CAN/CSA-ISO/IEC 11577-97 (R2010)
This National Standard of Canada is equivalent to International Standard ISO/IEC 11577:1995.
1 Scope
This ITU-T Recommendation | International Standard specifies a protocol to be
used by End Systems and Intermediate Systems in order to provide security
services in the Network layer, which is defined by CCITT Rec. X.213 | ISO/IEc
8348, and ISO 8648. The protocol defined in this ITU-T Recommendation |
International Standard is called the Network Layer Security Protocol (NLSP).
This ITU-T Recommendation | International Standard specifies:
1) Support for the following security services defined in CCITT Rec.
X.800 | ISO 7498-2:
a) peer entity authentication;
b) data origin authentication;
c) access control;
d) connection confidentiality;
e) connectionless confidentiality;
f) traffic flow confidentiality;
g) connection integrity without recovery (including Data Unit
Integrity, in which individual SDUs on a connection are
integrity protected);
h) connectionless integrity.
2) The functional requirements for implementations that claim
conformance to this ITU-T Recommendation | International Standard.
The procedures of this protocol are defined in terms of:
a) requirements on the cryptographic techniques that can be used in an
instance of this protocol;
b) requirements on the information carried in the security association
used in an instance of communication.
Although the degree of protection afforded by some security mechanisms depends
on the use of some specific cryptographic techniques, correct operation of this
protocol is not dependent on the choice of any particular encipherment or
decipherment algorithm. This is a local matter for the communicating systems.
Furthermore, neither the choice nor the implementation of a specific security
policy are within the scope of this ITU-T Recommendation | International
Standard. The choice of a specific security policy, and hence the degree of
protection that will be achieved, is left as a local matter among the systems
that are using a single instance of secure communications. This ITU-t
Recommendation | International Standard does not require that multiple
instances of secure communications involving a single open system must use the
same security protocol.
Annex D provides the PICS proforma for the Network Layer Security Protocol in
compliance with the relevant guidance given in ISO/IEC 9646-2.
SDO:
CSA
Language:
English
ICS Codes:
35.100.30
Status:
Standard
Publish date:
1997-05-30
Standard Number:
CAN/CSA-ISO/IEC 11577-97 (R2010)