Hi Guys, i have one question.
First we establish a berear as per below config (this is ENDC case)
Then we establish another bearer (DRB 6 and EPS ID-6) as below
or it is mandatory to configure security configuration during DRB setup
during DRB 6 setup, security config is missing…so here UE will use same security config as configured for DRB5 earlier.
Nitin
June 5, 2020, 1:03pm
2
That looks like the logical thing to do.
But the specs should say exactly what happens when this optional IE is not used.
Not able decode 38.331 properly, as there is some confusion in a statement.
But for me more it looks like it is mandatory to configure during DRB setup.
Nitin
June 5, 2020, 1:04pm
4
What statement?
Isn’t the IE itself optional?
Security procedure is irrespective of DRB(s) configured.
It is done only once. Am I right?
Does it matter?
Since It is used for NAS signalling only?
No, NAS and RRC both have security.
Nitin
June 5, 2020, 1:09pm
11
Reading this it must be present whenever you are setting up a new DRB.
But now if during the setup of DRB6, if I change the security config then it will apply on both DRB 5& 6.
Is that right?
Nitin
June 5, 2020, 1:11pm
13
I would think so. It should apply to any DRB that is on NR!
Right, Thanks.
Can we change security algo of existing DRB (here in this case 5) w/o handover?
Nitin
June 5, 2020, 1:12pm
15
If we just change that security config, would that not work?
At least in LTE, I am sure we can change the security algo only during handover.
Thats what sometime n/w trigger intra cell handover also just to change the security algo.
Nitin
June 5, 2020, 1:13pm
17
What if we send the RRC security command again in LTE? (just an over the head thought, never tried it)
I think we cannot change the security key of existing DRB on the fly as PDCP SN/count need to reset.
That’s what it is done during handover only.
I mean PDCP need to re-establish whenever we are going to change this.
Nitin
June 5, 2020, 1:14pm
19
I think you are right!
May be somebody else can also confirm.
Yes UE will use DRB 5 security config.