Internet Engineering Task Force (IETF) J-F. Mule
Request for Comments: 6271 CableLabs
Category: Informational June 2011
ISSN: 2070-1721
Internet Engineering Task Force (IETF) J-F. Mule
Request for Comments: 6271 CableLabs
Category: Informational June 2011
ISSN: 2070-1721
Requirements for SIP-Based Session Peering
基于SIP的会话对等的要求
Abstract
摘要
This memo captures protocol requirements to enable session peering of voice, presence, instant messaging, and other types of multimedia traffic. This informational document is intended to link the various use cases described for session peering to protocol solutions.
此备忘录捕获协议要求,以支持语音、状态、即时消息和其他类型的多媒体通信的会话对等。本信息性文档旨在将会话对等所描述的各种用例链接到协议解决方案。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6271.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6271.
Copyright Notice
版权公告
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................2
2. Terminology .....................................................3
3. General Requirements ............................................3
3.1. Scope ......................................................4
3.2. Border Elements ............................................4
3.3. Session Establishment Data .................................8
3.3.1. User Identities and SIP URIs ........................8
3.3.2. URI Reachability ....................................9
4. Requirements for Session Peering of Presence and
Instant Messaging ..............................................10
5. Security Considerations ........................................12
5.1. Security Properties for the Acquisition of Session
Establishment Data ........................................12
5.2. Security Properties for the SIP Signaling Exchanges .......13
5.3. End-to-End Media Security .................................14
6. Acknowledgments ................................................15
7. References .....................................................15
7.1. Normative References ......................................15
7.2. Informative References ....................................15
Appendix A. Policy Parameters for Session Peering .................19
A.1. Categories of Parameters for VoIP Session Peering and
Justifications .............................................19
A.2. Summary of Parameters for Consideration in Session
Peering Policies ...........................................22
1. Introduction ....................................................2
2. Terminology .....................................................3
3. General Requirements ............................................3
3.1. Scope ......................................................4
3.2. Border Elements ............................................4
3.3. Session Establishment Data .................................8
3.3.1. User Identities and SIP URIs ........................8
3.3.2. URI Reachability ....................................9
4. Requirements for Session Peering of Presence and
Instant Messaging ..............................................10
5. Security Considerations ........................................12
5.1. Security Properties for the Acquisition of Session
Establishment Data ........................................12
5.2. Security Properties for the SIP Signaling Exchanges .......13
5.3. End-to-End Media Security .................................14
6. Acknowledgments ................................................15
7. References .....................................................15
7.1. Normative References ......................................15
7.2. Informative References ....................................15
Appendix A. Policy Parameters for Session Peering .................19
A.1. Categories of Parameters for VoIP Session Peering and
Justifications .............................................19
A.2. Summary of Parameters for Consideration in Session
Peering Policies ...........................................22
Peering at the session level represents an agreement between parties to exchange multimedia traffic. In this document, we assume that the Session Initiation Protocol (SIP) is used to establish sessions between SIP Service Providers (SSPs). SIP Service Providers are referred to as peers, and they are typically represented by users, user groups, enterprises, real-time collaboration service communities, or other service providers offering voice or multimedia services using SIP.
会话级别的对等表示各方之间交换多媒体流量的协议。在本文中,我们假设会话启动协议(SIP)用于在SIP服务提供商(SSP)之间建立会话。SIP服务提供商被称为对等方,它们通常由用户、用户组、企业、实时协作服务社区或使用SIP提供语音或多媒体服务的其他服务提供商表示。
A number of documents have been developed to provide background information about SIP session peering. It is expected that the reader is familiar with the reference architecture described in [ARCHITECTURE], use cases for voice ([VOIP]), and instant messaging and presence ([RFC5344]).
已经开发了许多文档来提供有关SIP会话对等的背景信息。希望读者熟悉[architecture]中描述的参考体系结构、语音([VOIP])用例以及即时消息和状态([RFC5344])。
Peering at the session layer can be achieved on a bilateral basis (direct peering established directly between two SSPs), or on an indirect basis via a session intermediary (indirect peering via a third-party SSP that has a trust relationship with the SSPs) -- see the terminology document [RFC5486] for more details.
会话层的对等可以在双边基础上实现(直接在两个SSP之间建立的直接对等),或者通过会话中介间接实现(通过与SSP具有信任关系的第三方SSP实现的间接对等)——有关更多详细信息,请参阅术语文档[RFC5486]。
This document first describes general requirements. The use cases are then analyzed in the spirit of extracting relevant protocol requirements that must be met to accomplish the use cases. These requirements are intended to be independent of the type of media exchanged such as Voice over IP (VoIP), video telephony, and instant messaging (IM). Requirements specific to presence and instant messaging are defined in Section 4.
本文件首先描述了一般要求。然后,本着提取完成用例必须满足的相关协议需求的精神,对用例进行分析。这些要求旨在独立于交换的媒体类型,如IP语音(VoIP)、视频电话和即时消息(IM)。第4节定义了状态和即时消息的特定要求。
It is not the goal of this document to mandate any particular use of IETF protocols other than SIP by SIP Service Providers in order to establish session peering. Instead, the document highlights what requirements should be met and what protocols might be used to define the solution space.
为了建立会话对等,本文档的目的不是强制SIP服务提供商使用SIP以外的IETF协议。相反,该文档强调了应该满足哪些需求以及可以使用哪些协议来定义解决方案空间。
Finally, we conclude with a list of parameters for the definition of a session peering policy, provided in an informative appendix. It should be considered as an example of the information SIP Service Providers may have to discuss or agree on to exchange SIP traffic.
最后,我们总结了一个用于定义会话对等策略的参数列表,该列表在信息性附录中提供。应将其视为SIP服务提供商可能必须讨论或同意交换SIP流量的信息的示例。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
This document also reuses the terminology defined in [RFC5486].
本文件还重用了[RFC5486]中定义的术语。
It is assumed that the reader is familiar with the Session Description Protocol (SDP) [RFC4566] and the Session Initiation Protocol (SIP) [RFC3261]. Finally, when used with capital letters, the term 'Authentication Service' is to be understood as defined by SIP Identity [RFC4474].
假设读者熟悉会话描述协议(SDP)[RFC4566]和会话发起协议(SIP)[RFC3261]。最后,当与大写字母一起使用时,术语“认证服务”应理解为SIP标识[RFC4474]所定义的。
The following sub-sections contain general requirements applicable to multiple use cases for multimedia session peering.
以下小节包含适用于多媒体会话对等的多个用例的一般要求。
The primary focus of this document is on the requirements applicable to the boundaries of Layer 5 SIP networks: SIP entities, signaling path border elements (SBEs), and the associated protocol requirements for the look-up and location routing of the session establishment data. The requirements applicable to SIP User Agents or related to the provisioning of the session data are considered out of scope.
本文件主要关注适用于第5层SIP网络边界的要求:SIP实体、信令路径边界元素(SBE)以及会话建立数据的查找和位置路由的相关协议要求。适用于SIP用户代理或与会话数据供应相关的要求被视为超出范围。
SIP Service Providers have to reach an agreement on numerous points when establishing session peering relationships.
在建立会话对等关系时,SIP服务提供商必须在许多方面达成一致。
This document highlights only certain aspects of a session peering agreement. It describes the requirements relevant to protocols in four areas: the declaration, advertisement and management of ingress and egress border elements for session signaling and media (Section 3.2), the information exchange related to the Session Establishment Data (SED, Section 3.3), specific requirements for presence and instant message (Section 4), and the security properties that may be desirable to secure session exchanges (Section 5).
本文档仅强调会话对等协议的某些方面。它在四个方面描述了与协议相关的要求:会话信令和媒体入口和出口边界元素的声明、广告和管理(第3.2节)、与会话建立数据相关的信息交换(SED,第3.3节)、存在和即时消息的具体要求(第4节),以及可能需要用于保护会话交换的安全属性(第5节)。
Numerous other considerations of session peering arrangements are critical to reach a successful agreement, but they are considered out of scope of this document. They include information about SIP protocol support (e.g., SIP extensions and field conventions), media (e.g., type of media traffic to be exchanged, compatible media codecs and transport protocols, mechanisms to ensure differentiated quality of service for media), Layer 3 IP connectivity between the signaling and data path border elements, and accounting and traffic capacity control (e.g., the maximum number of SIP sessions at each ingress point, or the maximum number of concurrent IM or VoIP sessions).
会话对等安排的许多其他考虑因素对于达成成功的协议至关重要,但它们被认为超出了本文档的范围。它们包括有关SIP协议支持(例如SIP扩展和现场约定)、媒体(例如,要交换的媒体流量类型、兼容的媒体编解码器和传输协议、确保媒体服务质量差异化的机制)、信令和数据路径边界元素之间的第3层IP连接的信息,以及计费和流量容量控制(例如,每个入口点的SIP会话的最大数量,或并发IM或VoIP会话的最大数量)。
The informative Appendix A lists parameters that may be considered when discussing the technical parameters of SIP session peering. The purpose of this list is to capture the parameters that are considered outside the scope of the protocol requirements.
信息性附录A列出了在讨论SIP会话对等的技术参数时可以考虑的参数。此列表的目的是捕获协议要求范围之外的参数。
For border elements to be operationally manageable, maximum flexibility should be given for how they are declared or dynamically advertised. Indeed, in any session peering environment, there is a need for a SIP Service Provider to declare or dynamically advertise the SIP entities that will face the peer's network. The data path border elements are typically signaled dynamically in the session description.
为了使边界元素在操作上易于管理,应该在如何声明或动态发布边界元素方面给予最大的灵活性。实际上,在任何会话对等环境中,SIP服务提供者都需要声明或动态地通告将面对对等网络的SIP实体。数据路径边界元素通常在会话描述中动态发出信号。
The use cases defined in [VOIP] catalog the various border elements between SIP Service Providers; they include signaling path border elements (SBEs) and SIP proxies (or any SIP entity at the boundary of the Layer 5 network).
[VOIP]中定义的用例对SIP服务提供商之间的各种边界元素进行了分类;它们包括信令路径边界元素(sbe)和SIP代理(或第5层网络边界处的任何SIP实体)。
o Requirement #1:
o 要求#1:
Protocol mechanisms MUST be provided to enable a SIP Service Provider to communicate the ingress signaling path border elements of its service domain.
必须提供协议机制,以使SIP服务提供商能够通信其服务域的入口信令路径边界元素。
Notes on solution space:
关于解决方案空间的说明:
The SBEs may be advertised to session peers using static mechanisms, or they may be dynamically advertised. There is general agreement that [RFC3263] provides a solution for dynamically advertising ingress SBEs in most cases of direct or indirect peering. We discuss the DNS-based solution space further in Requirement #4 below, especially in cases where the DNS response varies based on who sends the query (peer-dependent SBEs).
可以使用静态机制将sbe通告给会话对等方,或者可以动态通告sbe。人们普遍认为,[RFC3263]为大多数直接或间接对等情况下的SBE动态广告入口提供了解决方案。我们将在下面的需求#4中进一步讨论基于DNS的解决方案空间,特别是在DNS响应因发送查询的人(对等依赖SBE)而异的情况下。
o Requirement #2:
o 要求#2:
Protocol mechanisms MUST be provided to enable a SIP Service Provider to communicate the egress SBEs of its service domain.
必须提供协议机制,以使SIP服务提供商能够与其服务域的出口SBE进行通信。
Notes on motivations for this requirement:
关于这一要求动机的说明:
For the purposes of capacity planning, traffic engineering, and call admission control, a SIP Service Provider may be asked from where it will generate SIP calls. The SSP accepting calls from a peer may wish to know from where SIP calls will originate (this information is typically used by the terminating SSP).
出于容量规划、流量工程和呼叫接纳控制的目的,可以询问SIP服务提供商将从何处生成SIP呼叫。接受对等方呼叫的SSP可能希望知道SIP呼叫将从何处发起(此信息通常由终止SSP使用)。
While provisioning requirements are out of scope, some SSPs may find use for a mechanism to dynamically advertise or discover the egress SBEs of a peer.
虽然资源调配需求超出范围,但一些SSP可能会使用一种机制来动态公布或发现对等方的出口SBE。
If the SSP also provides media streams to its users as shown in the use cases for "originating" and "terminating" SSPs, a mechanism must exist to allow SSPs to advertise their egress and ingress data path border elements (DBEs), if applicable. While some SSPs may have open policies and accept media traffic from anywhere outside their network to anywhere inside their network, some SSPs may want to optimize media delivery and identify media paths between peers prior to traffic being sent (Layer 5 to Layer 3 Quality of Service (QoS) mapping).
如果SSP还向其用户提供媒体流,如“发起”和“终止”SSP的用例所示,则必须存在允许SSP公布其出入口数据路径边界元素(DBE)的机制(如适用)。虽然一些SSP可能具有开放策略并接受从其网络外部到其网络内部任何位置的媒体流量,但一些SSP可能希望在发送流量之前优化媒体交付并识别对等方之间的媒体路径(第5层到第3层服务质量(QoS)映射)。
o Requirement #3:
o 要求#3:
Protocol mechanisms MUST be provided to allow a SIP Service Provider to communicate its DBEs to its peers.
必须提供协议机制,以允许SIP服务提供商将其DBE与其对等方进行通信。
Notes: Some SSPs engaged in SIP interconnects do exchange this type of DBE information in a static manner. Some SSPs do not.
注:一些参与SIP互连的SSP以静态方式交换此类DBE信息。一些SSP没有。
In some SIP networks, SSPs may expose the same border elements to all peers. In other environments, it is common for SSPs to advertise specific SBEs and DBEs to certain peers. This is done by SSPs to meet specific objectives for a given peer: routing optimization of the signaling and media exchanges, optimization of the latency or throughput based on the 'best' SBE and DBE combination, and other service provider policy parameters. These are some of the reasons why advertisement of SBEs and DBEs may be peer dependent.
在一些SIP网络中,SSP可能向所有对等方公开相同的边界元素。在其他环境中,SSP向某些对等方公布特定SBE和DBE是常见的。这由SSP完成,以满足给定对等方的特定目标:信令和媒体交换的路由优化、基于“最佳”SBE和DBE组合的延迟或吞吐量优化,以及其他服务提供商策略参数。这些就是SBE和弱势商业企业的广告可能是对等依赖的一些原因。
o Requirement #4:
o 要求#4:
The mechanisms recommended for the declaration or advertisement of SBE and DBE entities MUST allow for peer variability.
SBE和弱势商业企业实体的声明或广告所建议的机制必须考虑对等可变性。
Notes on solution space:
关于解决方案空间的说明:
A simple solution is to advertise SBE entities using DNS and [RFC3263] by providing different DNS names to different peers. This approach has some practical limitations because the SIP URIs containing the DNS names used to resolve the SBEs may be propagated by users, for example, in the form of sip:user@domain. It is impractical to ask users to implement different target URIs based upon their SIP Service Provider's desire to receive incoming session signaling at different ingress SBEs based upon the originator. The solution described in [RFC3263] and based on DNS to advertise SBEs is therefore under specified for this requirement.
一个简单的解决方案是通过向不同的对等方提供不同的DNS名称,使用DNS和[RFC3263]公布SBE实体。此方法具有一些实际限制,因为包含用于解析SBE的DNS名称的SIP URI可能由用户传播,例如,以SIP的形式:user@domain. 要求用户根据其SIP服务提供商的愿望来实现不同的目标URI是不切实际的,因为他们的SIP服务提供商希望在不同的入口SBE(基于发起者)接收传入的会话信令。因此,[RFC3263]中描述的基于DNS的SBE广告解决方案不符合此要求。
Other DNS mechanisms have been used extensively in other areas of the Internet, in particular in Content Distribution Internetworking to make the DNS responses vary based on the originator of the DNS query (see [RFC3466], [RFC3568], and [RFC3570]). The applicability of such solutions for session peering needs further analysis.
其他DNS机制已广泛用于互联网的其他领域,特别是在内容分发互联网中,以使DNS响应根据DNS查询的发起人而有所不同(请参见[RFC3466]、[RFC3568]和[RFC3570])。这些解决方案对于会话对等的适用性需要进一步分析。
Finally, other techniques such as Anycast services ([RFC4786]) may be employed at lower layers than Layer 5 to provide a solution to this requirement. For example, anycast nodes could be defined by SIP service providers to expose a common address for SBEs into DNS, allowing the resolution of the anycast node address to the
最后,其他技术,如选播服务([RFC4786])可以在比第5层更低的层上使用,以提供满足此需求的解决方案。例如,SIP服务提供商可以定义选播节点,将SBE的公共地址公开到DNS中,从而允许将选播节点地址解析到DNS
appropriate peer-dependent service address based on the routing topology or other criteria gathered from the combined use of anycast and DNS techniques.
基于路由拓扑或通过组合使用选播和DNS技术收集的其他标准的适当对等依赖服务地址。
Notes on variability of the SBE advertisements based on the media capabilities:
基于媒体能力的SBE广告可变性说明:
Some SSPs may have some restrictions on the type of media traffic their SBEs can accept. For SIP sessions however, it is not possible to communicate those restrictions in advance of the session initiation: a SIP target may support voice-only media, voice and video, or voice and instant messaging communications. While the inability to find out whether a particular type of SIP session can be terminated by a certain SBE can cause session attempts to fail, there is consensus to not add a new requirement in this document. These aspects are essentially covered by SSPs when discussing traffic exchange policies and are deemed out of scope of this document.
某些SSP可能对其SBE可以接受的媒体流量类型有一些限制。然而,对于SIP会话,不可能在会话启动之前传达这些限制:SIP目标可能只支持语音媒体、语音和视频,或者语音和即时消息通信。虽然无法确定特定类型的SIP会话是否可以由特定SBE终止可能会导致会话尝试失败,但一致同意不在本文档中添加新要求。在讨论流量交换政策时,SSP基本上涵盖了这些方面,这些方面不在本文件的范围之内。
In the use cases provided as part of direct and indirect peering scenarios, an SSP deals with multiple SIP entities and multiple SBEs in its own domain. There is often a many-to-many relationship between the SIP proxies considered inside the trusted network boundary of the SSP and its signaling path border elements at the network boundaries.
在作为直接和间接对等场景的一部分提供的用例中,SSP在其自己的域中处理多个SIP实体和多个SBE。SSP的可信网络边界内考虑的SIP代理与网络边界处的信令路径边界元素之间通常存在多对多关系。
It should be possible for an SSP to define which egress SBE a SIP entity must use based on a given peer destination.
SSP应该能够根据给定的对等目的地定义SIP实体必须使用的出口SBE。
For example, in the case of a static direct peering scenario (Figure 2 in Section 5.2. of [VOIP]), it should be possible for the SIP proxy in the originating network (O-Proxy) to select the appropriate egress SBE (O-SBE) to reach the SIP target based on the information the proxy receives from the Look-Up Function (O-LUF), and/or Location Routing Function (O-LRF) -- message response labeled (2). Note that this example also applies to the case of indirect peering when a service provider has multiple service areas and each service area involves multiple SIP proxies and a few SBEs.
例如,在静态直接对等场景(VOIP第5.2节中的图2)的情况下,发起网络(O-proxy)中的SIP代理应该能够基于代理从查找功能(O-LUF)接收到的信息选择适当的出口SBE(O-SBE)到达SIP目标,和/或位置路由功能(O-LRF)——标记为(2)的消息响应。注意,当服务提供商具有多个服务区域并且每个服务区域涉及多个SIP代理和几个sbe时,该示例也适用于间接对等的情况。
o Requirement #5:
o 要求#5:
The mechanisms recommended for the Look-Up Function (LUF) and the Location Routing Functions (LRF) MUST be capable of returning both a target URI destination and a value providing the next SIP hop(s).
为查找功能(LUF)和位置路由功能(LRF)推荐的机制必须能够返回目标URI目的地和提供下一个SIP跃点的值。
Notes: solutions may exist depending on the choice of the protocol used between the Proxy and its LUF/LRF. The idea is for the O-Proxy to be provided with the next SIP hop and the equivalent of one or more SIP Route header values. If ENUM is used as a protocol for the LUF, the solution space is undefined.
注意:根据代理及其LUF/LRF之间使用的协议的选择,可能存在解决方案。其思想是为O-Proxy提供下一个SIP跃点和一个或多个SIP路由报头值的等效值。如果ENUM用作LUF的协议,则解决方案空间未定义。
It is desirable for an SSP to be able to communicate how authentication of a peer's SBEs will occur (see the security requirements for more details).
SSP最好能够传达对等方SBE的身份验证方式(有关更多详细信息,请参阅安全要求)。
o Requirement #6:
o 要求#6:
The mechanisms recommended for locating a peer's SBE MUST be able to convey how a peer should initiate secure session establishment.
建议用于定位对等方SBE的机制必须能够传达对等方应如何启动安全会话建立。
Notes: some mechanisms exist. For example, the required use of SIP over TLS may be discovered via [RFC3263], and guidelines concerning the use of the SIPS URI scheme in SIP have been documented in [RFC5630].
注:存在一些机制。例如,通过[RFC3263]可以发现需要在TLS上使用SIP,关于在SIP中使用SIPS URI方案的指南已记录在[RFC5630]中。
The Session Establishment Data (SED) is defined in [RFC5486] as the data used to route a call to the next hop associated with the called domain's ingress point. The following paragraphs capture some general requirements on the SED data.
会话建立数据(SED)在[RFC5486]中定义为用于将呼叫路由到与被叫域入口点关联的下一跳的数据。以下段落描述了SED数据的一些一般要求。
User identities used between peers can be represented in many different formats. Session Establishment Data should rely on URIs (Uniform Resource Identifiers, [RFC3986]) and SIP URIs should be preferred over tel URIs ([RFC3966]) for session peering of VoIP traffic.
对等方之间使用的用户身份可以用许多不同的格式表示。会话建立数据应依赖于URI(统一资源标识符[RFC3986]),对于VoIP流量的会话对等,SIP URI应优先于tel URI([RFC3966])。
The use of DNS domain names and hostnames is recommended in SIP URIs and they should be resolvable on the public Internet. As for the user part of the SIP URIs, the mechanisms for session peering should not require an SSP to be aware of which individual user identities are valid within its peer's domain.
建议在SIP URI中使用DNS域名和主机名,并且它们应该可以在公共Internet上解析。对于SIP uri的用户部分,会话对等机制不应要求SSP知道在其对等方的域中哪些用户身份是有效的。
o Requirement #7:
o 要求#7:
The protocols used for session peering MUST accommodate the use of different types of URIs. URIs with the same domain-part SHOULD share the same set of peering policies; thus, the domain of the SIP URI may be used as the primary key to any information
用于会话对等的协议必须适应不同类型URI的使用。具有相同域部分的URI应共享相同的对等策略集;因此,SIP URI的域可以用作任何信息的主键
regarding the reachability of that SIP URI. The host part of SIP URIs SHOULD contain a fully qualified domain name instead of a numeric IPv4 or IPv6 address.
关于SIPURI的可达性。SIP URI的主机部分应包含完全限定的域名,而不是数字IPv4或IPv6地址。
o Requirement #8:
o 要求#8:
The mechanisms for session peering should not require an SSP to be aware of which individual user identities are valid within its peer's domain.
会话对等机制不应要求SSP知道其对等域中哪些用户身份有效。
o Notes on the solution space for Requirements #7 and #8:
o 关于需求#7和#8的解决方案空间的注释:
This is generally well supported by IETF protocols. When telephone numbers are in tel URIs, SIP requests cannot be routed in accordance with the traditional DNS resolution procedures standardized for SIP as indicated in [RFC3824]. This means that the solutions built for session peering must not solely use Public Switched Telephone Network (PSTN) identifiers such as Service Provider IDs (SPIDs) or Trunk Group IDs (they should not be precluded but solutions should not be limited to these).
这通常得到IETF协议的良好支持。当电话号码位于电话URI中时,SIP请求不能按照[RFC3824]中规定的SIP标准化传统DNS解析程序进行路由。这意味着,为会话对等构建的解决方案不得仅使用公共交换电话网络(PSTN)标识符,如服务提供商ID(SPID)或中继组ID(不应排除它们,但解决方案不应限于这些)。
Motivations:
动机:
Although SED data may be based on E.164-based SIP URIs for voice interconnects, a generic peering methodology should not rely on such E.164 numbers.
尽管SED数据可能基于用于语音互连的基于E.164的SIP URI,但通用对等方法不应依赖于此类E.164号码。
Based on a well-known URI type (e.g., sip:, pres:, or im: URIs), it must be possible to determine whether the SSP domain servicing the URI allows for session peering, and if it does, it should be possible to locate and retrieve the domain's policy and SBE entities.
根据已知的URI类型(例如sip:、pres:、或im:URI),必须能够确定为URI提供服务的SSP域是否允许会话对等,如果允许,则应该能够定位和检索域的策略和SBE实体。
For example, an originating service provider must be able to determine whether a SIP URI is open for direct interconnection without requiring an SBE to initiate a SIP request. Furthermore, since each call setup implies the execution of any proposed algorithm, the establishment of a SIP session via peering should incur minimal overhead and delay, and employ caching wherever possible to avoid extra protocol round trips.
例如,发起服务提供商必须能够确定SIP URI是否为直接互连而开放,而无需SBE发起SIP请求。此外,由于每个呼叫设置都意味着执行任何提出的算法,因此通过对等建立SIP会话应产生最小的开销和延迟,并尽可能使用缓存来避免额外的协议往返。
o Requirement #9:
o 要求#9:
The mechanisms for session peering MUST allow an SBE to locate its peer SBE given a URI type and the target SSP domain name.
会话对等机制必须允许SBE在给定URI类型和目标SSP域名的情况下定位其对等SBE。
This section describes requirements for presence and instant messaging session peering.
本节介绍状态和即时消息会话对等的要求。
Two SSPs create a peering relationship to enable their IM and presence users to collaborate with users on the other SSP network. We focus the requirements on inter-domain subscriptions to presence information, the exchange of messages and privacy settings, and the use of standard presence document formats across domains.
两个SSP创建对等关系,使其IM和状态用户能够与另一个SSP网络上的用户协作。我们将重点放在对状态信息的域间订阅、消息交换和隐私设置以及跨域使用标准状态文档格式上。
Several use cases for presence and instant messaging peering are described in [RFC5344], a document authored by A. Houri, E. Aoki, and S. Parameswar. Credits for the original content captured from these use cases into requirements in this section must go to them.
[RFC5344]中描述了存在和即时消息对等的几个用例,该文档由a.Houri、E.Aoki和S.Parameswar编写。从这些用例捕获到本节需求的原始内容的信用必须归他们所有。
o Requirement #10:
o 要求#10:
The mechanisms recommended for the exchange of presence information between SSPs SHOULD allow a user of one presence community to send a presence subscription request to presentities served by another SSP via its local community, including subscriptions to a single presentity, a personal, public or ad hoc group list of presentities.
SSP之间状态信息交换的推荐机制应允许一个状态社区的用户通过其本地社区向另一SSP服务的状态实体发送状态订阅请求,包括对单个状态实体、个人、公共或特设组状态实体列表的订阅。
Notes: see Sections 2.1 and 2.2 of [RFC5344].
注:见[RFC5344]第2.1节和第2.2节。
o Requirement #11:
o 要求#11:
The mechanisms recommended for instant messaging exchanges between SSPs SHOULD allow a user of one SSP's community to communicate with users of the other SSP community via their local community using the various methods. Note that some SSPs may exercise some control over which methods are allowed based on service policies. Such methods include sending a one-time IM message, initiating a SIP session for transporting sessions of messages, participating in n-way chats using chat rooms with users from the peer SSPs, etc.
SSP之间即时消息交换的推荐机制应允许一个SSP社区的用户通过其本地社区使用各种方法与另一个SSP社区的用户进行通信。请注意,一些SSP可以根据服务策略对允许哪些方法进行某种控制。此类方法包括发送一次性IM消息、发起用于传输消息会话的SIP会话、使用与来自对等ssp的用户的聊天室参与n路聊天等。
Notes: see Sections 2.4, 2.5, and 2.6 of [RFC5344].
注:见[RFC5344]第2.4、2.5和2.6节。
o Requirement #12:
o 要求#12:
In some presence communities, users can define the list of watchers that receive presence notifications for a given presentity. Such privacy settings for watcher notifications per presentity are typically not shared across SSPs causing multiple notifications to be sent for one presentity change between SSPs.
在某些状态社区中,用户可以定义接收给定状态实体的状态通知的观察者列表。每个存在实体的观察者通知的此类隐私设置通常不会在SSP之间共享,从而导致在SSP之间为一个存在实体更改发送多个通知。
The sharing of those privacy settings per presentity between SSPs would allow fewer notifications: a single notification would be sent per presentity and the terminating SSP would send notifications to the appropriate watchers according to the presentity's privacy information.
SSP之间每个实体共享这些隐私设置将允许更少的通知:每个实体将发送一个通知,终止SSP将根据实体的隐私信息向适当的观察者发送通知。
The mechanisms recommended for presence information exchanges between SSPs SHOULD allow the sharing of some user privacy settings in order for users to convey the list of watchers that can receive notification of presence information changes on a per-presentity basis.
SSP之间状态信息交换的推荐机制应允许共享一些用户隐私设置,以便用户传达可以接收每个状态实体状态信息更改通知的观察者列表。
The privacy sharing mechanism must be done with the express consent of the user whose privacy settings will be shared with the other community. Because of the privacy-sensitive information exchanged between SSPs, the protocols used for the exchange of presence information must follow the security recommendations defined in Section 6 of [RFC3863].
隐私共享机制必须得到将与其他社区共享其隐私设置的用户的明确同意。由于SSP之间交换的隐私敏感信息,用于交换状态信息的协议必须遵循[RFC3863]第6节中定义的安全建议。
Notes: see Section 2.3 of [RFC5344].
注:见[RFC5344]第2.3节。
o Requirement #13:
o 要求#13:
It should be possible for an SSP to associate a presence document with a list of watchers in the peer SSP community so that the peer watchers can receive the presence document notifications. This will enable sending less presence document notifications between the communities while avoiding the need to share privacy information of presentities from one community to the other.
SSP应该可以将状态文档与对等SSP社区中的观察者列表相关联,以便对等观察者可以接收状态文档通知。这将允许在社区之间发送较少的状态文档通知,同时避免在社区之间共享状态实体的隐私信息。
The systems used to exchange presence documents between SSPs SHOULD allow a presence document to be delivered to one or more watchers.
用于在SSP之间交换状态文件的系统应允许将状态文件交付给一个或多个观察者。
Note: The presence document and the list of authorized watchers in the peer SSP may be sent separately. Also, the privacy-sharing mechanisms defined in Requirement #12 also apply to this requirement.
注:对等SSP中的出席文件和授权观察员名单可单独发送。此外,要求#12中定义的隐私共享机制也适用于此要求。
o Requirement #14:
o 要求#14:
Early deployments of SIP-based presence and instant messaging gateways have been done in front of legacy proprietary systems that use different naming schemes or name values for the elements and properties defined in a Presence Information Data Format (PIDF) document ([RFC3863]). For example, the value "Do Not Disturb" in one presence service may be mapped to "Busy" in
基于SIP的状态和即时消息网关的早期部署已经在遗留专有系统之前完成,这些系统使用不同的命名方案或名称值来表示状态信息数据格式(PIDF)文档([RFC3863])中定义的元素和属性。例如,一个存在服务中的值“请勿打扰”可以映射为该服务中的“忙”
another system for the status element. Beyond this example of status values, it is important to ensure that the meaning of the presence information is preserved between SSPs.
状态元素的另一个系统。除了此状态值示例之外,重要的是确保在SSP之间保留存在信息的含义。
The systems used to exchange presence documents between SSPs SHOULD use standard PIDF documents and translate any non-standard value of a PIDF element to a standard one.
用于在SSP之间交换状态文档的系统应使用标准PIDF文档,并将PIDF元素的任何非标准值转换为标准值。
This section describes the security properties that are desirable for the protocol exchanges in scope of session peering. Three types of information flows are described in the architecture and use case documents: the acquisition of the Session Establishment Data (SED) based on a destination target via the Look-Up and Location Routing Functions (LUF and LRF), the SIP signaling between SIP Service Providers, and the associated media exchanges.
本节描述会话对等范围内协议交换所需的安全属性。体系结构和用例文档中描述了三种类型的信息流:通过查找和定位路由功能(LUF和LRF)基于目的地目标获取会话建立数据(SED)、SIP服务提供商之间的SIP信令以及相关联的媒体交换。
This section is focused on three security services: authentication, data confidentiality, and data integrity as summarized in [RFC3365]. However, this text does not specify the mandatory-to-implement security mechanisms as required by [RFC3365]; this is left for future protocol solutions that meet the requirements.
本节重点介绍三种安全服务:身份验证、数据机密性和数据完整性,如[RFC3365]所述。但是,本文并未规定按照[RFC3365]的要求实施安全机制的强制性要求;这将留给满足要求的未来协议解决方案。
A security threat analysis provides additional guidance for session peering ([VOIPTHREATS]).
安全威胁分析为会话对等([VOIPTHREATS])提供了额外的指导。
5.1. Security Properties for the Acquisition of Session Establishment Data
5.1. 获取会话建立数据的安全属性
The Look-Up Function (LUF) and Location Routing Function (LRF) are defined in [RFC5486]. They provide mechanisms for determining the SIP target address and domain the request should be sent to, and the associated SED to route the request to that domain.
[RFC5486]中定义了查找功能(LUF)和位置路由功能(LRF)。它们提供了用于确定请求应发送到的SIP目标地址和域以及将请求路由到该域的相关SED的机制。
o Requirement #15:
o 要求#15:
The protocols used to query the Look-Up and Location Routing Functions SHOULD support mutual authentication.
用于查询查找和位置路由功能的协议应支持相互身份验证。
Motivations:
动机:
A mutual authentication service should be provided for the LUF and LRF protocol exchanges. The content of the response returned by the LUF and LRF may depend on the identity of the requestor: the authentication of the LUF and LRF requests is therefore a desirable property. Mutual authentication is also desirable: the requestor may verify the identity of the systems that provided the
应为LUF和LRF协议交换提供相互认证服务。LUF和LRF返回的响应内容可能取决于请求者的身份:因此,LUF和LRF请求的身份验证是一个理想的属性。相互认证也是可取的:请求者可以验证提供认证的系统的身份
LUF and LRF responses given the nature of the data returned in those responses. Authentication also provides some protection for the availability of the LUF and LRF against attackers that would attempt to launch Denial-of-Service (DoS) attacks by sending bogus requests causing the LUF to perform a lookup and consume resources.
LUF和LRF响应,考虑到这些响应中返回的数据的性质。身份验证还为LUF和LRF的可用性提供了一定的保护,以防攻击者通过发送虚假请求,导致LUF执行查找并消耗资源,试图发起拒绝服务(DoS)攻击。
o Requirement #16:
o 要求#16:
The protocols used to query the Look-Up and Location Routing Functions SHOULD provide support for data confidentiality and integrity.
用于查询查找和位置路由功能的协议应提供对数据机密性和完整性的支持。
Motivations:
动机:
Given the sensitive nature of the session establishment data exchanged with the LUF and LRF functions, the protocol mechanisms chosen for the look-up and location routing should offer data confidentiality and integrity protection (SED data may contain user addresses, SIP URI, location of SIP entities at the boundaries of SIP Service Provider domains, etc.).
鉴于与LUF和LRF功能交换的会话建立数据的敏感性,为查找和位置路由选择的协议机制应提供数据机密性和完整性保护(SED数据可能包含用户地址、SIP URI、SIP实体在SIP服务提供商域边界上的位置等)。
o Notes on the solution space for Requirements #15 and #16:
o 关于需求#15和#16的解决方案空间的注释:
ENUM, SIP, and proprietary protocols are typically used today for accessing these functions. Even though SSPs may use lower-layer security mechanisms to guarantee some of those security properties, candidate protocols for the LUF and LRF should meet the above requirements.
ENUM、SIP和专有协议目前通常用于访问这些功能。尽管SSP可以使用较低层的安全机制来保证某些安全属性,但LUF和LRF的候选协议应满足上述要求。
The SIP signaling exchanges are out of scope of this document. This section describes some of the security properties that are desirable in the context of SIP interconnects between SSPs without formulating any normative requirements.
SIP信令交换不在本文档的范围内。本节描述了在SSP之间的SIP互连环境中需要的一些安全属性,而无需制定任何规范性要求。
In general, the security properties desirable for the SIP exchanges in an inter-domain context apply to session peering. These include:
通常,域间上下文中SIP交换所需的安全属性适用于会话对等。这些措施包括:
o securing the transport of SIP messages between the peers' SBEs. Authentication of SIP communications is desirable, especially in the context of session peering involving SIP intermediaries. Data confidentiality and integrity of the SIP message body may be desirable as well given some of the levels of session peering indirection (indirect/assisted peering), but they could be harmful as they may prevent intermediary SSPs from "inserting" SBEs/DBEs along the signaling and data paths.
o 保护对等方SBE之间SIP消息的传输。SIP通信的认证是可取的,尤其是在涉及SIP中介的会话对等的上下文中。考虑到会话间接对等(间接/辅助对等)的一些级别,SIP消息体的数据机密性和完整性也可能是可取的,但是它们可能是有害的,因为它们可能阻止中间ssp沿信令和数据路径“插入”sbe/dbe。
o providing an Authentication Service to authenticate the identity of connected users based on the SIP Service Provider domains (for both the SIP requests and the responses).
o 提供身份验证服务,以基于SIP服务提供商域(针对SIP请求和响应)对连接用户的身份进行身份验证。
The fundamental mechanisms for securing SIP between proxy servers intra- and inter-domain are applicable to session peering; refer to Section 26.2 of [RFC3261] for transport-layer security of SIP messages using TLS, [RFC5923] for establishing TLS connections between proxies, [RFC4474] for the protocol mechanisms to verify the identity of the senders of SIP requests in an inter-domain context, and [RFC4916] for verifying the identity of the sender of SIP responses).
保护域内和域间代理服务器之间SIP的基本机制适用于会话对等;参考[RFC3261]第26.2节了解使用TLS的SIP消息的传输层安全性[RFC5923]了解在代理之间建立TLS连接[RFC4474]了解验证域间上下文中SIP请求发送方身份的协议机制[RFC4916]了解验证SIP响应发送方身份的协议机制)。
Media security is critical to guarantee end-to-end confidentiality of the communication between the end-users' devices, independently of how many direct or indirect peers are present along the signaling path. A number of desirable security properties emerge from this goal.
媒体安全对于保证终端用户设备之间通信的端到端机密性至关重要,与信令路径上存在多少直接或间接对等点无关。这一目标产生了许多理想的安全特性。
The establishment of media security may be achieved along the media path and not over the signaling path given the indirect peering use cases.
考虑到间接对等使用情况,可以沿媒体路径而不是通过信令路径实现媒体安全性的建立。
For example, media carried over the Real-Time Protocol (RTP) can be secured using secure RTP (SRTP [RFC3711]). A framework for establishing SRTP security using Datagram TLS (DTLS) [RFC4347] is described in [RFC5763]: it allows for end-to-end media security establishment using extensions to DTLS ([RFC5764]).
例如,通过实时协议(RTP)携带的媒体可以使用安全RTP(SRTP[RFC3711])进行安全保护。[RFC5763]中描述了使用数据报TLS(DTL)[RFC4347]建立SRTP安全性的框架:它允许使用DTL的扩展([RFC5764])建立端到端媒体安全性。
It should also be noted that media can be carried in numerous protocols other than RTP such as SIP (SIP MESSAGE method), MSRP (the Message Session Relay Protocol, [RFC4975], XMPP (the Extensible Messaging and Presence Protocol, [RFC6120]), and many others. Media may also be carried over TCP ([RFC4571]), and it can be encrypted over secure connection-oriented transport sessions over TLS ([RFC4572]).
还应注意的是,除了RTP之外,媒体还可以通过许多协议进行传输,如SIP(SIP消息方法)、MSRP(消息会话中继协议[RFC4975]、XMPP(可扩展消息和状态协议[RFC6120])和许多其他协议。媒体也可以通过TCP([RFC4571])进行传输,并且它可以通过TLS([RFC4572])上的面向连接的安全传输会话进行加密。
A desirable security property for session peering is for SIP entities to be transparent to the end-to-end media security negotiations: SIP entities should not intervene in the Session Description Protocol (SDP) exchanges for end-to-end media security.
会话对等的理想安全属性是SIP实体对端到端媒体安全协商是透明的:SIP实体不应干预用于端到端媒体安全的会话描述协议(SDP)交换。
o Requirement #17:
o 要求#17:
The protocols used to enable session peering MUST NOT interfere with the exchanges of media security attributes in SDP. Media attribute lines that are not understood by SBEs MUST be ignored and passed along the signaling path untouched.
用于启用会话对等的协议不得干扰SDP中媒体安全属性的交换。SBE无法理解的媒体属性行必须忽略,并沿信令路径不受影响地传递。
This document is based on the input and contributions made by a large number of people including: Bernard Aboba, Edwin Aoki, Scott Brim, John Elwell, Patrik Faltstrom, Mike Hammer, Avshalom Houri, Otmar Lendl, Jason Livingood, Daryl Malas, Dave Meyer, Bob Natale, Sriram Parameswar, Jon Peterson, Benny Rodrig, Brian Rosen, Eric Rosenfeld, Peter Saint-Andre, David Schwartz, Richard Shocky, Henry Sinnreich, Richard Stastny, and Adam Uzelac.
本文件基于大量人士的投入和贡献,包括:伯纳德·阿博巴、埃德温·青木、斯科特·布里姆、约翰·埃尔维尔、帕特里克·法尔茨特罗姆、迈克·哈默、阿夫沙洛姆·胡里、奥特玛·伦德尔、杰森·利文戈德、达里尔·马拉斯、戴夫·迈耶、鲍勃·纳塔尔、斯利拉姆·帕拉梅斯瓦尔、乔恩·彼得森、本尼·罗德里格、布赖恩·罗森、埃里克·罗森菲尔德、,彼得·圣安德烈、大卫·施瓦茨、理查德·肖基、亨利·辛里奇、理查德·斯塔斯尼和亚当·乌泽拉克。
Specials thanks go to Rohan Mahy, Brian Rosen, and John Elwell for their initial documents describing guidelines or best current practices in various environments, to Avshalom Houri, Edwin Aoki, and Sriram Parameswar for authoring the presence and instant messaging requirements, and to Dan Wing for providing detailed feedback on the Security Consideration sections.
特别感谢Rohan Mahy、Brian Rosen和John Elwell提供了描述各种环境中的指导原则或最佳实践的初始文档,感谢Avshalom Houri、Edwin Aoki和Sriram Parameswar编写了状态和即时消息要求,并向Dan Wing提供关于安全考虑部分的详细反馈。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[ARCHITECTURE] Malas, D. and J. Livingood, "Session PEERing for Multimedia INTerconnect Architecture", Work in Progress, February 2011.
[架构]Malas,D.和J.Livingood,“多媒体互连架构的会话对等”,正在进行的工作,2011年2月。
[RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse-Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, September 1997.
[RFC2198]Perkins,C.,Kouvelas,I.,Hodson,O.,Hardman,V.,Handley,M.,Bolot,J.,Vega Garcia,A.,和S.Fosse Parisis,“冗余音频数据的RTP有效载荷”,RFC 21981997年9月。
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.
[RFC3261]Rosenberg,J.,Schulzrinne,H.,Camarillo,G.,Johnston,A.,Peterson,J.,Sparks,R.,Handley,M.,和E.Schooler,“SIP:会话启动协议”,RFC 3261,2002年6月。
[RFC3263] Rosenberg, J. and H. Schulzrinne, "Session Initiation Protocol (SIP): Locating SIP Servers", RFC 3263, June 2002.
[RFC3263]Rosenberg,J.和H.Schulzrinne,“会话启动协议(SIP):定位SIP服务器”,RFC 3263,2002年6月。
[RFC3365] Schiller, J., "Strong Security Requirements for Internet Engineering Task Force Standard Protocols", BCP 61, RFC 3365, August 2002.
[RFC3365]Schiller,J.“互联网工程任务组标准协议的强大安全要求”,BCP 61,RFC 3365,2002年8月。
[RFC3455] Garcia-Martin, M., Henrikson, E., and D. Mills, "Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd-Generation Partnership Project (3GPP)", RFC 3455, January 2003.
[RFC3455]Garcia Martin,M.,Henrikson,E.,和D.Mills,“第三代合作伙伴关系项目(3GPP)会话启动协议(SIP)的专用头(P头)扩展”,RFC 3455,2003年1月。
[RFC3466] Day, M., Cain, B., Tomlinson, G., and P. Rzewski, "A Model for Content Internetworking (CDI)", RFC 3466, February 2003.
[RFC3466]Day,M.,Cain,B.,Tomlinson,G.,和P.Rzewski,“内容互联网(CDI)模型”,RFC 3466,2003年2月。
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, July 2003.
[RFC3550]Schulzrinne,H.,Casner,S.,Frederick,R.,和V.Jacobson,“RTP:实时应用的传输协议”,STD 64,RFC 35502003年7月。
[RFC3568] Barbir, A., Cain, B., Nair, R., and O. Spatscheck, "Known Content Network (CN) Request-Routing Mechanisms", RFC 3568, July 2003.
[RFC3568]Barbir,A.,Cain,B.,Nair,R.,和O.Spatscheck,“已知内容网络(CN)请求路由机制”,RFC 3568,2003年7月。
[RFC3570] Rzewski, P., Day, M., and D. Gilletti, "Content Internetworking (CDI) Scenarios", RFC 3570, July 2003.
[RFC3570]Rzewski,P.,Day,M.,和D.Gilletti,“内容互联网(CDI)场景”,RFC 35702003年7月。
[RFC3611] Friedman, T., Caceres, R., and A. Clark, "RTP Control Protocol Extended Reports (RTCP XR)", RFC 3611, November 2003.
[RFC3611]Friedman,T.,Caceres,R.,和A.Clark,“RTP控制协议扩展报告(RTCP XR)”,RFC 36112003年11月。
[RFC3702] Loughney, J. and G. Camarillo, "Authentication, Authorization, and Accounting Requirements for the Session Initiation Protocol (SIP)", RFC 3702, February 2004.
[RFC3702]Loughney,J.和G.Camarillo,“会话启动协议(SIP)的身份验证、授权和记帐要求”,RFC 3702,2004年2月。
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, March 2004.
[RFC3711]Baugher,M.,McGrew,D.,Naslund,M.,Carrara,E.,和K.Norrman,“安全实时传输协议(SRTP)”,RFC 37112004年3月。
[RFC3824] Peterson, J., Liu, H., Yu, J., and B. Campbell, "Using E.164 numbers with the Session Initiation Protocol (SIP)", RFC 3824, June 2004.
[RFC3824]Peterson,J.,Liu,H.,Yu,J.,和B.Campbell,“在会话启动协议(SIP)中使用E.164号码”,RFC 38242004年6月。
[RFC3863] Sugano, H., Fujimoto, S., Klyne, G., Bateman, A., Carr, W., and J. Peterson, "Presence Information Data Format (PIDF)", RFC 3863, August 2004.
[RFC3863]Sugano,H.,Fujimoto,S.,Klyne,G.,Batman,A.,Carr,W.,和J.Peterson,“状态信息数据格式(PIDF)”,RFC 38632004年8月。
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, December 2004.
[RFC3966]Schulzrinne,H.,“电话号码的电话URI”,RFC 3966,2004年12月。
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005.
[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,2005年1月。
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security", RFC 4347, April 2006.
[RFC4347]Rescorla,E.和N.Modadugu,“数据报传输层安全”,RFC 4347,2006年4月。
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)", RFC 4474, August 2006.
[RFC4474]Peterson,J.和C.Jennings,“会话启动协议(SIP)中身份验证管理的增强”,RFC 4474,2006年8月。
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP: Session Description Protocol", RFC 4566, July 2006.
[RFC4566]Handley,M.,Jacobson,V.,和C.Perkins,“SDP:会话描述协议”,RFC4566,2006年7月。
[RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) Packets over Connection-Oriented Transport", RFC 4571, July 2006.
[RFC4571]Lazzaro,J.,“面向连接传输上的帧实时传输协议(RTP)和RTP控制协议(RTCP)数据包”,RFC 4571,2006年7月。
[RFC4572] Lennox, J., "Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)", RFC 4572, July 2006.
[RFC4572]Lennox,J.,“会话描述协议(SDP)中传输层安全(TLS)协议上的面向连接的媒体传输”,RFC 4572,2006年7月。
[RFC4786] Abley, J. and K. Lindqvist, "Operation of Anycast Services", BCP 126, RFC 4786, December 2006.
[RFC4786]Abley,J.和K.Lindqvist,“任意广播服务的运营”,BCP 126,RFC 4786,2006年12月。
[RFC4916] Elwell, J., "Connected Identity in the Session Initiation Protocol (SIP)", RFC 4916, June 2007.
[RFC4916]Elwell,J.,“会话启动协议(SIP)中的连接身份”,RFC 4916,2007年6月。
[RFC4975] Campbell, B., Mahy, R., and C. Jennings, "The Message Session Relay Protocol (MSRP)", RFC 4975, September 2007.
[RFC4975]Campbell,B.,Mahy,R.,和C.Jennings,“消息会话中继协议(MSRP)”,RFC 49752007年9月。
[RFC5344] Houri, A., Aoki, E., and S. Parameswar, "Presence and Instant Messaging Peering Use Cases", RFC 5344, October 2008.
[RFC5344]Houri,A.,Aoki,E.,和S.Parameswar,“状态和即时消息对等使用案例”,RFC 5344,2008年10月。
[RFC5411] Rosenberg, J., "A Hitchhiker's Guide to the Session Initiation Protocol (SIP)", RFC 5411, February 2009.
[RFC5411]Rosenberg,J.,“会话启动协议(SIP)搭便车指南”,RFC 5411,2009年2月。
[RFC5486] Malas, D. and D. Meyer, "Session Peering for Multimedia Interconnect (SPEERMINT) Terminology", RFC 5486, March 2009.
[RFC5486]Malas,D.和D.Meyer,“多媒体互连的会话对等(SPEERMINT)术语”,RFC 54862009年3月。
[RFC5503] Andreasen, F., McKibben, B., and B. Marshall, "Private Session Initiation Protocol (SIP) Proxy-to-Proxy Extensions for Supporting the PacketCable Distributed Call Signaling Architecture", RFC 5503, March 2009.
[RFC5503]Andreasen,F.,McKibben,B.,和B.Marshall,“支持分组电缆分布式呼叫信令体系结构的专用会话发起协议(SIP)代理到代理扩展”,RFC 5503,2009年3月。
[RFC5630] Audet, F., "The Use of the SIPS URI Scheme in the Session Initiation Protocol (SIP)", RFC 5630, October 2009.
[RFC5630]Audet,F.“会话启动协议(SIP)中SIPS URI方案的使用”,RFC 5630,2009年10月。
[RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)", RFC 5763, May 2010.
[RFC5763]Fischl,J.,Tschofenig,H.,和E.Rescorla,“使用数据报传输层安全性(DTLS)建立安全实时传输协议(SRTP)安全上下文的框架”,RFC 5763,2010年5月。
[RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)", RFC 5764, May 2010.
[RFC5764]McGrew,D.和E.Rescorla,“为安全实时传输协议(SRTP)建立密钥的数据报传输层安全(DTLS)扩展”,RFC 5764,2010年5月。
[RFC5923] Gurbani, V., Mahy, R., and B. Tate, "Connection Reuse in the Session Initiation Protocol (SIP)", RFC 5923, June 2010.
[RFC5923]Gurbani,V.,Mahy,R.,和B.Tate,“会话启动协议(SIP)中的连接重用”,RFC 59232010年6月。
[RFC6076] Malas, D. and A. Morton, "Basic Telephony SIP End-to-End Performance Metrics", RFC 6076, January 2011.
[RFC6076]Malas,D.和A.Morton,“基本电话SIP端到端性能指标”,RFC 60762011年1月。
[RFC6120] Saint-Andre, P., "Extensible Messaging and Presence Protocol (XMPP): Core", RFC 6120, March 2011.
[RFC6120]Saint Andre,P.,“可扩展消息和状态协议(XMPP):核心”,RFC61202011年3月。
[VOIP] Uzelac, A. and Y. Lee, "VoIP SIP Peering Use Cases", Work in Progress, April 2010.
[VOIP]Uzelac,A.和Y.Lee,“VOIP SIP对等用例”,正在进行的工作,2010年4月。
[VOIPTHREATS] Seedorf, J., Niccolini, S., Chen, E., and H. Scholz, "Session Peering for Multimedia Interconnect (SPEERMINT) Security Threats and Suggested Countermeasures", Work in Progress, March 2011.
[VOIPTHREATS]Seedorf,J.,Niccolini,S.,Chen,E.,和H.Scholz,“多媒体互连的会话对等(SPEERMINT)安全威胁和建议对策”,正在进行的工作,2011年3月。
This informative appendix lists various types of parameters that should be considered by implementers when deciding what configuration variables to expose to system administrators or management stations, as well as SSPs or federations of SSPs when discussing the technical part of a session peering policy.
本资料性附录列出了实施者在决定向系统管理员或管理站公开哪些配置变量时应考虑的各种类型的参数,以及在讨论会话对等策略的技术部分时SSP或SSP联合体。
In the context of session peering, a policy can be defined as the set of parameters and other information needed by an SSP to exchange traffic with another peer. Some of the session policy parameters may be statically exchanged and set throughout the lifetime of the peering relationship. Other parameters may be discovered and updated dynamically using some explicit protocol mechanisms. These dynamic parameters may be session dependent, or they may apply over multiple sessions or peers.
在会话对等环境中,策略可以定义为SSP与另一对等方交换流量所需的一组参数和其他信息。某些会话策略参数可以在对等关系的整个生命周期内静态交换和设置。可以使用一些显式协议机制动态地发现和更新其他参数。这些动态参数可能依赖于会话,也可能应用于多个会话或对等方。
Various types of policy information may need to be discovered or exchanged in order to establish session peering. At a minimum, a policy should specify information related to session establishment data in order to avoid session establishment failures. A policy may also include information related to QoS, billing and accounting, and Layer 3 related interconnect requirements, which are out of the scope of this document.
为了建立会话对等,可能需要发现或交换各种类型的策略信息。策略至少应指定与会话建立数据相关的信息,以避免会话建立失败。策略还可能包括与QoS、计费和记帐以及与第3层相关的互连要求相关的信息,这些信息不在本文档的范围内。
Some aspects of session peering policies must be agreed to and manually implemented; they are static and are typically documented as part of a business contract, technical document, or agreement between parties. For some parameters linked to protocol support and capabilities, standard ways of expressing those policy parameters may be defined among SSPs and exchanged dynamically. For example, templates could be created in various document formats so that it could be possible to dynamically discover some of the domain policy. Such templates could be initiated by implementers. For each software or hardware release, the template could list supported RFCs, and the associated RFC parameters implemented in the given release in a standard format. Each SSP would then complete the template and adapt its content based on its service description, the deployed server or device configurations and the variation of these configurations based on peer relationships.
会话对等策略的某些方面必须商定并手动执行;它们是静态的,通常作为业务合同、技术文档或双方协议的一部分进行记录。对于与协议支持和功能相关联的一些参数,可以在SSP之间定义并动态交换表示这些策略参数的标准方式。例如,可以以各种文档格式创建模板,以便能够动态发现某些域策略。这些模板可以由实现者发起。对于每个软件或硬件版本,模板可以以标准格式列出支持的RFC以及给定版本中实现的相关RFC参数。然后,每个SSP将完成模板,并根据其服务描述、部署的服务器或设备配置以及这些配置基于对等关系的变化来调整其内容。
A.1. Categories of Parameters for VoIP Session Peering and Justifications
A.1. VoIP会话对等的参数类别和理由
The following list should be considered as an initial list of "discussion topics" to be addressed by peers when initiating a VoIP peering relationship.
以下列表应被视为发起VoIP对等关系时对等方要解决的“讨论主题”的初始列表。
o IP Network Connectivity:
o IP网络连接:
Session peers should define the IP network connectivity between their respective SBEs and DBEs. While this is out of scope of session peering, SSPs must agree on a common mechanism for IP transport of session signaling and media. This may be accomplished via private (e.g., IPVPN, IPsec, etc.) or public IP networks.
会话对等方应定义各自SBE和DBE之间的IP网络连接。虽然这超出了会话对等的范围,但SSP必须就会话信令和媒体的IP传输的通用机制达成一致。这可以通过专用(例如IPVPN、IPsec等)或公共IP网络实现。
o Media-related Parameters:
o 媒体相关参数:
* Media Codecs: list of supported media codecs for audio, real-time fax (version of T.38, if applicable), real-time text (RFC 4103), dual-tone multi-frequency (DTMF) transport voice band data communications (as applicable) along with the supported or recommended codec packetization rates, level of RTP payload redundancy, audio volume levels, etc.
* 媒体编解码器:支持的音频、实时传真(T.38版本,如适用)、实时文本(RFC 4103)、双音多频(DTMF)传输声带数据通信(如适用)的媒体编解码器列表,以及支持的或建议的编解码器分组率、RTP负载冗余级别、音频音量级别等。
* Media Transport: level of support for RTP-RTCP [RFC3550], RTP Redundancy (RTP Payload for Redundant Audio Data [RFC2198]), T.38 transport over RTP, etc.
* 媒体传输:对RTP-RTCP[RFC3550]的支持级别、RTP冗余(冗余音频数据的RTP有效载荷[RFC2198])、RTP上的T.38传输等。
* Media variability at the signaling path border elements: list of media types supported by the various ingress points of a peer's network.
* 信令路径边界元素处的媒体可变性:对等网络的各种入口点支持的媒体类型列表。
* Other: support of the VoIP metric block as defined in RTP Control Protocol Extended Reports [RFC3611], etc.
* 其他:支持RTP控制协议扩展报告[RFC3611]中定义的VoIP度量块,等等。
o SIP:
o 抿:
* A session peering policy should include the list of supported and required SIP RFCs, supported and required SIP methods (including private p headers if applicable), error response codes, supported or recommended format of some header field values, etc.
* 会话对等策略应包括支持和要求的SIP RFC列表、支持和要求的SIP方法(包括专用p报头,如果适用)、错误响应代码、某些报头字段值的支持或建议格式等。
* It should also be possible to describe the list of supported SIP RFCs by various functional groupings. A group of SIP RFCs may represent how a call feature is implemented (call hold, transfer, conferencing, etc.), or it may indicate a functional grouping as in [RFC5411].
* 还可以按各种功能分组描述受支持的SIP RFC列表。SIP RFC组可以表示如何实现呼叫功能(呼叫保持、转接、会议等),也可以表示[RFC5411]中所述的功能分组。
o Accounting:
o 会计:
Methods used for call or session accounting should be specified. An SSP may require a peer to track session usage. It is critical for peers to determine whether the support of any SIP extensions for accounting is a pre-requisite for SIP interoperability. In some cases, call accounting may feed data for billing purposes, but not always: some operators may decide to use accounting as a 'bill and keep' model to track session usage and monitor usage against service level agreements.
应指定用于调用或会话记帐的方法。SSP可能需要对等方来跟踪会话使用情况。对等方必须确定是否支持任何SIP扩展进行计费是SIP互操作性的先决条件。在某些情况下,呼叫计费可能会为计费目的提供数据,但并不总是这样:一些运营商可能会决定将计费作为“账单并保留”模式来跟踪会话使用情况,并根据服务级别协议监控使用情况。
[RFC3702] defines the terminology and basic requirements for accounting of SIP sessions. A few private SIP extensions have also been defined and used over the years to enable call accounting between SSP domains such as the P-Charging* headers in [RFC3455], the P-DCS-Billing-Info header in [RFC5503], etc.
[RFC3702]定义了SIP会话记帐的术语和基本要求。多年来,还定义并使用了一些专用SIP扩展来实现SSP域之间的呼叫计费,如[RFC3455]中的P-Charging*头、[RFC5503]中的P-DCS-Billing-Info头等。
o Performance Metrics:
o 绩效指标:
Layer 5 performance metrics should be defined and shared between peers. The performance metrics apply directly to signaling or media; they may be used proactively to help avoid congestion, call quality issues, or call signaling failures, and as part of monitoring techniques, they can be used to evaluate the performance of peering exchanges.
第5层性能指标应在对等方之间定义和共享。性能指标直接应用于信令或媒体;它们可以主动用于帮助避免拥塞、呼叫质量问题或呼叫信令故障,并且作为监控技术的一部分,它们可以用于评估对等交换的性能。
Examples of SIP performance metrics include the maximum number of SIP transactions per second on per-domain basis, Session Completion Rate (SCR), Session Establishment Rate (SER), etc. Some SIP end-to-end performance metrics are defined in [RFC6076]; a subset of these may be applicable to session peering and interconnects.
SIP性能指标的示例包括基于每个域的每秒最大SIP事务数、会话完成率(SCR)、会话建立率(SER)等。一些SIP端到端性能指标在[RFC6076]中定义;其中的一个子集可能适用于会话对等和互连。
Some media-related metrics for monitoring VoIP calls have been defined in the VoIP Metrics Report Block, in Section 4.7 of [RFC3611].
[RFC3611]第4.7节中的VoIP度量报告块中定义了一些监控VoIP呼叫的媒体相关度量。
o Security:
o 安全:
An SSP should describe the security requirements that other peers must meet in order to terminate calls to its network. While such a list of security-related policy parameters often depends on the security models pre-agreed to by peers, it is expected that these parameters will be discoverable or signaled in the future to allow session peering outside SSP clubs. The list of security parameters may be long and composed of high-level requirements (e.g., authentication, privacy, secure transport) and low-level protocol configuration elements like TLS parameters.
SSP应说明其他对等方必须满足的安全要求,以便终止对其网络的呼叫。虽然此类安全相关策略参数列表通常取决于对等方预先同意的安全模型,但预计这些参数将在将来被发现或发出信号,以允许SSP俱乐部之外的会话对等。安全参数列表可能很长,由高级需求(例如认证、隐私、安全传输)和低级协议配置元素(如TLS参数)组成。
The following list is not intended to be complete, it provides a preliminary list in the form of examples:
以下列表并不完整,它以示例的形式提供了一个初步列表:
* Call admission requirements: for some providers, sessions can only be admitted if certain criteria are met. For example, for some providers' networks, only incoming SIP sessions signaled over established IPsec tunnels or presented to the well-known TLS ports are admitted. Other call admission requirements may be related to some performance metrics as described above.
* 呼叫接纳要求:对于某些提供商,只有在满足某些标准的情况下才能接纳会话。例如,对于某些提供商的网络,仅允许通过已建立的IPsec隧道发送信号或呈现给已知TLS端口的传入SIP会话。其他呼叫接纳要求可能与上述一些性能指标有关。
Finally, it is possible that some requirements be imposed on lower layers, but these are considered out of scope of session peering.
最后,可能会对较低的层施加一些要求,但这些要求被认为超出了会话对等的范围。
* Call authorization requirements and validation: the presence of a caller or user identity may be required by an SSP. Indeed, some SSPs may further authorize an incoming session request by validating the caller's identity against white/black lists maintained by the service provider or users (traditional caller ID screening applications or IM white lists).
* 呼叫授权要求和验证:SSP可能要求有呼叫者或用户身份。实际上,一些ssp可以通过对照服务提供商或用户维护的白/黑名单(传统的呼叫者ID屏蔽应用程序或IM白名单)验证呼叫者的身份来进一步授权传入会话请求。
* Privacy requirements: an SSP may demand that its SIP messages be securely transported by its peers for privacy reasons so that the calling/called party information be protected. Media sessions may also require privacy, and some SSP policies may include requirements on the use of secure media transport protocols such as SRTP, along with some constraints on the minimum authentication/encryption options for use in SRTP.
* 隐私要求:SSP可能出于隐私原因要求其对等方安全传输其SIP消息,以便保护主叫方/被叫方信息。媒体会话也可能需要隐私,一些SSP策略可能包括对使用安全媒体传输协议(如SRTP)的要求,以及对SRTP中使用的最低身份验证/加密选项的一些限制。
* Network-layer security parameters: this covers how IPsec security associations may be established, the IPsec key exchange mechanisms should be used, and any details on keying materials, the lifetime of timed security associations if applicable, etc.
* 网络层安全参数:这包括如何建立IPsec安全关联、应使用IPsec密钥交换机制、有关密钥材料的任何详细信息、定时安全关联的生存期(如果适用)等。
* Transport-layer security parameters: this covers how TLS connections should be established, as described in Section 5.
* 传输层安全参数:这包括如何建立TLS连接,如第5节所述。
A.2. Summary of Parameters for Consideration in Session Peering Policies
A.2. 会话对等策略中要考虑的参数摘要
The following is a summary of the parameters mentioned in the previous section. They may be part of a session peering policy and appear with a level of requirement (mandatory, recommended, supported, etc.).
以下是上一节中提到的参数摘要。它们可能是会话对等策略的一部分,并且具有一定的要求级别(强制、推荐、支持等)。
o IP Network Connectivity (assumed, requirements out of scope of this document)
o IP网络连接(假设,要求不在本文件范围内)
o Media session parameters:
o 媒体会话参数:
* Codecs for audio, video, real time text, instant messaging media sessions
* 用于音频、视频、实时文本、即时消息媒体会话的编解码器
* Modes of communications for audio (voice, fax, DTMF), IM (page mode, MSRP)
* 音频(语音、传真、DTMF)、IM(页面模式、MSRP)的通信模式
* Media transport and means to establish secure media sessions
* 媒体传输和建立安全媒体会话的方法
* List of ingress and egress DBEs where applicable, including STUN Relay servers if present
* 入口和出口DBE列表(如适用),包括STUN中继服务器(如有)
o SIP
o 小口喝
* SIP RFCs, methods and error responses
* SIP RFC、方法和错误响应
* headers and header values
* 标题和标题值
* possibly, list of SIP RFCs supported by groups (e.g., by call feature)
* 可能,由组支持的SIP RFC列表(例如,通过呼叫功能)
o Accounting
o 会计
o Capacity Control and Performance Management: any limits on, or, means to measure and limit the maximum number of active calls to a peer or federation, maximum number of sessions and messages per specified unit time, maximum number of active users or subscribers per specified unit time, the aggregate media bandwidth per peer or for the federation, specified SIP signaling performance metrics to measure and report; media-level VoIP metrics if applicable.
o 容量控制和性能管理:对对等方或联合体的最大活动呼叫数、每指定单位时间的最大会话数和消息数、每指定单位时间的最大活动用户数或订阅者数、每对等方或联合体的聚合媒体带宽的任何限制或手段,要测量和报告的指定SIP信令性能指标;媒体级VoIP指标(如适用)。
o Security: Call admission control, call authorization, network and transport layer security parameters, media security parameters
o 安全性:呼叫接纳控制、呼叫授权、网络和传输层安全参数、媒体安全参数
Author's Address
作者地址
Jean-Francois Mule CableLabs 858 Coal Creek Circle Louisville, CO 80027 USA
Jean-Francois Mule CableLabs 858美国科罗拉多州路易斯维尔市煤溪圈80027
EMail: jf.mule@cablelabs.com
EMail: jf.mule@cablelabs.com