[Devel] Fokus releases openIMS core
Dragos Vingarzan
vingarzan at fokus.fraunhofer.de
Wed Nov 22 10:57:06 CET 2006
UE==User Endpoint, same thing.
The associations (I would not call them tunnels because they are in
transport mode) are set on registration and are kept for the entire
registration period. As such, the impact is not big considering the
benefits: all request are cyphered and integrity protected.
When compared to TLS, there are lots of pros and cons. For example after
3GPP accepted that there will be NATs, there is a workaround specified
for getting IPSec to work with NAT... And IMO TLS+compression is will
be accepted before IPSec+SigComp.
Anyway, this is optional and not mandatory. You can have P-CSCFs that
use it or not and works transparently with clients that have or don't
have support for it. What the service provider will choose to use in the
end is there decision.
Klaus Darilion wrote:
> Hi Dragos!
>
> Dragos Vingarzan wrote:
>> Hi Klaus,
>> The pcscf sets-up 4 IPSec transport mode associations with each UE. This
>
> UE == SIP Client (User Agent) ?
>
>> is how 3GPP recommends it. It works together with AKA authentication
>> and the Service-Client/Server/Verify headers.
>
> Does the proxy establish IPsec tunnels triggered by incoming requests?
> Wouldn't this be triggerd on IP level?
> Aren't there any problems with call setupd delays due to IPsec
> handshakes?
>
> Do you know why they do not use TLS?
>
> regards
> klaus
>
--
-----------------------------------------
Dipl. Eng. Dragos Vingarzan
FOKUS/NGNI
Kaiserin-Augusta-Allee 31
10589 Berlin,Germany
Phone +49 (0)30 - 3463 - 7385
Mobile +49 (0)163 - 159 - 5221
eMail vingarzan at fokus.fraunhofer.de
Web www.fokus.fraunhofer.de
We could change the world if God would give us the source code...
-----------------------------------------------------------------
More information about the Devel
mailing list