Security ASN.1 in H.225.0

Orit Levin orit at RADVISION.COM
Tue Feb 10 12:17:54 EST 1998


Hello!

Although we don't have the final H.225.0 version yet, I have questions regarding the following definition:

CryptoH323Token::= CHOICE
{
        cryptoEPPwdHash SEQUENCE
{
                alias           AliasAddress, -- alias of entity generating hash
                timeStamp       TimeStamp, -- timestamp used in hash
token           HASHED  { EncodedPwdCertToken -- generalID set to 'alias' -- }
        },
        cryptoGKPwdHash  SEQUENCE
{
gatekeeperId    GatekeeperIdentifier, -- GatekeeperID of GK generating hash
                timeStamp       TimeStamp, -- timestamp used in hash
token           HASHED  { EncodedPwdCertToken  -- generalID set to Gatekeeperid -- }
        },
        cryptoEPPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
        cryptoGKPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
        cryptoEPCert            SIGNED { EncodedPwdCertToken -- generalID set to Gatekeeperid -- },
        cryptoGKCert    SIGNED { EncodedPwdCertToken -- generalID set to alias -- },
        cryptoFastStart SIGNED { EncodedFastStartToken },
        nestedcryptoToken       CryptoH323Token,
        ...
}

1. What is the meaning a recursive definition of "nestedcryptoToken" as a part of the general CHOICE clause? Shouldn't it be like it is shown below (i.e. providing a "layered" encription) , for example?
CryptoH323Token::= SEQUENCE
{ cryptoNewName CHOICE
     {
        cryptoEPPwdHash SEQUENCE
{},
        cryptoGKPwdHash  SEQUENCE
{},
        cryptoEPPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
        .
        .
        .
        cryptoFastStart SIGNED { EncodedFastStartToken },
        ...
  }
        nestedcryptoToken       CryptoH323Token
}

2. It seems that there are at least two inconsistencies regarding the two following definitions
"generalID set to Gatekeeperid" and "generalID set to alias"
in the clause above. Please, revise the remarks for the following fields:
cryptoEPPwdEncr
cryptoGKPwdEncr
cryptoEPCert
cryptoGKCert

Thank you,
Orit Levin
RADVision Inc.                          E Mail: orit at radvision.com
575 Corporate Dr., Suite 420            Tel:    201-529-4300 ext. 230
Mahwah, NJ 07430                        Fax:    201-529-3516




More information about the sg16-avd mailing list