- sg16-avd - lists.packetizer.com

H.225.0 and Fast Setup
by Orit Levin 09 Feb '98

09 Feb '98

Hello again! I haven't seen the final H.225.0 version yet, but I am slightly concerned about the results. As far as I know, the latest related TD has no explicit statement about a "total" FastCap definition removal along with the IMPORTS statement update: IMPORTS Capability, MultiplexCapability, Which are unnecessary now. Best Regards, Orit Levin RADVision Inc. E Mail: orit(a)radvision.com 575 Corporate Dr., Suite 420 Tel: 201-529-4300 ext. 230 Mahwah, NJ 07430 Fax: 201-529-3516

1 0

Q9/16 Accessibility files from SG16 meeting in Geneva
by Gunnar Hellstrom 08 Feb '98

08 Feb '98

The contributions and results from the Q9/16-Accessibility activities in Geneva are now available in the web-site http://www.pi.se/~omnitor/standd.htm All files are available in a zip archive 780 Kb. The main achievements T.140, T.134 and V.18 and a report are available in uncompressed form. The intention is to provide them there for standards work purposes until they are published by the ITU. Gunnar Hellström ------------------------------------------------ Gunnar Hellström Omnitor Alsnögatan 7, 4tr S-116 41 Stockholm SWEDEN Tel +46 751 100 501 Fax +46 8 556 002 06 E-mail: gunnar.hellstrom(a)omnitor.se WWW: www.pi.se/~omnitor ------------------------------------------------

1 0

Annex C to G.729
by Sakae Okubo 07 Feb '98

07 Feb '98

Dear Q.12-14/16 colleagues, As to the Recommendations decided by SG16, I forgot to note that Germany requested the four week reservation to Annex C/G.729. Best regards, Sakae OKUBO (Mr.) ******************************************************************** Graphics Communication Laboratories Phone: +81 3 5351 0181 6F ANNEX TOSHIN BLDG. Fax: +81 3 5351 0184 4-36-19 Yoyogi, Shibuya-ku, Tokyo e-mail: okubo(a)gctech.co.jp 151-0053 Japan ********************************************************************

1 0

Debriefing of the SG16 meeting
by Sakae Okubo 06 Feb '98

06 Feb '98

Dear Q.12-14/16 colleagues, This is a debriefing of the SG16 meeting just finished. 1. Decided Recommendations under Q.11-Q.15 H.324 V2 including Annexes C and D V.140 (H.dispatch) - note that H.247 has been changed to V.140 Annex A to H.223 Annex B to H.223 Annex C to H.223 H.222.0 Amendments 3 and 4 H.321 Version 2 H.225.0 V2 H.323 V2 H.450.1 H.450.2 H.450.3 H.235 H.245 V3 H.246 H.262 Amendments 3 and 4 H.263 V2 (H.263+) Note that H.332 has been re-determined, but its decision has been deferred to the next meeting of SG16 in September 1998. 2. Approved correction H.310 (H.320/H.321 interoperation mode stack of RAST-5 terminals) 3. Determined Draft Recommendations H.324 Annex F (for H.multi-link) H.multi-link H.310 V2 H.bmultipoint H.222.0 Amendment 5 H.323 Annex D (real-time fax) H.323 Annex I (RTP payload for H.263+) H.245 V4 4. Rapporteur meetings The following plan of interim Q.12-14 Rapporteur meetings has been approved: 1) 14-17 April 1998, in Yokosuka, Japan 2) 9-12 June 1998, in some city (to be confirmed), France Q.11 will meet together with Q.12-14; system aspects in April, all aspects in June. Q.9 and Q.18 will meet together with Q.14 in June. SG16 will meet next during 15-22 September 1998. Please fill in your agenda accordingly. 5. WP2/16 meeting reports The following three files have been placed at /9801_Gen of the GCL ftp site: TD80_PLE Report of WP2/16 - Part I General TD86_PLE Outgoing liaison statements TD87_PLE Status report of WP2/16 Recommendations There may be small amendments made in the final version. Best regards, Sakae OKUBO (Mr.) ******************************************************************** Graphics Communication Laboratories Phone: +81 3 5351 0181 6F ANNEX TOSHIN BLDG. Fax: +81 3 5351 0184 4-36-19 Yoyogi, Shibuya-ku, Tokyo e-mail: okubo(a)gctech.co.jp 151 Japan ********************************************************************

1 0

ETSI Tiphon Documents availble on-line
by Gur K 05 Feb '98

05 Feb '98

FYI, ETSI Tiphon documents now available at: http://standards.vocaltec.com/mirror/docbox.etsi.org/Document/tiphon/

1 0

None
by Gur Kimchi 29 Jan '98

29 Jan '98

Hi SG16/WP2/Q13 Participants: The following paper is presented detailing a possible architecture for Gatekeeper-to-Gatekeeper communication. An Ad-Hoc meeting took place on Room-III at 8:30 AM on the Jan 29 Geneva ITU Meeting. I will compile a list of requirements brought up in that meeting soon. Please note that we present this document to provide some overview and possible solutions to the problems. This is in not way or form the only way to solve the problems, it is only one of the possible solutions. We solicit your input about: ======================= 1. Requirements 2. Which of the requirements are for H.323v3 work, and which are for further study 3. Required services and Goals 4. Open Issues Points that were raised in the meeting: ================================ 1. Build networks that scale to the Internet 2. allow for both flat, tree and network models 3. provide a method for a gatekeeper to find an Entity that is registered with another gatekeeper 4. Support call-record logging, accounting, and possibly billing (probably as liaison to appropriate working parties) Thank you for your time,, Gur Kimchi, VocalTec Communications Ltd. (See attached file: TD-InterGatekeeper.doc)

1 0

standard.pictel.com down this Thursday
by Robert Webber 27 Jan '98

27 Jan '98

The ftp and www server "standard.pictel.com" will be shut down for up to four hours this Thursday, 29 January starting at about 6 PM US Eastern time. The system hardware will be upgraded at that time (from a 10-or-so MIP SPARCstation 1 to a SPARC IPX with an accelerated CPU chip). Services will resume normally once the upgrade is completed. Bob Webber PictureTel Corporation

1 0

Re: H.235 Comments
by Sengodan Senthil NRC/Boston 27 Jan '98

27 Jan '98

May be, we can just use random instead of timestamps as described below. 1) EPA would send "generalID_A, random_A" to EPB (unauthenticated). 2) EPB would send "generalID_B, random_B" to EPA (unauthenticated). 3) In the cryptotoken, EPA would send "random_B, generalID_x, (random_B, generalID_x)f", where generalID_x could be either generalID_A or generalID_B, and (...)f is the appropriate hash/encrypting function. random_B and generalID_x need not even be sent in the clear in the cryptotoken. This would get rid of the replay attack problem and also the problem of dealing with time skews. - Senthil Senthil Sengodan Nokia Research Center ---------- From: Mailing list for parties associ To: ITU-SG16 Subject: Re: H.235 Comments Date: Tuesday, January 27, 1998 12:12PM Such an attack can be made even when there is only one GK, but it is more "reasonable" to attack a different GK. I think the best solution is to include both IDs (A & B) in the token, contrary to what you say, I don't see any hint to that in the standard itself (there's no room for two IDs). LiorM -------- On 01/26/98 03:06 PM Pekka.Pessi(a)research.nokia.com wrote: "EXT Lior Moscovici" <Lior_Moscovici(a)VOCALTEC.COM> writes: >Here are some comments on the last H.235 draft: > They following relate to the authentication scheme in 10.3: > In 10.3: We think it would be more appropriate that the party that > proves its identity send its own ID in the authentication token, rather > that the ID of the authenticating party. In other words, in the > diagrams, EP A would rather send a token containg generalID_A, rather > than generalID_B, and vice versa. ISO/IEC 9898-2 notes: Distinguishing idenitifier B [generalID_B] is included in the token AB [token sent from A to B] to prevent the re-use of TokenAB on entity A by an adversary masquerading as entity B. ... Their [generalID] inclusion is made optional so that, in environments where such attacks cannot occur, one or both may be omitted. I can imagine some scenarios, where such attacks are possible. Let's suppose there are two gatekeepers, B and C, which use the same passwords to authenticate terminals. Terminal A sends an authorisation token to B. Now, if the generalID_B is not included in the token, an eavesdropper can send the same token to C. Pekka Pessi

1 0

Clock Skews in H.235
by Lior Moscovici 27 Jan '98

27 Jan '98

Subscription-based authentication mechanisms described in 10.3 in H.235 assume a common reliable source of time stamps to be included in the token. The validator accepts a limited difference between the timestamp included in the token and the current time. For unaccepted time diffs, it might be to convey the time diff itself to the party that sent the token, so that it can regulate the skew, and generate a new token with the correct time. We propose to include the time diff in a ClearToken sent along with the xRJ with the SecurityDenial reason. The clear token should contain the time diff in the TimeStamp field, and the ID of the party that generaied the token. Lior

1 0

Re: H.235 Comments
by Lior Moscovici 27 Jan '98

27 Jan '98

Such an attack can be made even when there is only one GK, but it is more "reasonable" to attack a different GK. I think the best solution is to include both IDs (A & B) in the token, contrary to what you say, I don't see any hint to that in the standard itself (there's no room for two IDs). LiorM -------- On 01/26/98 03:06 PM Pekka.Pessi(a)research.nokia.com wrote: "EXT Lior Moscovici" <Lior_Moscovici(a)VOCALTEC.COM> writes: >Here are some comments on the last H.235 draft: > They following relate to the authentication scheme in 10.3: > In 10.3: We think it would be more appropriate that the party that > proves its identity send its own ID in the authentication token, rather > that the ID of the authenticating party. In other words, in the > diagrams, EP A would rather send a token containg generalID_A, rather > than generalID_B, and vice versa. ISO/IEC 9898-2 notes: Distinguishing idenitifier B [generalID_B] is included in the token AB [token sent from A to B] to prevent the re-use of TokenAB on entity A by an adversary masquerading as entity B. ... Their [generalID] inclusion is made optional so that, in environments where such attacks cannot occur, one or both may be omitted. I can imagine some scenarios, where such attacks are possible. Let's suppose there are two gatekeepers, B and C, which use the same passwords to authenticate terminals. Terminal A sends an authorisation token to B. Now, if the generalID_B is not included in the token, an eavesdropper can send the same token to C. Pekka Pessi

1 0