S~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-,+*)('&%$#"!  2  `^BLTT TTT 4]: :X @ A A A @ @ @ @ : A >[J GBy B OBwWB Bu B Bs B Cq C PCoXC GA -CmC Ck C -` L CCyfD DwD DuD Ds D Eq E @EoHE LH l-attributes 67, 74*+ mhs-user-agent 64, 73) Bilateral Agreements$ routing 52, 53, Items for Further Study None) Items to Be Supplied None  .End Index. d Pterpersonal Messaging System | | T.330 | - | Telematic access toPd PIPMS vq lp { h d er-agent 64, 72#2 mhs-or-address-syntax 68, 74- mhs-or-addresses 66, 73/mhs-or-name-syntax 68, 744  mhs-organizational-user 64, 72 ; 'mhs-preferred-delivery-methods 66, 74'1 mhs-residential-user 64, 72<JM(mhs-supported-automatic-actions 66, 74(8 $mhs-supported-content-types 66, 74$> *mhs-supported-optiona-agent 70; 'mhs-deliverable-content-length 65, 73': &mhs-deliverable-content-types 65, 73&1 mhs-deliverable-eits 65, 732DJmhs-distribution-list 63, 72+ mhs-dl-members 65, 73< (mhs-dl-submit-permission-syntax 67, 74(6 "mhs-dl-submit-permissions 66, 73"6 "mhs-message-store 63, 66, 72, 73"7J #mhs-message-transf 69 JM id-mod 69   id-ms 69   id-mts 69 . id-object-identifiers 70  id-oc 69 4  id-oc-mhs-distribution-list 70 0 id-oc-mhs-message-store 709 %id-oc-mhs-message-transfer-agent 70%6 "id-oc-mhs-organizational-user 70"3 id-oc-mhs-residential-user 70- id-oc-mhs-userid-at-mhs-message-store 70/ id-at-mhs-or-addresses 70= )id-at-mhs-preferred-delivery-methods 70)> *id-at-mhs-supported-automatic-actions 70*: &id-at-mhs-supported-content-types 70&@J ,id-at-mhs-supported-optional-attributes 70,<(id-directory-objects-and-attributes 70(!  id-group 69   id-ipms 69 !  id-mhsac as-mhs-dl-submit-permission 70#- id-as-mhs-or-address 70* id-as-mhs-or-name 70  id-asdc 69   id-at 69 = )id-at-mhs-deliverable-content-length 70)< (id-at-mhs-deliverable-content-types 70(3 id-at-mhs-deliverable-eits 70-DJid-at-mhs-dl-members 708 $id-at-mhs-dl-submit-permissions 70$0 " ASN.1 Modules9 %MHSDirectoryObjectsAndAttributes 71%-MHSObjectIdentifiers 69!J  ASN.1 Macros  None   ASN.1 Types /JMDLSubmitPermission 67, 74 ID 69* ORNamePattern 67, 74!  ASN.1 Values   id-arch 69   id-as 69 7 #id-( MHS O/R Address 67* MHS O/R Addresses 66% MHS O/R Name 680 MHS Organizational User 647DJ#MHS Preferred Delivery Methods 66#- MHS Residential User 648 $MHS Supported Automatic Actions 66$4  MHS Supported Content Types 66 : &MHS Supported Optional Attributes 67&' MHS User Agent 64 &JMInformation Items7 #MHS Deliverable Content Length 65#6 "MHS Deliverable Content Types 65"- MHS Deliverable EITs 65. MHS Distribution List 63' MHS DL Members 651 MHS DL Submit Permission 672 MHS DL Submit Permissions 65. MHS Message Store 63, 663 MHS Message Transfer Agent 64al O/R address 51!DJ transfer 18 ( transfer system 36$ transmittal 15* transmittal event 15) transmittal step 15  type 42 $ unformatted 513 unformatted-postal-address 48+unique-postal-name 48 user 9# user agent 11J  value 42 system 36' street-address 48( subject message 15& subject probe 15# submission 18) submission agent 18* submit permission 10& supplying ASE 58% supplying UE 58" symmetric 57, terminal-identifier 48& terminal-type 48- termin  probe 14   receipt 19 " recipient 17? +recipient-assigned alternate recipient 17+$ redirection 21  report 15 " retrieval 19  routing 22 " splitting 20+ standard attribute 42  step 15 4JM storage and transfer system 36 'J storage unit 12"1 physical delivery system 12) physical message 12+ physical rendition 120 post-office-box-address 47$ postal-code 47+ postal O/R address 51/ poste-restante-address 47, potential recipient 17, private-domain-name 482DJprivate management domain 38 tor-specified alternate recipient 17-! PDS-name 46 & personal-name 467 #physical-delivery-country-name 47#6 "physical-delivery-office-name 47"8JM$physical-delivery-office-number 47$< (physical-delivery-organization-name 47(8 $physical-delivery-personal-name 47$*J Physical delivery 126 "physical delivery access% non-delivery 21, non-delivery report 150 numeric-user-identifier 46, numeric O/R address 51$DJO/R address 49!  O/R name 41   optional 7 * organization-name 462 organizational-unit-names 46$ origination 18# originator 16A -originaHandling System 9' Message Storage 8&JMmessage store 11( Message Transfer 8/ message transfer agent 120 Message Transfer System 10) messaging system 34-J mnemonic O/R address 50( name resolution 20  nested 10 ( network-address 45( non-affirmation 21) internal routing 22*DJinternal transfer 18  joining 20 0 local-postal-attributes 45* management domain 38!  mandatory 7   members 10 ) member recipient 17  message 13 (Message Handling 84  Message Handling Environment 8 / Message ion-physical-delivery-address-components 453) external routing 22* external transfer 18" formatted 51# Global MHS 40  grade 7 ,J immediate recipient 16, implicit conversion 21  import 18 , indirect submission 18% indirect user 9+ intended recipient 16* distribution list 10% DL expansion 20  domain 38 1 domain-defined attribute 421 encoded information type 14!  envelope 13  event 15 ( expansion point 20, explicit conversion 21  export 19 9JM%extension-O/R-address-components 45%G 3extenssuming ASE 58% consuming UE 58  content 13 % content type 14# conversion 21% country-name 45#J defaultable 7!  delivery 19 ' delivery agent 19( delivery report 15* described message 14*DJdirect submission 18# direct user 9) actual recipient 173 administration-domain-name 449 %administration management domain 38%$ affirmation 21#asymmetric 57" attribute 42' attribute list 42' attribute type 42(JMattribute value 42$ common-name 45# conditional 7& con RT 6  RTSE 6, 62   S/SYS 36   ST/SYS 36   T/SYS 36  UA 11J UE 5 Terms2 access and storage system 363DJaccess and transfer system 36= )access, storage, and transfer system 37)& access system 36$ access unit 11  MRSE 61  MS 11  MSSE 61  MTA 12 MTS 10  MTSE 61  O 7OSI 5 P1 62 P3 62 P7 62JM PDAU 12  PDS 12  PRMD 38  RO 6  ROSE 6, 61   ASN.1 5  JM AST/SYS 37   AT/SYS 36  AU 11 C 7!  COMPUSEC 22  D 7 DL 10 DSA 6 EIT 14 M 7  MASE 61  MD 38  MDSE 61 J MHE 8DJMHS 9her study (fs)"3 j)Items to be supplied (fs)  ---------- " .Begin Index."DJAbbreviationsJ  A/SYS 36  AC 5 ACs 62  ACSE 5, 62   ADMD 38  AE 4 APDU 4 AS/SYS 36  ASE 4  ASEs 56 S ?This annex indexes items (if any) in the following categories:?, a)Abbreviations (ab)$ b)Terms (gt)0 c)Information items (ot), d)ASN.1 modules (mo)+ e)ASN.1 macros (ma)* f)ASN.1 types (ty)+ g)ASN.1 values (va)3 h)Bilateral agreements (ba)6 "i)Items for furtMHS: Overall Architecture (Version 5, November P& 1987, Gloucester) -- --<(Annex G (to Recommendation X.402) Index(E 1This annex is not a part of this Recommendation.1d PThis annex indexes this Recommendation. It gives the number(s) of the page(s) onPc Owhich each item in each of several categories is defined. Its coverage of each O,JMcategory is exhaustive.Annex F (to Recommendation X.402) Differences Between CCITT Recommendation and O!  ISO Standard E 1This annex is not a part of this Recommendation.1[ GThis annex lists all but the purely stylistic differences between this GUJ ARecommendation and the corresponding ISO International Standard.AM 9There are no differences between the two specifications.9d PCCITT Draft Recommendation X.402 Pa M | Message Origin Authentication Check | +- SECURITY MANAGEMENT Md PSECURITY SERVICES -----------------------------+ | Change Credentials P_ K | Change Credentials | | Register | K: &Register | &\ H+-------------------------------+-------------------------------------+H c O Pd P | | Non-Repudiation of Delivery | Proof of Delivery Request P^ J| | | Proof of Delivery | J^JMJ+-------------------------------+-------------------------------------+ | Jd PMessage Security Labelling | Message Security Label | | Pd P | Message Token | | CURITY SERVICES ;a M---------------------------------+ | Non-Repudiation of Origin | Content Md PIntegrity Check | | | Message Token P[ G | | | Message Origin GaMAuthentication Check | | Non-Repudiation of Submission | Proof of Submission Md PRequest | | | Proof of Submission | | Content Integrity Pd P | Content Integrity Check | | Pa M | Message Token | | | Md PMessage Origin Authentication Check | | Message Sequence Integrity | Message PdJ PSequence Number | | | Message Token PO ; | +- NON-REPUDIATION SE | Content Confidentiality Pd PAlgorithm | | | Identifier PdDJP | | | Message Token | | Pb NMessage Flow Confidentiality | Content Type | +- DATA Na MINTEGRITY SECURITY SERVICES ----------------------------------+ | Connection Md PIntegrity | Not supported -+ | Peer Entity Authentication | Initiator F\ HCredentials | | | Responder Hd PCredentials | | Security Context | Security Context PR > | +- DATA CONFIDENTIALITY SECURITY SERVICES >d P----------------------------+ | Connection Confidentiality | Not supported Pd P | | Content Confidentiality JOrigin Authentication Check | | Proof of Submission | Proof of J\ HSubmission Request | | | Proof of HdJMPSubmission | | Proof of Delivery | Proof of DeliveryPd PRequest | | | Proof of Delivery PN : | +- SECURE ACCESS MANAGEMENT SECURITY SERVICES :Z F-----------------------ERVICE | MTS ARGUMENTS/SERVICES | +- ORIGIN Pc OAUTHENTICATION SECURITY SERVICES ---------------------------+ | Message Origin Od PAuthentication | Message Origin Authentication Check | | PdP | Message Token | | Probe Origin Authentication |Pc OProbe Origin Authentication Check | | Report Origin Authentication | Report O^ D) Recommendation X.411K 7This annex is an integral part of this Recommendation.7d PTable 14/X.402 indicates which service elements from Recommendation X.411 may bePT @used to support the security services described in clause 10.2.@F 2Table .T.:14/X.402 MHS Security Service Provision2^ J+-------------------------------+-------------------------------------+ | JdJ PSsecurity context for which it does N( not have clearance.9 %Other threats include the following:%Y Ea)Originator not cleared for message label (inappropriate submit)E> *b)MTA/MTS-user not cleared for context*$ c)Misrouting6DJ"d)Differing labelling policies" X DAnnex E (to Recommendation X.402) Provision of Security Services in outing through a node that cannot be Ja Mtrusted with information of particular value, or where systems use different Mb Nlabelling policies. Threats may exist to the enforcement of a security policy NcJMObased on logical separation using security labels. An MTS-user may originate a Ob Nmessage and assign it a label for which it is not cleared. An MTS-user or MTA Nb Nmay set up or accept an association with a observing the traffic.%J 6Leakage of information threats include the following:61 a)Loss of confidentiality+ b)Loss of anonymity6 "c)Misappropriation of messages"* d)Traffic analysis'J D.7Other ThreatsbNIn a multi- or single-level secure system, a number of threats may exist that N^ Jrelate to security labelling, e.g., r Oor by masquerade. In some cases, the presence of an MTS-user on the system may Od Pbe sensitive and its anonymity may have to be preserved. An MTS-user other than PX Dthe intended recipient may obtain a message. This might result from D] Iimpersonation and misuse of the MTS or through causing an MTA to operate I] Iincorrectly. Further details on the information flowing in an MTS may be I9 %obtained fromreceiving, or originating a message.%? +Repudiation threats include the following:+* a)Denial of origin. b)Denial of submission, c)Denial of delivery0 D.6Leakage of InformationWDJCInformation may be acquired by an unauthorized party by monitoring Cc Otransmissions, by unauthorized access to information stored in any MHS entity, Oc a Moverload the switching capability of an MTA or fill up all available message M# storage space.E1Denial of service threats include the following:12J a)Denial of communications% b)MTA failure& c)MTS flooding%JMD.5Repudiationa MRepudiation can occur when an MTS-user or the MTS may later deny submitting, M9 %al ofPd Paccess, a denial of communications (leading to other problems like overload), a Pc Odeliberate suppression of messages to a particular recipient, or a fabrication Oa Mof extra traffic. The MTS can be denied if an MTA has been caused to fail or M^ Joperate incorrectly. In addition, an MTS-user may cause the MTS to deny a J] Iservice to other users by flooding the service with messages which might IODJ;Modification of information threats include the following:;2 a)Modification of messages1 b)Destruction of messagesQ =c)Corruption of routing and other management information.=+ D.4Denial of Service] IDenial of service occurs when an entity fails to perform its function or Id Pprevents other entities from performing their functions. This may be a denior an intended recipient, routing information, and other managementPc Odata may be lost or modified without detection. This could occur to any aspect O\ Hof the message, e.g., its labelling, content, attributes, recipient, or Ha Moriginator. Corruption of routing or other management information, stored in Mb NMTAs or used by them, may cause the MTS to lose messages or otherwise operate N!  incorrectly.  impossible to prevent replay with the MHS security services, it ON :can be detected and the effects of the threat eliminated.:F2Message sequencing threats include the following:2, a)Replay of messages0 b)Reordering of messages.J c)Pre-play of messages+JMd)Delay of messages5 !D.3Modification of Information!d PInformation fJmay involve authentication sequences from valid users, e.g., in replay or J. modification of messages., D.2Message Sequencing` LMessage sequencing threats occur when part or all of a message is repeated, L_ Ktime-shifted, or reordered. This can be used to exploit the authentication K` Linformation in a valid message and resequence or time-shift valid messages. Lc OAlthough it is> *Masquerade threats include the following:*=DJ)a)Impersonation and misuse of the MTS)5 !b)Falsely acknowledge receipt!> *c)Falsely claim to originate a message*@ ,d)Impersonation of an MTA to an MTS-user,@ ,e)Impersonation of an MTA to another MTA,b NA masquerade usually consists of other forms of attack and in a secure system N^ nauthorized access to MTS facilities or to act to the detrimentPb Nof the valid user, e.g., to discard his messages. An MTS-user may impersonate N` Lanother user and so falsely acknowledge receipt of a message by the "valid" L` Lrecipient. A message may be put into the MTS by a user falsely claiming the L` Lidentity of another user. An MTS-user, MS, or MTA may masquerade as another L* MTS-user, MS, or MTA. | Message Security Labelling | | Differing KJ6labelling policies | | 6V B+-------------------------------+-------------------------------+B$ D.1Masqueraded PMasquerade occurs when an entity successfully pretends to be a different entity PdJMPand can take place in a number of ways. An unauthorized MTS-user may impersonatePdJ Panother to gain u-----+-------------------------------+ | Originator not Jd Pcleared for | Secure Access Management | | Message Security Label P` L | Message Security Labelling | | MTA/MTS-user not cleared for | Secure Ld PAccess Management | | Security Context | Pd P | | Misrouting | Secure Access Management | | P_ K -+-------------------------------+ | Loss of confidentiality | J^ JConnection Confidentiality | | | Content J[ GConfidentiality | | Loss of anonymity | Message Flow Gd PConfidentiality | | Misappropriation of messages | Secure Access Management Pd P | | Traffic analysis | Message Flow Confidentiality | +- OTHER P^ JTHREATS ---------- | | MTS flooding PG 3 | | +- REPUDIATION 3d P-----------------+-------------------------------+ | Denial of origin P[DJG | Non-repudiation of Origin | | Denial of submission | GV BNon-repudiation of Submission | | Denial of delivery | BN :Non-repudiation of Delivery | +- LEAKAGE OF INFORMATION :^ J----- | | Destruction of messages Pd P | Message Sequence Integrity | | Corruption of routing and | Pd P | | other management information | P`J L | +- DENIAL OF SERVICE -----------+-------------------------------+ | Ld PDenial of communications | | | MTA flooding Pd P | Re-ordering of messages | KdPMessage Sequence Integrity | | Pre-play of messages | Pd P | | Delay of messages | P\ H | +- MODIFICATION OF INFORMATION -+-------------------------------+ | Hd PModification of messages | Connection Integrity | | PdJMP | Content Integrity an MTS-user |Pd PReport Origin Authentication | | | Secure Access Pd PManagement | | Impersonation of an MTA to | Report Origin AuthenticationPd P | | another MTA | Secure Access Management | +- MESSAGE Pd PSEQUENCING ----------+-------------------------------+ | Replay of messages P_ K | Message Sequence Integrity | | the MTS | Probe N^ JOrigin Authentication | | | Secure Access Jd PManagement | | Falsely acknowledge receipt | Proof of Delivery P` L | | Falsely claim to originate | Message Origin Authentication | | a Lc Omessage | | | Impersonation of Od Pan MTA to | Proof of submission | | es. The list of threats given here is indicative rather than definitive.OD 0Table .T.:13/X.402 Use of MHS Security Services0dDJP+-------------------------------+-------------------------------+ | THREAT PV B | SERVICES | +- MASQUERADE Bd P------------------+-------------------------------+ | Impersonation and misuse Pb N | Message Origin Authentication | | of malicious intent and may be activeP] Ior passive. Attacks on the MHS will address potential weaknesses and may Ib Ncomprise of a number of threats. This annex deals with individual threats and Nb Nalthough consideration is given to a number of broad classes of threat, it is N) not a complete list.aJ MTable 13/X.402 indicates how these threats can be met using the MHS security Mc Oserviceats, and message store threats. These OD 0threats can appear in various forms as follows:0$ a)Masquerade, b)Message sequencing5 !c)Modification of information!+d)Denial of service0 e)Leakage of information% f)Repudiation+ g)Other MHS threatsdJMPIn addition, they may occur by accident or byQUALITY ::= id-as-mhs-or-name%+ END -- of MHSDirectory G 3Annex D (to Recommendation X.402) Security Threats3D 0This annex is not a part of this Recommendation0d PAn overview of MHS security threats is provided in clause 15.1 of RecommendationP\ HX.400. This considers threats as they appear in an MHS: access threats, Hc Ointer-message threats, intra-message thr 7ORNamePattern, member-of-group [3] Name}74  .I.ty:ORNamePattern; ::= ORName ' -- MHS O/R Address` L.I.va:mhs-or-address-syntax; ATTRIBUTE-SYNTAX SYNTAX ORAddress LJ 6MATCHES FOR EQUALITY ::= id-as-mhs-or-address6$DJ-- MHS O/R Named P.I.va:mhs-or-name-syntax; ATTRIBUTE-SYNTAX SYNTAX ORName MATCHESP9 %FOR EAXES0 -- MHS DL Submit PermissionVB.I.va:mhs-dl-submit-permission-syntax; ATTRIBUTE-SYNTAX SYNTAX BS ?DLSubmitPermission MATCHES FOR EQUALITY ::= ?3 id-as-mhs-dl-submit-permissionc O.I.ty:DLSubmitPermission; ::= CHOICE { individual [0] OcJMOORName, member-of-dl [1] ORName, pattern-match [2] OK UTE-SYNTAXPSJ ?objectIdentifierSyntax MULTI VALUE ::= ?6 "id-at-mhs-supported-content-types"9 %-- MHS Supported Optional Attributes%d P.I.va:mhs-supported-optional-attributes; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?objectIdentifierSyntax MULTI VALUE ::= ?< (id-at-mhs-supported-optional-attributes(* -- ATTRIBUTE SYNT %id-at-mhs-preferred-delivery-methods%7 #-- MHS Supported Automatic Actions#d P.I.va:mhs-supported-automatic-actions; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?objectIdentifierSyntax MULTI VALUE ::= ?: &id-at-mhs-supported-automatic-actions&3 -- MHS Supported Content Typesd P.I.va:mhs-supported-content-types; ATTRIBUTE WITH ATTRIBed P.I.va:mhs-message-store; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?distinguishedNameSyntax SINGLE VALUE ::= ?, id-at-mhs-message-store6 "-- MHS Preferred Delivery Methods"d P.I.va:mhs-preferred-delivery-methods; ATTRIBUTE WITH ATTRIBUTE-SYNTAXP_DJKPreferredDeliveryMethod MATCHES FOR EQUALITY MULTI VALUE ::= K9WITH ATTRIBUTE-SYNTAXP_ Kmhs-dl-submit-permission-syntax MULTI VALUE ::= K4  id-at-mhs-dl-submit-permissions )-- MHS O/R Addressesd P.I.va:mhs-or-addresses; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?mhs-or-address-syntax MULTI VALUE ::= ?+ id-at-mhs-or-addresses)JM-- MHS Message StorIdentifierSyntax MULTI VALUE ::= ?/ id-at-mhs-deliverable-eits&J -- MHS DL Membersd P.I.va:mhs-dl-members; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?mhs-or-name-syntax MULTI VALUE ::= ?) id-at-mhs-dl-members1 -- MHS DL Submit Permissionsd P.I.va:mhs-dl-submit-permissions; ATTRIBUTE erable-content-lengthF5DJ!-- MHS Deliverable Content Types!d P.I.va:mhs-deliverable-content-types; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?objectIdentifierSyntax MULTI VALUE ::= ?8 $id-at-mhs-deliverable-content-types$, -- MHS Deliverable EITsd P.I.va:mhs-deliverable-eits; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?object;d Pmhs-deliverable-content-types, mhs-deliverable-eits,P JMJ 6mhs-or-address} ::= id-oc-mhs-user-agent6" -- ATTRIBUTES6 "-- MHS Deliverable Content Length"d P.I.va:mhs-deliverable-content-length; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPZ FintegerSyntax SINGLE VALUE ::= id-at-mhs-delivO ;mhs-message-store, ;S ?mhs-preferred-delivery-methods} ::= ?/ id-oc-mhs-residential-user& -- MHS User Agent[ G.I.va:mhs-user-agent; OBJECT-CLASS SUBCLASS OF GVBapplicationEntity MAY CONTAIN { owner, BO ;mhs-deliverable-content-length, id-oc-mhs-organizational-user, -- MHS Residential User[ G.I.va:mhs-residential-user; OBJECT-CLASS SUBCLASS OF Gc OresidentialPerson MUST CONTAIN { mhs-or-address} MAY OQ =CONTAIN { mhs-deliverable-content-length, =dJ Pmhs-deliverable-content-types, mhs-deliverable-eits,P  OorganizationalPerson MUST CONTAIN { mhs-or-address} MAY OQ =CONTAIN { mhs-deliverable-content-length, =d Pmhs-deliverable-content-types, mhs-deliverable-eits,P DJO ;mhs-message-store, ;S ?mhs-preferred-delivery-methods} ::= ?2 a:mhs-message-transfer-agent; OBJECT-CLASS SUBCLASS OF Gc OapplicationEntity MAY CONTAIN { description, owner, O S ?mhs-deliverable-content-length} ::= ?5 !id-oc-mhs-message-transfer-agent!/JM-- MHS Organizational User[ G.I.va:mhs-organizational-user; OBJECT-CLASS SUBCLASS OF Gc OapplicationEntity MAY CONTAIN { description, owner, O J O ;mhs-supported-optional-attributes, ;O ;mhs-supported-automatic-actions, ;S ?mhs-supported-content-types} ::= ?, id-oc-mhs-message-store2 -- MHS Message Transfer Agent[ G.I.v Pmhs-deliverable-content-types, mhs-deliverable-eits,P DJO ;mhs-dl-members, ;S ?mhs-preferred-delivery-methods} ::= ?0 id-oc-mhs-distribution-list) -- MHS Message Store[ G.I.va:mhs-message-store; OBJECT-CLASS SUBCLASS OF Gcibution Listd P.I.va:mhs-distribution-list; OBJECT-CLASS SUBCLASS OF top MUST POJM;CONTAIN { commonName, ;d Pmhs-dl-submit-permissions, mhs-or-addresses} MAYP] ICONTAIN { description, organization, I_ KorganizationalUnitName, owner, seeAlso, KdonName, G^ Jdescription, distinguishedNameSyntax, integerSyntax, JO ;objectIdentifierSyntax, organization, ;Y EorganizationalUnitName, owner, seeAlso ---- FROM Ea MSelectedAttributeTypes {joint-iso-ccitt  ds(5) modules(1) M/selectedAttributeTypes(5)}& -- OBJECT CLASSES- -- MHS DistrTAX, Name, OBJECT-CLASS Ma M---- FROM InformationFramework {joint-iso-ccitt  ds(5) modules(1) MbJ NinformationFramework(1)} -- Selected Object Classes applicationEntity, N] IorganizationalPerson, residentialPerson, top ---- FROM Ia MSelectedObjectClasses {joint-iso-ccitt  ds(5) modules(1) M[ GselectedObjectClasses(6)} -- Selected Attribute Types commrs {joint-iso-ccitt mhs-motis(6) arch(5) P_ Kmodules(0) object-identifiers(0)} -- MTS Abstract KY EService ORAddress, ORName, PreferredDeliveryMethod ---- FROM Ec OMTSAbstractService {joint-iso-ccitt mhs-motis(6) mts(3) O^ Jmodules(0) mTS-abstract-service(3)} -- Information Ja MFramework ATTRIBUTE, ATTRIBUTE-SYNmhs-supported-content-types, ;O ;id-at-mhs-supported-optional-attributes, ;O ;id-oc-mhs-distribution-list, id-oc-mhs-message-store, ;O ;id-oc-mhs-message-transfer-agent, ;d Pid-oc-mhs-organizational-user, id-oc-mhs-residential-user, id-oc-mhs-user-agent,P DJd P---- FROM MHSObjectIdentifie ;id-at-mhs-deliverable-content-length, ;O ;id-at-mhs-deliverable-content-types, ;O;id-at-mhs-deliverable-eits, id-at-mhs-dl-members, ;O ;id-at-mhs-dl-submit-permissions, id-at-mhs-message-store, ;R >id-at-mhs-or-addresses, id-at-mhs-preferred-delivery-methods, >O ;id-at-mhs-supported-automatic-actions, ;OJM;id-at-  ---------- dJ P.I.mo:MHSDirectoryObjectsAndAttributes; {joint-iso-ccitt mhs-motis(6) arch(5) PQ =modules(0) directory(1)} DEFINITIONS IMPLICIT TAGS ::= BEGIN=  -- Prologue + -- Exports everything.O ;IMPORTS -- MHS Object Identifiers ;b Nid-as-mhs-dl-submit-permission, id-as-mhs-or-address, id-as-mhs-or-name, NO X.402) Reference Definition of Directory Object K+ Classes and AttributesK 7This annex is an integral part of this Recommendation.7c OThis annex, a supplement to annex A, defines for reference purposes the object Oa Mclasses, attributes, and attribute syntaxes specific to Message Handling. It Md Puses the OBJECT-CLASS, ATTRIBUTE, and ATTRIBUTE-SYNTAX macros of Recommendation P X.501. {id-at 9} AU A.I.va:id-at-mhs-supported-optional-attributes; ID ::= {id-at 10}A* -- Attribute syntaxesK 7.I.va:id-as-mhs-dl-submit-permission; ID ::= {id-as 0} 7d P.I.va:id-as-mhs-or-address; ID ::= {id-as 1} .I.va:id-as-mhs-or-name; P2  ID ::= {id-as 2}3 END -- of MHSObjectIdentifiers _DJKAnnex C (to Recommendation A.I.va:id-at-mhs-dl-submit-permissions; ID ::= {id-at 4} AU A.I.va:id-at-mhs-message-store; ID ::= {id-at 5} AU A.I.va:id-at-mhs-or-addresses; ID ::= {id-at 6} AU A.I.va:id-at-mhs-preferred-delivery-methods; ID ::= {id-at 7} AU A.I.va:id-at-mhs-supported-automatic-actions; ID ::= {id-at 8} AUA.I.va:id-at-mhs-supported-content-types; ID ::=er; ID ::= {id-oc 4} 9M 9.I.va:id-oc-mhs-user-agent; ID ::= {id-oc 5}9" -- AttributesU A.I.va:id-at-mhs-deliverable-content-length; ID ::= {id-at 0} AUJ A.I.va:id-at-mhs-deliverable-content-types; ID ::= {id-at 1} AU A.I.va:id-at-mhs-deliverable-eits; ID ::= {id-at 2} AU A.I.va:id-at-mhs-dl-members; ID ::= {id-at 3} AUJMO.I.va:id-directory-objects-and-attributes; ID ::= {id-mod 1} -- not definitiveO& -- Object classesM 9.I.va:id-oc-mhs-distribution-list; ID ::= {id-oc 0} 9MDJ9.I.va:id-oc-mhs-message-store; ID ::= {id-oc 1} 9M 9.I.va:id-oc-mhs-message-transfer-agent; ID ::= {id-oc 2} 9M 9.I.va:id-oc-mhs-organizational-user; ID ::= {id-oc 3} 9M 9.I.va:id-oc-mhs-residential-us6)} -- Reserved.H" -- Categoriesd P.I.va:id-mod; ID ::= {id-arch 0} -- modules; not definitive .I.va:id-oc; ID ::=P` L{id-arch 1} -- object classes .I.va:id-at; ID ::= {id-arch 2} -- attribute LQ =types .I.va:id-as; ID ::= {id-arch 3} -- attribute syntaxes=  -- Modules c O.I.va:id-object-identifiers; ID ::= {id-mod 0} -- not definitive Oc) mts (3)} -- Message Transfer Oc OSystem -- See Recommendation X.411. .I.va:id-ms; ID ::= {joint-iso-ccitt Od Pmhs-motis(6) ms (4)} -- Message Store -- See RecommendationPd PX.413. .I.va:id-arch; ID ::= {joint-iso-ccitt mhs-motis(6) arch (5)} -- OverallPVBArchitecture -- See this Recommendation. .I.va:id-group; ID ::= B\ H{joint-iso-ccitt mhs-motis(6) group(ts -- See Recommendation X.419. .I.va:id-ipms; ID ::=P`J L{joint-iso-ccitt mhs-motis(6) ipms (1)} -- Interpersonal LW CMessaging -- See Recommendation X.420. .I.va:id-asdc; ID ::= Cc O{joint-iso-ccitt mhs-motis(6) asdc (2)} -- Abstract Service Od PDefinition Conventions -- See Recommendation X.407. .I.va:id-mts; ID ::=Pc O{joint-iso-ccitt mhs-motis(6rs; {joint-iso-ccitt mhs-motis(6) arch(5) PZ Fmodules(0) object-identifiers(0)} DEFINITIONS IMPLICIT TAGS ::= BEGINF  -- Prologue + -- Exports everything.,DJIMPORTS -- nothing -- ;4  .I.ty:ID; ::= OBJECT IDENTIFIER # -- MHS AspectsZ F.I.va:id-mhsac; ID ::= {joint-iso-ccitt mhs-motis(6) mhsac(0)} -- MHS Fd PApplication Contexule of annex C. It uses ASN.1.,c OAll Object Identifiers this Recommendation assigns are assigned in this annex. Od PThe annex is definitive for all but those for ASN.1 modules and MHS itself. The Pa Mdefinitive assignments for the former occur in the modules themselves; other MV Breferences to them appear in IMPORT clauses. The latter is fixed.BJM ---------- d P.I.mo:MHSObjectIdentifieNd Pidentical, attribute by attribute. Additionally, equality may be declared under P? +other conditions which are a local matter.+ aMAnnex B (to Recommendation X.402) Reference Definition of Object IdentifiersMK 7This annex is an integral part of this Recommendation.7b NThis annex defines for reference purposes various Object Identifiers cited in N@ ,the ASN.1 mod &conditions specified in clause 18.4. &+DJA.3.3MHS O/R Name` LThe .I.ot:MHS O/R Name; attribute syntax characterizes an attribute each of L1 whose values is an O/R name.dJ P.I.va:mhs-or-name-syntax; ATTRIBUTE-SYNTAX SYNTAX ORName MATCHESP9 %FOR EQUALITY ::= id-as-mhs-or-name%b NA presented O/R name value is equal to a target O/R name value if the two are er. ,.JMA.3.2MHS O/R Addressc OThe .I.ot:MHS O/R Address; attribute syntax characterizes an attribute each of O4  whose values is an O/R address. ` L.I.va:mhs-or-address-syntax; ATTRIBUTE-SYNTAX SYNTAX ORAddress LJ 6MATCHES FOR EQUALITY ::= id-as-mhs-or-address6c OA presented O/R address value is equal to a target O/R address value under the O: /R name pattern. 4  .I.ty:ORNamePattern; ::= ORName d Pd)Member-of-group: Each member of the group-of-names whose name is specified,PC /or of each nested group-of-names, recursively./] IA presented value is equal to a target value of this type if the two are Id Pidentical, attribute by attribute. Additionally, equality may be declared under P@ ,other conditions which are a local mattowing zero or more users and DLs:&d Pa)Individual: The user or (unexpanded) DL any of whose O/R names is equal to P, the specified O/R name.d Pb)Member-of-dl: Each member of the DL, any of whose O/R names is equal to thePK 7specified O/R name, or of each nested DL, recursively.7d Pc)Pattern-match: Each user or (unexpanded) DL any of whose O/R names matches P4 the specified Ossionc O.I.ty:DLSubmitPermission; ::= CHOICE { individual [0] OcDJOORName, member-of-dl [1] ORName, pattern-match [2] OKJ 7ORNamePattern, member-of-group [3] Name}7X DA presented DL submit permission value shall be of type Individual.Da MA DL submit permission, depending upon its type, grants submit access to the M: &follecific to Message Handling are those specified below.O7 #A.3.1MHS DL Submit Permission#d PThe .I.ot:MHS DL Submit Permission; attribute syntax characterizes an attribute PA -each of whose values is a submit permission.-V B.I.va:mhs-dl-submit-permission-syntax; ATTRIBUTE-SYNTAX SYNTAX BS ?DLSubmitPermission MATCHES FOR EQUALITY ::= ?3 id-as-mhs-dl-submit-permidentifies the optional O:&attributes that an MS fully supports.&G 3A value of this attribute is an Object Identifier.3d P.I.va:mhs-supported-optional-attributes; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?objectIdentifierSyntax MULTI VALUE ::= ?< (id-at-mhs-supported-optional-attributes(,JMA.3Attribute Syntaxesc OThe attribute syntaxes spntax and semantics a MS fully supports.=G 3A value of this attribute is an Object Identifier.3d P.I.va:mhs-supported-content-types; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?objectIdentifierSyntax MULTI VALUE ::= ?6 "id-at-mhs-supported-content-types"@ ,A.2.11MHS Supported Optional Attributes,c OThe .I.ot:MHS Supported Optional Attributes; attribute ialue of this attribute is an Object Identifier.3d P.I.va:mhs-supported-automatic-actions; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPSJ ?objectIdentifierSyntax MULTI VALUE ::= ?:DJ&id-at-mhs-supported-automatic-actions&: &A.2.10MHS Supported Content Types&d PThe .I.ot:MHS Supported Content Types; attribute identifies the content types ofPQ =the messages whose sy P.I.va:mhs-preferred-delivery-methods; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPc OReqiestedDeliveryMethod MATCHES FOR EQUALITY SINGLE VALUE ::= id-O6 "at-mhs-preferred-delivery-methods"> *A.2.9MHS Supported Automatic Actions*b NThe .I.ot:MHS Supported Automatic Actions; attribute identifies the automatic N7 #actions that an MS fully supports.#G 3A vWITH ATTRIBUTE-SYNTAXPS ?mhs-or-address-syntax MULTI VALUE ::= ?+id-at-mhs-or-addresses= )A.2.8MHS Preferred Delivery Methods)` LThe .I.ot:MHS Preferred Delivery Methods; attribute identifies, in order of LSJM?decreasing preference, the methods of delivery a user prefers.?N :A value of this attribute is a preferred delivery method.:dore; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?distinguishedNameSyntax SINGLE VALUE ::= ?, id-at-mhs-message-store0 A.2.7MHS O/R AddressesZ FThe .I.ot:MHS O/R Addresses; attribute specifies a user's or DL's O/R F  addresses. A -A value of this attribute is an O/R address.-d P.I.va:mhs-or-addresses; ATTRIBUTE I.va:mhs-dl-submit-permissions; ATTRIBUTE WITH ATTRIBUTE-SYNTAXP_ Kmhs-dl-submit-permission-syntax MULTI VALUE ::= K4J  id-at-mhs-dl-submit-permissions 0 A.2.6MHS Message Store[ GThe .I.ot:MHS Message Store; attribute identifies a user's MS by name.GSDJ?The value of this attribute is a Directory distinguished name.?d P.I.va:mhs-message-sts; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?mhs-or-name-syntax MULTI VALUE ::= ?) id-at-mhs-dl-members8 $A.2.5MHS DL Submit Permissions$d PThe .I.ot:MHS DL Submit Permissions; attribute identifies the users and DLs thatP1 may submit messages to a DL.I 5A value of this attribute is a DL submit permission.5d P.is an Object Identifier.3d P.I.va:mhs-deliverable-eits; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPS ?objectIdentifierSyntax MULTI VALUE ::= ?/ id-at-mhs-deliverable-eits- A.2.4MHS DL MembersS?The .I.ot:MHS DL Members; attribute identifies a DL's members.?>JM*A value of this attribute is an O/R name.*d P.I.va:mhs-dl-memberd P.I.va:mhs-deliverable-content-types; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPSDJ?objectIdentifierSyntax MULTI VALUE ::= ?8 $id-at-mhs-deliverable-content-types$3 A.2.3MHS Deliverable EITsb NThe .I.ot:MHS Deliverable EITs; attribute identifies the EITs of the messages N7 #whose delivery a user will accept.#G 3A value of this attribute P.I.va:mhs-deliverable-content-length; ATTRIBUTE WITH ATTRIBUTE-SYNTAXPZ FintegerSyntax SINGLE VALUE ::= id-at-mhs-deliverable-content-lengthF<J (A.2.2MHS Deliverable Content Types(d PThe .I.ot:MHS Deliverable Content Types; attribute identifies the content types PG 3of the messages whose delivery a user will accept.3G 3A value of this attribute is an Object Identifier.3r-addresses} ::= id-oc-mhs-user-agent6$ A.2Attributes[ GThe attributes specific to Message Handling are those specified below.G= )A.2.1MHS Deliverable Content Length)_ KThe .I.ot:MHS Deliverable Content Length; attribute identifies the maximum KV Bcontent length of the messages whose delivery a user will accept.B= )A value of this attribute is an Integer.)dits M^ Jdeliverable content length, content types, and EITs; and its O/R address.J [ G.I.va:mhs-user-agent; OBJECT-CLASS SUBCLASS OF GZ FapplicationEntity MAY CONTAIN { owner, mhs-F` Ldeliverable-content-length, mhs-deliverable-content-types, mhs-deliverable-L eits,  JMJ6mhs-oO ;mhs-message-store, ;SJM?mhs-preferred-delivery-methods} ::= ?- id-oc-mhs  0DJA.1.5^^^MHS User Agent c O^^^^^^An MHS User Agent; object is an AE that realizes a UA. The attributes in Oa Mits entry, to the extent that they are present, identify the UA's owner; =types, and EITs; its MS; and its preferred delivery methods.= [DJG.I.va:mhs-user; OBJECT-CLASS SUBCLASS OF Gd PORGANIZATIONALPERSON MUST CONTAIN { mhs-or-addresses} MAYPa MCONTAIN { mhs-deliverable-content-length, mhs-deliverable-MG 3content-types, mhs-deliverable-eits, 3  * A.1.4^^^MHS User d P^^^^^^An MHS User object is a generic MHS user. (The generic user can have, for Pd Pexample, a business address, a residential address, or both.) The attributes in PcJMOits entry identify the user's O/R address and, to the extent that the relevant Od Pattributes are present, identify the user's deliverable content length, content PQt they are present, describe the MTA OO ;and identify its owner and its deliverable content length.;[ G.I.va:mhs-message-transfer-agent; OBJECT-CLASS SUBCLASS OF Gc OapplicationEntity MAY CONTAIN { description, owner, O J S ?mhs-deliverable-content-length} ::= ?5 !id-oc-mhs-message-transfer-agent!;mhs-supported-optional-attributes, ;OJM;mhs-supported-automatic-actions, ;S ?mhs-supported-content-types} ::= ?, id-oc-mhs-message-store9 %A.1.3MHS Message Transfer Agent%d PAn .I.ot:MHS Message Transfer Agent; object is an AE that implements an MTA. ThePcOattributes in its entry, to the extent thabutes Pd Pin its entry, to the extent that they are present, describe the MS, identify itsPa Mowner, and enumerate the optional attributes, automatic actions, and content M' types it supports.[DJG.I.va:mhs-message-store; OBJECT-CLASS SUBCLASS OF Gc OapplicationEntity MAY CONTAIN { description, owner, O  O dJ Pmhs-deliverable-content-types, mhs-deliverable-eits,P  O ;mhs-dl-members, ;S ?mhs-preferred-delivery-methods} ::= ?0 id-oc-mhs-distribution-list0 A.1.2MHS Message Stored PAn .I.ot:MHS Message Store; object is an AE that realizes an MS. The attridelivery methods.d P.I.va:mhs-distribution-list; OBJECT-CLASS SUBCLASS OF top MUST PO ;CONTAIN { commonName, ;dPmhs-dl-submit-permissions, mhs-or-addresses} MAYP] ICONTAIN { description, organization, I_ KorganizationalUnitName, owner, seeAlso, K LAn .I.ot:MHS Distribution List; object is a DL. The attributes in its entry L`JMLidentify its common name, submit permissions, and O/R addresses and, to the Lc Oextent that the relevant attributes are present, describe the DL, identify its O] Iorganization, organizational units, and owner; cite related objects; and Id Pidentify its deliverable content types, deliverable EITs, members, and preferredP& respectively.` LTemporary note The details of this annex are subject to modification as a Ld Presult of the final meeting of the CCITT Special Rapporteur on Directory SystemsP> *(Q35/VII) in Gloucester in November 1987.*( A.1Object Classes_DJKThe object classes specific to Message Handling are those specified below.K4  A.1.1MHS Distribution List `of annex C. It uses ASN^ JAnnex A (to Recommendation X.402) Directory Object Classes and AttributesJK 7This annex is an integral part of this Recommendation.7] ISeveral Directory object classes, attributes, and attribute syntaxes are Ic Ospecific to Message Handling. These are defined in the present annex using the Ob NOBJECT-CLASS, ATTRIBUTE, and ATTRIBUTE-SYNTAX macros of Recommendation X.501, N"