AW: Security in Inter Gatekeeper Communication

Euchner Martin Martin.Euchner at ICN.SIEMENS.DE
Mon Sep 10 06:01:55 EDT 2001


it is my understanding that LRQ/LCF for inter GK communication does not scale very well. Thus, H.225.0 Annex G is the more appropriate approach that should be taken. However, it is also true, that H.225.0 Annex G does not run between GKs but rather only between border elements. To be precise, an external protocol between an GK and a BE is currently undefined; better think of a co-located GK/BE entity without any in-between protocol.

Regarding security, H.235 Annex G for securing H.MMS.1 mobility is being worked on and will describe also security protection of inter-BE messages similar to H.235 Annex D. To my knowledge, this is currently the only security profile that is of interest between BEs, thus there is no trial and error to be expected. As the shared secret between both BEs has to be administered anyway, so can the security profile be configured as well. Nevertheless, the security profile itself is identified through a set of OIDs.

I hope this answers your questions.

Kind Regards,

Martin Euchner.
| Dipl.-Inf.                     Phone: +49 89 722 55790
| Martin Euchner                 Fax  : +49 89 722 46841
| Siemens AG
| ICN M SR 3                     mailto:Martin.Euchner at
|                                mailto:martin.euchner at
| Hofmannstr. 51                 Intranet:
| D-81359 Muenchen               Internet:
| __________________
| Germany

> -----Urspr> üngliche Nachricht-----
> Von:  Ivan Varghis [SMTP:ivancse at YAHOO.COM]
> Gesendet am:  Samstag, 8. September 2001 14:09
> An:   ITU-SG16 at mailbag.cps.INTEL.COM
> Betreff:      Security in Inter Gatekeeper Communication
> Hi
> For security in inter Gatekeeper conmmunication,
> currently there is no authentication capabltiy
> exchange for selection of a common security profile.
> This facility is provided in the case of communication
> between the Endpoint and Gatekeeper using the GRQ GCF
> exchange.
> The field used for this are
>         AuthenticationCapabilty and AlgorithmOIDs in GRQ
>                         ( Capabilities of the EP)
> and
>         AuthenticationMode and AlgorithmOID in GCF
>                         ( The capabiltiy selected by Gatekeeper)
> Wouldnt it be good to add the " same fields in the LRQ
> and LCF" as his would help in selection of a common
> profile between Gatekeepers.
> Though the profile which is used can be determined
> from the TokenIOD and AlgorithmOID in the message, as
> the number of security profiles increases the
> Gatekeepers will have to use a trial and error method
> to arrive at a common security Profile. Wouldnt this
> be a overhead which can be avoided ?
> Cheers H.323
> Ivan
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> For help on this mail list, send "HELP ITU-SG16" in a message to
> listserv at

For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at

More information about the sg16-avd mailing list