Gk-GK Call signalling - security????

Jim Toga jim.toga at INTEL.COM
Tue Oct 13 13:10:22 EDT 1998 

Martin,

I would corroborate Senthil's point.  All of the capabilities to utilize
H.235 functionality (including the use of  'external' mechanisms such as
TLS or IPSec) are indended to be available to annex G signaling.

Some (ok much...) of the procedural description is not included yet.  If
anyone sees any specific barriers in accomplishing this, please speak up.

jimt.

At 11:50 AM 10/13/98 -0400, Sengodan Senthil NRC/Boston wrote:
>I believe ITU will in fact provide the needed security features for
inter-gatekeeper communication. The determined version of Annex G already
has an authentication field in the zone exchange messages. However,
providing such fields does not guarantee interoperability unless specific
security mechanisms are mandated - which the ITU will probably not get
into. This work - of specifying security profiles for interoperability -
falls within IMTC VoIP and TIPHON.
>
>Regarding Jan's comment, as Gur alluded to, Annex G's  immediate focus is
address resolution. Other features, I believe, will be added after this is
tackled.
>
> - Senthil
>
>Senthil Sengodan
>Nokia Research Center, Boston
> ----------
>From: Euchner Martin
>To: IMTC VoIP reflector; Klasen, Wolfgang; Euchner, Martin
>Subject: RE: Gk-GK Call signalling - security????
>Date: Tuesday, October 13, 1998 3:11PM
>
>I'm somewhat confused about the statement that Annex G security issues are
>not in the scope of ITU's work but inTiphon/IMTC.
>>From my impression of the recent ITU-T SG16 meeting in Geneva, the demand
>for better security regarding the inter-GK scenario was very clearly
>expressed. For obvious reasons, ITU's work on defining enhancements in annex
>G implies to address also the security issues in an appropriate way. The
>requirements section in annex G lists already several security requirements,
>so this work item is already part of their work. Of course, there is no real
>need to invent new security solutions for annex G in case other standards
>bodies have some appropriate technology available that could be referenced
>for example.
>Whatever security solutions will come out, the result could very smoothly be
>described and added to the H.235 security recommendation. Note, that current
>H.235 provides already (some) security solutions to H.225.0; thus, annex G
>security features seem a natural enhancement to this work.
>
>martin.
>
> -----------------------------------------------------------------------
>| Dipl.-Inf.                     Phone: +49 89 636-46201
>| Martin Euchner                 Fax  : +49 89 636-48000
>| Siemens AG
>| ZT IK 3           mailto:Martin.Euchner at mchp.siemens.de
>|
>| Otto-Hahn-Ring 6
>| 81730 Muenchen
>| __________________
>| Germany
> -----------------------------------------------------------------------
>
>> -----Original Message-----
>> From: gur kimchi [SMTP:gur.kimchi at ETSI.FR]
>> Sent: Dienstag, 13. Oktober 1998 14:21
>> To: TIPHON at LIST.ETSI.FR
>> Subject: Re: Gk-GK Call signalling - security????
>>
>> Hi Jan,
>>
>> I attended the Q.13 meeting also - and The scope of Annex G
>> is very well defined: it is attempting to introduce new
>> mechanisms where none exist today.  We could argue for hours
>> whether there are inter-gk call-singalling mechanism today, and well,
>> there
>> are (H.225) - the main missing point there is security - which the ITU
>> will not define anyway - but TIPHON (and VoIP).
>>
>> e.g. the new mechanisms are Zone information Exchange.
>>
>> - gur
>>
>> -----Original Message-----
>> From: Ericsson User [mailto:etxjaeh at AL.ETX.ERICSSON.SE]
>> Sent: 13 October 1998 13:40
>> To: TIPHON
>> Subject: Gk-GK Call signalling
>>
>>
>> Hello All,
>> I participated in the SG 16 meeting in Geneva in september.
>>
>> One thing that suprised me was that the ongoing work with Annex G (GK-GK
>> signalling) did not consider call control, only the RAS signalling.
>>
>> When I asked why, they did not understand why any change is required.
>> After a while they understood that something could be needed, but it was
>> postponed to future releases of H.323.
>>
>> Future releases must be version 4 or something (around year 2001  or
>> later ??).
>>
>> The conclusion is then (looking on TIPHON project plan) that H.323 can't
>> be used between Gatekeepers in TIPHON compliant system.
>>
>> The question is then: What do we use then? ISUP? B-ISUP? SIP? Extended
>> subset of H.323?
>>
>>
>> /Jan Holm
>> Ericsson Telecom AB
>>
>> -------------------------------------------------------------------
>> ATTENTION !!!  TIPHON list distribution parameters have changed:
>> ==> if you REPLY to a TIPHON mail your mail will be sent to the
>> original sender only.
>> ==> if you use REPLY ALL your mail will be sent to TIPHON and
>> to the original sender.
>> -------------------------------------------------------------------
>>
>> -------------------------------------------------------------------
>> ATTENTION !!!  TIPHON list distribution parameters have changed:
>> ==> if you REPLY to a TIPHON mail your mail will be sent to the
>> original sender only.
>> ==> if you use REPLY ALL your mail will be sent to TIPHON and
>> to the original sender.
>> -------------------------------------------------------------------
>

*****************************************************
***  +1-503-264-8816(voice)              Intel - Hillsboro, OR.
    ***
***  mailto:jim.toga at intel.com         mailto:james.toga at ties.itu.int ***
***  PGP keyID 36 07 86 49 7D 74 DF 57  50 CB BA 32 08 9C 7C 41 ***
*****************************************************

More information about the sg16-avd mailing list