ISO/IEC INTERNATIONAL STANDARD 10736 First edition 1995-04-15 Information technology Telecommunications and information exchange between systems -- Transport layer security protocol Technologies de I'information - Télécommunications et échange d'information entre systemes --- Protocole de securite de la couche transport EC Referencenumber ISO/IEC 10736:1995(E) Copyright Intermational Organization for Standardization nitted without license from IHS Not for Resale ISO/IEC10736:1995(E) Contents Page Scope.. 1 2 Normative references.. 2 2.1 Identical Recommendations I International Standards......... 2 2.2 Paired Recommendations I International Standards equivalent in technical content .... 2 2.3 Additional references...... 2 3 Definitions.... 3 3.1 3 3.2 Additional definitions .. 3 4 Symbols and abbreviations... 3 5 Overview oftheProtocol.. 5 5.1 Introduction.... 5 5.2 Security Associations and attributes ... 6 5.2.1 Security services for connection-oriented Transport protocol. 9 5.2.2 Security Service for connectionless Transport protocol 9 5.3 Service assumed of the Network Layer .... 9 5.4 Security management requirements .. 9 5.5 Minimum algorithm characteristics . 10 5.6 Security encapsulation function.... 10 5.6.1 Data encipherment function. 10 5.6.2 Integrity function .. 10 5.6.3 Security label function.... 10 5.6.4 Security padding function.. 11 5.6.5 Peer Entity Authentication function... 11 5.6.6 SA Function using in band SA-P 11 6 Elements of procedure.. 11 6.1 Concatenation and separation . 12 6.2 Confidentiality 12 6.2.1 Purpose 12 6.2.2 TPDUs and parameters used 12 6.2.3 Procedure 12 6.3 13 6.3.1 Integrity Check Value (ICV) processing 13 6.3.1.1 Purpose 13 6.3.1.2 TPDUs and parameters used 13 6.3.1.3 Procedure 13 6.3.2 Direction indicator processing .. 15 6.3.2.1 Purpose 15 6.3.2.2 TPDUs and parameters used 15 6.3.2.3 Procedure 15 6.3.3 Connection integrity sequence number processing. 16 6.3.3.1 Unique sequence numbers 16 ISO/IEC1995 All rights, reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the publisher. ISO/IEC Copyright Office · Case postale 56 · CH-1211 Geneve 20 · Switzerland Printed in Switzerland ii CopyrightIntemational Organization for Standardization Noreproductionor networking pemited without license from IHS Not for Resale ISO/IEC 10736:1995(E) @ ISO/IEC Page 6.3.3.2 Purpose 16 6.3.3.3 Procedure 16 6.4 Peer address check processing .. 16 6.4.1 Purpose 16 6.4.2 16 6.5 Security labels for Security Associations. 17 6.5.1 17 6.5.2 TPDUs and parameters used 17 6.5.3 17 6.6 Connection release 17 6.7 Key replacement . 17 6.8 Unprotected TPDUs..... 17 6.9 Protocol identification.. 18 6.10 Security Association-Protocol. 18 7 Use of elements of procedure 19 8 Structure and encoding of TPDUs. 19 8.1 Structure of TPDU . 19 8.2 Security encapsulation TPDU. 19 8.2.1 Clear header 20 8.2.1.1 PDU clear header length 20 8.2.1.2 PDU type 20 8.2.1.3 SA-ID 20 8.2.2 Crypto sync 20 8.2.3 Protected contents 20 8.2.3.1 Structure of protected contents field 21 8.2.3.2 Content length. 21 8.2.3.3 Flags 21 8.2.3.4 Label 22 8.2.3.5 22 8.2.3.6 IntegrityPAD 22 8.2.4 ICV 22 8.2.5 Encipherment PAD 23 8.3 Security Association PDU 23 8.3.1 LI 23 8.3.2 PDU Type 23 8.3.3 SA-ID 23 8.3.4 SA-P Type.. 23 8.3.5 SA PDU Contents.. 23 9 Conformance 23 9.1 General... 23 9.2 Common static conformance requirements.... 23 9.3 TLSP with ITU-T Rec. X.234 1ISO 8602 static conformance requirements ... 24 9.4 TLSP with ITU-T Rec. X.224 1ISO/IEC 8073 static conformance requirements . 24 9.5 Common dynamic conformance requirements ........ 24 9.6 TLSP with ITU-T Rec. X.234 I ISO 8602 dynamic conformance requirements .. 24 9.7 TLSP with ITU-T Rec. X.224 IISO/IEC 8073 dynamic conformance requirements.. 24 10 Protocol implementation conformance statement (PICS) 24 Annex A -- PICS proforma