Aparna,
please note, that Jim Toga is no longer editor of H.235. I took over responsibility to carry on H.235 version 2. Anybody with questions, suggestions and improvements should get in touch with me therefore.
1. Relation of registration info by GK: The GK can associate the registration information through the delivered endpointID and callID. Further on, commercially available stacks offer identifications means by messages handles or simply IP addresses for example. All this could be useful in keeping track of state and context.
2. Key update: H.235 offers a key update (key refreshment) procedure for the media session key; this procedure is not applicable to RAS for the following reasons: a) Passwords are subscription-based information. The subscription procedure (registration, obtaining, refreshing PWs) are not part of the recommendation. This all can be achieved by some means out-of-band. By such a procedure you can also refresh your passwords of course. b) Diffie-Hellman keys act as a master key. There is no explicit key update procedure for such keys. Implicitly, you could terminate (close) the connection and immediately re-open/reregister; thereby establishing automatically a new key.
Regards,
Martin
----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 636-46201 | Martin Euchner Fax : +49 89 636-48000 | Siemens AG | ZT IK 3 mailto:Martin.Euchner@mchp.siemens.de | Intranet: http://zt-security.mchp.siemens.de/Standardization/ITU-T_SG16/index.html | Otto-Hahn-Ring 6 Internet: http://www.siemens.de | D-81730 Muenchen | __________________ | Germany -----------------------------------------------------------------------
-----Original Message----- From: Aparna Saha [SMTP:apsaha@HSS.HNS.COM] Sent: Monday, September 20, 1999 6:45 AM To: ITU-SG16@mailbag.cps.intel.com Subject: Queries on RAS security !!
Hi Jim,
I have a few queries related to H.235, specifically, RAS security.
This is regarding the RAS procedures for authentication . During the GRQ-GCF exchange, the security info ( the secret key and the algorithmId ) gets established with the GK. For the subsequent RRQ, how does the GK relate the RRQ with the info stored ? Is there any mechanism for refreshing keys in RAS ?
Thanks and regards, Aparna.