1 Scope
2
Normative references
3
Definitions
4
Symbols and abbreviations
5
Conventions
6
System introduction
6.1 Summary
6.2 Authentication
6.2.1 Certificates
6.3 Call establishment security
6.4 Call control (H.245) security
6.5 Media stream privacy
6.6 Trusted elements
6.6.1 Key escrow
6.7 Non-repudiation
7
Connection establishment procedures
7.1 Introduction
8
H.245 signalling and procedures
8.1 Secure H.245 channel operation
8.2 Unsecured H.245 channel operation
8.3 Capability exchange
8.4 Master role
8.5 Logical channel signalling
9
Multipoint procedures
9.1 Authentication
9.2 Privacy
10 Authentication signalling and
procedures
10.1 Introduction
10.2 Diffie-Hellman with optional authentication
10.3 Subscription-based
authentication
10.3.1 Introduction
10.3.2 Password with symmetric encryption
10.3.3 Password with hashing
10.3.4 Certificate-based with signatures
11 Media stream encryption
procedures
11.1 Media session keys
12 Security error recovery
Annex A – H.235 ASN.1
Annex B – H.323 specific topics
B.1 Background
B.2 Signalling and procedures
B.2.1 Revision 1 compatibility
B.3 RTP/RTCP issues
B.4 RAS signalling/procedures for authentication
B.4.1 Introduction
B.4.2 Endpoint-gatekeeper authentication
(non-subscription based)
B.4.3
Endpoint-gatekeeper authentication (subscription-based)
B.5 Non-terminal interactions
B.5.1 Gateway
Annex C – H.324 specific topics
Appendix I – H.323 implementation details
I.1 Ciphertext padding methods
I.2 New keys
I.3 H.323 trusted elements
I.4 Implementation examples
I.4.1 Tokens
I.4.2 Password
I.4.3 IPSEC
Appendix II – H.324 implementation details
Appendix III – Other H-series implementation details
Appendix IV – Bibliography