26.4.1 HTTP Digest 26.4.1 HTTP摘要 One of the primary limitations of using HTTP Digest in SIP is that the integrity mechanisms in Digest do not work very well for SIP. Specifically, they offer protection of the Request-URI and the method of a message, but not for any of the header fields that UAs would most likely wish to secure. 在SIP中使用HTTP摘要的主要限制之一是摘要中的完整性机制对SIP的工作效果不太好。具体来说,它们提供对Request-URI和消息方法的保护,但不提供UA最希望保护的任何报头字段。 The existing replay protection mechanisms described in RFC 2617 also have some limitations for SIP. The next-nonce mechanism, for example, does not support pipelined requests. The nonce-count mechanism should be used for replay protection. RFC 2617中描述的现有重放保护机制也对SIP有一些限制。例如,下一个nonce机制不支持流水线请求。nonce计数机制应用于重播保护。 Another limitation of HTTP Digest is the scope of realms. Digest is valuable when a user wants to authenticate themselves to a resource with which they have a pre-existing association, like a service provider of which the user is a customer (which is quite a common scenario and thus Digest provides an extremely useful function). By way of contrast, the scope of TLS is interdomain or multirealm, since certificates are often globally verifiable, so that the UA can authenticate the server with no pre-existing association.
HTTP摘要的另一个限制是领域的范围。当用户想要将自己认证为与他们有预先存在的关联的资源时,例如用户是其客户的服务提供商时,摘要是有价值的(这是一种非常常见的情况,因此摘要提供了非常有用的功能)。相比之下,TLS的范围是域间或多域的,因为证书通常是全局可验证的,因此UA可以在没有预先存在的关联的情况下对服务器进行身份验证。
扫一扫
506
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
