Dear Glen,
Attached is a word document that shows the additions and changes I made to the H.225 ASN.1. Could you please review and let me know if it is now correct, or what needs to change? I need to send the document in today (Thursday), so please reply as soon as possible.
Perhaps you can help me understand something. The GRQ has an integrity field (SEQUENCE OF IntegrityMechanism) which I assume is used by the sender to indicate the algorithms available to the sender.
meu>: That's right. Sender and receiver negotiate during GRQ/GFC whether to apply integrity on RAS messages and if yes, which integrity mechanism they choose; see IntegrityMechanism (digital signature, ISO9797, HMAC-xxx or non-standard).
The ICV includes an algorithmOID (OBJECT IDENTIFIER), which I'm guessing indicates the algorithm used to compute the integrity check value. But, it looks to me that the possible algorithms under IntegrityMechanism are not represented in algorithmOID. For example, how can I represent hMAC-MD5 or nonStandard in ICV? Can you explain this to me?
meu>: This is not quite correct. The algorithmID within the ICV structure is only used when the digital signature is applied as integrity mechanism. In this case, the algorithmOID tells the receiver by which digital signature algorithm the sender has computed the enclosed digital signature (e.g. RSA or DSS and applied hash functions etc.). However, this algorithmID is not used at all when the ICV is computed using symmetric techniques such as the HMAC methods or ISO9797. As both involved entities have agreed already on the integrity mechanism during GRQ/GCF there is no further need to indicate the applied integrity method within each RAS message; thus, it is not possible to change the integrity mechanism between RAS messages on the same RAS channel.
I reviewed also the attached Word document which you sent me and recommend the following change to the ICV structure:
I made the following changes: 1.) replaced the dash by a blank between OBJECT and IDENTIFIER 2.) replaced icv by signature in the comment. 3.) replaced the underscore _ by a blank between BIT and STRING.
ICV ::= SEQUENCE { algorithmOID OBJECT IDENTIFIER, -- the algorithm used to compute the signature icv BIT STRING -- the computed cryptographic integrity check value -- or signature }
That's all. I hope this helps and clarified your questions and allows you to complete and close H.225.0 V2!
I will post this message also to our ITU-T reflector; however as round-trip time is very long - about one day for me - you will also get a direct mail from me which should get through much faster.
Martin.
----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 636-46201 | Martin Euchner Fax : +49 89 636-48000 | Siemens AG | ZT IK 3 e-mail: Martin.Euchner@mchp.siemens.de | | Otto-Hahn-Ring 6 | 81730 Muenchen | __________________ | Germany -----------------------------------------------------------------------