E.6 Signalling flows demonstrating a failure in CA certificate delivery

24.1093GPPBootstrapping interface (Ub) and network application function interface (Ua)Protocol detailsRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The signalling flow in figure E.5-1 describes the message exchange between UE and PKI portal when UE requests a CA certificate delivery. This clause describes a failure in the CA certificate delivery. It assumed that CA certificate delivery procedure has proceeded to step 6 as described in clause E.5.

6. Authentication at PKI portal

The verification procedures described in clause E.5 step 6 are successfully completed.

The PKI portal discovers that it does not have the requested CA certificate.

7. Error notification (PKI portal to UE) – see example in table E.6-1

The PKI portal sends 404 Not Found response to the UE to indicate that the requested CA certificate is not found in the PKI portal. The PKI portal can use key material Ks_NAF to authenticate the response.

Table E.6-1: Error notification (PKI portal to UE)

HTTP/1.1 404 Not Found

Server: Apache/1.3.22 (Unix) mod_perl/1.27

Content-Type: text/html

Authentication-Info: qop=auth-int, rspauth="6629fae49394a05397450978507c4ef1", cnonce="6629fae49393a05397450978507c4ef1", nc=00000001

Date: Thu, 08 Jan 2004 10:50:35 GMT

Authentication-Info: This carries the protection

8. Authentication and response verification at UE

The UE receives the response and verifies the Authentication-Info header. If the verification succeeds, the UE is notified of the failure of the CA certificate delivery.

Annex F (informative):
Signalling flows for PSK TLS with bootstrapped security association