|
1.
|
Clear description of the referenced document:
|
|
|
|
|
2.
|
Status of approval:
|
|
|
Approved
|
|
3.
|
Justification for the specific reference:
|
|
|
The referenced document is the text on which draft Recommendation X.5Gsec-ssl is based
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
None.
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
3GPP TS 33.501 (Release 17) is published by 3GPP in 2022.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
3GPP TS 33.501 (Release 17) is published by 3GPP in 2022.
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
3GPP TS 33.501 (Release 17) is published by 3GPP in 2022.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications"./
[2] 3GPP TS 23.501: "System Architecture for the 5G System"./
[3] 3GPP TS 33.210: "3G security; Network Domain Security (NDS); IP network layer security"./
[4] IETF RFC 4303: "IP Encapsulating Security Payload (ESP)". /
[5] 3GPP TS 33.310: "Network Domain Security (NDS); Authentication Framework (AF)". /
[6] IETF RFC 4301: "Security Architecture for the Internet Protocol"./
[7] 3GPP TS 22.261: "Service requirements for next generation new services and markets"./
[8] 3GPP TS 23.502: "Procedures for the 5G System"./
[9] 3GPP TS 33.102: "3G security; Security architecture"./
[10] 3GPP TS 33.401: "3GPP System Architecture Evolution (SAE); Security architecture"./
[11] 3GPP TS 33.402: "3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses"./
[12] IETF RFC 5448: " Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')"./
[13] 3GPP TS 24.301: " Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3"./
[14] 3GPP TS 35.215: " Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 1: UEA2 and UIA2 specifications". /
[15] NIST: "Advanced Encryption Standard (AES) (FIPS PUB 197)"./
[16] NIST Special Publication 800-38A (2001): "Recommendation for Block Cipher Modes of Operation"./
[17] NIST Special Publication 800-38B (2001): "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication"./
[18] 3GPP TS 35.221: " Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 1: EEA3 and EIA3 specifications"./
[19] 3GPP TS 23.003: "Numbering, addressing and identification"./
[20] 3GPP TS 22.101: "Service aspects; Service principles"./
[21] IETF RFC 4187: "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)"./
[22] 3GPP TS 38.331: "NR; Radio Resource Control (RRC); Protocol specification"./
[23] 3GPP TS 38.323: "NR; Packet Data Convergence Protocol (PDCP) specification"./
[24] 3GPP TS 33.117: "Catalogue of general security assurance requirements"./
[25] IETF RFC 7296: "Internet Key Exchange Protocol Version 2 (IKEv2)"/
[26] Void/
[27] IETF RFC 3748: "Extensible Authentication Protocol (EAP)"./
[28] 3GPP TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)"./
[29] SECG SEC 1: Recommended Elliptic Curve Cryptography, Version 2.0, 2009. Available http://www.secg.org/sec1-v2.pdf/
[30] SECG SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0, 2010. Available at http://www.secg.org/sec2-v2.pdf/
[31] 3GPP TS 38.470: "NG-RAN; F1 General aspects and principles"./
[32] 3GPP TS 38.472: "NG-RAN; F1 signalling transport"./
[33] 3GPP TS 38.474: "NG-RAN; F1 data transport"./
[34] 3GPP TS 38.413: "NG-RAN; NG Application Protocol (NGAP)"/
[35] 3GPP TS 24.501: "Non-Access-Stratum (NAS) protocol for 5G System (5GS); Stage 3"./
[36] 3GPP TS 35.217: "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 3: Implementors' test data"./
[37] 3GPP TS 35.223: "Specification of the 3GPP Confidentiality and Integrity Algorithms EEA3 & EIA3; Document 3: Implementors' test data"./
[38] IETF RFC 5216: "The EAP-TLS Authentication Protocol"./
[39] IETF RFC 4346: "The Transport Layer Security (TLS) Protocol Version 1.1". /
[40] IETF RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2"./
[41] 3GPP TS 38.460: "NG-RAN; E1 general aspects and principles"./
[42] Void./
[43] IETF RFC 6749: "OAuth2.0 Authorization Framework"./
[44] IETF RFC 7519: "JSON Web Token (JWT)"./
[45] IETF RFC 7515: "JSON Web Signature (JWS)"./
[46] IETF RFC 7748: "Elliptic Curves for Security"./
[47] IETF RFC 7540: " Hypertext Transfer Protocol Version 2 (HTTP/2)"./
[48] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"./
[49] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP"./
[50] IETF RFC 6066: "Transport Layer Security (TLS) Extensions: Extension Definitions"./
[51] 3GPP TS 37.340: "Evolved Universal Terrestrial Radio Access (E-UTRA) and NR; Multi-connectivity; Stage 2"./
[52] 3GPP TS 38.300: "NR; NR and NG-RAN Overall Description; Stage 2"./
[53] 3GPP TS 33.122: "Security Aspects of Common API Framework for 3GPP Northbound APIs"./
[54] 3GPP TS28.533: " Management and orchestration; Architecture framework". /
[55] 3GPP TS28.531: "Management and orchestration of networks and network slicing; Provisioning". /
[56] Void/
[57] IETF RFC 7542: "The Network Access Identifier"./
[58] IETF RFC 6083: " Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)"./
[59] IETF RFC 7516: "JSON Web Encryption (JWE)". /
[60] IETF RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3"./
[61] IETF RFC 5705,"Keying Material Exporters for Transport Layer Security (TLS)"./
[62] IETF RFC 5869 "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)"./
[63] NIST Special Publication 800-38D: "Recommendation for Block Cipher Modes of Operation: Galois Counter Mode (GCM) and GMAC"./
[64] IETF RFC 6902: "JavaScript Object Notation (JSON) Patch"./
[65] 3GPP TS 31.115: "Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications./
[66] 3GPP TS 31.111: "Universal Subscriber Identity Module (USIM), Application Toolkit (USAT)"./
[67] Internet draft draft-ietf-emu-rfc5448bis: "Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')"./
[68] 3GPP TS 29.510: "5G System; Network function repository services"./
[69] 3GPP TS 36.331: "Radio Resource Control (RRC); Protocol specification"./
[70] 3GPP TS 29.505: "5G System; Usage of the Unified Data Repository services for Subscription Data; Stage 3"./
[71] 3GPP TS 24.302: "Access to the 3GPP Evolved Packet Core (EPC) via non-3GPP access networks; Stage 3"./
[72] 3GPP TS 23.216: "Single Radio Voice Call Continuity (SRVCC)"./
[73] 3GPP TS 29.573: " Public Land Mobile Network (PLMN) Interconnection; Stage 3"./
[74] 3GP TS 29.500: "5G System; Technical Realization of Service Based Architecture; Stage 3"./
[75] IEEE TSN network aspects: see 3GPP TS 23.501 [2] references [95], [96], [97], [98], [104], and [107]./
[76] Internet draft draft-ietf-emu-eap-tls13: "Using EAP-TLS with TLS 1.3"/
[77] IETF RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3"./
[78] 3GPP TS 38.401: "NG-RAN; Architecture description"./
[79] 3GPP TS 23.316: "Wireless and wireline convergence access support for the 5G System (5GS)"/
[80] IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012) - IEEE Standard for Information technology—Telecommunications and information exchange between systems Local and metropolitan area networks—Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications./
[81] IETF RFC 2410 "The NULL Encryption Algorithm and Its Use With IPsec"./
[82] Void/
[83] RFC 7858: "Specification for DNS over Transport Layer Security (TLS)"./
[84] RFC 8310: "Usage Profiles for DNS over TLS and DNS over DTLS"./
[85] RFC 4890: "Recommendations for Filtering ICMPv6 Messages in Firewalls"./
[86] 3GPP TS 23.273: "5G System (5GS) Location Services (LCS); Stage 2"./
[87] 3GPP TS 38.305: "Stage 2 functional specification of User Equipment (UE) positioning in NG-RAN"./
[88] 3GPP TS 36.300: "Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access (E-UTRAN); Overall description; Stage 2"./
[89] IANA: "Transport Layer Security (TLS) Parameters"./
[90] RFC 2818: "HTTP Over TLS"./
[91] 3GPP TS 33.535: "Authentication and key management for applications based on 3GPP credentials in the 5G System (5GS)"./
[92] 3GP TS 29.573: "5G System; Public Land Mobile Network (PLMN) Interconnection"./
[93] 3GPP TS 29.503: "5G System; Unified Data Management Services"./
[94] 3GPP TS 29.501: "5G System; Principles and Guidelines for Services Definition"./
[95] 3GPP TS 29.502: "5G System; Session Management Services"./
[96] 3GPP TS 29.526: "5G System; Network Slice-Specific Authentication and Authorization (NSSAA) services"./
[97] 3GPP TS 23.402: "Authentication enhancements for non-3GPP accesses"./
[98] 3GPP TS 23.548: "5G System Enhancements for Edge Computing; Stage 2"./
[99] RFC 5281: "Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)". /
[100] RFC 6678: "Requirements for a Tunnel-Based Extensible Authentication Protocol (EAP) Method"./
[101] General Data Protection Regulation, https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:02016R0679-20160504&from=EN./
[102] 3GPP TS 33.246: "Security of Multimedia Broadcast/Multicast Service (MBMS)". /
[103] 3GPP TS 23.247: "Architectural enhancements for 5G multicast-broadcast services"./
[104] 3GPP TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)"./
[105] 3GPP TS 23.288: "Architecture enhancements for 5G System(5GS) to support network data analytics services"./
[106] 3GPP TS 23.554 Application architecture for MSGin5G Service; Stage 2./
[107] 3GPP TS 22.262 Message service with the 5G System (5GS); Stage 1.
|
|
9.
|
Qualification of
3GPP:
|
|
|
The qualification analysis of TSDSI with a goal to allow the ITU-T A.5 qualification for 3GPP was requested by SG15 in the January/February 2020 meeting (see TD527/P, https://www.itu.int/md/meetingdoc.asp?lang=en&parent=T17-SG15-200127-TD-PLEN-0527). This is based on the section 7.3 of the ITU-T A.5 (09/2019) which states that "For the case of a proposed referenced document jointly owned by multiple organizations in a partnership project that is not a legal entity, the partnership project is considered to be qualified according to the criteria in Annex B if each organization is itself qualified according to the criteria in Annex B". The only 3GPP partner not previously A.5 qualified was TSDSI.
Based on the information available at the time of the SG15 plenary on 18 September 2020 (see TD635/P,https://www.itu.int/md/meetingdoc.asp?lang=en&parent=T17-SG15-200907-TD-PLEN-0635), SG15 approved the A.5 qualification for TSDSI, and by extension, SG15 also approved the A.5 qualification for 3GPP, as reported in SG15-R24 (https://www.itu.int/md/T17-SG15-R-0024/en).
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
