CAN/CSA-ISO/IEC ISP 10613-19-01 (R2005)

This National Standard of Canada is equivalent to International Standard ISO/IEC ISP 10613-19:1998. 1 Scope 1.1 General ISO/IEC ISP 10613 is applicable to interworking units concerned with operating in the Open Systems Interconnection (OSI) environment. It specifies a combination of OSI base standards that collectively provide a Network Relay function for the connectionless-mode Network Service. This part of ISO/IEC 10613 specifies profile requirements for the provision of security services using cryptographic techniques with the Network Layer Security Protocol connectionless-mode. This part of ISO/IEC 10613 specifies profile requirements that are applicable to any type of subnetwork. 1.2 Position within the Taxonomy The taxonomy of profiles is specified in ISO/IEC TR 10000-2. This part of ISO/IEC ISP 10613 supports security services for any RA profile specified in ISO/IEC ISP 10613 (profiles relaying the connectionless-mode Network Service). Note: ISO/IEC TR 10000 currently does not identify security sub- profiles. Profiles based on this part of ISP 10613 can be referred t o as TAnnnS1, or TAnnnS1C if confidentiality is selected. 1.4 Security Services The following security services are within the scope of this profile: a) Data origin authentication b) Connectionless integrity Note: It is strongly recommended that some form of access control is supported. However, this may be achieved using local access control lists which are outside the scope of this profile. c) Access control using security labels (optional) d) Connectionless confidentiality (optional) e) Traffic flow confidentiality (optional) 1.5 Security Mechanisms This part of ISP 10613 provides no assurance as to the strength of the security mechanisms employed. This profile does not specify the cryptographic algorithms to be emplo yed.