This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Freyther holger at freyther.de> On 24 Sep 2015, at 22:14, Harald Welte <laforge at gnumonks.org> wrote: > > Hi Neels, > > welcome to OpenBSC code :) > >> + Osmocom Authentication Protocol (OAP) > > I would argue it makes sense to at least specify/define the protocol > also to support UMTS AKA, not just plain-old GSM authentication. > > This is important > * for future compatibility once the SGSN suppots 3G > * to use UMTS AKA for increased security over GERAN (GPRS/EDGE RAN) OAP is to authenticate something like the A-link, GSUP link or maybe even MNCC over TCP/IP, or a USSD provider, etc. It is using “AKA” right now but in a restricted mode: * SQN will be 0 (because the clients might have no way to persistently store the SQNs). Yes, this will allow a replay against the client.[1] * There is not “AuthenticationFailure” message with the AUTS. As the SQN will always be fixed in the first iteration there should not be a need to re-synchronize. [1] It is a trade off in efforts. The clients can not store a SQN, the last RANDS, etc. They could in theory start with a random RAND and client/server will go through one re-synchronization of the SQN. I obviously made a trade-off here and this protocol allows us to add SQN number handling in the future and client API users are not impacted.