DNS ã䜿çšããŠãã¡ã€ã³åãèªèšŒããããã® DANE ãã¯ãããžãŒãšã¯äœãããŸããããããã©ãŠã¶ãŒã§åºã䜿çšãããŠããªãçç±ã«ã€ããŠèª¬æããŸãã
/ã¹ãã©ãã·ã¥è§£é€/
ããŒã³ãšã¯
èªèšŒå± (CA) ã¯ã次ã®ããšãè¡ãçµç¹ã§ãã
ãã®ãããªç¶æ³ãé¿ããããã«ãIETF ã¯æ°å¹Žåã«
DANE (DNS-based Authentication of Named Entities) ã¯ãDNSSEC (Name System Security Extensions) ã䜿çšã㊠SSL 蚌ææžã®æå¹æ§ãå¶åŸ¡ã§ããããã«ããäžé£ã®ä»æ§ã§ãã DNSSEC ã¯ãã¢ãã¬ã¹ ã¹ããŒãã£ã³ã°æ»æãæå°éã«æãããã¡ã€ã³ ããŒã ã·ã¹ãã ã®æ¡åŒµæ©èœã§ãã ããã XNUMX ã€ã®ãã¯ãããžãŒã䜿çšãããšãWeb ãã¹ã¿ãŒãŸãã¯ã¯ã©ã€ã¢ã³ã㯠DNS ãŸãŒã³ ãªãã¬ãŒã¿ãŒã® XNUMX ã€ã«é£çµ¡ãã䜿çšãããŠãã蚌ææžã®æå¹æ§ã確èªã§ããŸãã
åºæ¬çã«ãDANE ã¯èªå·±çœ²å蚌ææžãšããŠæ©èœã (ãã®ä¿¡é Œæ§ãä¿èšŒããã®ã¯ DNSSEC)ãCA ã®æ©èœãè£å®ããŸãã
ããã¯ã©ãåããã®ã§ãã
DANE ã®ä»æ§ã«ã€ããŠã¯ã次ã®ãšããã§ãã
ã¯ã©ã€ã¢ã³ãã¯ã€ã³ã¿ãŒãããäžã®ãµã€ãã«æ¥ç¶ãããã®èšŒææžã DNS ãªãã¬ãŒã¿ãŒããåãåã£ããã³ããŒããšæ¯èŒããŸãã ããããäžèŽããå ŽåããªãœãŒã¹ã¯ä¿¡é Œã§ãããšèŠãªãããŸãã
DANE wiki ããŒãžã«ã¯ãTCP ããŒã 443 ã§ã® example.org ãžã® DNS ãªã¯ãšã¹ãã®æ¬¡ã®äŸãèšèŒãããŠããŸãã
IN TLSA _443._tcp.example.org
çãã¯æ¬¡ã®ããã«ãªããŸãã
_443._tcp.example.com. IN TLSA (
3 0 0 30820307308201efa003020102020... )
DANE ã«ã¯ãTLSA 以å€ã® DNS ã¬ã³ãŒããåŠçããæ¡åŒµæ©èœãããã€ããããŸãã XNUMX ã€ç®ã¯ãSSH æ¥ç¶ã§ããŒãæ€èšŒããããã® SSHFP DNS ã¬ã³ãŒãã§ãã ã§èª¬æãããŠããŸã
DANEã®åé¡ã¯äœã§ãã
XNUMX æäžæ¬ãDNS-OARC ã«ã³ãã¡ã¬ã³ã¹ãéå¬ãããŸãã (ããã¯ããã¡ã€ã³åã·ã¹ãã ã®ã»ãã¥ãªãã£ãå®å®æ§ãéçºãæ±ãéå¶å©å£äœã§ã)ã å°é家ãããã«ãã£ã¹ã«ãã·ã§ã³ã«åå
äžè¬çãªãã©ãŠã¶ã¯ãDANE ã䜿çšãã蚌ææžèªèšŒããµããŒãããŠããŸããã åžå Žã«åºãŠãã
ç¹å¥ãªãã©ã°ã€ã³ããããŸã ãTLSA ã¬ã³ãŒãã®æ©èœãšãã®ãµããŒãã«ã€ããŠãæããã«ããŸããåŸã ã«ããã .
ãã©ãŠã¶ãŒã§ã® DANE é åžã®åé¡ã¯ãDNSSEC æ€èšŒããã»ã¹ã®é·ãã«é¢ä¿ããŠããŸãã ã·ã¹ãã ã¯ãåããŠãªãœãŒã¹ã«æ¥ç¶ãããšãã«ãSSL 蚌ææžã®ä¿¡é Œæ§ã確èªããDNS ãµãŒããŒã®ãã§ãŒã³å šäœ (ã«ãŒã ãŸãŒã³ãããã¹ã ãã¡ã€ã³ãŸã§) ãééããããã«æå·åèšç®ãå®è¡ããå¿ èŠããããŸãã
/ã¹ãã©ãã·ã¥è§£é€/
Mozilla ã¯ã¡ã«ããºã ã䜿çšããŠãã®æ¬ ç¹ã解æ¶ããããšããŸãã
DANE ã®äººæ°ãäœããã XNUMX ã€ã®çç±ã¯ãäžçã§ã® DNSSEC ã®æ®åçãäœãããšã§ãã
ãããããæ¥çã¯ç°ãªãæ¹åã«çºå±ããã§ãããã åžå Žé¢ä¿è
ã¯ãDNS ã䜿çšã㊠SSL/TLS 蚌ææžãæ€èšŒãã代ããã«ãDNS-over-TLS (DoT) ããã³ DNS-over-HTTPS (DoH) ãããã³ã«ãæšé²ããããšã«ãªããŸãã åŸè
ã«ã€ããŠã¯ã次ã®èšäºã§èšåããŸããã
ããã«èªãã¹ããã®ã¯æ¬¡ã®ãšããã§ãã
IT ã€ã³ãã©ã¹ãã©ã¯ãã£ç®¡çãèªååããæ¹æ³ - XNUMX ã€ã®ãã¬ã³ãã«ã€ããŠèª¬æãã
JMAP - é»åã¡ãŒã«ã亀æããéã« IMAP ã«ä»£ãããªãŒãã³ ãããã³ã«
ã¢ããªã±ãŒã·ã§ã³ ããã°ã©ãã³ã° ã€ã³ã¿ãŒãã§ã€ã¹ã䜿çšããŠä¿åããæ¹æ³
1cloud.ru ã®äŸã䜿çšããã¯ã©ãŠã ãµãŒãã¹ã§ã® DevOps
ã¯ã©ãŠã ã¢ãŒããã¯ãã£ã®é²å 1cloud
1cloud ãã¯ãã«ã« ãµããŒãã¯ã©ã®ããã«æ©èœããŸãã?
ã¯ã©ãŠã ãã¯ãããžãŒã«é¢ãã誀解
åºæïŒ habr.com