Corrections for H.225.0 V.2

24 Sep 1997


      Dear Glen,
I just checked H.225.0 V.2 as H.235 no longer contains security ASN.1.
Thanks for including the ICV fields from APC-1271 in all the RAS
messages.
Unfortunately, you forgot to include the following ASN.1 signaling
elements shown below which are necessary to signal the integrity
mechanism to be used during the GRQ and GCF to the recipient.
Sections 7.8.1 and 7.8.2 about GRQ and GCF should include the following
description:
integrity - indicates to the recipient which integrity mechanism is to be
applied on the RAS messages.
All the following stuff goes into section 15 - Annex H:
EncryptIntAlg ::= CHOICE
{ -- core encryption algorithms for H.225.0 message integrity
nonStandard  NonStandardParameter,
isoAlgorithm  OBJECT IDENTIFIER ,   -- defined in ISO/IEC 9979
}
NonIsoIntegrityMechanisms  ::= CHOICE
{ -- HMAC mechanism used, no truncation, tagging may be necessary!
hMAC-MD5  NULL OPTIONAL, -- MD5 as hash function
hMAC-iso10118-2-s EncryptIntAlg OPTIONAL, -- according to ISO/IEC 10118-2
using
 -- EncryptIntAlg as core block encryption algorithm (short 64-bit MAC)
hMAC-iso10118-2-l EncryptIntAlg OPTIONAL,  -- according to ISO/IEC
10118-2 using
 -- EncryptIntAlg as core block encryption algorithm (long 128-bit MAC)
hMAC-iso10118-3 OBJECT IDENTIFIER OPTIONAL,  -- according to ISO/IEC
10118-3
 -- using OID as hash function (OID is SHA-1, RIPE-MD160, RIPE-MD128)
}
IntegrityMechanism ::= CHOICE
{ -- for H.225.0 RAS message integrity
nonStandard NonStandardParameter,
digSig  NULL OPTIONAL, -- indicates to apply a digital signature
iso9797  OBJECT IDENTIFIER OPTIONAL,  -- according to ISO/IEC 9797 using
OID as
 -- core encryption algorithm (X-CBC MAC)
nonIsoIM NonIsoIntegrityMechanism
}
Thus GRQ and GCR should read as follows (integrity entry added):
GatekeeperRequest ::= SEQUENCE --(GRQ)
{
requestSeqNum  RequestSeqNum,
 protocolIdentifier ProtocolIdentifier,
 nonStandardData NonStandardParameter OPTIONAL,
 rasAddress  TransportAddress,
 endpointType  EndpointType,
 gatekeeperIdentifier GatekeeperIdentifier OPTIONAL,
 callServices  QseriesOptions  OPTIONAL,
 endpointAlias  SEQUENCE OF AliasAddress OPTIONAL,
 ...,
 alternateEndpoints SEQUENCE OF Endpoint OPTIONAL,
 tokens   SEQUENCE OF ClearToken OPTIONAL,
 cryptoTokens  SEQUENCE OF CryptoH323Token OPTIONAL,
 integrity  SEQUENCE OF IntegrityMechanism OPTIONAL,
 authenticationCapability SEQUENCE OF AuthenticationMechanism OPTIONAL,
 algorithmOIDs  SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
 integrityCheckValue ICV OPTIONAL
}
GatekeeperConfirm ::= SEQUENCE --(GCF)
{
 requestSeqNum  RequestSeqNum,
 protocolIdentifier ProtocolIdentifier,
 nonStandardData NonStandardParameter OPTIONAL,
 gatekeeperIdentifier GatekeeperIdentifier  OPTIONAL,
 rasAddress  TransportAddress,
 ...,
 alternateGatekeeper SEQUENCE OF AlternateGK OPTIONAL,
 authenticationMode AuthenticationMechanism OPTIONAL,
 tokens   SEQUENCE OF ClearToken OPTIONAL,
 integrity  SEQUENCE OF IntegrityMechanism OPTIONAL,
 cryptoTokens  SEQUENCE OF CryptoH323Token OPTIONAL,
 algorithmOID  OBJECT IDENTIFIER OPTIONAL,
 integrityCheckValue ICV OPTIONAL
}
I'm sorry for the late discovery. Please include the above changes to the
document text.
Martin.
-----------------------------------------------------------------------
| Dipl.-Inf.                     Phone: +49 89 636-46201
| Martin Euchner                 Fax  : +49 89 636-48000
| Siemens AG
| ZT IK 3           e-mail: Martin.Euchner@mchp.siemens.de
|
| Otto-Hahn-Ring 6
| 81730 Muenchen
| __________________
| Germany
 -----------------------------------------------------------------------

Euchner Martin ZT IK 3

tags (0)

participants (1)