回复: 回复: 回复: Does H323plus support H.235
See 8.6/H.235.6
The sharedSecret field within the H235Key structure uses the following fields: • algorithmOID: set to "X", "X1" for the 56-bit RC2-compatible, set to "Y", "Y1" for 56-bit DES or set to "Z", "Z1" for 168-bit Triple-DES or set to "Z3" for 128-bit AES. NOTE 1 – The session key encryption algorithm is the same as the negotiated media encryption algorithm.
The shared secret is not used directly to encrypt the key exchange material to generate the cipher for media encryption, but used to enctypt the session key. Session key is then used to encrypt media.
So, I think we can connect PVX or codian using AES through a standard way. However, Need some work to test this thought.
Bian
----- 原始邮件 ---- 发件人: Simon Horne s.horne@packetizer.com 收件人: Bian bianxg@yahoo.cn; H323plus h323plus@lists.packetizer.com 已发送: 2007/12/1(周六), 下午8:16:20 主题: RE: [h323plus] 回复: 回复: Does H323plus support H.235
The shared secret is used to encrypt the key exchange material to generate the cipher for media encryption.
If the shared secret was public knowledge then anyone can intercept the key exchange and generate a key to decrypt the media. So unless Polycom or Codian wish to share that proprietry secret there is no way to connect via AES.
Simon
-----Original Message----- From: h323plus-bounces@lists.packetizer.com [mailto:h323plus-bounces@lists.packetizer.com]On Behalf Of Bian Sent: Saturday, December 01, 2007 11:19 AM To: H323plus Subject: [h323plus] 回复: 回复: Does H323plus support H.235
Simon
I think PVX's key exchange mechanism is in a standard way. PVX and Codian MCU can connect using AES.
But I don't know how the shared secret is used to produce the session key.
Bian
-----Original Message----- Bian
No PacPhone AES uses a different key exchange mechanism to PVX.
Polycom uses
a proprietry method. They should still connect unencrypted.
Simon
-----Original Message----- From: Bian [mailto:bianxg@yahoo.cn] Sent: Wednesday, November 28, 2007 12:35 PM To: Simon Horne Subject: 回复: [h323plus] Does H323plus support H.235
Simon
I test PccPhone with PVX, but the AES is not opened. Does PacPhone can interoperate with PVX using AES?
Bian
___________________________________________________________进入雅虎游戏嘉年华,赢取液晶显示器! http://cn.mail.yahoo.com/promo/carnival07/
___________________________________________________________ 进入雅虎游戏嘉年华,赢取液晶显示器! http://cn.mail.yahoo.com/promo/carnival07/
Bian,
A shared secret can certainly work, but the disadvantage to using a shared secret is simply the fact that every device will have to know the shared secret of any other device it might call. This can be a provisioning nightmare. If all devices have the same shared secret, then it only requires compromising one device and then all conversations can be recorded without being a party to a call. (One would only need to capture the call SETUP messages and then recording the audio would be easy.)
Public key cryptography would serve better to prevent that, whether it's through using TLS to establish the call or exchanging certificates as part of the call.
Paul
-----Original Message----- From: h323plus-bounces@lists.packetizer.com [mailto:h323plus- bounces@lists.packetizer.com] On Behalf Of Bian Sent: Sunday, December 02, 2007 8:05 PM To: Simon Horne; H323plus Subject: [h323plus] 回复: 回复: 回复: Does H323plus support H.235
See 8.6/H.235.6
The sharedSecret field within the H235Key structure uses the following fields: • algorithmOID: set to "X", "X1" for the 56-bit RC2-compatible, set to "Y", "Y1" for 56-bit DES or set to "Z", "Z1" for 168-bit Triple-DES or set to "Z3" for 128- bit AES. NOTE 1 – The session key encryption algorithm is the same as the negotiated media encryption algorithm.
The shared secret is not used directly to encrypt the key exchange material to generate the cipher for media encryption, but used to enctypt the session key. Session key is then used to encrypt media.
So, I think we can connect PVX or codian using AES through a standard way. However, Need some work to test this thought.
Bian
----- 原始邮件 ---- 发件人: Simon Horne s.horne@packetizer.com 收件人: Bian bianxg@yahoo.cn; H323plus h323plus@lists.packetizer.com 已发送: 2007/12/1(周六), 下午8:16:20 主题: RE: [h323plus] 回复: 回复: Does H323plus support H.235
The shared secret is used to encrypt the key exchange material to generate the cipher for media encryption.
If the shared secret was public knowledge then anyone can intercept the key exchange and generate a key to decrypt the media. So unless Polycom or Codian wish to share that proprietry secret there is no way to connect via AES.
Simon
-----Original Message----- From: h323plus-bounces@lists.packetizer.com [mailto:h323plus-bounces@lists.packetizer.com]On Behalf Of Bian Sent: Saturday, December 01, 2007 11:19 AM To: H323plus Subject: [h323plus] 回复: 回复: Does H323plus support H.235
Simon
I think PVX's key exchange mechanism is in a standard way. PVX and Codian MCU can connect using AES.
But I don't know how the shared secret is used to produce the session
key.
Bian
-----Original Message----- Bian
No PacPhone AES uses a different key exchange mechanism to PVX.
Polycom uses
a proprietry method. They should still connect unencrypted.
Simon
-----Original Message----- From: Bian [mailto:bianxg@yahoo.cn] Sent: Wednesday, November 28, 2007 12:35 PM To: Simon Horne Subject: 回复: [h323plus] Does H323plus support H.235
Simon
I test PccPhone with PVX, but the AES is not opened. Does PacPhone can interoperate with PVX using AES?
Bian
___________________________________________________________进入雅虎游戏嘉年华,赢取液晶显示器! http://cn.mail.yahoo.com/promo/carnival07/
___________________________________________________________进入雅虎游戏嘉年华,赢取液晶显示器! http://cn.mail.yahoo.com/promo/carnival07/
Also you need to know what the shared secret is to be able to connect. That information is a guarded trade secret. So connecting to PVX with AES would be impossible without that piece of information.
Simon
-----Original Message----- From: Paul E. Jones [mailto:paulej@packetizer.com] Sent: Tuesday, December 04, 2007 2:44 AM To: 'Bian'; 'Simon Horne'; 'H323plus' Subject: RE: [h323plus] ??: ??: ??: Does H323plus support H.235
Bian,
A shared secret can certainly work, but the disadvantage to using a shared secret is simply the fact that every device will have to know the shared secret of any other device it might call. This can be a provisioning nightmare. If all devices have the same shared secret, then it only requires compromising one device and then all conversations can be recorded without being a party to a call. (One would only need to capture the call SETUP messages and then recording the audio would be easy.)
Public key cryptography would serve better to prevent that, whether it's through using TLS to establish the call or exchanging certificates as part of the call.
Paul
-----Original Message----- From: h323plus-bounces@lists.packetizer.com [mailto:h323plus- bounces@lists.packetizer.com] On Behalf Of Bian Sent: Sunday, December 02, 2007 8:05 PM To: Simon Horne; H323plus Subject: [h323plus] 回复: 回复: 回复: Does H323plus support H.235
See 8.6/H.235.6
The sharedSecret field within the H235Key structure uses the following fields: • algorithmOID: set to "X", "X1" for the 56-bit RC2-compatible, set to "Y", "Y1" for 56-bit DES or set to "Z", "Z1" for 168-bit Triple-DES or set to "Z3" for 128- bit AES. NOTE 1 – The session key encryption algorithm is the same as the negotiated media encryption algorithm.
The shared secret is not used directly to encrypt the key exchange material to generate the cipher for media encryption, but used to enctypt the session key. Session key is then used to encrypt media.
So, I think we can connect PVX or codian using AES through a standard way. However, Need some work to test this thought.
Bian
----- 原始邮件 ---- 发件人: Simon Horne s.horne@packetizer.com 收件人: Bian bianxg@yahoo.cn; H323plus h323plus@lists.packetizer.com 已发送: 2007/12/1(周六), 下午8:16:20 主题: RE: [h323plus] 回复: 回复: Does H323plus support H.235
The shared secret is used to encrypt the key exchange material to generate the cipher for media encryption.
If the shared secret was public knowledge then anyone can intercept the key exchange and generate a key to decrypt the media. So unless Polycom or Codian wish to share that proprietry secret there is no way to connect via AES.
Simon
-----Original Message----- From: h323plus-bounces@lists.packetizer.com [mailto:h323plus-bounces@lists.packetizer.com]On Behalf Of Bian Sent: Saturday, December 01, 2007 11:19 AM To: H323plus Subject: [h323plus] 回复: 回复: Does H323plus support H.235
Simon
I think PVX's key exchange mechanism is in a standard way. PVX and Codian MCU can connect using AES.
But I don't know how the shared secret is used to produce the session
key.
Bian
-----Original Message----- Bian
No PacPhone AES uses a different key exchange mechanism to PVX.
Polycom uses
a proprietry method. They should still connect unencrypted.
Simon
-----Original Message----- From: Bian [mailto:bianxg@yahoo.cn] Sent: Wednesday, November 28, 2007 12:35 PM To: Simon Horne Subject: 回复: [h323plus] Does H323plus support H.235
Simon
I test PccPhone with PVX, but the AES is not opened. Does PacPhone can interoperate with PVX using AES?
Bian
___________________________________________________________进入雅虎游戏嘉年华,赢取液晶显示器! http://cn.mail.yahoo.com/promo/carnival07/
___________________________________________________________进入雅虎游戏嘉年华,赢取液晶显示器! http://cn.mail.yahoo.com/promo/carnival07/
participants (3)
-
Bian -
Paul E. Jones -
Simon Horne