Dear Jim,
I had a chance to read (actually look) through APC-1191 (Hertzlia
meeting document) and found some presumable editorial errors as
attached from a bystander perspective. This might be too late for
your Sunriver input, but I hope it would be of some use for your
further editing. { } indicates my thoughts.
I have a couple of questions other than THE editorial comments for my
understanding.
1) General
H.235 seems to be handling only media by media encryption. The case
of encrypting H.222.1 multiplexed stream or H.223 multiplexed stream
is also covered by the current specification? Or can it be part of
the future H.235 extension?
2) Section 9.2, nonIsoMediaEncryptionAlgorithm ::=CHOICE
Section 13.3.5, nonIsoIdAlgorithm ::=CHOICE
We have three such non-ISO algorithms specifically listed. Is this
the policy we confirmed? Are we going to list all of proprietary
algorithms one by one in H.235 (or H.225.0, H.245)? Or are they
identified in non-standard ways?
3) Section 9.2, ASN.1 syntax
H.245 syntax has a top-down structure, but here it looks bottom-up.
{Perhaps either way is alright for encoding and decoding?}
Best regards,
Sakae OKUBO (Mr.)
********************************************************************
Graphics Communication Laboratories Phone: +81 3 5351 0181
6F ANNEX TOSHIN BLDG. Fax: +81 3 5351 0184
4-36-19 Yoyogi, Shibuya-ku, Tokyo e-mail: okubo(a)gctech.co.jp
151 Japan
********************************************************************
Source: Sakae Okubo
Title: Ecitorial comments on APC-1191 Draft H.235
Date: 27 August 1997
1. Contents
title of 13. ==> H.323 SPECIFIC TOPICS
title of 14. ==> H.324 SPECIFIC TOPICS
2. Section 2, Item 4
The last sentence "This may include both the number of secured users
and the levels of security provided." is duplicated.
3. Section 2, Item 6
Period is missing at the end.
4. Section 7.1, Items IV. and V.
OpenLogicalCahhnel, OpenLogicalChannelAc, EncryptionUpdateRequest,
EncryptionUpdate ==> in bold {?}
5. Section 7.1.3, second sentence
on a channel by channel basis ==> on a logical channel by logical
channel basis {?}
6. Section 7.2, 2nd paragraph, 4th sentence
the card is always may always be ==> one of them should be deleted
{may be due to my reading the document on Mac Word}
7. Section 7.2.1, 2nd paragraph
H.Secure ==> H.235
8. Section 7.5, 1st paragraph, "any entity which terminates a
call control channel (H.245) "
{There are several places where "call control" is associated with
H.245, but Q.931/Q.2931 is more appropriate for the call control.
H.323 says H.245 control, call control H.225.0 and RAS control H.225.0
as part of the system control in Figure 4. So, H.245 control channel
may be the replacement, otherwise communication control may be the
choice according to the title of Rec. H.245.}
9. Sections 7.5.2 and 7.5.3
They should be transposed {?}
10. Section 8.1, 1st paragraph
See #8.
11. Section 9.1, 1st paragraph
The first sentence needs a period at the end.
12. Section 9.1, 2nd paragraph
"scope (in italic)" is used with a security specific meaning. I would
suggest this should appear in Section 4 Definitions. We have general
"scope" in other places.
13. Section 9.3, 2nd paragraph, 2nd sentence
It is hard to understand this sentence; notions of "inclusive and
exclusive" and "encrypted codes" in particular.
14. Section 11.1, 3rd sentence
I cannot find "prepend" in my dictionaries.
15. Section 11.3, overall
The style is something like a discussion contribution. We need to
change it to that of specification.
15. Section 11.3, Item I. A. Initialization vectors, 2nd last
sentence
What is "B" octets?
16. Section 11.3, Item I. B. Padding, 2nd paragraph, "Two methods
are proposed to handle packets ..."
"proposed" is strange in Recommendation.
17. Section 11.3, Item I. B. Padding, 4th paragraph
There is a spurious period.
18. Section 11.3, Item I. B. Padding, 5th paragraph
- H.Secure ==> H.235
- "It is recommended that all H.Secure implementations must support
..." must ==> should {?}
19. Section 11.3, Item I. B. Padding, 5th paragraph
What is "P" bit? See also #15.
20. Section 11.3, Item Stream Algorithms
The item number ==> II.
21. Section 11.3, after Item II. A. (spurious)
and if the performance problem is not deemed to be exist, it should
not be included. ==> to be existing, or to exist
22. Section 13.1, Figure, TLS/SSL
SSL is striked out in Section H.245Security. If it is valid, it
should appear in Section 5. Symbols and Abbreviations.
23. Section 13.3.1, 2nd paragraph, 2nd sentence
The intent (as stated in section 7.2) is to not provide absolute, ==>
is not to {?}
24. Sections 13.3.2, 13.3.3, 13.3.4
There are several "shared secret" in this section. ==> shared secret
key {?}
25. Appendix B, 3rd paragraph
SSL appears. See #22.
26. Appendix E, 1st paragraph
"call control" appears. See #8.
27. Appendix E, 2nd and 3rd bullets
TLS/SSL appears. See #22.
28. Appendix E, Item III. Call Control (H.245)
See #8.
29. Appendix E, Item 1b), 3rd sentence
Some of the RAS messages are multicast by definition, and as such is
would be impractical to make confidential. ==> either of "is" or
"would be" is spurious.
30. Appendix E, Item 1b), 4th sentence
Call establishment messages are currently carried on UDP (unreliable)
transport Possible solutions ... ==> Call establishment messages are
currently carried on UDP (unreliable) transport. Possible solutions
...
31. Appendix E, Item 1c)
H.Secure ==> This Recommendation, or H.235
32. Appendix E, Item 1c), last sentence
... using a "per-message randomization" in section Non-registration
RAS signaling 13.3.4. ==> ... using a "per-message randomization" in
section 13.3.4 Non-registration RAS signaling. {?}
33. Appendix E, Item 3a)
... as provide in TLS/SSL. ==> ... as provided in TLS/SSL.
See also #22.
34. Appendix E, Item 3b)
Bystanders able to snoop media encryption algorithms and keys
exchanged by participants loss of 4b, 4c and 4d. ==> Some words are
missing between participants and loss {?}
35. Appendix E, Item 4c)
Denial of service attack if bystanders, 'scramble' data. ==> the comma
is unnecessary {?}
36. Appendix E, Item 4c), last sentence
Integrity servies for media data is ... ==> Integrity service for
media data is ... or Integrity services for media data are ...
37. After Appendix F
There are five definitions. These should be moved to Section 4. Or
are they a part of Appendix F?
---------< Thank you for your attention. >---------