| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 1 Scope 2 Normative references 2.1 Identical Recommendations | International Standards <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 2.2 Paired Recommendations | International Standards equivalent in technical content 2.3 Other references 3 Definitions 3.1 OSI Reference Model definitions 3.2 Directory model definitions 3.3 Public-key and attribute certificate definitions <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 3.4 Terms defined in this Recommendation | International Standard 4 Abbreviations <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 5 Conventions 6 Common data types and special cryptographic algorithms 6.1 Introduction <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 6.2 ASN.1 information object class specification tool 6.2.1 General information object class concept 6.2.2 The ALGORITHM information object class <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 6.3 Multiple-cryptographic algorithm specifications 6.3.1 General 6.3.2 Multiple signatures algorithm <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 6.3.3 Multiple symmetric key algorithm 6.3.4 Multiple public-key algorithms 6.3.5 Multiple hash algorithm 6.3.6 Multiple authenticated encryption with associated data algorithm 6.3.7 Multiple integrity check value algorithm <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 6.4 Key establishment algorithms 6.4.1 General 6.4.2 Diffie-Hellman group 14 algorithm with HKDF-256 6.4.3 Diffie-Hellman group 23 algorithm with HKDF-256 <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 6.4.4 Diffie-Hellman group 28 algorithm with HKDF-256 6.4.5 Key derivation 6.4.5.1 General 6.4.5.2 HMAC-based extract-and-expand key derivation function <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 6.4.6 Special conditions 6.5 Multiple-cryptographic algorithm-value pairs 6.5.1 Multiple digital signatures attached to data 6.5.2 Double digital signature attached to data 6.5.3 Duplicate integrity check values attached to data <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 6.6 Formal specification of encipherment 6.6.1 Formal specification of encryption 6.6.2 Formal specification of authenticated encryption with associated data <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 7 General concepts for securing protocols 7.1 Introduction 7.2 Protected protocol plug-in concept 7.3 Communications structure 7.4 Another view of the relationship between the wrapper protocol and the protected protocol <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 7.5 Structure of application protocol data unit 7.6 Exception conditions <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 8 Wrapper protocol general concepts 8.1 Introduction 8.2 UTC time specification 8.3 Use of alternative cryptographic algorithms 8.4 Establishment of shared keys <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 8.5 Sequence numbers 8.6 Use of invocation identification in the wrapper protocol 8.7 Mapping to underlying services 8.8 Definition of protected protocols 8.9 Overview of wrapper protocol data units <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 9 Association management 9.1 Introduction to association management 9.2 Association handshake request <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 9.3 Association accept <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 9.4 Association reject due to security issues <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 9.5 Association reject by the protected protocol <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 9.6 Handshake security abort 9.7 Handshake abort by protected protocol <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 9.8 Data transfer security abort 9.9 Abort by protected protocol <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 9.10 Release request WrPDU 9.11 Release response WrPDU <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 9.12 Release collision 10 Data transfer phase 10.1 Symmetric keys renewal 10.2 Data transfer by the client 10.2.1 General <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 10.2.2 Client using authenticated encryption with associated data 10.2.3 Client not using authenticated encryption with associated data 10.2.4 Client non-encrypted data <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 10.3 Data transfer by the server 10.3.1 General 10.3.2 Server using authenticated encryption with associated data 10.3.3 Server not using authenticated encryption with associated data <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 10.3.4 Server non-encrypted data <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 11 Information flow 11.1 Purpose and general model <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 11.2 Protected protocol SAOC 11.3 Wrapper SAOC 11.3.1 General 11.3.2 Handshake request subclass 11.3.3 Handshake accept subclass 11.3.4 Handshake security reject subclass 11.3.5 Handshake reject by protected protocol subclass <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 11.3.6 Handshake security abort subclass 11.3.7 Handshake abort by protected protocol subclass 11.3.8 Data transfer security abort subclass 11.3.9 Data transfer application abort subclass 11.3.10 Release request subclass 11.3.11 Release response subclass <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 11.3.12 Client data transfer with authenticated encryption with associated data subclass 11.3.13 Client data transfer with integrity check value protection subclass 11.3.14 Server data transfer with authenticated encryption with associated data subclass 11.3.15 Client data transfer with integrity check value protection subclass <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 12 Wrapper error handling 12.1 General 12.2 Checking of a wrapper handshake request 12.2.1 General 12.2.2 Digital signature checking 12.2.3 Checking of the to-be-signed part <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 12.3 Checking of a wrapper handshake accept 12.3.1 General 12.3.2 Digital signature checking 12.3.3 Checking of the to-be-signed part <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 12.4 Checking of data transfer WrPDUs 12.4.1 General 12.4.2 Common checking for data transfer 12.4.2.1 Common checking for use of authenticate encryption with associated data 12.4.2.2 Common checking for non-use of authenticate encryption with associated data <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 12.4.2.3 Common checking for AadClient and AadServer data types 12.4.5 AadClient data value specific checking 12.4.6 AadServer data value specific checking <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 12.5 Wrapper diagnostic codes <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 13 Authorization and validation list management 13.1 General on authorization and validation management 13.1.1 Introduction 13.1.2 Invocation identification 13.1.3 Exception conditions 13.2 Defined protected protocol data unit types <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 13.3 Authorization and validation management protocol initialization request 13.4 Authorization and validation management protocol initialization accept 13.5 Authorization and validation management protocol initialization reject 13.6 Authorization and validation management protocol initialization abort <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 13.7 Add authorization and validation list request <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | 13.8 Add authorization and validation list response 13.9 Replace authorization and validation list request 13.10 Replace authorization and validation list response <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | 13.11 Delete authorization and validation list request 13.12 Delete authorization and validation list response <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | 13.13 Authorization and validation list abort 13.14 Authorization and validation list error codes <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | 14 Certification authority subscription protocol 14.1 Certification authority subscription introduction 14.2 Defined protected protocol data unit types 14.3 Certification authority subscription protocol initialization request <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | 14.4 Certification authority subscription protocol initialization accept 14.5 Certification authority subscription protocol initialization reject 14.6 Certification authority subscription protocol initialization abort 14.7 Public-key certificate subscription request <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | 14.8 Public-key certificate subscription response <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | 14.9 Public-key certificate un-subscription request 14.10 Public-key certificate un-subscription response <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 14.11 Public-key certificate replacements request <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | 14.12 Public-key certificate replacement response <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | 14.13 End-entity public-key certificate updates request 14.14 End-entity public-key certificate updates response <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 14.15 Certification authority subscription abort 14.16 Certification authority subscription error codes <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 15 Trust broker protocol 15.1 Introduction 15.2 Defined protected protocol data unit types 15.3 Trust broker protocol initialization request 15.4 Trust broker protocol initialization accept <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | 15.5 Trust broker protocol initialization reject 15.6 Trust broker protocol initialization abort 15.7 Trust broker request syntax 15.8 Trust broker response syntax <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | 15.9 Trust broker error information <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | H.1 Introduction H.2 Negotiation of cryptographic algorithms H.2.1 Cryptographic negotiation for new protocols H.2.2 Cryptographic negotiation for existing protocols <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | H.3 Non-negotiable digital signature algorithms H.3.1 General <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | H.3.2 Duplicate signatures for new protocols H.3.3 Duplicate signatures for existing protocols <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Information technology. Open systems interconnection directory – Protocol specifications for secure operations<\/b><\/p>\n |