High Quality Messaging and Electronic Commerce

1 Introduction.- 2 The X.400 Series of Recommendations.- 2.1 The X.400 Standard 1984.- 2.1.1 Functional Model.- 2.1.1.1 User Agent (UA).- 2.1.1.2 Message Transfer System (MTS).- 2.1.1.3 Message Transfer Agent (MTA).- 2.1.2 Message Structure.- 2.1.3 Management Domains.- 2.1.4 Naming and Addressing.- 2.1.5 The “ITU-T Service Concept”.- 2.1.6 Message System Types and Protocols.- 2.1.7 Problems of X.400 1984.- 2.1.7.1 No Mailbox (Message Store) Standard.- 2.1.7.2 No Distributed Lists.- 2.1.7.3 No Full OSI Stack.- 2.1.7.4 No Distinction Between Name and Address.- 2.1.7.5 Important Service Elements are not Included.- 2.2 The X.400 Standard 1988.- 2.2.1 New Definitions.- 2.2.1.1 X.400 Series of Recommendations 1988.- 2.2.1.2 F.400 Series of Recommendations 1988.- 2.2.2 The Functional Model.- 2.2.2.1 Message Store.- 2.2.2.2 Access Unit.- 2.2.3 Naming and Addressing.- 2.2.3.1 Directory Names.- 2.2.3.2 O/R Addresses.- 2.2.3.3 O/R Names.- 2.2.4 New Features Introduced in MHS 1988.- 2.2.4.1 Distribution Lists (DLs).- 2.2.4.2 Security.- 2.2.4.3 Use of a Directory.- 2.2.4.4 Messaging System Types and Protocols.- 2.2.5 Downgrading X.400 (88) to X.400 (84).- 2.2.5.1 Service Irregularities.- 2.2.5.2 Avoiding Downgrading.- 2.2.5.3 Addressing.- 2.2.5.4 General Approach.- 2.2.5.5 Common Name.- 2.2.5.6 Message Transfer System.- 2.2.5.7 IPM Downgrading.- 2.3 The X.400 Standard 1992.- 2.3.1 F.400 Series of Recommendations 1992.- 2.3.2 X.400 Series of Recommendations of MHS 1992.- 2.4 The X.400 Standard 1996.- 2.5 Proposed Additions to the X.400 Functionality for Multimedia Messaging.- 2.6 Physical Access to the X.400 Service.- 2.6.1 Public Switched Telephone Network (PSTN).- 2.6.2 Integrated Services Digital Network (ISDN).- 2.6.2.1 Relevant Standards on ISDN.- 2.6.3 Asynchronous Transfer Mode (ATM).- 2.6.3.1 LAN Emulation (LANE).- 2.6.3.2 Multiple Protocol over ATM (MPOA).- 2.6.4 Packet Switched Data Networks (PSDN) X.25 and Frame Relay.- 2.6.5 Global System for Mobile Communication (GSM).- 3 Internet Mail.- 3.1 RFC 822: Standard for the Format of ARPA Internet Text Messages.- 3.1.1 Lexical Analysis of Messages.- 3.1.1.1 General Description.- 3.1.1.2 Long Header Fields.- 3.1.1.3 Structure of Header Fields.- 3.1.1.4 Unstructured Field-Bodies.- 3.1.1.5 Structured Field-Bodies.- 3.1.1.6 Header Field Definitions.- 3.1.1.7 Lexical Tokens.- 3.1.2 Message Specification.- 3.1.2.1 Syntax.- 3.1.2.2 Forwarding.- 3.1.2.3 Trace Fields.- 3.1.2.4 Return-Path.- 3.1.2.5 Received.- 3.1.2.6 Originator Fields.- 3.1.2.7 From/Resent-From.- 3.1.2.8 Sender/Resent-Sender.- 3.1.2.9 Reply-To/Resent-Reply-To.- 3.1.2.10 Automatic Use of From/Sender/Reply-To.- 3.1.2.11 Receiver Fields.- 3.1.2.12 Reference Fields.- 3.1.2.13 Other Fields.- 3.1.3 Date and Time Specification.- 3.1.3.1 Syntax.- 3.1.3.2 Semantics.- 3.1.4 Address Specification.- 3.1.4.1 Syntax.- 3.1.4.2 Semantics.- 3.1.4.3 Domains.- 3.1.4.4 Abbreviated Domain Specification.- 3.1.4.5 Domain Terms.- 3.1.4.6 Domain-Dependent Local Strings.- 3.1.4.7 Balancing Local-Part and Domain.- 3.1.4.8 Multiple Mailboxes.- 3.1.4.9 Explicit Path Specification.- 3.1.4.10 Reserved Addresses.- 3.2 RFC 821 Simple Mail Transfer Protocol.- 3.2.1 The SMTP Procedures.- 3.2.1.1 Mail.- 3.2.1.2 Forwarding.- 3.2.1.3 Verifying and Expanding.- 3.2.1.4 Sending and Mailing.- 3.2.1.5 Opening and Closing.- 3.2.1.6 Relaying.- 3.2.1.7 Domains.- 3.2.1.8 Changing Rules.- 3.2.2 The SMTP Specifications.- 3.2.2.1 SMTP Commands.- 3.2.2.2 Numeric Order List of Reply Codes.- 3.3 SMTP Service Extensions.- 3.3.1 Framework for SMTP Extensions.- 3.3.2 The EHLO Command.- 3.3.2.1 Required Changes to RFC 821.- 3.3.2.2 Command Syntax.- 3.3.2.3 Successful Response.- 3.3.2.4 Failure Response.- 3.3.2.5 Error Responses from Extended Servers.- 3.3.2.6 Responses from Servers Without Extensions.- 3.3.2.7 Responses from Improperly Implemented Servers.- 3.3.3 Initial IANA Registry.- 3.3.4 MAIL FROM and RCPT TO Parameters.- 3.3.4.1 Error Responses.- 3.3.5 Received: Header Field Annotation.- 3.4 Delivery Status Notifications (DSN).- 3.4.1 Framework for the Delivery Status Notifications.- 3.4.2 The Delivery Status Notification Service Extension.- 3.4.2.1 Additional Parameters for RCPT and MAIL Commands.- 3.4.2.2 The NOTIFY Parameter of the ESMTP RCPT Command.- 3.4.2.3 The ORCPT Parameter of the ESMTP RCPT Command.- 3.4.2.4 The RET Parameter of the ESMTP MAIL Command.- 3.4.2.5 The ENVID Parameter of the ESMTP MAIL Command.- 3.4.2.6 Restrictions on the Use of DSN Parameters.- 3.5 Multipurpose Internet Mail Extensions (MIME).- 3.5.1 MIME Header Fields.- 3.5.2 MIME-Version Header Field.- 3.5.3 Content-Type Header Field.- 3.5.3.1 Content-Type Defaults.- 3.5.4 Content-Transfer-Encoding Header Field.- 3.5.4.1 Content-Transfer-Encodings Semantics.- 3.5.5 Content-ID Header Field.- 3.5.6 Content-Description Header Field.- 3.5.7 Additional MIME Header Fields.- 3.6 Post Office Protocol Version 3 (POP3).- 3.6.1 Introduction.- 3.6.2 Basic Operation.- 3.6.3 The AUTHORISATION State.- 3.6.3.1 QUIT.- 3.6.4 The TRANSACTION State.- 3.6.4.1 STAT.- 3.6.4.2 LIST [msg].- 3.6.4.3 RETR msg.- 3.6.4.4 DELE msg.- 3.6.4.5 NOOP.- 3.6.4.6 RSET.- 3.6.5 The UPDATE State.- 3.6.5.1 QUIT.- 3.6.6 Optional POP3 Commands.- 3.6.6.1 TOP msg n.- 3.6.6.2 UIDL [msg].- 3.6.6.3 USER Name.- 3.6.6.4 PASS String.- 3.6.6.5 APOP Name D.- 3.6.7 Scaling and Operational Considerations.- 3.6.8 POP3 Command Summary.- 3.6.8.1 Minimal POP3 Commands.- 3.6.8.2 Optional POP3 Commands.- 3.6.8.3 POP3 Replies.- 3.6.8.4 Example POP3 Session.- 3.6.8.5 Message Format.- 4 X.400-internet Mail Gateways.- 4.1 Introduction.- 4.2 MIME Internet X.400 Enhanced Relay (MIXER).- 4.2.1 Main Features.- 4.2.1.1 X.400 Features That Cannot be Mapped.- 4.2.1.2 MIXER Conformant Global Address Mapping (MCGAM).- 4.2.1.3 MIME Body Parts.- 4.2.1.4 Conversion Tables.- 4.2.1.5 X.400-MIME Conversion Table.- 4.2.1.6 MIME-X.400 conversion table.- 5 Directory Services.- 5.1 The X.500 Series of Recommendations.- 5.1.1 The X.500 Series of Recommendations 1988.- 5.1.2 The X.500 Series of Recommendations 1993.- 5.1.3 X.500 Functional Model.- 5.2 Lightweight Directory Access Protocol (LDAP).- 6 Electronic Commerce and Electronic Data Interchange.- 6.1 The History of Electronic Commerce.- 6.2 Electronic Commerce Today.- 6.3 Electronic Data Interchange—An Introduction.- 6.3.1 Reasons for EDI.- 6.3.2 Benefits of EDI.- 6.3.2.1 Increased Business Opportunities.- 6.3.2.2 Reduced Inventory.- 6.3.2.3 More Accurate Records and Decision-Making Information.- 6.3.2.4 Lower Data Entry Costs.- 6.3.2.5 Decreased Postal Mailing Costs.- 6.3.2.6 Greater Customer Satisfaction.- 6.3.2.7 Reduction in Order Time.- 6.3.2.8 Better Cash Management.- 7 Standards for EDI Documents.- 7.1 United Nations Electronic Data Interchange for Administration, Commerce and Trade (UN/EDIFACT).- 7.1.1 Batch EDI.- 7.1.1.1 Batch EDI Interchange Structure.- 7.1.1.2 Batch EDI Message Within an Interchange.- 7.1.2 Interactive EDI.- 7.1.2.1 I-EDI Interchange Structure.- 7.1.2.2 I-EDI Message Within a Transaction.- 7.1.3 Elements of EDIFACT.- 7.1.3.1 Data Elements.- 7.1.3.2 Codes.- 7.1.3.3 Composite Data Elements.- 7.1.3.4 Segments.- 7.1.4 UN Standard Messages.- 7.1.5 UNTDID—A Collection of EDIFACT Directories.- 7.2 Differences and Mutualities Amongst the Different EDI Standards.- 8 Transportation of EDI Messages.- 8.1 EDI Message Transfer via Store-and-Forward Mechanisms.- 8.1.1 Benefits of Linked EDI/E-Mail Messaging.- 8.2 EDI Message Transfer via X.400.- 8.2.1 Using the P0 Protocol to Transfer EDI Documents.- 8.2.2 Using the P2 Protocol to Transfer EDI Documents.- 8.2.3 Using the P35 (Pedi) Protocol to Transfer EDI Documents.- 8.2.3.1 EDI Messaging System Model.- 8.2.3.2 EDI Messaging Environment.- 8.2.3.3 EDI Message Structure.- 8.2.3.4 EDI Notifications.- 8.2.3.5 EDI Message (EDIM) Responsibility and Forwarding.- 8.2.3.6 The EDI Messaging System and Physical Delivery.- 9 Vulnerabilities and Security Requirements of EDI Messaging Environments.- 9.1 Vulnerabilities.- 9.2 Masquerade.- 9.3 Message Sequencing.- 9.4 Message Loss.- 9.5 Modification of Information.- 9.6 Repudiation.- 9.7 Leakage of Information.- 9.8 Manipulation of Information by EDIMG User.- 9.9 Security Requirements.- 9.9.1 Authentication.- 9.9.2 Data Confidentiality.- 9.9.3 Data Integrity.- 9.9.4 Non-repudiation.- 10 Cryptography and Key Management.- 10.1 Cryptography.- 10.1.1 Symmetric Encryption—Secret Key Cryptography.- 10.1.1.1 Data Encryption Standard (DES).- 10.1.1.2 Triple-DES.- 10.1.1.3 RC2 and RC5.- 10.1.1.4 International Data Encryption Algorithm (IDEA).- 10.1.2 Asymmetric Encryption—Public Key Cryptography.- 10.1.2.1 RSA Public Key Algorithm.- 10.1.3 Conclusion.- 10.2 Key Management.- 10.2.1 Symmetric Keys.- 10.2.2 Public and Private Keys.- 10.2.2.1 Trust and Public Keys.- 10.2.3 Conclusion.- 11 Security Mechanisms for EDI over X.400.- 11.1 Masquerade.- 11.2 Message Sequencing.- 11.3 Message Loss.- 11.3.1 Catastrophic Failure.- 11.3.2 EDI-MS Specific Message Loss.- 11.3.3 MTS Specific Message Loss.- 11.3.4 End-To-End Message Loss.- 11.4 Modification of Information.- 11.5 Repudiation.- 11.6 Leakage of Information.- 11.7 Manipulation of Information by EDIMG User.- 11.8 Additional Pervasive Mechanisms.- 11.8.1 Secure EDI-MS Audit Trail.- 11.8.2 Secure MT Audit Trail.- 11.8.3 EDI-MS Archive.- 11.8.4 MT Archive.- 12 Security Mechanisms for EDI over the Internet.- 12.1 E-Mail Encryption Protocols.- 12.1.1 Secure Multipurpose Internet Mail Extensions (S/MIME).- 12.1.2 Pretty Good Privacy (PGP).- 12.1.3 MIME Security with Pretty Good Privacy (PGP/MIME).- 12.1.4 Privacy Enhanced Mail (PEM).- 12.1.4.1 Originator Authentication.- 12.1.4.2 Message Confidentiality.- 12.1.4.3 Data Integrity.- 12.1.5 MIME Object Secure Services (MOSS).- 12.1.6 Message Secure Protocol (MSP).- 13 EDI Naming, Addressing, and Use of a Directory.- 13.1 Introduction.- 13.2 EDI Naming.- 13.3 Suggested DIT Structure for EDI.- 13.4 Name Resolution.- 13.5 Authentication.- 13.6 Capabilities Assessment.