Internet Engineering Task Force (IETF)                       A. Johnston
Request for Comments: 8643                          Villanova University
Category: Informational                                         B. Aboba
ISSN: 2070-1721                                                Microsoft
                                                               A. Hutton
                                                                    Atos
                                                               R. Jesske
                                                        Deutsche Telekom
                                                                T. Stach
                                                            Unaffiliated
                                                             August 2019
        
Internet Engineering Task Force (IETF)                       A. Johnston
Request for Comments: 8643                          Villanova University
Category: Informational                                         B. Aboba
ISSN: 2070-1721                                                Microsoft
                                                               A. Hutton
                                                                    Atos
                                                               R. Jesske
                                                        Deutsche Telekom
                                                                T. Stach
                                                            Unaffiliated
                                                             August 2019
        

An Opportunistic Approach for Secure Real-time Transport Protocol (OSRTP)

安全实时传输协议(OSRTP)的一种机会主义方法

Abstract

摘要

Opportunistic Secure Real-time Transport Protocol (OSRTP) is an implementation of the Opportunistic Security mechanism, as defined in RFC 7435, applied to the Real-time Transport Protocol (RTP). OSRTP allows encrypted media to be used in environments where support for encryption is not known in advance and is not required. OSRTP does not require Session Description Protocol (SDP) extensions or features and is fully backwards compatible with existing implementations using encrypted and authenticated media and implementations that do not encrypt or authenticate media packets. OSRTP is not specific to any key management technique for Secure RTP (SRTP). OSRTP is a transitional approach useful for migrating existing deployments of real-time communications to a fully encrypted and authenticated state.

机会主义安全实时传输协议(OSRTP)是RFC 7435中定义的应用于实时传输协议(RTP)的机会主义安全机制的实现。OSRTP允许在事先不知道也不需要加密支持的环境中使用加密介质。OSRTP不需要会话描述协议(sessiondescriptionprotocol,SDP)扩展或特性,并且与使用加密和认证介质的现有实现以及不加密或认证介质包的实现完全向后兼容。OSRTP并不特定于安全RTP(SRTP)的任何密钥管理技术。OSRTP是一种过渡方法,用于将实时通信的现有部署迁移到完全加密和身份验证状态。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8643.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8643.

Copyright Notice

版权公告

Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.

版权(c)2019 IETF信托基金和被确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Applicability Statement . . . . . . . . . . . . . . . . .   3
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   3
   3.  SDP Offer/Answer Considerations . . . . . . . . . . . . . . .   3
     3.1.  Generating the Initial OSRTP Offer  . . . . . . . . . . .   4
     3.2.  Generating the Answer . . . . . . . . . . . . . . . . . .   4
     3.3.  Offerer Processing the Answer . . . . . . . . . . . . . .   4
     3.4.  Modifying the Session . . . . . . . . . . . . . . . . . .   5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Applicability Statement . . . . . . . . . . . . . . . . .   3
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   3
   3.  SDP Offer/Answer Considerations . . . . . . . . . . . . . . .   3
     3.1.  Generating the Initial OSRTP Offer  . . . . . . . . . . .   4
     3.2.  Generating the Answer . . . . . . . . . . . . . . . . . .   4
     3.3.  Offerer Processing the Answer . . . . . . . . . . . . . .   4
     3.4.  Modifying the Session . . . . . . . . . . . . . . . . . .   5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8
        
1. Introduction
1. 介绍

Opportunistic Security (OS) [RFC7435] is an approach to security that defines a third mode for security between "cleartext" and "comprehensive protection" that allows encryption and authentication of media to be used if supported but will not result in failures if it is not supported. In the context of the transport of secure media streams using RTP and its secured derivatives, cleartext is represented by an RTP [RFC3550] media stream that is negotiated with the RTP/AVP (Audio-Visual Profile) [RFC3551] or the RTP/AVPF profile [RFC4585], whereas comprehensive protection is represented by a Secure RTP [RFC3711] stream negotiated with a secure profile, such as SAVP or SAVPF [RFC5124]. OSRTP allows SRTP to be negotiated with the RTP/AVP profile, with fallback to RTP if SRTP is not supported.

机会主义安全(OS)[RFC7435]是一种安全方法,它定义了“明文”和“综合保护”之间的第三种安全模式,允许在支持的情况下使用媒体加密和身份验证,但在不支持的情况下不会导致失败。在使用RTP及其安全衍生产品传输安全媒体流的上下文中,明文由RTP[RFC3550]媒体流表示,RTP[RFC3550]媒体流与RTP/AVP(视听配置文件)[RFC3551]或RTP/AVPF配置文件[RFC4585]协商,而全面保护由安全RTP[RFC3711]表示与安全配置文件(如SAVP或SAVPF[RFC5124])协商的流。OSRTP允许SRTP与RTP/AVP配置文件协商,如果不支持SRTP,则返回RTP。

There have been some extensions to SDP to allow profiles to be negotiated, such as SDP Capabilities Negotiation (SDPCapNeg) [RFC5939]. However, these approaches are complex and have very limited deployment in communication systems. Other key management protocols for SRTP that have been developed, such as ZRTP [RFC6189], use OS by design. This approach for OSRTP is based on [Kaplan06] where it was called "best effort SRTP". [Kaplan06] has a full discussion of the motivation and requirements for opportunistic secure media.

SDP有一些扩展,允许协商配置文件,例如SDP能力协商(SDPCapNeg)[RFC5939]。然而,这些方法非常复杂,在通信系统中的部署非常有限。已开发的其他SRTP密钥管理协议,如ZRTP[RFC6189],按设计使用操作系统。OSRTP的这种方法基于[Kaplan 06],在那里它被称为“尽力而为的SRTP”。[Kaplan 06]充分讨论了机会主义安全媒体的动机和要求。

OSRTP uses the presence of SRTP keying-related attributes in an SDP offer to indicate support for opportunistic secure media. The presence of SRTP keying-related attributes in the SDP answer indicates that the other party also supports OSRTP and that encrypted and authenticated media will be used. OSRTP requires no additional extensions to SDP or new attributes and is defined independently of the key agreement mechanism used. OSRTP is only usable when media is negotiated using the Offer/Answer protocol [RFC3264].

OSRTP在SDP产品中使用SRTP键控相关属性表示对机会主义安全媒体的支持。SDP应答中存在SRTP密钥相关属性表明另一方也支持OSRTP,并且将使用加密和认证的媒体。OSRTP不需要额外的SDP扩展或新属性,并且独立于使用的密钥协商机制进行定义。OSRTP仅在使用提供/应答协议[RFC3264]协商介质时可用。

1.1. Applicability Statement
1.1. 适用性声明

OSRTP is a transitional approach that provides a migration path from unencrypted communication (RTP) to fully encrypted communication (SRTP). It is only to be used in existing deployments that are attempting to transition to fully secure communications. New applications and new deployments will not use OSRTP.

OSRTP是一种过渡方法,它提供了从未加密通信(RTP)到完全加密通信(SRTP)的迁移路径。它仅用于尝试过渡到完全安全通信的现有部署中。新应用程序和新部署将不使用OSRTP。

2. Requirements Language
2. 需求语言

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。

3. SDP Offer/Answer Considerations
3. SDP提供/回答注意事项

This section defines the SDP offer/answer considerations for opportunistic security.

本节定义了机会安全的SDP提供/应答注意事项。

The procedures are for a specific "m=" section describing RTP-based media. If an SDP offer or answer contains multiple such "m=" sections, the procedures are applied to each "m=" section individually.

这些步骤适用于描述基于RTP的介质的特定“m=”部分。如果SDP报价或应答包含多个此类“m=”部分,则程序将分别应用于每个“m=”部分。

"Initial OSRTP offer" refers to the offer in which opportunistic security is offered for an "m=" section for the first time within an SDP session.

“初始OSRTP报价”是指在SDP会话中首次为“m=”节提供机会主义安全性的报价。

It is important to note that OSRTP makes no changes to and has no effect on media sessions in which the offer contains a secure profile of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], that is the "comprehensive protection" for media mode.

需要注意的是,OSRTP不会对包含RTP安全配置文件(如SAVP或SAVPF)的媒体会话进行任何更改,也不会对其产生任何影响。如[RFC7435]所述,这是媒体模式的“综合保护”。

3.1. Generating the Initial OSRTP Offer
3.1. 生成初始OSRTP报价

To indicate support for OSRTP in an SDP offer, the offerer uses the RTP/AVP profile [RFC3551] or the RTP/AVPF profile [RFC4585] but includes SRTP keying attributes. OSRTP is not specific to any key management technique for SRTP, and multiple key management techniques can be included on the SDP offer. For example:

为了表明在SDP报价中支持OSRTP,报价人使用RTP/AVP配置文件[RFC3551]或RTP/AVPF配置文件[RFC4585],但包括SRTP键控属性。OSRTP并不特定于SRTP的任何密钥管理技术,SDP产品中可以包括多种密钥管理技术。例如:

If the offerer supports DTLS-SRTP key agreement [RFC5763], then an "a=fingerprint" attribute will be present. Or:

如果报价人支持DTLS-SRTP密钥协议[RFC5763],则会出现“a=指纹”属性。或:

If the offerer supports SDP Security Descriptions key agreement [RFC4568], then an "a=crypto" attribute will be present. Or:

如果报价人支持SDP安全描述密钥协议[RFC4568],则会出现“a=crypto”属性。或:

If the offerer supports ZRTP key agreement [RFC6189], then an "a=zrtp-hash" attribute will be present.

如果报价人支持ZRTP密钥协议[RFC6189],则会出现“a=ZRTP哈希”属性。

3.2. Generating the Answer
3.2. 生成答案

To accept OSRTP, an answerer receiving an offer indicating support for OSRTP generates an SDP answer containing SRTP keying attributes that match one of the keying methods in the offer. The answer MUST NOT contain attributes from more than one keying method, even if the offer contained multiple keying method attributes. The selected SRTP key management approach is followed, and SRTP media is used for this session. If the SRTP key management fails for any reason, the media session MUST fail. To decline OSRTP, the answerer generates an SDP answer omitting SRTP keying attributes, and the media session proceeds with RTP with no encryption or authentication used.

要接受OSRTP,收到表示支持OSRTP的报价的应答者将生成一个SDP应答,该应答包含与报价中的一种键控方法匹配的SRTP键控属性。答案不得包含来自多个键控方法的属性,即使报价包含多个键控方法属性。遵循选定的SRTP密钥管理方法,此会话使用SRTP介质。如果SRTP密钥管理因任何原因失败,则媒体会话必须失败。为了拒绝OSRTP,应答者生成一个SDP应答,省略SRTP键控属性,媒体会话继续使用RTP,而不使用加密或身份验证。

3.3. Offerer Processing the Answer
3.3. 报价人处理答案

If the offerer of OSRTP receives an SDP answer that does not contain SRTP keying attributes, then the media session proceeds with RTP. If the SDP answer contains SRTP keying attributes, then the associated SRTP key management approach is followed and SRTP media is used for this session. If the SRTP key management fails, the media session MUST fail.

如果OSRTP的提供方收到不包含SRTP键控属性的SDP应答,则媒体会话继续进行RTP。如果SDP应答包含SRTP密钥属性,则遵循相关的SRTP密钥管理方法,并将SRTP介质用于此会话。如果SRTP密钥管理失败,则媒体会话必须失败。

3.4. Modifying the Session
3.4. 修改会话

When an offerer generates a subsequent SDP offer, it should do so following the principles of [RFC6337], meaning that the decision to create the new SDP offer should not be influenced by what was previously negotiated. For example, if a previous OSRTP offer did not result in SRTP being established, the offerer may try again and generate a new OSRTP offer as specified in Section 3.1.

当报价人生成后续SDP报价时,应遵循[RFC6337]的原则,这意味着创建新SDP报价的决定不应受到先前协商内容的影响。例如,如果先前的OSRTP报价未导致建立SRTP,则报价人可根据第3.1节的规定重试并生成新的OSRTP报价。

4. Security Considerations
4. 安全考虑

The security considerations of [RFC4568] apply to OSRTP, as well as the security considerations of the particular SRTP key agreement approach used. However, the authentication requirements of a particular SRTP key agreement approach are relaxed when that key agreement is used with OSRTP, which is consistent with the Opportunistic Security approach described in [RFC7435]. For example:

[RFC4568]的安全注意事项适用于OSRTP,以及所使用的特定SRTP密钥协商方法的安全注意事项。然而,当密钥协议与OSRTP一起使用时,特定SRTP密钥协议方法的认证要求会放宽,这与[RFC7435]中描述的机会主义安全方法一致。例如:

For DTLS-SRTP key agreement [RFC5763], an authenticated signaling channel does not need to be used with OSRTP if it is not available.

对于DTLS-SRTP密钥协议[RFC5763],如果OSRTP不可用,则无需使用经过身份验证的信令信道。

For SDP Security Descriptions key agreement [RFC4568], an authenticated signaling channel does not need to be used with OSRTP if it is not available, although an encrypted signaling channel MUST still be used.

对于SDP安全描述密钥协议[RFC4568],如果OSRTP不可用,则不需要将经过身份验证的信令信道与OSRTP一起使用,尽管必须仍然使用加密的信令信道。

For ZRTP key agreement [RFC6189], the security considerations are unchanged, since ZRTP does not rely on the security of the signaling channel.

对于ZRTP密钥协议[RFC6189],安全注意事项不变,因为ZRTP不依赖于信令信道的安全性。

While OSRTP does not require authentication of the key agreement mechanism, it does need to avoid exposing SRTP keys to eavesdroppers, since this could enable passive attacks against SRTP. Section 8.3 of [RFC4568] requires that any messages that contain SRTP keys be encrypted, and further says that encryption SHOULD provide end-to-end confidentiality protection if intermediaries that could inspect the SDP message are present. At the time of this writing, it is understood that the requirement in [RFC4568] for end-to-end confidentiality protection is commonly ignored. Therefore, if OSRTP is used with SDP Security Descriptions, any such intermediaries (e.g., SIP proxies) must be assumed to have access to the SRTP keys.

虽然OSRTP不需要对密钥协商机制进行身份验证,但它确实需要避免将SRTP密钥暴露给窃听者,因为这可能导致对SRTP的被动攻击。[RFC4568]第8.3节要求对包含SRTP密钥的任何消息进行加密,并进一步指出,如果存在可检查SDP消息的中介,则加密应提供端到端的保密保护。在撰写本文时,据了解,[RFC4568]中关于端到端保密保护的要求通常被忽略。因此,如果OSRTP与SDP安全描述一起使用,则必须假定任何此类中介(例如SIP代理)都可以访问SRTP密钥。

As discussed in [RFC7435], OSRTP is used in cases where support for encryption by the other party is not known in advance and is not required. For cases where it is known that the other party supports SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a secure profile of RTP is used in the offer.

如[RFC7435]所述,OSRTP用于另一方对加密的支持事先未知且不需要的情况。对于已知另一方支持SRTP或需要使用SRTP的情况,不得使用OSRTP。相反,报价中使用了RTP的安全配置文件。

5. IANA Considerations
5. IANA考虑

This document has no actions for IANA.

本文档没有针对IANA的操作。

6. References
6. 工具书类
6.1. Normative References
6.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.

[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, DOI 10.17487/RFC3264, June 2002, <https://www.rfc-editor.org/info/rfc3264>.

[RFC3264]Rosenberg,J.和H.Schulzrinne,“具有会话描述协议(SDP)的提供/应答模型”,RFC 3264,DOI 10.17487/RFC3264,2002年6月<https://www.rfc-editor.org/info/rfc3264>.

[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 2003, <https://www.rfc-editor.org/info/rfc3550>.

[RFC3550]Schulzrinne,H.,Casner,S.,Frederick,R.,和V.Jacobson,“RTP:实时应用的传输协议”,STD 64,RFC 3550,DOI 10.17487/RFC3550,2003年7月<https://www.rfc-editor.org/info/rfc3550>.

[RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and Video Conferences with Minimal Control", STD 65, RFC 3551, DOI 10.17487/RFC3551, July 2003, <https://www.rfc-editor.org/info/rfc3551>.

[RFC3551]Schulzrinne,H.和S.Casner,“具有最小控制的音频和视频会议的RTP配置文件”,STD 65,RFC 3551,DOI 10.17487/RFC3551,2003年7月<https://www.rfc-editor.org/info/rfc3551>.

[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, DOI 10.17487/RFC3711, March 2004, <https://www.rfc-editor.org/info/rfc3711>.

[RFC3711]Baugher,M.,McGrew,D.,Naslund,M.,Carrara,E.,和K.Norrman,“安全实时传输协议(SRTP)”,RFC 3711,DOI 10.17487/RFC3711,2004年3月<https://www.rfc-editor.org/info/rfc3711>.

[RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session Description Protocol (SDP) Security Descriptions for Media Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006, <https://www.rfc-editor.org/info/rfc4568>.

[RFC4568]Andreasen,F.,Baugher,M.和D.Wing,“媒体流的会话描述协议(SDP)安全描述”,RFC 4568,DOI 10.17487/RFC4568,2006年7月<https://www.rfc-editor.org/info/rfc4568>.

[RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, "Extended RTP Profile for Real-time Transport Control Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, DOI 10.17487/RFC4585, July 2006, <https://www.rfc-editor.org/info/rfc4585>.

[RFC4585]Ott,J.,Wenger,S.,Sato,N.,Burmeister,C.,和J.Rey,“基于实时传输控制协议(RTCP)的反馈(RTP/AVPF)的扩展RTP配置文件”,RFC 4585,DOI 10.17487/RFC4585,2006年7月<https://www.rfc-editor.org/info/rfc4585>.

[RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for Real-time Transport Control Protocol (RTCP)-Based Feedback (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February 2008, <https://www.rfc-editor.org/info/rfc5124>.

[RFC5124]Ott,J.和E.Carrara,“基于实时传输控制协议(RTCP)的反馈扩展安全RTP配置文件(RTP/SAVPF)”,RFC 5124DOI 10.17487/RFC5124,2008年2月<https://www.rfc-editor.org/info/rfc5124>.

[RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 2010, <https://www.rfc-editor.org/info/rfc5763>.

[RFC5763]Fischl,J.,Tschofenig,H.,和E.Rescorla,“使用数据报传输层安全性(DTLS)建立安全实时传输协议(SRTP)安全上下文的框架”,RFC 5763,DOI 10.17487/RFC5763,2010年5月<https://www.rfc-editor.org/info/rfc5763>.

[RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: Media Path Key Agreement for Unicast Secure RTP", RFC 6189, DOI 10.17487/RFC6189, April 2011, <https://www.rfc-editor.org/info/rfc6189>.

[RFC6189]Zimmermann,P.,Johnston,A.,Ed.,和J.Callas,“ZRTP:单播安全RTP的媒体路径密钥协议”,RFC 6189,DOI 10.17487/RFC6189,2011年4月<https://www.rfc-editor.org/info/rfc6189>.

[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection Most of the Time", RFC 7435, DOI 10.17487/RFC7435, December 2014, <https://www.rfc-editor.org/info/rfc7435>.

[RFC7435]Dukhovni,V.,“机会主义安全:大部分时间的一些保护”,RFC 7435,DOI 10.17487/RFC7435,2014年12月<https://www.rfc-editor.org/info/rfc7435>.

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.

6.2. Informative References
6.2. 资料性引用

[Kaplan06] Kaplan, H. and F. Audet, "Session Description Protocol (SDP) Offer/Answer Negotiation For Best-Effort Secure Real-Time Transport Protocol", Work in Progress, draft-kaplan-mmusic-best-effort-srtp-01, October 2006.

[Kaplan 06]Kaplan,H.和F.Audet,“最大努力安全实时传输协议的会话描述协议(SDP)提供/应答协商”,正在进行的工作,草稿-Kaplan-mmusic-Best-Effort-srtp-01,2006年10月。

[RFC5939] Andreasen, F., "Session Description Protocol (SDP) Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939, September 2010, <https://www.rfc-editor.org/info/rfc5939>.

[RFC5939]Andreasen,F.,“会话描述协议(SDP)能力协商”,RFC 5939,DOI 10.17487/RFC5939,2010年9月<https://www.rfc-editor.org/info/rfc5939>.

[RFC6337] Okumura, S., Sawada, T., and P. Kyzivat, "Session Initiation Protocol (SIP) Usage of the Offer/Answer Model", RFC 6337, DOI 10.17487/RFC6337, August 2011, <https://www.rfc-editor.org/info/rfc6337>.

[RFC6337]Okumura,S.,Sawada,T.,和P.Kyzivat,“提供/应答模型的会话启动协议(SIP)使用”,RFC 6337,DOI 10.17487/RFC6337,2011年8月<https://www.rfc-editor.org/info/rfc6337>.

Acknowledgements

致谢

This document is dedicated to our friend and colleague Francois Audet who is greatly missed in our community. His work on improving security in SIP and RTP provided the foundation for this work.

本文件献给我们的朋友和同事弗朗索瓦·奥德特,我们的社区非常怀念他。他在SIP和RTP中改进安全性的工作为这项工作提供了基础。

Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and Richard Barnes for their comments.

感谢Eric Rescorla、Martin Thomson、Christer Holmberg和Richard Barnes的评论。

Authors' Addresses

作者地址

Alan Johnston Villanova University Villanova, PA United States of America

美利坚合众国宾夕法尼亚州维拉诺瓦市艾伦·约翰斯顿维拉诺瓦大学

   Email: alan.b.johnston@gmail.com
        
   Email: alan.b.johnston@gmail.com
        

Bernard Aboba Microsoft One Microsoft Way Redmond, WA 98052 United States of America

Bernard Aboba微软一路微软美国华盛顿州雷德蒙98052

   Email: bernard.aboba@gmail.com
        
   Email: bernard.aboba@gmail.com
        

Andrew Hutton Atos Mid City Place London WC1V 6EA United Kingdom

Andrew Hutton Atos Mid City Place London WC1V 6EA英国

   Email: andrew.hutton@atos.net
        
   Email: andrew.hutton@atos.net
        

Roland Jesske Deutsche Telekom Heinrich-Hertz-Strasse 3-7 Darmstadt 64295 Germany

罗兰·杰西克德国电信海因里希·赫兹大街3-7号达姆施塔特64295德国

   Email: R.Jesske@telekom.de
        
   Email: R.Jesske@telekom.de
        

Thomas Stach Unaffiliated

托马斯·斯泰克无关联

   Email: thomass.stach@gmail.com
        
   Email: thomass.stach@gmail.com