Corrections for H.225.0 V2.

Euchner Martin ZT IK 3 Martin.Euchner at MCHP.SIEMENS.DE
Thu Sep 25 14:07:00 EDT 1997 

Dear Glen,

Attached is a word document that shows the additions and changes I made
to the H.225 ASN.1. Could you please review and let me know if it is now
correct, or what needs to change? I need to send the document in today
(Thursday), so please reply as soon as possible.

Perhaps you can help me understand something. The GRQ has an integrity
field (SEQUENCE OF IntegrityMechanism) which I assume is used by the
sender to indicate the algorithms available to the sender.

meu>: That's right. Sender and receiver negotiate during GRQ/GFC whether
to apply integrity on RAS messages and if yes, which integrity mechanism
they choose; see IntegrityMechanism (digital signature, ISO9797, HMAC-xxx
or non-standard).

The ICV
includes an algorithmOID (OBJECT IDENTIFIER), which I'm guessing
indicates the algorithm used to compute the integrity check value. But,
it looks to me that the possible algorithms under IntegrityMechanism are
not represented in algorithmOID. For example, how can I represent
hMAC-MD5 or nonStandard in ICV? Can you explain this to me?

meu>: This is not quite correct. The algorithmID within the ICV structure
is only used when the digital signature is applied as integrity
mechanism. In this case, the algorithmOID tells the receiver by which
digital signature algorithm the sender has computed the enclosed digital
signature (e.g. RSA or DSS and applied hash functions etc.).
However, this algorithmID is not used at all when the ICV is computed
using symmetric techniques such as the HMAC methods or ISO9797. As both
involved entities have agreed already on the integrity mechanism during
GRQ/GCF there is no further need to indicate the applied integrity method
within each RAS message; thus, it is not possible to change the integrity
mechanism between RAS messages on the same RAS channel.

I reviewed also the attached Word document which you sent me and
recommend the following change to the ICV structure:

I made the following changes:
1.)  replaced the dash by a blank between OBJECT and IDENTIFIER
2.)  replaced icv by signature in the comment.
3.)  replaced the underscore _ by a blank between BIT and STRING.

ICV ::= SEQUENCE
{
 algorithmOID OBJECT IDENTIFIER,  -- the algorithm used to compute the
signature
 icv  BIT STRING -- the computed cryptographic integrity check value
 -- or signature
}

That's all. I hope this helps and clarified your questions and allows you
to complete and close H.225.0 V2!

I will post this message also to our ITU-T reflector; however as
round-trip time is very long - about one day for me - you will also get a
direct mail from me which should get through much faster.


Martin.


 -----------------------------------------------------------------------
| Dipl.-Inf.                     Phone: +49 89 636-46201
| Martin Euchner                 Fax  : +49 89 636-48000
| Siemens AG
| ZT IK 3           e-mail: Martin.Euchner at mchp.siemens.de
|
| Otto-Hahn-Ring 6
| 81730 Muenchen
| __________________
| Germany
 -----------------------------------------------------------------------

More information about the sg16-avd mailing list