Security ASN.1 in H.225.0
Jim Toga
jtoga at JF.INTEL.COM
Tue Feb 10 14:41:18 EST 1998
Orit,
The idea behind the nested 'cryptoToken' was specifically to allow for any
of the pre-defined tokens to be 'double-wrapped' as one of the choices. In
terms of redifining this as a sequence, that is allowed for by the parent
structures that include the CryptoH323Token as a 'SEQUENCE OF'.
With reference to the 'inconsistencies' you are correct, the comments are a
bit mixed up. They should look like the following.
jimt.
{
cryptoEPPwdHash SEQUENCE
{
alias AliasAddress, -- alias of entity generating hash
timeStamp TimeStamp, -- timestamp used in hash
token HASHED { EncodedPwdCertToken -- generalID set to GatekeeperId -- }
}, ^^^^^^^^^^^
cryptoGKPwdHash SEQUENCE
{
gatekeeperId GatekeeperIdentifier, -- GatekeeperID of GK generating hash
timeStamp TimeStamp, -- timestamp used in hash
token HASHED { EncodedPwdCertToken -- generalID set to alias -- }
}, ^^^^^^^
cryptoEPPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
cryptoGKPwdEncr ENCRYPTED
{ EncodedPwdCertToken -- generalID set to alias --},
^^^^^^
cryptoEPCert SIGNED { EncodedPwdCertToken -- generalID set to Gatekeeperid
-- },
cryptoGKCert SIGNED { EncodedPwdCertToken -- generalID set to alias -- },
cryptoFastStart SIGNED { EncodedFastStartToken },
nestedcryptoToken CryptoH323Token,
...
}
At 12:17 PM 2/10/98 -0500, you wrote:
>Hello!
>
>Although we don't have the final H.225.0 version yet, I have questions
regarding the following definition:
>
>CryptoH323Token::= CHOICE
>{
> cryptoEPPwdHash SEQUENCE
>{
> alias AliasAddress, -- alias of entity
generating hash
> timeStamp TimeStamp, -- timestamp used in hash
>token HASHED { EncodedPwdCertToken -- generalID set to 'alias'
-- }
> },
> cryptoGKPwdHash SEQUENCE
>{
>gatekeeperId GatekeeperIdentifier, -- GatekeeperID of GK generating hash
> timeStamp TimeStamp, -- timestamp used in hash
>token HASHED { EncodedPwdCertToken -- generalID set to
Gatekeeperid -- }
> },
> cryptoEPPwdEncr ENCRYPTED
>{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
> cryptoGKPwdEncr ENCRYPTED
>{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
> cryptoEPCert SIGNED { EncodedPwdCertToken -- generalID
set to Gatekeeperid -- },
> cryptoGKCert SIGNED { EncodedPwdCertToken -- generalID set to
alias -- },
> cryptoFastStart SIGNED { EncodedFastStartToken },
> nestedcryptoToken CryptoH323Token,
> ...
>}
>
>1. What is the meaning a recursive definition of "nestedcryptoToken" as a
part of the general CHOICE clause? Shouldn't it be like it is shown below
(i.e. providing a "layered" encription) , for example?
>CryptoH323Token::= SEQUENCE
>{ cryptoNewName CHOICE
> {
> cryptoEPPwdHash SEQUENCE
>{},
> cryptoGKPwdHash SEQUENCE
>{},
> cryptoEPPwdEncr ENCRYPTED
>{ EncodedPwdCertToken -- generalID set to Gatekeeperid --},
> .
> .
> .
> cryptoFastStart SIGNED { EncodedFastStartToken },
> ...
> }
> nestedcryptoToken CryptoH323Token
>}
>
>2. It seems that there are at least two inconsistencies regarding the two
following definitions
>"generalID set to Gatekeeperid" and "generalID set to alias"
>in the clause above. Please, revise the remarks for the following fields:
>cryptoEPPwdEncr
>cryptoGKPwdEncr
>cryptoEPCert
>cryptoGKCert
>
>Thank you,
>Orit Levin
>RADVision Inc. E Mail: orit at radvision.com
>575 Corporate Dr., Suite 420 Tel: 201-529-4300 ext. 230
>Mahwah, NJ 07430 Fax: 201-529-3516
>
>
*************************************************************************
*** +1-503-264-8816(voice) +1-503-264-3485(fax) ***
*** jtoga at ideal.intel.com Intel - Hillsboro, OR. ***
*** PGP keyID 36 07 86 49 7D 74 DF 57 50 CB BA 32 08 9C 7C 41***
*************************************************************************
More information about the sg16-avd
mailing list