Ekuqaleni konyaka, embikweni wezinkinga ze-inthanethi nokufinyeleleka kuka-2018-2019 ukuthi ukusabalala kwe-TLS 1.3 akunakugwenywa. Esikhathini esidlule, thina ngokwethu satshala inguqulo 1.3 yephrothokholi Yezokuphepha Kwezendlalelo Zezokuthutha futhi, ngemva kokuqoqa nokuhlaziya idatha, ekugcineni sesikulungele ukukhuluma ngezici zalolu shintsho.
IETF TLS Working Group Chairs :
“Ngamafuphi, i-TLS 1.3 kufanele inikeze isisekelo se-inthanethi evikeleke kakhudlwana futhi esebenza kahle eminyakeni engama-20 ezayo.”
Ukuthuthukiswa kwathatha iminyaka eyi-10. Thina kwa-Qrator Labs, kanye nayo yonke imboni, siyilandele eduze inqubo yokudala iphrothokholi kusukela kokusalungiswa kokuqala. Ngalesi sikhathi, bekudingeka ukuthi kubhalwe izinguqulo ezingama-28 ezilandelanayo zohlaka ukuze ekugcineni kubonakale ukukhanya kwephrothokholi ebhalansile futhi kulula ukuyisebenzisa ngo-2019. Ukusekelwa kwemakethe okusebenzayo kwe-TLS 1.3 sekuvele kubonakala: ukuqaliswa kwephrothokholi yokuphepha efakazelwe futhi enokwethenjelwa ihlangabezana nezidingo zezikhathi.
Ngokuka-Eric Rescorla (Firefox CTO kanye nombhali oyedwa we-TLS 1.3) :
“Lokhu kuwukumiselela okuphelele kwe-TLS 1.2, kusetshenziswa okhiye nezitifiketi ezifanayo, ukuze iklayenti neseva bakwazi ukuxhumana ngokuzenzakalelayo nge-TLS 1.3 uma bobabili beyisekela,” esho. "Sekuvele kukhona ukwesekwa okuhle ezingeni lomtapo wezincwadi, futhi i-Chrome neFirefox zinika amandla i-TLS 1.3 ngokuzenzakalelayo."
Ngokuhambisanayo, i-TLS igcina ngeqembu elisebenzayo le-IETF , ememezela izinguqulo ezindala ze-TLS (ngaphandle kwe-TLS 1.2 kuphela) njengeziphelelwe yisikhathi futhi azisebenziseki. Kungenzeka ukuthi i-RFC yokugcina izokhishwa ngaphambi kokuphela kwehlobo. Lesi esinye isignali embonini ye-IT: ukuvuselela amaphrothokholi wokubethela akufanele kubambezeleke.
Uhlu lwamanje lwe-TLS 1.3 olusetshenziswayo luyatholakala ku-Github kunoma ubani ofuna umtapo wolwazi ofaneleke kakhulu: . Kuyacaca ukuthi ukutholwa nokusekelwa kwephrothokholi ebuyekeziwe kuzoba-futhi kakade-kuqhubeka ngokushesha. Ukuqonda ukuthi ukubethela okuyisisekelo sekube kanjani emhlabeni wanamuhla kusabalele kakhulu.
Yini eshintshile kusukela ku-TLS 1.2?
Из :
“I-TLS 1.3 iwenza kanjani umhlaba ube indawo engcono?
I-TLS 1.3 ihlanganisa izinzuzo ezithile zobuchwepheshe—ezifana nenqubo yokuxhawula ngesandla eyenziwe lula ukuze kutholakale uxhumano oluvikelekile—futhi ivumela amakhasimende ukuthi aqalise kabusha ngokushesha izikhathi namaseva. Lezi zinyathelo zihloselwe ukunciphisa ukubambezeleka kokusethwa koxhumano kanye nokwehluleka kokuxhumeka kuzixhumanisi ezibuthakathaka, ezivame ukusetshenziswa njengezaba zokuhlinzeka ngoxhumo lwe-HTTP olungabethelwe kuphela.
Okubaluleke kakhulu, isusa usekelo lwamafa ambalwa kanye nokubethela okungavikelekile kanye nama-algorithms we-hashing asavunyelwe (nakuba enganconywa) ukuze asetshenziswe nezinguqulo zangaphambili ze-TLS, okuhlanganisa i-SHA-1, MD5, DES, 3DES, ne-AES-CBC. ingeza ukusekelwa kwama-cipher suite amasha. Okunye ukuthuthukiswa kufaka phakathi izici ezibethelwe kakhulu zokuxhawula (isibonelo, ukushintshaniswa kolwazi lwesitifiketi manje sekubethelwe) ukuze kuncishiswe inani lezinkomba kumuntu ongase abe umlaleli wethrafikhi, kanye nokuthuthukiswa kokudlulisa imfihlo lapho kusetshenziswa izindlela ezithile zokushintshisana ezibalulekile ukuze ukuxhumana ngaso sonke isikhathi kufanele ihlale ivikelekile ngisho noma ama-algorithms asetshenziswa ukukubethela esengozini esikhathini esizayo.”
Ukuthuthukiswa kwamaphrothokholi esimanje kanye ne-DDoS
Njengoba kungenzeka ukuthi usuvele ufunde, ngesikhathi sokuthuthukiswa kwephrothokholi , eqenjini elisebenzayo le-IETF TLS . Manje sekuyacaca ukuthi amabhizinisi angawodwana (kuhlanganise nezikhungo zezimali) kuzofanele aguqule indlela avikela ngayo inethiwekhi yawo ukuze akwazi ukwamukela le nqubo eyakhelwe ngaphakathi. .
Izizathu zokuthi kungani lokhu kungase kudingeke zibekwe kudokhumenti, . Iphepha elinamakhasi angu-20 likhuluma ngezibonelo ezimbalwa lapho ibhizinisi lingase lifune ukususa ukubhala ngethrafikhi engaphandle kwebhendi (i-PFS engayivumeli) ukuze kuqashwe, ukuthobelana noma isendlalelo sohlelo lokusebenza (L7) izinjongo zokuvikela i-DDoS.
Nakuba singakakulungeli ukuqagela ngezidingo zokulawula, isicelo sethu sokuphathelene nomkhiqizo wokunciphisa i-DDoS (okuhlanganisa nesixazululo ulwazi olubucayi kanye/noma oluyimfihlo) lwadalwa ngo-2012 kucatshangelwa i-PFS, ngakho amakhasimende ethu nozakwethu abazange badinge ukwenza izinguquko engqalasizinda yabo ngemva kokubuyekeza inguqulo ye-TLS ohlangothini lweseva.
Futhi, kusukela ekusetshenzisweni, azikho izinkinga ezihlobene nokubethela kwezokuthutha ezitholiwe. Kusemthethweni: I-TLS 1.3 isilungele ukukhiqizwa.
Nokho, kusenenkinga ehambisana nokuthuthukiswa kwezivumelwano zesizukulwane esilandelayo. Inkinga ukuthi ukuqhubeka kwephrothokholi ku-IETF ngokuvamile kuncike kakhulu ocwaningweni lwezemfundo, futhi isimo socwaningo lwezemfundo emkhakheni wokunciphisa ukuhlaselwa okusatshalaliswa kokuphika-isevisi sibi.
Ngakho, isibonelo esihle kungaba Uhlaka lwe-IETF oluthi “QUIC Manageability,” oluyingxenye ye-QUIC protocol suite ezayo, luthi “izindlela zesimanje zokuthola nokunciphisa [ukuhlasela kwe-DDoS] ngokuvamile zibandakanya ukulinganisa okwenziwayo kusetshenziswa idatha yokugeleza kwenethiwekhi.”
Lokhu kwakamuva, eqinisweni, kuyivelakancane kakhulu ezindaweni zangempela zamabhizinisi (futhi kusebenza kancane kuphela kuma-ISP), futhi kunoma yikuphi akunakwenzeka ukuthi kube "indaba evamile" emhlabeni wangempela - kodwa kuvela njalo ezincwadini zesayensi, ngokuvamile azisekelwe. ngokuhlola yonke i-spectrum yokuhlasela kwe-DDoS okungaba khona, okuhlanganisa ukuhlaselwa kwezinga lohlelo lokusebenza. Okwakamuva, ngenxa okungenani yokusatshalaliswa komhlaba wonke kwe-TLS, ngokusobala akukwazi ukutholwa ngesilinganiso sokwenziwa samaphakethe wenethiwekhi nokugeleza.
Ngokunjalo, asazi okwamanje ukuthi abathengisi behadiwe bokunciphisa i-DDoS bazozijwayeza kanjani namaqiniso e-TLS 1.3. Ngenxa yobunkimbinkimbi bobuchwepheshe bokusekela iphrothokholi engaphandle kwebhendi, ukuthuthukiswa kungase kuthathe isikhathi.
Ukubeka imigomo efanele yokuqondisa ucwaningo kuyinselelo enkulu kubahlinzeki besevisi yokunciphisa i-DDoS. Indawo eyodwa lapho intuthuko ingaqala khona e-IRTF, lapho abacwaningi bengasebenzisana nemboni ukuze bacwengisise ulwazi lwabo lwemboni eyinselele futhi bahlole izindlela ezintsha zocwaningo. Siphinde futhi sibamukele ngemfudumalo bonke abacwaningi, uma kuba khona - singathintwa imibuzo noma iziphakamiso ezihlobene nocwaningo lwe-DDoS noma iqembu locwaningo lwe-SMART ku-
Source: www.habr.com