Suggesting Correction In H.235

31 Dec 1997


      There is a seeming inconsistency between the ASN.1 definition and section
10.3 in H.235:
CryptoToken::= CHOICE
{
cryptoEncryptedToken SEQUENCE ? General purpose/application specific
token
      {
        tokenOID    OBJECT IDENTIFIER,
        token       ENCRYPTED { EncodedGeneralToken }
      },
      cryptoSignedToken  SEQUENCE -- General purpose/application specific
token
      {
        tokenOID  OBJECT IDENTIFIER,
        token       SIGNED { EncodedGeneralToken }
      },
      cryptoHashedToken SEQUENCE -- General purpose/application specific
token
      {
        tokenOID         OBJECT IDENTIFIER,
        hashedVals       ClearToken,
        token HASHED { EncodedGeneralToken }
      },
      cryptoPwdEncr      ENCRYPTED { EncodedPwdCertToken },
      ...
}
According to section 10.3, additional choices for hashing and signature
password based are needed:
CryptoToken::= CHOICE
{
      <OMITTED>
cryptoPwdEncr      ENCRYPTED { EncodedPwdCertToken },
<-- ************ ADD THE FOLLOWING:****************>
      hashedPwdEncr      SEQUENCE
      {
        hashedTimeStamp  TimeStamp,
        token       HASHED { EncodedPwdCertToken }
      },
      signedCertEncr     SIGNED { EncodedPwdCertToken },
      ...
}
Alternatively, one could use the general purpose cryptoSignedToken and
cryptoHashedToken, but this is using non-standard (including an allocation
of tokenOIDs) means to implement standard features...
Lior.

Lior Moscovici

tags (0)

participants (1)