Hi All,
I recently asked question on whether the pcscf module supports transport
mode ipsec with UE along with AKAv1/v2-MD5 authentication and the answer
came no.
I just want to open a discussion on how much effort would be neede to
support this or whether this work is already in progress or in roadmap.
Basically, at PCSCF end, we need to support following:
1. RFC 3329 - "Security Mechanism Agreement for SIP" that includes
processing of Security-Client, Security-Server and Security-Verify headers.
2. Support for processing of WWW-Authenticate header to extract CK and IK
keys for ipsec.
3. Support for creating, updating and deleting ipsec security-associations
using setkey or something else.
3. Management of secure sockets for ipsec communication.
and on SCSCF side, support for AKAv1/v2-MD5.
Please let me know the your thoughts.
Thanks