Hi
Please see my response inline.
Regards aseem@trillium.com
From udayas@hss.hns.com Thu Sep 9 20:49 PDT 1999 Received: from turin.trillium.com (turin.trillium.com [206.216.108.218]) by aiglos.trillium.com (8.9.3/8.9.3) with ESMTP id UAA16738 for aseem@aiglos.trillium.com; Thu, 9 Sep 1999 20:49:10 -0700 (PDT) Received: from tapti.hss.hns.com ([139.85.242.19]) by turin.trillium.com (8.8.7/8.8.7) with ESMTP id UAA11451 for aseem@trillium.com; Thu, 9 Sep 1999 20:49:07 -0700 (PDT) Received: from sampark.hss.hns.com (sampark.hss.hns.com [139.85.229.5]) by tapti.hss.hns.com (8.8.8/8.8.8) with SMTP id KAA20043 for aseem@trillium.com; Fri, 10 Sep 1999 10:45:03 +0530 (IST) Received: by sampark.hss.hns.com(Lotus SMTP MTA SMTP v4.6 (462.2 9-3-1997)) id 652567E8.0014F3FA ; Fri, 10 Sep 1999 09:18:51 +0530 From: udayas@hss.hns.com X-Lotus-FromDomain: HSSBLR To: aseem@trillium.com (Aseem Agarwal) Message-ID: 652567E8.00146863.00@sampark.hss.hns.com Date: Fri, 10 Sep 1999 09:18:46 +0530 Subject: Re: Questions on H.235 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Length: 2920 Status: OR
Hi i have the following questions about H.235 procedures:
The Diffie Hellman exchange as depicted in Fig 1/H.235 is as follows:
EP GK ClrTkn(Dh_a, Time_a) CryptoTkn[(genId_a, time_a,Dh_a)Sign_a] ---------------------------------------------------------------------->
ClrTkn(Dh_b, Random_b, Time_a) CryptoTkn[{genId_a,Time_b,Dh_b}Sign_b] -------<----------------------------------------------------------------------- ___________________________________________________________________________ __
ClrTkn[{(genId_b XOR Random_b XOR (x)}EHD-secret)] ----------------------------------------------------------------------------->
ClrTkn[ (genId_a, Random_b) ]<-----------------------------------------------------------------------
1.In the phase II procedure above, how does the EP know about genId_b ? I feel that the genId in cryptoToken in phase I message from GK to EP (second line in the diagram) should have genId_b and not genId_a. Is my understanding correct ? 2.As applied to RAS protocol in H.323 context, for a non subscription based authentication case: Dh_a and Dh_b have public keys for EP and Gk respectively. (x) is requestSeqNum. genId_b has gkId in GCF. What does genId_a have in GRQ ? The above exchange is NOT immune to man-in-the-middle attacks. A third party can easily snoop in and find out Dh_a, Dh_b, GkId and IntegrityMechanism algorithms as these are passed un-ecrypted in GRQ-GCF exchange. How is this authentication procedure any different from just passing a GK assigned dynamic identifier (e.g. EndPointId) in all messages to the GK ?? How is this procedure affected if the EP knows Gk's id apriori (through provisioning or out of band methods as in manual discovery)? 3. H.235 also mentions that this procedures may be used on the call signalling channel as well. The scope of the Key generated as a result of this procedure is not clearly specified. Is this key used for encryption on the call control channel or is it valid only for call signalling channel ? Any pointers would be appreciated. thanks, aseem@trillium.com
- I agree with what you say.
- Since the key is established through RAS messages like GRQ and RRQ, changing the key for call control channel may require using nonstandard fields in some messages. I do not think this is a good idea as this may lead to inter-operability problems.
***** I think that Diffie Hellman should be used ONCE either in RAS or in H.225 (in case of Direct Endpoint to Endpoint calls). Keys established by this procedure should be used for encryption on the call control channel.
For changing the keys, H.245 provides messages like EncryptionUpdate. Any comments ?
Regards,
Udaya