Content for TS 24.229 Word version: 18.4.0

1… 3… 4… 4.5… 5… 5.1.1.4… 5.1.2… 5.1.4… 5.2… 5.2.3… 5.2.6… 5.2.7… 5.3… 5.4… 5.4.1.2.2… 5.4.1.3… 5.4.2 5.4.3… 5.4.3.3… 5.4.4… 5.5… 5.7… 5.7.2… 5.8… 5.11… 6… 6.6… 7… 7.2A… 7.2A.6… 7.3… 7.9A… 8… A… A.2… A.2.1.4… A.2.1.4.7… A.2.1.4.8… A.2.1.4.10A… A.2.1.4.12… A.2.2… A.2.2.4… A.2.2.4.7… A.2.2.4.8… A.2.2.4.10A… A.2.2.4.12… A.3… A.3.3… B… C… E… F… H… I… K… L… L.2A… M… N… O… Q… R… S… U… U.2A… V… W…

4.1 Conformance of IM CN subsystem entities to SIP, SDP and other protocols 4.2 URI and address assignments 4.2A Transport mechanisms 4.2B Security mechanisms 4.3 Routeing principles of IM CN subsystem entities 4.4 Trust domain 4.4.1 General 4.4.2 P-Asserted-Identity 4.4.3 P-Access-Network-Info 4.4.4 History-Info 4.4.5 P-Asserted-Service 4.4.6 Resource-Priority 4.4.7 Reason (in a response) 4.4.8 P-Profile-Key 4.4.9 P-Served-User 4.4.10 P-Private-Network-Indication 4.4.11 P-Early-Media 4.4.12 CPC and OLI 4.4.13 Feature-Caps 4.4.14 Priority 4.4.15 iotl 4.4.16 Restoration-Info 4.4.17 Relayed-Charge 4.4.18 Service-Interact-Info 4.4.19 Cellular-Network-Info 4.4.20 Response-Source 4.4.21 Attestation-Info header field 4.4.22 Origination-Id header field 4.4.23 Additional-Identity header field 4.4.24 Priority-Verstat header field
...

4 General p. 69

4.1 Conformance of IM CN subsystem entities to SIP, SDP and other protocols p. 69

SIP defines a number of roles which entities can implement in order to support capabilities. These roles are defined in Annex A.

Each IM CN subsystem functional entity using an interface at the Gm reference point, the Ma reference point, the Mg reference point, the Mi reference point, the Mj reference point, the Mk reference point, the Ml reference point, the Mm reference point, the Mr reference point, the Mr' reference point, the Cr reference point, the Mw reference point, the I2 reference point, the I4 reference point and the Ici reference point, and also using the IP multimedia Subsystem Service Control (ISC) Interface, shall implement SIP, as defined by the referenced specifications in Annex A, and in accordance with the constraints and provisions specified in Annex A, according to the following roles.

Each IM CN subsystem entity using an interface at the Rc reference point and the Ms reference point shall implement HTTP as defined in RFC 9112, RFC 9110 and RFC 9111.

Each IM CN subsystem entity using an interface at the W2 reference point may implement SIP as an option. The detailed procedures of W2 interface are defined in TS 24.371.

The Gm reference point, the W2 reference point, the Ma reference point, the Mg reference point, the Mi reference point, the Mj reference point, the Mk reference point, the Ml reference point, the Mm reference point, the Mr reference point, the Mw reference point, the Cr reference point, the I2 reference point, the I4 reference point and the ISC reference point are defined in TS 23.002. The Ici reference point and the Ms reference point are defined in TS 23.228. The Mr' reference point and the Rc reference point are defined in TS 23.218.

For SIP:

The User Equipment (UE) shall provide the User Agent (UA) role, with the exceptions and additional capabilities to SIP as described in subclause 5.1, with the exceptions and additional capabilities to SDP as described in subclause 6.1, and with the exceptions and additional capabilities to SigComp as described in subclause 8.1. The UE shall also provide the access technology specific procedures described in the appropriate access technology specific annex (see subclause 3A and subclause 9.2.2). The UE may include one or several interconnected SIP elements registered as a single logical entity when the UE performs the functions of an external attached network (e.g. an enterprise network). This specification does not place any constraint on the SIP role played by each of the elements as long as the compound entity appears to the IM CM subsystem as a SIP UA with the aforementioned exceptions and additional capabilities except for the modifications defined by the UE performing the functions of an external attached network modifying role in Annex A.

NOTE 1:
When the UE performs the functions of an external attached network (e.g. an enterprise network), the internal structure of this UE is outside the scope of this specification. It is expected that in the most common case, several SIP elements will be connected to an additional element directly attached to the IM CN subsystem.
The P-CSCF shall provide the proxy role, with the exceptions and additional capabilities to SIP as described in subclause 5.2, with the exceptions and additional capabilities to SDP as described in subclause 6.2, and with the exceptions and additional capabilities to SigComp as described in subclause 8.2. Under certain circumstances, if the P-CSCF provides an application level gateway functionality (IMS-ALG), the P-CSCF shall provide the UA role with the additional capabilities, as follows:
1. when acting as a subscriber to or the recipient of event information (see subclause 5.2);
2. when performing P-CSCF initiated dialog-release, even when acting as a proxy for the remainder of the dialog (see subclause 5.2);
3. when performing NAT traversal procedures (see subclause 6.7.2);
4. when performing media plane security procedures (see subclause 5.2); and
5. when providing access update procedures (see subclause 5.2.14).
The P-CSCF shall also provide the access technology specific procedures described in the appropriate access technology specific Annex (see subclause 3A and subclause 9.2.2).
The I-CSCF shall provide the proxy role, with the exceptions and additional capabilities as described in subclause 5.3.
The S-CSCF shall provide the proxy role, with the exceptions and additional capabilities as described in subclause 5.4, and with the exceptions and additional capabilities to SDP as described in subclause 6.3. Under certain circumstances as described in subclause 5.4, the S-CSCF shall provide the UA role with the additional capabilities, as follows:
1. the S-CSCF shall also act as a registrar. When acting as a registrar, or for the purposes of executing a third-party registration, the S-CSCF shall provide the UA role;
2. as the notifier of event information the S-CSCF shall provide the UA role;
3. when providing a messaging mechanism by sending the MESSAGE method, the S-CSCF shall provide the UA role; and
4. when performing S-CSCF initiated dialog release the S-CSCF shall provide the UA role, even when acting as a proxy for the remainder of the dialog.
The MGCF shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.5, and with the exceptions and additional capabilities to SDP as described in subclause 6.4.
The BGCF shall provide the proxy role, with the exceptions and additional capabilities as described in subclause 5.6.
The AS, acting as terminating UA, or redirect server (as defined in clause 9.1.1.1 of TS 23.218), shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.7.2, and with the exceptions and additional capabilities to SDP as described in subclause 6.6.
The AS, acting as originating UA (as defined in clause 9.1.1.2 of TS 23.218), shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.7.3, and with the exceptions and additional capabilities to SDP as described in subclause 6.6.
The AS, acting as a SIP proxy (as defined in clause 9.1.1.3 of TS 23.218), shall provide the proxy role, with the exceptions and additional capabilities as described in subclause 5.7.4.
The AS, performing 3rd party call control (as defined in clause 9.1.1.4 of TS 23.218), shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.7.5, and with the exceptions and additional capabilities to SDP as described in subclause 6.6. An AS performing media control of an MRFC shall also support the procedures and methods described in subclause 10.2.

NOTE 2:
Subclause 5.7 and its subclauses define only the requirements on the AS that relate to SIP. Other requirements are defined in TS 23.218.
The AS, receiving third-party registration requests, shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.7.
The MRFC shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.8, and with the exceptions and additional capabilities to SDP as described in subclause 6.5. The MRFC shall also support the procedures and methods described in subclause 10.3 for media control.
In inline aware mode, the MRB shall provide the UA role, with the exceptions and additional capabilities as described in subclause 5.8A. In inline unaware mode, the MRB shall provide the proxy role, with the exceptions and additional capabilities as described in subclause 5.8A. The MRB shall also support the procedures and methods described in subclause 10.4 for media control.
The IBCF shall provide the proxy role, with the exceptions and additional capabilities to SIP as described in subclause 5.10. If the IBCF provides an application level gateway functionality (IMS-ALG), then the IBCF shall provide the UA role, with the exceptions and additional capabilities to SIP as described in subclause 5.10, and with the exceptions and additional capabilities to SDP as described in subclause 6.7. If the IBCF provides screening functionality, then the IBCF may provide the UA role, with the exceptions and additional capabilities to SIP as described in subclause 5.10.
The E-CSCF shall provide the proxy role, with the exceptions and additional capabilities as described in subclause 5.11. Under certain circumstances as described in subclause 5.11, the E-CSCF shall provide the UA role in accordance with RFC 3323, with the additional capabilities, as follows:
1. when operator policy (e.g. determined by national regulatory requirements applicable to emergency services) allows user requests for suppression of public user identifiers and location information, then the E-CSCF shall provide the UA role, with the exceptions and additional capabilities to SIP as described in subclause 5.11;
2. when performing E-CSCF initiated dialog release the E-CSCF shall provide the UA role, even when acting as a proxy for the remainder of the dialog, e.g. for any of the reasons specified in RFC 6442 or RFC 3323;
3. when acting as a notifier for the dialog event package the E-CSCF shall provide the UA role; and
4. if operator policy allows any LRF to provide a location by value using the mechanism defined in subclause 5.11.3. the E-CSCF shall provide the UA role.
The LRF shall provide the UA role.
The ISC gateway function shall provide the proxy role, with the exceptions and additional capabilities to SIP as described in subclause 5.13. If the ISC gateway function provides an application level gateway functionality (IMS-ALG), then the ISC gateway function shall provide the UA role, with the exceptions and additional capabilities to SIP as described in subclause 5.13, and with the exceptions and additional capabilities to SDP as described in subclause 6.7.
The MSC Server enhanced for ICS shall provide the UA role, with the exceptions and additional capabilities as described in TS 24.292.
The MSC server enhanced for SRVCC using SIP interface shall provide the UA role, with the exceptions and additional capabilities as described in TS 24.237.
The MSC server enhanced for DRVCC using SIP interface shall provide the UA role, with the exceptions and additional capabilities as described in TS 24.237.
The EATF shall provide the UA role, with the exceptions and additional capabilities as described in TS 24.237.
The ATCF shall:
1. provide the proxy role, with the exceptions and additional capabilities as described in TS 24.237; and
2. provide the UA role, with the exceptions and additional capabilities as described in TS 24.237.
Where access to the IM CN subsystem is provided using Web Real-Time Communication (WebRTC) in accordance with TS 24.371, the eP-CSCF shall act as the P-CSCF in regard to the Mw reference point. For SIP, conformance of the eP-CSCF and WIC (or whatever functionality is downloaded to the WIC) is not specified by this document unless TS 24.371 specifies that these entities act as specified for the interface Gm reference point, in which case existing P-CSCF and UE procedures apply, with the exceptions and additional capabilities as described in TS 24.371. For SDP, these entities act as specified for the interface Gm reference point, in which case existing P-CSCF and UE procedures apply, with the exceptions and additional capabilities as described in TS 24.371.
In addition to the roles specified above, the P-CSCF, the I-CSCF, the IBCF, the S-CSCF, the BGCF, the E-CSCF and the ISC gateway function can act as a UA when providing server functionality to return a final response for any of the reasons specified in RFC 3261.

In addition to the roles specified above the S-CSCF, AS and an entity hosting the additional routeing capabilities as specified in subclause I.3 can act as a UA when providing either client or server functionality when the event package associated with overload control is deployed.

All the above entities are functional entities that could be implemented in a number of different physical platforms coexisting with a number of other functional entities. The implementation shall give priority to transactions at one functional entity, e.g. that of the E-CSCF, over non-emergency transactions at other entities on the same physical implementation. Such priority is similar to the priority within the functional entities themselves specified elsewhere in this document.

Additional routeing functionality can be provided to support the ability for the IM CN subsystem to provide transit functionality as specified in Annex I. The additional routeing functionality shall assume the proxy role.

4.2 URI and address assignments p. 73

In order for SIP and SDP to operate, the following prerequisite conditions apply:

I-CSCFs used in registration are allocated SIP URIs. Other IM CN subsystem entities may be allocated SIP URIs. For example sip:pcscf.home1.net and sip:<impl-specific-info>@pcscf.home1.net are valid SIP URIs. If the user part exists, it is an essential part of the address and shall not be omitted when copying or moving the address. How these addresses are assigned to the logical entities is up to the network operator. For example, a single SIP URI may be assigned to all I-CSCFs, and the load shared between various physical boxes by underlying IP capabilities, or separate SIP URIs may be assigned to each I-CSCF, and the load shared between various physical boxes using DNS SRV capabilities.

All IM CN subsystem entities are allocated IP addresses. Any IM CN subsystem entities can be allocated IPv4 only, IPv6 only or both IPv4 and IPv6 addresses. For systems providing access to IM CN subsystem using a GPRS IP-CAN or an EPS IP-CAN this is specified in subclause 5.1 of TS 23.221. For systems providing access to IM CN subsystem using a cdma2000® packet data subsystem IP-CAN this is specified in subclause M.2.2.1. For systems providing access to IM CN subsystem using a 5GS IP-CAN this is specified in subclause 5.8.2.2 of TS 23.501.

The subscriber is allocated a private user identity by the home network operator. This private user identity is available to the SIP application within the UE. Depending on the network operator, various arrangements exist within the UE for retaining this information:

where an ISIM is present, within the ISIM, see subclause 5.1.1.1A;
where no ISIM is present but USIM is present, the private user identity is derived (see subclause 5.1.1.1A);
neither ISIM nor USIM is present, but IMC is present, within IMC (see subclause 5.1.1.1B.1);
when neither ISIM nor USIM nor IMC is present, the private user identity is available to the UE via other means (see subclause 5.1.1.1B.2).

The subscriber is allocated one or more public user identities by the home network operator. The public user identity shall take the form of SIP URI as specified in RFC 3261 or tel URI as specified in RFC 3966. At least one of the public user identities is a SIP URI. All registered public user identities are available to the SIP application within the UE, after registration. Depending on the network operator, various arrangements exist within the UE for retaining this information:

where an ISIM is present, at least one public user identity, which is a SIP URI, within the ISIM, see subclause 5.1.1.1A;
where no ISIM is present but USIM is present, a temporary public user identity is derived (see subclause 5.1.1.1A);
neither ISIM nor USIM is present, but IMC is present, within IMC (see subclause 5.1.1.1B.1);
when neither ISIM nor USIM nor IMC is present, the public user identities are available to the UE via other means (see subclause 5.1.1.1B.2).

If the UE supports GRUU (see Table A.4, item A.4/53) or multiple registrations, then it shall have an Instance ID, in conformance with the mandatory requirements for Instance IDs specified in RFC 5627 and RFC 5626.

For each tel URI, there is at least one alias SIP URI in the set of implicitly registered public user identities that is used to implicitly register the associated tel URI.

6A)

Identification of the UE to a PSAP with point of presence in the CS domain is not possible if a tel URI is not included in the set of implicitly registered public user identities. If the included tel URI is associated either with the first entry in the list of public user identities provisioned in the UE or with the temporary public user identity, then a PSAP can uniquely identify the UE if emergency registration is performed.

The public user identities may be shared across multiple UEs. A particular public user identity may be simultaneously registered from multiple UEs that use different private user identities and different contact addresses. When reregistering and deregistering a given public user identity and associated contact address, the UE will use the same private user identity that it had used during the initial registration of the respective public user identity and associated contact address. If the tel URI is a shared public user identity, then the associated alias SIP URI is also a shared public user identity. Likewise, if the alias SIP URI is a shared public user identity, then the associated tel URI is also a shared public user identity.

For the purpose of access to the IM CN subsystem, UEs can be allocated IPv4 only, IPv6 only or both IPv4 and IPv6 addresses. For systems providing access to IM CN subsystem using a GPRS IP-CAN or an EPS IP-CAN this is specified in subclause 5.1 of TS 23.221 (see subclause 9.2.1 for the assignment procedures). For systems providing access to IM CN subsystem using a cdma2000® network this is specified in clause M.2.2.1. For systems providing access to IM CN subsystem using a 5GS IP-CAN this is specified in subclause 5.8.2.2 of TS 23.501.

For the purpose of indicating an IMS communication service to the network, UEs are assigned ICSI values appropriate to the IMS communication services supported by the UE, coded as URNs as specified in subclause 7.2A.8.2.

10)

E-CSCFs are allocated multiple SIP URIs. The SIP URI configured in the P-CSCF, AS or IBCF to reach the E-CSCF is distinct from the one given by the E-CSCF to the EATF such that EATF can reach the E-CSCF.

11)

If the UE supports RFC 6140 and performs the functions of an external attached network, the subscriber is allocated one or usually more public user identities by the home network operator. The public user identity(s) shall be allocated as global numbers in the international format.

4.2A Transport mechanisms p. 74

This document makes no requirement on the transport protocol used to transfer signalling information over and above that specified in RFC 3261, unless such requirement is defined in the access technology specific Annex for the current access technology (see subclause 3A). However, the UE and IM CN subsystem entities shall transport SIP messages longer than 1300 bytes according to the procedures of RFC 3261, even if a mechanism exists of discovering a maximum transmission unit size longer than 1500 bytes.

For initial REGISTER requests, the UE and the P-CSCF shall apply port handling according to subclause 5.1.1.2 and subclause 5.2.2.

The UE and the P-CSCF shall send and receive request and responses other than initial REGISTER requests on the protected ports as described in TS 33.203.

In case of an emergency session if the UE does not have sufficient credentials to authenticate with the IM CN subsystem and regulations allow, the UE and P-CSCF shall send request and responses other than initial REGISTER requests on non protected ports.

4.2B Security mechanisms |R8| p. 75

4.2B.1 Signalling security |R9| p. 75

3GPP TS 33.203 defines the security features and mechanisms for secure access to the IM CN subsystem. This document defines a number of access security mechanisms, as summarised in Table 4-1.

Table 4-1: Summary of access security mechanisms to the IM CN subsystem

Mechanism	Authentication	Integrity protection	Use of security agreement in accordance with RFC 3329	Support (as defined in TS 33.203)
IMS AKA plus IPsec ESP (see clause 6 of TS 33.203) (NOTE 8)	IMS AKA	IPsec ESP	Yes	Mandatory for all UEs containing a UICC, else optional. Mandatory for all P-CSCF, I-CSCF, S-CSCF.
IMS AKA using HTTP Digest AKAv2 without IPSec security association (see TS 33.203 Annex X)	IMS AKA	TLS session (NOTE 7)	No	Mandatory for all UEs containing a WIC able to access to UICC. Mandatory for all eP-CSCF. Optional for S-CSCF.
SIP digest plus check of IP association (see TS 33.203 Annex N) (NOTE 2)	SIP digest	None (NOTE 3)	No	Optional for UEs Optional for P-CSCF, I-CSCF, S-CSCF
SIP digest plus Proxy Authentication (see TS 33.203 Annex N) (NOTE 2)	SIP digest	None (NOTE 3)	No	Optional for UEs Optional for P-CSCF, I-CSCF, S-CSCF.
SIP digest with TLS (see TS 33.203 Annex N and Annex O)	SIP digest	TLS session	Yes	Optional for UEs Optional for P-CSCF, I-CSCF, S-CSCF.
NASS-IMS bundled authentication (see TS 33.203 Annex R) (NOTE 4, NOTE 5)	not applicable (NOTE 1)	None (NOTE 3)	No	No UE support required Optional for P-CSCF, I-CSCF, S-CSCF.
GPRS-IMS-Bundled authentication (see TS 33.203 Annex S) (NOTE 5)	not applicable (NOTE 1)	None (NOTE 3)	No	Optional for UEs. Optional for P-CSCF, I-CSCF, S-CSCF.
Trusted node authentication (see TS 33.203 Annex U)	not applicable (NOTE 6)	None (NOTE 3)	No	No UE support required. Optional for I-CSCF, S-CSCF.
SIP over TLS with client certificate authentication (see TS 33.203 Annex O)	TLS client certificate	TLS session	No	Mandatory for a UE performing the functions of an external attached network operating in static mode. Optional for IBCF and P-CSCF.
NOTE 1: Authentication is not provided as part of the IM CN subsystem signalling. NOTE 2: The term "SIP digest without TLS" is used in this specification to refer to both "SIP digest plus check of IP association" and "SIP digest plus Proxy Authentication". NOTE 3: This security mechanism does not allow SIP requests to be protected using an IPsec security association because it does not perform a key agreement procedure. NOTE 4: A P-Access-Network-Info aware P-CSCF is required in order to provide NASS-IMS bundled authentication. NOTE 5: The P-CSCF is restricted to the home network when performing this security mechanism. NOTE 6: Trusted node authentication. For example the MSC server enhanced for IMS centralized services has authenticated the UE and as a consequence S-CSCF will skip authentication. NOTE 7: SIP requests received at the eP-CSCF are protected by a TLS session established prior registration (see TS 33.203 Annex X). NOTE 8: IMS AKA and IPsec ESP mechanism includes support of "AKAv2-SHA-256" and "AKAv1-MD5" digest algorithms, but "AKAv1-MD5" algorithm is only supported for backward compatibility.

Specification of the mechanisms identified within Table 4-1 within this document are provided in clause 5. Subclauses where security procedures are required consist of a general subclause applicable whichever security mechanisms are in use, and a separate subclause for each security mechanism identified by a row within Table 4-1.

For access to the IM CN subsystem different than WebRTC TLS is optional to implement and is used only in combination with SIP digest authentication. For WebRTC based access to the IM CN subsystem TLS can be used in combination with IMS AKA using HTTP Digest AKAv2 without IPSec security association. Authentication associated with registration to the IM CN subsystem is applicable to IMS AKA and SIP digest and is covered in subclause 5.1.1 for the UE, subclause 5.2.2 for the P-CSCF and subclause 5.4.1 for the S-CSCF. Additionally, SIP digest allows for authentication to also occur on an initial request for a dialog or a request for a standalone transaction, this additional capability is covered in subclause 5.1.2A and subclause 5.4.3.2.

If a UE that implements SIP digest is configured not to use TLS, then the UE does not establish a TLS session toward the P-CSCF. If a UE supports TLS, then the UE supports TLS as described in TS 33.203.

For SIP digest authentication, the P-CSCF can be configured to have TLS required or disabled:

if TLS is required, the P-CSCF requires the establishment of a TLS session from all SIP digest UEs, in order to access IMS subsequent to registration; or
if TLS is disabled, the P-CSCF does not allow the establishment of a TLS session from any UE.

SIP digest cannot be used in conjunction with the procedures of Annex F.

For emergency calls, TS 33.203 specifies some relaxations, which are further described in the subclauses of this document relating to emergency calls.

3GPP TS 33.210 defines the security architecture for network domain IP based control planes. TS 33.210 applies for security mechanisms between entities in the IM CN subsystem.

4.2B.2 Media security |R9| p. 77

3GPP TS 33.328 defines mechanisms for support of security on the media plane.

This document defines the required elements for signalling the support of media security.

The media security mechanisms are summarised as shown in Table 4-2.

Table 4-2: Summary of media security mechanisms to the IM CN subsystem

Mechanism	Applicable to media	Support required by UE	Support required by IM CN subsystem entities	Network support outside IM CN subsystem entities
End-to-access-edge media security using SDES.	RTP based media only.	Support RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/34, A.317/36 and A.317/37.	P-CSCF (IMS-ALG) is required. P-CSCF support of RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/34, A.317/36 and A.317/37. (NOTE)	Not applicable.
End-to-access-edge media security using DTLS-SRTP.	RTP based media only.	Support RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/51 and A.317/55.	P-CSCF (IMS-ALG) is required. P-CSCF support of RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/51 and A.317/55. (NOTE)	Not applicable.
End-to-access-edge media security for MSRP using TLS and certificate fingerprints.	MSRP based media only.	Support RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/40, A.317/40A, A.317/51 and A.317/37A.	P-CSCF (IMS-ALG) is required. P-CSCF support of RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/40, A.317/40A, A.317/51 and A.317/37A. (NOTE)	Not applicable.
End-to-access-edge media security for BFCP using TLS and certificate fingerprints.	BFCP based media only.	Support RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/28, A.317/51 and A.317/37B.	P-CSCF (IMS-ALG) is required. P-CSCF support of RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/28, A.317/51 and A.317/37B. (NOTE)	Not applicable.
End-to-access-edge media security for UDPTL using DTLS and certificate fingerprints.	UDPTL based media only.	Support RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/52, A.317/51 and A.317/37C.	P-CSCF (IMS-ALG) is required. P-CSCF support of RFC 3329 additions specified in subclause 7.2A.7 and SDP extensions specified in Table A.317, items A.317/52, A.317/51 and A.317/37C. (NOTE)	Not applicable.
End-to-end media security using SDES.	RTP based media only.	Support SDP extensions specified in Table A.317, items A.317/34 and A.317/36.	Not applicable.	Not applicable.
End-to-end media security using KMS.	RTP based media only.	Support SDP extensions specified in Table A.317, items A.317/34 and A.317/35.	Not applicable.	GBA and KMS support required.
End-to-end media security for MSRP using TLS and KMS.	MSRP based media only.	Support SDP extensions specified in Table A.317, items A.317/40, A.317/40A and A.317/35, and support RFC 4279.	Not applicable.	GBA and KMS support required.
NOTE: Support of end-to-access-edge media security is determined entirely by the network operator of the P-CSCF, which need not be the same network operator as that of the S-CSCF.

For RTP media security using SDES, the UE supports the SDES key management protocol and optionally the KMS key management protocol as defined in TS 33.328 and SRTP as defined in RFC 3711 for secure transport of media.

For end-to-access-edge media security of RTP media using DTLS-SRTP, the UE supports DTLS-SRTP as defined in RFC 5763 and RFC 5764 with certificate fingerprints as defined in TS 33.328.

For end-to-access-edge media security for MSRP using TLS and certificate fingerprints, the UE supports MSRP over TLS as defined in RFC 4975 and RFC 6714 with certificate fingerprints as defined in TS 33.328.

For end-to-access-edge media security for BFCP using TLS and certificate fingerprints, the UE supports BFCP over TLS as defined in RFC 4583 with certificate fingerprints as defined in TS 33.328.

For end-to-access-edge media security for UDPTL using DTLS and certificate fingerprints, the UE supports UDPTL over DTLS as defined in RFC 7345 and RFC 8842, with certificate fingerprints as defined in TS 33.328.

For end-to-end media security for MSRP using TLS and KMS, the UE supports MSRP over TLS as defined in RFC 4975 and RFC 6714 with pre-shared key ciphersuites as defined in RFC 4279 and the KMS key management protocol as defined in TS 33.328. The certificate fingerprints are not indicated.

There is no support for media security in the MGCF, because there would be no end-to-end media security support on calls interworked with the CS domain and the CS user. In this release of this document, there is no support for media security in the MRF. End-to-access-edge media security is not impacted by this absence of support.

For emergency calls, it is not expected that PSAPs would support end-to-end media security and therefore the procedures of this document do not allow the UE to establish such sessions with end-to-end media security. End-to-access-edge media security is not impacted and can be used on emergency calls.

When the UE performs the functions of an external attached network (e.g. an enterprise network):

where end-to-access-edge media security is used, the UE functionality is expected to be in the gateway of the external attached network, and support for further media security is outside the scope of this document; and
where end-to-end media security is used, the UE functionality is expected to be supported by the endpoints in the attached network.

4.3 Routeing principles of IM CN subsystem entities p. 79

Each IM CN subsystem functional entity shall apply loose routeing policy as described in RFC 3261, when processing a SIP request. In cases where the I-CSCF, IBCF, S-CSCF and the E-CSCF may interact with strict routers in non IM CN subsystem networks, the I-CSCF, IBCF, S-CSCF and E-CSCF shall use the routeing procedures defined in RFC 3261 to ensure interoperability with strict routers.

4.4 Trust domain p. 80

4.4.1 General |R7| p. 80

A trust domain can apply for specific header fields, tel URI parameters and SIP URI parameters within the IM CN subsystem.

For the IM CN subsystem, this trust domain consists of the functional entities that belong to the same operator's network (P-CSCF, the eP-CSCF, the E-CSCF, the I-CSCF, the IBCF, the S-CSCF, the BGCF. the MGCF, the MRFC, the MRB, the EATF, the ATCF, the ISC gateway function, and all ASs that are included in the trust domain). Additionally, other nodes within the IM CN subsystem that are not part of the same operator's domain may or may not be part of the trust domain, depending on whether an interconnect agreement exists with the remote network. SIP functional entities that belong to a network for which there is an interconnect agreement are part of the trust domain. ASs outside the operator's network can also belong to the trust domain if they have a trusted relationship with the home network.

The trust domain can exist for a number of purposes:

for the protection of information specific to an operator;
to provide for privacy requirements of the end user; or
to ensure that information is only passed to another entity if certain responsibilities related to that information are met by the receiving entity, for example that the signalled requirements in the Privacy header field will be met (see subclause 4.4.2 and 4.4.4).

Within the IM CN subsystem trust domains will be applied to a number of header fields. These trust domains do not necessarily contain the same functional entities or cover the same operator domains. The procedures in this subclause apply to the functional entities in clause 5 in the case where a trust domain boundary for that header field, tel URI parameter, or SIP URI parameter, exists at that functional entity.

Where the IM CN subsystem supports business communication, different trust domains can apply to public network traffic, and to private network traffic belonging to each supported corporate network.

A trust domain applies for the purpose of the following header fields: P-Asserted-Identity, P-Access-Network-Info, History-Info, Resource-Priority, P-Asserted-Service, Reason (only in a response), P-Profile-Key, P-Private-Network-Indication, P-Served-User, P-Early-Media, Feature-Caps Restoration-Info, Relayed-Charge, Service-Interact-Info, Cellular-Network-Info, Response-Source, Attestation-Info, Origination-Id, Additional-Identity and Priority-Verstat. A trust domain applies for the purpose of the CPC and OLI tel URI parameters. A trust domain applies for the iotl SIP URI parameter. The trust domains of these header fields and parameters need not have the same boundaries. Clause 5 defines additional procedures concerning these header fields, tel URI parameters and SIP URI parameter.

4.4.2 P-Asserted-Identity |R7| p. 80

RFC 3325 provides for the existence and trust of an asserted identity within a trust domain. A functional entity at the boundary of the trust domain will need to determine whether to remove the P-Asserted-Identity header field according to RFC 3325 when SIP signalling crosses the boundary of the trust domain. The priv-value "id" shall not be removed from the Privacy header field when SIP signalling crosses the boundary of the trust domain. Subclause 5.4 identifies additional cases for the removal of the P-Asserted-Identity header field.

4.4.3 P-Access-Network-Info |R7| p. 81

A functional entity at the boundary of the trust domain shall remove any P-Access-Network-Info header field according to RFC 7315.

4.4.4 History-Info |R7| p. 81

A functional entity at the boundary of the trust domain will need to determine whether to remove the History-Info header field according to RFC 7044 when SIP signalling crosses the boundary of the trust domain. Subclause 5.4 identifies additional cases for the removal of the History-Info header field.

4.4.5 P-Asserted-Service |R7| p. 81

A functional entity at the boundary of the trust domain will need to determine whether to remove the P-Asserted-Service header field according to RFC 6050 when SIP signalling crosses the boundary of the trust domain.

4.4.6 Resource-Priority |R8| p. 81

If Priority verification using assertion of priority information features described in subclause 3.1 is supported then a functional entity at the boundary of the trust domain will need to determine, based on the operator policy, whether to remove a Resource-Priority header field.

Otherwise, if Priority verification using assertion of priority information features described in subclause 3.1 is not supported a functional entity shall only include a Resource-Priority header field in a request or response forwarded to another entity within the trust domain. If a request or response is forwarded to an entity outside the trust domain, the functional entity shall remove the Resource-Priority header field from the forwarded request or response. If a request or response is received from an untrusted entity (with the exception requests or responses received by the P-CSCF from the UE for which procedures are defined in subclause 5.2) that contains the Resource-Priority header field, the functional entity shall remove the Resource-Priority header field before forwarding the request or response within the trust domain.

4.4.7 Reason (in a response) |R7| p. 81

A functional entity shall only include a Reason header field in a response forwarded to another entity within the trust domain (as specified in RFC 6432). If a response is forwarded to an entity outside the trust domain, the functional entity shall remove the Reason header field from the forwarded response.

4.4.8 P-Profile-Key |R8| p. 81

A functional entity at the boundary of the trust domain will need to determine whether to remove the P-Profile-Key header field as defined in RFC 5002 when SIP signalling crosses the boundary of the trust domain.

4.4.9 P-Served-User |R8| p. 81

A functional entity at the boundary of the trust domain will need to determine whether to remove the P-Served-User header field according to RFC 5502 when SIP signalling crosses the boundary of the trust domain.

4.4.10 P-Private-Network-Indication |R8| p. 82

A functional entity shall only include a P-Private-Network-Indication header field in a request forwarded to another entity within the trust domain. If a request is forwarded to an entity outside the trust domain, the functional entity shall remove the P-Private-Network-Indication header field from the forwarded request. If a request is received from an untrusted entity that contains the P-Private-Network-Indication header field, the functional entity shall remove the P-Private-Network-Indication header field before forwarding the request within the trust domain.

4.4.11 P-Early-Media |R9| p. 82

A functional entity at the boundary of the trust domain will need to determine whether to remove the P-Early-Media header field as defined in RFC 5009 when SIP signalling crosses the boundary of the trust domain.

4.4.12 CPC and OLI |R7| p. 82

Entities in the IM CN subsystem shall restrict "cpc" and "oli" URI parameters to specific domains that are trusted and support the "cpc" and "oli" URI parameters. Therefore for the purpose of the "cpc" and "oli" URI parameters within this specification, a trust domain also applies.

SIP functional entities within the trust domain shall remove the "cpc" and "oli" URI parameters when the SIP signalling crosses the boundary of the trust domain.

4.4.13 Feature-Caps |R10| p. 82

A functional entity at the boundary of the trust domain shall remove all Feature-Caps header fields received from UEs and external networks outside the trust domain.

4.4.14 Priority |R12| p. 82

Based on local policy, a functional entity at the boundary of the trust domain shall remove all Priority header fields with a "psap-callback" header field value.

4.4.15 iotl |R12| p. 82

Entities in the IM CN subsystem shall restrict "iotl" URI parameter to specific domains that are trusted and support the "iotl" URI parameter. Support implies that the parameter is removed before the containing request is sent over an interface of a different type. Therefore for the purpose of the "iotl" URI parameter within this specification, a trust domain also applies.

SIP functional entities within the trust domain shall remove the "iotl" URI parameter when the SIP signalling crosses the boundary of the trust domain.

4.4.16 Restoration-Info |R12| p. 82

A functional entity at the boundary of the trust domain will need to determine whether to remove the Restoration-Info header field when SIP signalling crosses the boundary of the trust domain.

4.4.17 Relayed-Charge |R12| p. 83

Entities in the IM CN subsystem shall restrict the Relayed-Charge header field to specific domains that are trusted and support the Relayed-Charge header field. Trust implies that the sending domain intends the receiving domain to have the contents of this header field. Therefore for the purpose of the Relayed-Charge header field within this specification, a trust domain also applies.

SIP functional entities within the trust domain shall remove the Relayed-Charge header field when the SIP signalling crosses the boundary of the trust domain.

4.4.18 Service-Interact-Info |R13| p. 83

A functional entity at the boundary of the trust domain shall remove all Service-Interact-Info header fields defined in subclause 7.2 when SIP signalling crosses the boundary of the trust domain.

4.4.19 Cellular-Network-Info |R13| p. 83

A functional entity shall only include a Cellular-Network-Info header field in a request forwarded to another entity within the trust domain. If a request is forwarded to an entity outside the trust domain, the functional entity shall remove the Cellular-Network-Info header field from the forwarded request. If a request is received from an untrusted entity that contains the Cellular-Network-Info header field, the functional entity shall remove Cellular-Network-Info header field before forwarding the request within the trust domain.

4.4.20 Response-Source |R14| p. 83

A functional entity at the boundary of the trust domain will need to determine whether to remove the Response-Source header field according to subclause 7.2.17. when SIP signalling crosses the boundary of the trust domain.