An fara
Don keta dokar hana yin amfani da ka'idojin ɓoyewa waɗanda ke ba da damar ɓoye sunan rukunin yanar gizon, an ba da shawarar dakatar da aikin albarkatun Intanet ba a baya fiye da 1 (ɗaya) ranar kasuwanci daga ranar gano wannan cin zarafi ba. hukumar zartaswa ta tarayya mai izini. Babban manufar toshewa shine tsawo na TLS
Bari mu tuna cewa don tsara ayyukan shafukan HTTPS da yawa akan adireshin IP guda ɗaya, an haɓaka haɓakar SNI a lokaci ɗaya, wanda ke watsa sunan mai masaukin baki a cikin bayyananniyar rubutu a cikin saƙon ClientHello da aka watsa kafin shigar da hanyar sadarwar rufaffiyar. Wannan fasalin yana ba da damar a gefen mai ba da Intanet don zaɓin tace zirga-zirgar HTTPS da bincika wuraren da mai amfani ya buɗe, wanda baya ba da damar samun cikakkiyar sirri yayin amfani da HTTPS.
ECH/ESNI gaba daya yana kawar da zubewar bayanai game da rukunin yanar gizon da ake buƙata yayin nazarin haɗin HTTPS. A hade tare da samun dama ta hanyar hanyar sadarwar isar da abun ciki, amfani da ECH/ESNI kuma yana ba da damar ɓoye adireshin IP na albarkatun da ake buƙata daga mai bayarwa - tsarin duba zirga-zirga yana ganin buƙatu kawai ga CDN kuma ba zai iya amfani da toshewa ba tare da lalata TLS ba. zaman, a cikin abin da mai binciken mai amfani za a nuna sanarwar da ta dace game da maye gurbin takardar shaidar. Idan an gabatar da haramcin ECH/ESNI, hanya daya tilo da za a iya magance wannan yuwuwar ita ce ta hana shiga hanyoyin sadarwa na Isar da abun ciki gaba daya (CDNs) wadanda ke goyan bayan ECH/ESNI, in ba haka ba haramcin ba zai yi tasiri ba kuma CDNs za su iya kewaye shi cikin sauki.
Lokacin amfani da ECH/ESNI, sunan mai watsa shiri, kamar a cikin SNI, ana watsa shi a cikin saƙon ClientHello, amma abubuwan da ke cikin bayanan da aka watsa a cikin wannan saƙon an ɓoye su. Rufewa yana amfani da sirrin da aka lissafta daga uwar garken da maɓallan abokin ciniki. Don ɓata darajar filin ECH/ESNI da aka katse ko karɓa, dole ne ku san keɓaɓɓen maɓalli na abokin ciniki ko uwar garken (da na sabar ko maɓallan jama'a na abokin ciniki). Ana watsa bayanai game da maɓallan jama'a don maɓallin uwar garken a cikin DNS, kuma don maɓallin abokin ciniki a cikin saƙon ClientHello. Hakanan ana iya yankewa ta amfani da sirrin da aka yarda da shi yayin saitin haɗin TLS, wanda abokin ciniki da uwar garken kawai aka sani.
source: budenet.ru