RFC 1801
MHS use of the X.500 Directory to support MHS Routing
Pages: 73
Experimental
Experimental
Part 2 of 3 – Pages 17 to 46
10. Routing Information Routing trees are defined in the previous section, and are used as a framework to hold routing information. Each node, other than a skeletal one, in a routing tree has information associated with it, which is defined by the object class routingInformation in Figure 3. This structure is fundamental to the operation of this specification, and it is recommended that it be studied with care. --------------------------------------------------------------------- routingInformation OBJECT-CLASS ::= { SUBCLASS OF top KIND auxiliary MAY CONTAIN { subtreeInformation| routingFilter| routingFailureAction| mTAInfo| accessMD| 10 nonDeliveryInfo| badAddressSearchPoint| badAddressSearchAttributes} ID oc-routing-information} -- No naming attributes as this is not a -- structural object class subtreeInformation ATTRIBUTE ::= { 20 WITH SYNTAX SubtreeInfo SINGLE VALUE
ID at-subtree-information}
SubtreeInfo ::= ENUMERATED {
all-children-present(0),
not-all-children-present(1) }
routingFilter ATTRIBUTE ::= { 30
WITH SYNTAX RoutingFilter
ID at-routing-filter}
RoutingFilter ::= SEQUENCE{
attribute-type OBJECT-IDENTIFIER,
weight RouteWeight,
dda-key String OPTIONAL,
regex-match IA5String OPTIONAL,
node DistinguishedName } 40
String ::= CHOICE {PrintableString, TeletexString}
routingFailureAction ATTRIBUTE ::= {
WITH SYNTAX RoutingFailureAction
SINGLE VALUE
ID at-routing-failure-action}
RoutingFailureAction ::= ENUMERATED {
next-level(0), 50
next-tree-only(1),
next-tree-first(2),
stop(3) }
mTAInfo ATTRIBUTE ::= {
WITH SYNTAX MTAInfo
ID at-mta-info}
MTAInfo ::= SEQUENCE { 60
name DistinguishedName,
weight [1] RouteWeight DEFAULT preferred-access,
mta-attributes [2] SET OF Attribute OPTIONAL,
ae-info SEQUENCE OF SEQUENCE {
aEQualifier PrintableString,
ae-weight RouteWeight DEFAULT preferred-access,
ae-attributes SET OF Attribute OPTIONAL} OPTIONAL
}
RouteWeight ::= INTEGER {endpoint(0), 70
preferred-access(5),
backup(10)} (0..20)
Figure 3: Routing Information at a Node
---------------------------------------------------------------------
For example, information might be associated with the (PRMD) node:
PRMD=ABC, ADMD=XYZMail, C=GB
If this node was in the open community routing tree, then the
information represents information published by the owner of the PRMD
relating to public access to that PRMD. If this node was present in
another routing tree, it would represent information published by the
owner of the routing tree about access information to the referenced
PRMD. The attributes associated with a routingInformation node
provide the following information:
Implicit That the node corresponds to a partial or entire valid O/R
address. This is implicit in the existence of the entry.
Object Class If the node is a UA. This will be true if the node is of
object class routedUA. This is described further in Section 11.
If it is not of this object class, it is an intermediate node in
the O/R Address hierarchy.
routingFilter A set of routing filters, defined by the routingFilter
attribute. This attribute provides for routing on information in
the unmatched part of the O/R Address. This is described in
Section 10.3.
subtreeInformation Whether or not the node is authoritative for the
level below is specified by the subtreeInformation attribute. If
it is authoritative, indicated by the value all-children-present,
this will give the basis for (permanently) rejecting invalid O/R
Addresses. The attribute is encoded as enumerated, as it may be
later possible to add partial authority (e.g., for certain
attribute types). If this attribute is missing, the node is
assumed to be non-authoritative (not-all-children-present).
The value all-children-present simply means that all of the child
entries are present, and that this can be used to determine
invalid addresses. There are no implications about the presence
of routing information. Thus it is possible to verify an entire
address, but only to route on one of the higher level components.
For example, consider the node:
MHS-O=Zydeco, PRMD=ABC, ADMD=XYZMail, C=GB
An organisation which has a bilateral agreement with this
organisation has this entry in its routing tree, with no children
entries. This is marked as non-authoritative. There is a second
routing tree maintained by Zydeco, which contains all of the
children of this node, and is marked as authoritative. When
considering an O/R Address
MHS-G=Random + MHS-S=Unknown, MHS-O=Zydeco,
PRMD=ABC, ADMD=XYZMail, C=GB
only the second, authoritative, routing tree can be used to
determine that this address is invalid. In practice, the manager
configuring the non-authoritative tree, will be able to select
whether an MTA using this tree will proceed to full verification,
or route based on the partially verified information.
mTAInfo A list of MTAs and associated information defined by the
mTAInfo attribute. This information is discussed further in
Sections 15 and 18. This information is the key information
associated with the node. When a node is matched in a lookup, it
indicates the validity of the route, and a set of MTAs to connect
to. Selection of MTAs is discussed in Sections 18 and
Section 10.2.
routingFailureAction An action to be taken if none of the MTAs can be
used directly (or if there are no MTAs present) is defined by the
routingFailureAction attribute. Use of this attribute and
multiple routing trees is described in Section 10.1.
accessMD The accessMD attribute is discussed in Section 10.4. This
attribute is used to indicate MDs which provide indirect access
to the part of the tree that is being routed to.
badAddressSearchPoint/badAddressSearchAttributes The
badAddressSearchPoint and badAddressSearchAttributes are
discussed in Section 17. This attribute is for when an address
has been rejected, and allows information on alternative addresses
to be found.
10.1 Multiple routing trees
A routing decision will usually be made on the basis of information
contained within multiple routing trees. This section describes the
algorithms relating to use of multiple routing trees. Issues
relating to the use of X.500 and handling of errors is discussed in
Section 14. The routing decision works by examining a series of
entries (nodes) in one or more routing trees. This information is
summarised in Figure 3. Each entry may contain information on
possible next-hop MTAs. When an entry is found which enables the
message to be routed, one of the routing options determined at this
point is selected, and a routing decision is made. It is possible
that further entries may be examined, in order to determine other
routing options. This sort of heuristic is not discussed here.
When a single routing tree is used, the longest possible match based
on the O/R address to be routed to is found. This entry, and then
each of its parents in turn is considered, ending with the routing
tree root node (except in the case of the open routing tree, which
does not have such a node). When multiple routing trees are
considered, the basic approach is to treat them in a defined order.
This is supplemented by a mechanism whereby if a matched node cannot
be used directly, the routing algorithm will have the choice to move
up a level in the current routing tree, or to move on to the next
routing tree with an option to move back to the first tree later.
This option to move back is to allow for the common case where a tree
is used to specify two things:
1. Routing information private to the MTA (e.g., local UAs or routing
info for bilateral links).
2. Default routing information for the case where other routing has
failed.
The actions allow for a tree to be followed, for the private
information, then for other trees to be used, and finally to fall
back to the default situation. For very complex configurations it
might be necessary to split this into two trees. The options defined
by routingFailureAction, to be used when the information in the entry
does not enable a direct route, are:
next-level Move up a level in the current routing tree. This is the
action implied if the attribute is omitted. This will usually be
the best action in the open community routing tree.
next-tree-only Move to the next tree, and do no further processing on
the current tree. This will be useful optimisation for a routing
tree where it is known that there is no useful additional routing
information higher in the routing tree.
next-tree-first Move to the next tree, and then default back to the
next level in this tree when all processing is completed on
subsequent trees. This will be useful for an MTA to operate in
the sequence:
1. Check for optimised private routes
2. Try other available information
3. Fall back to a local default route
stop This address is unroutable. No processing shall be done in any
trees.
For the root entry of a routing tree, the default action and next-
level are interpreted as next-tree-only.
10.2 MTA Choice
This section considers how the choice between alternate MTAs is made.
First, it is useful to consider the conditions why an MTA is entered
into a node of the routing tree:
o The manager for the node of the tree shall place it there. This
is a formality, but critical in terms of overall authority.
o The MTA manager shall agree to it being placed there. For a well
operated MTA, the access policy of the MTA will be set to enforce
this.
o The MTA will in general (for some class of message) be prepared
to route to any valid O/R address in the subtree implied by the
address. The only exception to this is where the MTA will route
to a subset of the tree which cannot easily be expressed by
making entries at the level below. An example might be an MTA
prepared to route to all of the subtree, with certain explicit
exceptions.
Information on each MTA is stored in an mTAInfo attribute, which is
defined in Figure 3. This attribute contains:
name The Distinguished Name of the MTA (Application Process)
weight A weighting factor (Route Weight) which gives a basis to
choose between different MTAs. This is described in Section 10.2.
mta-attributes Attributes from the MTA's entry. Information on the
MTA will always be stored in the MTA's entry. The MTA is
represented here as a structure, which enables some of this entry
information to be represented in the routing node. This is
effectively a maintained cache, and can lead to considerable
performance optimisation. For example if ten MTAs were
represented at a node, another MTA making a routing decision might
need to make ten directory reads in order to obtain the
information needed. If any attributes are present here, all of
the attributes needed to make a routing decision shall be
included, and also all attributes at the Application Entity level.
ae-info Where an MTA supports a single protocol only, or the
protocols it supports have address information that can be
represented in non-conflicting attributes, then the MTA may be
represented as an application process only. In this case, the
ae-info structure which gives information on associated
application entities may be omitted, as the MTA is represented by
a single application entity which has the same name as the
application process. In other cases, the names of all application
entities shall be included. A weight is associated with each
application entity to allow the MTA to indicate a preference
between its application entities.
The structure of information within ae-info is as follows:
ae-qualifier A printable string (e.g., "x400-88"), which is the
value of the common name of the relative distinguished name of the
application entity. This can be used with the application process
name to derive the application entity title.
ae-weight A weighting factor (Route Weight) which gives a basis to
choose between different Application Entities (not between
different MTAs). This is described below.
ae-attributes Attributes from the AEs entry.
Information in the mta-attributes and ae-info is present as a
performance optimisation, so that routing choices can be made with a
much smaller number of directory operations. Using this information,
whose presence is optional, is equivalent to looking up the
information in the MTA. If this information is present, it shall be
maintained to be the same as that information stored in the MTA
entry. Despite this maintenence requirement, use of this performance
optimisation data is optional, and the information may always be
looked up from the MTA entry.
Note: It has been suggested that substantial performance optimisation
will be achieved by caching, and that the performance gained
from maintaining these attributes does not justify the effort
of maintaining the entries. If this is borne out by
operational experience, this will be reflected in future
versions of this specification.
Route weighting is a mechanism to distinguish between different route
choices. A routing weight may be associated with the MTA in the
context of a routing tree entry. This is because routing weight will
always be context dependent. This will allow machines which have
other functions to be used as backup MTAs. The Route Weight is an
integer in range 0--20. The lower the value, the better the choice
of MTA. Where the weight is equal, and no other factors apply, the
choice between the MTAs shall be random to facilitate load balancing.
If the MTA itself is in the list, it shall only route to an MTA of
lower weight. The exact values will be chosen by the manager of the
relevant part of the routing tree. For guidance, three fixed points
are given:
o 0. For an MTA which can deliver directly to the entire subtree
implied by the position in the routing tree.
o 5. For an MTA which is preferred for this point in the subtree.
o 10. For a backup MTA.
When an organisation registers in multiple routing trees, the route
weight used is dependent on the context of the subtree. In general
it is not possible to compare weights between subtrees. In some
cases, use of route weighting can be used to divert traffic away from
expensive links.
Attributes present in an MTA Entry are defined in various parts of
this specification. A summary and pointers to these sections is
given in Section 16.
Attributes that are available in the MTA entry and will be needed for
making a routing choice are:
protocolInformation
applicationContext
mhs-deliverable-content-length
responderAuthenticationRequirements
initiatorAuthenticationRequirements
responderPullingAuthenticationRequirements
initiatorPullingAuthenticationRequirements
initiatorP1Mode
responderP1Mode polledMTAs Current MTA shall be in list if message is to be pulled. mTAsAllowedToPoll supportedMTSExtensions If any MTA attributes are present in the mTAInfo attribute, all of the attributes that may affect routing choice shall be present. Other attributes may be present. A full list of MTA attributes, with summaries of their descriptions are given in Section 16, with a formal definition in Figure 6. 10.3 Routing Filters This attribute provides for routing on information in the unmatched part of the O/R Address, including: o Routing on the basis of an O/R Address component type o Routing on the basis of a substring match of an O/R address component. This might be used to route X121 addressed faxes to an appropriate MTA. When present, the procedures of analysing the routing filters shall be followed before other actions. The routing filter overrides mTAInfo and accessMD attributes, which means that the routing filter must be considered first. Only in the event that no routing filters match shall the mTAInfo and accessMD attributes be considered. The components of the routingFilter attribute are: --------------------------------------------------------------------- attribute-type This gives the attribute type to be matched, and is selected from the attribute types which have not been matched to identify the routing entry. The filter applies to this attribute type. If there is no regular expression present (as defined below), the filter is true if the attribute is present. The value is the object identifier of the X.500 attribute type (e.g., at-prmd-name). weight This gives the weight of the filter, which is encoded as a Route Weight, with lower values indicating higher priority. If multiple filters match, the weight of each matched filter is used to select between them. If the weight is the same, then a random choice shall be made.
dda-key If the attribute is domain defined, then this parameter may
be used to identify the key.
accessMD ATTRIBUTE ::= {
SUBTYPE OF distinguishedName
ID at-access-md}
Figure 4: Indirect Access
---------------------------------------------------------------------
regex-match This string is used to give a regular expression match on
the attribute value. The syntax for regular expressions is
defined in Appendix E.
node This distinguished name specifies the entry which holds routing
information for the filter. It shall be an entry with object
class routingInformation, which can be used to determine the MTA
or MTA choice. All of the attributes from this entry should be
used, as if they had been directly returned from the current entry
(i.e., the procedure recurses). The current entry does not set
defaults.
An example of use of routing filters is now given, showing how to
route on X121 address to a fax gateway in Germany. Consider the
routing point.
PRMD=ABC, ADMD=XYZMail, C=GB
The entry associated would have two routing filters:
1. One with type x121 and no regular expression, to route a default
fax gateway.
2. One with type x121 and a regular expression ^9262 to route all
German faxes to a fax gateway located in Germany with which there
is a bilateral agreement. This would have a lower weight, so that
it would be selected over the default fax gateway.
10.4 Indirect Connectivity
In some cases a part of the O/R Address space will be accessed
indirectly. For example, an ADMD without access from the open
community might have an agreement with another MD to provide this
access. This is achieved by use of the accessMD attribute defined in
Figure 4. If this attribute is found, the routing algorithm shall
read the entry pointed to by this distinguished name. It shall be an
entry with object class routingInformation, which can be used to determine the MTA or MTA choice and route according to the information retrieve to this access MD. All of the attributes from this entry should be used, as if they had been directly returned from the current entry (i.e., the procedure recurses). The current entry does not set defaults. The attribute is called an MD, as this is descriptive of its normal use. It might point to a more closely defined part of the O/R Address space. It is possible for both access MD and MTAs to be specified. This might be done if the MTAs only support access over a restricted set of transport stacks. In this case, the access MD shall only be routed to if it is not possible to route to any of the MTAs. This structure can also be used as an optimisation, where a set of MTAs provides access to several parts of the O/R Address space. Rather than repeat the MTA information (list of MTAs) in each reference to the MD, a single access MD is used as a means of grouping the MTAs. The value of the Distinguished Name of the access MD will probably not be meaningful in this case (e.g., it might be the name "Access MTA List", within the organisation.) If the MTA routing is unable to access the information in the Access MD due to directory security restrictions, the routing algorithm shall continue as if no MTA information was located in the routing entry. 11. Local Addresses (UAs) Local addresses (UAs) are a special case for routing: the endpoint. The definition of the routedUA object class is given in Figure 5. This identifies a User Agent in a routing tree. This is needed for several reasons: --------------------------------------------------------------------- routedUA OBJECT-CLASS ::= { SUBCLASS OF {routingInformation} KIND auxiliary MAY CONTAIN { -- from X.402 mhs-deliverable-content-length| mhs-deliverable-content-types| mhs-deliverable-eits| mhs-message-store| 10 mhs-preferred-delivery-methods|
-- defined here
supportedExtensions|
redirect|
supportingMTA|
userName|
nonDeliveryInfo}
ID oc-routed-ua}
supportedExtensions ATTRIBUTE ::= { 20
SUBTYPE OF objectIdentifier
ID at-supported-extensions}
supportingMTA ATTRIBUTE ::= {
SUBTYPE OF mTAInfo
ID at-supporting-mta}
userName ATTRIBUTE ::= {
SUBTYPE OF distinguishedName
ID at-user-name} 30
Figure 5: UA Attributes
---------------------------------------------------------------------
1. To allow UAs to be defined without having an entry in another part
of the DIT.
2. To identify which (leaf and non-leaf) nodes in a routing tree are
User Agents. In a pure X.400 environment, a UA (as distinct from
a connecting part of the O/R address space) is simply identified
by object class. Thus an organisation entry can itself be a UA. A
UA need not be a leaf, and can thus have children in the tree.
3. To allow UA parameters as defined in X.402 (e.g., the
mhs-deliverable-eits) to be determined efficiently from the
routing tree, without having to go to the user's entry.
4. To provide access to other information associated with the UA, as
defined below.
The following attributes are defined associated with the UA.
supportedExtensions MTS extensions supported by the MTA, which affect
delivery.
supportingMTA The MTAs which support a UA directly are noted in the
supportingMTA attribute, which may be multi-valued. In the X.400
model, only one MTA is associated with a UA. In practice, it is
possible and useful for several MTAs to be able to deliver to a
single UA. This attribute is a subtype of mTAInfo, and it defines
access information for an MTA which is able to deliver to the UA.
There may also be an mTAInfo attribute in the entry.
Components of the supportingMTA attribute are interpreted in the
same manner as mtaInfo is for routing, with one exception. The
values of the Route Weight are interpreted in the following
manner:
o 0. A preferred MTA for delivery.
o 5. A backup MTA.
o 10. A backup MTA, which is not presferred.
The supportingMTA attribute shall be present, unless the address
is being non-delivered or redirected, in which case it may be
omitted.
redirect The redirect attribute controls redirects, as described in
Section 22.1.
userName The attribute userName points to the distinguished Name of
the user, as defined by the mhs-user in X.402. The pointer from
the user to the O/R Address is achieved by the mhs-or-addresses
attribute. This makes the UA/User linkage symmetrical.
nonDeliveryInfo The attribute nonDeliveryInfo mandates non-delivery
to this address, as described in Section 22.3.
When routing to a UA, an MTA will read the supportingMTA attribute.
If it finds its own name present, it will know that the UA is local,
and invoke appropriate procedures for local delivery (e.g., co-
resident or P3 access information). The cost of holding these
attributes for each UA at a site will often be reduced by use of
shared attributes (as defined in X.500(93)).
Misconfiguration of the supportingMTA attribute could have serious
operational and possibly security problems, although for the most
part no worse than general routing configuration problems. An MTA
using this attribute may choose to perform certain sanity checks,
which might be to verify the routing tree or subtree that the entry
resides in.
The linkage between the UA and User entries was noted above. It is
also possible to use a single entry for both User and UA, as there is
no conflict between the attributes in each of the objects. In this
case, the entries shall be in one part of the DIT, with aliases from
the other. Because the UA and User are named with different attributes, the aliases shall be at the leaf level. 11.1 Searching for Local Users The approach defined in this specification performs all routing by use of reads. This is done for performance reasons, as it is a reasonable expectation that all DSA implementations will support a high performance read operation. For local routing only, an MTA in cooperation with the provider of the local routing tree may choose to use a search operation to perform routing. The major benefit of this is that there will not be a need to store aliases for alternate names, and so the directory storage requirement and alias management will be reduced. The difficulty with this approach is that it is hard to define search criteria that would be effective in all situations and well supported by all DUAs. There are also issues about determining the validity of a route on the basis of partial matches. 12. Direct Lookup Where an O/R address is registered in the open community and has one or more "open" MTAs which support it, this will be optimised by storing MTA information in the O/R address entry. In general, the Directory will support this by use of attribute inheritance or an implementation will optimise the storage or repeated information, and so there will not be a large storage overhead implied. This is a function of the basic routing approach. As a further optimisation of this case, the User's distinguished name entry may contain the mTAInfo attribute. This can be looked up from the distinguished name, and thus routing on submission can be achieved by use of a single read. Note: This performance optimisation has a management overhead, and further experience is needed to determine if the effort justifies the performance improvement. 13. Alternate Routes 13.1 Finding Alternate Routes The routing algorithm selects a single MTA to be routed to. It could be extended to find alternate routes to a single MTA with possibly different weights. How far this is done is a local configuration choice. Provision of backup routing is desirable, and leads to robust service, but excessive use of alternate routing is not usually beneficial. It will often force messages onto convoluted paths, when there was only a short outage on the preferred path. It is important
to note that this strategy will lead to picking the first acceptable route. It is important to configure the routing trees so that the first route identified will also be the best route. 13.2 Sharing routing information So far, only single addresses have been considered. Improving routing choice for multiple addresses is analogous to dealing with multiple routes. This section defines an optional improvement. When multiple addresses are present, and alternate routes are available, the preferred routes may be chosen so as to maximise the number of recipients sent with each message. Specification of routing trees can facilitate this optimisation. Suppose there is a set of addresses (e.g., in an organisation) which have different MTAs, but have access to an MTA which will do local switching. If each address is registered with the optimal MTA as preferred, but has the "hub" MTA registered with a higher route weight, then optimisation may occur when a message is sent to multiple addresses in the group. 14. Looking up Information in the Directory The description so far has been abstract about lookup of information. This section considers how information is looked up in the Directory. Consider that an O/R Address is presented for lookup, and there is a sequence of routing trees. At any point in the lookup sequence, there is one of a set of actions that can take place: Entry Found Information from the entry (node) is returned and shall be examined. The routing process continues or terminates, based on this information. Entry Not Found Return information on the length of best possible match to the routing algorithm. Temporary Reject The MTA shall stop the calculation, and repeat the request later. Repeated temporary rejects should be handled in a similar manner to the way the local MTA would handle the failure to connect to a remote MTA. Permanent Reject Administrative error on the directory which may be fixed in future, but which currently prevents routing. The routing calculation should be stopped and the message non-delivered. The algorithm proceeds by a series of directory read operations. If the read operation is successful, the Entry Found procedure should be
followed. Errors from the lookup (directory read) shall be handled
in terms of the above procedures as follows. The following handling
is used when following a routing tree:
AttributeError This leads to a Permanent Reject.
NameError Entry Not Found is used. The matched parameter is used to
determine the number of components of the name that have matched
(possibly zero). The read may then repeated with this name.
This is the normal case, and allows the "best" entry in the
routingn tree to be located with two reads.
Referral The referral shall be followed, and then the procedure
recurses.
SecurityError Entry Not Found is used. Return a match length of one
less than the name provided.
ServiceError This leads to a Temporary Reject.
There will be cases where the algorithm moves to a name outside of
the routing tree being followed (Following an accessMD attribute, or
a redirect or a matched routing filter). The handling will be the
same as above, except:
NameError This leads to a Permanent Reject.
SecurityError This leads to a Permanent Reject.
When reading objects which of not of object class routingInformation,
the following error handling is used:
AttributeError This leads to a Permanent Reject.
NameError This leads to a Permanent Reject.
Referral The referral shall be followed, and then the procedure
recurses.
SecurityError In the case of an MTA, treat as if it is not possible
to route to this MTA. In other cases, this leads to a Permanent
Reject.
ServiceError This leads to a Temporary Reject.
The algorithm specifies the object class of entries which are read.
If an object class does not match what is expected, this shall lead
to a permanent reject.
15. Naming MTAs MTAs need to be named in the DIT, but the name does not have routing significance. The MTA name is simply a unique key. Attributes associated with naming MTAs are given in Figure 6. This figure also gives a list of attributes, which may be present in the MTA entry. The use of most of these is explained in subsequent sections. The mTAName and globalDomainID attributes are needed to define the information that an MTA places in trace information. As noted previously, an MTA is represented as an Application Process, with one or more Application Entities. --------------------------------------------------------------------- mTAName ATTRIBUTE ::= { SUBTYPE OF name WITH SYNTAX DirectoryString{ub-mta-name-length} SINGLE VALUE ID at-mta-name} -- used for naming when -- MTA is named in O=R Address Hierarchy globalDomainID ATTRIBUTE ::= { 10 WITH SYNTAX GlobalDomainIdentifier SINGLE VALUE ID at-global-domain-id} -- both attributes present when MTA -- is named outside O=R Address Hierarchy -- to enable trace to be written mTAApplicationProcess OBJECT-CLASS ::= { SUBCLASS OF {application-process} KIND auxiliary 20 MAY CONTAIN { mTAWillRoute| globalDomainID| routingTreeList| localAccessUnit| accessUnitsUsed } ID oc-mta-application-process} mTA OBJECT CLASS ::= { -- Application Entity 30 SUBCLASS OF {mhs-message-transfer-agent} KIND structural MAY CONTAIN { mTAName| globalDomainID| -- per AE variant
responderAuthenticationRequirements|
initiatorAuthenticationRequirements|
responderPullingAuthenticationRequirements|
initiatorPullingAuthenticationRequirements|
initiatorP1Mode| 40
responderP1Mode|
polledMTAs|
protocolInformation|
respondingRTSCredentials|
initiatingRTSCredentials|
callingPresentationAddress|
callingSelectorValidity|
bilateralTable|
mTAWillRoute|
mhs-deliverable-content-length| 50
routingTreeList|
supportedMTSExtensions|
mTAsAllowedToPoll
}
ID oc-mta}
Figure 6: MTA Definitions
---------------------------------------------------------------------
In X.400 (1984), MTAs are named by MD and a single string. This
style of naming is supported, with MTAs named in the O/R Address tree
relative to the root of the DIT (or possibly in a different routing
tree). The mTAName attribute is used to name MTAs in this case. For
X.400(88) the Distinguished Name shall be passed as an AE Title.
MTAs may be named with any other DN, which can be in the O/R Address
or Organisational DIT hierarchy. There are several reasons why MTAs
might be named differently.
o The flat naming space is inadequate to support large MDs. MTA
name assignment using the directory would be awkward.
o An MD does not wish to register its MTAs in this way (essentially,
it prefers to give them private names in the directory).
o An organisation has a policy for naming application processes,
which does not fit this approach.
In this case, the MTA entry shall contain the correct information to
be inserted in trace. The mTAName and globalDomainID attributes are
used to do this. They are single value. For an MTA which inserts
different trace in different circumstances, a more complex approach
would be needed.
An MD may choose to name its MTAs outside of the O/R address hierarchy, and then link some or all of them with aliases. A pointer from this space may help in resolving information based on MTA Trace. The situation considered so far is where an MTA supports one application context (protocol). The MTA is represented in the directory by a single directory entry, having no subordinate applicationEntity entries. This name is considered to be the name of the MTA and its Application Process Title. The MTA has no Application Entity Qualifier, and so this is also the Application Entity Title. In the case where an MTA supports more than one application context, the Application Process Title is exactly the same as above, but it also has one or more subordinate applicationEntity entries. Each of these subordinate entries is associated with a single application context. The relative distinguished name of the subordinate applicationEntity entry is the Application Entity Qualifier of the Application Entity Title. The Application Entity Title is the distinguished name of the applicationEntity. The term MTA Name is used to refer to the Application Process Title. 15.1 Naming 1984 MTAs Some simplifications are necessary for 1984 MTAs, and only one naming approach may be used. This is because Directory Names are not carried in the protocol, and so it must be possible to derive the name algorithmically from parameters carried. In X.400, MTAs are named by MD and a single string. This style of naming is supported, with MTAs named in the O/R Address tree relative to the root of the DIT (or possibly in a different routing tree). The MTAName attribute is used to name MTAs in this case. 16. Attributes Associated with the MTA This section lists the attributes which may be associated with an MTA as defined in Figure 6, and gives pointers to the sections that describe them. mTAName Section 15. globalDomainID Section 15. protocolInformation Section 18.1. applicationContext Section 18.2. mhs-deliverable-content-length Section 18.3. responderAuthenticationRequirements Section 20.2.
initiatorAuthenticationRequirements Section 20.2. responderPullingAuthenticationRequirements Section 20.2. initiatorPullingAuthenticationRequirements Section 20.2. initiatorP1Mode Section 19. responderP1Mode Section 19. polledMTAs Section 19. mTAsAllowedToPoll Section 19. respondingRTSCredentials Section 20.3. initiatingRTSCredentials Section 20.3. callingPresentationAddress Section 20.3. callingSelectorValidity Section 20.3. bilateralTable Section 17. mTAWillRoute Section 21. routingTreeList Section 9. supportedMTSExtensions Section 18.3. --------------------------------------------------------------------- mTABilateralTableEntry OBJECT-CLASS ::= SUBCLASS OF {mTA| distinguishedNameTableEntry} ID oc-mta-bilateral-table-entry} Figure 7: MTA Bilateral Table Entry --------------------------------------------------------------------- 17. Bilateral Agreements Each MTA has an entry in the DIT. This will be information which is globally valid, and will be useful for handling general information about the MTA and for information common to all connections. In many cases, this will be all that is needed. This global information may be restricted by access control, and so need not be globally available. In some cases, MTAs will maintain bilateral and
multilateral agreements, which hold authentication and related information which is not globally valid. This section describes a mechanism for grouping such information into tables, which enables an MTA to have bilateral information or for a group of MTAs to share multilateral information. The description is for bilateral information, but is equally applicable to multilateral agreements. For the purpose of a bilateral agreement, the MTA is considered to be an application entity. This means that when this is distinct from the application process, that the agreements are protocol specific. A bilateral agreement is represented by one entry associated with each MTA participating in the bilateral agreement. For one end of the bilateral agreement, the agreement information will be keyed by the name of the MTA at the other end. Each party to the agreement will set up the entry which represents its half of the agreed policy. The fact that these correspond is controlled by the external agreement. In many cases, only one half of the agreement will be in the directory. The other half might be in an ADMD MTA configuration file. MTA bilateral information is stored in a table, as defined in [15]. An MTA has access to a sequence of such tables, each of which controls agreements in both directions for a given MTA. Where an MTA is represented in multiple tables, the first agreement shall be used. This allows an MTA to participate in multilateral agreements, and to have private agreements which override these. The definition of entries in this table are defined in Figure 7. This table will usually be access controlled so that only a single MTA or selected MTAs which appear externally as one MTA can access it. --------------------------------------------------------------------- bilateralTable ATTRIBUTE ::= { WITH SYNTAX SEQUENCE OF DistinguishedName SINGLE VALUE ID at-bilateral-table} Figure 8: Bilateral Table Attribute --------------------------------------------------------------------- Each entry in the table is of the object class distinguishedNameTableEntry, which is used to name the entry by the distinguished name of the MTA. In some cases discussed in Section 20.1, there will also be aliases of type textTableEntry. The MTA attributes needed as a part of the bilateral agreement (typically MTA Name/Password pairs), as described in Section 20.3, will always be
present. Other MTA attributes (e.g., presentation address) may be present for one of two reasons: 1. As a performance optimisation 2. Because the MTA does not have a global entry Every MTA with bilateral agreements will define a bilateral MTA table. When a connection from a remote MTA is received, its Distinguished Name is used to generate the name of the table entry. For 1984, the MTA Name exchanged at the RTS level is used as a key into the table. The location of the bilateral tables used by the MTA and the order in which they are used are defined by the bilateralTable attribute in the MTA entry, which is defined in Figure 8. All of the MTA information described in Section 16 may be used in the bilateral table entries. This will allow bilateral control of a wide range of parameters. Note: For some bilateral connections there is a need control various other functions, such as trace stripping and originator address manipulation. For now, this is left to implementation specific extensions. This is expected to be reviewed in light of implementation experience. 18. MTA Selection 18.1 Dealing with protocol mismatches MTAs may operate over different stacks. This means that some MTAs cannot talk directly to each other. Even where the protocols are the same, there may be reasons why a direct connection is not possible. An environment where there is full connectivity over a single stack is known as a transport community [9]. The set of transport communities supported by an MTA is specified by use of the protocolInformation attribute defined in X.500(93). This is represented as a separate attribute for the convenience of making routing decisions.
---------------------------------------------------------------------
supportedMTSExtensions ATTRIBUTE ::= {
SUBTYPE OF objectIdentifier
ID at-supported-mts-extensions}
Figure 9: Supported MTS Extensions
---------------------------------------------------------------------
A community is identified by an object identifier, and so the
mechanism supports both well known and private communities. A list
of object identifiers corresponding to well known communities is
given in Appendix B.
18.2 Supported Protocols
It is important to know the protocol capabilities of an MTA. This is
done by the application context. There are standard definitions for
the following 1988 protocols.
o P3 (with and without RTS, both user and MTS initiated)
o P7 (with and without RTS).
o P1 (various modes). Strictly, this is the only one that matters
for routing.
In order to support P1(1984) and P1(1988) in X.410 mode, application
contexts which define these protocols are given in Appendix C. This
context is for use in the directory only, and would never be
exchanged over the network.
For routing purposes, a message store which is not co-resident with
an MTA is represented as if it had a co-resident MTA and configured
with a single link to its supporting MTA.
In cases where the UA is involved in exchanges, the UA will be of
object class mhs-user-agent, and this will allow for appropriate
communication information to be registered.
18.3 MTA Capability Restrictions
In addition to policy restrictions, described in Section 21, an MTA
may have capability restrictions. The maximum size of MPDU is
defined by the standard attribute mhs-deliverable-content-length.
The supported MTS extensions are defined by a new attribute specified
in Figure 9.
---------------------------------------------------------------------
restrictedSubtree OBJECT-CLASS ::= {
SUBCLASS OF {top}
KIND auxiliary
MAY CONTAIN {
subtreeDeliverableContentLength|
subtreeDeliverableContentTypes|
subtreeDeliverableEITs}
ID oc-restricted-subtree}
10
subtreeDeliverableContentLength ATTRIBUTE ::= {
SUBTYPE OF mhs-deliverable-content-length
ID at-subtree-deliverable-content-length}
subtreeDeliverableContentTypes ATTRIBUTE ::= {
SUBTYPE OF mhs-deliverable-content-types
ID at-subtree-deliverable-content-types}
subtreeDeliverableEITs ATTRIBUTE ::= {
SUBTYPE OF mhs-deliverable-eits 20
ID at-subtree-deliverable-eits}
Figure 10: Subtree Capability Restriction
---------------------------------------------------------------------
It may be useful to define other capability restrictions, for example
to enable routing of messages around MTAs with specific deficiencies.
It has been suggested using MTA capabilities as an optimised means of
expressing capabilities of all users associated with the MTA. This is
felt to be undesirable.
18.4 Subtree Capability Restrictions
In many cases, users of a subtree will share the same capabilities.
It is possible to specify this by use of attributes, as defined in
Figure 10. This will allow for restrictions to be determined in
cases where there is no entry for the user or O/R Address. This will
be a useful optimisation in cases where the UA capability information
is not available from the directory, either for policy reasons or
because it is not there. This information may also be present in the
domain tree (RFC 822).
This shall be implemented as a collective attribute, so that it is
available to all entries in the subtree below the entry. This can
also be used for setting defaults in the subtree.
---------------------------------------------------------------------
initiatorP1Mode ATTRIBUTE ::= {
WITH SYNTAX P1Mode
SINGLE VALUE
ID at-initiator-p1-mode}
responderP1Mode ATTRIBUTE ::= {
WITH SYNTAX P1Mode
SINGLE VALUE
ID at-responder-p1-mode} 10
P1Mode ::= ENUMERATED {
push-only(0),
pull-only(1),
twa(2) }
polledMTAs ATTRIBUTE ::= {
WITH SYNTAX PolledMTAs
ID at-polled-mtas}
20
PolledMTAs ::= SEQUENCE {
mta DistinguishedName,
poll-frequency INTEGER OPTIONAL --frequency in minutes
}
mTAsAllowedToPoll ATTRIBUTE ::= {
SUBTYPE OF distinguishedName
ID at-mtas-allowed-to-poll}
Figure 11: Pulling Messages
---------------------------------------------------------------------
19. MTA Pulling Messages
Pulling messages between MTAs, typically by use of two way alternate,
is for bilateral agreement. It is not the common case. There are
two circumstances in which it can arise.
1. Making use of a connection that was opened to push messages.
2. Explicitly polling in order to pull messages
Attributes to support this are defined in Figure 11. These
attributes indicate the capabilities of an MTA to pull messages, and
allows a list of polled MTAs to be specified. If omitted, the normal
case of push-only is specified. In the MTA Entry, the polledMTAs
attribute indicates MTAs which are to be polled and the mTAsAllowedToPoll attribute indicates MTAs that may poll the current MTA. 20. Security and Policy 20.1 Finding the Name of the Calling MTA A key issue for authentication is for the called MTA to find the name of the calling MTA. This is needed for it to be able to look up information on a bilateral agreement. Where X.400(88) is used, the name is available as a distinguished name from the AE-Title derived from the AP-Title and AE-Qualifier in the A-Associate. For X.400(84), it will not be possible to derive a global name from the bind. The MTA Name exchanged in the RTS Bind will provide a key into the private bilateral agreement table (or tables), where the connection information can be verified. Thus for X.400(1984) it will only be possible to have bilateral inbound links or no authentication of the calling MTA. Note: CDC use a search here, as a mechanism to use a single table and an 88/84 independent access. This may be considered for general adoption. It appears to make the data model cleaner, possibly at the expense of some performance. This will be considered in the light of implementation experience. 20.2 Authentication The levels of authentication required by an MTA will have an impact on routing. For example, if an MTA requires strong authentication, not all MTAs will be able to route to it. The attributes which define the authentication requirements are defined in Figure 12. The attributes specify authentication levels for the following cases: Responder These are the checks that the responder will make on the initiator's credentials. Initiator These are the checks that the initiator will make on the responders credentials. Very often, no checks are needed --- establishing the connection is sufficient. Responder Pulling These are responder checks when messages are pulled. These will often be stronger than for pushing. Initiator Pulling For completeness.
If an attribute is omitted, no checks are required. If multiple
checks are required, then each of the relevant bits shall be set.
The attribute is single value, which implies that the MTA must set a
single authentication policy.
---------------------------------------------------------------------
responderAuthenticationRequirements ATTRIBUTE ::= {
WITH SYNTAX AuthenticationRequirements
SINGLE VALUE
ID at-responder-authentication-requirements}
initiatorAuthenticationRequirements ATTRIBUTE ::= {
WITH SYNTAX AuthenticationRequirements
SINGLE VALUE
ID at-initiator-authentication-requirements} 10
responderPullingAuthenticationRequirements ATTRIBUTE ::= {
WITH SYNTAX AuthenticationRequirements
SINGLE VALUE
ID at-responder-pulling-authentication-requirements}
initiatorPullingAuthenticationRequirements ATTRIBUTE ::= {
WITH SYNTAX AuthenticationRequirements
SINGLE VALUE
ID at-initiator-pulling-authentication-requirements} 20
AuthenticationRequirements ::= BITSTRING {
mta-name-present(0),
aet-present(1),
aet-valid(2),
network-address(3),
simple-authentication(4),
strong-authentication(5),
bilateral-agreement-needed(6)}
Figure 12: Authentication Requirements
---------------------------------------------------------------------
The values of the authentication requirements mean:
mta-name-present That an RTS level MTA parameter shall be present for
logging purposes.
aet-present That a distinguished name application entity title shall
be provided at the ACSE level.
aet-valid As for aet-present, and that the AET be registered in the
directory. This may be looked up as a part of the validation
process. If mta-name-present is set, the RTS value of mta and
password shall correspond to those registered in the directory.
network-address This can only be used for the responder. The AET
shall be looked up in the directory, and the
callingPresentationAddress attribute matched against the calling
address. This shall match exactly at the network level. The
validity of selectors will be matched according to the
callingSelectorValidity attribute.
simple-authentication All MTA and password parameters needed for
simple authentication shall be used. This will usually be in
conjunction with a bilateral agreement.
strong-authentication Use of strong authentication.
bilateral-agreement-needed This means that this MTA will only accept
connections in conjunction with a bilateral or multilateral
agreements. This link cannot be used unless such an agreement
exists.
These attributes may also be used to specify UA/MTA authentication
policy. They may be resident in the UA entry in environments where
this information cannot be modified by the user. Otherwise, it will
be present in an MTA table (represented in the directory).
An MTA could choose to have different authentication levels related
to different policies (Section 21). This is seen as too complex, and
so they are kept independent. The equivalent function can always be
achieved by using multiple Application Entities with the application
process.
20.3 Authentication Information
This section specifies connection information needed by P1. This is
essentially RTS parameterisation needed for authentication. This is
defined in Figure 13. Confidential bilateral information is implied
by these attributes, and this will be held in the bilateral
information agreement. This shall have appropriate access control
applied. Note that in some cases, MTA information will be split
across a private and public entry.
---------------------------------------------------------------------
respondingRTSCredentials ATTRIBUTE ::= {
WITH SYNTAX RTSCredentials
SINGLE VALUE
ID at-responding-rts-credentials}
initiatingRTSCredentials ATTRIBUTE ::= {
WITH SYNTAX RTSCredentials
SINGLE VALUE 10
ID at-initiating-rts-credentials}
RTSCredentials ::= SEQUENCE {
request [0] MTAandPassword OPTIONAL,
response [1] MTAandPassword OPTIONAL }
MTAandPassword ::= SEQUENCE {
MTAName, 20
Password } -- MTAName and Password
-- from X.411
callingPresentationAddress ATTRIBUTE ::= {
SUBTYPE OF presentationAddress
MULTI VALUE
ID at-calling-presentation-address}
callingSelectorValidity ATTRIBUTE ::= { 30
WITH SYNTAX CallingSelectorValidity
SINGLE VALUE
ID at-calling-selector-validity}
CallingSelectorValidity ::= ENUMERATED {
all-selectors-fixed(0),
tsel-may-vary(1),
all-selectors-may-vary(2) }
Figure 13: MTA Authentication Parameters
---------------------------------------------------------------------
---------------------------------------------------------------------
mTAWillRoute ATTRIBUTE ::= {
WITH SYNTAX MTAWillRoute
ID at-mta-will-route}
MTAWillRoute ::= SEQUENCE {
from [0] SET OF ORAddressPrefix OPTIONAL,
to [1] SET OF ORAddressPrefix OPTIONAL,
from-excludes [2] SET OF ORAddressPrefix OPTIONAL,
to-excludes [3] SET OF ORAddressPrefix OPTIONAL } 10
ORAddressPrefix ::= DistinguishedName
Figure 14: Simple MTA Policy Specification
---------------------------------------------------------------------
The parameters are:
Initiating Credentials The credentials to be used when the local MTA
initiates the association. It gives the credentials to insert
into the request, and those expected in the response.
Responding Credentials The credentials to be used when the remote MTA
initiates the association. It gives the credential expected in
the request, and those to be inserted into the response.
Remote Presentation Address Valid presentation addresses, which the
remote MTA may connect from.
If an MTA/Password pair is omitted, the MTA shall default to the
local MTA Name, and the password shall default to a zero-length OCTET
STRING.
Note: Future versions of this specification may add more information
here relating to parameters required for strong authentication.
(page 46 continued on part 3)