Ekuqaleni konyaka, embikweni wezinkinga ze-inthanethi nokufinyeleleka kuka-2018-2019
IETF TLS Working Group Chairs
“Ngamafuphi, i-TLS 1.3 kufanele inikeze isisekelo se-inthanethi evikeleke kakhudlwana futhi esebenza kahle eminyakeni engama-20 ezayo.”
Ukuthuthukiswa
Ngokuka-Eric Rescorla (Firefox CTO kanye nombhali oyedwa we-TLS 1.3)
“Lokhu kuwukumiselela okuphelele kwe-TLS 1.2, kusetshenziswa okhiye nezitifiketi ezifanayo, ukuze iklayenti neseva bakwazi ukuxhumana ngokuzenzakalelayo nge-TLS 1.3 uma bobabili beyisekela,” esho. "Sekuvele kukhona ukwesekwa okuhle ezingeni lomtapo wezincwadi, futhi i-Chrome neFirefox zinika amandla i-TLS 1.3 ngokuzenzakalelayo."
Ngokuhambisanayo, i-TLS igcina ngeqembu elisebenzayo le-IETF
Uhlu lwamanje lwe-TLS 1.3 olusetshenziswayo luyatholakala ku-Github kunoma ubani ofuna umtapo wolwazi ofaneleke kakhulu:
Yini eshintshile kusukela ku-TLS 1.2?
Из
“I-TLS 1.3 iwenza kanjani umhlaba ube indawo engcono?
I-TLS 1.3 ihlanganisa izinzuzo ezithile zobuchwepheshe—ezifana nenqubo yokuxhawula ngesandla eyenziwe lula ukuze kutholakale uxhumano oluvikelekile—futhi ivumela amakhasimende ukuthi aqalise kabusha ngokushesha izikhathi namaseva. Lezi zinyathelo zihloselwe ukunciphisa ukubambezeleka kokusethwa koxhumano kanye nokwehluleka kokuxhumeka kuzixhumanisi ezibuthakathaka, ezivame ukusetshenziswa njengezaba zokuhlinzeka ngoxhumo lwe-HTTP olungabethelwe kuphela.
Okubaluleke kakhulu, isusa usekelo lwamafa ambalwa kanye nokubethela okungavikelekile kanye nama-algorithms we-hashing asavunyelwe (nakuba enganconywa) ukuze asetshenziswe nezinguqulo zangaphambili ze-TLS, okuhlanganisa i-SHA-1, MD5, DES, 3DES, ne-AES-CBC. ingeza ukusekelwa kwama-cipher suite amasha. Okunye ukuthuthukiswa kufaka phakathi izici ezibethelwe kakhulu zokuxhawula (isibonelo, ukushintshaniswa kolwazi lwesitifiketi manje sekubethelwe) ukuze kuncishiswe inani lezinkomba kumuntu ongase abe umlaleli wethrafikhi, kanye nokuthuthukiswa kokudlulisa imfihlo lapho kusetshenziswa izindlela ezithile zokushintshisana ezibalulekile ukuze ukuxhumana ngaso sonke isikhathi kufanele ihlale ivikelekile ngisho noma ama-algorithms asetshenziswa ukukubethela esengozini esikhathini esizayo.”
Ukuthuthukiswa kwamaphrothokholi esimanje kanye ne-DDoS
Njengoba kungenzeka ukuthi usuvele ufunde, ngesikhathi sokuthuthukiswa kwephrothokholi
Izizathu zokuthi kungani lokhu kungase kudingeke zibekwe kudokhumenti,
Nakuba singakakulungeli ukuqagela ngezidingo zokulawula, isicelo sethu sokuphathelene nomkhiqizo wokunciphisa i-DDoS (okuhlanganisa nesixazululo
Futhi, kusukela ekusetshenzisweni, azikho izinkinga ezihlobene nokubethela kwezokuthutha ezitholiwe. Kusemthethweni: I-TLS 1.3 isilungele ukukhiqizwa.
Nokho, kusenenkinga ehambisana nokuthuthukiswa kwezivumelwano zesizukulwane esilandelayo. Inkinga ukuthi ukuqhubeka kwephrothokholi ku-IETF ngokuvamile kuncike kakhulu ocwaningweni lwezemfundo, futhi isimo socwaningo lwezemfundo emkhakheni wokunciphisa ukuhlaselwa okusatshalaliswa kokuphika-isevisi sibi.
Ngakho, isibonelo esihle kungaba
Lokhu kwakamuva, eqinisweni, kuyivelakancane kakhulu ezindaweni zangempela zamabhizinisi (futhi kusebenza kancane kuphela kuma-ISP), futhi kunoma yikuphi akunakwenzeka ukuthi kube "indaba evamile" emhlabeni wangempela - kodwa kuvela njalo ezincwadini zesayensi, ngokuvamile azisekelwe. ngokuhlola yonke i-spectrum yokuhlasela kwe-DDoS okungaba khona, okuhlanganisa ukuhlaselwa kwezinga lohlelo lokusebenza. Okwakamuva, ngenxa okungenani yokusatshalaliswa komhlaba wonke kwe-TLS, ngokusobala akukwazi ukutholwa ngesilinganiso sokwenziwa samaphakethe wenethiwekhi nokugeleza.
Ngokunjalo, asazi okwamanje ukuthi abathengisi behadiwe bokunciphisa i-DDoS bazozijwayeza kanjani namaqiniso e-TLS 1.3. Ngenxa yobunkimbinkimbi bobuchwepheshe bokusekela iphrothokholi engaphandle kwebhendi, ukuthuthukiswa kungase kuthathe isikhathi.
Ukubeka imigomo efanele yokuqondisa ucwaningo kuyinselelo enkulu kubahlinzeki besevisi yokunciphisa i-DDoS. Indawo eyodwa lapho intuthuko ingaqala khona
Source: www.habr.com