|Universal Mobile Telecommunications System (UMTS);LTE;Network Domain Security (NDS);Authentication Framework (AF)
|ETSI TS 133 310
|3RD GENERATION PARTNERSHIP PROJECT (3GPP)
The scope of this Technical Specification is limited to authentication of network elements, which are using NDS/IP or TLS, and to Certificate Enrolment for Base Stations as described in the present document. In the case of NDS/IP this specification includes both the authentication of Security Gateways (SEG) at the corresponding Za-interfaces and the authentication between NEs and between NEs and SEGs at the Zb-interface. Authentication of end entities (i.e. NEs and SEGs) in the intra-operator domain is considered an internal issue for operators. This is quite much in line with  which states that only Za is mandatory and that the security domain operator can decide if the Zb-interface is deployed or not, as the Zb-interface is optional for implementation. Validity of certificates may be restricted to the operator’s domain in case of Zb interface or in case of Za-interface between two security domains of the same operator.