Queries on RAS security !!

Euchner Martin Martin.Euchner at MCHP.SIEMENS.DE
Mon Sep 20 04:51:45 EDT 1999


Aparna,

please note, that Jim Toga is no longer editor of H.235. I took over responsibility to carry on H.235 version 2. Anybody with questions, suggestions and improvements should get in touch with me therefore.

1.      Relation of registration info by GK: The GK can associate the registration information through the delivered endpointID and callID. Further on, commercially available stacks offer identifications means by messages handles or simply IP addresses for example. All this could be useful in keeping track of state and context.

2.      Key update: H.235 offers a key update (key refreshment) procedure for the media session key; this procedure is not applicable to RAS for the following reasons:
a) Passwords are subscription-based information. The subscription procedure (registration, obtaining, refreshing PWs) are not part of the recommendation. This all can be achieved by some means out-of-band. By such a procedure you can also refresh your passwords of course.
b) Diffie-Hellman keys act as a master key. There is no explicit key update procedure for such keys. Implicitly, you could terminate (close) the connection and immediately re-open/reregister; thereby establishing automatically a new key.

Regards,

Martin



-----------------------------------------------------------------------
| Dipl.-Inf.                     Phone: +49 89 636-46201
| Martin Euchner                 Fax  : +49 89 636-48000
| Siemens AG
| ZT IK 3                        mailto:Martin.Euchner at mchp.siemens.de
|                                Intranet: http://zt-security.mchp.siemens.de/Standardization/ITU-T_SG16/index.html
| Otto-Hahn-Ring 6               Internet: http://www.siemens.de
| D-81730 Muenchen
| __________________
| Germany
-----------------------------------------------------------------------

        -----Original Message-----
        From:   Aparna Saha [SMTP:apsaha at HSS.HNS.COM]
        Sent:   Monday, September 20, 1999 6:45 AM
        To:     ITU-SG16 at mailbag.cps.intel.com
        Subject:        Queries on RAS security !!

        Hi Jim,

        I have a few queries related to H.235, specifically, RAS security.

           This is regarding the RAS procedures for authentication . During the GRQ-GCF
           exchange, the security info ( the secret key and the algorithmId ) gets
           established with the GK. For the subsequent RRQ, how does the GK relate the
           RRQ with the info stored ?
           Is there any mechanism for refreshing keys in RAS ?

        Thanks and regards,
        Aparna.



More information about the sg16-avd mailing list