The end-to-end security paradigm aims to defend against man-in-the-middle attacks and uphold the confidentiality and integrity of data exchanged between trusted partners. Specifically, in the context of TLS connection endpoints within 5G SA roaming.
Criticism often surrounds TLS hop-by-hop due to its simplified trust model between mobile operators. In this model, the intermediate entities have access to all information in the control plane and can make changes without being detected. A primary concern arises from the lack of traceability in case of a security breach, potentially leading to sensitive data leakage to unauthorized parties.
In practice, intermediates like international IPX carriers are quicker at addressing issues than remote roaming partners. While maintaining an audit trail doesn’t always lead to faster resolution, withdrawing TLS certificates is not recommended as a solution.