An fara wani daftarin doka game da gyare-gyare ga Dokar Tarayya "Akan Bayanai, Fasahar Bayanai da Kariya", wanda Ma'aikatar Ci gaban Digital, Sadarwa da Sadarwar Jama'a suka haɓaka. Doka ta ba da shawarar gabatar da dokar hana amfani da ƙasa na Tarayyar Rasha "ka'idojin ɓoyewa waɗanda ke ba da damar ɓoye sunan (mai ganowa) na shafi ko rukunin yanar gizo akan Intanet, sai dai ga shari'o'in da aka kafa. dokokin Tarayyar Rasha."
Don keta dokar hana yin amfani da ka'idojin ɓoyewa waɗanda ke ba da damar ɓoye sunan rukunin yanar gizon, an ba da shawarar dakatar da aikin albarkatun Intanet ba a baya fiye da 1 (ɗaya) ranar kasuwanci daga ranar gano wannan cin zarafi ba. hukumar zartaswa ta tarayya mai izini. Babban manufar toshewa shine tsawo na TLS (wanda aka fi sani da ESNI), wanda za'a iya amfani dashi tare da TLS 1.3 kuma riga. a kasar Sin. Tunda kalmomin da ke cikin lissafin ba su da fa'ida kuma babu takamaimai, sai dai ECH/ESNI, a zahiri, kusan duk wasu ka'idojin da ke ba da cikakken ɓoye bayanan tashar sadarwa, da kuma ka'idoji. (DoH) da (DoT).
Bari mu tuna cewa don tsara ayyukan shafukan HTTPS da yawa akan adireshin IP guda ɗaya, an haɓaka haɓakar SNI a lokaci ɗaya, wanda ke watsa sunan mai masaukin baki a cikin bayyananniyar rubutu a cikin saƙon ClientHello da aka watsa kafin shigar da hanyar sadarwar rufaffiyar. Wannan fasalin yana ba da damar a gefen mai ba da Intanet don zaɓin tace zirga-zirgar HTTPS da bincika wuraren da mai amfani ya buɗe, wanda baya ba da damar samun cikakkiyar sirri yayin amfani da HTTPS.
ECH/ESNI gaba daya yana kawar da zubewar bayanai game da rukunin yanar gizon da ake buƙata yayin nazarin haɗin HTTPS. A hade tare da samun dama ta hanyar hanyar sadarwar isar da abun ciki, amfani da ECH/ESNI kuma yana ba da damar ɓoye adireshin IP na albarkatun da ake buƙata daga mai bayarwa - tsarin duba zirga-zirga yana ganin buƙatu kawai ga CDN kuma ba zai iya amfani da toshewa ba tare da lalata TLS ba. zaman, a cikin abin da mai binciken mai amfani za a nuna sanarwar da ta dace game da maye gurbin takardar shaidar. Idan an gabatar da haramcin ECH/ESNI, hanya daya tilo da za a iya magance wannan yuwuwar ita ce ta hana shiga hanyoyin sadarwa na Isar da abun ciki gaba daya (CDNs) wadanda ke goyan bayan ECH/ESNI, in ba haka ba haramcin ba zai yi tasiri ba kuma CDNs za su iya kewaye shi cikin sauki.
Lokacin amfani da ECH/ESNI, sunan mai watsa shiri, kamar a cikin SNI, ana watsa shi a cikin saƙon ClientHello, amma abubuwan da ke cikin bayanan da aka watsa a cikin wannan saƙon an ɓoye su. Rufewa yana amfani da sirrin da aka lissafta daga uwar garken da maɓallan abokin ciniki. Don ɓata darajar filin ECH/ESNI da aka katse ko karɓa, dole ne ku san keɓaɓɓen maɓalli na abokin ciniki ko uwar garken (da na sabar ko maɓallan jama'a na abokin ciniki). Ana watsa bayanai game da maɓallan jama'a don maɓallin uwar garken a cikin DNS, kuma don maɓallin abokin ciniki a cikin saƙon ClientHello. Hakanan ana iya yankewa ta amfani da sirrin da aka yarda da shi yayin saitin haɗin TLS, wanda abokin ciniki da uwar garken kawai aka sani.
source: budenet.ru