23.4.1.1 Integrity 23.4.1.1 完整性 Whenever integrity checks are performed, the integrity of a header field should be determined by matching the value of the header field in the signed body with that in the "outer" messages using the comparison rules of SIP as described in 20. 每当执行完整性检查时,应通过使用SIP的比较规则将已签名正文中的报头字段的值与“外部”消息中的值相匹配来确定报头字段的完整性,如20所述。 Header fields that can be legitimately modified by proxy servers are: Request-URI, Via, Record-Route, Route, Max-Forwards, and Proxy-Authorization. If these header fields are not intact end-to-end, implementations SHOULD NOT consider this a breach of security. Changes to any other header fields defined in this document constitute an integrity violation; users MUST be notified of a discrepancy.
可以由代理服务端合法修改的报头字段有:Request-URI, Via, Record-Route, Route, Max-Forwards, and Proxy-Authorization。如果这些报头字段不是完整的端到端,则实现不应认为这违反了安全性。对本文件中定义的任何其他报头字段的更改构成完整性违规;必须将差异通知用户。
本文讨论了在SIP通信中执行完整性检查时,如何确保报头字段如Request-URI等在代理服务器处理后的完整性。非端到端完整性的这些字段不影响安全性,但其他字段的改动视为违规,需通知用户。

101

被折叠的 条评论
为什么被折叠?



