Table of Contents
1Scope
2Normativereferences
2.1IdenticalRecommendations/InternationalStandards
2.2PairedRecommendations/InternationalStandards
equivalentintechnicalcontent
2.3AdditionalReferences
3Definitions
3.1ReferenceModeldefinitions
3.2SecurityArchitecturedefinitions
3.3ServiceConventiondefinitions
3.4NetworkServicedefinitions
3.5InternalOrganisationoftheNetworkLayer
definitions
3.6ConnectionlessNetworkProtocoldefinitions
3.7UpperLayerSecurityModeldefinitions
3.8ConformanceTestingdefinitions
3.9Additionaldefinitions
4Abbreviations
4.1DataUnits
4.2ProtocolDataUnitFields
4.3Parameters
4.4Miscellaneous
5OverviewoftheProtocol
5.1Introduction
5.2OverviewofServicesProvided
5.3OverviewofServicesAssumed
5.4SecurityAssociationsandSecurityRules
5.5OverviewofProtocol-ProtectionFunctions
5.6OverviewofProtocol-NLSP-CL
5.7OverviewofProtocol-NLSP-CO
6ProtocolFunctionsCommontoNLSP-CLandNLSP-CO
6.1Introduction
6.2CommonSAAttributes
6.3CommonFunctionsonaRequestforanInstance
ofCommunication
6.4SecureDataTransferProtocolFunctions
6.5UseofaSecurityAssociationProtocol
7ProtocolFunctionsFORNLSP-CL
7.1ServicesProvidedbyNLSP-CL
7.2ServicesAssumed
7.3SecurityAssociationAttributes
7.4Checks
7.5In-BandSAEstablishment
7.6ProcessingNLSP-UNITDATARequest
7.7ProcessingUN-UNITDATAIndication
8ProtocolFunctionsforNLSP-CO
8.1ServicesProvidedbyNLSP-CO
8.2ServicesAssumed
8.3SecurityAssociationAttributes
8.4ChecksandotherCommonFunctions
8.5NLSP-ConnectFunctions
8.6NLSP-DATAFunctions
8.7NLSP-EXPEDITED-DATAFunctions
8.8RESETFunctions
8.9NLSP-DATAACKNOWLEDGE
8.10NLSP-DISCONNECT
8.11OtherFunctions
8.12PeerEntityAuthentication
9OverviewofMechanismsused
9.1SecurityServicesandMechanisms
9.2FunctionsSupported
10Connectionsecuritycontrol(NLSP-COonly)
10.1Overview
10.2SA-Attributes
10.3Procedures
10.4CSC-PDUFieldsused
11SDTPDUBasedencapsulationFunction
11.1Overview
11.2SAAttributes
11.3Procedures
11.4PDUFieldsused
12No-HeaderEncapsulationFunction(NLSP-COonly)
12.1Overview
12.2SAAttributes
12.3Procedures
13StructureandEncodingofPDUS
13.1Introduction
13.2ContentFieldFormat
13.3ProtectedData
13.4SecurityAssociationPDU
13.5ConnectionSecurityControlPDU
14Conformance
14.1StaticConformanceRequirements
14.2DynamicConformanceRequirements
14.3ProtocolImplementationConformanceStatement
AnnexA-MappingUNprimitivestoCCITTRec.X.213/ISO8348
AnnexB-MappingUNPrimitivestoCCITTRec.X.25/ISO8208
AnnexC-SecurityAssociationProtocolUsingKeyToken
ExchangeandDigitalSignatures
C.1Overview
C.2KeyTokenExchange(KTE)
C.3SA-ProtocolAuthentication
C.4SAAttributeNegotiation
C.5SAAbort/Release
C.6MappingofSA-ProtocolFunctionstoProtocol
Exchanges
C.7SAPDU-SAContents
AnnexD-NLSPPICSProforma
D.1Introduction
D.2AbbreviationsandSpecialSymbols
D.3InstructionsforCompletingthePICSProforma
D.4Identification
D.5FeaturesCommontoNLSP-COandNLSP-CL
D.6FeaturesSpecifictoNLSP-CL
D.7FeaturesSpecifictoNLSP-CO
AnnexE-TutorialonsomeBasicConceptsofNLSP
E.1BasisofProtection
E.2UnderlyingvsNLSPService
E.3NLSPAddressing
E.4ConnectionModeNLSP
E.5ConnectionlessModeNLSP
E.6SecurityAttributesandAssociations
E.7DynamicFunctionalRelationshipbetweenNLSPandCLNP
E.8DynamicFunctionalityRelatedtoLayeredModel
AnnexF-ExampleofanAgreedSetofSecurityRules
AnnexG-SecurityAssociationsandAttributes
AnnexH-ExampleKeyTokenExchange-EKEAlgorithm Abstract
Specifies the protocol to support the integrity, confidentiality, authentication and access control services identified in the OSI security model as applicable to connection-mode and connectionless-mode network layer protocols.
