Slide 1
Slide 1 text
5-4ͱͦͷपลͷඪ४Խಈ
Ԟ Ұึ
݄
Slide 2
Slide 2 text
• $%/اۀʮ'BTUMZʯͷϓϩάϥϚ
• )551࣮ʮ)0ʯͷओ։ൃऀ
– QJDPUMT 5-4
RVJDMZ 26*$
• ࠷ۙॳΊͯͷ3'$͕ग़·ͨ͠
– 3'$ r &BSMZ)JOUTGPS)551
ࣗݾհ
Slide 3
Slide 3 text
• 5-4
– 6TJOH&BSMZ%BUBJO)551
– 0TTJGJDBUJPO
• %5-4
• &YQPSUFE"VUIFOUJDBUPST
– 4FDPOEBSZ $FSUJGJDBUFTGPS)551
• $FSUJGJDBUF$PNQSFTTJPO
• 4/*&ODSZQUJPO
"HFOEB
Slide 4
Slide 4 text
5-4
&BSMZ%BUB
0TTJGJDBUJPO
Slide 5
Slide 5 text
• ࣮࣭ 5-4
• ESBGU
• 4VCNJUUFEUP*&4(GPS1VCMJDBUJPO
5-4
Slide 6
Slide 6 text
• ϋϯυγΣΠΫͷ࠶ઃܭ
– ʙ355Ͱͷଓཱ֬
– ҉߸Խ
– 'PSXBSE4FDSFDZ લํൿಗੑ
• τϥοΩϯάࢭ
– 1FSWBTJWF.POJUPSJOHJTBO"UUBDL #$1
– ϫϯΦϑͷηογϣϯνέοτ
– ূ໌ॻͷ҉߸Խ
• "&"%લఏͷϨίʔυϨΠϠ
5-4ͷಛ
Slide 7
Slide 7 text
Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
3,2 lu
3,2 T 133 O K
ClientHello
ServerHello
Cer@ficate
Cer@ficateVerify
Finished
Client Server
Applica@on Data
_
Session Ticket(s)
Finished
Slide 8
Slide 8 text
Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
3,2 lu
3,2 T 133 O K
ClientHello
ServerHello
EncryptedExtensions
Cer@ficate
Cer@ficateVerify
Finished
Finished
Client Server
(EC)DH + d
(EC)DH
d
d
d MAC
MAC
MAC
Applica@on Data
Session Ticket(s)
(EC)DH _
Slide 9
Slide 9 text
ϋϯυγΣΠΫͷߟ͑ํ
• 5-4
– ύϥϝʔλަͷޙʹެ։ݤɾূ໌ॻΛަ
• 5-4
– ͍͖ͳΓެ։ݤަ
• ಉ࣌ʹύϥϝʔλަ
• ެ։ݤͷํ͕ࣜҟͳΔ߹ϦτϥΠ
– ݤަ͕ऴΘͬͨΒ҉߸Խ
• ͦͷޙʹূ໌ॻަ
Slide 10
Slide 10 text
• ಛघͳ4FSWFS)FMMP
– SBOEPNϑΟʔϧυͷϚδοΫφϯόʔͰࣝผ
• $'"%&"#&%$&ʜ
– $MJFOU)FMMPͷ࠶ૹ৴Λཁٻ
)FMMP3FUSZ3FRVFTU
Slide 11
Slide 11 text
• $MJFOU)FMMP 4FSWFS)FMMP
– ฏจͷύϥϝʔλ
– ΫϥΠΞϯτ͕࠷ॳʹૹ৴ɺαʔό͕Ԡ
• &ODSZQUFE&YUFOTJPOT
– ҉߸Խ͞Εͨύϥϝʔλ
– αʔό͕ૹ৴
ύϥϝʔλަ
Slide 12
Slide 12 text
• 5-4
– )FMMPͰ*%Λަ
• εςʔτϑϧ αʔόଆͰهԱ͢Δඞཁ
– 4FTTJPO5JDLFU&YUFOTJPO 3'$
• εςʔτϨε ҉߸Խ͞ΕͨΫοΩʔΛ
– ͲͪΒϋϯυγΣΠΫதʹฏจͰૹ৴
• 5$1ଓΛ·͙ͨϢʔβτϥοΩϯά͕Մೳ
• 5-4
– ϋϯυγΣΠΫྃޙʹUJDLFUΛ
– UJDLFU༻̍ճͷΈ
ηογϣϯ࠶։
Slide 13
Slide 13 text
• 5-4Ͱ҉߸Խ͢Δ୯Ґ
• ྫ%&"%#&&'
• UZQF
– BMFSU
– IBOETIBLF
– BQQMJDBUJPO@EBUB
Ϩίʔυ
(e.g., TCP)
TLS
type version length payload
Slide 14
Slide 14 text
%&"%#&&'
• "&"%҉߸ԽΛද͢UZQFʹมߋ
• ຊͷUZQF҉߸จͷதʹ
• ύσΟϯάҙݸͷθϩ
• "&"%҉߸
"VUIFOUJDBUFE&ODSZQUJPO
XJUI"EEJUJPOBM%BUB
Ϩίʔυ
opaque_type length payload type padding
version
AAD
Slide 15
Slide 15 text
Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
3,2 lu H 133rd ep
3,2 T 133 O K
ClientHello
(ECDH + session @cket)
Client Server
@cket + (EC)DH _
0-RTT Data
(PSK )
ServerHello (ECDH)
EncryptedExtensions
Finished
0.5-RTT Data
Finished Session Ticket
Slide 16
Slide 16 text
355 %BUB
• 14,༝དྷͷݤͰ҉߸Խ
• ऴ&OE0G&BSMZ%BUBϋϯυγΣΠΫ
ϝοηʔδͰୡ
• αʔό355ΛղಡͰ͖ͳ͍ͱ͖ɺͲ
͏͢Δ
– USJBMEFDSZQUJPO
– 355͕ղಡͰ͖ͳͯ͘ɺ&0&%ϋϯυ
γΣΠΫϝοηʔδͳͷͰղಡՄೳ
Slide 17
Slide 17 text
• ϦϓϨΠՄೳ
– ߈ܸྫۜߦৼࠐཁٻΛίϐʔͯ͠ϦϓϨΠ
• ରࡦ
– ϦϓϨΠՄೳͳ࣌ؒ෯Λݶఆ
• νέοτͷ ಡԽ͞Εͨ
BHFΛར༻
– αʔόଆͷCMPPNGJMUFSͰݕग़
• αʔό͕ෳڌʹ͔Ε͍ͯͨΒ
– ΞϓϦέʔγϣϯϓϩτίϧͰఆ
• ϦτϥΠ҆શ͡Όͳ͍ใͷॲཧɺϋϯυγΣ
ΠΫྃ·ͰԆ
355ͷ
Slide 18
Slide 18 text
• ͖ੑ͕͋ΔϦΫΤετͳ͍
– ྫ ը૾ͷ(&5
• ͖ੑͷ༗ແ8FCαʔόͰఆෆೳ
• 8FCΞϓϦʹɺ355ϦΫΤετͰ͋Δ
͜ͱΛ͑ɺఆͤ͞ΔΈ͕ඞཁ
)551WT355
HTTP
Web
CH+0RTT
POST
HTTPS FastCGI
Slide 19
Slide 19 text
• 'JOJTIFEҎલʹड৴ͨ͠ϦΫΤετΛసૹ
͢Δ߹ɺ&BSMZ%BUBϔομΛ͚ͭΔ
• αʔόͷڍಈ
– 355͘͠&%͖ͭϦΫΤετʹ͍ͭͯ
ɺ5PP&BSMZΛฦͯ͠ྑ͍
• ΫϥΠΞϯτͷڍಈ
– Λड৴ͨ͠Β'JOJTIFEૹ
৴ޙʹϦΫΤετ࠶ൃߦ
6TJOH&BSMZ%BUBJO)551
HTTP
Web
CH+0RTT
Finished
POST+E-D
HTTPS FastCGI
POST
425
Slide 20
Slide 20 text
• தܧऀͷڍಈ
– 355ϦΫΤετసૹ࣌&%Ճ
• &%͖ͭͷϦΫΤετͦͷ··సૹ
– Λड৴ͨ͠Β
• ͕ࣗ&%͚ͭͨ߹ɺ'JOJTIFEΛͬͯ࠶ൃ
ߦͯ͠ྑ͍
• ͦΕҎ֎ΫϥΠΞϯτʹૹ৴
6TJOH&BSMZ%BUBJO)551
Slide 21
Slide 21 text
• ࠷ऴہ໘ͰΤϥʔϨʔτ͕ʹ
IUUQTEBUBUSBDLFSJFUGPSHNFFUJOHNBUFSJBMTTMJEFTUMTTFTTBUMT
• ݪҼϢʔβଆͷϑΝΠΞΥʔϧ
– ྫ αʔόূ໌ॻΛݟͯݕӾ͢Δاۀ
• ·ͰՄೳ
Ͱূ໌ॻ͕҉߸Խ͞Ε͍ͯΔ
0TTJGJDBUJPO
TLS 1.2 TLS 1.3
Chrome (-18) 1.7% 7.7%
Firefox (-23?) 2.2% 3.9%
Slide 22
Slide 22 text
• 5-4ͷηογϣϯ࠶։ͬΆ͘ݟͤΔ
– ηογϣϯ࠶։Ͱূ໌ॻసૹ͠ͳ͍ͨΊ
• ِͷ4FTTJPO*%Λ)FMMPʹೖΕΔ
• ͰΘΕͳ͘ͳͬͨ$$4ϝοηʔδ
Λɺͱಉ͡λΠϛϯάͰૹ৴
• )FMMP3FUSZ3FRVFTU4FSWFS)FMMPͬΆ͘
• SBOEPNϑΟʔϧυͷϚδοΫφϯόʔͰఆ
ʮޓϞʔυʯͷࡦఆ
Slide 23
Slide 23 text
• .15$1ࡦఆ࣌ͷॾ
• 5$1'BTU0QFOͷΤϥʔϨʔτ
• ʮ5$1࠷దԽʯஔʹΑΔύϑΥʔϚϯ
εྼԽ
• 5-4ͷϨίʔυόʔδϣϯ
• (PPHMF26*$ͷzPDUFUz
ଞͷ0TTJGJDBUJPOࣄྫ
Slide 24
Slide 24 text
• 0TTJGZͯ͠ྑ͍ϑΟʔϧυΛ*OWBSJBOUTͱ
ͯ͠ఆٛ
– ྫ$POOFDUJPO*%
• ͦΕҎ֎ͷϑΟʔϧυશͯ҉߸Խɺ
ಡԽɺάϦʔγϯά
26*$WT0TTJGJDBUJPO
Slide 25
Slide 25 text
%5-4
Slide 26
Slide 26 text
&YQPSUFE"VUIFOUJDBUPST
Slide 27
Slide 27 text
• )551
– ҰʹྲྀΕΔϦΫΤετͭ
– 5-4ͷΫϥΠΞϯτೝূͰे
• )551
– ෳͷϦΫΤετ͕ಉ࣌ʹྲྀΕΔ
– ϦΫΤετ͝ͱʹҟͳΔΫϥΠΞϯτূ໌ॻ
Λ͍͍ͨ
)551ͱΫϥΠΞϯτೝূ
Slide 28
Slide 28 text
• ҟͳΔυϝΠϯͷϦΫΤετͰطଘ
ͷ)551ଓΛ͍·Θ͍ͨ͠
– ଓཱ֬࣌ؒͷॖɺ*/*5$8/%ʹറΒΕͳ
͍ॳظసૹ
• ෳͷαʔόূ໌ॻΛΫϥΠΞϯτʹૹ
Γ͍ͨ
)551ͱαʔόೝূ
Slide 29
Slide 29 text
• ෳͷূ໌ॻΛͲ͏ͬͯసૹ͢Δ͔
• ରԠ͢Δൿີݤͷอ༗ΛͲ͏ͬͯূ໌
͢Δ͔
ڞ௨ͷ՝
Slide 30
Slide 30 text
• ূ໌ॻͱͦͷॴ༗ূ໌ͷ ཁٻͱ
ૹ৴
– ૹड৴ํ๏ɺ5-4ଓ্Ͱಈ࡞͍ͯ͠ΔΞ
ϓϦέʔγϣϯϓϩτίϧʹ͓·͔ͤ
• ূ໌ॻͷૹ৴ํ๏
– 5-4ͷϋϯυγΣΠΫϝοηʔδΛ࠶ར༻
• $FSUJGJDBUF
$FSUJGJDBUF7FSJGZ
'JOJTIFE
• 5-4ଓ͔ΒΤΫεϙʔτͨ͠ൿີใΛॺ໊͢
Δ͜ͱͰೝূ
• ূ໌ॻͷཁٻํ๏
– 5-4ͷ$FSUJGJDBUF3FRVFTUϝοηʔδΛ࠶ར༻
&YQPSUFE"VUIFOUJDBUPSTJO5-4
Slide 31
Slide 31 text
• )5515$1্ʹෳͷετϦʔϜΛॏ
– छྨͷετϦʔϜ੍ޚ༻
ϦΫΤετૹड৴༻
– ετϦʔϜෳͷϑϨʔϜ͔Βߏ
• ূ໌ॻͱϦΫΤετOରԠ
• ূ໌ॻؔ࿈ͷใϑϨʔϜͰަ
4FDPOEBSZ$FSUJGJDBUF"VUIJO)551
CERTIFICATE
CERTIFICATE_REQUEST CertificateRequest
CERTIFICATE_NEEDED
?
USE_CERTIFICATE
!
Slide 32
Slide 32 text
$FSUJGJDBUF$PNQSFTTJPO
Slide 33
Slide 33 text
• 26*$
– ଓཱ֬ͱ5-4ϋϯυγΣΠΫ͕ฒߦಈ࡞
– ΞυϨεݕূࡁͰͳ͍ΫϥΠΞϯτʹαʔό
ূ໌ॻΛૹΓ͍ͨ
– ϦϑϨΫγϣϯ߈ܸʹ͑ͳ͍େ͖͞ʹѹॖ͍ͨ͠
എܠ
Slide 34
Slide 34 text
• H[JQ·ͨCSPUMJͰূ໌ॻνΣΠϯΛѹॖ
• CSPUMJͷ߹
– தԝ
– ύʔηϯλΠϧ
• ύέοτʹೖΔ֬
– ύέοτ
– ύέοτ
• ʮഒʯڐ༰Մೳͳ૿෯͔ ͳ
IUUQTEBUBUSBDLFSJFUGPSHNFFUJOHNBUFSJBMTTMJEFTUMTTFTTBDFSUJJDBUFDPNQSFTTJPO
$FSUJGJDBUF$PNQSFTTJPO
Slide 35
Slide 35 text
4/*&ODSZQUJPO
Slide 36
Slide 36 text
• %/4҉߸Խ
– %/4 PWFS 5-4
– %/4PWFS)5514 8(-BTU$BMM
• ؔ࿈ϓϩτίϧ5-4355
)551
26*$
• 4/*҉߸Խ
• ূ໌ॻ҉߸Խ 5-4
• ϢʔβτϥοΩϯάͷࢭ
– ηογϣϯνέοτͷϫϯΦϑԽ5-4
– *1ΞυϨεɺϙʔτ൪߸ͷมߋ26*$
ϓϥΠόγʔอޢͷਐঢ়گ
Slide 37
Slide 37 text
• 4/*Λ҉߸Խ
– ҉߸Խ͢ΔͨΊͷݤͷํ๏͕
• 5-4 PWFS 5-4
– ̎ॏ҉߸ԽͷΦʔόʔϔου
• BMUTWD
4FDPOEBSZ$FSUJGJDBUFTGPS)551
– )551ઐ༻
ݕ౼͞Ε͍ͯΔղܾࡦ
Slide 38
Slide 38 text
ॴײ
Slide 39
Slide 39 text
• 5-4ͷϝδϟʔόʔδϣϯΞοϓྃ
– ϝδϟʔͳ࣮ରԠࡁ
– ࠓޙपลͷඋ͕যʹ
• ϓϥΠόγʔอޢͱ0TTJGJDBUJPOରࡦॏ
ཁͳςʔϚ
ॴײ