The protocols specified in this standard will be used by end systems and intermediate systems to provide security services at the network layer, which is defined by GB/T 15126 and GB/T 15274. The protocol defined in this standard is called the Network Layer Security Protocol (NLSP). This standard stipulates: A) Support the following security services defined in GB/T 9387.2: 1) Peer entity authentication; 2) Data original authentication; 3) Access control; 4) Connection confidentiality; 5) No connection confidentiality; 6) Communication flow confidentiality; 7) Connection integrity without recovery (including data unit integrity, where individual SDUs on the connection have integrity protection); 8) No connection integrity. B) Functional requirements for implementations claiming conformance to this standard. The procedures of this protocol are defined according to the following: 1) Requirements for cryptographic techniques applicable to instances of this protocol; 2) Requirements for carrying information in secure associations for communication instances. Although the protection provided by some security mechanisms depends on some specific encryption techniques, the correct operation of this protocol does not depend on the choice of a specific encryption or decryption algorithm. This is a native matter of the communication system. Furthermore, the selection and implementation of specific security policies are outside the scope of this standard. The choice of a particular security policy, and thus the degree of protection to be achieved, is left as a local matter between systems using a single instance of secure communication. This International Standard does not require that multiple instances of secure communication involving the same development system must use the same protocol. Appendix D provides the PICS proforma for network layer protocols in accordance with the relevant guidance given in ISO/IEC 9646-2.
GB/T 17963-2000 history
2000GB/T 17963-2000 Information technology-Open Systems Interconnection-Network layer security protocol