Foreword1 Scope2 References3 Definitions, symbols and abbreviations4 Overview of the security architecture5 Security features6 Security mechanisms7 Security association set-up procedure8 ISIM9 IMCL.1 IntroductionL.2 Application of clause 4M.0 GeneralM.1 ScopeM.2 ReferencesM.3 Definitions, symbols and abbreviationsM.4 Overview of the security architectureM.5 Security featuresM.6 Security mechanismsM.7 Security association set-up procedureM.8 ISIMM.9 IMCN.1 SIP DigestN.2 AuthenticationO.1 TLSO.2 TLS Session set-up procedureO.3 Error cases in the set-up of TLS sessionsO.4 Management of TLS sessionsO.5 TLS Certificate Profile and ValidationP.1 Scope of this AnnexP.2 Requirements on co-existence of authentication schemesP.3 P‑CSCF procedure selectionP.4 Determination of requested authentication scheme in S‑CSCFP.5 Co-existence of PANI-aware and other P‑CSCFsP.6 Considerations on the Cx interfaceQ.1 GeneralQ.2 Assertion of identities by the P-CSCFQ.3 Strengths and boundary conditions for the use of authentication mechanisms for non-registration messagesR.1 OverviewR.2 Use Cases and LimitationsR.3 Detailed descriptionS.1 IntroductionS.2 Application of clause 4S.3 Application of clauses 5 through 9S.4 3GPP2 AKA CredentialsS.5 Network Domain Security for IMST.1 IntroductionT.2 RequirementsT.3 Threat ScenariosT.4 GIBA Security MechanismT.5 Restrictions imposed by GIBAT.6 Protection against IP address spoofing in GGSNT.7 Interworking casesT.8 Message FlowsU.1 OverviewU.2 Use case and detailed descriptionW.1 OverviewW.2 Service and Media Reachability for Users over Restrictive Firewalls – Tunneled Firewall Traversal for IMS trafficW.3 Service and Media Reachability for Users over Restrictive Firewalls – Extensions to STUN/TURN/ICEX.1 IntroductionX.2 Authentication of WebRTC IMS Client with IMS subscription re-using existing IMS authentication mechanismsX.3 Authentication of WebRTC IMS Client with IMS subscription using web credentialsX.4 Assignment of IMS identities to WebRTC IMS Client from pool of IMS subscriptions held by WWSFX.5 TURN credential provisioning and authentication (informative) M.8 ISIM 33.2033G Security3GPPAccess security for IP-based servicesTS Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM The text in clause 8 applies without changes.