äžæçãªå±éºããã®ä¿è·ãåŸãããã«èªç±ãæŸæ£ããããšããè ã«ã¯ãèªç±ã«ãå®å šã«ãå€ããŸããã
- ãã³ãžã£ãã³ã»ãã©ã³ã¯ãªã³
ãã®ãã€ãžã§ã¹ãã¯ããã©ã€ãã·ãŒã®åé¡ã«å¯Ÿããã³ãã¥ããã£ã®é¢å¿ãé«ããããšãç®çãšããŠããŸãã
è°é¡:
- èªèšŒå±
ãäžéã«ãŒã CAã ãããã³ã«ããŒã¹ã®èšŒææžæ€èšŒãå°å ¥OCSP - OCSP ãããã³ã«ã®æ©èœ: Expect-Staple ããããŒãå¿ èŠãªçç±
- ããªããå€ãžãæåŸ
ããŸã
ããã£ã¢ã ãµããŒããŒãã¢ãã 3 æ XNUMX æ¥ - æ å ±ã»ãã¥ãªãã£ãã€ã³ã¿ãŒããã ãã©ã€ãã·ãŒãMedium ãããã¯ãŒã¯ã®éçºã«é¢å¿ãæã€æ奜家ã®äŒå
æãåºããŠãã ãã - ãäžããšã¯äœã§ãã?
M ïŒè±èª M ïœã仲ä»è
ãããªãªãžãã«ã¹ããŒã¬ã³ïœ ããªãã®ãã©ã€ãã·ãŒãæ±ããªãã§ãã ããã ãããåãæ»ã; è±èªã§ããã®èšè ããã£ã¢ã ãäžéããæå³ããŸã) - ãããã¯ãŒã¯ ã¢ã¯ã»ã¹ ãµãŒãã¹ãæäŸãããã·ã¢ã®åæ£åã€ã³ã¿ãŒããã ãããã€ããŒ
æ£åŒå: Medium Internet Service Providerã åœåããã®ãããžã§ã¯ãã¯æ¬¡ã®ããã«èããããŸãã
Wi-Fi ç¡ç·ããŒã¿äŒéæè¡ã®äœ¿çšãéããŠãšã³ããŠãŒã¶ãŒã« I2019P ãããã¯ãŒã¯ ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãæäŸããããšã«ãããç¬ç«ããé»æ°éä¿¡ç°å¢ã®æ§ç¯ã®äžç°ãšã㊠2 幎 XNUMX æã«èšç«ãããŸããã
ç®æšãšç®æš
1幎2019æXNUMXæ¥ããã·ã¢é£éŠã®çŸå€§çµ±é ã¯çœ²åããã
Medium ã¯ãŠãŒã¶ãŒã«ãããã¯ãŒã¯ ãªãœãŒã¹ãžã®ç¡æã¢ã¯ã»ã¹ãæäŸããŸã
å ¬ççµç¹ãèšç«ããéãã³ãã¥ããã£ã¯æ¬¡ã®ç®æšãè¿œæ±ããŸããã
- ãã©ã€ãã·ãŒã®åé¡ã«äžéã®æ³šç®ãéãã
- I2Pãããã¯ãŒã¯å ã®ãã©ã³ãžããããŒãã®ç·æ°ãå¢ãã
- ãçŽç²ãªãã€ã³ã¿ãŒãããã®æãäžè¬çãªãµã€ãã眮ãæããããšãã§ããç¬èªã® I2P ãµãŒãã¹ã®ãšã³ã·ã¹ãã ãäœæããŸã
- äžéè æ»æã®å¯èœæ§ãæé€ããããã«ãMedium ãããã¯ãŒã¯å ã«å ¬éã㌠ã€ã³ãã©ã¹ãã©ã¯ãã£ãäœæããŸãã
- I2P ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ããã䟿å©ã«ããããã«ç¬èªã®ãã¡ã€ã³ ããŒã ã·ã¹ãã ãäœæãã
Medium ãšã¯äœãã«ã€ããŠè©³ããã¯ã以äžãã芧ãã ããã
Medium Root CA èªèšŒå±ã¯ãOCSP ãããã³ã«ã䜿çšãã蚌ææžæ€èšŒãå°å ¥ããŸã
å°ãåãŸã§ãMedium Root CA 蚌ææ©é¢ã¯ã蚌ææžå€±å¹ãªã¹ã (CRL) ã«å ããŠãOCSP ãããã³ã«ã䜿çšããŠèšŒææžãæ€èšŒããæ©èœããããã¯ãŒã¯ ãŠãŒã¶ãŒã«æäŸããŠããŸããã
OCSP (Online Certificate Status Protocol) ã¯ãSSL 蚌ææžã®ã¹ããŒã¿ã¹ããã§ãã¯ããããã®ã€ã³ã¿ãŒããã ãããã³ã«ã§ããããã¯ãCRL (蚌ææžå€±å¹ãªã¹ã) 蚌ææžã䜿çšããŠä»¥åã«è¡ãããŠãããã®ãããé«éã§ä¿¡é Œæ§ãé«ããªããŸãã
OCSP ãããã³ã«ã¯æ¬¡ã®ããã«æ©èœããŸãããšã³ã ãŠãŒã¶ãŒã¯ãµãŒããŒã«ãªã¯ãšã¹ããéä¿¡ã㊠SSL 蚌ææžã«é¢ããæ å ±ãååŸãããµãŒããŒã¯æ¬¡ã®ããããã®å¿çãè¿ããŸãã
- è¯å¥œ â SSL 蚌ææžã¯å€±å¹ãŸãã¯ãããã¯ãããŠããŸããã
- revoked â SSL 蚌ææžã倱å¹ããŸããã
- äžæ â ãµãŒããŒãçºè¡è ãèªèããŠããªããããSSL 蚌ææžã®ã¹ããŒã¿ã¹ãèšå®ã§ããŸããã§ããã
OCSP ãããã³ã«ã®æ©èœ: Expect-Staple ããããŒãå¿ èŠãªçç±
Expect-Staple 㯠HTTP ã»ãã¥ãªã㣠ããããŒã§ãã ãã®ç®çã¯ãOCSP Stapling ã®ååšã宣èšãããŠããããå®éã«ã¯ååšããªããã¢ã¯ã»ã¹ã§ããªãå Žåã«ãã©ã®ã¢ãã¬ã¹ã«èŠæ ãæžã蟌ããããã©ãŠã¶ã«æ瀺ã§ãããã£ãŒã«ãããµãŒããŒã® HTTP å¿çå ã«é 眮ããããšã§ãã
ãã®ããããŒã䜿çšãããšããµãŒãã¹ ãªãã¬ãŒã¿ãŒã¯ OCSP ã¹ããŒããªã³ã°ã®å€±æã«é¢ããæ å ±ã®åä¿¡ãæ§æã§ããŸãã
ããããŒã®èšå®ã¯éåžžã«ç°¡åã§ãã
Expect-Staple: max-age=31536000; report-uri="https://scotthelme.report-uri.io/r/d/staple"; includeSubDomains; preload
OCSP Stapling ã«é¢ããããã«åœ¹ç«ã€æ
å ±ãèŠã€ãããŸãã
3 æ XNUMX æ¥ã«éå¬ããããµã㌠ããã£ã¢ã ãµã㌠ããŒãã¢ããã«ãæåŸ ããŸãã
ããã£ã¢ã ãµããŒããŒãã¢ãã æ
å ±ã»ãã¥ãªãã£ãã€ã³ã¿ãŒãããäžã®ãã©ã€ãã·ãŒãéçºã«é¢å¿ãæã€æ奜家ã®éãŸãã§ã
ç§ãã¡ã¯å®æçã«éãŸããéçºäžã®ãããžã§ã¯ãã«é¢ããæãéèŠãªåé¡ã«ã€ããŠè©±ãåããŸãã
ã€ã³ã¿ãŒãããäžã®æ
å ±ã»ãã¥ãªãã£ãšãã©ã€ãã·ãŒã«é¢å¿ã®ããæ¹ã¯ãã²ãåå ãã ããã ããã£ã¢ã ãµããŒããŒãã¢ãã - æ°ããç¥èãåãèããæã€äººã
ãšåºäŒããå€ãã®æçãªé£çµ¡å
ãåŸãæ©äŒã åå ã¯ç¡æã§ã
ããŒãã¢ããã¯ãæ
å ±ã»ãã¥ãªãã£ãã€ã³ã¿ãŒãããäžã®ãã©ã€ãã·ãŒãéçºã«é¢é£ããæãå·®ãè¿«ã£ãåé¡ã«ã€ããŠã®éå
¬åŒãã£ã¹ã«ãã·ã§ã³ã®åœ¢åŒã§éå¬ãããŸãã
äœãäŒããã:
- ãåæ£åã€ã³ã¿ãŒããããããã€ããŒãããã£ã¢ã ã: ãããã¯ãŒã¯ãšãã®ãªãœãŒã¹ã®äœ¿çšã«é¢ããäžè¬çãªåé¡ã«é¢ããæè²ããã°ã©ã ããããã€ã«ã»ããã£ããã
è¬æŒè ã¯ãåæ£åã€ã³ã¿ãŒããã ãããã€ããŒãMediumããšã¯äœãããŸãããã§ãªããã®ã«ã€ããŠèª¬æãããããã¯ãŒã¯ã®æ©èœããã¢ã³ã¹ãã¬ãŒã·ã§ã³ãããããã¯ãŒã¯æ©åšãé©åã«æ§æãããããã¯ãŒã¯ ãªãœãŒã¹ã䜿çšããæ¹æ³ã説æããŸãã
â ãMedium ãããã¯ãŒã¯äœ¿çšæã®ã»ãã¥ãªãã£: Eepsite ã«ã¢ã¯ã»ã¹ãããšãã« HTTPS ã䜿çšããå¿ èŠãããçç±ããMikhail Podivilov
Medium ãªãã¬ãŒã¿ãæäŸããã¢ã¯ã»ã¹ ãã€ã³ããä»ããŠãããã¯ãŒã¯ã«æ¥ç¶ããŠããå Žåã«ãI2P ãããã¯ãŒã¯ ãµãŒãã¹ã䜿çšãããšãã« HTTPS ãããã³ã«ã䜿çšããå¿ èŠãããçç±ã«é¢ããã¬ããŒãã
â ãHyperSphere ãããžã§ã¯ããšå®éã®èªå·±çµç¹åãããã¯ãŒã¯ã®æ§ç¯ã«ã€ããŠ: ã±ãŒã¹ãšãœãããŠã§ã¢ããAlexey Vesnin
è¬æŒè ã¯ãHyperSphere ãããžã§ã¯ããšãã®ãããªãããã¯ãŒã¯ã®å®éã®äœ¿çšäºäŸã«ã€ããŠè©±ããŸãã
å ¬æŒãªã¹ãã¯é 次远å ããŠãŸãããŸãã
åºæŒãããã§ããïŒ
äœãè°è«ããã:
ããããã ãäžããããã¯ãŒã¯ã®è¿œå ãã©ã³ã¹ããŒããšã㊠- ããã¹ãããããªãã¹ãã?
å°ãåã«ã³ãã¥ããã£ã§
ãäžããããã¯ãŒã¯ã®ãµãŒãã¹ã®ãšã³ã·ã¹ãã - æãå¿ èŠãªãµãŒãã¹ãšãã®éçº
ãã°ããåã«ç§ãã¡ã¯
çŸæç¹ã§ãç§ãã¡ã¯ãããã¯ãŒã¯å ã§æãå¿ èŠãã€èŠæ±ãããŠãããµãŒãã¹ãšãã®åŸã®å®è£ ã«ã€ããŠè°è«ãããšããéèŠãªèª²é¡ã«çŽé¢ããŠããŸãã
ãã®äžã§ïŒã¡ãŒã«ãµãŒãã¹ãããã°ãã©ãããã©ãŒã ããã¥ãŒã¹ããŒã¿ã«ãæ€çŽ¢ãšã³ãžã³ããã¹ãã£ã³ã°ãµãŒãã¹ãªã©ã
ãäžããããã¯ãŒã¯éçºã®é·æèšç»
ãã¹ãŠã®è³ªåã¯ãäœããã®åœ¢ã§ãMediumã蚌ææžãšãã®ãªãœãŒã¹ã®éçºã«é¢é£ããŠããŸããã
âŠãããŠä»ã«ãåæ§ã«èå³æ·±ã質åããããŸã!
ãããªã±ãŒã·ã§ã³ãžã®ã³ã¡ã³ãã§ãã£ã¹ã«ãã·ã§ã³ã®ãããã¯ãææ¡ã§ããŸãã
åå ããã«ã¯å¿
èŠãªãã®
åå è
ã®éãŸããšç»é²ïŒ11ïŒ30
亀æµäŒã¹ã¿ãŒãïŒ12ïŒ00
ã€ãã³ãã®ããããã®çµäºæéïŒ15ïŒ00
ã¢ãã¬ã¹: ã¢ã¹ã¯ã¯ãå°äžéã³ããŒã¡ã³ã¹ã«ã€é§
ãã³ããŒã¡ã³ã¹ã³ãšå
Œ
æ¥ãŠãã ãããç§ãã¡ã¯ããªããåŸ ã£ãŠããŸãïŒ
調æŽã¯ãã£ãã«äžã§è¡ãããŸã
ãã·ã¢ã®ç¡æã€ã³ã¿ãŒãããã¯ããªãããå§ãŸããŸã
ä»æ¥ããã·ã¢ã«ãããç¡æã€ã³ã¿ãŒãããã®ç¢ºç«ã«ããããæ¯æŽãæäŸããããšãã§ããŸãã ç§ãã¡ã¯ãããã¯ãŒã¯ãã©ã®ããã«æ¯æŽã§ããããæ£ç¢ºã«ãŸãšããå æ¬çãªãªã¹ããäœæããŸããã
- å人ãååã« Medium ãããã¯ãŒã¯ã«ã€ããŠç¥ãããŠãã ããã å
±æ
åç §ã«ãã ãœãŒã·ã£ã«ãããã¯ãŒã¯ãŸãã¯å人ã®ããã°ã§ãã®èšäºã«ã¢ã¯ã»ã¹ããŠãã ãã - Medium ãããã¯ãŒã¯äžã®æè¡çãªåé¡ã®ãã£ã¹ã«ãã·ã§ã³ã«åå ãã
GitHub㧠- åå ãã
OpenWRTãã£ã¹ããªãã¥ãŒã·ã§ã³ã®éçº ãäžèŠæš¡ãããã¯ãŒã¯ã§åäœããããã«èšèšãããŠããŸãã - I2P ãããã¯ãŒã¯äžã« Web ãµãŒãã¹ãäœæãã
äžèŠæš¡ãããã¯ãŒã¯ã® DNS - äžããŠãã ãã
ã¢ã¯ã»ã¹ã»ãã€ã³ã äžèŠæš¡ãããã¯ãŒã¯ãž
以åã®ãªãªãŒã¹:
ãåç §ããŠãã ããïŒ
ç§ãã¡ã¯ãã¬ã°ã©ã ãå©çšããŠããŸã:
ç»é²ãŠãŒã¶ãŒã®ã¿ãã¢ã³ã±ãŒãã«åå ã§ããŸãã
代æ¿æ祚: ããã¬ã«ã€ããŠååãªæ å ±ãæã£ãŠããªã人ã ã®æèŠãç¥ãããšã¯ç§ãã¡ã«ãšã£ãŠéèŠã§ã
-
â
-
â
6 人ã®ãŠãŒã¶ãŒãæ祚ããŸããã 2åã®ãŠãŒã¶ãŒãæ£æš©ããã
åºæïŒ habr.com