WPCL 2BJ|x ` @    x|@  6'6' Annexes  ( Annex A (to Recommendation X.402) Directory Object Classes and Attributes This annex is an integral part of this Recommendation. Several Directory object classes, attributes, and attribute syntaxes are specific to Message Handling. These are defined in the present annex using the OBJECTCLASS, ATTRIBUTE, and ATTRIBUTESYNTAX macros of Recommendation X.501, respectively.   Temporary note The details of this annex are subject to modification as a result of the final meeting of the CCITT Special Rapporteur on Directory Systems (Q35/VII) in Gloucester in November 1987. A.1Object Classes The object classes specific to Message Handling are those specified below. A.1.1MHS Distribution List An .I.ot:MHS Distribution List; object is a DL. The attributes in its entry identify its common name, submit permissions, and O/R addresses and, to the extent that the relevant attributes are present, describe the DL, identify its organization, organizational units, and owner; cite related objects; and identify its deliverable content types, deliverable EITs, members, and preferred delivery methods. .I.va:mhsdistributionlist; OBJECTCLASS *1SUBCLASS OF top MUST CONTAIN { commonName, @  mhsdlsubmitpermissions, 455P6mhsoraddresses} MAY CONTAIN {  @ description, %1organization, organizationalUnitName,  @ owner, seeAlso, mhsdeliverablecontenttypes, G!Hmhsdeliverableeits, mhsdlmembers, $11p2 mhspreferreddeliverymethods}  ::= idocmhsdistributionlist A.1.2MHS Message Store   An .I.ot:MHS Message Store; object is an AE that realizes an MS. The attributes in its entry, to the extent that they are present, describe the MS, identify its owner, and enumerate the optional attributes, automatic actions, and content types it supports. .I.va:mhsmessagestore; OBJECTCLASS &1SUBCLASS OF applicationEntity O%PMAY CONTAIN { @ description, owner, mhssupportedoptionalattributes, Qp&R mhssupportedautomaticactions, 1 mhssupportedcontenttypes} O%P::= idocmhsmessagestore A.1.3MHS Message Transfer Agent An .I.ot:MHS Message Transfer Agent; object is an AE that implements an MTA. The attributes in its entry, to the extent that they are present, describe the MTA and identify its owner and its deliverable content length. .I.va:mhsmessagetransferagent; OBJECTCLASS /1SUBCLASS OF applicationEntity O%PMAY CONTAIN { @ description, owner, mhsdeliverablecontentlength} 1::= idocmhsmessagetransferagent A.1.4MHS User An MHS User object is a generic MHS user. (The generic user can have, for example, a business address, a residential address, or both.) The attributes in its entry identify the user's O/R address and, to the extent that the relevant attributes are present, identify the user's deliverable content length, content types, and EITs; its MS; and its preferred delivery methods. .I.va:mhsuser; OBJECTCLASS 1SUBCLASS OF ORGANIZATIONALPERSON R&SMUST CONTAIN { @ mhsoraddresses} MAY CONTAIN { 8990:mhsdeliverablecontentlength, mhsdeliverable contenttypes, (1mhsdeliverableeits, mhsmessagestore, @ 1 mhspreferreddeliverymethods} R&S::= idocmhs A.1.5MHS User Agent An MHS User Agent; object is an AE that realizes a UA. The attributes in its entry, to the extent that they are present, identify the UA's owner; its deliverable content length, content types, and EITs; and its O/R address. .I.va:mhsuseragent; OBJECTCLASS #1SUBCLASS OF applicationEntity O%PMAY CONTAIN { @ owner, mhs deliverablecontentlength, @xAmhsdeliverablecontenttypes, mhsdeliverable eits, mhsoraddresses} :;::= idocmhsuseragent A.2Attributes The attributes specific to Message Handling are those specified below. A.2.1MHS Deliverable Content Length The .I.ot:MHS Deliverable Content Length; attribute identifies the maximum content length of the messages whose delivery a user will accept. A value of this attribute is an Integer. .I.va:mhsdeliverablecontentlength; ATTRIBUTE 01WITH ATTRIBUTESYNTAX integerSyntax SINGLE VALUE @ ::= idatmhsdeliverablecontentlength A.2.2MHS Deliverable Content Types The .I.ot:MHS Deliverable Content Types; attribute identifies the content types of the messages whose delivery a user will accept. A value of this attribute is an Object Identifier. .I.va:mhsdeliverablecontenttypes; ATTRIBUTE /1WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhsdeliverablecontenttypes A.2.3MHS Deliverable EITs The .I.ot:MHS Deliverable EITs; attribute identifies the EITs of the messages whose delivery a user will accept. A value of this attribute is an Object Identifier. .I.va:mhsdeliverableeits; ATTRIBUTE &1WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhsdeliverableeits A.2.4MHS DL Members The .I.ot:MHS DL Members; attribute identifies a DL's members. A value of this attribute is an O/R name. .I.va:mhsdlmembers; ATTRIBUTE 1WITH ATTRIBUTESYNTAX mhsornamesyntax @ MULTI VALUE $1::= idatmhsdlmembers A.2.5MHS DL Submit Permissions The .I.ot:MHS DL Submit Permissions; attribute identifies the users and DLs that may submit messages to a DL. A value of this attribute is a DL submit permission. .I.va:mhsdlsubmitpermissions; ATTRIBUTE +1WITH ATTRIBUTESYNTAX mhsdlsubmitpermissionsyntax 1MULTI VALUE ::= idatmhsdlsubmitpermissions A.2.6MHS Message Store The .I.ot:MHS Message Store; attribute identifies a user's MS by name. The value of this attribute is a Directory distinguished name. .I.va:mhsmessagestore; ATTRIBUTE #1WITH ATTRIBUTESYNTAX distinguishedNameSyntax @ SINGLE VALUE %1::= idatmhsmessagestore A.2.7MHS O/R Addresses The .I.ot:MHS O/R Addresses; attribute specifies a user's or DL's O/R addresses. A value of this attribute is an O/R address. .I.va:mhsoraddresses; ATTRIBUTE "1WITH ATTRIBUTESYNTAX mhsoraddresssyntax @ MULTI VALUE $1::= idatmhsoraddresses A.2.8MHS Preferred Delivery Methods The .I.ot:MHS Preferred Delivery Methods; attribute identifies, in order of decreasing preference, the methods of delivery a user prefers. A value of this attribute is a preferred delivery method. .I.va:mhspreferreddeliverymethods; ATTRIBUTE 01WITH ATTRIBUTESYNTAX ReqiestedDeliveryMethod @ MATCHES FOR EQUALITY -1SINGLE VALUE ::= id atmhspreferreddeliverymethods A.2.9MHS Supported Automatic Actions The .I.ot:MHS Supported Automatic Actions; attribute identifies the automatic actions that an MS fully supports. A value of this attribute is an Object Identifier. ,Ԍ.I.va:mhssupportedautomaticactions; ATTRIBUTE 1p2WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhssupportedautomaticactions A.2.10MHS Supported Content Types The .I.ot:MHS Supported Content Types; attribute identifies the content types of the messages whose syntax and semantics a MS fully supports. A value of this attribute is an Object Identifier. .I.va:mhssupportedcontenttypes; ATTRIBUTE -1WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhssupportedcontenttypes A.2.11MHS Supported Optional Attributes The .I.ot:MHS Supported Optional Attributes; attribute identifies the optional attributes that an MS fully supports. A value of this attribute is an Object Identifier. .I.va:mhssupportedoptionalattributes; ATTRIBUTE 3`4WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhssupportedoptionalattributes A.3Attribute Syntaxes The attribute syntaxes specific to Message Handling are those specified below. A.3.1MHS DL Submit Permission The .I.ot:MHS DL Submit Permission; attribute syntax characterizes an attribute each of whose values is a submit permission. .I.va:mhsdlsubmitpermissionsyntax; ATTRIBUTESYNTAX 89SYNTAX DLSubmitPermission MATCHES FOR EQUALITY 1::= idasmhsdlsubmitpermission .I.ty:DLSubmitPermission; ::= CHOICE { '1individual [0] ORName, M$Nmemberofdl [1] ORName, 1patternmatch [2] ORNamePattern, memberofgroup [3] Name} A presented DL submit permission value shall be of type Individual. A DL submit permission, depending upon its type, grants submit access to the following zero or more users and DLs: a)Individual: The user or (unexpanded) DL any of whose O/R names is equal to the specified O/R name. b)Memberofdl: Each member of the DL, any of whose O/R names is equal to the specified O/R name, or of each nested DL, recursively. c)Patternmatch: Each user or (unexpanded) DL any of whose O/R names matches the specified O/R name pattern. .I.ty:ORNamePattern; ::= ORName d)Memberofgroup: Each member of the groupofnames whose name is specified, or of each nested groupofnames, recursively. A presented value is equal to a target value of this type if the two are identical, attribute by attribute. Additionally, equality may be declared under other conditions which are a local matter. A.3.2MHS O/R Address The .I.ot:MHS O/R Address; attribute syntax characterizes an attribute each of whose values is an O/R address. .I.va:mhsoraddresssyntax; ATTRIBUTESYNTAX .1SYNTAX ORAddress MATCHES FOR EQUALITY ::= idasmhsoraddress A presented O/R address value is equal to a target O/R address value under the conditions specified in clause 18.4. A.3.3MHS O/R Name The .I.ot:MHS O/R Name; attribute syntax characterizes an attribute each of whose values is an O/R name. .I.va:mhsornamesyntax; ATTRIBUTESYNTAX +1SYNTAX ORName MATCHES FOR EQUALITY ::= idasmhsorname A presented O/R name value is equal to a target O/R name value if the two are identical, attribute by attribute. Additionally, equality may be declared under other conditions which are a local matter. Annex B (to Recommendation X.402) Reference Definition of Object Identifiers This annex is an integral part of this Recommendation. This annex defines for reference purposes various Object Identifiers cited in the ASN.1 module of annex C. It uses ASN.1. All Object Identifiers this Recommendation assigns are assigned in this annex. The annex is definitive for all but those for ASN.1 modules and MHS itself. The definitive assignments for the former occur in the modules themselves; other references to them appear in IMPORT clauses. The latter is fixed. .I.mo:MHSObjectIdentifiers; {jointisoccitt -1mhsmotis(6) arch(5) modules(0) objectidentifiers(0)} DEFINITIONS IMPLICIT TAGS ::= BEGIN Prologue Exports everything. IMPORTS nothing ; .I.ty:ID; ::= OBJECT IDENTIFIER MHS Aspects .I.va:idmhsac; ID ::= {jointisoccitt mhsmotis(6) mhsac(0)} MHS Application Contexts  See Recommendation X.419. .I.va:idipms; ID ::= {jointisoccitt mhsmotis(6) ipms (1)} @  Interpersonal Messaging 3`4 See Recommendation X.420. .I.va:idasdc; ID ::= {jointisoccitt mhsmotis(6) asdc (2)} >? Abstract Service Definition Conventions 1 See Recommendation X.407. .I.va:idmts; ID ::= {jointisoccitt mhsmotis(6) mts (3)} ; < Message Transfer System  See Recommendation X.411. .I.va:idms; ID ::= {jointisoccitt mhsmotis(6) ms (4)} @  Message Store )1 See Recommendation X.413. .I.va:idarch; ID ::= {jointisoccitt mhsmotis(6) arch (5)} Overall Architecture  See this Recommendation. .I.va:idgroup; ID ::= {jointisoccitt mhsmotis(6) group(6)} @  Reserved. Categories .I.va:idmod; ID ::= {idarch 0} modules; not definitive .I.va:idoc; ID ::= {idarch 1} object classes .I.va:idat; ID ::= {idarch 2} attribute types .I.va:idas; ID ::= {idarch 3} attribute syntaxes Modules .I.va:idobjectidentifiers; ID ::= {idmod 0} not definitive .I.va:iddirectoryobjectsandattributes; ID ::= {idmod 1} not definitive Object classes .I.va:idocmhsdistributionlist; ID ::= {idoc 0} .I.va:idocmhsmessagestore; ID ::= {idoc 1} .I.va:idocmhsmessagetransferagent; ID ::= {idoc 2} .I.va:idocmhsorganizationaluser; ID ::= {idoc 3} .I.va:idocmhsresidentialuser; ID ::= {idoc 4} .I.va:idocmhsuseragent; ID ::= {idoc 5} Attributes .I.va:idatmhsdeliverablecontentlength; ID ::= {idat 0} .I.va:idatmhsdeliverablecontenttypes; ID ::= {idat 1} .I.va:idatmhsdeliverableeits; ID ::= {idat 2} .I.va:idatmhsdlmembers; ID ::= {idat 3} .I.va:idatmhsdlsubmitpermissions; ID ::= {idat 4} .I.va:idatmhsmessagestore; ID ::= {idat 5} .I.va:idatmhsoraddresses; ID ::= {idat 6} .I.va:idatmhspreferreddeliverymethods; ID ::= {idat 7} .I.va:idatmhssupportedautomaticactions; ID ::= {idat 8} .I.va:idatmhssupportedcontenttypes; ID ::= {idat 9} .I.va:idatmhssupportedoptionalattributes; ID ::= {idat 10} Attribute syntaxes .I.va:idasmhsdlsubmitpermission; ID ::= {idas 0} .I.va:idasmhsoraddress; ID ::= {idas 1} .I.va:idasmhsorname; ID ::= {idas 2} END of MHSObjectIdentifiers Annex C (to Recommendation X.402) Reference Definition of Directory Object Classes and Attributes This annex is an integral part of this Recommendation. This annex, a supplement to annex A, defines for reference purposes the object classes, attributes, and attribute syntaxes specific to Message Handling. It uses the OBJECTCLASS, ATTRIBUTE, and ATTRIBUTESYNTAX macros of Recommendation X.501. ,Ԍ .I.mo:MHSDirectoryObjectsAndAttributes; {jointisoccitt 90:mhsmotis(6) arch(5) modules(0) directory(1)} DEFINITIONS IMPLICIT TAGS ::= BEGIN Prologue Exports everything. IMPORTS  MHS Object Identifiers &1 idasmhsdlsubmitpermission, idasmhsoraddress, @ idasmhsorname, idatmhsdeliverablecontentlength, Qp&R idatmhsdeliverablecontenttypes, $1 idatmhsdeliverableeits, idatmhsdlmembers, @  idatmhsdlsubmitpermissions, idatmhsmessagestore,  idatmhsoraddresses, idatmhspreferreddeliverymethods, idatmhssupportedautomaticactions, !1 idatmhssupportedcontenttypes,  idatmhssupportedoptionalattributes, 67 idocmhsdistributionlist, idocmhsmessagestore, 1 idocmhsmessagetransferagent,  idocmhsorganizationaluser, idocmhsresidentialuser, idocmhsuseragent,  FROM MHSObjectIdentifiers {jointisoccitt 7@8mhsmotis(6) arch(5) modules(0) objectidentifiers(0)} 1 MTS Abstract Service I"JJ(#KORAddress, ORName, PreferredDeliveryMethod $1 FROM MTSAbstractService {jointisoccitt @ mhsmotis(6) mts(3) modules(0) mTSabstractservice(3)} P%Q Information Framework 11p2ATTRIBUTE, ATTRIBUTESYNTAX, Name, OBJECTCLASS @ 1FROM InformationFramework {jointisoccitt  ds(5) modules(1) informationFramework(1)} 7@8 Selected Object Classes applicationEntity, organizationalPerson, residentialPerson, @xAtop FROM SelectedObjectClasses {jointisoccitt $1 ds(5) modules(1) selectedObjectClasses(6)} @  Selected Attribute Types 45commonName, description, distinguishedNameSyntax, @ integerSyntax, objectIdentifierSyntax, organization, M$N organizationalUnitName, owner, seeAlso $1 FROM SelectedAttributeTypes {jointisoccitt @  ds(5) modules(1) selectedAttributeTypes(5)} OBJECT CLASSES MHS Distribution List .I.va:mhsdistributionlist; OBJECTCLASS *1SUBCLASS OF top MUST CONTAIN { P%QQp&RcommonName, @  mhsdlsubmitpermissions, 455P6mhsoraddresses} MAY CONTAIN {  description, 1organization, organizationalUnitName,  owner, seeAlso, mhsdeliverablecontenttypes, ; <mhsdeliverableeits, mhsdlmembers, @ 1 mhspreferreddeliverymethods} R&S::= idocmhsdistributionlist MHS Message Store .I.va:mhsmessagestore; OBJECTCLASS &1SUBCLASS OF applicationEntity O%PMAY CONTAIN { @ description, owner, mhssupportedoptionalattributes, Qp&R mhssupportedautomaticactions, 1 mhssupportedcontenttypes} O%P::= idocmhsmessagestore MHS Message Transfer Agent .I.va:mhsmessagetransferagent; OBJECTCLASS /1SUBCLASS OF applicationEntity O%PMAY CONTAIN { @ description, owner, mhsdeliverablecontentlength} N%O::= idocmhsmessagetransferagent MHS Organizational User .I.va:mhsorganizationaluser; OBJECTCLASS ,1SUBCLASS OF organizationalPerson R&SMUST CONTAIN { @ mhsoraddress} MAY CONTAIN { 677@8mhsdeliverablecontentlength, mhsdeliverablecontenttypes, '1mhsdeliverableeits, mhsmessagestore, @ 1 mhspreferreddeliverymethods} R&S::= idocmhsorganizationaluser MHS Residential User .I.va:mhsresidentialuser; OBJECTCLASS )1SUBCLASS OF residentialPerson O%PMUST CONTAIN { @ mhsoraddress} MAY CONTAIN { 677@8mhsdeliverablecontentlength, mhsdeliverablecontenttypes, '1mhsdeliverableeits, mhsmessagestore, @ 1 mhspreferreddeliverymethods} R&S::= idocmhsresidentialuser MHS User Agent .I.va:mhsuseragent; OBJECTCLASS #1SUBCLASS OF applicationEntity O%PMAY CONTAIN { @ owner, mhsdeliverablecontentlength, ?@ mhsdeliverablecontenttypes, @ mhsdeliverableeits, mhsoraddress} @ ::= idocmhsuseragent ATTRIBUTES MHS Deliverable Content Length .I.va:mhsdeliverablecontentlength; ATTRIBUTE 01WITH ATTRIBUTESYNTAX integerSyntax SINGLE VALUE @ ::= idatmhsdeliverablecontentlength MHS Deliverable Content Types .I.va:mhsdeliverablecontenttypes; ATTRIBUTE /1WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhsdeliverablecontenttypes MHS Deliverable EITs .I.va:mhsdeliverableeits; ATTRIBUTE &1WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhsdeliverableeits MHS DL Members .I.va:mhsdlmembers; ATTRIBUTE 1WITH ATTRIBUTESYNTAX mhsornamesyntax @ MULTI VALUE $1::= idatmhsdlmembers MHS DL Submit Permissions .I.va:mhsdlsubmitpermissions; ATTRIBUTE +1WITH ATTRIBUTESYNTAX mhsdlsubmitpermissionsyntax 1MULTI VALUE ::= idatmhsdlsubmitpermissions MHS O/R Addresses .I.va:mhsoraddresses; ATTRIBUTE "1WITH ATTRIBUTESYNTAX mhsoraddresssyntax @ MULTI VALUE $1::= idatmhsoraddresses MHS Message Store .I.va:mhsmessagestore; ATTRIBUTE #1WITH ATTRIBUTESYNTAX distinguishedNameSyntax @ SINGLE VALUE %1::= idatmhsmessagestore MHS Preferred Delivery Methods .I.va:mhspreferreddeliverymethods; ATTRIBUTE 01WITH ATTRIBUTESYNTAX PreferredDeliveryMethod @ MATCHES FOR EQUALITY -1MULTI VALUE ::= idatmhspreferreddeliverymethods MHS Supported Automatic Actions .I.va:mhssupportedautomaticactions; ATTRIBUTE 1p2WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhssupportedautomaticactions MHS Supported Content Types .I.va:mhssupportedcontenttypes; ATTRIBUTE -1WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhssupportedcontenttypes MHS Supported Optional Attributes .I.va:mhssupportedoptionalattributes; ATTRIBUTE 3`4WITH ATTRIBUTESYNTAX objectIdentifierSyntax @ MULTI VALUE $1::= idatmhssupportedoptionalattributes ATTRIBUTE SYNTAXES MHS DL Submit Permission .I.va:mhsdlsubmitpermissionsyntax; ATTRIBUTESYNTAX 89SYNTAX DLSubmitPermission MATCHES FOR EQUALITY 1::= idasmhsdlsubmitpermission .I.ty:DLSubmitPermission; ::= CHOICE { '1individual [0] ORName, M$Nmemberofdl [1] ORName, 1patternmatch [2] ORNamePattern, memberofgroup [3] Name} .I.ty:ORNamePattern; ::= ORName MHS O/R Address .I.va:mhsoraddresssyntax; ATTRIBUTESYNTAX .1SYNTAX ORAddress MATCHES FOR EQUALITY ::= idasmhsoraddress MHS O/R Name .I.va:mhsornamesyntax; ATTRIBUTESYNTAX +1SYNTAX ORName MATCHES FOR EQUALITY ::= idasmhsorname END of MHSDirectory ,Ԍ Annex D (to Recommendation X.402) Security Threats This annex is not a part of this Recommendation An overview of MHS security threats is provided in clause 15.1 of Recommendation X.400. This considers threats as they appear in an MHS: access threats, intermessage threats, intramessage threats, and message store threats. These threats can appear in various forms as follows: a)Masquerade b)Message sequencing c)Modification of information d)Denial of service e)Leakage of information f)Repudiation g)Other MHS threats In addition, they may occur by accident or by malicious intent and may be active or passive. Attacks on the MHS will address potential weaknesses and may comprise of a number of threats. This annex deals with individual threats and although consideration is given to a number of broad classes of threat, it is not a complete list. Table 13/X.402 indicates how these threats can be met using the MHS security services. The list of threats given here is indicative rather than definitive. Table .T.:13/X.402 Use of MHS Security Services +++ | THREAT | SERVICES | + MASQUERADE ++ | Impersonation and misuse | Message Origin Authentication | | of the MTS | Probe Origin Authentication | | | Secure Access Management | | Falsely acknowledge receipt | Proof of Delivery | | Falsely claim to originate | Message Origin Authentication | | a message | | | Impersonation of an MTA to | Proof of submission | | an MTSuser | Report Origin Authentication | | | Secure Access Management | | Impersonation of an MTA to | Report Origin Authentication | | another MTA | Secure Access Management | + MESSAGE SEQUENCING ++ | Replay of messages | Message Sequence Integrity | | Reordering of messages | Message Sequence Integrity | | Preplay of messages | | | Delay of messages | | + MODIFICATION OF INFORMATION ++ | Modification of messages | Connection Integrity | | | Content Integrity | | Destruction of messages | Message Sequence Integrity | | Corruption of routing and | | | other management information | | + DENIAL OF SERVICE ++ | Denial of communications | | | MTA flooding | | | MTS flooding | | + REPUDIATION ++ | Denial of origin | Nonrepudiation of Origin | | Denial of submission | Nonrepudiation of Submission | | Denial of delivery | Nonrepudiation of Delivery | + LEAKAGE OF INFORMATION ++ | Loss of confidentiality | Connection Confidentiality | | | Content Confidentiality | | Loss of anonymity | Message Flow Confidentiality | | Misappropriation of messages | Secure Access Management | | Traffic analysis | Message Flow Confidentiality | + OTHER THREATS ++ | Originator not cleared for | Secure Access Management | | Message Security Label | Message Security Labelling | | MTA/MTSuser not cleared for | Secure Access Management | | Security Context | | | Misrouting | Secure Access Management | | | Message Security Labelling | | Differing labelling policies | | +++ D.1Masquerade Masquerade occurs when an entity successfully pretends to be a different entity and can take place in a number of ways. An unauthorized MTSuser may impersonate another to gain unauthorized access to MTS facilities or to act to the detriment of the valid user, e.g., to discard his messages. An MTSuser may impersonate another user and so falsely acknowledge receipt of a message by the "valid" recipient. A message may be put into the MTS by a user falsely claiming the identity of another user. An MTSuser, MS, or MTA may masquerade as another MTSuser, MS, or MTA. Masquerade threats include the following: a)Impersonation and misuse of the MTS b)Falsely acknowledge receipt c)Falsely claim to originate a message d)Impersonation of an MTA to an MTSuser e)Impersonation of an MTA to another MTA A masquerade usually consists of other forms of attack and in a secure system may involve authentication sequences from valid users, e.g., in replay or modification of messages. D.2Message Sequencing Message sequencing threats occur when part or all of a message is repeated, timeshifted, or reordered. This can be used to exploit the authentication information in a valid message and resequence or timeshift valid messages. Although it is impossible to prevent replay with the MHS security services, it can be detected and the effects of the threat eliminated. Message sequencing threats include the following: a)Replay of messages b)Reordering of messages c)Preplay of messages d)Delay of messages D.3Modification of Information Information for an intended recipient, routing information, and other management data may be lost or modified without detection. This could occur to any aspect of the message, e.g., its labelling, content, attributes, recipient, or originator. Corruption of routing or other management information, stored in MTAs or used by them, may cause the MTS to lose messages or otherwise operate incorrectly. Modification of information threats include the following: a)Modification of messages b)Destruction of messages c)Corruption of routing and other management information. D.4Denial of Service Denial of service occurs when an entity fails to perform its function or prevents other entities from performing their functions. This may be a denial of access, a denial of communications (leading to other problems like overload), a deliberate suppression of messages to a particular recipient, or a fabrication of extra traffic. The MTS can be denied if an MTA has been caused to fail or operate incorrectly. In addition, an MTSuser may cause the MTS to deny a service to other users by flooding the service with messages which might overload the switching capability of an MTA or fill up all available message storage space. Denial of service threats include the following: a)Denial of communications b)MTA failure c)MTS flooding D.5Repudiation Repudiation can occur when an MTSuser or the MTS may later deny submitting, receiving, or originating a message. Repudiation threats include the following: a)Denial of origin b)Denial of submission c)Denial of delivery D.6Leakage of Information Information may be acquired by an unauthorized party by monitoring transmissions, , by unauthorized access to information stored in any MHS entity, or by masquerade. In some cases, the presence of an MTSuser on the system may be sensitive and its anonymity may have to be preserved. An MTSuser other than the intended recipient may obtain a message. This might result from impersonation and misuse of the MTS or through causing an MTA to operate incorrectly. Further details on the information flowing in an MTS may be obtained from observing the traffic. Leakage of information threats include the following: a)Loss of confidentiality b)Loss of anonymity c)Misappropriation of messages d)Traffic analysis D.7Other Threats In a multi or singlelevel secure system, a number of threats may exist that relate to security labelling, e.g., routing through a node that cannot be trusted with information of particular value, or where systems use different labelling policies. Threats may exist to the enforcement of a security policy based on logical separation using security labels. An MTSuser may originate a message and assign it a label for which it is not cleared. An MTSuser or MTA may set up or accept an association with a security context for which it does not have clearance. Other threats include the following: a)Originator not cleared for message label (inappropriate submit) b)MTA/MTSuser not cleared for context c)Misrouting d)Differing labelling policies Annex E (to Recommendation X.402) Provision of Security Services in Recommendation X.411 This annex is an integral part of this Recommendation. Table 14/X.402 indicates which service elements from Recommendation X.411 may be used to support the security services described in clause 10.2. Table .T.:14/X.402 MHS Security Service Provision +++ | SERVICE | MTS ARGUMENTS/SERVICES | + ORIGIN AUTHENTICATION SECURITY SERVICES + | Message Origin Authentication | Message Origin Authentication Check | | | Message Token | | Probe Origin Authentication | Probe Origin Authentication Check | | Report Origin Authentication | Report Origin Authentication Check | | Proof of Submission | Proof of Submission Request | | | Proof of Submission | | Proof of Delivery | Proof of Delivery Request | | | Proof of Delivery | + SECURE ACCESS MANAGEMENT SECURITY SERVICES + | Peer Entity Authentication | Initiator Credentials | | | Responder Credentials | | Security Context | Security Context | + DATA CONFIDENTIALITY SECURITY SERVICES + | Connection Confidentiality | Not supported | | Content Confidentiality | Content Confidentiality Algorithm | | | Identifier | | | Message Token | | Message Flow Confidentiality | Content Type | + DATA INTEGRITY SECURITY SERVICES + | Connection Integrity | Not supported | | Content Integrity | Content Integrity Check | | | Message Token | | | Message Origin Authentication Check | | Message Sequence Integrity | Message Sequence Number | | | Message Token | + NONREPUDIATION SECURITY SERVICES + | NonRepudiation of Origin | Content Integrity Check | | | Message Token | | | Message Origin Authentication Check | | NonRepudiation of Submission | Proof of Submission Request | | | Proof of Submission | | NonRepudiation of Delivery | Proof of Delivery Request | | | Proof of Delivery | +++ | Message Security Labelling | Message Security Label | | | Message Token | | | Message Origin Authentication Check | + SECURITY MANAGEMENT SECURITY SERVICES + | Change Credentials | Change Credentials | | Register | Register | +++ Annex F (to Recommendation X.402) Differences Between CCITT Recommendation and ISO Standard This annex is not a part of this Recommendation. This annex lists all but the purely stylistic differences between this Recommendation and the corresponding ISO International Standard. There are no differences between the two specifications. CCITT Draft Recommendation X.402 MHS: Overall Architecture (Version 5, November 1987, Gloucester) Annex G (to Recommendation X.402) Index This annex is not a part of this Recommendation. This annex indexes this Recommendation. It gives the number(s) of the page(s) on which each item in each of several categories is defined. Its coverage of each category is exhaustive. This annex indexes items (if any) in the following categories: a)Abbreviations (ab) b)Terms (gt) c)Information items (ot) d)ASN.1 modules (mo) e)ASN.1 macros (ma) f)ASN.1 types (ty) g)ASN.1 values (va) h)Bilateral agreements (ba) i)Items for further study (fs) j)Items to be supplied (fs) .Begin Index. Abbreviations A/SYS 36 AC 5 ACs 62 ACSE 5, 62 ADMD 38 AE 4 APDU 4 AS/SYS 36 ASE 4 ASEs 56 ASN.1 5 AST/SYS 37 AT/SYS 36 AU 11 C 7 COMPUSEC 22 D 7 DL 10 DSA 6 EIT 14 M 7 MASE 61 ,ԌMD 38 MDSE 61 MHE 8 MHS 9 MRSE 61 MS 11 MSSE 61 MTA 12 MTS 10 MTSE 61 O 7 OSI 5 P1 62 P3 62 P7 62 PDAU 12 PDS 12 PRMD 38 RO 6 ROSE 6, 61 RT 6 RTSE 6, 62 S/SYS 36 ST/SYS 36 T/SYS 36 UA 11 UE 5 Terms access and storage system 36 access and transfer system 36 access, storage, and transfer system 37 access system 36 access unit 11 actual recipient 17 administrationdomainname 44 administration management domain 38 affirmation 21 asymmetric 57 attribute 42 attribute list 42 attribute type 42 attribute value 42 commonname 45 conditional 7 consuming ASE 58 consuming UE 58 content 13 content type 14 conversion 21 countryname 45 defaultable 7 delivery 19 delivery agent 19 delivery report 15 described message 14 direct submission 18 direct user 9 distribution list 10 DL expansion 20 domain 38 domaindefined attribute 42 encoded information type 14 envelope 13 event 15 expansion point 20 explicit conversion 21 export 19 extensionO/Raddresscomponents 45 extensionphysicaldeliveryaddresscomponents 45 external routing 22 external transfer 18 formatted 51 Global MHS 40 grade 7 immediate recipient 16 implicit conversion 21 import 18 indirect submission 18 indirect user 9 intended recipient 16 internal routing 22 internal transfer 18 joining 20 localpostalattributes 45 management domain 38 mandatory 7 members 10 member recipient 17 message 13 Message Handling 8 Message Handling Environment 8 Message Handling System 9 Message Storage 8 message store 11 Message Transfer 8 message transfer agent 12 Message Transfer System 10 messaging system 34 mnemonic O/R address 50 name resolution 20 nested 10 networkaddress 45 nonaffirmation 21 nondelivery 21 nondelivery report 15 numericuseridentifier 46 numeric O/R address 51 O/R address 49 O/R name 41 optional 7 organizationname 46 organizationalunitnames 46 origination 18 originator 16 originatorspecified alternate recipient 17 PDSname 46 personalname 46 physicaldeliverycountryname 47 physicaldeliveryofficename 47 physicaldeliveryofficenumber 47 physicaldeliveryorganizationname 47 ,Ԍphysicaldeliverypersonalname 47 Physical delivery 12 physical delivery access unit 12 physical delivery system 12 physical message 12 physical rendition 12 postofficeboxaddress 47 postalcode 47 postal O/R address 51 posterestanteaddress 47 potential recipient 17 privatedomainname 48 private management domain 38 probe 14 receipt 19 recipient 17 recipientassigned alternate recipient 17 redirection 21 report 15 retrieval 19 routing 22 splitting 20 standard attribute 42 step 15 storage and transfer system 36 storage system 36 streetaddress 48 subject message 15 subject probe 15 submission 18 submission agent 18 submit permission 10 supplying ASE 58 supplying UE 58 symmetric 57 terminalidentifier 48 terminaltype 48 terminal O/R address 51 transfer 18 transfer system 36 transmittal 15 transmittal event 15 transmittal step 15 type 42 unformatted 51 unformattedpostaladdress 48 uniquepostalname 48 user 9 user agent 11 value 42 Information Items MHS Deliverable Content Length 65 MHS Deliverable Content Types 65 MHS Deliverable EITs 65 MHS Distribution List 63 MHS DL Members 65 MHS DL Submit Permission 67 MHS DL Submit Permissions 65 MHS Message Store 63, 66 MHS Message Transfer Agent 64 MHS O/R Address 67 MHS O/R Addresses 66 MHS O/R Name 68 MHS Organizational User 64 MHS Preferred Delivery Methods 66 MHS Residential User 64 MHS Supported Automatic Actions 66 MHS Supported Content Types 66 MHS Supported Optional Attributes 67 MHS User Agent 64 ASN.1 Modules MHSDirectoryObjectsAndAttributes 71 MHSObjectIdentifiers 69 ASN.1 Macros None ASN.1 Types DLSubmitPermission 67, 74 ID 69 ORNamePattern 67, 74 ASN.1 Values idarch 69 idas 69 idasmhsdlsubmitpermission 70 idasmhsoraddress 70 idasmhsorname 70 idasdc 69 idat 69 idatmhsdeliverablecontentlength 70 idatmhsdeliverablecontenttypes 70 idatmhsdeliverableeits 70 idatmhsdlmembers 70 idatmhsdlsubmitpermissions 70 idatmhsmessagestore 70 idatmhsoraddresses 70 idatmhspreferreddeliverymethods 70 idatmhssupportedautomaticactions 70 idatmhssupportedcontenttypes 70 idatmhssupportedoptionalattributes 70 iddirectoryobjectsandattributes 70 idgroup 69 idipms 69 idmhsac 69 idmod 69 idms 69 idmts 69 idobjectidentifiers 70 idoc 69 idocmhsdistributionlist 70 idocmhsmessagestore 70 idocmhsmessagetransferagent 70 idocmhsorganizationaluser 70 idocmhsresidentialuser 70 idocmhsuseragent 70 mhsdeliverablecontentlength 65, 73 mhsdeliverablecontenttypes 65, 73 mhsdeliverableeits 65, 73 mhsdistributionlist 63, 72 mhsdlmembers 65, 73 mhsdlsubmitpermissionsyntax 67, 74 mhsdlsubmitpermissions 66, 73 mhsmessagestore 63, 66, 72, 73 ,Ԍmhsmessagetransferagent 64, 72 mhsoraddresssyntax 68, 74 mhsoraddresses 66, 73 mhsornamesyntax 68, 74 mhsorganizationaluser 64, 72 mhspreferreddeliverymethods 66, 74 mhsresidentialuser 64, 72 mhssupportedautomaticactions 66, 74 mhssupportedcontenttypes 66, 74 mhssupportedoptionalattributes 67, 74 mhsuseragent 64, 73 Bilateral Agreements routing 52, 53 Items for Further Study None Items to Be Supplied None .End Index. terpersonal Messaging System | | T.330 | | Telematic access to IPMS &3vq lp { h d  _ Z, = U @ & @ & @ & B B @ ! & ! ( = f" u"v+" >"qT$ c$l $ $gc. g.b 4 4]": =:X @ A & A & A & @ @ & @ & @ & =: A By B OBwWB Bu B Bs B Cq C PCoXC Cm3C Ck C & C,CyfD Dw'D DuD Ds D Eq E @EoHE pEmxE 1EkE Ei& E]F uFy~F Fw F Fu2F ,Gs3G xGq&G GoG +Hm3H eHkmH & mHHy J Jt J JoQJ WJj[J \Je&J #J`-J /J[ J 3H e @ & @ & @ & @ & @ & @ & J Jv K KqwK }KlK &KgIL OLbTL UL]#M 3MXM 3H @ & @ & @ & @ & @ & @ & @ & M"Mv M Mq M MlfN lNgnN oNb N CN]N NX'O 3H @ & @ & @ & @ & @ & @ & @ & 'O7Ov"O (Oq O Ol O Og Q Qb Q Q]'U 9U[^V 3H @ @ & @ & @ & @ & @ & @ & ^VdVviVtjVokVmqV wVh&VfGVaV -V\/VZ5VU V ^V 3 @ & @ & @ & @ & @ & @ & V Vv)Vt,Vo2V VjVhVc W CW^ W\ WW W WR^V @ & @ & @ & @ & @ & @ & @ & W Wy WtEX XoXmXhX Xc Xa X\qY uYX'Y 7YT B A @ & @ & @ & @ & @ & 7YZ "Zy [ [w [r#[p$[kA[ [f[d[_ \ \Z,\X B @ & @ & @ & @ & @ & ! ,\\v ] ]tL^ R^on^mo^hq^ w^cz^a{^\ ^ ^Z ^ B ! @ & @ & @ & @ & @ & ^ ^y ^ ^w$^ ^u ^ ^s\_ s_qu_ x_o{_ #_m+_ E_k _ _i & ! ! ! ! ! ! ! ! ! _ _ _y ` &`ws` ~`u b bs/c FcqHc McoSc ecmd $dhe & A & ! ! ! ! ! ! ! e,ev etfo f fj fhfc+f 7fa f f\ gZ gU9g  @ & @ & @ & @ & @ & @ & 9g?gvJgtKgo=g >gjghgcni qia~i i\AiZEiUKi  @ & @ & ! @ & @ & @ & @ & Ki ivit1io i ij,ihic j j^ j\ jWYj `jUj  ! @ & @ & @ & @ & @ & @ & jjy2k 8ktIkrJkm k kkk ki l lgTl kleml xlczl @ & ! ! ! ! @ & @ & ! zl+lyl Flw n nrn nm ok of o oa o_ oZ1p xlc @ & @ & @ & @ & A & ! ! 1p;py p pt)pr,pm2p phpfpasq wq_r )rZrXxl @ & @ & @ & @ & @ & ! rrv r rq rosj t th t