-- Module IPMSSecurityExtensions (X.420:06/1999)
IPMSSecurityExtensions {joint-iso-itu-t mhs(6) ipms(1) modules(0)
ipm-security-extensions(14) version-1999(1)} DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- Prologue
-- Exports everything
IMPORTS
-- MTS Abstract Service
Certificates, Content, ContentIntegrityCheck, ExtendedCertificates,
EXTENSION, MessageOriginAuthenticationCheck, MessageToken, EncryptionKey
--==
FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
mts-abstract-service(1) version-1999(1)}
-- IPMS Information Objects
IPMS-EXTENSION
--==
FROM IPMSInformationObjects {joint-iso-itu-t mhs(6) ipms(1) modules(0)
information-objects(2) version-1999(1)}
-- IPMS Heading Extensions
BodyPartNumber
--==
FROM IPMSHeadingExtensions {joint-iso-itu-t mhs(6) ipms(1) modules(0)
heading-extensions(6) version-1999(1)}
-- Directory Authentication Framework
AlgorithmIdentifier, ENCRYPTED{}
--==
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 3}
-- Directory Certificate Extensions
CertificateAssertion
--==
FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 0}
-- IPMS Object Identifiers
id-sec-ipm-security-request, id-sec-security-common-fields
--==
FROM IPMSObjectIdentifiers {joint-iso-itu-t mhs(6) ipms(1) modules(0)
object-identifiers(0) version-1999(1)};
-- Recipient Security Request
recipient-security-request IPMS-EXTENSION ::= {
VALUE RecipientSecurityRequest,
IDENTIFIED BY id-sec-ipm-security-request
}
RecipientSecurityRequest ::= BIT STRING {
content-non-repudiation(0), content-proof(1), ipn-non-repudiation(2),
ipn-proof(3)}
-- IPN Security Response
ipn-security-response IPMS-EXTENSION ::= {
VALUE IpnSecurityResponse,
IDENTIFIED BY id-sec-security-common-fields
}
IpnSecurityResponse ::= SET {
content-or-arguments
CHOICE {original-content OriginalContent,
original-security-arguments
SET {original-content-integrity-check
[0] OriginalContentIntegrityCheck OPTIONAL,
original-message-origin-authentication-check
[1] OriginalMessageOriginAuthenticationCheck OPTIONAL,
original-message-token
[2] OriginalMessageToken OPTIONAL}},
security-diagnostic-code SecurityDiagnosticCode OPTIONAL
}
-- MTS security fields
OriginalContent ::= Content
OriginalContentIntegrityCheck ::= ContentIntegrityCheck
OriginalMessageOriginAuthenticationCheck ::= MessageOriginAuthenticationCheck
OriginalMessageToken ::= MessageToken
-- Security Diagnostic Codes
SecurityDiagnosticCode ::= INTEGER {
integrity-failure-on-subject-message(0),
integrity-failure-on-forwarded-message(1),
moac-failure-on-subject-message(2), unsupported-security-policy(3),
unsupported-algorithm-identifier(4), decryption-failed(5), token-error(6),
unable-to-sign-notification(7), unable-to-sign-message-receipt(8),
authentication-failure-on-subject-message(9),
security-context-failure-message(10), message-sequence-failure(11),
message-security-labelling-failure(12), repudiation-failure-of-message(13),
failure-of-proof-of-message(14), signature-key-unobtainable(15),
decryption-key-unobtainable(16), key-failure(17),
unsupported-request-for-security-service(18),
inconsistent-request-for-security-service(19),
ipn-non-repudiation-provided-instead-of-content-proof(20),
token-decryption-failed(21), double-enveloping-message-restoring-failure(22),
unauthorised-dl-member(23), reception-security-failure(24),
unsuitable-alternate-recipient(25), security-services-refusal(26),
unauthorised-recipient(27), unknown-certification-authority-name(28),
unknown-dl-name(29), unknown-originator-name(30), unknown-recipient-name(31),
security-policy-violation(32)}
-- Security Envelope Extensions
body-part-encryption-token EXTENSION ::= {
BodyPartTokens,
RECOMMENDED CRITICALITY {for-delivery},
IDENTIFIED BY standard-extension:43
}
BodyPartTokens ::=
SET OF
SET {body-part-number BodyPartNumber,
body-part-choice
CHOICE {encryption-token EncryptionToken,
message-or-content-body-part [0] BodyPartTokens}
}
EncryptionToken ::= SET {
encryption-algorithm-identifier AlgorithmIdentifier,
encrypted-key ENCRYPTED{EncryptionKey},
recipient-certificate-selector [0] CertificateAssertion OPTIONAL,
recipient-certificate [1] Certificates OPTIONAL,
originator-certificate-selector [2] CertificateAssertion OPTIONAL,
originator-certificates [3] ExtendedCertificates OPTIONAL,
...
}
forwarded-content-token EXTENSION ::= {
ForwardedContentToken,
RECOMMENDED CRITICALITY {for-delivery},
IDENTIFIED BY standard-extension:44
}
ForwardedContentToken ::=
SET OF
SET {body-part-number BodyPartNumber,
body-part-choice
CHOICE {forwarding-token MessageToken,
message-or-content-body-part ForwardedContentToken
}}
END -- of IPMSSecurityExtensions
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D