Table of Contents
Foreword
Introduction
1Scope
2Normativereferences
2.1IdenticalRecommendations/InternationalStandards
2.2PairedRecommendations/InternationalStandards
equivalentintechnicalcontent
2.3Additionalreferences
3Definitions
3.1Securityreferencemodeldefinitions
3.2Additionaldefinitions
4Symbolsandabbreviations
5OverviewoftheProtocol
5.1Introduction
5.2SecurityAssociationsandattributes
5.2.1Securityservicesforconnection-oriented
Transportprotocol
5.2.2SecurityServiceforconnectionless
Transportprotocol
5.3ServiceassumedoftheNetworkLayer
5.4Securitymanagementrequirements
5.5Minimumalgorithmcharacteristics
5.6Securityencapsulationfunction
5.6.1Dataenciphermentfunction
5.6.2Integrityfunction
5.6.3Securitylabelfunction
5.6.4Securitypaddingfunction
5.6.5PeerEntityAuthenticationfunction
5.6.6SAFunctionusinginbandSA-P
6Elementsofprocedure
6.1Concatenationandseparation
6.2Confidentiality
6.2.1Purpose
6.2.2TPDUsandparametersused
6.2.3Procedure
6.3Integrityprocessing
6.3.1IntegrityCheckValue(ICV)processing
6.3.2Directionindicatorprocessing
6.3.3Connectionintegritysequencenumberprocessing
6.4Peeraddresscheckprocessing
6.4.1Purpose
6.4.2Procedure
6.5SecuritylabelsforSecurityAssociations
6.5.1Purpose
6.5.2TPDUsandparametersused
6.5.3Procedure
6.6Connectionrelease
6.7Keyreplacement
6.8UnprotectedTPDUs
6.9Protocolidentification
6.10SecurityAssociation-Protocol
7Useofelementsofprocedure
8StructureandencodingofTPDUs
8.1StructureofTPDU
8.2SecurityencapsulationTPDU
8.2.1Clearheader
8.2.2Cryptosync
8.2.3Protectedcontents
8.2.4ICV
8.2.5EnciphermentPAD
8.3SecurityAssociationPDU
8.3.1LI
8.3.2PDUType
8.3.3SA-ID
8.3.4SA-PType
8.3.5SAPDUContents
9Conformance
9.1General
9.2Commonstaticconformancerequirements
9.3TLSPwithITU-TRec.X.234/ISO8602static
conformancerequirements
9.4TLSPwithITU-TRec.X.224/ISO/IEC8073static
conformancerequirements
9.5Commondynamicconformancerequirements
9.6TLSPwithITU-TRec.X.234/ISO8602dynamic
conformancerequirements
9.7TLSPwithITU-TRec.X.224/ISO/IEC8073dynamic
conformancerequirements
10Protocolimplementationconformancestatement(PICS)
AnnexA-PICSproforma
A.1Introduction
A.1.1Background
A.1.2Approach
A.2Implementationidentification
A.3Generalstatementofconformance
A.4Protocolimplementation
A.5Securityservicessupported
A.6Supportedfunctions
A.7SupportedProtocolDataUnits(PDUs)
A.7.1SupportedTransportPDUs(TPDUs)
A.7.2SupportedparametersofissuedTPDUs
A.7.3SupportedparametersofreceivedTPDUs
A.7.4AllowedvaluesofissuedTPDUparameters
A.8Service,function,andprotocolrelationships
A.8.1Relationshipbetweenservicesandfunctions
A.8.2Relationshipbetweenservicesandprotocol
A.9Supportedalgorithms
A.10Errorhandling
A.10.1Securityerrors
A.10.2Protocolerrors
A.11SecurityAssociation
A.11.1SAGenericFields
A.11.2ContentFieldsSpecifictoKeyExchangeSA-P
AnnexB-SecurityAssociationProtocolUsingKeyToken
ExchangeandDigitalSignatures
B.1Overview
B.2KeyTokenExchange(KTE)
B.3SA-ProtocolAuthentication
B.4SAAttributeNegotiation
B.4.1ServiceNegotiation
B.4.2LabelSetNegotiation
B.4.3KeyandISNSelection
B.4.4MiscellaneousSAAttributeNegotiation
B.4.5Re-keyingOverview
B.4.6SAAbort/ReleaseOverview
B.5MappingofSA-ProtocolFunctionstoProtocol
Exchanges
B.5.1KTE(First)Exchange
B.5.2AuthenticationandSecurityNegotiation
(Second)Exchange
B.5.3RekeyProcedure
B.5.4SARelease/AbortExchange
B.6SAPDU-SAContents
B.6.1ExchangeID
B.6.2ContentLength
B.6.3ContentFields
AnnexC-Anexampleofanagreedsetofsecurityrules(ASSR)
AnnexD-OverviewofEKEAlgorithm Abstract
Specifies the protocol which can support the integrity, confidentiality, authentication and access control services identified in the OSI security model as relevant to the transport layer.
