tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 5024

 
 
 

ODETTE File Transfer Protocol 2.0

Part 3 of 4, p. 69 to 99
Prev RFC Part       Next RFC Part

 


prevText      Top      Up      ToC       Page 69 
6.  File Services

6.1.  Overview

   ODETTE-FTP provides services for compressing, encrypting, and signing
   files.  These services should generally be performed off line,
   outside of the ODETTE-FTP communications session for performance
   reasons, although this is not a strict requirement.

   ODETTE-FTP requires that the following steps must be performed in
   this exact sequence, although any of steps 2, 3, or 4 may be omitted.
   Step 1 is required only if any of steps 2, 3, or 4 are performed:

   1. Insert record length indicators (V format files only; see Section
      6.5)
   2. Sign
   3. Compress
   4. Encrypt

   The cipher suite for the encryption and signing algorithms is
   assigned by bilateral agreement.

   Secured and/or compressed files must be enveloped.  The envelope
   contains additional information about the service used that is
   necessary for a receiving party to fully process the file.

   The [CMS] content types used are:

   EnvelopedData  - Indicates encrypted data
   CompressedData - Indicates compressed data
   SignedData     - Indicates signed content
   Data           - Indicates unstructured data

   For signed or encrypted data, the encapsulated content type
   (eContentType field) is id-data.

6.2.  File Signing

   Files that are to be signed are enveloped according to the file
   enveloping format (SFIDENV).  Generally, this will be as a [CMS]
   package.

   A file may be signed more than once to ease the changeover between
   old and new certificates.

Top      Up      ToC       Page 70 
   It is recommended that the envelope does not contain the public
   certificate of the signer.  Where files are sent to the same
   recipient continuously, it would serve no benefit to repeatedly send
   the same certificate.  Both the original file data and signature are
   stored within the [CMS] package.

6.3.  File Encryption

   Files that are to be encrypted are enveloped according to the file
   enveloping format (SFIDENV).  Generally, this will be as a [CMS]
   package.

   It is recommended that encryption should be performed before the
   ODETTE-FTP session starts because a large file takes a long time to
   encrypt and could cause session time outs, even on high-performance
   machines.

   Likewise, decryption of the file should occur outside of the session.
   However, an application may choose to allow in-session encryption and
   decryption for very small files.

6.4.  File Compression

   Files that are to be compressed are enveloped according to the file
   enveloping format (SFIDENV).  Generally, this will be as a [CMS]
   package using the [CMS-Compression] data type, which uses the [ZLIB]
   compression algorithm by default.

   Unlike the buffer compression method, this method operates on a whole
   file.  Because of the increased levels of compression, file level
   compression essentially deprecates the older buffer compression
   inside ODETTE-FTP.  The buffer compression is kept for backwards
   compatibility.

6.5.  V Format Files - Record Lengths

   A file that has been signed, compressed, and/or encrypted will have
   lost its record structure, so ODETTE-FTP will not be able to insert
   the End of Record Flag in subrecord headers in Data Exchange Buffers.
   To preserve the record structure, V format files must have record
   headers inserted into them prior to signing, compression, or
   encryption.  These 2-byte binary numbers, in network byte order,
   indicate the length of each record, allowing the receiving system,
   where appropriate, to recreate the files complete with the original
   variable-length records.  Note that the header bytes hold the number
   of data bytes in the record and don't include themselves.

Top      Up      ToC       Page 71 
   This is only applicable to V format files, which themselves are
   typically only of concern for mainframes.

7.  ODETTE-FTP Data Exchange Buffer

7.1.  Overview

   Virtual Files are transmitted by mapping the Virtual File records
   into Data Exchange Buffers, the maximum length of which was
   negotiated between the ODETTE-FTP entities via the Start Session
   (SSID) commands exchanged during the Start Session phase of the
   protocol.

   Virtual File records may be of arbitrary length.  A simple
   compression scheme is defined for strings of repeated characters.

   An example of the use of the Data Exchange Buffer can be found in
   Appendix A.

7.2.  Data Exchange Buffer Format

   For transmission of Virtual File records, data is divided into
   subrecords, each of which is preceded by a 1-octet Subrecord Header.

   The Data Exchange Buffer is made up of the initial Command Character
   followed by pairs of Subrecord Headers and subrecords, as follows.

      o--------------------------------------------------------
      | C | H |           | H |           | H |           |   /
      | M | D | SUBRECORD | D | SUBRECORD | D | SUBRECORD |  /_
      | D | R |           | R |           | R |           |   /
      o-------------------------------------------------------

   CMD

      The Data Exchange Buffer Command Character, 'D'.

   HDR

      A 1-octet Subrecord Header defined as follows:

          0   1   2   3   4   5   6   7
        o-------------------------------o
        | E | C |                       |
        | o | F | C O U N T             |
        | R |   |                       |
        o-------------------------------o

Top      Up      ToC       Page 72 
      Bits

       0     End of Record Flag

             Set to indicate that the next subrecord is the last
             subrecord of the current record.

             Unstructured files are transmitted as a single record; in
             this case, the flag acts as an end-of-file marker.

       1     Compression Flag

             Set to indicate that the next subrecord is compressed.

      2-7    Subrecord Count

             The number of octets in the Virtual File represented by the
             next subrecord expressed as a binary value.

             For uncompressed data, this is simply the length of the
             subrecord.

             For compressed data, this is the number of times that the
             single octet in the following subrecord must be inserted in
             the Virtual File.

             As 6 bits are available, the next subrecord may represent
             between 0 and 63 octets of the Virtual File.

7.3.  Buffer Filling Rules

   A Data Exchange Buffer may be any length up to the value negotiated
   in the Start Session exchange.

   Virtual File records may be concatenated within one Data Exchange
   Buffer or split across a number of buffers.

   A subrecord is never split between two Exchange Buffers.  If the
   remaining space in the current Exchange Buffer is insufficient to
   contain the next 'complete' subrecord, one of the following
   strategies should be used:

   1. Truncate the Exchange Buffer, and put the complete subrecord
      (preceded by its header octet) in a new Exchange Buffer.

   2. Split the subrecord into two, filling the remainder of the
      Exchange Buffer with the first new subrecord and starting a new
      Exchange Buffer with the second.

Top      Up      ToC       Page 73 
   A record of length zero may appear anywhere in the Exchange Buffer.

   A subrecord of length zero may appear anywhere in the record and/or
   the Exchange Buffer.

8.  Stream Transmission Buffer

8.1.  Introduction

   To utilise the TCP stream, a Stream Transmission Buffer (STB) is
   created by adding a Stream Transmission Header (STH) to the start of
   all Command and Data Exchange Buffers before they are passed to the
   TCP transport service.  This allows the receiving ODETTE-FTP to
   recover the original Exchange Buffers.

   Note: The Stream Transmission Buffer is not used when using ODETTE-
         FTP over an X.25 network.

   This is because ODETTE-FTP can rely on the fact that the Network
   Service will preserve the sequence and boundaries of data units
   transmitted through the network and that the Network Service will
   pass the length of the data unit to the receiving ODETTE-FTP.  TCP
   offers a stream-based connection that does not provide these
   functions.

   The Stream Transmission Buffer is composed of an STH and an OEB.

   o-----+-----------------+-----+--------------------+-----+------
   | STH | OEB             | STH |  OEB               | STH | OEB/
   o-----+-----------------+-----+--------------------+-----+----

      STH - Stream Transmission Header
      OEB - ODETTE-FTP Exchange Buffer

8.2.  Stream Transmission Header Format

   The Stream Transmission Header is shown below.  The fields are
   transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version| Flags | Length                                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 74 
   Version

      Value: 0001 (binary)

             Stream Transmission Header version number.

   Flags

      Value: 0000 (binary)

             Reserved for future use.

   Length

      Range: 5 - 100003 (decimal)

      The length of the Stream Transmission Buffer (STH+OEB).

      The smallest STB is 5 octets consisting of a 4-octet header
      followed by a 1-octet Exchange Buffer such as a Change Direction
      (CD) command.

      The maximum Exchange Buffer length that can be negotiated is 99999
      octets (Section 5.3.2) giving an STB length of 100003.

      The length is expressed as a binary number in network byte order.

   It is expected that implementations of this protocol will follow the
   Internet robustness principle of being conservative in what is sent
   and liberal in what is accepted.

9.  Protocol State Machine

9.1.  ODETTE-FTP State Machine

   The operation of an ODETTE-FTP entity is formally defined by the
   State Machine presented below.  There are five State and Transition
   tables, and for each table additional information is given in the
   associated Predicate and Action lists.

   The response of an ODETTE-FTP entity to the receipt of an event is
   defined by a Transition table entry indexed by the Event/State
   intersection within the appropriate state table.

   Each Transition table entry defines the actions taken, events
   generated, and new state entered.  Predicates may be used within a
   table entry to select the correct response on the basis of local
   information held by the entity.

Top      Up      ToC       Page 75 
   A Transition table contains the following fields:

     Index (I)   State transition index.

     Predicate   A list of predicates used to select between different
                 possible transitions.  The predicates are defined in
                 the Predicate and Action lists.

     Actions     A list of actions taken by the entity.  The actions are
                 defined in the Predicate and Action lists.

     Events      Output events generated by the entity.

     Next State  The new state of the entity.

9.2.  Error Handling

   The receipt of an event in a given state may be invalid for three
   reasons.

   1.  The case is impossible by design of the state automata, denoted
       'X' in the state tables.  For example, a timer that has not been
       set cannot run out.

   2.  The event is the result of an error in the Network Service
       implementation, also denoted 'X' in the state tables.  The
       Network Service implementation is considered to be correct.

   3.  For all other cases, the event is considered to be a User Error,
       denoted "U" in the state tables.

   The state tables define the conditions under which a User event is
   valid, thus preventing the generation of a protocol error by the
   ODETTE-FTP entity as a result of a User Monitor error.  The reaction
   of the entity to such errors is undefined and regarded as a local
   implementation issue.

   The state tables also allow protocol errors due to the receipt of
   invalid Exchange Buffers, to be detected.  In such cases, the
   reaction of the entity to the error is defined.

Top      Up      ToC       Page 76 
9.3.  States

   The Command Mode is strictly a half-duplex flip-flop mode.

   A_NC_ONLY   Responder, Network Connection opened

               The Responder has sent its Ready Message (SSRM) and is
               waiting for Start Session (SSID) from the Initiator.

   A_WF_CONRS  Responder Waiting for F_CONNECT_RS

               The Responder has received the Initiator's Start Session
               (SSID) and is waiting for a response (F_CONNECT_RS) from
               its User Monitor.

   CDSTWFCD    CD_RQ stored in WF_CD state

               Since the User Monitor doesn't see the WF_CD state, it
               may send a Change Direction request (F_CD_RQ) before the
               ODETTE-FTP receives a Change Direction (CD) command.

   CLIP        Close Input Pending

               The Listener has received an End File (EFID) command and
               is waiting for the Close File response (F_CLOSE_FILE_RS)
               from its User Monitor.

   CLOP        Close Out Pending

               The Speaker has sent an End File (EFID) command and is
               waiting for an End File Answer (EFPA or EFNA).

   ERSTWFCD    End to End Response stored in WF_CD state

               Since the User Monitor doesn't see the WF_CD state, it
               may send F_EERP_RQ, before ODETTE-FTP receives a Change
               Direction (CD) command.

   IDLE        Connection IDLE

   IDLELI      Idle Listener

   IDLELICD    Idle Listener, F_CD_RQ Received

               The ODETTE-FTP entity has become the Listener after
               receiving a Change Direction request (F_CD_RQ) from the
               User Monitor.  The receipt of an End Session (ESID) is
               valid in this state.

Top      Up      ToC       Page 77 
   IDLESP      Idle Speaker

   IDLESPCD    Idle Speaker, F_CD_IND Sent

               The ODETTE-FTP entity has sent a Change Direction
               indication (F_CD_IND) to the User Monitor.  A Change
               Direction request (F_CD_RQ) is invalid in this state.

   I_WF_NC     Initiator Waiting for Network Connection

               The Initiator has requested a new network connection and
               is waiting for a Connection confirmation (N_CON_CF) from
               the Network Service.

   I_WF_RM     Initiator Waiting for Ready Message

               Before sending Start Session (SSID), the Initiator must
               wait for a Ready Message (SSRM) from the Responder.

   I_WF_SSID   Initiator Waiting for SSID

               The Initiator has sent a Start Session (SSID) command and
               is waiting for Start Session from the Responder.

   NRSTWFCD    Negative End Response stored in WF_CD state

               Since the User Monitor doesn't see the WF_CD state, it
               may send F_NERP_RQ, before ODETTE-FTP receives a Change
               Direction (CD) command.

   OPI         Open Input (Data Transfer Phase)

               The Listener is waiting for the Speaker to send a Data
               Exchange Buffer.

   OPIP        Open Input Pending

               The Listener has received a Start File (SFID) command and
               is waiting for the Start File response (F_START_FILE_RS)
               from its User Monitor.

   OPO         Open Out (Data Transfer Phase)

               The Speaker has received a Start File Positive Answer
               (SFPA) and is waiting for a Data (F_DATA_RQ) or Close
               File (F_CLOSE_FILE) request from its User Monitor.

Top      Up      ToC       Page 78 
   OPOP        Open Out Pending

               The Speaker has sent a Start File (SFID) command and is
               waiting for a Start File Answer (SFPA or SFNA).

   OPOWFC      Open Out Wait for Credit

               The Speaker is waiting for a Set Credit (CDT) command
               before sending further Data Exchange buffers.

   RTRP        Ready to Receive (RTR) Pending

               The Listener has received an EERP or a NERP and is
               waiting for the Ready to Receive response (F_RTR_RS) from
               its User Monitor.

   SFSTWFCD    Start File Request stored in WF_CD state.

               Since the User Monitor doesn't see the WF_CD state, it
               may send a Start File request (F_START_FILE_RQ) before
               the ODETTE-FTP receives a Change Direction (CD) command.

   WF_CD       Wait for Change Direction

               The Listener wishes to become the Speaker and is waiting
               for a Change Direction (CD) command after sending an End
               File Positive Answer (EFPA) requesting change direction.

   WF_RTR      Wait for Ready To Receive

               The Speaker has sent an End to End Response (EERP) or a
               Negative End Response (NERP) command and must wait for
               Ready To Receive (RTR) from the Listener.

   WF_NDISC    Wait for N_DISC_IND

               ODETTE-FTP has sent an End Session (ESID) command and is
               waiting for a Disconnection indication (N_DISC_IND) from
               the Network Service.

   WF_SECD     Wait for Security Change Direction

               The Speaker is expecting a Security Change Direction
               (SECD) from the Listener.

Top      Up      ToC       Page 79 
   WF_AUCH     Wait for Authentication Challenge

               The Speaker has sent a Security Change Direction (SECD)
               command and must wait for Authentication Challenge (AUCH)
               from the Listener.

   WF_AURP     Wait for Authentication Response

               The Speaker has sent an Authentication Challenge (AUCH)
               command and must wait for Authentication Response (AURP)
               from the Listener.

9.4.  Input Events

   User Monitor Input Events (Section 3)

     F_DATA_RQ   F_CONNECT_RQ   F_START_FILE_RQ      F_CLOSE_FILE_RQ
     F_EERP_RQ   F_CONNECT_RS   F_START_FILE_RS(+)   F_CLOSE_FILE_RS(+)
     F_NERP_RQ   F_ABORT_RQ     F_START_FILE_RS(-)   F_CLOSE_FILE_RS(-)
     F_CD_RQ     F_RELEASE_RQ   F_RTR_RS

   Network Input Events (Section 2.2)

      N_CON_IND   N_CON_CF   N_DATA_IND   N_DISC_IND   N_RST_IND

   Peer ODETTE-FTP Input Events (Section 4)

      SSID   SFID   SFPA   SFNA   EFID   EFPA   EFNA
      DATA   ESID   EERP   RTR    CD     CDT    SSRM
      NERP   SECD   AUCH   AURP

   Internal Input Events

      TIME-OUT - Internal ODETTE-FTP timer expires.

   Input event parameters are denoted I.Event-name.Parameter-name within
   the state table action and predicate lists.  Their value can be
   examined but not changed by the ODETTE-FTP entity.

9.5.  Output Events

   User Monitor Output Events (Section 3)

     F_DATA_IND  F_CONNECT_IND  F_START_FILE_IND     F_CLOSE_FILE_IND
     F_EERP_IND  F_CONNECT_CF   F_START_FILE_CF(+)   F_CLOSE_FILE_CF(+)
     F_CD_IND    F_ABORT_IND    F_START_FILE_CF(-)   F_CLOSE_FILE_CF(-)
     F_NERP_IND  F_RELEASE_IND  F_DATA_CF            F_RTR_CF

Top      Up      ToC       Page 80 
   Network Output Events (Section 2.2)

      N_CON_RQ   N_CON_RS   N_DATA_RQ   N_DISC_RQ

   Peer ODETTE-FTP Output Events (Section 4)

      SSID   SFID   SFPA   SFNA   EFID   EFPA   EFNA
      DATA   ESID   EERP   RTR    CD     CDT    SSRM
      NERP   SECD   AUCH   AURP

   Output event parameters are denoted O.Event-name.Parameter-name
   within the state table action and predicate lists.  Their values can
   be examined and changed by the ODETTE-FTP entity.

9.6.  Local Variables

   The following variables are maintained by the ODETTE-FTP entity to
   assist the operation of the protocol.  They are denoted V.Variable-
   name within the state table action and predicate lists.  Their value
   can be examined and changed by the ODETTE-FTP entity.  The initial
   value of each variable is undefined.

   Variable       Type       Comments
   ---------------------------------------------------------------------
   Buf-size       Integer    Negotiated Data Exchange Buffer size.
   Called-addr    Address    Used to build O.F_CONNECT_IND.Called-addr
   Calling-addr   Address    To build O.F_CONNECT_IND.Calling-addr
   Compression    Yes/No     Compression in use as agreed.
   Credit_L       Integer    Listener's credit counter.
   Credit_S       Integer    Speaker's credit counter.
   Id             String     Used to build O.SSID.Id
   Mode                      Sender-only, Receiver-only, Both.
   Pswd           String     Password, used to build O.SSID.Pswd
   Req-buf        Primitive  Input event (F_XXX_RQ) stored in WF_CD
                              state.
   Restart        Yes/No     Restart in used as agreed.
   Restart-pos    Integer    Used only during file opening.
   Window         Integer    The credit value negotiated for the
                              session.
   Caller         Yes/No     This entity initiated the ODETTE-FTP
                              session.
   Authentication Yes/No     Secure authentication in use as agreed
   Challenge      Binary     Random challenge
   ---------------------------------------------------------------------

Top      Up      ToC       Page 81 
9.7.  Local Constants

   The following constants define the capabilities of a given ODETTE-FTP
   entity.  They are denoted C.Constant-name within the state table
   action and predicate lists.  Their value can be examined but not
   changed by the ODETTE-FTP entity.

   Constant         Value               Comments
   ---------------------------------------------------------------------
   Cap-compression  Yes/No              Compression supported?
   Cap-init         Initiator           Must be Initiator.
                    Responder           Must be Responder.
                    Both                Can be Initiator or Responder.
   Cap-mode         Sender-only         Must be sender.
                    Receiver-only       Must be receiver.
                    Both                Can be sender or receiver.
   Max-buf-size     127 < Int < 100000  Maximum Data Exchange Buffer
                                         size supported.
   Max-window       0 < Int < 1000      Local maximum credit value.
   Cap-restart      Yes/No              Restart supported?
   Cap-logic        0, 1, 2             0 = does not support special
                                            logic
                                        1 = supports special logic
                                        2 = needs special logic
   ---------------------------------------------------------------------

Top      Up      ToC       Page 82 
9.8.  Session Connection State Table

9.8.1.  State Table

   o----------------------------------------------------------o
   |   | Other States                                         |
   |   |--------------------------------------------------o   |
   |   | WF_SECD                                          |   |
   |   |----------------------------------------------o   |   |
   |   | WF_AURP                                      |   |   |
   |   |------------------------------------------o   |   |   |
   |   | WF_AUCH                                  |   |   |   |
   |   |--------------------------------------o   |   |   |   |
   | S | A_WF_CONRS                           |   |   |   |   |
   |   |----------------------------------o   |   |   |   |   |
   | T | A_NC_ONLY                        |   |   |   |   |   |
   |   |------------------------------o   |   |   |   |   |   |
   | A | I_WF_SSID                    |   |   |   |   |   |   |
   |   |--------------------------o   |   |   |   |   |   |   |
   | T | I_WF_RM                  |   |   |   |   |   |   |   |
   |   |----------------------o   |   |   |   |   |   |   |   |
   | E | I_WF_NC              |   |   |   |   |   |   |   |   |
   |   |------------------o   |   |   |   |   |   |   |   |   |
   |   | IDLE             |   |   |   |   |   |   |   |   |   |
   |==================o---+---+---+---+---+---+---+---+---+---|
   |   | F_CONNECT_RQ | A | X | X | X | X | X | X | X | X | X |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   | E | N_CON_CF     | X | C | X | X | X | X | X | X | X | X |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   | V | SSRM         | X | X | H | X | X | X | L | L | L | X |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   | E | SSID         | X | X | X | D | E | F | L | L | L | F |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   | N | N_CON_IND    | B | X | X | X | X | X | X | X | X | X |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   | T | F_CONNECT_RS | X | U | U | U | U | G | X | X | X | U |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   |   | ESID         | X | X | X | F | X | X | F | F | F | X |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   |   | AUCH         | X | X | U | U | X | X | I | L | L | U |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   |   | AURP         | X | X | U | U | X | X | L | K | L | U |
   |   |--------------+---+---+---+---+---+---+---+---+---+---|
   |   | SECD         | X | X | U | U | X | X | L | L | J | U |
   o----------------------------------------------------------o

Top      Up      ToC       Page 83 
9.8.2.  Transition Table

    I | Predicate    Actions     Output Events            Next State
   ===o=============================================================
    A | P1:                      F_ABORT_IND              IDLE
      | !P1:            1,2      N_CON_RQ                 I_WF_NC
   ---+-------------------------------------------------------------
    B | P3:                      N_DISC_RQ                IDLE
      | !P3:            2        N_CON_RS
      |                          SSRM                     A_NC_ONLY
   ---+-------------------------------------------------------------
    C |                 4,2                               I_WF_RM
   ---+-------------------------------------------------------------
    D | P2 & P8 & P11:  4,2,5    SECD                     WF_AUCH
      | P2 & P8 & !P11: 4,2,5    F_CONNECT_CF             IDLESP
      | P2 & !P8:       4,2      ESID(R=12)
      |                          F_ABORT_IND(R,AO=L)      WF_NDISC
      | else:           4,2      ESID(R=10)
      |                          F_ABORT_IND(R,AO=L)      WF_NDISC
   ---+-------------------------------------------------------------
    E | P4:             4        N_DISC_RQ                IDLE
      | !P4:            4,2      F_CONNECT_IND            A_WF_CONRS
   ---+-------------------------------------------------------------
    F |                 4        F_ABORT_IND
      |                          N_DISC_RQ                IDLE
   ---+-------------------------------------------------------------
    G | P2 &  P9 & P10: 4,2,5    SSID                     WF_SECD
      | P2 & !P9 & P10: 4,2,5    SSID                     IDLELI
      | !P10:           4,2      ESID(R=12)
      |                          F_ABORT_IND(R,AO=L)      WF_NDISC
      | else:           4,2      ESID(R=10)
      |                          F_ABORT_IND(R,AO=L)      WF_NDISC
   ---+-------------------------------------------------------------
    H |                 4,2,3    SSID                     I_WF_SSID
   ---+-------------------------------------------------------------
    I | P5:             4,2      AURP                     WF_SECD
      | !P5:            4,2      AURP                     IDLELI
   ---+-------------------------------------------------------------
    J |                 4,2      AUCH                     WF_AURP
   ---+-------------------------------------------------------------
    K | P6:             4,2      F_CONNECT_CF             IDLESP
      | P7:             4,2      SECD                     WF_AUCH
      | else:           4,2      ESID(R=11)
      |                          F_ABORT_IND(R,AO=L)      WF_NDISC
   ---+-------------------------------------------------------------
    L |                 4,2      ESID(R=02)
      |                          F_ABORT_IND(R,AO=L)      WF_NDISC
   ---+-------------------------------------------------------------

Top      Up      ToC       Page 84 
9.8.3.  Predicates and Actions

   Predicate P1:  (No resources available) OR
                  (C.Cap-init = Responder) OR
                  (C.Cap-mode = Sender-only AND
                     I.F_CONNECT_RQ.Mode = Receiver-only) OR
                  (C.Cap-mode = Receiver-only AND
                     I.F_CONNECT_RQ.Mode = Sender-only)

   Predicate P2:  SSID negotiation is successful
                  (for these, Buf-size, Restart, Compression, Mode,
                   Special logic, and Window, compare the inbound SSID
                   with the local constants to set the local variables.
                   Any incompatibilities result in failure of the
                   negotiation.)

   Predicate P3:  C.Cap-init = Initiator

   Predicate P4:  Mode in SSID incompatible with C.Cap-mode

   Predicate P5:  V.Caller = Yes

   Predicate P6:  (V.Caller = Yes) AND (AURP.Signature verifies with
                   V.Challenge)

   Predicate P7:  (V.Caller = No)  AND (AURP.Signature verifies with
                   V.Challenge)

   Predicate P8:  V.Authentication = I.SSID.Authentication

   Predicate P9:  I.F_CONNECT_RS.Authentication = Yes

  Predicate P10:  O.F_CONNECT_IND.Authentication =
                   I.F_CONNECT_RS.Authentication

  Predicate P11:  V.Authentication = Yes

       Action 1:  Set V.Mode from (C.Cap-mode, I.F_CONNECT_RQ.Mode)
                  Set V.Pswd, V.Id, V.Restart, and
                   V.Authentication from I.F_CONNECT_RQ
                  Set V.Buf-size = C.Max-buf-size
                  Set V.Compression = C.Cap-compression
                  Set V.Caller = Yes
                  Build O.N_CON_RQ

       Action 2:  Start inactivity timer

       Action 3:  Set parameters in O.SSID = from local variables

Top      Up      ToC       Page 85 
       Action 4:  Stop timer

       Action 5:  Set V.Mode, V.Restart, V.Compression, V.Buf-size,
                      V.Window, V.Authentication = from SSID

       Action 6:  Set V.Challenge = A random number unique to the
                   session

9.9.  Error and Abort State Table

9.9.1.  State Table

   o--------------------------------------o
   |   | Other States                     |
   | S |------------------------------o   |
   | T | WF_NDISC                     |   |
   | A |--------------------------o   |   |
   | T | I_WF_NC                  |   |   |
   | E |----------------------o   |   |   |
   |   | IDLE                 |   |   |   |
   |======================o---+---+---+---|
   |   | TIME-OUT         | X | X | A | B |
   |   |------------------+---+---+---+---|
   | E | F_ABORT_RQ       | X | A | X | C |
   | V |------------------+---+---+---+---|
   | E | N_RST_IND        | X | X | A | D |
   | N |------------------+---+---+---+---|
   | T | N_DISC_IND       | X | E | F | G |
   |   |------------------+---+---+---+---|
   |   | Invalid Buffer   | X | X | H | I |
   o--------------------------------------o

Top      Up      ToC       Page 86 
9.9.2.  Transition Table

    I | Predicate    Actions     Output Events             Next State
   ===o=================================================================
    A |                          N_DISC_RQ                 IDLE
   ---+-----------------------------------------------------------------
    B |                          F_ABORT_IND
      |                          N_DISC_RQ                 IDLE
   ---+-----------------------------------------------------------------
    C |              1           N_DISC_RQ                 IDLE
   ---+-----------------------------------------------------------------
    D |              1           N_DISC_RQ
      |                          F_ABORT_IND               IDLE
   ---+-----------------------------------------------------------------
    E |                          F_ABORT_IND               IDLE
   ---+-----------------------------------------------------------------
    F |              1                                     IDLE
   ---+-----------------------------------------------------------------
    G |              1           F_ABORT_IND               IDLE
   ---+-----------------------------------------------------------------
    H |                                                    WF_NDISC
   ---+-----------------------------------------------------------------
    I |              1,2         ESID(R=01)
      |                          F_ABORT_IND(R,AO=L)       WF_NDISC
   ---------------------------------------------------------------------

9.9.3.  Predicates and Actions

       Action 1:  Stop inactivity timer

       Action 2:  Start inactivity timer

9.10.  Speaker State Table 1

9.10.1.  State Table

   The following abbreviations are used in the Speaker state table.

      F_REL_RQ(Ok)   -  F_RELEASE_RQ Reason = Normal
      F_REL_RQ(Err)  -  F_RELEASE_RQ Reason = Error

  o--------------------------------------------------------------------o
  | | Other States                                                     |
  | |--------------------------------------------------------------o   |
  | | WF_NDISC                                                     |   |
  | |----------------------------------------------------------o   |   |
  | | OPOWFC                                                   |   |   |

Top      Up      ToC       Page 87 
  | |------------------------------------------------------o   |   |   |
  | | OPO                                                  |   |   |   |
  |S|--------------------------------------------------o   |   |   |   |
  | | OPOP                                             |   |   |   |   |
  |T|----------------------------------------------o   |   |   |   |   |
  | | CDSTWFCD                                     |   |   |   |   |   |
  |A|------------------------------------------o   |   |   |   |   |   |
  | | SFSTWFCD                                 |   |   |   |   |   |   |
  |T|--------------------------------------o   |   |   |   |   |   |   |
  | | NRSTWFCD                             |   |   |   |   |   |   |   |
  |E|----------------------------------o   |   |   |   |   |   |   |   |
  | | ERSTWFCD                         |   |   |   |   |   |   |   |   |
  | |------------------------------o   |   |   |   |   |   |   |   |   |
  | | WF_CD                        |   |   |   |   |   |   |   |   |   |
  | |--------------------------o   |   |   |   |   |   |   |   |   |   |
  | | WF_RTR                   |   |   |   |   |   |   |   |   |   |   |
  | |----------------------o   |   |   |   |   |   |   |   |   |   |   |
  | | IDLESPCD             |   |   |   |   |   |   |   |   |   |   |   |
  | |------------------o   |   |   |   |   |   |   |   |   |   |   |   |
  | | IDLESP           |   |   |   |   |   |   |   |   |   |   |   |   |
  |=+==============o---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | F_EERP_RQ    | A | A | W | F | W | W | U | U | U | U | U | U | U |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | F_NERP_RQ    | Y | Y | W | Z | W | W | U | U | U | U | U | U | U |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | F_START_     | B | B | W | G | W | W | U | U | U | U | U | X | U |
  | |   FILE_RQ    |   |   |   |   |   |   |   |   |   |   |   |   |   |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | SFPA         | C | C | C | C | C | C | C | C | K | C | C | S | C |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  |E| SFNA         | C | C | C | C | C | C | C | C | L | C | C | S | C |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  |V| CD           | C | C | C | H | R | Z1| I | J | C | C | C | S | C |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  |E| F_DATA_RQ    | U | U | U | U | U | U | U | U | U | M | U | S | U |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  |N| CDT          | C | C | C | C | C | C | C | C | C | P | O | S | C |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  |T| F_CD_RQ      | D | U | W | T | W | W | U | U | U | U | U | X | U |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | F_REL_RQ(Ok) | U | E | U | U | U | U | U | U | U | U | U | X | U |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | F_REL_RQ(Err)| Q | Q | Q | Q | Q | Q | Q | Q | Q | Q | Q | S | Q |
  | |--------------+---+---+---+---+---+---+---+---+---+---+---+---+---|
  | | RTR          | C | C | N | C | C | C | C | C | C | C | C | S | C |
  o--------------------------------------------------------------------o

Top      Up      ToC       Page 88 
9.10.2.  Transition Table

    I | Predicate    Actions      Output Events              Next State
   ===o=================================================================
    A | P5:          1,2,3,18     EERP                       WF_RTR
      | !P5:         1,2,3        EERP                       WF_RTR
   ---+-----------------------------------------------------------------
    B | P1:                                                  UE
      | !P1:         1,2,5        SFID                       OPOP
   ---+-----------------------------------------------------------------
    C |              1,2          ESID(R=02)
      |                           F_ABORT_IND(R,AO=L)        WF_NDISC
   ---+-----------------------------------------------------------------
    D |              1,2          CD                         IDLELICD
   ---+-----------------------------------------------------------------
    E |              1,2          ESID(R=00)                 WF_NDISC
   ---+-----------------------------------------------------------------
    F |              4                                       ERSTWFCD
   ---+-----------------------------------------------------------------
    G | P1:                                                  UE
      | !P1:         6                                       SFSTWFCD
   ---+-----------------------------------------------------------------
    H |              1,2                                     IDLESP
   ---+-----------------------------------------------------------------
    I |              1,2,10       SFID                       OPOP
   ---+-----------------------------------------------------------------
    J |              1,2          CD                         IDLELICD
   ---+-----------------------------------------------------------------
    K | P2:          1,2          ESID(R=02)
      |                           F_ABORT_IND(R,AO=L)        WF_NDISC
      | !P2:         1,2,7,12     F_START_FILE_CF(+)         OPO
   ---+-----------------------------------------------------------------
    L |              1,2,8        F_START_FILE_CF(-)         IDLESP
   ---+-----------------------------------------------------------------
    M | P3:          1,2,11,13    DATA                       OPOWFC
      | !P3:         1,2,11,13    DATA
      |                           F_DATA_CF                  OPO
   ---+-----------------------------------------------------------------
    N |                           F_RTR_CF                   IDLESP
   ---+-----------------------------------------------------------------
    O |              12           F_DATA_CF                  OPO
   ---+-----------------------------------------------------------------
    P | Protocol     1,2          ESID(R=02)
      | Error                     F_ABORT_IND(R,AO=L)        WF_NDISC
   ---+-----------------------------------------------------------------
    Q |              1,2          ESID(R)                    WF_NDISC
   ---+-----------------------------------------------------------------
                                                           Continued -->

Top      Up      ToC       Page 89 
    I | Predicate    Actions      Output Events              Next State
   ===o=================================================================
    R |              1,2,9        EERP                       WF_RTR
   ---+-----------------------------------------------------------------
    S |                                                      WF_NDISC
   ---+-----------------------------------------------------------------
    T |                                                      CDSTWFCD
   ---+-----------------------------------------------------------------
    U |                           User Error                 UE
   ---+-----------------------------------------------------------------
    W |                           User Error - Note 1        UE
   ---+-----------------------------------------------------------------
    X |                           Error
   ---+-----------------------------------------------------------------
    Y |  P4 &  P5:   1,2,15,18    NERP                       WF_RTR
      | !P4 & !P5:   1,2,15,14    NERP                       WF_RTR
      |  P4 & !P5:   1,2,15       NERP                       WF_RTR
      | !P4 &  P5:   1,2,15,14,18 NERP                       WF_RTR
   ---+-----------------------------------------------------------------
    Z |              16                                      NRSTWFCD
   ---------------------------------------------------------------------
    Z1| P4:          1,2,17       NERP                       WF_RTR
      | !P4:         1,2,17,14    NERP                       WF_RTR
   ---------------------------------------------------------------------

9.10.3.  Predicates and Actions

   Predicate P1:  (I.F_START_FILE_RQ.Restart-pos > 0 AND V.Restart = No)
                  OR (V.Mode = Receiver-only)

           Note:  Restart requested and not supported for this session.

   Predicate P2:  I.SFPA.Restart-pos > V.Restart-pos

           Note:  Protocol error due to the restart position in the SFPA
                  acknowledgement being greater than the position
                  requested in the SFID request.

   Predicate P3:  V.Credit_S - 1 = 0

           Note:  Speaker's Credit is exhausted.

   Predicate P4:  No special logic is in use

   Predicate P5:  Signed EERP/NERP requested

       Action 1:  Stop inactivity timer

Top      Up      ToC       Page 90 
       Action 2:  Start inactivity timer

       Action 3:  Build an EERP from F_EERP_RQ

       Action 4:  Store F_EERP_RQ in V.Req-buf

       Action 5:  Build SFID from F_START_FILE_RQ
                  V.Restart-pos = I.F_START_FILE_RQ.Restart-pos

       Action 6:  Store F_START_FILE_RQ in V.Req-buf

       Action 7:  Build F_START_FILE_CF(+) from I.SFPA

       Action 8:  Build F_START_FILE_CF(-) from I.SFNA

       Action 9:  Build EERP from F_EERP_RQ stored in V.Req-buf

       Action 10: Build SFID from F_START_FILE_RQ stored in V.Req-buf
                  Set V.Restart-pos

       Action 11: Build Exchange Buffer

       Action 12: V.Credit_S = V.Window

       Action 13: V.Credit_S = V.Credit_S - 1

       Action 14: Activate CRC-calculus function.  Wrap Exchange buffer
                  in special logic

       Action 15: Build a NERP from F_NERP_RQ

       Action 16: Store F_NERP_RQ in V.Req-buf

       Action 17: Build NERP from F_NERP_RQ stored in V.Req-buf

       Action 18: Sign the contents of NERP/EERP

          Note 1: Whether to accept this "Request/Event" while in this
                  state is a matter of local implementation.  The ODETTE
                  state tables are based on the assumption that this
                  event cannot occur in this state and is considered to
                  be a user error (UE).

Top      Up      ToC       Page 91 
9.11.  Speaker State Table 2

9.11.1.  State Table

   o---------------------------------o
   | S | CLOP                        |
   | T |-------------------------o   |
   | A | OPOWFC                  |   |
   | T |---------------------o   |   |
   | E | OPO                 |   |   |
   |=====================o---+---+---|
   | E | F_CLOSE_FILE_RQ | A | E | U |
   | V |-----------------+---+---+---|
   | E | EFPA            | B | B | C |
   | N |-----------------+---+---+---|
   | T | EFNA            | B | B | D |
   o---------------------------------o

9.11.2.  Transition Table

    I | Predicate    Actions     Output Events              Next State
   ===o=================================================================
    A |              1,2,5,7     EFID                       CLOP
   ---+-----------------------------------------------------------------
    B |              1,2         ESID(R=02)
      |                          F_ABORT_IND(R,AO=L)        WF_NDISC
   ---+-----------------------------------------------------------------
    C | P1:          1,2,3       F_CLOSE_FILE_CF(+,SP=No)
      |                          CD                         IDLELI
      | !P1:         1,2,4       F_CLOSE_FILE_CF(+,SP=Yes)  IDLESP
   ---+-----------------------------------------------------------------
    D |              1,2,6       F_CLOSE_FILE_CF(-)         IDLESP
   ---+-----------------------------------------------------------------
    E |                          See Note 1
   ---+-----------------------------------------------------------------
    U |                          User Error                 UE
   ---------------------------------------------------------------------

9.11.3.  Predicates and Actions

   Predicate P1: (I.EFPA.CD-Request = Yes)

   Predicate P2:  No special logic is in use

       Action 1:  Stop inactivity timer

       Action 2:  Start inactivity timer

Top      Up      ToC       Page 92 
       Action 3:  O.F_CLOSE_FILE_CF(+).Speaker = No

       Action 4:  O.F_CLOSE_FILE_CF(+).Speaker = Yes

       Action 5:  Build EFID from F_CLOSE_FILE_RQ

       Action 6:  Build F_CLOSE_FILE_CF(-) from EFNA

       Action 7:  Set V.Credit_S = 0

       Action 8:  Wrap Exchange buffer in special logic

         Note 1:  In order to respect the "half duplex" property of
                  ODETTE-FTP, it is forbidden to send EFID while in the
                  OPOWFC state.  EFID can be sent only in the OPO state.

                  The ODETTE-FTP implementation must avoid sending EFID
                  (or receiving F_CLOSE_FILE_RQ) while in the OPOWFC
                  state.

Top      Up      ToC       Page 93 
9.12.  Listener State Table

9.12.1.  State Table

   o---------------------------------------------o
   |   | RTRP                                    |
   |   |-------------------------------------o   |
   |   | CLIP                                |   |
   |   |---------------------------------o   |   |
   |   | OPI                             |   |   |
   | S |-----------------------------o   |   |   |
   | T | OPIP                        |   |   |   |
   | A |-------------------------o   |   |   |   |
   | T | IDLELICD                |   |   |   |   |
   | E |---------------------o   |   |   |   |   |
   |   | IDLELI              |   |   |   |   |   |
   |=====================o---+---+---+---+---+---+
   |   | SFID            | A | A | B | B | B | B |
   |   |-----------------+---+---+---+---+---+---+
   | E | DATA            | B | B | B | I | B | B |
   | V |-----------------+---+---+---+---+---+---+
   | E | EFID            | B | B | B | J | B | B |
   | N |-----------------+---+---+---+---+---+---+
   | T | F_START_FILE_RS | U | U | H | U | U | U |
   |   |-----------------+---+---+---+---+---+---+
   |   | F_CLOSE_FILE_RS | U | U | U | U | K | U |
   |   |-----------------+---+---+---+---+---+---+
   |   | CD              | C | B | B | B | B | B |
   |   |-----------------+---+---+---+---+---+---+
   |   | ESID R=Normal   | D | F | D | D | D | D |
   |   |-----------------+---+---+---+---+---+---+
   |   | ESID R=Error    | D | D | D | D | D | D |
   |   |-----------------+---+---+---+---+---+---+
   |   | EERP            | E | E | B | B | B | B |
   |   |-----------------+---+---+---+---+---+---+
   |   | NERP            | L | L | B | B | B | B |
   |   |-----------------+---+---+---+---+---+---+
   |   | F_RTR_RS        | U | U | U | U | U | M |
   o---------------------------------------------o

Top      Up      ToC       Page 94 
9.12.2.  Transition Table

    I | Predicate          Actions    Output Events           Next State
   ===o=================================================================
    A | P1:                1,2        ESID(R=02)
      |                               F_ABORT_IND(R,AO=L)       WF_NDISC
      | !P1:               1,2,3      F_START_FILE_IND          OPIP
   ---+-----------------------------------------------------------------
    B |                    1,2        ESID(R=02)
      |                               F_ABORT_IND(R,AO=L)       WF_NDISC
   ---+-----------------------------------------------------------------
    C |                    1,2        F_CD_IND                  IDLESPCD
   ---+-----------------------------------------------------------------
    D |                    1          F_ABORT_IND(Received
      |                               ESID Reason,AO=D)
      |                               N_DISC_RQ                 IDLE
   ---+-----------------------------------------------------------------
    E |                    1,2,4      F_EERP_IND                RTRP
   ---+-----------------------------------------------------------------
    F |                    1          F_RELEASE_IND
      |                               N_DISC_RQ                 IDLE
   ---+-----------------------------------------------------------------
    H |  P4:                          User Error                UE
      |  P2 & !P4 & !P5:   1,2,8      SFPA                      OPI
      | !P2 & !P4 & !P5:   1,2        SFNA                      IDLELI
      |  P2 & !P4 &  P5:   1,2,5,8    SFPA                      OPI
      | !P2 & !P4 &  P5:   1,2,5      SFNA                      IDLELI
   ---+-----------------------------------------------------------------
    I | P6:                1,2        ESID(R=02)
      |                               F_ABORT_IND(R,A0=L)       WF_NDISC
      | !P5 & !P6 & !P7:   1,2,7      F_DATA_IND (See Note 1)   OPI
      | !P5 & !P6 &  P7:   1,2,8      F_DATA_IND
      |                               CDT (See Note 1)          OPI
      |  P5 & !P6 &  P8:   1,2        ESID(R=07)
      |                               F_ABORT_IND(R,A0=L)       WF_NDISC
      |  P5 & !P6 & !P7 :  1,2,6,7    F_DATA_IND (See Note 1)   OPI
      |   & !P8
      |  P5 & !P6 &  P7 :  1,2,5,6,8  F_DATA_IND                OPI
      |   & !P8                       CDT (See Note 1)
   ---+-----------------------------------------------------------------
    J |                    1,2        F_CLOSE_FILE_IND          CLIP
   ---+-----------------------------------------------------------------
    K |  P2 &  P3 & !P5:   1,2        EFPA(CD-Req)              WF_CD
      |  P2 & !P3 & !P5:   1,2        EFPA(no CD)               IDLELI
      | !P2 & !P5:         1,2        EFNA                      IDLELI
      |  P2 & !P3 & P5:    1,2,5      EFPA(no CD)               IDLELI
      | !P2 &  P5:         1,2,5      EFNA                      IDLELI
      |  P2 &  P3 & P5:    1,2,5      EFPA(CD-Req)              WF_CD

Top      Up      ToC       Page 95 
   ---+-----------------------------------------------------------------
    L |                    1,2,10     F_NERP_IND                RTRP
   ---+-----------------------------------------------------------------
    M |                    1,2        RTR                       IDLELI
   ---+-----------------------------------------------------------------
    U |                               User Error                UE
   ---------------------------------------------------------------------

9.12.3.  Predicates and Actions

   Predicate P1:  (I.SFID.Restart-pos > 0 AND V.Restart = No) OR (V.Mode
                  = Sender-only)

           Note:  Invalid Start File command.

   Predicate P2:  Positive Response

   Predicate P3:  I.F_CLOSE_FILE_RS(+).Speaker = Yes

   Predicate P4:  I.F_START_FILE_RS(+).Restart-pos > V.Restart

   Predicate P5:  Special logic is used

   Predicate P6:  V.Credit_L - 1 < 0

           Note:  Protocol Error because the Speaker has exceeded its
                  available transmission credit.

   Predicate P7:  V.Credit_L - 1 = 0

           Note:  The Speaker's credit must be reset before it can send
                  further Data Exchange Buffers.

   Predicate P8:  The calculus of the received CRC indicates an error

       Action 1:  Stop inactivity timer

       Action 2:  Start inactivity timer

       Action 3:  Build F_START_FILE_IND from I.SFID
                  V.Restart-pos = I.SFID.Restart-pos

       Action 4:  Build F_EERP_IND from I.EERP

       Action 5:  Add special logic header to the command to be sent to
                  the Speaker

Top      Up      ToC       Page 96 
       Action 6:  Suppress the special logic header from the data buffer
                  before giving it to the user

       Action 7:  V.Credit_L = V.Credit_L - 1

       Action 8:  V.Credit_L = V.Window

       Action 10: Build F_NERP_IND from I.NERP

         Note 1:  Flow control in case of reception.

                  The ODETTE-FTP Listener must periodically send new
                  credit to the Speaker.  The timing of this operation
                  will depend on:

                  1. The User Monitor's capacity to receive data.
                  2. The number of buffers available to ODETTE-FTP.
                  3. The Speaker's available credit, which must be
                     equal to zero.

9.13.  Example

   Consider an ODETTE-FTP entity that has sent a Start File (SFID)
   command and entered the Open Out Pending (OPOP) state.  Its response
   on receiving a Positive Answer (SFPA) is documented in Speaker State
   Table 1, which shows that transition 'K' should be applied and is
   interpreted as follows:

      if (I.SFPA.Restart-pos > V.Restart-pos) then
      begin                                       // invalid restart
         Actions:   Stop inactivity timer,        // reset timer
                    Start inactivity timer;
         Output:    ESID(R=02),                   // to peer ODETTE-FTP
                    F_ABORT_IND(R,AO=L);          // to User Monitor
         New State: WF_NDISC;
      end
      else begin
         Actions:   Stop inactivity timer,        // reset timer
                    Start inactivity timer;
                    Build F_START_FILE_CF(+) from I.SFPA
                    V.Credit_S = V.Window         // initialise credit
         Output:    F_START_FILE_CF(+);           // to User Monitor
         New State: OPO;
      end

Top      Up      ToC       Page 97 
   ODETTE-FTP checks the restart position in the received Start File
   Positive Answer (SFPA) command.  If it is invalid, it aborts the
   session by sending an End Session (ESID) command to its peer and an
   Abort indication (F_ABORT_IND) to its User Monitor.  If the restart
   position is valid, a Start File confirmation (F_START_FILE_CF) is
   built and sent to the User Monitor, the credit window is initialised,
   and the Open Out (OPO) state is entered.

10.  Miscellaneous

10.1.  Algorithm Choice

   The choice of algorithms to use for security or compression between
   partners is for bilateral agreement outside of ODETTE-FTP.

10.2.  Cryptographic Algorithms

   The algorithms for symmetric and asymmetric cryptography and hashing
   are represented by a coded value, the cipher suite:

       Cipher Suite  Symmetric          Asymmetric    Hashing
       ------------  -----------------  ------------  -------

       01            3DES_EDE_CBC_3KEY  RSA_PKCS1_15  SHA-1
       02            AES_256_CBC        RSA_PKCS1_15  SHA-1

   Support of all cipher suites listed here is mandatory.

   The certificates used must be [X.509] certificates.

   TripleDES is using Cipher Block Chaining (CBC) mode for added
   security and uses the Encryption Decryption Encryption (EDE) process
   with 3 different 64-bit keys.

   RSA padding is as defined in [PKCS#1].

   AES is using a 256-bit key in CBC mode.

   An extended list of optional cipher suites may be used (Section
   10.3), but there is no guarantee that two communicating ODETTE-FTP
   entities would both support these optional cipher suites.

10.3.  Protocol Extensions

   The algorithms and file enveloping formats available in ODETTE-FTP
   may be extended outside of this document.

Top      Up      ToC       Page 98 
   An up-to-date list of cipher suite values for use in ODETTE-FTP is
   maintained by ODETTE International, and published on their website at
   www.odette.org.

10.4.  Certificate Services

   Certificates and certificate revocation lists may be exchanged as
   [CMS] enveloped files.  It is therefore valid to exchange a [CMS]
   file that is neither encrypted, compressed, nor signed.  It is an
   application implementation issue to determine the correct course of
   action on receipt of such a file.

11.  Security Considerations

   ODETTE-FTP security requires the use of [X.509] certificates.  If no
   security options are agreed for use, the send and receive passwords
   are sent in plain text.  Whilst this is acceptable over X.25 and ISDN
   networks, this is a risky practice over insecure public networks such
   as the Internet.

   All, some, or none of the security options available in ODETTE-FTP
   may be used.  No recommendations for the use of these options are
   provided in this specification.  Whilst use of the highest-strength
   encryption algorithms may seem admirable, there is often a
   performance tradeoff to be made, and signing all files and
   acknowledgements has potential legal implications that should be
   considered.

   It should be noted that whilst the security measures ensure that an
   ODETTE-FTP partner is authenticated, it does not necessarily mean
   that the partner is authorised.  Having proven the identity of a
   partner, it is an application issue to decide whether that partner is
   allowed to connect or exchange files.

   Extracted from [RFC3850]:

   "When processing certificates, there are many situations where the
   processing might fail.  Because the processing may be done by a user
   agent, a security gateway, or other program, there is no single way
   to handle such failures.  Just because the methods to handle the
   failures have not been listed, however, the reader should not assume
   that they are not important.  The opposite is true: if a certificate
   is not provably valid and associated with the message, the processing
   software should take immediate and noticeable steps to inform the end
   user about it.

Top      Up      ToC       Page 99 
   Some of the many situations in which signature and certificate
   checking might fail include the following:

     No certificate chain leads to a trusted CA
     No ability to check the Certificate Revocation List (CRL) for a
      certificate
     An invalid CRL was received
     The CRL being checked is expired
     The certificate is expired
     The certificate has been revoked

   There are certainly other instances where a certificate may be
   invalid, and it is the responsibility of the processing software to
   check them all thoroughly, and to decide what to do if the check
   fails.  See RFC 3280 for additional information on certificate path
   validation."

   The push / pull nature of ODETTE-FTP means that a party can make an
   outbound connection from behind a firewall to another party and
   exchange files in both directions.  There is no need for both
   partners to open ports on their firewalls to allow incoming
   connections; only one party needs to allow incoming connections.

   See Section 1.7 for a discussion of the benefits of session security
   [TLS] versus file security.


Next RFC Part