Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TLS 1.3とその周辺の標準化動向

kazuho
April 27, 2018
Technology
0
7.3k

TLS 1.3とその周辺の標準化動向

IETF101報告会発表資料

kazuho

April 27, 2018
Tweet

More Decks by kazuho

See All by kazuho
HTTP優先度制御の今後とビデオ配信
kazuho
0
64
Encrypted SNI
kazuho
5
5.4k
Security, privacy, performance of next-generation transport protocols
kazuho
8
30k
Fastlyのプログラマから見たCDN
kazuho
29
16k

Other Decks in Technology

See All in Technology
エンジニアのためのマネジメント入門/Introduction to Management for Software Engineers
dskst
1
310
TSN(Time-Sensitive Networking)を環境構築して遊んでみた
iotengineer22
0
330
エンジニアのためのドキュメントライティング / Docs for Developers
iwashi86
22
7.5k
エンジニアのためのドキュメントライティング / Docs for Developers and Paragraph Writing
nttcom
3
420
TryToUseCloudFlareTunnel_20230317.pdf
kenichirokimura
0
170
スタートアップだからこそ考えるフロントエンドのテスト戦略
yoshinagaiwnl
4
560
ChatGPTにR言語を教えてもらう(仮)
doradora09
1
180
技育祭2023春 ちゅらデータ講演資料
foursue
1
630
マネジメント3.0モデル入門(120分版)
takufujii
11
2.7k
開発チーム内でのQAの役割
iseki
0
110
Concevoir son API pour le futur
tgalopin
0
240
売上と開発環境を同時に改善するためにPerl Webアプリケーションをどのようにリプレイスするか
masashi_sutou
0
250

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
7.2k
Build your cross-platform service in a week with App Engine
jlugia
221
17k
What's new in Ruby 2.0
geeforr
336
30k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Designing for Performance
lara
600
65k
The Art of Programming - Codeland 2020
erikaheidi
36
11k
GraphQLとの向き合い方2022年版
quramy
22
10k
Unsuck your backbone
ammeep
659
56k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k

Transcript

  1. 5-4ͱͦͷपลͷඪ४Խಈ޲
    Ԟ Ұึ
    ೥݄

    View Slide


  2. • $%/اۀʮ'BTUMZʯͷϓϩάϥϚ
    • )551࣮૷ʮ)0ʯͷओ։ൃऀ
    – QJDPUMT 5-4
    RVJDMZ 26*$
    ΋
    • ࠷ۙॳΊͯͷ3'$͕ग़·ͨ͠
    – 3'$ r &BSMZ)JOUTGPS)551
    ࣗݾ঺հ

    View Slide


  3. • 5-4
    – 6TJOH&BSMZ%BUBJO)551
    – 0TTJGJDBUJPO
    • %5-4
    • &YQPSUFE"VUIFOUJDBUPST
    – 4FDPOEBSZ $FSUJGJDBUFTGPS)551
    • $FSUJGJDBUF$PNQSFTTJPO
    • 4/*&ODSZQUJPO
    "HFOEB

    View Slide


  4. 5-4 &BSMZ%BUB 0TTJGJDBUJPO

    View Slide


  5. • ࣮࣭ 5-4
    • ESBGU
    • 4VCNJUUFEUP*&4(GPS1VCMJDBUJPO
    5-4

    View Slide


  6. • ϋϯυγΣΠΫͷ࠶ઃܭ
    – ʙ355Ͱͷ઀ଓཱ֬
    – ҉߸Խ
    – 'PSXBSE4FDSFDZ લํൿಗੑ

    • τϥοΩϯά཈ࢭ
    – 1FSWBTJWF.POJUPSJOHJTBO"UUBDL #$1

    – ϫϯΦϑͷηογϣϯνέοτ
    – ূ໌ॻͷ҉߸Խ
    • "&"%લఏͷϨίʔυϨΠϠ
    5-4ͷಛ௃

    View Slide

  7. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
    3,2 lu
    3,2 T 133 O K
    ClientHello
    ServerHello
    [email protected]ficate
    [email protected]ficateVerify
    Finished
    Client Server
    [email protected] Data
    _
    Session Ticket(s)
    Finished

    View Slide

  8. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
    3,2 lu
    3,2 T 133 O K
    ClientHello
    ServerHello
    EncryptedExtensions
    [email protected]ficate
    [email protected]ficateVerify
    Finished
    Finished
    Client Server
    (EC)DH + d
    (EC)DH
    d
    d
    d MAC
    MAC
    MAC
    [email protected] Data
    Session Ticket(s)
    (EC)DH _

    View Slide


  9. ϋϯυγΣΠΫͷߟ͑ํ
    • 5-4
    – ύϥϝʔλަ׵ͷޙʹެ։ݤɾূ໌ॻΛަ׵
    • 5-4
    – ͍͖ͳΓެ։ݤަ׵
    • ಉ࣌ʹύϥϝʔλަ׵
    • ެ։ݤͷํ͕ࣜҟͳΔ৔߹͸ϦτϥΠ
    – ݤަ׵͕ऴΘͬͨΒ҉߸Խ
    • ͦͷޙʹূ໌ॻަ׵

    View Slide


  10. • ಛघͳ4FSWFS)FMMP
    – SBOEPNϑΟʔϧυͷϚδοΫφϯόʔͰࣝผ
    • $'"%&"#&%$&ʜ
    – $MJFOU)FMMPͷ࠶ૹ৴Λཁٻ
    )FMMP3FUSZ3FRVFTU

    View Slide


  11. • $MJFOU)FMMP 4FSWFS)FMMP
    – ฏจͷύϥϝʔλ
    – ΫϥΠΞϯτ͕࠷ॳʹૹ৴ɺαʔό͕Ԡ౴
    • &ODSZQUFE&YUFOTJPOT
    – ҉߸Խ͞Εͨύϥϝʔλ
    – αʔό͕ૹ৴
    ύϥϝʔλަ׵

    View Slide


  12. • 5-4
    – )FMMPͰ*%Λަ׵
    • εςʔτϑϧ αʔόଆͰهԱ͢Δඞཁ

    – 4FTTJPO5JDLFU&YUFOTJPO 3'$

    • εςʔτϨε ҉߸Խ͞ΕͨΫοΩʔΛ഑෍

    – ͲͪΒ΋ϋϯυγΣΠΫதʹฏจͰૹ৴
    • 5$1઀ଓΛ·͙ͨϢʔβτϥοΩϯά͕Մೳ
    • 5-4
    – ϋϯυγΣΠΫ׬ྃޙʹUJDLFUΛ഑෍
    – UJDLFU࢖༻͸̍ճͷΈ
    ηογϣϯ࠶։

    View Slide


  13. • 5-4Ͱ҉߸Խ͢Δ୯Ґ
    • ྫ%&"%#&&'
    • UZQF
    – BMFSU
    – IBOETIBLF
    [email protected]
    Ϩίʔυ
    (e.g., TCP)
    TLS





    type version length payload

    View Slide


  14. %&"%#&&'
    • ͸"&"%҉߸ԽΛද͢UZQFʹมߋ
    • ຊ౰ͷUZQF͸҉߸จͷதʹ
    • ύσΟϯά͸೚ҙݸ਺ͷθϩ
    • "&"%҉߸ "VUIFOUJDBUFE&ODSZQUJPO
    XJUI"EEJUJPOBM%BUB
    Ϩίʔυ
    opaque_type length payload type padding
    version
    AAD

    View Slide

  15. Copyright (C) 2016 DeNA Co.,Ltd. All Rights Reserved.
    3,2 lu H 133rd ep
    3,2 T 133 O K
    ClientHello
    (ECDH + session @cket)
    Client Server
    @cket + (EC)DH _
    0-RTT Data
    (PSK )
    ServerHello (ECDH)
    EncryptedExtensions
    Finished
    0.5-RTT Data
    Finished Session Ticket

    View Slide


  16. 355 %BUB
    • 14,༝དྷͷݤͰ҉߸Խ
    • ऴ୺͸&OE0G&BSMZ%BUBϋϯυγΣΠΫ
    ϝοηʔδͰ఻ୡ
    • αʔό͸355ΛղಡͰ͖ͳ͍ͱ͖ɺͲ
    ͏͢Δ
    – USJBMEFDSZQUJPO
    – 355͕ղಡͰ͖ͳͯ͘΋ɺ&0&%͸ϋϯυ
    γΣΠΫϝοηʔδͳͷͰղಡՄೳ

    View Slide


  17. • ϦϓϨΠՄೳ
    – ߈ܸྫۜߦৼࠐཁٻΛίϐʔͯ͠ϦϓϨΠ
    • ରࡦ
    – ϦϓϨΠՄೳͳ࣌ؒ෯Λݶఆ
    • νέοτͷ ೉ಡԽ͞Εͨ
    BHFΛར༻
    – αʔόଆͷCMPPNGJMUFSͰݕग़
    • αʔό͕ෳ਺ڌ఺ʹ෼͔Ε͍ͯͨΒ
    – ΞϓϦέʔγϣϯϓϩτίϧͰ൑ఆ
    • ϦτϥΠ҆શ͡Όͳ͍৘ใͷॲཧ͸ɺϋϯυγΣ
    ΠΫ׬ྃ·Ͱ஗Ԇ
    355ͷ໰୊

    View Slide


  18. • ΂͖౳ੑ͕͋ΔϦΫΤετ͸໰୊ͳ͍
    – ྫ ը૾ͷ(&5
    • ΂͖౳ੑͷ༗ແ͸8FCαʔόͰ͸൑ఆෆೳ
    • 8FCΞϓϦʹɺ355ϦΫΤετͰ͋Δ
    ͜ͱΛ఻͑ɺ൑ఆͤ͞Δ࢓૊Έ͕ඞཁ
    )551WT355

    HTTP Web
    CH+0RTT
    POST
    HTTPS FastCGI

    View Slide


  19. • 'JOJTIFEҎલʹड৴ͨ͠ϦΫΤετΛసૹ
    ͢Δ৔߹͸ɺ&BSMZ%BUBϔομΛ͚ͭΔ
    • αʔόͷڍಈ
    – 355΋͘͠͸&%͖ͭϦΫΤετʹ͍ͭͯ
    ͸ɺ5PP&BSMZΛฦͯ͠΋ྑ͍
    • ΫϥΠΞϯτͷڍಈ
    – Λड৴ͨ͠Β'JOJTIFEૹ
    ৴ޙʹϦΫΤετ࠶ൃߦ
    6TJOH&BSMZ%BUBJO)551

    HTTP Web
    CH+0RTT
    Finished
    POST+E-D
    HTTPS FastCGI
    POST
    425

    View Slide


  20. • தܧऀͷڍಈ
    – 355ϦΫΤετసૹ࣌͸&%෇Ճ
    • &%͖ͭͷϦΫΤετ͸ͦͷ··సૹ
    – Λड৴ͨ͠Β
    • ࣗ෼͕&%͚ͭͨ৔߹͸ɺ'JOJTIFEΛ଴ͬͯ࠶ൃ
    ߦͯ͠΋ྑ͍
    • ͦΕҎ֎͸ΫϥΠΞϯτʹૹ৴
    6TJOH&BSMZ%BUBJO)551

    View Slide


  21. • ࠷ऴہ໘ͰΤϥʔϨʔτ͕໰୊ʹ
    IUUQTEBUBUSBDLFSJFUGPSHNFFUJOHNBUFSJBMTTMJEFTUMTTFTTBUMT
    • ݪҼϢʔβଆͷϑΝΠΞ΢Υʔϧ
    – ྫ αʔόূ໌ॻΛݟͯݕӾ͢Δاۀ޲੡඼
    • ·Ͱ͸Մೳ Ͱ͸ূ໌ॻ͕҉߸Խ͞Ε͍ͯΔ
    0TTJGJDBUJPO
    TLS 1.2 TLS 1.3
    Chrome (-18) 1.7% 7.7%
    Firefox (-23?) 2.2% 3.9%

    View Slide


  22. • 5-4ͷηογϣϯ࠶։ͬΆ͘ݟͤΔ
    – ηογϣϯ࠶։Ͱ͸ূ໌ॻసૹ͠ͳ͍ͨΊ
    • ِͷ4FTTJPO*%Λ)FMMPʹೖΕΔ
    • Ͱ͸࢖ΘΕͳ͘ͳͬͨ$$4ϝοηʔδ
    Λɺͱಉ͡λΠϛϯάͰૹ৴
    • )FMMP3FUSZ3FRVFTU͸4FSWFS)FMMPͬΆ͘
    • SBOEPNϑΟʔϧυͷϚδοΫφϯόʔͰ൑ఆ
    ʮޓ׵Ϟʔυʯͷࡦఆ

    View Slide


  23. • .15$1ࡦఆ࣌ͷॾ໰୊
    • 5$1'BTU0QFOͷΤϥʔϨʔτ
    • ʮ5$1࠷దԽʯ૷ஔʹΑΔύϑΥʔϚϯ
    εྼԽ
    • 5-4ͷϨίʔυόʔδϣϯ
    • (PPHMF26*$ͷzPDUFUz໰୊
    ଞͷ0TTJGJDBUJPOࣄྫ

    View Slide


  24. • 0TTJGZͯ͠ྑ͍ϑΟʔϧυΛ*OWBSJBOUTͱ
    ͯ͠ఆٛ
    – ྫ$POOFDUJPO*%
    • ͦΕҎ֎ͷϑΟʔϧυ͸શͯ҉߸Խɺ೉
    ಡԽɺάϦʔγϯά
    26*$WT0TTJGJDBUJPO

    View Slide


  25. %5-4

    View Slide


  26. &YQPSUFE"VUIFOUJDBUPST

    View Slide


  27. • )551
    – Ұ౓ʹྲྀΕΔϦΫΤετ͸ͭ
    – 5-4ͷΫϥΠΞϯτೝূͰे෼
    • )551
    – ෳ਺ͷϦΫΤετ͕ಉ࣌ʹྲྀΕΔ
    – ϦΫΤετ͝ͱʹҟͳΔΫϥΠΞϯτূ໌ॻ
    Λ࢖͍͍ͨ
    )551ͱΫϥΠΞϯτೝূ

    View Slide


  28. • ҟͳΔυϝΠϯ΁ͷϦΫΤετͰ΋طଘ
    ͷ)551઀ଓΛ࢖͍·Θ͍ͨ͠
    – ઀ଓཱ֬࣌ؒͷ୹ॖɺ*/*5$8/%ʹറΒΕͳ
    ͍ॳظసૹ଎౓
    • ෳ਺ͷαʔόূ໌ॻΛΫϥΠΞϯτʹૹ
    Γ͍ͨ
    )551ͱαʔόೝূ

    View Slide


  29. • ෳ਺ͷূ໌ॻΛͲ͏΍ͬͯసૹ͢Δ͔
    • ରԠ͢Δൿີݤͷอ༗ΛͲ͏΍ͬͯূ໌
    ͢Δ͔
    ڞ௨ͷ՝୊

    View Slide


  30. • ূ໌ॻͱͦͷॴ༗ূ໌ͷ ཁٻͱ
    ૹ৴
    – ૹड৴ํ๏͸ɺ5-4઀ଓ্Ͱಈ࡞͍ͯ͠ΔΞ
    ϓϦέʔγϣϯϓϩτίϧʹ͓·͔ͤ
    • ূ໌ॻͷૹ৴ํ๏
    – 5-4ͷϋϯυγΣΠΫϝοηʔδΛ࠶ར༻
    • $FSUJGJDBUF $FSUJGJDBUF7FSJGZ 'JOJTIFE
    • 5-4઀ଓ͔ΒΤΫεϙʔτͨ͠ൿີ৘ใΛॺ໊͢
    Δ͜ͱͰೝূ
    • ূ໌ॻͷཁٻํ๏
    – 5-4ͷ$FSUJGJDBUF3FRVFTUϝοηʔδΛ࠶ར༻
    &YQPSUFE"VUIFOUJDBUPSTJO5-4

    View Slide


  31. • )551͸5$1্ʹෳ਺ͷετϦʔϜΛॏ৞
    – छྨͷετϦʔϜ੍ޚ༻ ϦΫΤετૹड৴༻
    – ετϦʔϜ͸ෳ਺ͷϑϨʔϜ͔Βߏ੒
    • ূ໌ॻͱϦΫΤετ͸OରԠ
    • ূ໌ॻؔ࿈ͷ৘ใ͸ϑϨʔϜͰަ׵
    4FDPOEBSZ$FSUJGJDBUF"VUIJO)551

    CERTIFICATE

    CERTIFICATE_REQUEST CertificateRequest
    CERTIFICATE_NEEDED ?
    USE_CERTIFICATE !

    View Slide


  32. $FSUJGJDBUF$PNQSFTTJPO

    View Slide


  33. • 26*$
    – ઀ଓཱ֬ͱ5-4ϋϯυγΣΠΫ͕ฒߦಈ࡞
    – ΞυϨεݕূࡁͰͳ͍ΫϥΠΞϯτʹαʔό
    ূ໌ॻΛૹΓ͍ͨ
    – ϦϑϨΫγϣϯ߈ܸʹ࢖͑ͳ͍େ͖͞ʹѹॖ͍ͨ͠
    എܠ

    View Slide


  34. • H[JQ·ͨ͸CSPUMJͰূ໌ॻνΣΠϯΛѹॖ
    • CSPUMJͷ৔߹
    – தԝ஋
    – ύʔηϯλΠϧ
    • ύέοτʹೖΔ֬཰
    – ύέοτ
    – ύέοτ
    • ʮഒʯ͸ڐ༰Մೳͳ૿෯཰͔ ͳ
    IUUQTEBUBUSBDLFSJFUGPSHNFFUJOHNBUFSJBMTTMJEFTUMTTFTTBDFSUJJDBUFDPNQSFTTJPO
    $FSUJGJDBUF$PNQSFTTJPO

    View Slide


  35. 4/*&ODSZQUJPO

    View Slide


  36. • %/4҉߸Խ
    – %/4 PWFS 5-4

    – %/4PWFS)5514 8(-BTU$BMM

    • ؔ࿈ϓϩτίϧ5-4355 )551 26*$
    • 4/*҉߸Խ
    • ূ໌ॻ҉߸Խ 5-4
    • ϢʔβτϥοΩϯάͷ཈ࢭ
    – ηογϣϯνέοτͷϫϯΦϑԽ5-4
    – *1ΞυϨεɺϙʔτ൪߸ͷมߋ26*$
    ϓϥΠόγʔอޢͷਐ௙ঢ়گ

    View Slide


  37. • 4/*Λ҉߸Խ
    – ҉߸Խ͢ΔͨΊͷݤͷ഑෍ํ๏͕໰୊
    • 5-4 PWFS 5-4
    – ̎ॏ҉߸ԽͷΦʔόʔϔου
    • BMUTWD 4FDPOEBSZ$FSUJGJDBUFTGPS)551
    – )551ઐ༻
    ݕ౼͞Ε͍ͯΔղܾࡦ

    View Slide


  38. ॴײ

    View Slide


  39. • 5-4ͷϝδϟʔόʔδϣϯΞοϓ͸׬ྃ
    – ϝδϟʔͳ࣮૷΋ରԠࡁ
    – ࠓޙ͸पลͷ੔උ͕য఺ʹ
    • ϓϥΠόγʔอޢͱ0TTJGJDBUJPOରࡦ͸ॏ
    ཁͳςʔϚ
    ॴײ

    View Slide