[Devel] Fokus releases openIMS core

Dragos Vingarzan vingarzan at fokus.fraunhofer.de
Wed Nov 22 10:57:06 CET 2006

UE==User Endpoint, same thing.

The associations (I would not call them tunnels because they are in 
transport mode) are set on registration and are kept for the entire 
registration period. As such, the impact is not big considering the 
benefits: all request are cyphered and integrity protected.

When compared to TLS, there are lots of pros and cons. For example after 
3GPP accepted that there will be NATs, there is a workaround specified 
for getting IPSec to work with NAT... And IMO TLS+compression is  will 
be accepted before IPSec+SigComp.

Anyway, this is optional and not mandatory. You can have P-CSCFs that 
use it or not and works transparently with clients that have or don't 
have support for it. What the service provider will choose to use in the 
end is there decision.

Klaus Darilion wrote:
> Hi Dragos!
> Dragos Vingarzan wrote:
>> Hi Klaus,
>> The pcscf sets-up 4 IPSec transport mode associations with each UE. This 
> UE == SIP Client (User Agent) ?
>> is how 3GPP recommends it. It works together with AKA authentication 
>> and the Service-Client/Server/Verify headers.
> Does the proxy establish IPsec tunnels triggered by incoming requests? 
> Wouldn't this be triggerd on IP level?
> Aren't there any problems with call setupd delays due to IPsec 
> handshakes?
> Do you know why they do not use TLS?
> regards
> klaus

Dipl. Eng. Dragos Vingarzan
Kaiserin-Augusta-Allee 31
10589 Berlin,Germany
Phone +49 (0)30 - 3463 - 7385
Mobile +49 (0)163 - 159 - 5221
eMail vingarzan at fokus.fraunhofer.de
Web www.fokus.fraunhofer.de
We could change the world if God would give us the source code...

More information about the Devel mailing list