Ivan,
it is my understanding that LRQ/LCF for inter GK communication does not scale very well. Thus, H.225.0 Annex G is the more appropriate approach that should be taken. However, it is also true, that H.225.0 Annex G does not run between GKs but rather only between border elements. To be precise, an external protocol between an GK and a BE is currently undefined; better think of a co-located GK/BE entity without any in-between protocol.
Regarding security, H.235 Annex G for securing H.MMS.1 mobility is being worked on and will describe also security protection of inter-BE messages similar to H.235 Annex D. To my knowledge, this is currently the only security profile that is of interest between BEs, thus there is no trial and error to be expected. As the shared secret between both BEs has to be administered anyway, so can the security profile be configured as well. Nevertheless, the security profile itself is identified through a set of OIDs.
I hope this answers your questions.
Kind Regards,
Martin Euchner. ----------------------------------------------------------------------- | Dipl.-Inf. Phone: +49 89 722 55790 | Martin Euchner Fax : +49 89 722 46841 | Siemens AG | ICN M SR 3 mailto:Martin.Euchner@icn.siemens.de | mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://intranet.icn.siemens.de/marketing/sr/pages/122/122_euchner.htm | D-81359 Muenchen Internet: http://www.siemens.de | __________________ | Germany -----------------------------------------------------------------------
-----Urspr> üngliche Nachricht----- Von: Ivan Varghis [SMTP:ivancse@YAHOO.COM] Gesendet am: Samstag, 8. September 2001 14:09 An: ITU-SG16@mailbag.cps.INTEL.COM Betreff: Security in Inter Gatekeeper Communication
Hi
For security in inter Gatekeeper conmmunication, currently there is no authentication capabltiy exchange for selection of a common security profile. This facility is provided in the case of communication between the Endpoint and Gatekeeper using the GRQ GCF exchange.
The field used for this are AuthenticationCapabilty and AlgorithmOIDs in GRQ ( Capabilities of the EP) and AuthenticationMode and AlgorithmOID in GCF ( The capabiltiy selected by Gatekeeper)
Wouldnt it be good to add the " same fields in the LRQ and LCF" as his would help in selection of a common profile between Gatekeepers.
Though the profile which is used can be determined from the TokenIOD and AlgorithmOID in the message, as the number of security profiles increases the Gatekeepers will have to use a trial and error method to arrive at a common security Profile. Wouldnt this be a overhead which can be avoided ?
Cheers H.323 Ivan
Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com
For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@mailbag.intel.com