Rfc 5280 52 recommends that certificate authorities

Info icon This preview shows pages 89–91. Sign up to view the full content.

View Full Document Right Arrow Icon
declared to match even though a binary comparison of the two name fields does not indicate a match. RFC 5280 [52] recommends that certificate authorities restrict the encoding of name fields so that an implementation can declare a match or mismatch using simple binary comparison. Accordingly, the DER-encoded tbsCertificate.issuer field of a certificate shall be an exact match to the DER-encoded tbsCertificate.subject field of its issuer certificate. An implementation may compare an issuer name to a subject name by performing a binary comparison of the DER- encoded tbsCertificate.issuer and tbsCertificate.subject fields. O.5.3 Certificate Revocation Certificate Revocation Lists (CRLs) may be checked as part of certificate path validation. CRL infrastructure is optional to implement. The CRL, if used, should be profiled as specified in clause 6 in TS 33.310 [24]. 3GPP 3GPP TS 33.203 V12.67.0 (2014-0609) 89 Release 12
Image of page 89

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Annex P (normative): Co-existence of authentication schemes IMS AKA, GPRS- IMS-Bundled Authentication, NASS-IMS-bundled authentication, SIP Digest and Trusted Node Authentication P.1 Scope of this Annex This Annex is meant to ensure that the same IMS core network entities can be used to support various authentication schemes defined for Common IMS. In this context, rules are developed how an x-CSCF can decide from a registration request which authentication scheme to apply. If these rules are not adhered to compatibility problems may arise. The following authentication schemes are taken into account in this Annex: - IMS AKA without and with NAT traversal; - GPRS-IMS-Bundled Authentication (GIBA); - NASS-IMS-bundled authentication (NBA); - SIP Digest authentication (with or without TLS); - Trusted Node Authentication (TNA). These authentication schemes are specified in the following places: - IMS AKA without NAT traversal is specified in the main body of this specification; - IMS AKA with NAT traversal is specified in Annex M of this specification; - SIP Digest without TLS is specified in Annex N of this specification; - SIP Digest with TLS is specified in Annexes N and O of this specification; - NASS-IMS-bundled authentication is specified in Annex R of this specification; - GPRS-IMS-Bundled Authentication is specified in Annex T of this specification; - Trusted Node Authentication is specified in Annex U of this specification. P.2 Requirements on co-existence of authentication schemes - It shall be possible to deploy one IMS in a fixed mobile convergence situation. - As a minimum it shall be possible to serve both fixed and mobile subscribers at the same S-CSCF. - Incompatibilities between the authentication schemes considered here shall be avoided. P.3 P-CSCF procedure selection When the P-CSCF receives a registration request it shall proceed as follows: The P CSCF first checks for the presence of an Authorization header in the REGISTER request, and, if present, checks further for the presence of an "integrity-protected" flag within this header. If the flag is present in the message from the UE, it shall be removed.
Image of page 90
Image of page 91
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern