, mhs-message-store, mhs-preferred-delivery-methods} ::= id-oc-mhs A.1.5 MHS User Agent An MHS User Agent; object is an AE that realizes a UA. The attributes in its entry, to the extent that they are present, identify the UA's owner; its deliverable content length, content types, and EITs; and its O/ R address. .I.va:mhs-user-agent; OBJECT-CLASS SUBCLASS OF applicationEn- tity MAY CONTAIN { owner, mhs- deliverable-content-length, mhs-deliv- erable-content-types, mhs-deliverable- eits, mhs-or-addresses} ::= id-oc- mhs-user-agent A.2 Attributes The attributes specific to Message Handling are those specified below. A.2.1 MHS Deliverable Content Length The .I.ot:MHS Deliverable Content Length; attribute identifies the maxi- mum content length of the messages whose delivery a user will accept. A value of this attribute is an Integer. .I.va:mhs-deliverable-content-length; ATTRIBUTE WITH ATTRIBUTE- SYNTAX integerSyntax SINGLE VALUE ::= id-at-mhs-deliverable-con- tent-length A.2.2 MHS Deliverable Content Types The .I.ot:MHS Deliverable Content Types; attribute identifies the content types of the messages whose delivery a user will accept. A value of this attribute is an Object Identifier. .I.va:mhs-deliverable-content-types; ATTRIBUTE WITH ATTRIBUTE- SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at-mhs-deliver- able-content-types A.2.3 MHS Deliverable EITs The .I.ot:MHS Deliverable EITs; attribute identifies the EITs of the mes- sages whose delivery a user will accept. A value of this attribute is an Object Identifier. .I.va:mhs-deliverable-eits; ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at-mhs-deliverable-eits A.2.4 MHS DL Members The .I.ot:MHS DL Members; attribute identifies a DL's members. A value of this attribute is an O/R name. .I.va:mhs-dl-members; ATTRIBUTE WITH ATTRIBUTE-SYNTAX mhs-or-name-syntax MULTI VALUE ::= id-at-mhs-dl-members A.2.5 MHS DL Submit Permissions The .I.ot:MHS DL Submit Permissions; attribute identifies the users and DLs that may submit messages to a DL. A value of this attribute is a DL submit permission. .I.va:mhs-dl-submit-permissions; ATTRIBUTE WITH ATTRIBUTE- SYNTAX mhs-dl-submit-permission-syntax MULTI VALUE ::= id-at- mhs-dl-submit-permissions A.2.6 MHS Message Store The .I.ot:MHS Message Store; attribute identifies a user's MS by name. The value of this attribute is a Directory distinguished name. .I.va:mhs-message-store; ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax SINGLE VALUE ::= id-at-mhs-message-store A.2.7 MHS O/R Addresses The .I.ot:MHS O/R Addresses; attribute specifies a user's or DL's O/R addresses. A value of this attribute is an O/R address. .I.va:mhs-or-addresses; ATTRIBUTE WITH ATTRIBUTE-SYNTAX mhs-or-address-syntax MULTI VALUE ::= id-at-mhs-or-addresses A.2.8 MHS Preferred Delivery Methods The .I.ot:MHS Preferred Delivery Methods; attribute identifies, in order of decreasing preference, the methods of delivery a user prefers. A value of this attribute is a preferred delivery method. .I.va:mhs-preferred-delivery-methods; ATTRIBUTE WITH ATTRIBUTE-SYNTAX ReqiestedDeliveryMethod MATCHES FOR EQUALITY SINGLE VALUE ::= id- at-mhs-preferred-delivery-methods A.2.9 MHS Supported Automatic Actions The .I.ot:MHS Supported Automatic Actions; attribute identifies the automatic actions that an MS fully supports. A value of this attribute is an Object Identifier. .I.va:mhs-supported-automatic-actions; ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at- mhs-supported-automatic-actions A.2.10 MHS Supported Content Types The .I.ot:MHS Supported Content Types; attribute identifies the content types of the messages whose syntax and semantics a MS fully supports. A value of this attribute is an Object Identifier. .I.va:mhs-supported-content-types; ATTRIBUTE WITH ATTRIBUTE- SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at-mhs-sup- ported-content-types A.2.11 MHS Supported Optional Attributes The .I.ot:MHS Supported Optional Attributes; attribute identifies the optional attributes that an MS fully supports. A value of this attribute is an Object Identifier. .I.va:mhs-supported-optional-attributes; ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at- mhs-supported-optional-attributes A.3 Attribute Syntaxes The attribute syntaxes specific to Message Handling are those specified below. A.3.1 MHS DL Submit Permission The .I.ot:MHS DL Submit Permission; attribute syntax characterizes an attribute each of whose values is a submit permission. .I.va:mhs-dl-submit-permission-syntax; ATTRIBUTE-SYNTAX SYN- TAX DLSubmitPermission MATCHES FOR EQUALITY ::= id-as-mhs- dl-submit-permission .I.ty:DLSubmitPermission; ::= CHOICE { individual [0] ORName, member-of-dl [1] ORName, pattern-match [2] ORNamePattern, mem- ber-of-group [3] Name} A presented DL submit permission value shall be of type Individual. A DL submit permission, depending upon its type, grants submit access to the following zero or more users and DLs: a) Individual: The user or (unexpanded) DL any of whose O/R names is equal to the specified O/R name. b) Member-of-dl: Each member of the DL, any of whose O/R names is equal to the specified O/R name, or of each nested DL, recursively. c) Pattern-match: Each user or (unexpanded) DL any of whose O/R names matches the specified O/R name pattern. .I.ty:ORNamePattern; ::= ORName d) Member-of-group: Each member of the group-of-names whose name is specified, or of each nested group-of-names, recursively. A presented value is equal to a target value of this type if the two are identical, attribute by attribute. Additionally, equality may be declared under other conditions which are a local matter. A.3.2 MHS O/R Address The .I.ot:MHS O/R Address; attribute syntax characterizes an attribute each of whose values is an O/R address. .I.va:mhs-or-address-syntax; ATTRIBUTE-SYNTAX SYNTAX ORAd- dress MATCHES FOR EQUALITY ::= id-as-mhs-or-address A presented O/R address value is equal to a target O/R address value under the conditions specified in clause 18.4. A.3.3 MHS O/R Name The .I.ot:MHS O/R Name; attribute syntax characterizes an attribute each of whose values is an O/R name. .I.va:mhs-or-name-syntax; ATTRIBUTE-SYNTAX SYNTAX ORName MATCHES FOR EQUALITY ::= id-as-mhs-or-name A presented O/R name value is equal to a target O/R name value if the two are identical, attribute by attribute. Additionally, equality may be declared under other conditions which are a local matter. Annex B (to Recommendation X.402) Reference Definition of Object Identifiers This annex is an integral part of this Recommendation. This annex defines for reference purposes various Object Identifiers cited in the ASN.1 module of annex C. It uses ASN.1. All Object Identifiers this Recommendation assigns are assigned in this annex. The annex is definitive for all but those for ASN.1 modules and MHS itself. The definitive assignments for the former occur in the mod- ules themselves; other references to them appear in IMPORT clauses. The latter is fixed. ---------- .I.mo:MHSObjectIdentifiers; {joint-iso-ccitt mhs-motis(6) arch(5) mod- ules(0) object-identifiers(0)} DEFINITIONS IMPLICIT TAGS ::= BEGIN -- Prologue -- Exports everything. IMPORTS -- nothing -- ; .I.ty:ID; ::= OBJECT IDENTIFIER -- MHS Aspects .I.va:id-mhsac; ID ::= {joint-iso-ccitt mhs-motis(6) mhsac(0)} -- MHS Application Contexts -- See Recommendation X.419. .I.va:id-ipms; ID ::= {joint-iso-ccitt mhs-motis(6) ipms (1)} -- Interpersonal Messaging -- See Recommendation X.420. .I.va:id-asdc; ID ::= {joint-iso-ccitt mhs- motis(6) asdc (2)} -- Abstract Service Definition Conventions -- See Rec- ommendation X.407. .I.va:id-mts; ID ::= {joint-iso-ccitt mhs-motis(6) mts (3)} -- Message Transfer System -- See Recommendation X.411. .I.va:id-ms; ID ::= {joint-iso-ccitt mhs-motis(6) ms (4)} -- Message Store -- See Recommendation X.413. .I.va:id-arch; ID ::= {joint-iso-ccitt mhs-motis(6) arch (5)} -- Overall Architecture -- See this Recommenda- tion. .I.va:id-group; ID ::= {joint-iso-ccitt mhs-motis(6) group(6)} -- Reserved. -- Categories .I.va:id-mod; ID ::= {id-arch 0} -- modules; not definitive .I.va:id-oc; ID ::= {id-arch 1} -- object classes .I.va:id-at; ID ::= {id-arch 2} -- attribute types .I.va:id-as; ID ::= {id-arch 3} -- attribute syntaxes -- Modules .I.va:id-object-identifiers; ID ::= {id-mod 0} -- not definitive .I.va:id-directory-objects-and-attributes; ID ::= {id-mod 1} -- not defini- tive -- Object classes .I.va:id-oc-mhs-distribution-list; ID ::= {id-oc 0} .I.va:id-oc-mhs-mes- sage-store; ID ::= {id-oc 1} .I.va:id-oc-mhs-message-transfer-agent; ID ::= {id-oc 2} .I.va:id-oc-mhs-organizational-user; ID ::= {id-oc 3} .I.va:id-oc-mhs-residential-user; ID ::= {id-oc 4} .I.va:id-oc-mhs- user-agent; ID ::= {id-oc 5} -- Attributes .I.va:id-at-mhs-deliverable-content-length; ID ::= {id-at 0} .I.va:id-at- mhs-deliverable-content-types; ID ::= {id-at 1} .I.va:id-at-mhs-deliv- erable-eits; ID ::= {id-at 2} .I.va:id-at-mhs-dl-mem- bers; ID ::= {id-at 3} .I.va:id-at-mhs-dl-submit-permissions; ID ::= {id-at 4} .I.va:id-at-mhs-message-store; ID ::= {id-at 5} .I.va:id-at-mhs-or-addresses; ID ::= {id-at 6} .I.va:id-at-mhs- preferred-delivery-methods; ID ::= {id-at 7} .I.va:id-at-mhs-supported- automatic-actions; ID ::= {id-at 8} .I.va:id-at-mhs-supported-content- types; ID ::= {id-at 9} .I.va:id-at-mhs-supported-optional-attributes; ID ::= {id-at 10} -- Attribute syntaxes .I.va:id-as-mhs-dl-submit-permission; ID ::= {id-as 0} .I.va:id-as-mhs- or-address; ID ::= {id-as 1} .I.va:id-as-mhs-or-name; ID ::= {id-as 2} END -- of MHSObjectIdentifiers Annex C (to Recommendation X.402) Reference Definition of Directory Object Classes and Attributes This annex is an integral part of this Recommendation. This annex, a supplement to annex A, defines for reference purposes the object classes, attributes, and attribute syntaxes specific to Message Han- dling. It uses the OBJECT-CLASS, ATTRIBUTE, and ATTRIBUTE- SYNTAX macros of Recommendation X.501. ---------- .I.mo:MHSDirectoryObjectsAndAttributes; {joint-iso-ccitt mhs-motis(6) arch(5) modules(0) directory(1)} DEFINITIONS IMPLICIT TAGS ::= BEGIN -- Prologue -- Exports everything. IMPORTS -- MHS Object Identifiers id-as-mhs-dl-submit-permission, id- as-mhs-or-address, id-as-mhs-or-name, id-at-mhs-deliverable-content- length, id-at-mhs-deliverable-content-types, id-at-mhs-deliverable-eits, id-at-mhs-dl-members, id-at-mhs-dl-submit-permissions, id-at-mhs-mes- sage-store, id-at-mhs-or-addresses, id-at-mhs-preferred-delivery-meth- ods, id-at-mhs-supported-automatic-actions, id-at-mhs-supported- content-types, id-at-mhs-supported-optional-attributes, id-oc-mhs-distri- bution-list, id-oc-mhs-message-store, id-oc-mhs-message-transfer-agent, id-oc-mhs-organizational-user, id-oc-mhs-residential-user, id-oc-mhs- user-agent, ---- FROM MHSObjectIdentifiers {joint-iso-ccitt mhs-motis(6) arch(5) modules(0) object-identifiers(0)} -- MTS Abstract Service ORAddress, ORName, PreferredDeliveryMethod ---- FROM MTSAbstractService {joint-iso-ccitt mhs-motis(6) mts(3) modules(0) mTS-abstract-ser- vice(3)} -- Information Framework ATTRIBUTE, ATTRIBUTE-SYN- TAX, Name, OBJECT-CLASS ---- FROM InformationFramework {joint- iso-ccitt ds(5) modules(1) informationFramework(1)} -- Selected Object Classes applicationEntity, organizationalPerson, residentialPerson, top ---- FROM SelectedObjectClasses {joint-iso-ccitt ds(5) modules(1) selecte- dObjectClasses(6)} -- Selected Attribute Types commonName, descrip- tion, distinguishedNameSyntax, integerSyntax, objectIdentifierSyntax, organization, organizationalUnitName, owner, seeAlso ---- FROM Select- edAttributeTypes {joint-iso-ccitt ds(5) modules(1) selectedAttribute- Types(5)} -- OBJECT CLASSES -- MHS Distribution List .I.va:mhs-distribution-list; OBJECT-CLASS SUBCLASS OF top MUST CONTAIN { commonName, mhs-dl-submit-permissions, mhs-or- addresses} MAY CONTAIN { description, organization, organization- alUnitName, owner, seeAlso, mhs-deliverable-content-types, mhs-deliver- able-eits, mhs-dl-members, mhs-preferred-delivery-methods} ::= id-oc-mhs-distri- bution-list -- MHS Message Store .I.va:mhs-message-store; OBJECT-CLASS SUBCLASS OF application- Entity MAY CONTAIN { description, owner, mhs-supported-optional- attributes, mhs-supported-automatic-actions, mhs-supported-content- types} ::= id-oc-mhs-message-store -- MHS Message Transfer Agent .I.va:mhs-message-transfer-agent; OBJECT-CLASS SUBCLASS OF applicationEntity MAY CONTAIN { description, owner, mhs-deliver- able-content-length} ::= id-oc-mhs-message-transfer-agent -- MHS Organizational User .I.va:mhs-organizational-user; OBJECT-CLASS SUBCLASS OF organi- zationalPerson MUST CONTAIN { mhs-or-address} MAY CONTAIN { mhs-deliverable-content-length, mhs-deliverable-content-types, mhs- deliverable-eits, mhs-message-store, mhs-preferred-delivery-methods} ::= id-oc-mhs-organizational-user -- MHS Residential User .I.va:mhs-residential-user; OBJECT-CLASS SUBCLASS OF residen- tialPerson MUST CONTAIN { mhs-or-address} MAY CONTAIN { mhs- deliverable-content-length, mhs-deliverable-content-types, mhs-deliver- able-eits, mhs-message-store, mhs-preferred-delivery-methods} ::= id- oc-mhs-residential-user -- MHS User Agent .I.va:mhs-user-agent; OBJECT-CLASS SUBCLASS OF applicationEn- tity MAY CONTAIN { owner, mhs-deliverable-content-length, mhs-deliv- erable-content-types, mhs-deliverable-eits, mhs-or-address} ::= id-oc-mhs-user-agent -- ATTRIBUTES -- MHS Deliverable Content Length .I.va:mhs-deliverable-content-length; ATTRIBUTE WITH ATTRIBUTE- SYNTAX integerSyntax SINGLE VALUE ::= id-at-mhs-deliverable-con- tent-length -- MHS Deliverable Content Types .I.va:mhs-deliverable-content-types; ATTRIBUTE WITH ATTRIBUTE- SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at-mhs-deliver- able-content-types -- MHS Deliverable EITs .I.va:mhs-deliverable-eits; ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at-mhs-deliverable-eits -- MHS DL Members .I.va:mhs-dl-members; ATTRIBUTE WITH ATTRIBUTE-SYNTAX mhs-or-name-syntax MULTI VALUE ::= id-at-mhs-dl-members -- MHS DL Submit Permissions .I.va:mhs-dl-submit-permissions; ATTRIBUTE WITH ATTRIBUTE- SYNTAX mhs-dl-submit-permission-syntax MULTI VALUE ::= id-at- mhs-dl-submit-permissions -- MHS O/R Addresses .I.va:mhs-or-addresses; ATTRIBUTE WITH ATTRIBUTE-SYNTAX mhs-or-address-syntax MULTI VALUE ::= id-at-mhs-or-addresses -- MHS Message Store .I.va:mhs-message-store; ATTRIBUTE WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax SINGLE VALUE ::= id-at-mhs-message-store -- MHS Preferred Delivery Methods .I.va:mhs-preferred-delivery-methods; ATTRIBUTE WITH ATTRIBUTE-SYNTAX PreferredDeliveryMethod MATCHES FOR EQUALITY MULTI VALUE ::= id-at-mhs-preferred-delivery-methods -- MHS Supported Automatic Actions .I.va:mhs-supported-automatic-actions; ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at- mhs-supported-automatic-actions -- MHS Supported Content Types .I.va:mhs-supported-content-types; ATTRIBUTE WITH ATTRIBUTE- SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at-mhs-sup- ported-content-types -- MHS Supported Optional Attributes .I.va:mhs-supported-optional-attributes; ATTRIBUTE WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax MULTI VALUE ::= id-at- mhs-supported-optional-attributes -- ATTRIBUTE SYNTAXES -- MHS DL Submit Permission .I.va:mhs-dl-submit-permission-syntax; ATTRIBUTE-SYNTAX SYN- TAX DLSubmitPermission MATCHES FOR EQUALITY ::= id-as-mhs- dl-submit-permission .I.ty:DLSubmitPermission; ::= CHOICE { individual [0] ORName, member-of-dl [1] ORName, pattern-match [2] ORNamePattern, mem- ber-of-group [3] Name} .I.ty:ORNamePattern; ::= ORName -- MHS O/R Address .I.va:mhs-or-address-syntax; ATTRIBUTE-SYNTAX SYNTAX ORAd- dress MATCHES FOR EQUALITY ::= id-as-mhs-or-address -- MHS O/R Name .I.va:mhs-or-name-syntax; ATTRIBUTE-SYNTAX SYNTAX ORName MATCHES FOR EQUALITY ::= id-as-mhs-or-name END -- of MHSDirectory Annex D (to Recommendation X.402) Security Threats This annex is not a part of this Recommendation An overview of MHS security threats is provided in clause 15.1 of Rec- ommendation X.400. This considers threats as they appear in an MHS: access threats, inter-message threats, intra-message threats, and message store threats. These threats can appear in various forms as follows: a) Masquerade b) Message sequencing c) Modification of information d) Denial of service e) Leakage of information f) Repudiation g) Other MHS threats In addition, they may occur by accident or by malicious intent and may be active or passive. Attacks on the MHS will address potential weak- nesses and may comprise of a number of threats. This annex deals with individual threats and although consideration is given to a number of broad classes of threat, it is not a complete list. Table 13/X.402 indicates how these threats can be met using the MHS security services. The list of threats given here is indicative rather than definitive. Table .T.:13/X.402 Use of MHS Security Services +-------------------------------+-------------------------------+ | THREAT | SERVICES | +- MASQUERADE - ------------------+-------------------------------+ | Impersonation and mis- use | Message Origin Authentication | | of the MTS | Probe Origin Authentication | | | Secure Access Management | | Falsely acknowledge receipt | Proof of Delivery | | Falsely claim to originate | Message Origin Authentication | | a mes- sage | | | Impersonation of an MTA to | Proof of submission | | an MTS-user | Report Origin Authenti- cation | | | Secure Access Management | | Imperson- ation of an MTA to | Report Origin Authentication | | another MTA | Secure Access Management | +- MESSAGE SEQUENCING ----------+--------------------------------+ | Replay of mes- sages | Message Sequence Integrity | | Re-ordering of messages | Message Sequence Integrity | | Pre-play of messages | | | Delay of messages | | +- MODIFICATION OF INFORMATION -+--------------------------------+ | Modification of messages | Connection Integrity | | | Content Integrity | | Destruction of messages | Message Sequence Integrity | | Corruption of routing and | | | other management information | | +- DENIAL OF SERVICE -----------+-------------------------------+ | Denial of communications | | | MTA flood- ing | | | MTS flooding | | +- REPUDIATION -----------------+--------------------- -----------+ | Denial of origin | Non-repudiation of Origin | | Denial of submission | Non-repudiation of Submission | | Denial of delivery | Non-repudiation of Delivery | +- LEAKAGE OF INFORMATION ------+--------------------------------+ | Loss of confidenti- ality | Connection Confidentiality | | | Content Con- fidentiality | | Loss of anonymity | Message Flow Confidentiality | | Misappropriation of messages | Secure Access Man- agement | | Traffic analysis | Message Flow Confidentiality | +- OTHER THREATS ---------------+--------------------------------+ | Origina- tor not cleared for | Secure Access Management | | Message Secu- rity Label | Message Security Labelling | | MTA/MTS-user not cleared for | Secure Access Management | | Security Context | | | Misrouting | Secure Access Management | | | Message Security Labelling | | Differing labelling policies | | +--------------------------------+---------------- ---------------+ D.1 Masquerade Masquerade occurs when an entity successfully pretends to be a different entity and can take place in a number of ways. An unauthorized MTS- user may impersonate another to gain unauthorized access to MTS facili- ties or to act to the detriment of the valid user, e.g., to discard his mes- sages. An MTS-user may impersonate another user and so falsely acknowledge receipt of a message by the "valid" recipient. A message may be put into the MTS by a user falsely claiming the identity of another user. An MTS-user, MS, or MTA may masquerade as another MTS-user, MS, or MTA. Masquerade threats include the following: a) Impersonation and misuse of the MTS b) Falsely acknowledge receipt c) Falsely claim to originate a message d) Impersonation of an MTA to an MTS-user e) Impersonation of an MTA to another MTA A masquerade usually consists of other forms of attack and in a secure system may involve authentication sequences from valid users, e.g., in replay or modification of messages. D.2 Message Sequencing Message sequencing threats occur when part or all of a message is repeated, time-shifted, or reordered. This can be used to exploit the authentication information in a valid message and resequence or time- shift valid messages. Although it is impossible to prevent replay with the MHS security services, it can be detected and the effects of the threat eliminated. Message sequencing threats include the following: a) Replay of messages b) Reordering of messages c) Pre-play of messages d) Delay of messages D.3 Modification of Information Information for an intended recipient, routing information, and other management data may be lost or modified without detection. This could occur to any aspect of the message, e.g., its labelling, content, attributes, recipient, or originator. Corruption of routing or other management infor- mation, stored in MTAs or used by them, may cause the MTS to lose messages or otherwise operate incorrectly. Modification of information threats include the following: a) Modification of messages b) Destruction of messages c) Corruption of routing and other management information. D.4 Denial of Service Denial of service occurs when an entity fails to perform its function or prevents other entities from performing their functions. This may be a denial of access, a denial of communications (leading to other problems like overload), a deliberate suppression of messages to a particular recip- ient, or a fabrication of extra traffic. The MTS can be denied if an MTA has been caused to fail or operate incorrectly. In addition, an MTS-user may cause the MTS to deny a service to other users by flooding the ser- vice with messages which might overload the switching capability of an MTA or fill up all available message storage space. Denial of service threats include the following: a) Denial of communications b) MTA failure c) MTS flooding D.5 Repudiation Repudiation can occur when an MTS-user or the MTS may later deny submitting, receiving, or originating a message. Repudiation threats include the following: a) Denial of origin b) Denial of submission c) Denial of delivery D.6 Leakage of Information Information may be acquired by an unauthorized party by monitoring transmissions,by unauthorized access to information stored in any MHS entity, or by masquerade. In some cases, the presence of an MTS-user on the system may be sensitive and its anonymity may have to be preserved. An MTS-user other than the intended recipient may obtain a message. This might result from impersonation and misuse of the MTS or through causing an MTA to operate incorrectly. Further details on the information flowing in an MTS may be obtained from observing the traffic. Leakage of information threats include the following: a) Loss of confidentiality b) Loss of anonymity c) Misappropriation of messages d) Traffic analysis D.7 Other Threats In a multi- or single-level secure system, a number of threats may exist that relate to security labelling, e.g., routing through a node that cannot be trusted with information of particular value, or where systems use dif- ferent labelling policies. Threats may exist to the enforcement of a secu- rity policy based on logical separation using security labels. An MTS- user may originate a message and assign it a label for which it is not cleared. An MTS-user or MTA may set up or accept an association with a security context for which it does not have clearance. Other threats include the following: a) Originator not cleared for message label (inappropriate submit) b) MTA/MTS-user not cleared for context c) Misrouting d) Differing labelling policies Annex E (to Recommendation X.402) Provision of Security Services in Recommendation X.411 This annex is an integral part of this Recommendation. Table 14/X.402 indicates which service elements from Recommendation X.411 may be used to support the security services described in clause 10.2. Table .T.:14/X.402 MHS Security Service Provision +-------------------------------+-------------------------------------+ | SER- VICE | MTS ARGUMENTS/SERVICES | +- ORI- GIN AUTHENTICATION SECURITY SERVICES ------------------------- --+ | Message Origin Authentication | Message Origin Authentication Check | | | Message Token | | Probe Origin Authentication | Probe Origin Authentication Check | | Report Origin Authentication | Report Origin Authentication Check | | Proof of Sub- mission | Proof of Submission Request | | | Proof of Submission | | Proof of Delivery | Proof of Deliv- ery Request | | | Proof of Delivery | +- SECURE ACCESS MANAGEMENT SECURITY SERVICES ----------- -------------+ | Peer Entity Authentication | Initiator Credentials | | | Responder Credentials | | Security Context | Security Context | +- DATA CONFIDENTIALITY SECU- RITY SERVICES -----------------------------+ | Connection Confidentiality | Not supported | | Content Confidentiality | Content Con- fidentiality Algorithm | | | Identifier | | | Message Token | | Message Flow Confidentiality | Content Type | +- DATA INTEGRITY SECURITY SERVICES ---- -------------------------------+ | Connection Integrity | Not sup- ported | | Content Integrity | Content Integrity Check | | | Message Token | | | Message Origin Authentication Check | | Message Sequence Integrity | Message Sequence Number | | | Message Token | +- NON-REPUDIATION SECURITY SERVICES ------------------------- ---------+ | Non-Repudiation of Origin | Content Integrity Check | | | Message Token | | | Message Origin Authentication Check | | Non-Repudiation of Submission | Proof of Submission Request | | | Proof of Submis- sion | | Non-Repudiation of Delivery | Proof of Delivery Request | | | Proof of Delivery | +------ -------------------------+--------------------------------------+ | Message Secu- rity Labelling | Message Security Label | | | Message Token | | | Message Origin Authen- tication Check | +- SECURITY MANAGEMENT SECURITY SER- VICES -----------------------------+ | Change Credentials | Change Credentials | | Register | Register | +--------------------------------+-------------------------------------+ Annex F (to Recommendation X.402) Differences Between CCITT Rec- ommendation and ISO Standard This annex is not a part of this Recommendation. This annex lists all but the purely stylistic differences between this Rec- ommendation and the corresponding ISO International Standard. There are no differences between the two specifications. CCITT Draft Recommendation X.402 MHS: Overall Architecture (Ver- sion 5, November 1987, Gloucester) -- -- Annex G (to Recommendation X.402) Index This annex is not a part of this Recommendation. This annex indexes this Recommendation. It gives the number(s) of the page(s) on which each item in each of several categories is defined. Its coverage of each category is exhaustive. This annex indexes items (if any) in the following categories: a) Abbreviations (ab) b) Terms (gt) c) Information items (ot) d) ASN.1 modules (mo) e) ASN.1 macros (ma) f) ASN.1 types (ty) g) ASN.1 values (va) h) Bilateral agreements (ba) i) Items for further study (fs) j) Items to be supplied (fs) ---------- .Begin Index. Abbreviations A/SYS 36 AC 5 ACs 62 ACSE 5, 62 ADMD 38 AE 4 APDU 4 AS/SYS 36 ASE 4 ASEs 56 ASN.1 5 AST/SYS 37 AT/SYS 36 AU 11 C 7 COMPUSEC 22 D 7 DL 10 DSA 6 EIT 14 M 7 MASE 61 MD 38 MDSE 61 MHE 8 MHS 9 MRSE 61 MS 11 MSSE 61 MTA 12 MTS 10 MTSE 61 O 7 OSI 5 P1 62 P3 62 P7 62 PDAU 12 PDS 12 PRMD 38 RO 6 ROSE 6, 61 RT 6 RTSE 6, 62 S/SYS 36 ST/SYS 36 T/SYS 36 UA 11 UE 5 Terms access and storage system 36 access and transfer system 36 access, storage, and transfer system 37 access system 36 access unit 11 actual recipient 17 administration-domain-name 44 administration management domain 38 affirmation 21 asymmetric 57 attribute 42 attribute list 42 attribute type 42 attribute value 42 common-name 45 conditional 7 consuming ASE 58 consuming UE 58 content 13 content type 14 conversion 21 country-name 45 defaultable 7 delivery 19 delivery agent 19 delivery report 15 described message 14 direct submission 18 direct user 9 distribution list 10 DL expansion 20 domain 38 domain-defined attribute 42 encoded information type 14 envelope 13 event 15 expansion point 20 explicit conversion 21 export 19 extension-O/R-address-components 45 extension-physical-delivery-address-components 45 external routing 22 external transfer 18 formatted 51 Global MHS 40 grade 7 immediate recipient 16 implicit conversion 21 import 18 indirect submission 18 indirect user 9 intended recipient 16 internal routing 22 internal transfer 18 joining 20 local-postal-attributes 45 management domain 38 mandatory 7 members 10 member recipient 17 message 13 Message Handling 8 Message Handling Environment 8 Message Handling System 9 Message Storage 8 message store 11 Message Transfer 8 message transfer agent 12 Message Transfer System 10 messaging system 34 mnemonic O/R address 50 name resolution 20 nested 10 network-address 45 non-affirmation 21 non-delivery 21 non-delivery report 15 numeric-user-identifier 46 numeric O/R address 51 O/R address 49 O/R name 41 optional 7 organization-name 46 organizational-unit-names 46 origination 18 originator 16 originator-specified alternate recipient 17 PDS-name 46 personal-name 46 physical-delivery-country-name 47 physical-delivery-office-name 47 physical-delivery-office-number 47 physical-delivery-organization-name 47 physical-delivery-personal-name 47 Physical delivery 12 physical delivery access unit 12 physical delivery system 12 physical message 12 physical rendition 12 post-office-box-address 47 postal-code 47 postal O/R address 51 poste-restante-address 47 potential recipient 17 private-domain-name 48 private management domain 38 probe 14 receipt 19 recipient 17 recipient-assigned alternate recipient 17 redirection 21 report 15 retrieval 19 routing 22 splitting 20 standard attribute 42 step 15 storage and transfer system 36 storage system 36 street-address 48 subject message 15 subject probe 15 submission 18 submission agent 18 submit permission 10 supplying ASE 58 supplying UE 58 symmetric 57 terminal-identifier 48 terminal-type 48 terminal O/R address 51 transfer 18 transfer system 36 transmittal 15 transmittal event 15 transmittal step 15 type 42 unformatted 51 unformatted-postal-address 48 unique-postal-name 48 user 9 user agent 11 value 42 Information Items MHS Deliverable Content Length 65 MHS Deliverable Content Types 65 MHS Deliverable EITs 65 MHS Distribution List 63 MHS DL Members 65 MHS DL Submit Permission 67 MHS DL Submit Permissions 65 MHS Message Store 63, 66 MHS Message Transfer Agent 64 MHS O/R Address 67 MHS O/R Addresses 66 MHS O/R Name 68 MHS Organizational User 64 MHS Preferred Delivery Methods 66 MHS Residential User 64 MHS Supported Automatic Actions 66 MHS Supported Content Types 66 MHS Supported Optional Attributes 67 MHS User Agent 64 ASN.1 Modules MHSDirectoryObjectsAndAttributes 71 MHSObjectIdentifiers 69 ASN.1 Macros None ASN.1 Types DLSubmitPermission 67, 74 ID 69 ORNamePattern 67, 74 ASN.1 Values id-arch 69 id-as 69 id-as-mhs-dl-submit-permission 70 id-as-mhs-or-address 70 id-as-mhs-or-name 70 id-asdc 69 id-at 69 id-at-mhs-deliverable-content-length 70 id-at-mhs-deliverable-content-types 70 id-at-mhs-deliverable-eits 70 id-at-mhs-dl-members 70 id-at-mhs-dl-submit-permissions 70 id-at-mhs-message-store 70 id-at-mhs-or-addresses 70 id-at-mhs-preferred-delivery-methods 70 id-at-mhs-supported-automatic-actions 70 id-at-mhs-supported-content-types 70 id-at-mhs-supported-optional-attributes 70 id-directory-objects-and-attributes 70 id-group 69 id-ipms 69 id-mhsac 69 id-mod 69 id-ms 69 id-mts 69 id-object-identifiers 70 id-oc 69 id-oc-mhs-distribution-list 70 id-oc-mhs-message-store 70 id-oc-mhs-message-transfer-agent 70 id-oc-mhs-organizational-user 70 id-oc-mhs-residential-user 70 id-oc-mhs-user-agent 70 mhs-deliverable-content-length 65, 73 mhs-deliverable-content-types 65, 73 mhs-deliverable-eits 65, 73 mhs-distribution-list 63, 72 mhs-dl-members 65, 73 mhs-dl-submit-permission-syntax 67, 74 mhs-dl-submit-permissions 66, 73 mhs-message-store 63, 66, 72, 73 mhs-message-transfer-agent 64, 72 mhs-or-address-syntax 68, 74 mhs-or-addresses 66, 73 mhs-or-name-syntax 68, 74 mhs-organizational-user 64, 72 mhs-preferred-delivery-methods 66, 74 mhs-residential-user 64, 72 mhs-supported-automatic-actions 66, 74 mhs-supported-content-types 66, 74 mhs-supported-optional-attributes 67, 74 mhs-user-agent 64, 73 Bilateral Agreements routing 52, 53 Items for Further Study None Items to Be Supplied None .End Index. terpersonal Messaging System | | T.330 | - | Telematic access to IPMS ╟εv─q_ █lp { h╡ d _ _ Z, = U @ ╟ @ ╟ @ ╟ B B @ ! ╟ ! ╔ = f" u"vΩ" ╓"qT$ c$l $ $gc. g.b 4 4]┼: ⌠:X @ A ╟ A ╟ A ╟ @ @ ╟@ ╟ @ ╟ ⌠: A By B OBwWB ¬Bu B Bs B Cq C PCoXC ΣCmεC Ck C ╟ CFCyfD _DwτD _Du¬D Ds D Eq E @EoHE pEmxE φEk_E Ei╟ E]F uFy~F ╝Fw F GFu_F ,Gs3G xGq╟G Go╡G +Hm3H eHkmH ╟ mH¬Hy J Jt J JoQJ WJj[J \Je╟J σJ`δJ ΦJ[ J 3H e @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ J Jv K KqwK }Kl_K ╟KgIL OLbTL UL]σM εMX─M 3H @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ ─M┼Mv M Mq M MlfN lNgnN oNbÑN ·N]║N ┐NXτO 3H @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ τO∞Ov┼O ╔Oq O Ol O Og Q Qb Q Q]'U ±U[^V 3H @ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ ^VdVviVtjVokVmqV wVh╟VfⁿVaΓV δV\ΦVZ∩VU V ^V 3 @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ V VvtVtFVo_V ╜Vj▒Vh_VcÑW ·W^ W\ WW W WR^V @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ W Wy Wt√X úXo║Xm┐Xh¼X Xc Xa X\qY uYXτY ∞YT B A @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ ∞Y_Z ┼Zy [ [w [r#[p$[k≥[ ó[f╜[d╝[_ \ \Z,\X B @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ ! ,\- \v ] ]tL^ R^on^mo^hq^ w^cz^a{^\ ^ ^Z ^ B ! @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ ^ ^y ^ ^wS^ ≈^u ^ ^s\_ s_qu_ x_o{_ σ_mΩ_ √_kú_ ┐_i ╟ ! ! ! ! ! ! ! ! ! ┐_ _ _y ` &`ws` ~`u_b ┐bs/c FcqHc McoSc ecm╡d SdhGe ╟ A ╟ ! ! ! ! ! ! ! GeFev etfo f fj fhfcΩf ∞fa f f\ gZ gU9g ╡ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟9g?gvJgtKgo⌠g ╓gj¬gh║gcni qia~i Σi\≥iZ√iU i ╡ @ ╟ @ ╟ ! @ ╟ @ ╟ @ ╟ @ ╟ i_ivßitφio i ▀ijFihQic j j^ j\ jWYj `jUîj ╡ ! @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ @ ╟îj≈jy2k 8ktIkrJkm k kk█k ki l lgTl kleml xlczl @ ╟ ! ! ! ! @ ╟ @ ╟ ! zlΩly─l ▄lw n nr_n nm ok of o oa o_ oZ1p xlc @ ╟ @ ╟ @ ╟ @ ╟ A ╟ ! ! 1p;py p pttprF- pm_p ╜ph_pf_pasq wq_▀r trZ█rXxl @ ╟ @ ╟ @ ╟ @ ╟ @ ╟ ! █rirv_r rq rosj t th t