RFC3261: SIP:26.1.3 篡改信息主体

26.1.3 Tampering with Message Bodies
26.1.3 篡改信息主体

   As a matter of course, SIP UAs route requests through trusted proxy servers.  Regardless of how that trust is established (authentication of proxies is discussed elsewhere in this section), a UA may trust a proxy server to route a request, but not to inspect or possibly modify the bodies contained in that request.

当然，SIP UA通过可信代理服务器路由请求。无论该信任是如何建立的（本节其他部分讨论了代理的身份验证），UA都可以信任代理服务器来路由请求，但不能检查或可能修改该请求中包含的主体。

   Consider a UA that is using SIP message bodies to communicate session encryption keys for a media session.  Although it trusts the proxy server of the domain it is contacting to deliver signaling properly, it may not want the administrators of that domain to be capable of decrypting any subsequent media session.  Worse yet, if the proxy server were actively malicious, it could modify the session key, either acting as a man-in-the-middle, or perhaps changing the security characteristics requested by the originating UA.

考虑一个UA，它正在使用SIP消息体来传递媒体会话的会话加密密钥。尽管它信任它所联系的域的代理服务器来正确地传递信号，但它可能不希望该域的管理员能够解密任何后续的媒体会话。更糟糕的是，如果代理服务器是主动恶意的，它可能会修改会话密钥，或者充当中间人，或者可能更改发起UA请求的安全特性。

   This family of threats applies not only to session keys, but to most conceivable forms of content carried end-to-end in SIP.  These might include MIME bodies that should be rendered to the user, SDP, or encapsulated telephony signals, among others.  Attackers might attempt to modify SDP bodies, for example, in order to point RTP media streams to a wiretapping device in order to eavesdrop on subsequent voice communications.

这一系列威胁不仅适用于会话密钥，而且适用于SIP中端到端携带的大多数可能形式的内容。其中可能包括应呈现给用户的MIME主体、SDP或封装的电话信号等。例如，攻击者可能试图修改SDP主体，以便将RTP媒体流指向窃听设备，从而窃听后续的语音通信。

   Also note that some header fields in SIP are meaningful end-to-end, for example, Subject.  UAs might be protective of these header fields as well as bodies (a malicious intermediary changing the Subject header field might make an important request appear to be spam, for example).  However, since many header fields are legitimately inspected or altered by proxy servers as a request is routed, not all header fields should be secured end-to-end.

还要注意，SIP中的一些报头字段是有意义的端到端字段，例如Subject。UA可能会保护这些报头字段和主体（例如，恶意中介更改Subject报头字段可能会使重要请求看起来像垃圾邮件）。然而，由于在路由请求时，代理服务器会合法地检查或更改许多报头字段，因此并非所有报头字段都应该端到端保护。

   For these reasons, the UA might want to secure SIP message bodies, and in some limited cases header fields, end-to-end.  The security services required for bodies include confidentiality, integrity, and authentication.  These end-to-end services should be independent of the means used to secure interactions with intermediaries such as proxy servers.

由于这些原因，UA可能希望端到端地保护SIP消息体，并且在某些有限的情况下保护报头字段。机构所需的安全服务包括保密性、完整性和身份验证。这些端到端服务应该独立于用于保护与中介（如代理服务器）交互的手段。