Notes from Meeting on how to reply to incoming LS https://www.3gpp.org/ftp/Meetings_3GPP_SYNC/SA3/Docs/S3-242364.zip Monday, July 15th, 2024 from 15.00 until 16.10 (Berlin Timezone) ---- Some feedback on the text was received by email in advance of the meeting and some feedback was discussed by telephone as well. During the meeting: The incoming LS was briefly presented and the proposed draft reply was opened. On the question of aggregation, the discussion focussed on whether or not the secure channel can be implemented as an IPsec tunnel instead of a TLS connection, and to what extent this channel is to be seen as a VPN that can carry traffic of multiple protocols, or whether it is dedicated to N32 traffic only. There may be a need for a CR for 33.501 in order to clarify the above point. --- On the question of PLMN IDs within certificates, this approach was challenged both by feedback received in advance of the meeting and during the meeting. The need to address the unterlying issue of increasing the transparency of roaming relation management was not challenged. The point was made that the reply LS should be made simpler and focus on what is in the 3GPP specs. Obtaining consensus within SA3 on a large number of statements may be difficult. An alternative to encoding PLMN IDs into certificates for trust anchoring was mentioned: using a local configuration that ensures that a given PRINS hop connection can only be used for a well-known (configured) set of roaming partners (PLMN IDs), and not for others, and bind this to a set of trusted root CAs for that particular subset. --- The topic of N32s/N32p/hop-by-hop vs. e2e was also briefly discussed. The point was made that SA3 should insist on the end-to-end approach. --- Way forward: The document is made available over the FTP server, and participants are expected to provide review comments and track changes until July 19th, 2024 EOB. Andreas will create a new doodle for having another offline call some time between July 22th and 26th, 2024.