ARJ reject reasons?

Paul Long Plong at SMITHMICRO.COM
Wed Sep 20 11:54:02 EDT 2000


Martin,

Okay, I added your info to the table. However, it seems like
invalidPermission, rather than securityDenial, should be returned by the
gatekeeper if the endpoint is not allowed to use a service. IOW,
securityDenial refers to the security mechanism, while invalidPermission
refers to the (non-security) services the endpoint was trying to access. I
doubt whether it matters, though. Most endpoints aren't going to behave
differently depending on whether invalidPermission or securityDenial are
returned.

Paul Long
Smith Micro Software, Inc.

-----Original Message-----
From: Euchner Martin [mailto:Martin.Euchner at ICN.SIEMENS.DE]
Sent: Wednesday, September 20, 2000 9:35 AM
To: ITU-SG16 at MAILBAG.INTEL.COM
Subject: Re: ARJ reject reasons?


Paul and others,

let me shortly explain the purpose of security denial:

H.235 and security profiles say, that this value is returned in the
reject messages whenever the received cryptoTokens are not acceptable
for some security reason. This may occur due to failed authentication,
lack of authorization (= permission) or failed integrity but also as
part of security negotiation when the received crypto parameters are not
acceptable or understood.

Of course there several more reasons why security might fail and the
responder sends security denial: the password/shared secret is invalid
or not available, the endpoint is not allowed to use a service, replay
detected, integrity violation detected, digital signature wrong,
certificate expired....

Kind regards,

Martin Euchner.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at mailbag.intel.com



More information about the sg16-avd mailing list