Questions on H.235
Aseem Agarwal
aseem at TRILLIUM.COM
Mon Sep 13 13:14:05 EDT 1999
Hi
Please see my response inline.
Regards
aseem at trillium.com
>From udayas at hss.hns.com Thu Sep 9 20:49 PDT 1999
>Received: from turin.trillium.com (turin.trillium.com [206.216.108.218])
> by aiglos.trillium.com (8.9.3/8.9.3) with ESMTP id UAA16738
> for <aseem at aiglos.trillium.com>; Thu, 9 Sep 1999 20:49:10 -0700 (PDT)
>Received: from tapti.hss.hns.com ([139.85.242.19])
> by turin.trillium.com (8.8.7/8.8.7) with ESMTP id UAA11451
> for <aseem at trillium.com>; Thu, 9 Sep 1999 20:49:07 -0700 (PDT)
>Received: from sampark.hss.hns.com (sampark.hss.hns.com [139.85.229.5])
> by tapti.hss.hns.com (8.8.8/8.8.8) with SMTP id KAA20043
> for <aseem at trillium.com>; Fri, 10 Sep 1999 10:45:03 +0530 (IST)
>Received: by sampark.hss.hns.com(Lotus SMTP MTA SMTP v4.6 (462.2 9-3-1997)) id 652567E8.0014F3FA ; Fri, 10 Sep 1999 09:18:51 +0530
>From: udayas at hss.hns.com
>X-Lotus-FromDomain: HSSBLR
>To: aseem at trillium.com (Aseem Agarwal)
>Message-ID: <652567E8.00146863.00 at sampark.hss.hns.com>
>Date: Fri, 10 Sep 1999 09:18:46 +0530
>Subject: Re: Questions on H.235
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Length: 2920
>Status: OR
>
>
>
>
>Hi
> i have the following questions about H.235 procedures:
>
> The Diffie Hellman exchange as depicted in Fig 1/H.235 is as follows:
>
> EP GK
> ClrTkn(Dh_a, Time_a) CryptoTkn[(genId_a, time_a,Dh_a)Sign_a]
> ---------------------------------------------------------------------->
>
> ClrTkn(Dh_b, Random_b, Time_a) CryptoTkn[{genId_a,Time_b,Dh_b}Sign_b]
> -------
> <-----------------------------------------------------------------------
>___________________________________________________________________________
>__
>
> ClrTkn[{(genId_b XOR Random_b XOR (x)}EHD-secret)]
> -------
> ---------------------------------------------------------------------->
>
> ClrTkn[ (genId_a, Random_b) ]
> <-----------------------------------------------------------------------
>
>1.In the phase II procedure above, how does the EP know about genId_b ?
> I feel that the genId in cryptoToken in phase I message from GK to EP
> (second line in the diagram) should have genId_b and not genId_a. Is my
> understanding correct ?
>2.As applied to RAS protocol in H.323 context, for a non subscription
> based authentication case:
> Dh_a and Dh_b have public keys for EP and Gk respectively.
> (x) is requestSeqNum.
> genId_b has gkId in GCF.
> What does genId_a have in GRQ ?
> The above exchange is NOT immune to man-in-the-middle attacks. A third
> party can easily snoop in and find out Dh_a, Dh_b, GkId and
> IntegrityMechanism algorithms as these are passed un-ecrypted in
> GRQ-GCF exchange. How is this authentication procedure any different
> from just passing a GK assigned dynamic identifier (e.g. EndPointId)
> in all messages to the GK ??
> How is this procedure affected if the EP knows Gk's id apriori
> (through provisioning or out of band methods as in manual discovery)?
>3. H.235 also mentions that this procedures may be used on the call
> signalling channel as well. The scope of the Key generated as a
> result of this procedure is not clearly specified. Is this key used
> for encryption on the call control channel or is it valid only for
> call signalling channel ?
> Any pointers would be appreciated.
> thanks,
> aseem at trillium.com
>
>
>>1. I agree with what you say.
>
>>3. Since the key is established through RAS messages like GRQ and RRQ,
>> changing the key for call control channel may require using
>> nonstandard fields in some messages. I do not think this is a good
>> idea as this may lead to inter-operability problems.
*****
I think that Diffie Hellman should be used ONCE either in RAS or in
H.225 (in case of Direct Endpoint to Endpoint calls). Keys established
by this procedure should be used for encryption on the call control
channel.
For changing the keys, H.245 provides messages like EncryptionUpdate.
Any comments ?
>
>Regards,
>
>Udaya
More information about the sg16-avd
mailing list