1、 ETSI TS 102 233 V1.3.1 (2006-09)Technical Specification Lawful Interception (LI);Service specific details for E-mail servicesETSI ETSI TS 102 233 V1.3.1 (2006-09) 2 Reference RTS/LI-00035 Keywords email, handover, interface, IP, Lawful Interception, security, traffic ETSI 650 Route des Lucioles F-0
2、6921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.et
3、si.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing o
4、n ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal
5、.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the for
6、egoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered
7、by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 233 V1.3.1 (2006-09) 3 Contents Intellectual Property Rights5 Foreword.5 Introduction 5 1 Scope 6 2 References 6 3 Definitions an
8、d abbreviations.7 3.1 Definitions7 3.2 Abbreviations .7 4 General .8 4.1 E-mail services .8 5 System model .8 5.1 Reference network topology.8 5.2 Reference scenarios9 5.2.1 E-mail send failure9 5.2.2 E-mail send success 10 5.2.3 E-mail download detail.11 5.2.4 E-mail send detail .12 6 E-mail events
9、13 6.1 Introduction 13 6.2 E-mail send event .13 6.2.1 Introduction.13 6.2.2 E-mail send captured content14 6.2.3 E-mail send IRI.14 6.3 E-mail receive event.14 6.3.1 Introduction.14 6.3.2 E-mail receive captured content15 6.3.3 E-mail receive IRI.15 6.4 E-mail download event.15 6.4.1 Introduction.1
10、5 6.4.2 E-mail download captured content .16 6.4.3 E-mail download IRI 16 7 E-mail attributes .16 7.1 E-mail protocol ID16 7.2 E-mail address 17 7.3 E-mail recipient list 17 7.4 E-mail sender17 7.5 Total recipient count.17 7.6 Message ID.17 7.7 Status 17 7.8 Server and client port .18 7.9 Server and
11、 client octets sent .18 7.10 AAAInformation 18 Annex A (normative): SMTP 19 A.1 SMTP introduction.19 A.2 SMTP HI2 events .19 A.2.1 E-mail login event 19 A.2.2 E-mail send event .19 A.2.3 E-mail receive event.19 A.3 SMTP HI2 attributes 20 ETSI ETSI TS 102 233 V1.3.1 (2006-09) 4 A.4 SMTP HI2 event-rec
12、ord mapping 20 Annex B (normative): POP3 .21 B.1 POP3 introduction21 B.2 POP3 HI2 events 21 B.2.1 E-mail login event 21 B.2.2 E-mail download event.21 B.2.3 E-mail partial download event21 B.3 POP3 HI2 attributes .22 B.4 POP3 HI2 event-record mapping .22 Annex C (normative): IMAP4.23 C.1 IMAP4 intro
13、duction .23 Annex D (normative): E-mail ASN.124 Annex E (informative): E-mail LI requirements.27 E.1 HI2 requirements27 E.2 HI3 requirements28 E.3 General requirements .29 E.4 Requirements mapping.29 Annex F (informative): SMTP characteristics 30 F.1 SMTP service characteristics .30 F.2 SMTP protoco
14、l characteristics .30 Annex G (informative): POP3 characteristics31 G.1 POP3 service characteristics 31 G.2 POP3 protocol characteristics 31 Annex H (informative): Discussion of webmail interception32 H.1 Webmail network topology32 H.2 Webmail protocols .32 H.3 Webmail interception .33 Annex I (info
15、rmative): Discussion for Driving HI2 of HI334 I.1 Introduction 34 I.2 Discussion 34 I.2.1 Introduction 34 I.2.2 IP packets .35 I.2.3 TCP packets35 I.2.4 SMTP packets 35 I.2.5 E-mail messages.35 I.3 Conclusion36 Annex J (informative): Change Request History37 History 38 ETSI ETSI TS 102 233 V1.3.1 (2
16、006-09) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectua
17、l Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigatio
18、n, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification
19、 (TS) has been produced by ETSI Technical Committee Lawful Interception (LI). Introduction The present document describes what information is required for the handover of intercepted IP-based E-mail traffic from a Communications Service Provider to an LEMF. The present document covers a stage 2 desc
20、ription of the data, but does not specify any functionality within the scope of TS 102 232 3. The ITU-T Recommendation I.130 6 method for characterizing a service will be used as a general framework for the present document. The modified concept of a “stage 1“ will be called the “attributes“ of the
21、interface. The attributes of the interface are the sum total of all the constituent attributes that an interface may need to communicate. The modified concept of a “stage 2“ will be called the “events“ of the interface. The events of the interface define the rules of the relationships between the at
22、tributes that are required to arrange the disjoint attributes into meaningful information for an E-mail service interaction. The present document is intended to be general enough to be used in a variety of E-mail services. It should be recognized that a side effect of this approach is some IRI field
23、s identified may be difficult to extract or non-existent depending on the E-mail service being intercepted. In such cases it may be completely reasonable that the delivered IRI contain empty fields or fields with the value 0. ETSI ETSI TS 102 233 V1.3.1 (2006-09) 6 1 Scope The present document conta
24、ins a stage 1 like description of the interception information in relation to the process of sending and receiving E-mail. The present document also contains a stage 2 like description of when Intercept Related Information (IRI) and Content of Communication (CC) shall be sent, and what information i
25、t shall contain. It is recognized that “Instant Messenger“ and “Chat“ applications are another way of exchanging electronic text messages. While the present document may be applicable to such applications it is in no way a goal of the present document to address these methods of electronic text mess
26、aging. The definition of handover transport and encoding of HI2 and HI3 is outside the scope of the present document. Refer to TS 102 232 3. The present document is designed to be used where appropriate in conjunction with other deliverables that define the service specific IRI data formats. The pre
27、sent document aligns with TS 133 108 5, TS 101 671 4, TS 101 331 1 and TR 101 944 2. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or
28、edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org
29、/Reference. 1 ETSI TS 101 331: “Lawful Interception (LI); Requirements of Law Enforcement Agencies“. 2 ETSI TR 101 944: “Telecommunications security; Lawful Interception (LI); Issues on IP Interception“. 3 ETSI TS 102 232: “Lawful Interception (LI); Handover specification for IP delivery“. 4 ETSI TS
30、 101 671: “Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic“. 5 ETSI TS 133 108: “Universal Mobile Telecommunications System (UMTS); 3G security; Handover interface for Lawful Interception (LI) (3GPP TS 33.108)“. 6 ITU-T Recommendation I.130: “Me
31、thod for the characterization of telecommunication services supported by an ISDN and network capabilities of an ISDN“. 7 IETF RFC 0822: “Standard for the format of ARPA Internet text messages“. 8 IETF RFC 1939: “Post Office Protocol - Version 3“. 9 IETF RFC 2821: “Simple Mail Transfer Protocol“. 10
32、IETF RFC 3501: “Internet Message Access Protocol - Version 4 rev1“. 11 ITU-T Recommendation X.680/ISO/IEC 8824-1: “Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation“. 12 ISO 3166-1: “Codes for the representation of names of countries and their subdivision
33、s - Part 1: Country codes“. ETSI ETSI TS 102 233 V1.3.1 (2006-09) 7 13 IETF RFC 2554: “SMTP Service Extension for Authentication“. 14 ETSI TR 102 503: “ASN.1 Object Identifiers in Lawful Interception Specifications“. 15 IETF RFC 3493: “Basic Socket Interface Extensions for IPv6“. 3 Definitions and a
34、bbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: E-mail Address: ARPANET E-mail address NOTE: As described in RFC 0822 7, clause 6. IMAP4: protocol used to manipulate mailbox parameters on a server NOTE: Described in RFC 3501 10. mailb
35、ox: destination point of E-mail messages POP3: widely used protocol for downloading E-mails from a server to a client NOTE: Described in RFC 1939 8. recipient: E-mail address of a destination mailbox for an E-mail being transmitted NOTE 1: Each E-mail may contain one or more recipients. NOTE 2: In t
36、his definition there is no distinction made between E-mail addresses on a “To:“ line and E-mail addresses on a “Cc:“ or “Bcc:“ line. They are all “recipients“ of the E-mail. sender: E-mail address of the mailbox that originated an E-mail being transmitted NOTE: Each E-mail contains only one sender.
37、SMTP: widely used protocol for transferring E-mails between computers NOTE: Described in RFC 2821 9. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: APOP POP3 authentication message ASN.1 Abstract Syntax Notation One CC Content of Communication CPE Cust
38、omer Premises Equipment HI2 Handover Interface port 2 (for Intercept Related Information) HI3 Handover Interface port 3 (for Content of Communication) HTTP Hyper Text Transfer Protocol IMAP4 Internet Message Access Protocol version 4 IP Internet Protocol IRI Intercept Related Information ISDN Integr
39、ated Services Digital Network ISP Internet Service Provider LEA Law Enforcement Agency LEMF Law Enforcement Monitoring Facility MF Mediation Function MTA Mail Transfer Agents ETSI ETSI TS 102 233 V1.3.1 (2006-09) 8 NWO Network Operator OID Object Identifier POP3 Post-Office Protocol version 3 PSTN P
40、ublic Switched Telecommunication Network RETR POP3 Retrieve message SMTP Simple Mail Transfer Protocol SP Service Provider TCP Transmission Control Protocol 4 General 4.1 E-mail services E-mail services are those services which offer the capability to transmit or receive ARPANET text messages. The f
41、ollowing description is taken from RFC 0822 7: “In this context, messages are viewed as having an envelope and contents. The envelope contains whatever information is needed to accomplish transmission and delivery. The contents compose the object to be delivered to the recipient“. E-mail service, in
42、 general, can be divided into two categories: those services which allow a computer to transfer a message to another computer; and those services which allow users to manipulate their mailbox by doing such things as downloading messages from the mailbox and deleting messages from the mailbox. Both o
43、f these categories of E-mail services can be of interest to Law Enforcement Agencies (LEAs) and are therefore within the scope of the present document. NOTE: When using IP-packet delivery, control level packets that are associated with the targeted E-mail may be delivered as content. Control level p
44、ackets are those packets that are used by the E-mail transfer protocol to set-up the E-mail communication and to terminate the E-mail communication and are outside of the traditional RFC 0822 7 formatted E-mail. This allows for different interception solutions without burdening the Mediation Functio
45、n (MF) with the responsibility of “cleaning“ up said differences in input. 5 System model 5.1 Reference network topology The network topology shown in figure 1 is intended to represent the many relationships that may exist between the entities involved in E-mail communications. Actual scenarios usin
46、g this diagram are enumerated in clause 5.2. The following should be considered when viewing figure 1: The term “Mail Server“ is used to represent a logical entity that relays mail for its mail clients, receives and (temporarily) stores mail for its mail clients, and allows mail clients access to th
47、e aforementioned stored mail and the ability to delete it from the mail server. The term “Mail Client“ is used to represent a logical entity that either injects mail into the network or removes mail from the network or reads mail from the network. Mail Client and Mail Server numbers are used to indi
48、cate what entities share a client-server relationship, so Mail Client1 is a client of Mail Server1, etc. A Mail Server may communicate with any other Mail Server within figure 1. NOTE: Web access to mail is commonly used; web mail is addressed in annex H. ETSI ETSI TS 102 233 V1.3.1 (2006-09) 9 Mail
49、 Server2 Mail Server1 Customer CPE Mail ClientCustomer CPE Mail Client 3a CPE Mail ClientCPE Mail Client 3b IP Network IP Network IP Network IP Network Mail Server4 Log Mail Server3 Log Log Log Figure 1: Reference network topology 5.2 Reference scenarios 5.2.1 E-mail send failure It may occur that E-mails sent into the Internet do not reach their intended target. The most common reason for this would seem to be a mistaken E-mail address, but could also be problems contacting the receiving mail server or other
