10.8. SIP Security Mechanism Agreement
10.8.1. Why the SIP Security Mechanism Agreement is needed
The IMS in 3GPP Releases 5 and 6 makes use of IPsec as the security mechanism between the P-CSCF and the UE. IPsec is only one of several possible security mechanisms. IMS was designed to allow alternative security mechanisms over the Gm interface as well. Allowing such an openness usually creates backward compatibility problems because, for example, a Release 6-compliant UE would not be able to understand any alternative security mechanism, while it could be attached to a P-CSCF of a higher release that would already support alternatives to IPsec.
Therefore, the SIP Security Mechanism Agreement (Sip-Sec-Agree) was introduced to allow the UE and the P-CSCF to negotiate a common security mechanism for use between them. For current releases the only security mechanism is IPsec; however, it might be that some entities already support alternative mechanisms on a proprietary basis.
10.8.2. Overview
To make the example not too simple and boring, we assume that the UE supports IPsec and the HTTP digest, and that the P-CSCF supports IPsec and Transport Layer Security (TLS), with a preference toward TLS. It is not necessary for the reader of this chapter to have any knowledge of any of these mechanisms.
As we have seen, the initial REGISTER request is sent without any protection from the UE to the P-CSCF. To guarantee that a common security mechanism can be established, Tobias's UE advertises ...
Get The IMS: IP Multimedia Concepts And Services, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
