Re: ASN.1 accross revisions

3 Jul 1998

      Bancroft and others,
I take your point that putting a second piece of ASN.1 into the UUIE may
jeopardize backwards compatibility.  I have to admit that I have to try
quite hard to read H.225 in such a way that it allows me to do this (but
it is possible!!!).  The basic issue is whether having read and decoded
the ASN.1 in the UUIE, implementations check whether all characters in
the UUIE have been used.  I guess only a poll of vendors would determine
whether this is the case.
An alternative to adding on an extra piece of ASN.1 in the case of the
Q.931 side would be to hi-jack one of the other IEs that we are unlikely
to use, and use that for the signature values.  For example one that we
might use is "Packet Layer Binary Parameters" which has an IE value of
0x44.
Pete
=================================
Pete Cordell
BT Labs
E-Mail: pete.cordell@bt-sys.bt.co.uk
Tel: +44 1473 646436
Fax: +44 1473 645499
=================================
...

From:  Bancroft Scott[SMTP:baos@oss.com]
Sent:  30 June 1998 21:21
To:    Pete Cordell
Cc:    'ITU-SG16@MAILBAG.INTEL.COM'
Subject:       RE: ASN.1 accross revisions
On Tue, 30 Jun 1998, Pete Cordell wrote:
...
I admit that I am only just hanging in there with this debate, but I
think I have a possible solution 5 to throw in as a contender.
Looking at the problem a bit laterally, we have RasMessage in UDP
packets that we want to sign, and H323-UserInformation in the UUIE that
we want to sign.  Currently these are the only chunks of ASN.1 in these
fields.
We could add a second piece of ASN.1 into these fields (UDP packet and
UUIE) that contains the signatures, such as:
H323Extra ::= CHOICE
{
     icv     ICV,
     ...
}
This would be a separate ASN.1 tree.  Therefore in a RAS UDP packet you
would get:
 RasMessage chunk of ASN.1
 H323Extra chunk of ASN.1 typically containing signature

Similarly in the UUIE, you would have
 H323-UserInformation chunk of ASN.1
 H323Extra chunk of ASN.1

Note that all the key ids and time stamps etc., would remain in the
RasMessage and H323-UserInformation parts (so they get signed).
I agree this is not beautiful, but it does not require multiple ASN.1
encodings, and doesn't radically change the format of the message
depending on whether you want to sign it or not (as solution 4 seems
to).
This crossed my mind a couple days ago, but it is not clear how this
would
be backward compatible.  That is, how would an older version handle
this
added information that comes after the H323-UserInformation?  I like
the
general idea, but if I am not mistaken it is not backward compatible.
I have an idea as to how to do as you suggest in a backward compatible
manner, but before I go down that path I need to know the answer to
the question: Are the most recent implementations that know of H.323
required to transmit an ICV with each RasMessage or
H323-UserInformation?

--
Bancroft Scott                                Toll Free
:1-888-OSS-ASN1
Open Systems Solutions, Inc.
International:1-609-987-9073
baos@oss.com                                  Tech Support
:1-732-249-5107
http://www.oss.com                            Fax
:1-732-249-4636

Pete Cordell

tags (0)

participants (1)