docs: howto_ims.md: include disabling SQN without explanation why this is even needed. #43
Labels
documentation
Improvements or additions to documentation
Comments
|
Any documentation recommending disabling a security feature should also give an explanation of the consequences of doing so, warn against doing it without fully understanding the consequences, and reference related documentation/publications about said security mechanism. SQN checking protects against replay attacks. Disabling that check consequently exposes you to them. |
|
Thank you both for the comments. @errdemk can i ask you to update the documentation? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Summary
https://github.com/omnt/OpenMobileNetworkToolkit/blob/main/docs/howto_ims.md
describes how to disable SQN checking.
However this is only needed if your core network doesn't contain a common HSS.
E.g. in early howtos this was required, because the howto required to have 2 HSS which doesn't share the
sequence numbers (e.g. open5gs-hss + pyhss).
However it is now possible to use either open5gs-hss or pyhss for both, the IMS authentication and the LTE core network authentication.
It would be great to mention the reason and describe this step doesn't hurt, but is only required if the core network uses a split brain HSS.
The text was updated successfully, but these errors were encountered: