Summary

Version 3 of ITU-T Rec. H.235 supersedes ITU-T Rec. H.235 version 2 featuring a procedure for encrypted DTMF signals, object identifiers for the AES encryption algorithm for media payload encryption, the enhanced OFB (EOFB) stream-cipher encryption mode for encryption of media streams, an authentication-only option in Annex D for smooth NAT/firewall traversal, a key distribution procedure on the RAS channel, procedures for more secure session key transport and more robust session key distribution and updating, procedures for securing multiple payload streams, better security support for direct‑routed calls in a new Annex I, signalling means for more flexible error reporting, clarifications and efficiency improvements for fast start security and for Diffie‑Hellman signalling along with longer Diffie-Hellman parameters and changes incorporated from the ITU-T Rec. H.323 implementors guide.

Amendment 1 extended version 3 of ITU-T Rec. H.235 by inclusion of new Annex H and by extending the functionality of Annex I. The ASN.1 changes are added in support of Annex H, they may be used by any other purpose as identified by the ClearToken profileInfo. This amendment also included some corrections to and updates the ITU-T Rec. H.235 version 3 text.

Corrigendum 1 aligns the specification of the pseudo-random function defined in B.7 with the pseudo-random function defined in RFC 3830, corrects editorial defects in Figures F.2 and F.3 and corrects a couple of defects throughout Annex I.