RFC3261: SIP:26.4.3 TLS

最新推荐文章于 2024-02-17 14:34:02 发布

꧁白杨树下꧂

最新推荐文章于 2024-02-17 14:34:02 发布

阅读量40

点赞数

分类专栏： SIP 文章标签： sip

原文链接：https://www.ietf.org/rfc/rfc3261.html#section-26.4.3

版权

SIP 专栏收录该内容

302 篇文章 2 订阅

订阅专栏

26.4.3 TLS

   The most commonly voiced concern about TLS is that it cannot run over UDP; TLS requires a connection-oriented underlying transport protocol, which for the purposes of this document means TCP.

对TLS最常见的担忧是它不能在UDP上运行；TLS需要一个面向连接的底层传输协议，在本文档中，它的意思是TCP。

   It may also be arduous for a local outbound proxy server and/or registrar to maintain many simultaneous long-lived TLS connections with numerous UAs.  This introduces some valid scalability concerns, especially for intensive ciphersuites.  Maintaining redundancy of long-lived TLS connections, especially when a UA is solely responsible for their establishment, could also be cumbersome.

对于本地出站代理服务器或注册器来说，维护与许多UA的许多同时的长期TLS连接也可能是困难的。这引入了一些有效的可伸缩性问题，尤其是对于密集型密码套件。维护长期TLS连接的冗余，特别是当UA单独负责其建立时，也可能很麻烦。

   TLS only allows SIP entities to authenticate servers to which they are adjacent; TLS offers strictly hop-by-hop security.  Neither TLS, nor any other mechanism specified in this document, allows clients to authenticate proxy servers to whom they cannot form a direct TCP connection.

TLS仅允许SIP实体对与其相邻的服务器进行身份验证；TLS提供严格的逐跳安全性。TLS和本文档中指定的任何其他机制都不允许客户端对无法形成直接TCP连接的代理服务器进行身份验证。