The TLS hop-by-hop philosophy acknowledges this reality and introduces trusted parties on the route from the visited mobile network to the home mobile network and vice versa. These trusted parties will act as credential holders, serving as valid endpoints of control plane connection. This role is indicated by the N32 interface reference point defined by the GSMA’s 3GPP standards.
This enables a straightforward 5G SA roaming setup, similar to what we’ve seen in previous mobile generations. However, it doesn’t prevent mobile network operators from directly connecting using N32 connections if they choose to do so.
TLS hop-by-hop doesn’t undermine the fundamental trust model between the User Equipment (UE) and the operator. Instead, it establishes a built-in hierarchy of trust on the control plane. In this hierarchy, the next hop is considered more trustworthy than any other party in the communication chain.