Thaum pib ntawm lub xyoo, hauv tsab ntawv ceeb toom txog teeb meem hauv Internet thiab kev siv tau rau 2018-2019 tias kev sib kis ntawm TLS 1.3 yog qhov kev zam. Qee lub sij hawm dhau los, peb tus kheej tau xa tawm version 1.3 ntawm Txoj Cai Thauj Txheej Txheem Kev Ruaj Ntseg thiab, tom qab sau thiab txheeb xyuas cov ntaub ntawv, peb tau npaj txhij los tham txog cov yam ntxwv ntawm qhov kev hloov pauv no.
IETF TLS Cov Rooj Sib Tham Ua Haujlwm :
"Hauv luv luv, TLS 1.3 yuav tsum muab lub hauv paus rau kev nyab xeeb dua thiab siv Internet rau 20 xyoo tom ntej."
Kev loj hlob siv 10 xyoo ntev. Peb ntawm Qrator Labs, nrog rau lwm qhov ntawm kev lag luam, tau ua raws li cov txheej txheem tsim cov txheej txheem los ntawm thawj daim qauv. Nyob rau lub sijhawm no, nws yuav tsum tau sau 28 qhov sib law liag ntawm cov ntawv sau cia kom pom qhov pom ntawm qhov sib npaug thiab yooj yim rau kev xa tawm hauv 2019. Kev txhawb nqa kev lag luam rau TLS 1.3 twb tau tshwm sim lawm: kev siv cov txheej txheem pov thawj thiab txhim khu kev ruaj ntseg raws li cov kev xav tau ntawm lub sijhawm.
Raws li Eric Rescorla (Firefox CTO thiab tus kws sau ntawv ntawm TLS 1.3) :
Nws tau hais tias "Qhov no yog qhov hloov pauv tag nrho rau TLS 1.2, siv tib cov yuam sij thiab daim ntawv pov thawj, yog li tus neeg siv khoom thiab cov neeg siv khoom tuaj yeem sib txuas lus ntawm TLS 1.3 yog tias lawv ob leeg txhawb nqa," nws hais. "Tseem muaj kev txhawb nqa zoo nyob rau qib tsev qiv ntawv, thiab Chrome thiab Firefox pab TLS 1.3 los ntawm lub neej ntawd."
Nyob rau tib lub sijhawm, TLS tau xaus rau hauv pawg neeg ua haujlwm IETF , tshaj tawm cov ntawv qub ntawm TLS (tsis suav nrog TLS 1.2 nkaus xwb) siv tsis tau thiab siv tsis tau. Feem ntau, qhov kawg RFC yuav raug tso tawm ua ntej lub caij ntuj sov xaus. Qhov no yog lwm lub teeb liab rau kev lag luam IT: hloov kho encryption raws tu qauv yuav tsum tsis txhob ncua.
Daim ntawv teev cov kev siv TLS 1.3 tam sim no muaj nyob rau ntawm Github rau txhua tus uas tab tom nrhiav rau lub tsev qiv ntawv uas tsim nyog tshaj plaws: . Nws yog qhov tseeb tias kev saws me nyuam thiab kev txhawb nqa rau cov txheej txheem kho tshiab yuav yog-thiab twb tau-ua tiav sai. Kev nkag siab txog qhov tseem ceeb ntawm kev encryption tau dhau los hauv lub ntiaj teb niaj hnub no tau nthuav dav heev.
Dab tsi tau hloov txij li TLS 1.2?
Ntawm qhov :
"TLS 1.3 ua rau lub ntiaj teb zoo dua li cas?
TLS 1.3 suav nrog qee qhov txiaj ntsig zoo-xws li kev sib koom tes yooj yim los tsim kom muaj kev sib txuas ruaj ntseg-thiab tseem tso cai rau cov neeg siv khoom rov pib dua sai dua nrog cov servers. Cov kev ntsuas no yog npaj los txo qis kev sib txuas teeb tsa latency thiab kev sib txuas tsis ua haujlwm ntawm cov kev sib txuas tsis muaj zog, uas feem ntau yog siv los ua kev ncaj ncees rau kev muab kev sib txuas HTTP nkaus xwb uas tsis tau encrypted.
Ib yam li qhov tseem ceeb, nws tshem tawm kev txhawb nqa rau ntau qhov qub txeeg qub teg thiab tsis muaj kev ruaj ntseg encryption thiab hashing algorithms uas tseem tso cai (tab sis tsis pom zoo) rau siv nrog cov versions dhau los ntawm TLS, suav nrog SHA-1, MD5, DES, 3DES, thiab AES-CBC. ntxiv kev txhawb nqa rau cov tshiab cipher suites. Lwm yam kev txhim kho muaj xws li ntau encrypted ntsiab ntawm kev sib tuav tes (piv txwv li, kev sib pauv ntawm daim ntawv pov thawj cov ntaub ntawv tam sim no encrypted) kom txo tau tus nqi ntawm cov lus qhia rau ib tug muaj peev xwm khiav tsheb eavesdropper, nrog rau kev txhim kho rau xa mus rau secrecy thaum siv tej yam kev pauv tseem ceeb hom kom kev sib txuas lus. Txhua lub sijhawm yuav tsum nyob ruaj ntseg txawm tias cov algorithms siv los encrypt nws raug cuam tshuam rau yav tom ntej. "
Kev tsim kho cov txheej txheem niaj hnub thiab DDoS
Raws li koj tau nyeem lawm, thaum lub sij hawm tsim kho raws tu qauv , hauv IETF TLS pawg ua haujlwm . Tam sim no nws yog qhov tseeb tias cov tuam txhab lag luam (nrog rau cov tuam txhab nyiaj txiag) yuav tsum tau hloov txoj hauv kev uas lawv ruaj ntseg lawv tus kheej lub network kom haum raws li cov txheej txheem tam sim no built-in. .
Cov laj thawj vim li cas qhov no yuav tsum tau teev tseg hauv cov ntaub ntawv, . Daim ntawv 20-nplooj hais txog ntau qhov piv txwv uas ib lub tuam txhab yuav xav txiav txim siab tawm ntawm kev khiav tsheb (uas PFS tsis tso cai) rau kev saib xyuas, ua raws li txheej txheem (L7) DDoS tiv thaiv lub hom phiaj.
Thaum peb yeej tsis tau npaj los xav txog cov kev cai tswjfwm, peb daim ntawv thov tsim nyog DDoS cov khoom txo qis (nrog rau kev daws teeb meem rhiab thiab / lossis cov ntaub ntawv tsis pub lwm tus paub) tau tsim nyob rau xyoo 2012 coj PFS rau hauv tus account, yog li peb cov neeg siv khoom thiab cov neeg koom tes tsis tas yuav hloov pauv lawv cov kev tsim kho tom qab hloov kho TLS version ntawm server sab.
Tsis tas li ntawd, txij li kev siv, tsis muaj teeb meem cuam tshuam txog kev thauj mus los encryption tau raug txheeb xyuas. Nws yog official: TLS 1.3 yog npaj rau ntau lawm.
Txawm li cas los xij, tseem muaj teeb meem cuam tshuam nrog kev txhim kho cov txheej txheem txuas ntxiv mus. Qhov teeb meem yog tias cov txheej txheem kev nce qib hauv IETF feem ntau yog nyob ntawm kev tshawb fawb kev kawm, thiab lub xeev ntawm kev tshawb fawb kev kawm hauv thaj tsam ntawm kev txo qis kev tsis lees paub ntawm kev pabcuam kev tawm tsam yog qhov tsis txaus ntseeg.
Yog li, piv txwv zoo yuav yog IETF tsab ntawv "QUIC Manageability," ib feem ntawm QUIC raws tu qauv suite yav tom ntej, hais tias "cov txheej txheem niaj hnub rau kev kuaj xyuas thiab txo qis [DDoS tawm tsam] feem ntau koom nrog kev ntsuas kev siv cov ntaub ntawv ntws hauv network."
Qhov kawg yog, qhov tseeb, tsis tshua muaj nyob rau hauv qhov chaw ua lag luam tiag tiag (thiab tsuas yog siv tau rau ISPs), thiab nyob rau hauv txhua rooj plaub tsis zoo li yuav yog "cov ntaub ntawv dav dav" hauv ntiaj teb tiag tiag - tab sis tshwm sim tas li hauv cov ntawv tshaj tawm tshawb fawb, feem ntau tsis txhawb nqa. los ntawm kev sim tag nrho cov spectrum ntawm qhov muaj peev xwm DDoS tawm tsam, suav nrog kev siv qib kev tawm tsam. Qhov kawg, vim tsawg kawg yog qhov kev xa tawm thoob ntiaj teb ntawm TLS, pom tseeb tsis tuaj yeem kuaj pom los ntawm kev ntsuas tsis zoo ntawm cov pob ntawv network thiab ntws.
Ib yam li ntawd, peb tseem tsis tau paub yuav ua li cas DDoS txo cov neeg muag khoom kho vajtse yuav hloov mus rau qhov tseeb ntawm TLS 1.3. Vim muaj kev nyuaj ntawm kev txhawb nqa cov txheej txheem tawm ntawm pawg, kev txhim kho yuav siv sij hawm qee lub sijhawm.
Teem lub hom phiaj zoo los qhia kev tshawb fawb yog qhov nyuaj rau DDoS cov chaw muab kev pab cuam txo qis. Ib cheeb tsam uas kev loj hlob tuaj yeem pib yog ntawm IRTF, qhov twg cov kws tshawb fawb tuaj yeem koom tes nrog kev lag luam los kho lawv tus kheej kev paub txog kev lag luam nyuaj thiab tshawb nrhiav txoj hauv kev tshiab ntawm kev tshawb fawb. Peb kuj tau txais tos txais tos txhua tus kws tshawb fawb, yog tias muaj - peb tuaj yeem tiv tauj nrog cov lus nug lossis cov lus qhia ntsig txog DDoS kev tshawb fawb lossis SMART pawg tshawb fawb ntawm
Tau qhov twg los: www.hab.com