This document is a portion of an eleborate protocol specification. This HTML-formatted file is not the official revised text of the Group 3 Facsimile Security Protocol.
This document is prepared to document a protocol to provide security functions to group 3 facsimile transmission. It is a private initiative of CONNOTECH Experts-conseils inc., enhancing standardized protocols in a specific application area.
The scope and drafting style of this de facto standard are strongly influenced by the OSI lower layers protocol specifications. Only what is required for inter-operability is formally specified as a protocol requirement. Being based on a generic model for system interconnection, this de facto standard may be used in various configurations and should be adaptable to the evolving telecommunications technologies.
This de facto standard suggests a set of cryptographic algorithms to be used to provide protection, but allows other algorithms, either standardized or proprietary, to be used with the protocol.
The protocol defined in this de facto standard may be implemented by independent telecommunications equipment manufacturers entering intellectual property agreements with CONNOTECH Experts-conseils Inc.
This de facto standard may also be used by security specialists to asses the protections offered by implementations of the group 3 facsimile security protocol.
1. Scope and field of application
2.1. International Standards, Models, Guidelines and Service Definitions
2.2. International Standards, Protocols
2.3. ITU (formerly CCITT) Recommendations
6.2. Overview of Security Services Provided
6.3. Negotiation of Security Services
6.4. Overview of the Services Assumed
6.5. FSP Services Supporting the FPAD Protocol
7. Protocol Specifications
7.1. Internal Service Boundary for FSP-SA-P
7.1.1. The FSP-SA-P Connection Establishment Phase
7.1.2. The FSP-SA-P SA Update Process
7.1.3. The FSP-SA-P SA Page authentication process
7.2. SA Attributes
7.2.1. General attributes
7.2.2. Addressing
7.2.3. Encipherment Mechanism
7.2.4. BBS Encipherment
7.2.5. ISN Mechanism
7.2.6. Key Token Exchange
7.2.7. Digital signature
7.2.8. Quick Connection Procedure
7.3. Error and UN-RESET Indication Processing
7.4. Connection Establishment Procedures
7.4.1. Types of Connection Establishment Procedures
7.4.2. Generic UN-CONNECT Indication Processing
7.4.3. Internal FSP-SA-P Connection Establishment
7.4.4. FSP Quick Connect Functions
7.5. The SA Update Process
7.5.1. SA Update Process Options
7.5.2. SA Update Procedures
7.5.3. FSP Connect Functions Embedded in the SA Update Process
7.6. The FSP Data Functions
7.6.1. FSP-DATA Request
7.6.2. UN-DATA Indication
7.7. The Page Authentication Process
7.7.1. Identification of Facsimile Page Data
7.7.2. Page Authentication Process Transmitter Procedures
7.7.3. Page Authentication Process Receiver Procedures
7.8. The FSP Disconnection Procedures
7.8.1. Overview
7.8.2. Processing of UN-DISCONNECT Indication
7.8.3. Processing of UN-DATA Indication Carrying Disconnection PDU
7.8.4. Rejection of Connection Attempts by the FSP User Entity
7.8.5. Orderly Disconnection Procedures
7.9. Secure Data Stream Functions
7.9.1. Introduction
7.9.2. Normal Data Stream
7.9.3. FSP-SA-P Data Stream
7.9.4. Protection Functions
7.9.5. PDU Format
7.10. ASN.1 Messages
7.11. Connection Security Control
7.11.1. Handling of SA Identifiers
7.11.2. CSC Procedures for SA-P Operations
7.11.3. CSC Procedures for the FSP Quick Connection Establishment
7.11.4. CSC PDU Format
8. Cryptographic Mechanisms
8.1. The Key Token Exchange Mechanism
8.1.1. Generic Mechanism Specifications
8.1.2. The Diffie-Hellman EKE Specifications
8.1.3. The Probabilistic Encryption Key Exchange Specifications
8.2. The Digital Signature Mechanism
8.2.1. Support of Non-Repudiation Services
8.2.2. Generic Mechanism Specifications
8.2.3. The RSA Digital Signature Specifications
8.2.4. The DSA Digital Signature Specifications
8.2.5. The Williams (Rabin) Digital Signature Specifications
8.3. The MDC Mechanism
8.3.1. Generic Mechanism Specifications
8.3.2. The Secure Hash Algorithm (SHA) Mechanism
8.4. The Certificate Verification Mechanism
8.4.1. Generic Mechanism Specifications
8.4.2. The RSA Scheme as a Certificate Verification Mechanism
8.4.3. The Williams (Rabin) Scheme as a Certificate Verification Mechanism
8.5. The Encipherment Mechanism
8.5.1. Generic Mechanism Specifications
8.5.2. The BBS Keystream Encipherment Mechanism
8.6. The ISN Mechanism
8.6.1. Generic Mechanism Specifications
8.6.2. A Simple ISN Mechanism
9. Set of Security Rules and Key Management
9.1. Introduction
9.2. Set of Security Rules
9.2.1. Generic Requirements
9.2.2. Default Set of Security Rules
9.3. Key Management
9.3.1. Generic Requirements
9.3.2. Default Key Management Specifications
Annex A - OSI Documents Defect Reports
A.1 ISO/IEC TR 9577 Errata
A.2 The Protection QOS Parameter
A.3 Clarifications to ISO/IEC 11577
A.3.1 Minor Editorial Corrections
A.3.2 SA-ID and SA-P Object Identifier Overhead
Annex B - BBS Pseudo-Random Number Generator
B.1 Parameter Selection Algorithm
B.2 Key Selection Algorithm
B.3 Proof
Annex C - Relationship of this de facto standard to ISO/IEC 11577
Figure 1) The Obvious Configuration for ITU FPAD
Figure 2) Placement of the NLSP in the Obvious Configuration for ITU FPAD.
Figure 3) Placement of the FPAD Protocol in Relation to the OSI Reference Model
Figure 4) Reference Configuration for the FSP
Figure 5) Underlying Network Service Primitives
Figure 6) FSP Service Primitives to Support the FPAD Protocol
Figure 7) FSP-SA-P Service Primitives
Figure 8) Internal FSP-SA-P Connection Establishment Phase, Service Primitives
Figure 9) Internal FSP-SA-P Connection Establishment Phase, Protocol Exchanges
Figure 10) Protocol Exchanges for FSP Quick Connection Establishment, Simple Case
Figure 11) Protocol Exchanges for FSP Quick Connection Establishment, Exceptional Case
Figure 12) FSP-SA-P Update Process, Requested by a Single FSP-SA-P User
Figure 13) FSP-SA-P Update Process, Requested by a Both FSP-SA-P Users
Figure 14) Negotiation of Cryptographic Modes in SA Update Process Requested by a Single FSP Entity
Figure 15) Negotiation of Cryptographic Modes in SA Update Process Requested by Both FSP Entities
Figure 16) Negotiation of Key Derivation in SA Update Process Initiated by a Single FSP Entity
Figure 17) Negotiation of Key Derivation in SA Update Process Initiated by Both FSP Entities
Figure 18) FSP-SA-P Page Authentication Process (one of the two directions of transmission)
Figure 19) Generic Content Field Format
Figure 20) Content Type Encoding
Figure 21) Octet-String-Before-Encapsulation Format, for Normal Data
Figure 22) Octet-String-Before-Encapsulation Format, for FSP-SA-P
Figure 23) Octet-String-Before-Encapsulation Data Types
Figure 24) Encapsulated Octet String Format
Figure 25) SDT PDU Format, With Encipherment
Figure 26) SDT PDU Format, Without Encipherment
Figure 27) SA-P PDU Format, With Encipherment
Figure 28) SA-P PDU Format, Without Encipherment
Figure 29) ASN.1 Syntax Description for FSP-SA-P PDU Codes
Figure 30) ASN.1 Syntax Description for the First FSP-SA-P PDU
Figure 31) ASN.1 Syntax Description for the second FSP-SA-P PDU
Figure 32) ASN.1 Syntax Description for the Key Derivation Type
Figure 33) ASN.1 Syntax Description for the first SA Update PDU
Figure 34) ASN.1 Syntax Description for the Second SA Update PDU
Figure 35) ASN.1 Syntax Description for the Certificate and Challenge Message
Figure 36) ASN.1 Syntax Description for the Elements of the Subsequent SA Update PDU
Figure 37) ASN.1 Syntax Description for the Subsequent SA Update PDU
Figure 38) ASN.1 Syntax Description for the Page Information Message
Figure 39) ASN.1 Syntax Description for the Page Authentication PDU
Figure 40) CSC PDU Format in Support of the FSP Quick Connection Establishment
Figure 41) CSC PDU Format in Support of FSP-SA-P
Figure 42) ASN.1 Syntax Description for the PEKE Public-Key
Figure 43) ASN.1 Syntax Description for the Key Token Message
Figure 44) ASN.1 Syntax Description for the RSA Public-Key
Figure 45) ASN.1 Syntax Description for the DSA Public-Key
Figure 46) ASN.1 Syntax Description for the Williams (Rabin) Public-Key
Figure 47) ASN.1 Syntax Description for the Digital Signature
Figure 48) ASN.1 Syntax Description for the the Cryptographic Mode ENUMERATED Type
Figure 49) ASN.1 Syntax Description for the Security Certificate
Figure 50) ASN.1 Syntax Description for the Security Certificate Reference
Figure 51) ASN.1 Syntax Description for the Certification Signature
The facsimile security protocol (FSP) defined in this de facto standard is used to provide security services in the context of a protocol converter from ITU defined group 3 facsimile equipment to a connection oriented data telecommunications protocol.
This protocol is an application of the OSI Network Layer Security Protocol (NLSP) defined in ISO/IEC 11577. It is used in the context of a FPAD protocol suite as defined in CCITT Recommendation X.5, CCITT Recommendation X.38, and CCITT Recommendation X.39.
Although the FSP is located in the network layer of the OSI basic reference model (ISO/IEC 7498-1), it is not necessarily restricted to the functional interfaces of the network layer. The FPAD protocol itself does not strictly adhere to the OSI reference model. The FSP supports security services, such as non-repudiation services, in addition to those assigned to the network layer in the security addendum to the OSI reference model (ISO/IEC 7498-2).
This protocol may be implemented with a set of cryptographic mechanisms specified in this de facto standard, or with other cryptographic mechanisms such as proprietary or classified encryption algorithms.
The operation of this protocol assume the existence of recognized organizations, trusted third parties, to facilitate the distribution of cryptographic key data. The requirements in this respect are kept to a minimum with the use of public key cryptography.
This de facto standard specifies a facsimile security protocol (FSP) to be used by systems to provide security services for facsimile transmission. It contains necessary protocol procedures, protocol data units descriptions, and specifications of cryptographic mechanisms for conforming systems to inter-operate with each other.
This de facto standard partially defines an agreed set of security rules to be used in conjunction with the operation of NLSP implementations.
This de facto standard defines additional protocol procedures to be used in conjunction with CCITT Recommendation X.38 and CCITT Recommendation X.39 to provide security to facsimile transmissions.
This de facto standard specifies a default set of cryptographic mechanisms that can be used by an implementation of the FSP. For implementations of the FSP using other cryptographic mechanisms, this de facto standard defines the minimum requirements for the cryptographic mechanisms to ensure proper protocol operations.
This de facto standard does not specify the required cryptographic key management scenario for distribution of electronic security certificates and other required system configuration. This de facto standard uses public key cryptography to lessen the security requirements of this necessary but unspecified key management scenario.
This de facto standard does not specify the local operating rules for a conforming system. This includes the human operator guidelines.
Further study is required for the operation of the FSP in the context of an implementation of CCITT Recommendation X.38 supporting error correction mode or non-standard facilities.
ISO/IEC 7498-1:1993, Information technology - OSI Reference Model: The Basic Model.
ISO TR 8509:1987, Information Processing - Open Systems Interconnection - Conventions for the definition of OSI Services.
ISO/IEC 7498-2:1989, Information technology - Open Systems Interconnection - Basic Reference Model Part 2: Security Architecture.
ISO/IEC 7498-3:1989, Information technology - Open Systems Interconnection - Basic Reference Model - Part 3: Naming and addressing.
ISO/IEC 8348:1993, Information technology - Network service definition for Open Systems Interconnection.
ISO/IEC TR 13594:1994, Information technology - Open Systems Interconnection - Lower Layer Security Model.
ISO/IEC TR 9577:1993, Information technology - Telecommunications and information exchange between systems - Protocol Identification in the Network Layer.
ISO/IEC 11577:1994, Information technology - Open Systems Interconnection - Network Layer Security Protocol.
ISO/IEC 8824:1990, Information Technology - Open Systems Interconnection - Specifications of Abstract Syntax Notation One (ASN.1).
ISO/IEC 8825:1990, Information Technology - Open Systems Interconnection - Basic Encoding Rules for Abstract Syntax Notation One.
2.3. ITU (formerly CCITT) Recommendations
CCITT Recommendation X.5 (1992), Facsimile Packet Assembly/Disassembly Facility (FPAD) in a Public Data Network.
CCITT Recommendation X.38 (1992), G3 Facsimile Equipment/DCE Interface for G3 Facsimile Equipment Accessing the Facsimile Packet Assembly/Disassembly Facility (FPAD) in a Public Data Network Situated in the Same Country.
CCITT Recommendation X.39 (1992), Procedures for the Exchange of Control Information and User Data between a Facsimile Packet Assembly/Disassembly (FPAD) Facility and a Packet Mode DTE or Another FPAD.
[1] Diffie, W., Hellman, M.E., New Directions in Cryptography, IEEE Transactions in Information Theory, vol. IT-22, 1976, pp. 644-654.
USA patent document 4,200,770 Hellman, Martin E., Diffie, Bailey W., Merkle, Ralph C., Cryptographic Apparatus and Method, April 29, 1980.
FIPS PUB 186, National Institute of Standards and Technology (NIST), Digital Signature Standard, Federal Information Processing Standards Publication FIPS PUB 186, U.S. Department of Commerce, May 1994
[2] Moreau, Thierry, Probabilistic Encryption Key Exchange, Electronics Letters, Vol. 31, number 25, 7th December 1995, pp 2166-2168
[3] Rivest, R.L., Shamir, A., Adleman, L.M., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, vol. 21, 1978, pp. 120-126.
USA patent document 4,405,829 Rivest, Ronald L., Shamir, Adi, Adleman, Leonard M., Cryptographic Communications System and Method, September 20, 1983.
[4] Blum, L., Blum, M., Shum M., A Simple Unpredictable Pseudo-random Number Generator, SIAM Journal of Computing, vol. 15, no 2, 1986, pp. 364-383.
FIPS PUB 180, Computer Systems Laboratory, National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication no. 180, U.S. Department of Commerce, May 11, 1993.
ISO/IEC 8208:1993, Information technology - Data communications - X.25 Packet Layer Protocol for Data Terminal Equipment.
ISO/IEC 8878:1992, Information processing systems - Data Communications - Use of X.25 to provide the OSI connection-mode network service.
ISO/IEC 10732:1993, Information technology - Use of the X.25 packet layer protocol to provide the OSI connection-mode network service over the telephone network.
CCITT Recommendation T.4 (1988) Standardization of Group 3 Facsimile Apparatus for Document Transmission.
CCITT Recommendation T.30 (1988) Procedures for Document Facsimile Transmission in the General Switched Telephone Network.
Unless otherwise stated, the provisions of the following standards are implicitly provision of this de facto standard:
The specifications of the FPAD protocol suite as defined in CCITT Recommendation X.5, CCITT Recommendation X.38, and CCITT Recommendation X.39 is significant only as fas as they govern the interactions between the FSP user entity and the FSP entity itself. Conformance to this de facto standard does not require conformance to FPAD protocol suite as defined in CCITT Recommendation X.5, CCITT Recommendation X.38, and CCITT Recommendation X.39.
The procedures for resolving conflicts between the FSP specification and the NLSP specification are the following ones:
When an interpretation has to be given to the specification of the FSP text and where this section of the protocol is said to be inspired by some portion of the NLSP text, the NLSP specification can be used to assist the interpretation of the FSP text. The text of Annex A may be useful in these circumstances.
This section describe the configuration of systems, networks, and protocol entities for the operation of the FSP.
The Figure 1 shows the obvious configuration of the FPAD as explained in CCITT Recommendation X.5, CCITT Recommendation X.38, and CCITT Recommendation X.39. Together, CCITT Recommendation T.30 and CCITT Recommendation T.4 define the group 3 facsimile protocol.
In CCITT Recommendation X.38 and in this de facto standard, when a facsimile message is transmitted from left to right in Figure 1, the ITU FPAD on the left is referred to as the forwarding FPAD and the one on the right is referred to as the delivering FPAD.
Figure 1) The Obvious Configuration for ITU FPAD
In the Figure 2, this configuration is enhanced with the OSI Network Layer Security Protocol defined in ISO/IEC 11577.
Note: As the PSTN connection between the FPAD and the facsimile equipment is not secured, it should be replaced by a short distance connection, limited to facilities protected by the same access control measures as the facsimile equipment itself.
Figure 2) Placement of the NLSP in the Obvious Configuration for ITU FPAD.
This section describes the internal organization of a system implementing this de facto standard.
The X.25 is a connection oriented network protocol. In some ways, the X.25 usage by the FPAD protocol contradicts the OSI network service definition of ISO/IEC 8348 (notably for addressing and the explicit use of the more data mark and the qualifier bit by the protocol user). This is illustrated in Figure 3 representing the details of the protocol stacks around the network layer service boundary.
Figure 3) Placement of the FPAD Protocol in Relation to the OSI Reference Model
The reference configuration for the FSP is based on using the OSI network service definition (see ISO/IEC 8348) as a substitute for the X.25 network layer protocol. This introduces a level of abstraction to render the FSP independent of the specifics of X.25. This is illustrated in Figure 4.
Note: If the PSTN is to be used as the underlying network, the provisions of ISO/IEC 10732 may be applied.
Figure 4) Reference Configuration for the FSP
The services of the FSP are used by an implementation of the FPAD protocol. The CCITT Recommendation X.39 specifies a mapping of the FPAD protocol into X.25. The FSP is a replacement for X.25 in the context of CCITT Recommendation X.39. For this reason, the FSP service must extend the service definition of ISO/IEC 11577 to include substitutes for the more data mark and the qualifier bit of X.25 (see section 6.5).
The FSP uses two independent cryptographic streams or data flows: the normal data flow of a connection oriented protocol and a proprietary sub-protocol conforming to the definition of a Security Association Protocol (SA-P) of ISO/IEC 11577.
The normal data flow carries the FPAD base protocol with minimal impact of security.
The other cryptographic stream or data flow is used to manage the security associations and to perform security functions asynchronously from the base protocol. It is called the FSP-SA-P data flow. The protocol procedures on the FSP-SA-P data flow are specific to this de facto standard.
This de facto standard contains procedures intended specifically for the facsimile data transmission.
The FSP includes a mechanism allowing a security association to be preserved for a later connection attempt. Since the security association is pre-established at this later time, the security procedures overhead is less and the connection establishment is quicker.
This de facto standard supports the following security services:
For situations where the encryption of communication lines is regulated, the FSP supports a mode of operation where the confidentiality service is not provided. The FSP is intended to provide strong authentication and integrity services even in the absence of message encryption.
The FSP performs remote party authentication and non-repudiation services with security certificates. The FSP has provisions for re-authentication during the lifetime of a connection. The re-authentication may involve a change in the security certificate in use, which may represent a secured notification of a change in a remote status (e.g. willingness or unwillingness to receive binding legal notices).
Security certificates are associated either with the FSP entity identity or with the G3FE identity. This choice is made early in the connection establishment phase and can not be changed in the lifetime of a connection.
When the security certificates are associated with G3FE identity, the local FSP entity relies on procedures at the remote FSP entity to ensure that a G3FE certificate is used under the allowed circumstances only.
Note: In supportive legal arrangements, the administration responsible for the remote FSP entity may acknowledge that appropriate procedures are performed and be liable in the case they are breached.
When the security certificates are associated with the FSP entities, the FSP may provide the address hiding security service.
The FSP negotiation of a set of security rules is based on a mutually agreed TTP-CA. The TTP-CAs are uniquely identified by an ASN.1 OBJECT IDENTIFIER value allocated by means outside the scope of this de facto standard.
A TTP-CA defines the full set of security rules to be used for the FSP operations, including cryptographic mechanism parameters. It also performs security certificate certification with digital signatures.
A portion of the TTP-CA specifications are procedural and subject to little if any variation over time. But cryptographic mechanism parameters and the public key of the TTP-CA for certificate signatures usually need to be changed from time to time. The mechanism allowing an FSP entity to become aware of a TTP-CA initial configuration and subsequent revisions is outside the scope of this de facto standard. The TTP-CA configuration revision process is supported by the TTP-CA update revision level. This revision level is a number which should be incremented by one each time the configuration of a TTP-CA is updated. To facilitate undisturbed traffic, an FSP entity should support outdated TTP-CA revisions for some time after being superseded by a new revision.
The negotiation of a mutually agreed TTP-CA and revision level occurs as follows. The calling FSP entity transmits a list of TTP-CSs sorted in decreasing order of preference. Each TTP-CA has a range of supported revision levels associated with it. The called FSP entity selects a single TTP-CA as a mutually agreed TTP-CA and indicates a revision level supported by both FSP entities.
The services assumed below NLSP are referred to as the Underlying Network (UN) service. The primitives shown in Figure 5 are used by the FSP. They constitute a subset of the services defined in ISO/IEC 8348 for connection-mode service.
Figure 5) Underlying Network Service Primitives
The Figure 5 is a summary of the service primitives of the UN. The FSP uses neither N-DATA-ACKNOWLEDGE Request nor N-EXPEDITED-DATA Request, nor N-RESET Request primitives.
The UN primitive and associated parameters, with the exception of the UN authentication parameter, are described in ISO/IEC 8348.
The UN Authentication parameter is a specification of ISO/IEC 11577 not originating from ISO/IEC 8348. It is used in the FSP to carry the CSC PDUs as defined in section 7.11.
Note: The QOS protection parameter of ISO/IEC 8348 and the DTE protection facility of ISO/IEC 8208 has been raised to the full status of a primitive parameter in the text of ISO/IEC 11577. When ISO/IEC 11577 is implemented over the original OSI Network Service, a trick is used to carry the UN Authentication parameter (see annex A of ISO/IEC 11577): the UN Authentication parameter is prefixed to the UN User Data parameter value. See also Annex A of de facto standard for more background information on the QOS protection parameter.
The user of the FSP is a protocol entity implementing the FPAD protocol suite as defined in CCITT Recommendation X.5, CCITT Recommendation X.38, and CCITT Recommendation X.39. The FSP primitives supporting this FPAD protocol are shown in Figure 6.
Figure 6) FSP Service Primitives to Support the FPAD Protocol
The FSP primitives and parameters, with the exception of FSP Q-bit Emulation and FSP M-bit Emulation, are described in ISO/IEC 8348. The FPAD protocol, as specified in CCITT Recommendation X.39 makes explicit use of the M-bit facility of the X.25 protocol (segmentation and re-assembly of DATA packets). The ISO/IEC 11577 text puts the equivalent functionality below the NLSP service boundary (see section 8.6 of ISO/IEC 11577). The FSP adapts the NLSP service boundary in the case of the FSP-DATA Request and FSP-DATA Indication primitives. This adaptation does not affect the allowed protocol exchanges.
The FPAD protocol, as specified in CCITT Recommendation X.39 makes explicit use of the Q-bit facility of the X.25 protocol (qualified DATA packets). This is absent from the definition of the Network Layer Service Definition. This is emulated in the FSP service primitives.
The FSP-CONNECT Response primitive does not contain the FSP QOS Parameter Set. The called FSP entity shall negotiate the UN QOS Parameter Set from its local knowledge of the QOS requirements of the FSP user.
This section replaces the addressing specification found in section 1.1 of CCITT Recommendation X.39. Only what is required for the unambiguous FSP definition is specified. An implementation of de facto standard should complement these provisions with additional specifications where needed.
Note: To accommodate the various schemes envisioned in the OSI environment, the provisions related to addressing are kept at a minimum and left to the FSP implementations to define.
The FSP reference configuration uses the OSI reference model for network addressing. The notion of a FPAD system is introduced as the open system containing an FPAD protocol entity and the associated FSP entity. Within a FPAD system, the FSP entity has a network address, the FSP entity UN address. The UN need to recognize the FSP entity UN addresses for a connection attempt through the UN to succeed.
Note: The distinction between sub-network point of attachment and network address and the translation of the latter into the former is an issue of the underlying network.
The FSP reference configuration correlates a group 3 facsimile equipment (G3FE) with an end system (ES) and a FPAD system with an intermediate system (IS). This implies that a G3FE should have a network address even if it does not qualify as OSI system in other respects.
Note: In the simplest case, there is a single G3FE associated with a FPAD system and the relationship between the G3FE address and the FSP entity UN address is the identity or a straightforward conversion.
The FSP carries the G3FE addresses as protocol control information between the FSP entities.
Note: This relieves the UN from the obligation to recognize G3FE addresses. This contrasts with section 1.1 of CCITT Recommendation X.39 which puts the burden of routing FPAD traffic on the packet switched network.
A G3FE address must be valid in the context of a pair of communicating FPAD systems.
Note: It may be possible to use the "local" initial domain identifier in the definition of network addresses of ISO/IEC 8348 for G3FE addresses. Additional background information can be found in annex E of ISO/IEC 11577.
Addressing information is collected in SA attributes by the calling and the called FSP entities.
At the level of G3FE addresses, the FSP Called Address parameter is collected in the G3FE_called_addr attribute, the FSP Calling Address parameter is collected in the G3FE_calling_addr attribute, and the FSP Responding Address parameter is collected in G3FE_responding_addr attribute.
At the level of UN addresses, the UN Called Address parameter is collected in the UN_called_addr attribute, the UN Calling Address is collected in the UN_calling_addr attribute, and the UN Responding Address parameter is collected in the UN_responding_addr attribute.
Security certificates sent in each direction of transmission contain network addresses which are associated either with G3FE addresses or with FSP entity UN addresses. When security certificates are associated with G3FE addresses,
The FSP reliably conveys calling, called, and responding G3FE addresses, with the exception of the responding G3FE address when the connection attempt is rejected.
Note: This does not preclude restrictions on conveyed addresses.
When security certificates are associated with FSP entity UN addresses, the corresponding rules are given as guidelines only: applicable rules are influenced by the UN capabilities.
Note: This accounts for the fact that the UN is insecure. See ISO/IEC 8348 for more details on the possible limitations of even a trusted network.
As in ISO/IEC 7498-3, two routing functions are defined to model the FSP procedures:
A number of addressing tests may be applied by an FSP entity in its operations.
CONNOTECH Experts-conseils Inc.
9130 Place de Montgolfier
Montréal, Québec, Canada, H2M 2A1
Tél.: +1-514-385-5691
Fax: +1-514-385-5900