Re: [Security] Enhancements to H.233 and H.234
Patrick, I looked at the contributions and have some comments.
1. In H.233 why the new tag class, why don't you use 11 as the rest of H.233 messages. 2. By adding the new encryption algorithm you need a longer DH prime. In H.235 they have a table in annex D which is based on RFC2412. Do you think we should have the option to recommend the same numbers as H.235 does.
Regards Roni Even
-----Original Message----- From: Patrick Luthi [mailto:patrick.luthi@TANDBERG.NO] Sent: Friday, August 30, 2002 1:54 AM To: ITU-SG16@echo.jf.INTEL.COM Subject: [Security] Enhancements to H.233 and H.234
Dear experts,
We would like to share with you 2 proposals for enhancements to H.233 and H.234 that we are planning to submit to the October meeting of SG16.
Enhancements to H.233: this contribution proposes to add the Triple Data Encryption Algorithm (TDEA or triple DES) and the Advanced Encryption Standard (AES) to the list of algorithms in H.233 along with corrections of some inconsistencies.
Enhancements to H.234: this contribution proposes changes to H.234 to allow the exchange of asymmetric length of encryption keys.
Please let me know if you have any suggestions or comments! The plan would be to ask for Consent for both recommendations at the closing of the upcoming SG16.
Best regards,
Patrick
Patrick Luthi Manager - Technical Standards Rapporteur (chairman) for the ITU-T multimedia systems, terminals and data-conferencing Experts group (Question 1/16) TANDBERG N-1366 Lysaker, Norway Phone: + 47 67 125 125 e-mail: patrick.luthi@tandberg.no
For help on this mail list, send "HELP ITU-SG16" in a message to listserv@lists.intel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@lists.intel.com
Roni,
See my answers in-line!
Regards,
Patrick
At 16:03 9/12/2002 +0300, Even, Roni wrote:
Patrick, I looked at the contributions and have some comments.
- In H.233 why the new tag class, why don't you use 11 as the rest of H.233
messages.
We used 00 because it defines the universal tag class (11 being context specific), and we thought that SE_NULL, as data type null message, would best belong to that class. This makes it consistent with ASN.1.
- By adding the new encryption algorithm you need a longer DH prime. In
H.235 they have a table in annex D which is based on RFC2412. Do you think we should have the option to recommend the same numbers as H.235 does.
H.233 nor H.234 are specifying any Diffie Hellman prime values and my understanding is that it is left to the implementor to choose the best value. I see your point, and in the interest of interoperability, a specified value would help. I will think about how to best integrate some text specifying prime values in H.234. One idea was to add a note in the section about Diffie Hellman (clause 4/H.234) saying something (inspired by D.7.1/H.235) like this: It is recommended to use a prime value of 512 bits for the DES algorithm (when exportable security is of concern), 1024 bits for Triple DES and AES algorithms (when high security is of concern), and 1536 bits for Triple DES and AES algorithms (when very high security is of concern). Would that address your concerns? Any feedback or comments are welcomed!
Regards Roni Even
-----Original Message----- From: Patrick Luthi [mailto:patrick.luthi@TANDBERG.NO] Sent: Friday, August 30, 2002 1:54 AM To: ITU-SG16@echo.jf.INTEL.COM Subject: [Security] Enhancements to H.233 and H.234
Dear experts,
We would like to share with you 2 proposals for enhancements to H.233 and H.234 that we are planning to submit to the October meeting of SG16.
Enhancements to H.233: this contribution proposes to add the Triple Data Encryption Algorithm (TDEA or triple DES) and the Advanced Encryption Standard (AES) to the list of algorithms in H.233 along with corrections of some inconsistencies.
Enhancements to H.234: this contribution proposes changes to H.234 to allow the exchange of asymmetric length of encryption keys.
Please let me know if you have any suggestions or comments! The plan would be to ask for Consent for both recommendations at the closing of the upcoming SG16.
Best regards,
Patrick
Patrick Luthi Manager - Technical Standards Rapporteur (chairman) for the ITU-T multimedia systems, terminals and data-conferencing Experts group (Question 1/16) TANDBERG N-1366 Lysaker, Norway Phone: + 47 67 125 125 e-mail: patrick.luthi@tandberg.no
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@lists.intel.com
participants (2)
-
Even, Roni -
Patrick Luthi