Upgrade to Pro — share decks privately, control downloads, hide ads and more …

『プロフェッショナルSSL/TLS』読書会 第3章資料

sylph01
June 23, 2017

『プロフェッショナルSSL/TLS』読書会 第3章資料

sylph01

June 23, 2017
Tweet

More Decks by sylph01

Other Decks in Technology

Transcript

  1. RA (ొ࿥ہ, Registration Authority) ূ໌ॻͷൃߦʹؔ࿈ͨ͠ϚωδϝϯτΛߦ͏ɻূ໌ॻॴ༗ऀͷຊ ਓ֬ೝ౳ɻ CA (ೝূہ, Certification Authority)

    ূ໌ॻͷൃߦΛߦ͏ओମɻূ໌ॻͷࣦޮ৘ใΛΦϯϥΠϯͰఏڙ ͢Δ໾ׂ΋͋Δɻ ࣮ࡍ͸CAͷଟ͕͘RAͷ໾ׂ΋Ռ͍ͨͯ͠Δɻ
  2. 3.2 ূ໌ॻͷඪ४ • X.509ʢσΟϨΫτϦαʔϏε޲͚ʹઃܭ͞Εͨެ։伴ج൫ͷඪ ४ʣˠPKIX WGʹΑΔΠϯλʔωοτ޲͚ͷඪ४Խ: RFC 5280 • ূ໌ॻͷϑΥʔϚοτɺ৴པύεɺCRL

    • CA/Browser Forum: ূ໌ॻͷൃߦ/ॲཧͷඪ४ԽΛߦ͏CAͱϒϥ ΢βϕϯμʔΒʹΑΔஂମ • Baseline Requirements: CA͕ै͏͜ͱ͕ٻΊΒΕΔূ໌ॻൃߦ ͷج४ • IETF Web PKI WG
  3. 3.3 ূ໌ॻ 3.3.1 ূ໌ॻͷϑΟʔϧυ ࣮ࡍʹূ໌ॻΛऔಘͯ͠ΈΔɻ $ openssl s_client -showcerts -connect

    google.com:443 (ϋϯυγΣΠΫ·Ͱཱ֬ͨ͠ΒCtrl-CͰதஅ͢Δ) -----BEGIN CERTIFICATE----- Ͱ࢝·ͬͯ -----END CERTIFICATE----- ͰऴΘΔͷ͕1ͭͷূ໌ॻɻ ࠷ॳͷմΛASN.1ͷΦϯϥΠϯσίʔμʔʹ͔͚Δɻ
  4. 3.3 ূ໌ॻ 3.3.1 ূ໌ॻͷϑΟʔϧυ • Version: [0] (1 elem) ->

    INTEGER 2 • Serial Number: INTEGER (63 bit) 5123627332963584822 • Signature Algorithm • ࣍ͷSEQUENCEͷத਎ɻOBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
  5. 3.3 ূ໌ॻ 3.3.1 ূ໌ॻͷϑΟʔϧυ • Issuer • ͦͷ࣍ͷSEQUENCE (3 elem)ͷத਎

    • /C=US/O=Google Inc/CN=Google Internet Authority G2 ͱදه͞ΕΔ
  6. 3.3 ূ໌ॻ 3.3.1 ূ໌ॻͷϑΟʔϧυ • Validity • ։࢝೔࣌ 2017-05-03 08:56:04

    UTC • ऴྃ೔࣌ 2017-07-26 08:42:00 UTC • Subject • /C=US/ST=California/L=Mountain View/O=Google Inc/ CN=*.google.com
  7. 3.3 ূ໌ॻ 3.3.1 ূ໌ॻͷϑΟʔϧυ • PublicKey • ΞϧΰϦζϜ : rsaEncryption

    (PKCS #1) • ͦͷ͋ͱʹެ։伴͕ೖ͍ͬͯΔ • RSA҉߸ʹ͓͚Δ ͷϖΞͷ͏ͪɺ࠷ॳͷ௕͍ͷ͕2ͭͷ ૉ਺ͷੵ ɺͰ΋͏ยํ͕ ʢ3͔65537͕ଟ͍ʣ • Ͱ ͕ൿີ伴
  8. 3.3 ূ໌ॻ 3.3.2 ূ໌ॻͷ֦ு [3]ҎԼʹೖ͍ͬͯΔSEQUENCE͕ͦΕɻ • Extended Key Usage •

    serverAuth, clientAuth͕ೖ͍ͬͯΔɻίʔυαΠχϯά༻ ূ໌ॻͩͱcodeSigning͕ೖ͍ͬͯΔɻ • ຊདྷΤϯυΤϯςΟςΟ༻ূ໌ॻʹͷΈ࢖ΘΕΔ΂͖ͱ͞Ε ͍ͯΔ͕(@RFC 5280)ɺ࣮ࡍ͸தؒCAূ໌ॻ͕ൃߦͨ͠ূ໌ ॻʹରͯ͠࢖ΘΕ͍ͯΔɻ
  9. 3.3 ূ໌ॻ 3.3.2 ূ໌ॻͷ֦ு • Subject Alternative Name • Ҏલ͸SubjectͷCNཁૉͷϗετ໊Λ࢖͍͕ͬͯͨɺSAN֦ு

    ʹΑͬͯ: • ෳ਺ͷओମʹର͢Δূ໌ॻΛ1ͭʹ·ͱΊΒΕΔ • DNS໊/IPΞυϨε/URIͰओମΛදݱͰ͖Δ • GoogleͷྫͰ͸ccTLDҧ͍΍ؔ࿈͢ΔυϝΠϯ΋ฒΜͰ͍Δ
  10. 3.3 ূ໌ॻ 3.3.2 ূ໌ॻͷ֦ு • Authority Information Access • ocsp:

    OCSPϨεϙϯμͷ৔ॴ • caIssuers: CAͷূ໌ॻͷ৔ॴ
  11. ྫ authorityInfoAccessͷcaIssuers͔ΒCAূ໌ॻΛऔΔɻ $ wget http://pki.google.com/GIAG2.crt $ openssl x509 -in GIAG2.crt

    -inform DER -out GIAG2.pem -outform PEM ͱͯ͠ಘΒΕͨPEMΛσίʔμʔʹ͔͚Δɻ • ূ໌ॻͷAKI: 4ADD06161BBCF668B576F581B6BB621ABA5A812F • CAূ໌ॻͷSKI: 4ADD06161BBCF668B576F581B6BB621ABA5A812F Ұகͨ͠ʂ
  12. 3.3 ূ໌ॻ 3.3.2 ূ໌ॻͷ֦ு • Certificate Policies • ϙϦγʔ͕ೖ͍ͬͯΔ •

    OIDͱݶఆࢠ͕ೖ͍ͬͯΔ…͕͜͜Ͱ͸ݶఆࢠ͸ೖ͍ͬͯͳ ͍ɻ • Baseline RequirementsʹΑΔͱඞͣ1ͭ͸ඞཁ
  13. Let's EncryptͰऔͬͨূ໌ॻΛݟͯΈͨΒ • http:/ /cps.letsencrypt.org ͱ͍͏URLͱ • "This Certificate may

    only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https:/ / letsencrypt.org/repository" ͱॻ͍ͯ͋Δ
  14. 3.3 ূ໌ॻ 3.3.2 ূ໌ॻͷ֦ு • CRL Distribution Points • Certificate

    Revocation List(ূ໌ॻࣦޮϦετ)ͷ৔ॴΛࣔ͢ͷʹ ࢖ΘΕΔɻ • Baseline RequirementsʹΑΔͱCRL΋͘͠͸OCSPͷͲͪΒ͔ Ͱࣦޮ৘ใΛࣔ͢ඞཁ͕͋Δɻ • ͦ͏͍͑͹͜ͷূ໌ॻʹ͸Name Constraints͸ೖͬͯͳ͔ͬͨɻ
  15. 3.5 ূ໌ॻར༻ऀ ChromeͷRoot Certificate Policy ʹΑΔͱ: • "EV-Qualified"ͳroot certificateͷҰཡΛϋʔυίʔυͯ࣋ͬͯ͠ ͍Δ

    • EVূ໌ॻ͸Certificate TransparencyΛཁٻ • OSͷroot certificate listʹ͋Δূ໌ॻͷdistrustΛ͢ΔݖརΛ Chromeଆ͕อ࣋ʹϒϥοΫϦετΛ͍࣋ͬͯΔ
  16. 3.7 ূ໌ॻͷϥΠϑαΠΫϧ • ূ໌ॻॴ༗ऀ͕CSR(Certificate Signing Request)Λ༻ҙɺͦΕΛ͍ ͣΕ͔ͷCAʹૹ৴ • CSR: ؔ࿈͢Δެ։伴Λ֨ೲɺରԠ͢Δൿີ伴Λ͍࣋ͬͯΔ͜

    ͱΛॺ໊Λར༻ͯࣔ͢͠ • CA͕ূ໌ॻͷݕূΛߦ͏ • ূ໌ॻΛൃߦɻϧʔτCAূ໌ॻʹͨͲΓண͘ͷʹඞཁͳதؒCA ূ໌ॻ΋ൃߦɻ • ظݶ੾Ε·Ͱ࢖͑Δɻظݶ͕੾ΕͨΒҰ͔Β΍Γ௚͢ɻ
  17. 3.7 ূ໌ॻͷϥΠϑαΠΫϧ • DVূ໌ॻ(Domain Validation) • υϝΠϯͷॴ༗ͷΈΛ֬ೝ͢Δɻ • OVূ໌ॻ(Organization Validation)

    • ૊৫ͷ࣮ࡏੑɾຊਓੑূ໌͕ೖΔɻ • EVূ໌ॻ(Extended Validation) • OVূ໌ॻͷݕূΛΑΓݫ֨ʹͨ͠΋ͷɻURLόʔʹاۀ໊͕ ग़ͯ͘Δɻ
  18. 3.8 ࣦޮ OCSP(Online Certificate Status Protocol) ୯Ұͷূ໌ॻͷࣦޮঢ়ଶΛূ໌ॻར༻ऀ͕औಘͰ͖ΔΑ͏ʹ͢Δ ࢓૊ΈɻOCSPαʔόͷ͜ͱΛOCSPϨεϙϯμͱݺͿɻOCSPϨε ϙϯμͷҐஔ͸Authority Information

    Access֦ுʹॻ͔ΕΔɻ ύϑΥʔϚϯεͷ໰୊: ຖճ໰͍߹ΘͤΔͱϨΠςϯγ͠ΜͲ͍ɻ ϓϥΠόγʔͷ໰୊: OCSPϨεϙϯμ΁ͷ௨৴ݟͨΒͲͷূ໌ॻ࢖ ͓͏ͱͯ͠Δ͔Θ͔ͬͪΌ͏ɻ →OCSPεςʔϓϦϯάͰղܾΛ໨ࢦ͢ɻ
  19. 3.11 ΤίγεςϜͷ؍ଌ Internet SSL Survey 2010, The EFF SSL Observatory

    ͳͲɺPKIΤίγ εςϜͷεΩϟχϯάɾϞχλϦϯάʹؔ͢Δ࿩ɻ ஌ΒΕͯͳ͔ͬͨࣄ࣮ͱͯ͠ɺCA͕ϓϥΠϕʔτIPΞυϨε޲͚ͷ ূ໌ॻ΍׬શम০Ͱͳ͍υϝΠϯ໊޲͚ͷূ໌ॻΛൃߦ͍ͯͨ͠ ࣄ࣮ͳͲ͕Θ͔ͬͨɻ