📄 rfc3455.txt
字号:
本文中,我们将3GPP 可信域看作是 SIP代理服务器和3GPP运营商运营的应用服务器的集合. 并且兼容3GPP TS 24.229 [15]中的需求. 该项扩展假定接入网被UA信任(因为UA的归属网与接入网存在信任关系), 如本文前面所描述的. 该项扩展假定UAC加入到该头的信息应该只被发送到信任实体并且不应该 在可信的管理网络区域之外使用. 为用户提供服务的SIP proxy , 利用该头包含的信息提供附加服务 并且希望UA提供正确的信息. 然而, UA加入了不正确的信息也不 会导致安全问题. 依据P-Access-Network-Info 头中信息提供服务的网络将因此需要 信任 UA 发送该信息. 一个欺诈性的UA 发送错误的 接入网信息并不比限制该用户使用特定的服务造成更大的影响. 本文所提供机制主要是为私有系统 如3GPP而设计的. 大部份需求满足私有系统的标准解决方案. 例如, 3GPP 使用 P-Access-Network-Info 头携带相关敏感信息如小区标识. 因此该信息不能发送出3GPP的区域之外. UA明白 - 如果是一个3GPP UA - 它处在一个可以信任的区域. 3GPP UA 清楚用来传送SIP信令到归属网区域的安全关联当前是否存在或有效, 同样地, P-Access-Network-Info 头携带的这些敏感信息不应该在任何一个初始未授权且未保护的请求 (如REGISTER)中发送. 任何一个使用该项扩展且不属于私有可信域的UA出于安全因素不应该考虑该机制, 同样地, 不应该在P-Access-Network-Info 头中发送敏感信息. Garcia-Martin, et. al. Informational [页 29]
RFC 3455 3GPP SIP P-Header 扩展 January 2003 任何运行在支持P-Access-Network-Info 头的私有可信域的proxy 如出现该头的话, 在将任何消息前转至可信域之外时需要从消息中删除该头. 因此, 一个要求它的UA在发送带有P-Access-Network-Info头信息的网络 必须确保信息本身不敏感或该信息不被发送出可信域. 一个proxy 从一个非信任实体接受包含 P-Access-Network-Info头消息时不能够保证内容的合法性.6.5 P-Charging-Function-Addresses 一个封闭网络的代理服务器修改P-Charging-Function-Addresses的值 并将它插入到SIP请求或响应中的行为被认为是正常行为. 然而, 共享该信息的这些代理服务器必须存在一个信任关系. 如果不可信任实体插入到信任实体之间, 它有可能潜在的替换一个不同的计费功能地址. 因此, 为了防止这些攻击,必须应用一个完整必保护机制如 IPsec 或其它有效机制. 因为每个信任的proxy 可能需要查看或修改P-Charging-Function-Addresses 头的值, 所以保护应该在建立在逐跳的基础上.6.6 P-Charging-Vector 一个封闭网络的代理服务器修改P-Charging-Vector的值 并将它插入到SIP请求或响应中的行为被认为是正常行为. 然而, 共享该信息的这些代理服务器必须存在一个信任关系. 如果不可信任实体插入到信任实体之间, 它有可能潜在的干扰计费关联机制. 因此, 为了防止这些攻击,必须应用一个完整必保护机制如 IPsec 或其它有效机制. 因为每个信任的proxy 可能需要查看或修改P-Charging-Vector头的值, 所以保护应该在建立在逐跳的基础上.7. IANA 考虑 本文几个私有SIP 扩展头字段 (以前缀"P-"开始 ).Garcia-Martin, et. al. Informational [页 30]
RFC 3455 3GPP SIP P-Header 扩展 January 2003 这些扩展头已被包含到 SIP [1] 定义的SIP头字段条目中了. SIP 工作组提供了该过程所需的专家评审. 下面的扩展项被注册为私有扩展头字段: RFC 编号: RFC3455 头字段名称: P-Associated-URI 缩写: none RFC 编号: RFC3455 头字段名称: P-Called-Party-ID Compact Form: none RFC 编号: RFC3455 头字段名称: P-Visited-Network-ID 缩写: none RFC 编号: RFC3455 头字段名称: P-Access-Network-Info 缩写: none RFC 编号: RFC3455 头字段名称: P-Charging-Function-Addresses 缩写: none RFC 编号: RFC3455 头字段名称: P-Charging-Vector 缩写: none8. Contributors The extensions described in this document were originally specified in several documents. Miguel Garcia-Martin authored the P-Associated-URI, P-Called-Party-ID, and P-Visited-Network-ID headers. Duncan Mills authored the P-Access-Network-Info header. Eric Henrikson authored the P-Charging-Function-Addresses and P-Charging-Vector headers. Rohan Mahy assisted in the incorporation of these extensions into a single document.Garcia-Martin, et. al. Informational [页 31]
RFC 3455 3GPP SIP P-Header 扩展 January 20039. Acknowledgments The authors would like to thank Andrew Allen, Gabor Bajko, Gonzalo Camarillo, Keith Drage, Georg Mayer, Dean Willis, Rohan Mahy, Jonathan Rosenberg, Ya-Ching Tan and the 3GPP CN1 WG members for their comments on this document.10. Normative References [1] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [3] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997.11. Informative References [4] Garcia-Martin, M., "3rd-Generation Partnership Project (3GPP) Release 5 requirements on the Session Initiation Protocol (SIP)", Work in Progress. [5] Mankin, A., Bradner, S., Mahy, R., Willis, D., Ott, J. and B. Rosen, "Change Process for the Session Initiation Protocol (SIP)", BCP 67, RFC 3427, December 2002. [6] Roach, A., "Session Initiation Protocol (SIP)-Specific Event Notification", RFC 3265, June 2002. [7] Rosenberg, J. and H. Schulzrinne, "Reliability of Provisional Responses in Session Initiation Protocol (SIP)", RFC 3262, June 2002. [8] Donovan, S., "The SIP INFO Method", RFC 2976, October 2000. [9] Rosenberg, J., "The Session Initiation Protocol (SIP) UPDATE Method", RFC 3311, October 2002. [10] Campbell, B., Editor, Rosenberg, J., Schulzrinne, H., Huitema, C. and D. Gurle, "Session Initiation Protocol (SIP) Extension for Instant Messaging", RFC 3428, December 2002. [11] Sparks, R., "The SIP Refer Method", Work in Progress.Garcia-Martin, et. al. Informational [页 32]
RFC 3455 3GPP SIP P-Header 扩展 January 2003 [12] Barnes, M., "SIP Generic Request History Capability Requirements", Work in Progress. [13] Watson, M., "Short Term Requirements for Network Asserted Identity", RFC 3324, November 2002. [14] 3GPP, "TS 23.228: IP Multimedia Subsystem (IMS); Stage 2 (Release 5)", 3GPP 23.228, September 2002, <ftp://ftp.3gpp.org/ Specs/archive/23_series/23.228/>. [15] 3GPP, "TS 24.229: IP Multimedia Call Control Protocol based on SIP and SDP; Stage 3 (Release 5)", 3GPP 24.229, September 2002, <ftp://ftp.3gpp.org/Specs/archive/24_series/24.229/>. [16] 3GPP, "TS 32.200: Telecommunication Management; Charging management; Charging principles (Release 5)", 3GPP 32.200, June 2002, <ftp://ftp.3gpp.org/Specs/archive/32_series/32.200/>. [17] 3GPP, "TS 32.225: Telecommunication Management; Charging management; Charging Data Description for IP Multimedia Subsystem (Release 5)", 3GPP 32.225, September 2002, <ftp:// ftp.3gpp.org/Specs/archive/32_series/32.225/>.Authors' Addresses Miguel A. Garcia-Martin Ericsson Hirsalantie 11 Jorvas FIN-02420 Finland EMail: miguel.a.garcia@ericsson.com Eric Henrikson Lucent 11601 Willows Rd, Suite 100 Redmond, WA 98052 USA EMail: ehenrikson@lucent.com Duncan Mills Vodafone The Courtyard, 2-4 London Road Newbury, Berkshire RG14 1JX UK EMail: duncan.mills@vf.vodafone.co.ukGarcia-Martin, et. al. Informational [页 33]
RFC 3455 3GPP SIP P-Header 扩展 January 2003Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.Garcia-Martin, et. al. Informational [页 34]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -