BS ISO/IEC 10736:1995
Current
The latest, up-to-date edition.
Information technology. Telecommunications and information exchange between systems. Transport layer security protocol
Hardcopy , PDF
English
09-15-1995
1. Scope
2. Normative references
2.1 Identical Recommendations/International Standards
2.2 Paired Recommendations/International Standards
equivalent in technical content
2.3 Additional references
3. Definitions
3.1 Security reference model definitions
3.2 Additional definitions
4. Symbols and abbreviations
5. Overview of the Protocol
5.1 Introduction
5.2 Security Associations and attributes
5.2.1 Security services for connection-oriented Transport
protocol
5.2.2 Security Service for connectionless Transport
protocol
5.3 Service assumed of the Network Layer
5.4 Security management requirements
5.5 Minimum algorithm characteristics
5.6 Security encapsulation function
5.6.1 Data encipherment function
5.6.2 Integrity function
5.6.3 Security label function
5.6.4 Security padding function
5.6.5 Peer Entity Authentication function
5.6.6 SA Function using in band SA-P
6. Elements of procedure
6.1 Concatenation and separation
6.2 Confidentiality
6.2.1 Purpose
6.2.2 TPDUs and parameters used
6.2.3 Procedure
6.3 Integrity processing
6.3.1 Integrity Check Value (ICV) processing
6.3.2 Direction indicator processing
6.3.3 Connection integrity sequence number processing
6.4 Peer address check processing
6.4.1 Purpose
6.4.2 Procedure
6.5 Security labels for Security Associations
6.5.1 Purpose
6.5.2 TPDUs and parameters used
6.5.3 Procedure
6.6 Connection release
6.7 Key replacement
6.8 Unprotected TPDUs
6.9 Protocol identification
6.10 Security Association-Protocol
7. Use of elements of procedure
8. Structure and encoding of TPDUs
8.1 Structure of TPDU
8.2 Security encapsulation TPDU
8.2.1 Clear header
8.2.2 Crypto sync
8.2.3 Protected contents
8.2.4 ICV
8.2.5 Encipherment PAD
8.3 Security Association PDU
8.3.1 LI
8.3.2 PDU Type
8.3.3 SA-ID
8.3.4 SA-P Type
8.3.5 SA PDU Contents
9. Conformance
9.1 General
9.2 Common static conformance requirements
9.3 TLSP with ITU-T Rec. X.234/ISO 8602 static
conformance requirements
9.4 TLSP with ITU-T Rec. X.224 / ISO/IEC 8073 static
conformance requirements
9.5 Common dynamic conformance requirements
9.6 TLSP with ITU-T Rec. X.234 / ISO 8602 dynamic
conformance requirements
9.7 TLSP with ITU-T Rec. X.224 / ISO/IEC 8073 dynamic
conformance requirements
10. Protocol implementation conformance statement (PICS)
Annex A - PICS proforma
A.1 Introduction
A.1.1 Background
A.1.2 Approach
A.2 Implementation identification
A.3 General statement of conformance
A.4 Protocol implementation
A.5 Security services supported
A.6 Supported functions
A.7 Supported Protocol Data Units (PDUs)
A.7.1 Supported Transport PDUs (TPDUs)
A.7.2 Supported parameters of issued TPDUs
A.7.3 Supported parameters of received TPDUs
A.7.4 Allowed values of issued TPDU parameters
A.8 Service, function, and protocol relationships
A.8.1 Relationship between services and functions
A.8.2 Relationship between services and protocol
A.9 Supported algorithms
A.10 Error handling
A.10.1 Security Errors
A.10.2 Protocol Errors
A.11 Security Association
A.11.1 SA Generic Fields
A.11.2 Content Fields Specific to Key Exchange SA-P
Annex B - Security Association Protocol using
Key Token Exchange and Digital Signatures
B.1 Overview
B.2 Key Token Exchange (KTE)
B.3 SA-Protocol Authentication
B.4 SA-Attribute Negotiation
B.4.1 Service Negotiation
B.4.2 Label Set Negotiation
B.4.3 Key and ISN Selection
B.4.4 Miscellaneous SA Attribute Negotiation
B.4.5 Re-keying Overview
B.4.6 SA Abort
B.5 Mapping of SA-Protocol Functions to Protocol
Exchanges
B.5.1 KTE (First) Exchange
B.5.1.1 Request to Initiate the SA-Protocol
B.5.1.2 Receipt of the First Exchange PDU by Recipient
B.5.2 Authentication and Security Negotiation (Second)
Exchange
B.5.2.1 Receipt of First Exchange PDU by Initiator
B.5.2.2 Receipt of the Second Exchange PDU by Recipient
B.5.3 Rekey Procedure
B.5.4 SA Release / Abort Exchange
B.5.4.1 Request to Initiate SA Release / Abort
B.5.4.2 Receipt of SA Abort/Release Requests
B.6 SA PDU - SA Contents
B.6.1 Exchange ID
B.6.2 Content Length
B.6.3 Content Fields
B.6.3.1 My SA-ID
B.6.3.2 Old Your SA-ID
B.6.3.3 Key Token 1, Key Token 2, Key Token 3, and Key
Token 4
B.6.3.4 Authentication Digital Signature, Certificate
B.6.3.5 Service Selection
B.6.3.6 SA Rejection Reason
B.6.3.7 SA Abort/Release Reason
B.6.3.8 Label
B.6.3.9 Key Selection
B.6.3.10 SA Flags
B.6.3.11 ASSR
Annex C - An example of an agreed set of security rules (ASSR)
Annex D - Overview of EKE algorithm
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.