[h323plus] ??: ??: ??: Does H323plus support H.235

Simon Horne s.horne at packetizer.com
Mon Dec 3 16:35:01 EST 2007


Also you need to know what the shared secret is to be able to connect. That information is a guarded trade secret. So connecting to PVX with AES would be impossible without that piece of information. 

Simon

> -----Original Message-----
> From: Paul E. Jones [mailto:paulej at packetizer.com]
> Sent: Tuesday, December 04, 2007 2:44 AM
> To: 'Bian'; 'Simon Horne'; 'H323plus'
> Subject: RE: [h323plus] ??: ??: ??: Does H323plus support H.235
> 
> 
> Bian,
> 
> A shared secret can certainly work, but the disadvantage to using 
> a shared secret is simply the fact that every device will have to 
> know the shared secret of any other device it might call.  This 
> can be a provisioning nightmare.  If all devices have the same 
> shared secret, then it only requires compromising one device and 
> then all conversations can be recorded without being a party to a 
> call. (One would only need to capture the call SETUP messages and 
> then recording the audio would be easy.)
> 
> Public key cryptography would serve better to prevent that, 
> whether it's through using TLS to establish the call or 
> exchanging certificates as part of the call.
> 
> Paul
> 
> > -----Original Message-----
> > From: h323plus-bounces at lists.packetizer.com [mailto:h323plus-
> > bounces at lists.packetizer.com] On Behalf Of Bian
> > Sent: Sunday, December 02, 2007 8:05 PM
> > To: Simon Horne; H323plus
> > Subject: [h323plus] 回复: 回复: 回复: Does H323plus support H.235
> > 
> > See 8.6/H.235.6
> > 
> > The sharedSecret field within the H235Key structure uses the following
> > fields:
> > • algorithmOID: set to "X", "X1" for the 56-bit RC2-compatible, set to
> > "Y", "Y1" for 56-bit
> > DES or set to "Z", "Z1" for 168-bit Triple-DES or set to "Z3" for 128-
> > bit AES.
> > NOTE 1 – The session key encryption algorithm is the same as the
> > negotiated media encryption
> > algorithm.
> > 
> > The shared secret is not used directly to encrypt the key exchange
> > material to generate
> > the cipher for media encryption, but used to enctypt the session key.
> > Session key is then used to encrypt media.
> > 
> > So, I think we can connect PVX or codian using AES through a standard
> > way. However, Need some work to test this thought.
> > 
> > 
> > Bian
> > 
> > 
> > 
> > ----- 原始邮件 ----
> > 发件人: Simon Horne <s.horne at packetizer.com>
> > 收件人: Bian <bianxg at yahoo.cn>; H323plus
> > <h323plus at lists.packetizer.com>
> > 已发送: 2007/12/1(周六), 下午8:16:20
> > 主题: RE: [h323plus] 回复: 回复: Does H323plus support H.235
> > 
> > 
> > 
> > The shared secret is used to encrypt the key exchange material to
> > generate
> > the cipher for media encryption.
> > 
> > If the shared secret was public knowledge then anyone can intercept the
> > key
> > exchange and generate a key to decrypt the media. So unless Polycom or
> > Codian wish to share that proprietry secret there is no way to connect
> > via
> > AES.
> > 
> > Simon
> > 
> > > -----Original Message-----
> > > From: h323plus-bounces at lists.packetizer.com
> > > [mailto:h323plus-bounces at lists.packetizer.com]On Behalf Of Bian
> > > Sent: Saturday, December 01, 2007 11:19 AM
> > > To: H323plus
> > > Subject: [h323plus] 回复: 回复: Does H323plus support H.235
> > >
> > >
> > > Simon
> > >
> > > I think PVX's key exchange mechanism is in a standard way. PVX
> > > and Codian MCU can connect using AES.
> > >
> > > But I don't know how the shared secret is used to produce the session
> > key.
> > >
> > >
> > > Bian
> > >
> > > > -----Original Message-----
> > > >Bian
> > >
> > > >No PacPhone AES uses a different key exchange mechanism to PVX.
> > > Polycom uses
> > > >a proprietry method. They should still connect unencrypted.
> > >
> > > >Simon
> > >
> > > > -----Original Message-----
> > > > From: Bian [mailto:bianxg at yahoo.cn]
> > > > Sent: Wednesday, November 28, 2007 12:35 PM
> > > > To: Simon Horne
> > > > Subject: 回复: [h323plus] Does H323plus support H.235
> > > >
> > > >
> > > > Simon
> > > >
> > > > I test PccPhone with PVX, but the AES is not opened. Does
> > > > PacPhone can interoperate with PVX using AES?
> > > >
> > > >
> > > > Bian
> > > >
> > >
> > >
> > >      ___________________________________________________________
> > > 进入雅虎游戏嘉年华,赢取液晶显示器!
> > > http://cn.mail.yahoo.com/promo/carnival07/
> > 
> > 
> >       ___________________________________________________________
> > 进入雅虎游戏嘉年华,赢取液晶显示器!
> > http://cn.mail.yahoo.com/promo/carnival07/
> > 
> 
> 





More information about the h323plus mailing list