Security ASN.1 in H.225.0
Orit Levin
orit at RADVISION.COM
Tue Feb 10 12:17:54 EST 1998
Hello!
Although we don't have the final H.225.0 version yet, I have questions regarding the following definition:
CryptoH323Token::= CHOICE
{
cryptoEPPwdHash SEQUENCE
{
alias AliasAddress, -- alias of entity generating hash
timeStamp TimeStamp, -- timestamp used in hash
token HASHED { EncodedPwdCertToken -- generalID set to 'alias' -- }
},
cryptoGKPwdHash SEQUENCE
{
gatekeeperId GatekeeperIdentifier, -- GatekeeperID of GK generating hash
timeStamp TimeStamp, -- timestamp used in hash
token HASHED { EncodedPwdCertToken -- generalID set to Gatekeeperid -- }
},
cryptoEPPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
cryptoGKPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
cryptoEPCert SIGNED { EncodedPwdCertToken -- generalID set to Gatekeeperid -- },
cryptoGKCert SIGNED { EncodedPwdCertToken -- generalID set to alias -- },
cryptoFastStart SIGNED { EncodedFastStartToken },
nestedcryptoToken CryptoH323Token,
...
}
1. What is the meaning a recursive definition of "nestedcryptoToken" as a part of the general CHOICE clause? Shouldn't it be like it is shown below (i.e. providing a "layered" encription) , for example?
CryptoH323Token::= SEQUENCE
{ cryptoNewName CHOICE
{
cryptoEPPwdHash SEQUENCE
{},
cryptoGKPwdHash SEQUENCE
{},
cryptoEPPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
.
.
.
cryptoFastStart SIGNED { EncodedFastStartToken },
...
}
nestedcryptoToken CryptoH323Token
}
2. It seems that there are at least two inconsistencies regarding the two following definitions
"generalID set to Gatekeeperid" and "generalID set to alias"
in the clause above. Please, revise the remarks for the following fields:
cryptoEPPwdEncr
cryptoGKPwdEncr
cryptoEPCert
cryptoGKCert
Thank you,
Orit Levin
RADVision Inc. E Mail: orit at radvision.com
575 Corporate Dr., Suite 420 Tel: 201-529-4300 ext. 230
Mahwah, NJ 07430 Fax: 201-529-3516
More information about the sg16-avd
mailing list