Ekuqaleni konyaka, kwingxelo malunga neengxaki ze-Intanethi kunye nokufikeleleka kwe-2018-2019
OoSihlalo beQela eliSebenzayo le-IETF TLS
Ngamafutshane, i-TLS 1.3 kufuneka ibonelele ngesiseko se-Intanethi ekhuselekileyo nesebenzayo kule minyaka ingama-20 izayo.
Phuhliso
Ngokuka-Eric Rescorla (iFirefox CTO kunye nombhali yedwa we-TLS 1.3)
"Oku kukutshintshwa okupheleleyo kwe-TLS 1.2, usebenzisa izitshixo kunye nezatifikethi ezifanayo, ngoko umxhasi kunye nomncedisi unokunxibelelana ngokuzenzekelayo nge-TLS 1.3 ukuba bobabini bayayixhasa," watsho. "Sele kukho inkxaso elungileyo kwinqanaba lethala leencwadi, kwaye iChrome kunye neFirefox yenza iTLS 1.3 ngokuzenzekelayo."
Ngokunxuseneyo, i-TLS iphelela kwiqela elisebenzayo le-IETF
Uluhlu lwangoku lwe-TLS 1.3 yomiliselo luyafumaneka kwi-Github kuye nabani na okhangela elona thala leencwadi lifanelekileyo:
Yintoni etshintshileyo ukususela kwi-TLS 1.2?
Из
“I-TLS 1.3 ilenza njani ilizwe libe yindawo engcono?
I-TLS 1.3 ibandakanya iingenelo ezithile zobugcisa-ezifana nenkqubo yokuxhawula izandla ngokulula ukuseka unxibelelwano olukhuselekileyo-kwaye ivumela abathengi ukuba baqalise ngokukhawuleza iiseshoni kunye neeseva. La manyathelo ajoliswe ekunciphiseni ukuseta unxibelelwano lwe-latency kunye nokungaphumeleli koxhulumaniso kwiikhonkco ezibuthathaka, ezihlala zisetyenziswa njengesizathu sokubonelela kuphela uqhagamshelwano lwe-HTTP olungafihlwanga.
Ngokubaluleke kakhulu, isusa inkxaso yelifa kunye nokungakhuselekanga koguqulelo oluntsonkothileyo kunye ne-hashing algorithms esavumelekileyo (nangona ingakhuthazwa) ukuba isetyenziswe kwiinguqulelo zangaphambili ze-TLS, kuquka i-SHA-1, MD5, DES, 3DES, kunye ne-AES-CBC. Ukongeza inkxaso yeesuite ze-cipher ezintsha. Olunye uphuculo lubandakanya izinto ezifihliweyo zokuxhawula isandla (umzekelo, utshintshiselwano ngolwazi lwesatifikethi lufihliwe ngoku) ukunciphisa inani leengcebiso kumntu onokuthi abe yi-traffic eavesdropper, kunye nokuphuculwa kokuthunyelwa kwemfihlo xa usebenzisa iindlela ezithile zotshintshiselwano olungundoqo ukuze unxibelelwano. ngawo onke amaxesha kufuneka ihlale ikhuselekile nokuba i-algorithms esetyenzisiweyo ukuyifihla ichaphazeleka kwixesha elizayo. "
Ukuphuhliswa kweeprothokholi zanamhlanje kunye neDDoS
Njengoko usenokuba sele ufunde, ngexesha lophuhliso lweprotocol
Izizathu zokuba kutheni oku kungafunwa zibekiwe kuxwebhu,
Ngelixa ngokuqinisekileyo singakulungelanga ukuqikelela iimfuno zolawulo, isicelo sethu sobunini bemveliso yokunciphisa i-DDoS (kubandakanya isisombululo
Kwakhona, ukususela ekuphunyezweni, akukho zingxaki ezinxulumene ne-encryption yokuthutha ziye zachongwa. Kusemthethweni: I-TLS 1.3 ilungele ukuveliswa.
Nangona kunjalo, kusekho ingxaki ehambelana nokuphuhliswa kwemigaqo yesizukulwana esilandelayo. Ingxaki kukuba inkqubela yeprothokholi kwi-IETF ixhomekeke kakhulu kuphando lwezemfundo, kwaye imeko yophando lwezifundo kwindawo yokunciphisa uhlaselo olusasazwayo lokukhanyela-inkonzo imbi.
Ngoko, umzekelo omhle uya kuba
Le yokugqibela, eneneni, inqabile kakhulu kwiindawo zeshishini lokwenyani (kwaye iyasebenza ngokuyinxenye kwii-ISPs), kwaye kuyo nayiphi na imeko ayinakwenzeka ukuba ibe "yimeko eqhelekileyo" kwihlabathi lokwenyani - kodwa ibonakala rhoqo kushicilelo lwezenzululwazi, aluxhaswanga rhoqo. ngokuvavanya yonke i-spectrum yokuhlaselwa kwe-DDoS enokwenzeka, kubandakanywa nokuhlaselwa kwenqanaba lesicelo. Eyokugqibela, ngenxa yobuncinci yokusasazwa kwe-TLS kwihlabathi liphela, ngokucacileyo ayinakubonwa ngomlinganiselo wokwenziwa kweepakethi zenethiwekhi kunye nokuhamba.
Ngokukwanjalo, okwangoku asiyazi ukuba abathengisi be-DDoS bokunciphisa izixhobo baya kuziqhelanisa njani neenyani ze-TLS 1.3. Ngenxa yobuchwephesha obuntsonkothileyo bokuxhasa iprotocol engaphandle kwebhendi, kunokuthatha ixesha ukuhlaziya.
Ukumisela iinjongo ezifanelekileyo zokukhokela uphando ngumngeni omkhulu kubanikezeli beenkonzo zokunciphisa i-DDoS. Enye indawo apho uphuhliso lunokuqala khona
umthombo: www.habr.com