SummaryRecommendation ITU-T H.235.0 describes enhancements within the framework of the ITU‑T H.3xx-series of Recommendations to incorporate security services such as authentication and privacy (data encryption). The proposed scheme is applicable to both simple point-to-point and multipoint conferences for any terminals which utilize Recommendation ITU-T H.245 as a control protocol and also to ITU-T H.323 systems that use the ITU-T H.225.0 RAS and/or call signalling protocol. For example, ITU-T H.323 systems operate over packet-based networks which do not provide a guaranteed quality of service (QoS). For the same technical reasons that the base network does not provide QoS, the network does not provide a secure service. Secure real-time communication over insecure networks generally involves two major areas of concern – authentication and privacy. This Recommendation describes the security infrastructure and specific privacy techniques to be employed by the ITU-T H.3xx-series of multimedia systems. This Recommendation covers areas of concern for interactive conferencing. These areas include, but are not strictly limited to, authentication and privacy of all real-time media streams that are exchanged in the conference. This Recommendation provides the protocol and algorithms needed between the ITU-T H.323 entities. This Recommendation utilizes the general facilities supported in Recommendation ITU-T H.245 and as such, any standard which operates in conjunction with this control protocol may use this security framework. It is expected that wherever possible, other ITU-T H-series terminals may interoperate and directly utilize the methods described in this Recommendation. This Recommendation will not initially provide for complete implementation in all areas and will specifically highlight end-point authentication and media privacy. This Recommendation includes the ability to negotiate services and functionality in a generic manner and to be selective concerning cryptographic techniques and capabilities utilized. The specific manner in which they are used relates to systems capabilities, application requirements and specific security policy constraints. This Recommendation supports varied cryptographic algorithms, with varied options appropriate for different purposes (e.g., key lengths). Certain cryptographic algorithms may be allocated to specific security services (e.g., one for fast media stream encryption and another for signalling encryption). It should also be noted that some of the available cryptographic algorithms or mechanisms may be reserved for export or other national issues (e.g., with restricted key lengths). This Recommendation supports signalling of well-known algorithms in addition to signalling non‑standardized or proprietary cryptographic algorithms. There are no specifically mandated algorithms; however, it is strongly suggested that end points support as many of the applicable algorithms as possible in order to achieve interoperability. This parallels the concept that the support of Recommendation ITU-T H.245 does not guarantee the interoperability between two entities' codecs. Version 4 of Recommendation ITU-T H.235 broke up Recommendation ITU-T H.235 version 3 into a suite of ITU-T H.235.x sub-series Recommendations, and restructures the sub-series. Recommendations ITU-T H.235.8 and ITU-T H.235.9 were added to the suite, other sub-series Recommendations have been extended with new functionality (Recommendations ITU-T H.235.3 and ITU-T H.235.5). Recommendation ITU-T H.235.0 contains the ITU-T H.323 security framework with common text and useful general information for all ITU-T H.235.x sub-series Recommendations.
Appendices IV, V and VI provide a mapping of text, figures and tables from Recommendation ITU‑T H.235 version 3 (2003), including the subsequent Corrigendum 1 and amendments to the new structure. This revision of Recommendation ITU-T H.235.0 is an enhancement to version 4 to add support for key material with lengths exceeding 2048 bits. |