Paul and others,
let me shortly explain the purpose of security denial:
H.235 and security profiles say, that this value is returned in the reject messages whenever the received cryptoTokens are not acceptable for some security reason. This may occur due to failed authentication, lack of authorization (= permission) or failed integrity but also as part of security negotiation when the received crypto parameters are not acceptable or understood.
Of course there several more reasons why security might fail and the responder sends security denial: the password/shared secret is invalid or not available, the endpoint is not allowed to use a service, replay detected, integrity violation detected, digital signature wrong, certificate expired....
Kind regards,
Martin Euchner. ----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 722 55790 | Martin Euchner Fax : +49 89 722 46841 | Siemens AG | ICN M NT 18 mailto:Martin.Euchner@icn.siemens.de mailto:Martin.Euchner@icn.siemens.de | mailto:martin.euchner@ties.itu.int mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://zt-security.mchp.siemens.de/de/Competence/Standardization/ITU-T_SG16/... http://zt-security.mchp.siemens.de/de/Competence/Standardization/ITU-T_SG16/index.html | D-81359 Muenchen Internet: http://www.siemens.de http://www.siemens.de | __________________ | Germany -----------------------------------------------------------------------
-----Ursprüngliche Nachricht----- Von: Paul Long [SMTP:Plong@SMITHMICRO.COM] Gesendet am: Mittwoch, 20. September 2000 15:17 An: ITU-SG16@mailbag.cps.intel.com Betreff: Re: ARJ reject reasons?
I put together a table that summarizes the meanings of the ARJ reject reasons if anyone is interested. It's at the top of this page: http://www.packetizer.com/h225impl.html. Let me know if you disagree with any of it.
Paul Long Smith Micro Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com