CAN/CSA-ISO/IEC ISP 10609-17-01 (R2005)

This National Standard of Canada is equivalent to International Standard ISO/IEC ISP 10609-17:1998. 1 Scope 1.1 General ISO/IEC 10609 is applicable to End Systems concerned with operating in the Open Systems Interconnection (OSI) environment. It specifies a combination of OSI standards which collectively provide the connection-mode Transport Service using the connection-mode Network Service. This part of ISO/IEC 10609 specifies the profile requirements for the provision of security services using cryptographic techniques with Network Layer Security Protocol connection-mode and SDT-PDU based protection. 1.2 Position within the Taxonomy The taxonomy of profiles is specified in ISO/IEC TR 10000-2. This part of ISO/IEC ISP 10609 supports security services for any TB, TC, TD or TE profile specified in ISO/IEC ISP 10609 (Connection-mode transport over connection-mode Network Service). Note: ISO/IEC TR 10000 currently does not identify security sub- profiles. Profiles based on this part of ISP 10609 may be referred to as TB/C/D/EnnnS2, or TB/C/D/EnnnS2C if confidentiality is selected. 1.4 Security Services The following security services are within the scope of this part of ISO/IEC ISP 10609: a) Peer entity authentication b) Connection integrity without recovery (including replay protection) c) Access control using security labels Note: Where label based access control is not enforced by a system a null label may be employed. d) Connection confidentiality (optional) e) Traffic flow confidentiality (optional) 1.5 Security Mechanisms This part of ISP 10609 provides no assurance as to the strength of the security mechanisms employed. This part of ISO/IEC ISP 10609 does not specify the cryptographic algorithms to be employed.