H.324 and laptop kits
Mathieu Weill
Mathieu_Weill at INMARSAT.ORG
Wed Jul 1 11:39:22 EDT 1998
Bancroft,
Security is an optional feature, so no endpoint should be required to
send ICVs.
Does that help, or ruin your plan!?
Regards,
Pete
=================================
Pete Cordell
BT Labs
E-Mail: pete.cordell at bt-sys.bt.co.uk
Tel: +44 1473 646436
Fax: +44 1473 645499
=================================
>----------
>From: Bancroft Scott[SMTP:baos at OSS.COM]
>Sent: 30 June 1998 21:21
>To: ITU-SG16 at MAILBAG.INTEL.COM
>Subject: Re: ASN.1 accross revisions
>
>On Tue, 30 Jun 1998, Pete Cordell wrote:
>
>> I admit that I am only just hanging in there with this debate, but I
>> think I have a possible solution 5 to throw in as a contender.
>>
>> Looking at the problem a bit laterally, we have RasMessage in UDP
>> packets that we want to sign, and H323-UserInformation in the UUIE that
>> we want to sign. Currently these are the only chunks of ASN.1 in these
>> fields.
>>
>> We could add a second piece of ASN.1 into these fields (UDP packet and
>> UUIE) that contains the signatures, such as:
>>
>> H323Extra ::= CHOICE
>> {
>> icv ICV,
>> ...
>> }
>>
>> This would be a separate ASN.1 tree. Therefore in a RAS UDP packet you
>> would get:
>>
>> RasMessage chunk of ASN.1
>> H323Extra chunk of ASN.1 typically containing signature
>>
>> Similarly in the UUIE, you would have
>>
>> H323-UserInformation chunk of ASN.1
>> H323Extra chunk of ASN.1
>>
>> Note that all the key ids and time stamps etc., would remain in the
>> RasMessage and H323-UserInformation parts (so they get signed).
>>
>> I agree this is not beautiful, but it does not require multiple ASN.1
>> encodings, and doesn't radically change the format of the message
>> depending on whether you want to sign it or not (as solution 4 seems
>> to).
>
>This crossed my mind a couple days ago, but it is not clear how this
>would
>be backward compatible. That is, how would an older version handle
>this
>added information that comes after the H323-UserInformation? I like
>the
>general idea, but if I am not mistaken it is not backward compatible.
>
>I have an idea as to how to do as you suggest in a backward compatible
>manner, but before I go down that path I need to know the answer to
>the question: Are the most recent implementations that know of H.323
>required to transmit an ICV with each RasMessage or
>H323-UserInformation?
>
>------------------------------------------------------------------------
>--
>Bancroft Scott Toll Free
>:1-888-OSS-ASN1
>Open Systems Solutions, Inc.
>International:1-609-987-9073
>baos at oss.com Tech Support
>:1-732-249-5107
>http://www.oss.com Fax
>:1-732-249-4636
>
More information about the sg16-avd
mailing list