Suggesting Correction In H.235

Lior Moscovici Lior_Moscovici at VOCALTEC.COM
Wed Dec 31 04:23:29 EST 1997


There is a seeming inconsistency between the ASN.1 definition and section
10.3 in H.235:

CryptoToken::= CHOICE
{

      cryptoEncryptedToken SEQUENCE ? General purpose/application specific
token
      {
        tokenOID    OBJECT IDENTIFIER,
        token       ENCRYPTED { EncodedGeneralToken }
      },
      cryptoSignedToken  SEQUENCE -- General purpose/application specific
token
      {
        tokenOID  OBJECT IDENTIFIER,
        token       SIGNED { EncodedGeneralToken }
      },
      cryptoHashedToken SEQUENCE -- General purpose/application specific
token
      {
        tokenOID         OBJECT IDENTIFIER,
        hashedVals       ClearToken,
        token HASHED { EncodedGeneralToken }
      },
      cryptoPwdEncr      ENCRYPTED { EncodedPwdCertToken },
      ...
}
According to section 10.3, additional choices for hashing and signature
password based are needed:

CryptoToken::= CHOICE
{
      <OMITTED>

      cryptoPwdEncr      ENCRYPTED { EncodedPwdCertToken },

      <-- ************ ADD THE FOLLOWING:****************>
      hashedPwdEncr      SEQUENCE
      {
        hashedTimeStamp  TimeStamp,
        token       HASHED { EncodedPwdCertToken }
      },
      signedCertEncr     SIGNED { EncodedPwdCertToken },
      ...
}

Alternatively, one could use the general purpose cryptoSignedToken and
cryptoHashedToken, but this is using non-standard (including an allocation
of tokenOIDs) means to implement standard features...

Lior.



More information about the sg16-avd mailing list