spec: end to end enc
diff --git a/docs/imsi-pseudo-spec.adoc b/docs/imsi-pseudo-spec.adoc
index b6e7781..f13d858 100644
--- a/docs/imsi-pseudo-spec.adoc
+++ b/docs/imsi-pseudo-spec.adoc
@@ -359,7 +359,9 @@
well.
== Recommendations for Real-World Implementations
+
=== BCCH SI3: ATT = 0
+
When changing from one pseudonymous IMSI to the next, it is important that the
ME does not detach from the network. Otherwise it would be trivial for an
attacker to correlate the detach with the attach of the same ME with the next
@@ -372,6 +374,17 @@
// FIXME: verify how it set with operators in germany (OS#4404)
=== End to End Encryption of SMS
+
+When deploying the IMSI pseudonymization, the operator should make sure that
+the next pseudonymous IMSI SMS (<<sms-structure>>) cannot be read or modified
+by third parties. Otherwise, the next pseudonymous IMSI is leaked, and if the
+pseudonymous IMSI in the SMS was changed, the SIM would be locked out of the
+network.
+
+The safest way to protect the next pseudonymous IMSI SMS is a layer of end to
+end encryption from the HLR to the SIM. It was considered for this
+specification, but found to be out of scope.
+
[[warn-no-imsi-change]]
=== Warning the User if the IMSI Does Not Change
=== User-configurable Minimum Duration Between IMSI Changes