Yakatanga dhizaini remutemo rekugadzirisa kune Federal Mutemo "PaRuzivo, Ruzivo Tekinoroji uye Ruzivo Dziviriro", yakagadziridzwa neBazi reDigital Development, Communications uye Mass Communications. Mutemo unofunga kuunza kurambidzwa kwekushandiswa munharaunda yeRussian Federation ye "encryption protocols anoita kuti zvikwanise kuvanza zita (identifier) ββyepeji yeInternet kana saiti paInternet, kunze kwenyaya dzakatarwa ne mutemo weRussian Federation. "
Nekutyora kurambidzwa kwekushandiswa kweiyo encryption protocol inoita kuti zvikwanise kuvanza zita resaiti, zvinokurudzirwa kumisa kushanda kweInternet resource pasati papfuura 1 (rimwe) zuva rebhizinesi kubva pazuva rekuwanikwa kwekutyorwa uku. iyo yakabvumirwa federal executive body. Chinangwa chikuru chekuvhara ndeye TLS yekuwedzera (yaimbozivikanwa seESNI), inogona kushandiswa pamwe chete neTLS 1.3 uye muChina. Sezvo mazwi ari mubhiri asina kujeka uye hapana chakanangana, kunze kweECH/ESNI, zviri pamutemo, dzinenge chero maprotocol anopa yakazara encryption yenzira yekutaurirana, pamwe nemaprotocol. (DoH) uye (DoT).
Ngatiyeukei kuti kuronga basa remasaiti akati wandei eHTTPS pane imwe kero yeIP, iyo SNI yekuwedzera yakagadziridzwa panguva imwe, iyo inotumira zita remuenzi mune yakajeka mameseji muClientHello meseji inofambiswa isati yaisa encrypted nzira yekutaurirana. Iyi ficha inoita kuti ikwanise kudivi remupi weInternet kusarudza kusarudza HTTPS traffic uye kuongorora kuti ndedzipi masaiti anovhurwa nemushandisi, izvo zvisingabvumidze kuwana kuvanzika kuzere kana uchishandisa HTTPS.
ECH/ESNI inobvisa zvachose kuburitswa kweruzivo nezve saiti yakakumbirwa paunenge uchiongorora kubatana kweHTTPS. Mukubatana nekuwana kuburikidza neyemukati yekutumira network, kushandiswa kweECH / ESNI kunoitawo kuti zvikwanise kuvanza IP kero yechinyorwa chakakumbirwa kubva kune mupi - traffic yekuongorora masisitimu anoona chete zvikumbiro kuCDN uye haigone kunyorera kuvharira pasina spoofing iyo TLS. chikamu, muchiitiko icho mushandisi webrowser chiziviso chinoenderana nezvechinzvimbo chechitupa chicharatidzwa. Kana kurambidzwa kweECH / ESNI kuchiiswa, nzira chete yekurwisa mukana uyu ndeyekurambidza zvachose kuwana Content Delivery Networks (CDNs) inotsigira ECH / ESNI, zvikasadaro kurambidzwa kuchave kusingabatsiri uye kunogona kutenderedzwa nyore neCDNs.
Paunenge uchishandisa ECH/ESNI, zita remuenzi, sezviri muSNI, rinofambiswa muClientHello meseji, asi zviri mukati meiyo data inofambiswa mune ino meseji yakavharidzirwa. Encryption inoshandisa chakavanzika chakaverengerwa kubva kuseva uye makiyi evatengi. Kuti udzivise kukosha kwemunda wakatambwa kana kugashira ECH/ESNI, unofanirwa kuziva kiyi yemutengi kana sevha (pamwe nemakiyi eruzhinji evhavha kana emutengi). Ruzivo rwemakiyi eruzhinji runofambiswa kune kiyi yeseva muDNS, uye yekiyi yemutengi muClientHello meseji. Decryption zvakare inogoneka uchishandisa chakavanzika chakagovaniswa chakabvumiranwa panguva yekuseta TLS yekubatanidza, inozivikanwa chete kumutengi uye server.
Source: opennet.ru