文献翻译通信安全外文翻译

文献翻译一般指对不同类型、不同语言的文献所记载的信息内容进行翻译，以达到信息互通、文献思想交流的目的。文献翻译要求翻译要注重专业、准确 文献翻译涵盖许许多多的学科，每一学科都有自己的专业术语。

　　通信安全

　　我们现在已经完成了对交易工具的研究。大多数重要的技术和协议都已被涵盖。本章的其余部分是关于如何在实践中应用这些技术来提供网络安全性，以及本章末尾对安全性的社会方面的一些想法。

　　在接下来的三个部分中，我们将介绍通信安全性，即如何秘密地获取位，而不需要从源到目的地进行修改，以及如何将不需要的位保留在门外。 这些绝不是网络中唯一的安全问题，但它们肯定是最重要的问题之一，这使它成为一个很好的起点。

　　1. IPsec

　　多年来，IETF已经知道互联网缺乏安全性。添加这并不容易，因为一战爆发了关于把它放在哪里。大多数安全专家认为，为了确保安全，加密和完整性检查必须端到端（即在应用程序层中）。也就是说，源进程加密和/或完整性保护数据并将其发送到解密和/或验证数据的目标进程。 然后可以检测在这两个过程之间进行的任何篡改，包括在任一操作系统内。 这种方法的问题在于它需要更改所有应用程序以使其具有安全性。 在此视图中，下一个最佳方法是在传输层或应用程序层与传输层之间的新层中加密，使其仍然是端到端但不需要更改应用程序。

　　相反的观点是用户不理解安全性并且不能正确使用它并且没有人想要以任何方式修改现有程序，因此网络层应该在不涉及用户的情况下认证和/或加密分组。经过多年激烈的争斗，这种观点赢得了足够的支持，即定义了网络层安全标准。部分原因是，拥有网络层加密并不会阻止安全感知用户正确地做到这一点，并且它确实在某种程度上帮助了安全性不知情的用户。

　　Communication Security

　　We have now finished our study of the tools of the trade. Most of the important techniques and protocols have been covered. The rest of the chapter is about how these techniques are applied in practice to provide network security, plus some thoughts about the social aspects of security at the end of the chapter.

　　In the following three sections, we will look at communication security, that is, how to get the bits secretly and without modification from source to destination and how to keep unwanted bits outside the door. These are by no means the only security issues in networking, but they are certainly among the most important ones, making this a good place to start.

　　1. IPsec

　　IETF has known for years that security was lacking in the Internet. Adding it was not easy because a war broke out about where to put it. Most security experts believe that to be really secure, encryption and integrity checks have to be end to end (i.e., in the application layer). That is, the source process encrypts and/or integrity protects the data and sends that to the destination process where it is decrypted and/or verified. Any tampering done in between these two processes, including within either operating system, can then be detected. The trouble with this approach is that it requires changing all the applications to make them security aware. In this view, the next best approach is putting encryption in the transport layer or in a new layer between the application layer and the transport layer, making it still end to end but not requiring applications to be changed.

　　The opposite view is that users do not understand security and will not be capable of using it correctly and nobody wants to modify existing programs in any way, so the network layer should authenticate and/or encrypt packets without the users being involved. After years of pitched battles, this view won enough support that a network layer security standard was defined. In part the argument was that having network layer encryption does not prevent security-aware users from doing it right and it does help security-unaware users to some extent.