ãã©ãŠã¶ãŒã Web ãµã€ããèªèšŒããã«ã¯ãæå¹ãªèšŒææžãã§ãŒã³ããã©ãŠã¶ãŒèªèº«ã«æ瀺ããŸãã å
žåçãªãã§ãŒã³ãäžã«ç€ºããŸãããè€æ°ã®äžé蚌ææžãååšããå ŽåããããŸãã æå¹ãªãã§ãŒã³å
ã®èšŒææžã®æå°æ°ã¯ XNUMX ã§ãã
ã«ãŒã蚌ææžã¯èªèšŒå±ã®äžæ žã§ãã ããã¯æåéã OS ãŸãã¯ãã©ãŠã¶ã«çµã¿èŸŒãŸããŠãããããã€ã¹äžã«ç©ççã«ååšããŸãã ãµãŒããŒåŽããã¯å€æŽã§ããŸããã ããã€ã¹ã®OSãŸãã¯ãã¡ãŒã ãŠã§ã¢ã®åŒ·å¶ã¢ããããŒããå¿ èŠã§ãã
ã»ãã¥ãªãã£ã¹ãã·ã£ãªã¹ãã®ã¹ã³ããã»ãã«ã
蚌ææ©é¢ (CA) ã®æçµèšŒææžãšäžé蚌ææžã¯ãµãŒããŒããã¯ã©ã€ã¢ã³ãã«é
ä¿¡ãããã«ãŒã蚌ææžã¯ã¯ã©ã€ã¢ã³ãããé
ä¿¡ãããŸãã ãã§ã«æã£ãŠãããããã£ãŠããã®èšŒææžã®ã³ã¬ã¯ã·ã§ã³ã䜿çšããŠãã§ãŒã³ãæ§ç¯ããWeb ãµã€ããèªèšŒã§ããŸãã
åé¡ã¯ãå蚌ææžã«ã¯æå¹æéãããããããéãããšäº€æããå¿
èŠãããããšã§ãã ããšãã°ã1 幎 2020 æ XNUMX æ¥ãããSafari ãã©ãŠã¶ãŒã®ãµãŒã㌠TLS 蚌ææžã®æå¹æéã«å¶éãå°å
¥ããäºå®ã§ãã
ããã¯ãç§ãã¡å šå¡ãå°ãªããšã 12 ãæããšã«ãµãŒããŒèšŒææžã亀æããå¿ èŠãããããšãæå³ããŸãã ãã®å¶éã¯ãµãŒããŒèšŒææžã«ã®ã¿é©çšãããŸãã ã㌠ã«ãŒã CA 蚌ææžã«é©çšãããŸãã
CA 蚌ææžã¯ç°ãªãã«ãŒã« ã»ããã«ãã£ãŠç®¡çããããããæå¹æéãç°ãªããŸãã æå¹æéã 5 幎ã®äžé蚌ææžããèçšå¹Žæ°ã 25 幎ã®ã«ãŒã蚌ææžããããããŸãã
äžé蚌ææžã¯ãµãŒããŒã«ãã£ãŠã¯ã©ã€ã¢ã³ãã«æäŸããããããéåžžã¯åé¡ã¯ãããŸããããµãŒããŒèªäœãèªèº«ã®èšŒææžãé »ç¹ã«å€æŽããããããã®éçšã§äžé蚌ææžã眮ãæããã ãã§ãã ã«ãŒã CA 蚌ææžãšã¯ç°ãªãããµãŒããŒèšŒææžãšãšãã«çœ®ãæããã®ã¯éåžžã«ç°¡åã§ãã
ãã§ã«è¿°ã¹ãããã«ãã«ãŒã CA ã¯ã¯ã©ã€ã¢ã³ã ããã€ã¹èªäœãOSããã©ãŠã¶ããŸãã¯ãã®ä»ã®ãœãããŠã§ã¢ã«çŽæ¥çµã¿èŸŒãŸããŠããŸãã ã«ãŒã CA ã®å€æŽã¯ãWeb ãµã€ãã®å¶åŸ¡ã®ç¯å²ãè¶ ããŠããŸãã ããã«ã¯ãOS ãŸãã¯ãœãããŠã§ã¢ã®ã¢ããããŒããªã©ãã¯ã©ã€ã¢ã³ãã®ã¢ããããŒããå¿ èŠã§ãã
äžéšã®ã«ãŒã CA ã¯éåžžã«é·ãéååšããŠãããçŽ 20 ïœ 25 幎ã«ãªããŸãã éããªããæãå€ãã«ãŒã CA ã®äžéšã倩寿ãå šããã寿åœãè¿ã¥ããŠããŸãã ç§ãã¡ã®ã»ãšãã©ã«ãšã£ãŠãããã¯ãŸã£ããåé¡ã«ãªããŸãããCA ãæ°ããã«ãŒã蚌ææžãäœæããOS ããã©ãŠã¶ã®ã¢ããããŒããšããŠé·å¹Žã«ãããäžçäžã«é åžãããŠããããã§ãã ããããOS ããã©ãŠã¶ãé·ãéæŽæ°ããŠããªã人ããããšãããã¯äžçš®ã®åé¡ã«ãªããŸãã
ãã®ç¶æ³ã¯ã30 幎 2020 æ 10 æ¥ã® 48:38:XNUMX GMT ã«çºçããŸããã ããã¯ãŸãã«ãã®ãšãã§ã
ããã¯ãã¹ãã¢ã«æ°ãã USERTrust ã«ãŒã蚌ææžãæããªãã¬ã¬ã·ãŒ ããã€ã¹ãšã®äºææ§ã確ä¿ããããã®çžäºçœ²åã«äœ¿çšãããŸããã
æ®å¿µãªãããåé¡ã¯åŸæ¥ã®ãã©ãŠã¶ã ãã§ãªããOpenSSL 1.0.xãLibreSSLãããã³
ææ°ã®ãã©ãŠã¶ã¯ 2.3 çªç®ã® USERTRust ã«ãŒã蚌ææžã䜿çšã§ããããããã®åé¡ã¯ã¬ã¬ã·ãŒ ã·ã¹ãã (Android 10.11ãWââindows XPãMac OS X 9ãiOS 1.0 ãªã©) ã«ã®ã¿åœ±é¿ãããšèããããŠããŸããã ãããå®éã«ã¯ãç¡æã® OpenSSL XNUMX.x ããã³ GnuTLS ã©ã€ãã©ãªã䜿çšããäœçŸãã® Web ãµãŒãã¹ã§é害ãå§ãŸããŸããã 蚌ææžãæéåãã§ããããšã瀺ããšã©ãŒ ã¡ãã»ãŒãžã衚瀺ãããå®å šãªæ¥ç¶ã確ç«ã§ããªããªããŸããã
次㞠- æå·åããŸããã
ä»åŸã®ã«ãŒã CA ã®å€æŽã®ãã XNUMX ã€ã®è¯ãäŸã¯ãLet's Encrypt èªèšŒå±ã§ãã ãã£ãš
ãAndroidããã€ã¹ã§ISRGã«ãŒããæ¡çšãããŠããªãããšãžã®æžå¿µããããã€ãã£ãã«ãŒãã®ç§»è¡æ¥ã8幎2019æ8æ¥ãã2020幎XNUMXæXNUMXæ¥ã«å€æŽããããšã決å®ããããšLet's Encryptã¯å£°æã§è¿°ã¹ãã
ãã®æ¥ä»ã¯ããã«ãŒãäŒæããšåŒã°ããåé¡ãããæ£ç¢ºã«ã¯ãã«ãŒã CA ããã¹ãŠã®ã¯ã©ã€ã¢ã³ãã«ããŸãåºãåæ£ãããŠããªãå Žåã«ã«ãŒãäŒæãè¡ãããªãããã延æããå¿ èŠããããŸããã
Let's Encrypt ã¯çŸåšãIdenTrust DST ã«ãŒã CA X3 ã«ãã§ãŒã³ãããçžäºçœ²åäžé蚌ææžã䜿çšããŠããŸãã ãã®ã«ãŒã蚌ææžã¯ 2000 幎 30 æã«çºè¡ããã2021 幎 1 æ XNUMX æ¥ã«æéåãã«ãªããŸãã ãããŸã§ã¯ãLet's Encrypt ã¯ç¬èªã®èªå·±çœ²å ISRG Root XXNUMX ã«ç§»è¡ããäºå®ã§ãã
ISRG ã«ãŒã㯠4 幎 2015 æ XNUMX æ¥ã«ãªãªãŒã¹ãããŸããã ãã®åŸãèªèšŒå±ãšããŠã®æ¿èªæç¶ããå§ãŸããèªèšŒå±ãšããŠã®æ¿èªæç¶ãã¯çµäºããã
ãããããããåé¡ãªã®ã§ãã
æºåž¯é»è©±ããã¬ãããã®ä»ã®ããã€ã¹ã 1 幎éæŽæ°ãããŠããªãå Žåãæ°ãã ISRG Root XXNUMX ã«ãŒã蚌ææžãã©ã®ããã«ããŠç¥ãããšãã§ããã®ã§ãããã? ãŸããã·ã¹ãã ã«ã€ã³ã¹ããŒã«ããªãå ŽåãLet's Encrypt ãæ°ããã«ãŒãã«åãæ¿ãããšããã«ãããã€ã¹ã¯ãã¹ãŠã® Let's Encrypt ãµãŒããŒèšŒææžãç¡å¹ã«ããŸãã ãŸããAndroid ãšã³ã·ã¹ãã ã«ã¯ãé·æéæŽæ°ãããŠããªãå€ãããã€ã¹ãå€æ°ãããŸãã
Android ãšã³ã·ã¹ãã
ããããLet's Encrypt ãç¬èªã® ISRG ã«ãŒããžã®ç§»è¡ãé
ãããäŸç¶ãšã㊠IdenTrust ã«ãŒãã«è³ãäžéã䜿çšããŠããçç±ã§ãã ãããããããã«ããŠã移è¡ã¯è¡ãããªããã°ãªããªãã ãããŠã«ãŒãå€æŽã®æ¥ä»ãå²ãåœãŠãããŸã
ISRG X1 ã«ãŒããããã€ã¹ (ãã¬ããã»ããããã ããã¯ã¹ããŸãã¯ãã®ä»ã®ã¯ã©ã€ã¢ã³ã) ã«ã€ã³ã¹ããŒã«ãããŠããããšã確èªããã«ã¯ããã¹ã ãµã€ããéããŸã
æ°ããã«ãŒããžã®ç§»è¡ãšãã課é¡ã«çŽé¢ããŠããã®ã¯ Let's Encrypt ã ãã§ã¯ãããŸããã ã€ã³ã¿ãŒãããäžã®æå·å㯠20 幎ã»ã©åã«äœ¿çšããå§ãããããçŸåšãå€ãã®ã«ãŒã蚌ææžã®æå¹æéãåããããšããŠããŸãã
ã¹ããŒã TV ãœãããŠã§ã¢ãé·å¹ŽæŽæ°ããŠããªãã¹ããŒã TV ã®ææè
ã¯ããã®åé¡ã«ééããå¯èœæ§ããããŸãã ããšãã°ãæ°ãã GlobalSign ã«ãŒã
www.bbc.co.uk (ãªãŒã) GlobalSign ECC OV SSL CA 2018 (äžçŽ) GlobalSign Root CA - R5 (äžçŽ) GlobalSign Root CA - R3 (äžçŽ)
ããã¯äžæçãªè§£æ±ºçã§ãã ã¯ã©ã€ã¢ã³ããœãããŠã§ã¢ãæŽæ°ããªãéããåé¡ã¯è§£æ±ºããŸããã ã¹ããŒã TV ã¯æ¬è³ªçã«ãLinux ãå®è¡ããæ©èœãå¶éãããã³ã³ãã¥ãŒã¿ãŒã§ãã ãããŠæŽæ°ããªããã°ããã®ã«ãŒã蚌ææžã¯å¿ ç¶çã«è ã£ãŠããŸããŸãã
ããã¯ãã¬ãã ãã§ãªããã¹ãŠã®ããã€ã¹ã«åœãŠã¯ãŸããŸãã ã€ã³ã¿ãŒãããã«æ¥ç¶ããããã¹ããŒããããã€ã¹ãšããŠå®£äŒãããŠããããã€ã¹ããæã¡ã®å Žåãè ã£ã蚌ææžã®åé¡ãã»ãŒç¢ºå®ã«ããã«é¢ä¿ããŸãã ããã€ã¹ãæŽæ°ãããŠããªãå Žåãã«ãŒã CA ã¹ãã¢ã¯æéã®çµéãšãšãã«å€ããªããæçµçã«ã¯åé¡ãè¡šé¢åããŸãã åé¡ãã©ã®çšåºŠæ©ãçºçãããã¯ãã«ãŒã ã¹ãã¢ãæåŸã«æŽæ°ãããææã«ãã£ãŠç°ãªããŸãã ããã¯ãããã€ã¹ã®å®éã®çºå£²æ¥ããæ°å¹Žåã«ãªãå¯èœæ§ããããŸãã
ã¡ãªã¿ã«ãããããäžéšã®å€§æã¡ãã£ã¢ ãã©ãããã©ãŒã ã Let's Encrypt ã®ãããªææ°ã®èªåèªèšŒå±ã䜿çšã§ããªãçç±ã§ããããš Scott Helme æ°ã¯æžããŠããŸãã ãããã¯ã¹ããŒã TV ã«ã¯é©ããŠããããã«ãŒãã®æ°ãå°ãªããããããã¬ã¬ã·ãŒ ããã€ã¹ã§ã®èšŒææžã®ãµããŒããä¿èšŒã§ããŸããã ããããªããšããã¬ãã¯ææ°ã®ã¹ããªãŒãã³ã° ãµãŒãã¹ãéå§ã§ããªããªããŸãã
AddTrust ã®ææ°ã®äºä»¶ã¯ã倧èŠæš¡ãª IT äŒæ¥ã§ãããã«ãŒã蚌ææžã®æå¹æéãåãããšããäºå®ã«å¯Ÿããåããã§ããŠããªãããšã瀺ããŸããã
ãã®åé¡ã«å¯Ÿãã解決ç㯠XNUMX ã€ã ããããã¯ã¢ããããŒãã§ãã ã¹ããŒãããã€ã¹ã®éçºè ã¯ããœãããŠã§ã¢ãšã«ãŒã蚌ææžãæŽæ°ããããã®ã¡ã«ããºã ãäºåã«æäŸããå¿ èŠããããŸãã äžæ¹ãã¡ãŒã«ãŒã«ãšã£ãŠãä¿èšŒæéãçµäºããåŸã«ããã€ã¹ã®åäœãä¿èšŒããããšã¯å©çããããŸããã
åºæïŒ habr.com