connection
Click on the red underlined text to get to the source
... COPS/TCP). Apart from a specific procedure used
to initialize the connection, there is no difference between COPS/TLS
...
... Client-Type 0 is used to negotiate COPS connection level security and
must only be used during the connection establishment ...
... connection level security and
must only be used during the connection establishment phase. Please
refer to section 4.1 of [RFC2748] for more details.
...
... PDP to indicate a
security-related connection closure if it cannot support a TLS
connection for the COPS protocol.
...
... security-related connection closure if it cannot support a TLS
connection for the COPS protocol.
...
... Client-Accept message.
Once the TLS connection is established, all COPS data MUST be sent as
TLS ...
...
In case the PDP does not wish to open a secure connection with the
PEP, it MUST reply with a Client ...
... PEP, it MUST reply with a Client-Close message and close the
connection. The Client-Close message MUST include the error code 15=
...
... Integrity-TLS object in a Client-Accept message
MUST close the connection if the Integrity-TLS object is missing.
The ensuing Client ...
... Connection Closure ...
...
TLS provides facilities to securely close its connections. Reception
of a valid closure alert ...
... valid closure alert assures an implementation that no further
data will arrive on that connection. The TLS specification requires
TLS implementations ...
... TLS implementations to initiate a closure alert exchange before
closing a connection. It also permits TLS implementations to close
connections ...
... connection. It also permits TLS implementations to close
connections without waiting to receive closure alerts from the peer,
provided they send their own first. A connection ...
... connections without waiting to receive closure alerts from the peer,
provided they send their own first. A connection closed in this way
is known as an "incomplete close". TLS allows implementations to
...
... capability.
A connection closed without first sending a closure alert is known as
a "premature close". Note that a premature close does not call into
...
... PEP systems SHOULD send a closure alert before closing the
connection. PEPs unprepared to receive any more data MAY choose not
to wait for the PDP ...
... PDP system's closure alert and simply close the
connection, thus generating an incomplete close on the PDP side.
...
... COPS permits a PEP to close the connection at any time, and requires
PDPs to recover gracefully. In particular, PDPs ...
... Implementation note: The PDP ordinarily expects to be able to
signal the end of data by closing the connection. However, the
PEP may have already sent the closure alert ...
... closure alerts
with the PEP system before closing the connection. PDP systems MAY
close the connection ...
... connection. PDP systems MAY
close the connection after sending the closure alert, thus generating
an incomplete close on the PEP ...
... enabled, the PEP implementation MUST NOT initiate COPS/TLS
connections to systems not authorized as PDPs by the access control
mechanism.
...
... PDP
implementation MUST terminate COPS/TLS connections from unauthorized
PEP systems and log an error if an auditable logging mechanism is
...
... user (PEP systems MAY afford the user the opportunity to continue
with the connection in any case) or terminate the connection with a
bad certificate error ...
... PEP systems MAY afford the user the opportunity to continue
with the connection in any case) or terminate the connection with a
bad certificate error. PEPs ...
... PEPs on unattended systems MUST log the error
to an appropriate audit log (if available) and MUST terminate the
connection with a bad certificate error. Unattended PEP systems MAY
...
... algorithms or key lengths, either side MAY choose to terminate the
connection.
A man-in-the-middle attack ...