ENDC Bearers config

Hi Guys, i have one question.

First we establish a berear as per below config (this is ENDC case)

Then we establish another bearer (DRB 6 and EPS ID-6) as below


or it is mandatory to configure security configuration during DRB setup


during DRB 6 setup, secuirty config is missing…so here UE will use same security config as configured for DRB5 earlier.

That looks like the logical thing to do.
But the specs should say exactly what happens when this optional IE is not used.

Not able decode 38.331 properly, as there is some confusion in a statement.
But for me more it looks like it is mandatory to configure during DRB setup.

What statement?
Isn’t the IE itself optional?

IE is conditional.

Security procedure is irrespective of DRB(s) configured.
It is done only once. Am I right?

This is ENDC case.

Does it matter?
Since It is used for NAS signalling only?

No, NAS and RRC both have security.

Reading this it must be present whenever you are setting up a new DRB.

But now if during the setup of DRB6, if I change the security config then it will apply on both DRB 5& 6.
Is that right?

I would think so. It should apply to any DRB that is on NR!

Right, Thanks.
Can we change security algo of existing DRB (here in this case 5) w/o handover?

If we just change that security config, would that not work?

At least in LTE, I am sure we can change the security algo only during handover.

Thats what sometime n/w trigger intra cell handover also just to change the security algo.

What if we send the RRC security command again in LTE? (just an over the head thought, never tried it)

I think we cannot change the security key of existing DRB on the fly as PDCP SN/count need to reset.
That’s what it is done during handover only.
I mean PDCP need to re-establish whenever we are going to change this.

I think you are right!
May be somebody else can also confirm.

Yes UE will use DRB 5 security config.