TLS 1.3とその周辺の標準化動向

A1f8ed12fefd7759ef8838e62ee409a6?s=47 kazuho
April 27, 2018

TLS 1.3とその周辺の標準化動向

IETF101報告会発表資料

A1f8ed12fefd7759ef8838e62ee409a6?s=128

kazuho

April 27, 2018
Tweet

Transcript

  1. 5-4ͱͦͷपลͷඪ४Խಈ޲ Ԟ Ұึ ೥݄

  2.  • $%/اۀʮ'BTUMZʯͷϓϩάϥϚ • )551࣮૷ʮ)0ʯͷओ։ൃऀ – QJDPUMT 5-4 RVJDMZ 26*$

    ΋ • ࠷ۙॳΊͯͷ3'$͕ग़·ͨ͠ – 3'$  r &BSMZ)JOUTGPS)551 ࣗݾ঺հ
  3.  • 5-4 – 6TJOH&BSMZ%BUBJO)551 – 0TTJGJDBUJPO • %5-4 

    • &YQPSUFE"VUIFOUJDBUPST – 4FDPOEBSZ $FSUJGJDBUFTGPS)551 • $FSUJGJDBUF$PNQSFTTJPO • 4/*&ODSZQUJPO "HFOEB
  4.  5-4 &BSMZ%BUB 0TTJGJDBUJPO

  5.  • ࣮࣭ 5-4 • ESBGU • 4VCNJUUFEUP*&4(GPS1VCMJDBUJPO 5-4

  6.  • ϋϯυγΣΠΫͷ࠶ઃܭ – ʙ355Ͱͷ઀ଓཱ֬ – ҉߸Խ – 'PSXBSE4FDSFDZ લํൿಗੑ

    • τϥοΩϯά཈ࢭ – 1FSWBTJWF.POJUPSJOHJTBO"UUBDL #$1  – ϫϯΦϑͷηογϣϯνέοτ – ূ໌ॻͷ҉߸Խ • "&"%લఏͷϨίʔυϨΠϠ 5-4ͷಛ௃
  7. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved. 3,2 lu

    3,2 T 133 O K ClientHello ServerHello Cer@ficate Cer@ficateVerify Finished Client Server Applica@on Data _ Session Ticket(s) Finished
  8. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved. 3,2 lu

    3,2 T 133 O K ClientHello ServerHello EncryptedExtensions Cer@ficate Cer@ficateVerify Finished Finished Client Server (EC)DH + d (EC)DH d d d MAC MAC MAC Applica@on Data Session Ticket(s) (EC)DH _
  9.  ϋϯυγΣΠΫͷߟ͑ํ • 5-4 – ύϥϝʔλަ׵ͷޙʹެ։ݤɾূ໌ॻΛަ׵ • 5-4  –

    ͍͖ͳΓެ։ݤަ׵ • ಉ࣌ʹύϥϝʔλަ׵ • ެ։ݤͷํ͕ࣜҟͳΔ৔߹͸ϦτϥΠ – ݤަ׵͕ऴΘͬͨΒ҉߸Խ • ͦͷޙʹূ໌ॻަ׵
  10.  • ಛघͳ4FSWFS)FMMP – SBOEPNϑΟʔϧυͷϚδοΫφϯόʔͰࣝผ • $'"%&"#&%$&ʜ – $MJFOU)FMMPͷ࠶ૹ৴Λཁٻ )FMMP3FUSZ3FRVFTU

  11.  • $MJFOU)FMMP 4FSWFS)FMMP – ฏจͷύϥϝʔλ – ΫϥΠΞϯτ͕࠷ॳʹૹ৴ɺαʔό͕Ԡ౴ • &ODSZQUFE&YUFOTJPOT

    – ҉߸Խ͞Εͨύϥϝʔλ – αʔό͕ૹ৴ ύϥϝʔλަ׵
  12.  • 5-4 – )FMMPͰ*%Λަ׵ • εςʔτϑϧ αʔόଆͰهԱ͢Δඞཁ – 4FTTJPO5JDLFU&YUFOTJPO

    3'$ • εςʔτϨε ҉߸Խ͞ΕͨΫοΩʔΛ഑෍ – ͲͪΒ΋ϋϯυγΣΠΫதʹฏจͰૹ৴ • 5$1઀ଓΛ·͙ͨϢʔβτϥοΩϯά͕Մೳ • 5-4  – ϋϯυγΣΠΫ׬ྃޙʹUJDLFUΛ഑෍ – UJDLFU࢖༻͸̍ճͷΈ ηογϣϯ࠶։
  13.  • 5-4Ͱ҉߸Խ͢Δ୯Ґ • ྫ%&"%#&&' • UZQF – BMFSU –

    IBOETIBLF –  BQQMJDBUJPO@EBUB Ϩίʔυ  (e.g., TCP) TLS      type version length payload
  14.  %&"%#&&'  • ͸"&"%҉߸ԽΛද͢UZQFʹมߋ • ຊ౰ͷUZQF͸҉߸จͷதʹ • ύσΟϯά͸೚ҙݸ਺ͷθϩ •

    "&"%҉߸ "VUIFOUJDBUFE&ODSZQUJPO XJUI"EEJUJPOBM%BUB Ϩίʔυ opaque_type length payload type padding version AAD 
  15. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved. 3,2 lu

    H 133rd ep 3,2 T 133 O K ClientHello (ECDH + session @cket) Client Server @cket + (EC)DH _ 0-RTT Data (PSK ) ServerHello (ECDH) EncryptedExtensions Finished 0.5-RTT Data Finished Session Ticket
  16.  355 %BUB • 14,༝དྷͷݤͰ҉߸Խ • ऴ୺͸&OE0G&BSMZ%BUBϋϯυγΣΠΫ ϝοηʔδͰ఻ୡ • αʔό͸355ΛղಡͰ͖ͳ͍ͱ͖ɺͲ

    ͏͢Δ – USJBMEFDSZQUJPO – 355͕ղಡͰ͖ͳͯ͘΋ɺ&0&%͸ϋϯυ γΣΠΫϝοηʔδͳͷͰղಡՄೳ
  17.  • ϦϓϨΠՄೳ – ߈ܸྫۜߦৼࠐཁٻΛίϐʔͯ͠ϦϓϨΠ • ରࡦ – ϦϓϨΠՄೳͳ࣌ؒ෯Λݶఆ •

    νέοτͷ ೉ಡԽ͞Εͨ BHFΛར༻ – αʔόଆͷCMPPNGJMUFSͰݕग़ • αʔό͕ෳ਺ڌ఺ʹ෼͔Ε͍ͯͨΒ – ΞϓϦέʔγϣϯϓϩτίϧͰ൑ఆ • ϦτϥΠ҆શ͡Όͳ͍৘ใͷॲཧ͸ɺϋϯυγΣ ΠΫ׬ྃ·Ͱ஗Ԇ 355ͷ໰୊
  18.  • ΂͖౳ੑ͕͋ΔϦΫΤετ͸໰୊ͳ͍ – ྫ ը૾ͷ(&5 • ΂͖౳ੑͷ༗ແ͸8FCαʔόͰ͸൑ఆෆೳ • 8FCΞϓϦʹɺ355ϦΫΤετͰ͋Δ

    ͜ͱΛ఻͑ɺ൑ఆͤ͞Δ࢓૊Έ͕ඞཁ )551WT355   HTTP  Web CH+0RTT POST HTTPS FastCGI
  19.  • 'JOJTIFEҎલʹड৴ͨ͠ϦΫΤετΛసૹ ͢Δ৔߹͸ɺ&BSMZ%BUBϔομΛ͚ͭΔ • αʔόͷڍಈ – 355΋͘͠͸&%͖ͭϦΫΤετʹ͍ͭͯ ͸ɺ5PP&BSMZΛฦͯ͠΋ྑ͍ •

    ΫϥΠΞϯτͷڍಈ – Λड৴ͨ͠Β'JOJTIFEૹ ৴ޙʹϦΫΤετ࠶ൃߦ 6TJOH&BSMZ%BUBJO)551   HTTP  Web CH+0RTT Finished POST+E-D HTTPS FastCGI POST 425
  20.  • தܧऀͷڍಈ – 355ϦΫΤετసૹ࣌͸&%෇Ճ • &%͖ͭͷϦΫΤετ͸ͦͷ··సૹ – Λड৴ͨ͠Β •

    ࣗ෼͕&%͚ͭͨ৔߹͸ɺ'JOJTIFEΛ଴ͬͯ࠶ൃ ߦͯ͠΋ྑ͍ • ͦΕҎ֎͸ΫϥΠΞϯτʹૹ৴ 6TJOH&BSMZ%BUBJO)551
  21.  • ࠷ऴہ໘ͰΤϥʔϨʔτ͕໰୊ʹ IUUQTEBUBUSBDLFSJFUGPSHNFFUJOHNBUFSJBMTTMJEFTUMTTFTTBUMT • ݪҼϢʔβଆͷϑΝΠΞ΢Υʔϧ – ྫ αʔόূ໌ॻΛݟͯݕӾ͢Δاۀ޲੡඼ •

    ·Ͱ͸Մೳ Ͱ͸ূ໌ॻ͕҉߸Խ͞Ε͍ͯΔ 0TTJGJDBUJPO TLS 1.2 TLS 1.3 Chrome (-18) 1.7% 7.7% Firefox (-23?) 2.2% 3.9%
  22.  • 5-4ͷηογϣϯ࠶։ͬΆ͘ݟͤΔ – ηογϣϯ࠶։Ͱ͸ূ໌ॻసૹ͠ͳ͍ͨΊ • ِͷ4FTTJPO*%Λ)FMMPʹೖΕΔ • Ͱ͸࢖ΘΕͳ͘ͳͬͨ$$4ϝοηʔδ Λɺͱಉ͡λΠϛϯάͰૹ৴

    • )FMMP3FUSZ3FRVFTU͸4FSWFS)FMMPͬΆ͘ • SBOEPNϑΟʔϧυͷϚδοΫφϯόʔͰ൑ఆ ʮޓ׵Ϟʔυʯͷࡦఆ
  23.  • .15$1ࡦఆ࣌ͷॾ໰୊ • 5$1'BTU0QFOͷΤϥʔϨʔτ • ʮ5$1࠷దԽʯ૷ஔʹΑΔύϑΥʔϚϯ εྼԽ • 5-4ͷϨίʔυόʔδϣϯ

    • (PPHMF26*$ͷzPDUFUz໰୊ ଞͷ0TTJGJDBUJPOࣄྫ
  24.  • 0TTJGZͯ͠ྑ͍ϑΟʔϧυΛ*OWBSJBOUTͱ ͯ͠ఆٛ – ྫ$POOFDUJPO*% • ͦΕҎ֎ͷϑΟʔϧυ͸શͯ҉߸Խɺ೉ ಡԽɺάϦʔγϯά 26*$WT0TTJGJDBUJPO

  25.  %5-4

  26.  &YQPSUFE"VUIFOUJDBUPST

  27.  • )551 – Ұ౓ʹྲྀΕΔϦΫΤετ͸ͭ – 5-4ͷΫϥΠΞϯτೝূͰे෼ • )551 –

    ෳ਺ͷϦΫΤετ͕ಉ࣌ʹྲྀΕΔ – ϦΫΤετ͝ͱʹҟͳΔΫϥΠΞϯτূ໌ॻ Λ࢖͍͍ͨ )551ͱΫϥΠΞϯτೝূ
  28.  • ҟͳΔυϝΠϯ΁ͷϦΫΤετͰ΋طଘ ͷ)551઀ଓΛ࢖͍·Θ͍ͨ͠ – ઀ଓཱ֬࣌ؒͷ୹ॖɺ*/*5$8/%ʹറΒΕͳ ͍ॳظసૹ଎౓ • ෳ਺ͷαʔόূ໌ॻΛΫϥΠΞϯτʹૹ Γ͍ͨ

    )551ͱαʔόೝূ
  29.  • ෳ਺ͷূ໌ॻΛͲ͏΍ͬͯసૹ͢Δ͔ • ରԠ͢Δൿີݤͷอ༗ΛͲ͏΍ͬͯূ໌ ͢Δ͔ ڞ௨ͷ՝୊

  30.  • ূ໌ॻͱͦͷॴ༗ূ໌ͷ ཁٻͱ ૹ৴ – ૹड৴ํ๏͸ɺ5-4઀ଓ্Ͱಈ࡞͍ͯ͠ΔΞ ϓϦέʔγϣϯϓϩτίϧʹ͓·͔ͤ • ূ໌ॻͷૹ৴ํ๏

    – 5-4ͷϋϯυγΣΠΫϝοηʔδΛ࠶ར༻ • $FSUJGJDBUF $FSUJGJDBUF7FSJGZ 'JOJTIFE • 5-4઀ଓ͔ΒΤΫεϙʔτͨ͠ൿີ৘ใΛॺ໊͢ Δ͜ͱͰೝূ • ূ໌ॻͷཁٻํ๏ – 5-4ͷ$FSUJGJDBUF3FRVFTUϝοηʔδΛ࠶ར༻ &YQPSUFE"VUIFOUJDBUPSTJO5-4
  31.  • )551͸5$1্ʹෳ਺ͷετϦʔϜΛॏ৞ – छྨͷετϦʔϜ੍ޚ༻ ϦΫΤετૹड৴༻ – ετϦʔϜ͸ෳ਺ͷϑϨʔϜ͔Βߏ੒ • ূ໌ॻͱϦΫΤετ͸OରԠ

    • ূ໌ॻؔ࿈ͷ৘ใ͸ϑϨʔϜͰަ׵ 4FDPOEBSZ$FSUJGJDBUF"VUIJO)551   CERTIFICATE   CERTIFICATE_REQUEST CertificateRequest CERTIFICATE_NEEDED  ? USE_CERTIFICATE  !
  32.  $FSUJGJDBUF$PNQSFTTJPO

  33.  • 26*$ – ઀ଓཱ֬ͱ5-4ϋϯυγΣΠΫ͕ฒߦಈ࡞ – ΞυϨεݕূࡁͰͳ͍ΫϥΠΞϯτʹαʔό ূ໌ॻΛૹΓ͍ͨ – ϦϑϨΫγϣϯ߈ܸʹ࢖͑ͳ͍େ͖͞ʹѹॖ͍ͨ͠

    എܠ
  34.  • H[JQ·ͨ͸CSPUMJͰূ໌ॻνΣΠϯΛѹॖ • CSPUMJͷ৔߹ – தԝ஋ – ύʔηϯλΠϧ •

    ύέοτʹೖΔ֬཰ – ύέοτ – ύέοτ • ʮഒʯ͸ڐ༰Մೳͳ૿෯཰͔ ͳ IUUQTEBUBUSBDLFSJFUGPSHNFFUJOHNBUFSJBMTTMJEFTUMTTFTTBDFSUJJDBUFDPNQSFTTJPO $FSUJGJDBUF$PNQSFTTJPO
  35.  4/*&ODSZQUJPO

  36.  • %/4҉߸Խ – %/4 PWFS 5-4  – %/4PWFS)5514

    8(-BTU$BMM • ؔ࿈ϓϩτίϧ5-4355 )551 26*$ • 4/*҉߸Խ • ূ໌ॻ҉߸Խ 5-4  • ϢʔβτϥοΩϯάͷ཈ࢭ – ηογϣϯνέοτͷϫϯΦϑԽ5-4 – *1ΞυϨεɺϙʔτ൪߸ͷมߋ26*$ ϓϥΠόγʔอޢͷਐ௙ঢ়گ
  37.  • 4/*Λ҉߸Խ – ҉߸Խ͢ΔͨΊͷݤͷ഑෍ํ๏͕໰୊ • 5-4 PWFS 5-4 –

    ̎ॏ҉߸ԽͷΦʔόʔϔου • BMUTWD 4FDPOEBSZ$FSUJGJDBUFTGPS)551 – )551ઐ༻ ݕ౼͞Ε͍ͯΔղܾࡦ
  38.  ॴײ

  39.  • 5-4ͷϝδϟʔόʔδϣϯΞοϓ͸׬ྃ – ϝδϟʔͳ࣮૷΋ରԠࡁ – ࠓޙ͸पลͷ੔උ͕য఺ʹ • ϓϥΠόγʔอޢͱ0TTJGJDBUJPOରࡦ͸ॏ ཁͳςʔϚ

    ॴײ