26 Security Considerations: Threat Model and Security Usage Recommendations 26 安全注意事项:威胁模型和安全使用建议 SIP is not an easy protocol to secure. Its use of intermediaries, its multi-faceted trust relationships, its expected usage between elements with no trust at all, and its user-to-user operation make security far from trivial. Security solutions are needed that are deployable today, without extensive coordination, in a wide variety of environments and usages. In order to meet these diverse needs, several distinct mechanisms applicable to different aspects and usages of SIP will be required.
SIP不是一个容易保护的协议。它对中介的使用、多方面的信任关系、完全不信任的元素之间的预期使用以及用户对用户的操作使安全性绝非微不足道。现在需要在没有广泛协调的情况下,在各种各样的环境和用途中部署安全解决方案。为了满足这些不同的需求,将需要适用于SIP的不同方面和用途的几种不同机制。
Note that the security of SIP signaling itself has no bearing on the security of protocols used in concert with SIP such as RTP, or with the security implications of any specific bodies SIP might carry (although MIME security plays a substantial role in securing SIP). Any media associated with a session can be encrypted end-to-end independently of any associated SIP signaling. Media encryption is outside the scope of this document. 请注意,SIP信令本身的安全性与SIP协同使用的协议(如RTP)的安全性无关,也与SIP可能携带的任何特定主体的安全含义无关(尽管MIME安全性在保护SIP方面发挥着重要作用)。与会话相关联的任何媒体都可以独立于任何相关联的SIP信令进行端到端加密。媒体加密不在此文档的范围内。 The considerations that follow first examine a set of classic threat models that broadly identify the security needs of SIP. The set of security services required to address these threats is then detailed, followed by an explanation of several security mechanisms that can be used to provide these services. Next, the requirements for implementers of SIP are enumerated, along with exemplary deployments in which these security mechanisms could be used to improve the security of SIP. Some notes on privacy conclude this section.
接下来的注意事项首先考察了一组经典的威胁模型,这些模型广泛地确定了SIP的安全需求。然后详细介绍了应对这些威胁所需的一组安全服务,然后解释了可用于提供这些服务的几种安全机制。接下来,列举了对SIP实现者的要求,以及可以使用这些安全机制来提高SIP安全性的示例性部署。一些关于隐私的注意事项在本节结束。
扫一扫
1435
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
