Dear all, Q.2/16 has scheduled Draft ITU-T Recommendation H.460.mb "Message Broadcast for H.323 Systems" for possible consent at the forthcoming SG16 meeting in April. The latest draft of H.460.mb is available at: http://ftp3.itu.ch/av-arch/avc-site/2005-2008/0511_Gen/AVD-2813a.zip Unfortunately, Q.25 did not have discussion of the potential security issues around H.460.mb at the last joint Rapporteurs Meeting in November 2005/Geneva. The draft text raises a few security questions as open issues within Editor notes; there may or may not be more security issues which are not yet identified in the text; and there are also other non-security issues in the document that may deserve some closer view. Together with Paul Jones (Q.2/16 Rapporteur), I would like to take this opportunity to raise the issue at this point in time with the intention to solicit mailing list discussion and/or call for input contributions into the next SG16 meeting, allowing the two Questions to have a fruitful discussion on the draft and to determine how we move forward. Allow me to make a couple of remarks and also ask a few guiding questions: - H.460.mb operates in a multicast environment where H.323-based announcement servers broadcast to a pre-defined set of H.323 receivers/endpoints. As such, we could be interested to study how to secure such an environment. What type of security do we need, how to secure the involved entities? - To which degree can we leverage existing H.235.x Recommendations for usage in H.460.mb? - Where (signaling protection, media protection) do we need to study new (multicast) security mechanisms for this particular application? - Can we re-use any existing work from other groups for this purpose? - Should security for H.460.mb be addressed at this point in time, or can we add-in whatever security measures are necessary at a later/future point in time? - If we have to do something at least on security, what should it be about? What is the most pressing requirement from the market point of view? - Which security infrastructure is adequate for such a multicast scenario? Shared keys, PKI; key management, statically configured, dynamic negotiable? - ... Looking forward to your interest, feedback, views, contributions... With kind regards Martin Euchner. --------------------------------------------------------------------- | Dipl.-Inf. Rapporteur Q.25/16 | Martin Euchner Phone: +49 89 722 55790 | Siemens AG.....................Fax : +49 89 722 62366 | COM GCM PS 3 mailto:Martin.Euchner@siemens.com | mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://ietf.icn.siemens.de/sr3/Standardisation_Topics/security/ | D-81359 Muenchen Internet: http://www.siemens.de/ | __________________ | Germany ---------------------------------------------------------------------