運用の観点から見たTLSプロトコルの動き

ӡ༻ͷ؍఺͔Βݟͨ 5-4ϓϩτίϧͷಈ͖ *OUFSOFU8FFL ೥݄೔ େ௡ൟथ Ϡϑʔגࣜձࣾ ஌Βͳ͍ͱࠔΔʁʂೝূہͱ)5514ͷ࠷৽ٕज़ಈ޲

ࣗݾ঺հ w Ϡϑʔגࣜձࣾ$%/νʔϜॴଐɺ*&5'ඪ४ԽࢀՃɺࠇ ଳʢωοτϫʔΫɾηΩϡϦςΟʣ w /PEFKTίϛολʔUMT DSZQUPपΓͷ࣮૷ɺηΩϡϦςΟ νʔϜॴଐ Ϡϑʔגࣜձࣾ044σϕϩούʔೝఆऀ

ຊ೔ͷ಺༰ ࠓޙͷ)5514αʔϏεӡ༻Ͱ஌͓ͬͯ͘΂͖5-4ϓϩτίϧͷݱঢ় ͷ՝୊ͱ࠷৽ಈ޲ʹ͍ͭͯղઆ͠·͢ɻ͜Μͳٙ໰ʹ͓౴͑͠·͢ɻ w ͳͥશ෦)5514ʹ͠ͳ͍ͱ͍͚ͳ͍ͷʁ w ͏ͪγϚϯςοΫͷূ໌ॻ࢖͍ͬͯΔ͚ͲɺͲ͏ͳͬͪΌ͏ͷʁ w ͏ͪͷ)5514αʔόɺ͜ͷ··ͷઃఆͰ์͓͓͍ͬͯͯେৎ෉ʁ 1.
Ͳ͏ͯ͠HTTPSʹ͠ͳ͍ͱ͍͚ͳ͍ͷ͔ɻ 2. ৴པੑͷཁɺτϥετΞϯΧʔΛΊ͙Δಈ͖(ೝূہରϒϥ΢βϕϯμʔ)ɻ 3. ࠓޙTLS1.0ΛͲ͏ͨ͠Β͍͍ͷ͔ɻ 4. ҉߸ํࣜͷSPOFղফʹ޲͚ͯ(ඇNIST҉߸ͷಛ௃)ɻ 5. TLS1.3ͰͲ͏มΘΔͷ͔ɻ 6. QUICɺ଱ྔࢠ҉߸Λݟਾ͑ͯɻ

Ϣʔβʔʢ͓٬༷ʣ 04ɾϒϥ΢βϕϯμʔ 5-4ΫϥΠΞϯτ։ൃऀ ೝূہ 8FCαʔϏεఏڙऀ )5514FWFSZXIFSF࣌୅ͷεςʔΫϗϧμʔ )5514 SPPUূ໌ॻ ιϑτ΢ΣΞఏڙ ࣦޮ֬ೝ
ূ໌ॻఏڙ

Ϣʔβʔʢ͓٬༷ʣ 04ɾϒϥ΢βϕϯμʔ 5-4ΫϥΠΞϯτ։ൃऀ ೝূہ 8FCαʔϏεఏڙऀ ̎ͭͷϙδγϣϯΛ࢖͍෼͚ͯ͠࿩Λ͠·͢ )5514 SPPUূ໌ॻ ιϑτ΢ΣΞఏڙ ࣦޮ֬ೝ
ূ໌ॻఏڙ HTTPS everywhere TLS 1.0ഇࢭ ҉߸ํࣜͷSPOFղফ TLS1.3ɺQUICɺ଱ྔࢠ҉߸ ৴པੑͷཁɺτϥετΞ ϯΧʔΛΊ͙Δಈ͖ /PEFίϛολʔͱͯ͠ͷཱ৔ ϠϑʔαʔϏεఏڙɺ *&5'ࢀՃऀͱͯ͠ͷཱ৔

)5514&WFSZXIFSF

)5514ͷಋೖঢ়گ ಡΈࠐΈϖʔδׂ߹ IUUQTMFUTFODSZQUPSHTUBUTQFSDFOUQBHFMPBET IUUQTUSBOTQBSFODZSFQPSUHPPHMFDPNIUUQTPWFSWJFX 'JSFGPY $ISPNF 64
+BQBO ೔ຊ͸ Χࠃத࠷௿

ͳͥશ෦)5514ʹ͠ͳ͍ͱ ͍͚ͳ͍ͷʁ w /4" $()2ʹΑΔࠃՈϨϕϧͷ޿ൣғͳ౪ௌߦҝ͕໌Β͔ʹ w ௨৴ΩϟϦΞͱڠྗ͠ɺ%$಺΍ΠϯλʔωοτόοΫϘʔϯ ʹ౪ௌɾվ͟Μͷ࢓ֻ͚Λ഑ஔ w ฏจ௨৴Λ.J5.Ͱվ͟Μ͠ະ஌ͷϚϧ΢ΣΞΛײછͤ͞Δ
w ҉߸ͷඪ४Խ࢓༷ʹόοΫυΞΛ࢓ֻ͚͍ͯΔͱͷ࿩΋ ޙड़ CC BY 3.0 https://www.youtube.com/user/TheWikiLeaksChannel ೥݄ɿΤυϫʔυɾεϊʔσϯࣄ݅

/4"ʹΑΔαΠόʔ߈ܸͷҰྫ 26"/56. '09"$*% IUUQXXXFYBNQMFDPN XXXFYBNQMFDPN Ϛϧ΢ΣΞΛૹΓࠐΉ ్தܦ࿏Ͱվ͟ΜίϯςϯπΛૹ৴ '09"$*%ʹ༠ಋ վ͟Μίϯςϯπ IUUQTXXXTDIOFJFSDPNCMPHBSDIJWFTIPX@UIF@OTB@BUUIUNM

*"# ʹΑΔΠϯλʔωοτͷ ৴པੑʹؔ͢Δએݴ w ৽͘͠ϓϩτίϧΛઃܭ͢Δࡍʹ͸ɺ҉߸ԽػೳΛඞ ਢͱ͢΂͖ɻ w ωοτϫʔΫӡ༻ऀ΍αʔϏεఏڙऀʹ҉߸Խ௨৴ͷ ಋೖΛਪਐ͢ΔΑ͏ڧ͘ٻΊΔɻ
w ίϯςϯπϑΟϧλʔ΍*%4౳ฏจ௨৴͕ඞཁͳػೳ ʹ͍ͭͯ͸কདྷతʹ୅ସٕज़ͷ։ൃʹऔΓ૊Ήɻ *OUFSOFU"SDIJUFDUVSF#PBSE IUUQTXXXJBCPSHJBCTUBUFNFOUPOJOUFSOFUDPOpEFOUJBMJUZ

ͳͥશ෦)5514ʹ͠ͳ͍ͱ ͍͚ͳ͍ͷʁ w Πϯλʔωοτͷ݈શੑΛ֬อ͢ΔͨΊɻ͕͜͜༳Β͙ ͱେखͷ8FCαʔϏεͷ৴པੑ͕ͳ͘ͳΔɻ w Ұ෦Ͱ΋ฏจ௨৴͕࢒͍ͬͯΔͱͦ͜Λಥ͔ΕΔՄೳੑ͕ ͋Δɻ w ࣗ෼͸ؔ܎ͳ͍ͱࢥ͍ͬͯͯ΋஌Βͳ͍͏ͪʹ࢓ࠐ·Εͯ
ར༻͞ΕΔڪΕ΋ɻ w ௕ظతͳࢹ఺Ͱ͸IUUQ͸ϑΣʔζΞ΢τͷํ޲Ͱ͢ɻ

τϥετΞϯΧʔΛΊ͙Δ ೤͖ઓ͍

5-4ͷٕज़ཁૉ X509ূ໌ॻ PKI ରশ ҉߸ ҉߸Ϟʔυ ެ։伴҉߸ σδλϧॺ໊ ཚ਺ੜ੒ 伴ަ׵
ϝοηʔδೝূ Ұํ޲ϋογϡ

5-4ηΩϡϦςΟͷ౔୆ 5-4ͷ ηΩϡϦςΟ ཚ਺ੜ੒ 1,* ൿີ伴ͷ ؅ཧ ҉߸ٕज़ Τϯ τϩϐʔෆ଍
ෆਖ਼ ൃߦ ࿙Ӯ ΞϧΰϦζϜɾ ڧ౓ͷةຆԽ 5-4͸ɺ͜ͷ̐ͭͷ֎෦ཁૉͷ্ͰΠϯλʔ ωοτͰ҆શͳ௨৴Λఏڙ͢Δ࢓૊ΈͰ͋Δɻ ٯʹݴ͑͹ɺͲΕ΄Ͳ׬ᘳͳ5-4ϓϩτίϧΛ࡞ͬͯ΋ ͜ͷ̐ͭͷ֎෦ཁૉ͕ഁΒΕͨΒ҆શΛ֬อͰ͖ͳ͍ɻ

৴པͷཁɺτϥετΞϯΧʔ αʔόূ໌ॻ தؒূ໌ॻ ϧʔτূ໌ॻ ΫϥΠΞϯτ಺ ΫϥΠΞϯτެ։伴ૹ৴ αʔόɾதؒূ໌ॻૹ৴ 5-4 ϋϯυγΣΠΫ ʹΑΔαʔόೝূ
੺৭͸ αʔό͔Βૹ৴ τϥετΞϯΧʔ ॺ໊ ॺ໊ αʔόެ։伴ૹ৴ ॺ໊

5-4ΫϥΠΞϯτͱ04Ͱม ΘΔSPPU$"ͷࢀরઌ 8JOEPXT .BD04 -JOVY "OESPJE *&&EHF 04ͷSPPU$" /" /"
/" 4BGBSJ /" 04ͷSPPU$" /" /" $ISPNF 04ͷSPPU$" 04ͷSPPU$" .P[JMMBͷ SPPU$" .P[JMMBͷ SPPU$" 'JSFGPY .P[JMMBͷ SPPU$" .P[JMMBͷ SPPU$" .P[JMMBͷ SPPU$" .P[JMMBͷ SPPU$" /PEFKT .P[JMMBͷ SPPU$" .P[JMMBͷ SPPU$" .P[JMMBͷ SPPU$" /" EJTUSJCVUJPOఏڙͷDBCVOEMFQLHΛࢀর͢Δ৔߹΋͋Γ มߋɺमਖ਼͞Ε͍ͯΔՄೳੑ͋Γʣ .P[JMMBͷSPPU$"ϦετIUUQTIHNP[JMMBPSHNP[JMMBDFOUSBMSBXpMFUJQTFDVSJUZOTTMJCDLGXCVJMUJOTDFSUEBUBUYU

ϒϥ΢βʹΑͬͯҟͳΔྫ .BD04্ͷ$ISPNF .BD04্ͷ'JSFGPY

ϒϥ΢βʔWTೝূہ αʔόূ໌ॻ தؒূ໌ॻ ϧʔτূ໌ॻ ΫϥΠΞϯτ಺ ॺ໊ ॺ໊ ಛఆͷϧʔτূ໌ॻͰॺ໊ ͞Εͨূ໌ॻΛΤϥʔʹ ൃߦ೔࣌ͳͲͷ৚݅΋෇༩Մ
04ͷSPPUূ໌ॻͷ؅ཧͱ͸ผʹΫϥΠΞϯτಠࣗͷ൑அͰϑΟϧλʔͰ͖Δɻ ۩ମతͳSPPU$"ͷ΍Β͔͠ࣄ݅฽͸ɺౡԬ͞ΜͷϓϨθϯͰ

)5514αʔόͷӡ༻ ٕज़ෛ࠴ ࠓޙ5-4ΛͲ͏ͨ͠Β͍͍ͷ͔ʁ

·ͣ͸ ࠓͷߏ੒Λ͔ͬ͠ΓνΣοΫ͠·͠ΐ͏

ٕज़ෛ࠴ͷฦࡁʹඋ͑Δ ग़యIUUQTXXXTMJEFTIBSFOFUUFDICMPHZBIPPXFCIUNMKIUNMKC Φϫίϯϓϩτίϧ 5-4

5-4͸ɺͳͥΦϫίϯʁ w ೥ʹ࢓༷ࡦఆɻ΋ͱ΋ͱ͸44-ͷඪ४ԽΛ໨ࢦͨ͠΋ͷ w "&4બఆ ೥ લͩͬͨͷͰ౰ॳ͸3$ͱ%&4ͷΈαϙʔτɻ3$ ͸طʹةຆԽɺ%&4͸48&&5߈ܸΛड͚Δ͜ͱ͕஌ΒΕ͍ͯΔ w ϒϩοΫ҉߸Λ࢖͏ࡍͷॳظϕΫτϧͰ#&"45߈ܸΛड͚Δ͜ͱ͕஌
ΒΕ͍ͯΔ ΫϥΠΞϯτଆͰཁରࡦ w $#$Ϟʔυͷ࣮૷͸աڈ਺ଟ͘ͷ੬ऑੑΛੜΈग़ͨ͠ͷͰ"&"% ೝূ ෇҉߸ ΁ͷҠߦ͕ओྲྀʹ w ."$13' 伴ੜ੒ Ͱ͸.%ͱ4)"Λ૊Έ߹Θͤͨ΋ͷɻ͜Ε͕͋ ΔݶΓةຆԽ͞Εͨ.%ͷίʔυΛͳ͘͢͜ͱ͸Ͱ͖ͳ͍ 5-4ͱڞ௨߲໨

5-4ϓϩτίϧͷൺֱ ࡦఆ ϒϩοΫ҉߸ͷ ॳظϕΫτϧ $#$ Ϟʔυ "&"% ."$13' 5-4 ೥
ͳ͠ ༗ ͳ͠ 4)" .% 5-4 ೥ ༗ ༗ ͳ͠ 4)" .% 5-4 ೥ ༗ ༗ ༗ 4)"Ҏ্ 5-4 ࢓༷ࡦఆத ഇࢭ ഇࢭ ඞਢ ),%' 4)"Ҏ্ 1$*%44 ېࢭʙ ਪ঑

ϓϩτίϧͷഇࢭ͸೉͍͠ w ΋ͱ΋ͱ1$*%44͸೥݄೔ʹ5-4Λഇࢭ༧ఆ ͩͬͨɻͦΕΛ̎೥Ԇظɻ w େख 4BMFT'PSDF *#. 0SBDMF ͷαʔϏε͸طʹରԠࡁɻ͕ͩ
Ҡߦ࡞ۀ͸Ͳ͜΋Ұ౓͸ࣦഊͯ͠ϩʔϧόοΫ͍ͯ͠Δɻ w "OESPJEYͷඪ४ϒϥ΢βʔَ͕໳ɻ"1*ར༻ͳͲ͸ΫϥΠΞ ϯτଆͷվमͱ͔ඞཁɻ w ࣄલʹϢʔβ΁ͷೝ஌͕೉͍͠ɻഇࢭޙ͸Τϥʔը໘ʹɻ w 44-͸100%-&੬ऑੑͷެදͰΨϥέʔରԠΛؚΊഇࢭͰ͖ ͨɻ5-4͸ಉ͡Α͏ʹͳΔͷ͔ɺͳΒͳ͍ͷ͔ɻ

Ͱ͸Ͳ͏͢Ε͹ʁ w ·ͣ͸Ϟχλʔ w 5-4όʔδϣϯΛΞΫηεϩάʹग़͢ w ׂ߹΍6"ɺTSDJQ౳ͷ܏޲Λ೺Ѳ w Πϯγσϯτൃੜ࣌ʹӨڹ౓Λ೺ѲͰ͖ΔΑ͏४උ͕େ ࣄɻ

҉߸ํࣜͷ410'ղফ ʹ޲͚ͯ

҉߸ํࣜͷ410' 70.3% 25.0% 4.2% 0.2% 0.2% 0.1% 0.0% 0.0% TLS
CipherSuite ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DES-CBC3-SHA AES128-SHA AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 伴ަ׵ʹECDHE ೝূʹRSA ରশ҉߸ʹ128bit伴௕ͷAES ҉߸ϞʔυʹGCM(AEAD) PRFϋογϡʹSHA256 ग़యIUUQTXXXTMJEFTIBSFOFUUFDICMPHZBIPPXFCIUNMKIUNMKC

5-4ͷ҉߸ํࣜͷݱঢ় 410'ͷଘࡏ 伴ަ׵ 34" 'PSXBSE4FDSFDZ %)& &$%)& /*451 &$%)& Y
σδλϧॺ໊ 34" %44 %4" &$%4" &E%4" ʢ࢓༷Խத ରশ҉߸ %&43$ %&4 "&4 $IB$IB ͦͷଞ ҉߸Ϟʔυ $#$ "&"% $$. ($. 1PMZ ϝοηʔδೝূ 13' .% 4)" 4)" 4)" ஫ҙ͸ɺ҉߸ֶత஫ҙͱকདྷతʹීٴ͕ݟࠐ·Εͳ͍஫ҙ΋ؚ·Ε·͢ ੺ةݥ ԫ஫ҙ ྘҆શ ੨͜Ε͔Β

5-4҉߸ํࣜͷݱঢ় 伴ަ׵ 伴ަ׵ 34" 'PSXBSE4FDSFDZ %)& &$%)& /*451 &$%)& Y
34"伴ަ׵'4Ͱͳ͍ͷͰඇਪ঑ɻͰ΋اۀ಺ɺ%$಺Ͱඞཁͱͷ੠͕͋Γɻ %)&伴ަ׵҉߸ڧ౓ͷަ׵͕ෆՄɻ &$%)& /*451 Ұ൪ීٴ͍ͯ͠Δɻ/4"όοΫυΞͷٙٛ &$%)& Y ΍ͬͱओྲྀϒϥ΢βͰαϙʔτ։࢝ɻ͜Ε͔Βීٴ͕ݟࠐ·ΕΔɻ IUUQTDTSDOJTUHPW/FXT5SBOTJUJPO1MBOTGPS,FZ&TUBCMJTINFOU4DIFNFT /*45ඪ४ͱͯ͠Y͕࠾༻͞ΕΔݟࠐΈ͕࠷ۙ໌Β͔ʹ /*451ʹԿ͔͋ͬͨΒΊͪΌ΍͹͍

5-4҉߸ํࣜͷݱঢ় ॺ໊ σδλϧॺ໊ 34" %44 %4" &$%4" &E%4" ʢ࢓༷Խத 34"ॺ໊1,$4Wํ͕ࣜओྲྀ͕ͩ҆શੑ͕ূ໌͞Ε͍ͯͳ͍ɻ144΁ͷҠߦ͕՝୊
%4"΄ͱΜͲීٴͤͣɻੑೳతϝϦοτ΋ͳ͍ͨΊഇࢭͷํ޲ &$%4" /*451 &$$ূ໌ॻ͕কདྷ΋ͬͱීٴ͢Δ͔ʁ &E%4" FE ࢓༷Խத ޙड़ ੈͷதͷূ໌ॻ͕΄ͱΜͲ34"ॺ໊ 1,$4WʹͳΜ͔͋ͬͨΒΊͪΌ΍͹͍

/*451 QSJNFW TFDQS 9 &E TIPSUϫΠΤϧγϡτϥεۂઢ ZY BY C ϞϯΰϝϦۂઢ
CZYʴBY Y UXJTUFEΤυϫʔζۂઢ BY ZYʴEYZ ஫ɿఏ͍ࣔͯ͠Δάϥϑ͸ܗ͕ݟ΍͍͢ύϥϝʔλΛ࢖ͬͨପԁۂઢΛॻ͍͓ͯΓɺ࣮ࡍʹ࢖ΘΕΔପԁۂઢ҉߸ͷάϥϑͱҟͳΓ·͢ɻʣ ૒༗ཧಉ 5-4Ͱ࢖͏ପԁۂઢ҉߸ͷछྨ Ұྫ 3'$ 3'$ '*14 伴ަ׵ɾॺ໊ ʢ&$%)&ɾ&$%4" 伴ަ׵ &$%)& ॺ໊ &E%4" ࣌ؒͷؔ܎্εΩοϓ

&$%4"/*451 &E%4"&E ηΩϡϦςΟڧ౓ CJUT ପԁۂઢɾૉ਺ ZYY Y Z
YZ r r ެ։伴ॻࣜɾαΠζ VODPNQSFTT CZUFT DPNQSFTT Z࠲ඪ CZUFT ॺ໊αΠζ CZUFT ಛ௃ ॺ໊ຖʹཚ਺͕ඞཁ ಉҰൿີ伴ɾσʔλΛར༻͢ΔͱTJHOBUVSF͕ ಉҰ ϋογϡͱ૊Έ߹Θͤ 4)"ͷϋογϡॲཧΛ಺෦Ͱ࣋ͭ ϋογϡিಥ଱ੑ ϋογϡিಥ଱ੑ 伴ِ଄଱ੑ ཁແݶ఺ॲཧ ແݶ఺ॲཧ͕ඞཁͳ͍ *6' *OQVU6QEBUF'JOJTI "1* *6'Ͱͳ͍ ߴੑೳ͔ͭ҆શͳ࣮૷Λ͢Δͷ͕େม αΠυνϟωϧ΍ΩϟογϡλΠϛϯά߈ܸΛ ൺֱతड͚ʹ͍͘ ূ໌ॻ 3'$ɺൃߦೝূہ͋Γ ESBGUDVSEMFQLJY࢓༷Խத ո͍͠ ࣌ؒͷؔ܎্εΩοϓ

&$%4"&E%4"ॲཧͷҧ͍ σʔλ ൿີ伴 ެ։伴 ཚ਺ &$%4" TJHO S T 4JHOBUVSF
&$%4" WFSJGZ )BTI USVF PS GBMTF σʔλ ॺ໊ ݕূ σʔλ ൿີ伴 ެ։伴 &E%4" TJHO 3T T 4JHOBUVSF &E%4" WFSJGZ USVF PS GBMTF σʔλ )BTI ॺ໊࣌ʹཚ਺ෆཁɺϋογϡॲཧ͸಺෦ʹ ࣌ؒͷؔ܎্εΩοϓ

5-4҉߸ํࣜͷݱঢ় ରশ҉߸ɾ҉߸Ϟʔυ ରশ҉߸ %&43$ %&4 "&4 $IB$IB ͦͷଞ ҉߸Ϟʔυ $#$
"&"% $$. ($. 1PMZ %&43$طʹةຆԽɻར༻ېࢭ %&44XFFU߈ܸΛड͚ΔՄೳੑ͕͋Γɻ "&4$#$աڈ$#$ͷύσΟϯάॲཧͰ࣮૷ͷ੬ऑੑ͕͋Γ "&4$$.଎౓తͳϝϦοτ͕ͳ͍ͨΊීٴͤͣ "&4($.ݱࡏҰൠతʹ࢖ΘΕ͍ͯΔҰ୒ɻ)8ॲཧͰߴੑೳɻ $IB$IB1PMZɿϒϥ΢βʔαϙʔτ͕૿͑ɺ͜Ε͔ΒීٴͷݟࠐΈɻ ੈͷத΄ͱΜͲ"&4 "&4ʹԿ͔͋ͬͨΒϝνϟ΍͹͍

ରশ҉߸ੑೳൺ w *OUFM"&4/*΍"3.W&ODSZQUJPOΤϯδϯͳͲ)8҉߸ΞΫηϥϨʔγϣϯΛ࣋ͭ $16Ͱ͸"&4($.ͷ଎౓͕ඇৗʹ଎͍ w )8҉߸ΞΫηϥϨʔγϣϯ͕ͳ͍$16 "3.W ͳͲͰ͸$IB$IB1PMZ͕ ଎͍ ࣌ؒͷؔ܎্εΩοϓ

5-4҉߸ํࣜͷݱঢ় ϝοηʔδೝূɾ13' ϝοηʔδೝূ 13' .% 4)" 4)" 4)" .%طʹ༰қʹিಥܭࢉ͕Մೳɻར༻ېࢭɻ 4)"ͬͨ͢΋Μͩͷ຤ɺ4DBUUFSͰτυϝΛࢗ͞Εഇࢭʹɻ
4)" Ұ൪ීٴ͍ͯ͠Δɻ౰໘҆શͱݟΒΕ͍ͯΔɻ 4)"଎౓తͳϝϦοτ͕ͳ͍ͨΊ5-4΁ͷಋೖػӡ͸ߴ·͍ͬͯͳ͍ɻ4)" ܥͱΞϧΰϦζϜ͕ҟͳΓɺ৳௕߈ܸ଱ੑ͕͋ΔͷͰόοΫΞοϓΞϧΰϦζϜͱ͠ ͯͷظ଴͸͋Δɻ 4)"͕ବ໨ͳΒ4)"͕͋Δ͞

҉߸ํࣜͷ410'ղফʹ޲͚ͯ w $IB$IB1PMZ Yͷϒϥ΢βʔαϙʔτ͕ ॆ࣮͖ͯͨ͠ɻ w 0QFO44-ϕʔεͰ͸྆ํαϙʔτ͞Ε͍ͯΔɻ w ೥݄೔ʹ0QFO44-͕&04-ʹͳΔɻ w
XJLJMFBLT͔Βεϊʔσϯจॻʹ/*451ͷόοΫυΞ ͷৄࡉ͕΋͠ग़Α͏΋ͷͳΒେύχοΫʹͳΔɻͦͷલ ʹY΁ͷҠߦΛɻ

কདྷʹඋ͑Δ 5-4 ࠷৽৘ใɾͲ͏൑அ͢΂͖͸ύωϧͰ

5-4͕ٻΊΒΕΔഎܠ ৗ࣌5-4࣌୅Λܴ͑Δʹ͋ͨͬͯɺ͔ͬ͠Γͨ͠ϓ ϩτίϧ͕ඞཁ 5-4ͷݶք w ༷ʑͳٕज़ෛ࠴ͷ஝ੵ ௕ظʹ࢖͑ΔΑΓ҆શͰߴੑೳͳ5-4ϓϩτίϧΛ࡞Δ

5-4ͷݶք w ݱࡏͷ5-4Ͱఆٛ͞Ε͍ͯΔػೳͷ Ұ෦͸ɺطʹར༻͢ΔͱةݥͰ͋Δɻ w աڈ༷ʑͳ5-4ͷ߈ܸख๏΍੬ऑੑ͕ެ ։͞Εɺͦͷ౎౓ରࡦ͕औΒΕ͖ͯͨɻ w ͔͠͠Ұ࣌తͳରԠͰࠜຊతɾൈຊతͳ ରࡦʹͳ͍ͬͯͳ͍΋ͷ΋ଟ͍ɻ
ຊདྷ͜ͷΑ͏ͳΨΠυϥΠ ϯ͕ͳͯ͘ࡁΉͷ͕๬·͍͠

5-4ͷಛ௃ ༷ʑͳػೳɺ߲໨ͷݟ௚͠ɾഇࢭ ࣌୅ʹ߹Θͳ͘ͳͬͨ΋ͷɺΑΓޮ཰తʹมߋमਖ਼Ͱ͖Δ΋ͷΛ5-4 ͔Βػೳɾ߲໨Λ਺ଟ͘ഇࢭ ΑΓηΩϡΞʹ ฏจ௨৴͕ඞཁͳ෦෼Λۃྗগͳͯ͘͠৘ใΛൿಗ ͜Ε·Ͱ߈ܸର৅ͱͳͬͨػೳΛۃྗഉআ͠কདྷతͳ߈ܸʹඋ͑Δ
ੑೳ޲্ ॳظ઀ଓͷ୹ॖʹΑΔੑೳ޲্ த਎తʹ͸5-4Ϩϕϧͷେมߋ

5-4ʹ࢈ۀք ۚ༥ۀք ͔Βͷݒ೦ද໌ w ʮ*OEVTUSZ$BODFSOTBCPVU5-4ʯIUUQTXXXJFUGPSHNBJM BSDIJWFXFCUMTDVSSFOUNTHIUNM w 'JOBODJBM4FSWJDF3PVOEUBCMFͷٕज़෦໳#*54୲౰ऀ͔Β5-48(ϝʔϦ ϯάϦετ΁ͷ౤ߘ w
34"伴ަ׵͕5-4Ͱഇࢭ͞ΕΔͱɺۚ༥ۀքͰݱঢ়ඞཁͱ͞ΕΔཁ݅ʹ ߹Θͳ͘ͳΔڪΕ͕͋Δɻ w 34"伴ަ׵αʔόͷൿີ伴Λ͍࣋ͬͯΕ͹5-4௨৴σʔλΛ෮߸Խ͢Δ͜ ͱ͕Մೳɻ5-4Ͱ͸ഇࢭ༧ఆɻ w 1'4 1FSGFDU'PSXBSE4FDVSFDZ Ұ࣌తʹ༗ޮͳ伴Λަ׵ɻޙ͔Β௨৴ σʔλΛ෮߸Խ͢Δ͜ͱ͸೉͘͠ͳΔɻ5-4͸&$%)&%)&ͷΈ༗ޮɻ

5-4ʹ࢈ۀք ۚ༥ۀք ͔Βͷݒ೦ද໌ ʢଓ͖ʣ w ؂ࢹɾϞχλʔɿۚ༥ۀքͰ͸๏తʹैۀһͷ௨৴σʔλ Λอશ͢Δඞཁ͕͋Δɻ w τϥϒϧγϡʔτΞϓϦ૚ͷΤϥʔͳͲ5-4σʔλͷத ਎Λσʔληϯλʔ಺Ͱղੳͯ͠ো֐ௐࠪΛߦ͍ͬͯΔɻ
w Ϛϧ΢ΣΞɺ%%P4ରࡦ5-4σʔλͷத਎Λௐ΂ͯݕ஌ ͯ͠ηΩϡϦςΟରࡦ͕ߦΘΕ͍ͯΔɻ ্هػೳͷӡ༻͸ɺݱࡏ34"伴ަ׵ΛલఏʹγεςϜ͕ߏ੒͞Ε͓ͯΓɺ5-4Ͱ34" 伴ަ׵͕ഇࢭ͞ΕΔͱେ͖ͳӨڹΛड͚Δɻٞ࿦தͰ͕͢ɺ͜ͷ··ߦ͖ͦ͏Ͱ͢ɻ

355ͷBOUJSFQMBZ w 5-4Ͱ͸ϋϯυγΣΠΫ࣌ʹ14, 1SF4IBSFE,FZ Λ࡞੒͠ɺ ࠶઀ଓ࣌ʹϋϯυγΣΠΫͱσʔλΛಉ࣌ʹૹ৴͢Δ355ػ ೳ͕໨ۄͱͯ͠ఆٛ͞Ε͍ͯΔɻ w 355ػೳʹΑΔσʔλ௨৴ͷߴ଎Խ͕ظ଴͞Ε͍ͯΔ͕ɺ 355ͷσʔλΛதؒ߈ܸऀ͕ෳ੡ͯ͠αʔόʹૹ৴͢Δ3FQMBZ߈
ܸʹऑ͍ͱ͍͏ऑ఺͕ଘࡏ͢Δɻ w 355ͷSFQMBZ߈ܸ๷ޚͷख๏ͱͯ͠͸)551Ͱ͸ႈ౳ੑͷ͋Δ ϦΫΤετʹݶఆ͢Δͱ͍ͬͨΑ͏ʹΞϓϦଆͷରԠ͕ඞཁʹͳ ΔݟࠐΈͰ͋Δɻ

5-4ͷϋϯυγΣΠΫ355 ClientHello+νέοτ ApplicationData end_of_early_data Finished ServerHello EncryptedExtension ServerConfiguration Certificate CertificateVerify
Finished ApplicationData 355 355 ҉߸Խ 355 1SF4IBSFE ,FZ 1SF4IBSFE ,FZ ࠷ॳͷϋϯυγΣΠΫ νέοτ ࠶઀ଓ ࣌ؒͷؔ܎্εΩοϓ

$MJFOU)FMMP 355 ྫɿ1045ೖֹۚۚʣ 5-4αʔόΫϥελʔ ೖۚ ೖۚ ೖۚ ೖۚ 5-4355ͷڴҖ SFQMBZ߈ܸͷҰྫ

ΞϓϦ։ൃऀ΍αʔό؅ཧऀ͕ԿΛؾΛ ͚ͭΕ͹͍͍ͷ͔ʁ w ӡ༻తͳ՝୊ w 5-4͕༗ޮʹͳΔ͜ͱͰϛυϧϘοΫεɺ'8ɺ*%4*14ͳ Ͳதؒ௨৴૷ஔͷো֐΍ػೳఀࢭͳͲͷӨڹ͸ͳ͍͔ʁ w 5-4ͰഇࢭʹͳΔػೳ ಛʹ34"伴ަ׵
Λલఏͱͨ͠γε ςϜͷػೳΛ࢖͍ͬͯͳ͍͔ʁ w ٕज़తͳ՝୊ w 355Λຊ౰ʹ҆શʹར༻͢Δ͜ͱ͕Ͱ͖Δͷ͔ʁ w 355Λ࢖Θͳ͔ͬͨ৔߹ʹ໰୊͸ൃੜ͠ͳ͍ͷ͔ʁ

ҠߦͷλΠϛϯάͳͲ w 5-4΁ͷҠߦλΠϛϯάʹ͍ͭͯ͸ɺ5-4ʹԿΛٻΊΔ͔ʹΑͬͯ ҟͳΔɻ w কདྷతͳηΩϡϦςΟϦεΫͷ௿ݮˠ5-4 w 355Λ࢖ͬͨߴ଎௨৴ͷ࣮ݱˠ5-4 w 26*$ɺ8FC35$ͳͲ৽͍͠ϓϩτίϧͷಋೖˠ5-4
w 5-4ͷ࢓༷ԽʹΑͬͯ5-4͕ഇࢭ͞ΕΔ͜ͱ͸ͳ͍ɻ5-4Λܧ ଓͯ͠࢖͍ଓ͚Δͷ΋Ұͭͷબ୒ࢶɻ5-4͸λΠϛϯάΛݟͯഇ ࢭ͞ΕΔ͔΋͠Εͳ͍ɻ w 5-4Λ࢖͍ଓ͚Δ͜ͱͷσϝϦοτϚʔέοτతʹ͸5-4Λਪਐ ͍ͯͩ͘͠Ζ͏ɻ5-4ݻ༗ͷ໰୊͕ൃݟ͞Εͨ৔߹ʹͲ͏ͳΔ͔ʁ

কདྷʹඋ͑Δ 26*$ ࠷৽৘ใɾͲ͏൑அ͢΂͖͸ύωϧͰ

26*$ͱ͸ ▪ 6%1্Ͱ5$1 5-4 )551ͷҰ ෦Λ࣮ݱ͢Δϓϩτίϧɻ ▪ (PPHMF͕։ൃɺ೥͔Β*&5' ඪ४Խ͕࢝·Δɻ ▪
ݱࡏ(PPHMF͔Βग़ΔτϥϑΟοΫ ͷҎ্͕26*$ɻ͜Ε͸Πϯ λʔωοτશମͷ͓Αͦ૬౰ɻ Ϣʔβʔϥϯυ࣮૷WTLFSOFM࣮૷

26*$ͷϝϦοτ ύέοτϩεʹڧ͍ ճઢ᫔᫓

26*$ͷϝϦοτʢߴ଎઀ଓ ͞Βʹʂ 355Ͱ΋ͬͱߴ଎ʹ ࣌ؒͷؔ܎্εΩοϓ

(PPHMFʹΑΔ26*$ੑೳվળ ▪ ݕࡧϨεϙϯεͷվળׂ߹ ݕࡧจࣈΛೖྗ͔ͯ͠Β݁Ռ͕දࣔ͞ΕΔ·Ͱͷ࣌ؒ ग़యɿIUUQEMBDNPSHDJUBUJPODGN JE (PPHMF͸Ҏ্ಁա͍ͯ͠Δͱݴ͏͕26*$੾ͬͨ Β$ISPNF͕ܰ͘ͳͬͨͱ͍͏੠΋νϥϗϥ ࣌ؒͷؔ܎্εΩοϓ

কདྷʹඋ͑Δ ଱ྔࢠ҉߸

଱ྔࢠ҉߸ w ྔࢠίϯϐϡʔλ͕#V[[XPSEԽͦ͠͏Ͱ͢ɻ w ·ͩ·ͩઌͷ࿩ͱͷ੠΋͋Γ·͕͢ɺ࣮༻Խ͞ΕͨΒݱ ࡏͷ҉߸ٕज़ͷڴҖʹͳΓ·͢ɻ w طʹྔࢠίϯϐϡʔλ࣮༻ޙʹ޲͚ͯͷ४උ͕࢝·͍ͬͯ ·͢ɻ w
͍ͨͣΒʹෆ҆ΛἤΓཱͯΒΕͳ͍Α͏ɺࠓ஌͓ͬͯ͘΂ ͖͜ͱΛ੔ཧ͠·͢ɻ

ϙετྔࢠWT଱ྔࢠ w QPTURVBOUVNDSZQUPHSBQIZ೥ʹ%+#͕ఏএ͠ ࢝ΊΔɻ12$ͷུশ΋޿·͍ͬͯΔɻ w RVBOUVNSFTJTUBOUDSZQUPRVBOUVNTBGFDSZQUP౳ผ ໊΋ఏҊ͞Ε͍ͯΔ͕ɺ·ͩ౷Ұ͕ਤΒΕ͍ͯͳ͍ɻ w ͋Δ҉߸ΞϧΰϦζϜ͕ͦͷ࣌఺Ͱྔࢠίϯϐϡʔλʹର ͯ҆͠શͱΈͳ͞Εͯ΋ɺͦͷޙ΋ͣͬͱ҆શͰ͋Δอূ
͸ͳ͍ɻྔࢠίϯϐϡʔλ࣮༻ޙʹඞཁͳηΩϡϦςΟ ϨϕϧΛࢦඪͱ͍ͯ͠ΔͷͰQPTURVBOUVNͩ CZEKC

ྔࢠίϯϐϡʔλͱ͸ w ྔࢠϏοτ RVCJU cПЋc ЌcͱͷॏͶ߹Θͤͨঢ় ଶΛ࣋ͭ w ྔࢠίϯϐϡʔλྔࢠϏοτΛ࢖ͬͨԋࢉΛߦ͏૷ஔ
ྔࢠήʔτํࣜྔࢠϏοτΛૢ࡞͢Δجૅతͳճ࿏Λ૊Έ ߹Θͤͯ൚༻తͳԋࢉΛߦ͏ྔࢠճ࿏Λ࣮ݱ͢Δํࣜɻ͍ ͔ͭ͘ͷྔࢠΞϧΰϦζϜ͕ఏএ͞Ε͍ͯΔ ޙड़ ɻ*#.ɺ *OUFMɺ.4౳͕औΓ૊ΜͰ͍Δɻ ྔࢠΞχʔϦϯάํࣜྔࢠϏοτؒͷ૬ޓ࡞༻Λ࢖ͬͯج ఈঢ়ଶΛ୳͠ग़͢ํࣜɻ૊Έ߹Θͤ࠷దԽܭࢉʹಛԽɻΧ φμ%8BWFࣾͳͲ͕੡඼Խɻݱࡏ஫໨גɻ ஫্هҎ֎ͷํࣜ΋ݚڀ։ൃதͰ͢ɻ

ྔࢠΞϧΰϦζϜ ྔࢠήʔτํࣜͰߟҊ͞Ε͍ͯΔྔࢠΞϧΰϦζϜͷҰྫ w (SPWFSͷ୳ࡧΞϧΰϦζϜ ྔࢠϏοτૢ࡞Λ܁Γฦͯ֬͠཰ৼ෯Λऩଋͤ͞ɺ/ݸͷσʔλ͔Β /? ͷΦʔμʔͰσʔλΛ୳ࡧͰ͖ΔΞϧΰϦζϜɻରশ҉߸ͷڞ༗ 伴୳ࡧʹԠ༻Մೳɻ w
4DIPSͷૉҼ਺෼ղΞϧΰϦζϜ ΂͖৐৒༨ܭࢉΛྔࢠϑʔϦΤม׵Λ࢖ͬͯղ͖ɺૉҼ਺෼ղΛߦ͏Ξ ϧΰϦζϜɻ༗ݶମ্ͷ཭ࢄର਺໰୊ %) ΍ପԁۂઢ҉߸ &$%) ͷղ ಡʹ΋Ԡ༻Մೳɻ

ྔࢠίϯϐϡʔλͷ ҉߸ٕज़ʹର͢ΔڴҖ ग़య http://dx.doi.org/10.6028/NIST.IR.8105 ҉߸ΞϧΰϦζϜ ํࣜ ༻్ େܕྔࢠίϯϐϡʔλͷӨڹ "&4 ରশ伴҉߸
҉߸Խ 伴௕Λେ͖͘͢Δඞཁ͕͋Δ 4)" 4)" ϋογϡ ϋογϡαΠζΛେ͖͘͢Δ ඞཁ͕͋Δ 34" ެ։伴҉߸ ॺ໊ɾ伴ަ׵ ҆શͰͳ͍ &$%4" &$%) ପԁۂઢ҉߸ ެ։伴҉߸ ॺ໊ɾ伴ަ׵ ҆શͰͳ͍ %4" ཭ࢄର਺໰୊Λϕʔεͱ ͨ͠༗ݶମ҉߸ ެ։伴҉߸ ॺ໊ɾ伴ަ׵ ҆શͰͳ͍

ྔࢠίϯϐϡʔλ͍ͭͰ͖Δʁ w ࣮༻తͳྔࢠίϯϐϡʔλͷ࣮ݱ·Ͱ͍͍ͩͨ೥͙Β͍ ͔͔ΔͩΖ͏ͱݴΘΕ͍ͯΔɻ w *#.͸ɺRVCJUͷϓϩηοαʔΛ׬੒ ɻ਺ଟ ͘ͷاۀɾػ͕ؔେྔͷࢿۚΛ౤ͯ͡։ൃதɻ w
%+#͸ɺ೥·Ͱʹ34"͕ྔࢠίϯϐϡʔλͰҼ ਺෼ղ͞ΕΔͷʹ64%ΛṌ͚͍ͯΔ ɻ w ॳظͷྔࢠίϯϐϡʔλͷීٴͰɺ৽ͨͳྔࢠΞϧΰϦζ Ϝ΍ྔࢠϓϩάϥϛϯάݴޠͷ։ൃ͕ਐΉՄೳੑ΋ɻ IUUQTDSZQUPUBMLTTMJEFTEKCRVBOUVNYQEG

ݱࡏͷ5-4ʹର͢ΔڴҖ ClientHello ServerHello Certificate ServerKeyExchange ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec
Finished Application Data Application Data 5-4ϋϯυγΣΠΫΛؚΉશ҉߸ σʔλΛอଘ 99೥ޙେܕྔࢠίϯϐϡʔλ࣮ݱ 4FSWFS,FZ&YDIBOHFதͷҰ࣌త ެ։伴σʔλ͔Β4DIPSͷΞϧΰ ϦζϜΛ࢖ͬͯྔࢠίϯϐϡʔλ ͔ΒҰ࣌తൿີ伴৘ใΛܭࢉ $MJFOU,FZ&YDIBOHFதͷҰ࣌తެ ։伴ͱ૊Έ߹Θͤͯ QSF@NBTUFS@TFDSFUΛܭࢉ ҉߸Խ͞Εͨ"QQMJDBUJPO%BUBͰ ࢖ΘΕ͍ͯΔରশ҉߸ͷڞ௨伴Λ ܭࢉɻ"QQMJDBUJPO%BUBΛ෮߸͠ ͯฏจ৘ใΛऔಘɻ

ྔࢠίϯϐϡʔλͷ࣮ݱલʹ ରԠΛ w ݱࡏ5-4Ͱ΍ΓऔΓ͞ΕΔ҉߸σʔλ͸ɺϋϯυγΣΠΫ ·Ͱอ؅͞Ε͍ͯΔͱ99೥ޙʹ͸ྔࢠίϯϐϡʔλͰฏ จ͕Θ͔ͬͯ͠·͍·͢ɻ w ଱ྔࢠ҉߸ͳ伴ަ׵ΞϧΰϦζϜ͸ɺྔࢠίϯϐϡʔλͷ ࣮ݱલʹಋೖ͓ͯ͘͠ඞཁ͕͋Δɻ w
৽͍͠҉߸ํ͕ࣜීٴ͢Δ·Ͱ͔ͳΓ࣌ؒʢ਺೥୯Ґʣ ͕͔͔Γ·͢ɻ ݱࡏ େܕྔࢠίϯϐϡʔ λͷ࣮༻Խ ଱ྔࢠ伴ަ ׵ͷಋೖ 5-4σʔλͷอޢ

(PPHMFʹΑΔ$&$12ࢼݧ w $&$12$PNCJOFE&MMJQUJD$VSWFBOE1PTU2VBOUVN w ପԁۂઢ҉߸ͷYͱ଱ྔࢠ҉߸3-8& 3JOH-FBSOJOH8JUI &SSPS ͷ/FX)PQFΛ૊Έ߹Θͤͯ$ISPNFͷ5-4伴ަ׵Λࢼݧ w Y͸όΠτɺ/FX)PQF͸όΠτͷެ։伴ɻ߹ܭό
Πτ௕ͷ伴ަ׵͸௨ৗΑΓେ͖͍ͨΊӨڹΛਤΔͷ͕໨త w /*45ͷબߟ ޙड़ ͕։࢝͞ΕΔ͠ɺ$ISPNFͷࢼݧ͕σϑΝΫτͳͬ ͯ͠·͏ͷΛආ͚ΔͨΊऴྃɻ೥݄ʙ೥݄ w ઀ଓϨΠςϯγʔ͕਺ϛϦඵ஗͘ͳͬͨɻ஗͍઀ଓ΄ͲͦͷӨڹ͕͓ େ͖͍͜ͱ͕൑໌ɻ IUUQTTFDVSJUZHPPHMFCMPHDPNFYQFSJNFOUJOHXJUIQPTURVBOUVNIUNM IUUQTXXXJNQFSJBMWJPMFUPSHDFDQRIUNM ࣌ؒͷؔ܎্εΩοϓ

/*45ʹΑΔ1PTU2VBOUVN $SZQUPHSBQIZ4UBOEBSEJ[BUJPO $PNQFUJUJPO ҰͭΛܾΊΔΘ͚ Ͱ͸ͳ͍ɻෳ਺ΞϧΰϦζ Ϝͷ༏ྼͳͲධՁ͢Δ͜ͱʹͳΔɻ w Ԡื։࢝ w ԠืకΊ੾Γ
w ʙ೥෼ੳϑΣʔζ w ೥ޙ%SBGU4UBOEBSE͕׬੒ IUUQTDTSDOJTUHPWQSPKFDUTQPTURVBOUVNDSZQUPHSBQIZ

଱ྔࢠ҉߸ީิ ҉߸ํࣜ ར༻͍ͯ͠Δٕज़ ϋογϡϕʔεॺ໊ ϫϯλΠϜϋογϡͷΈར༻ ֨ࢠ҉߸ ࠷୹ϕΫτϧ୳ࠪ໰୊ ίʔυϕʔε҉߸ ޡΓగਖ਼ූ߸ཧ࿦ ଟม਺҉߸
༗ݶମ্ͷଟม਺࿈ཱ࣍ํఔࣜ ಉछࣸ૾҉߸ ௒ಛҟପԁۂઢ

ҙࣝߴ͍ܥ্͔࢘Βͷ໰͍ʹඋ͑Δ ྔࢠήʔτํࣜʁ ྔࢠίϯϐϡʔλ͕Ͱ͖ΔΒ͍ͧ͠ɻ5-4௨৴͸Ͳ͏ͳΔΜͩʁ ਺ઍRVCJUҎ্ʁ ೥Ҏ಺ʁ :FT /P :FT :FT /P
/P େৎ෉Ͱ͢ɻ%8BWF౳ͷྔࢠΞχʔϦϯάํࣜ͸ ૊Έ߹Θͤ࠷దԽܭࢉʹಛԽͨ͠΋ͷͰ͢ɻ େৎ෉Ͱ͢ɻ34"͕·ͩഁΒΕͳ͍ఔ౓Ͱ͢ɻ େৎ෉Ͱ͢ɻ/*45ͷ଱ྔࢠ҉߸ඪ४͕ग़Δ·Ͱ଴ͪ ·͠ΐ͏ɻͨͩ͠೥Ҏ্อޢ͕ඞཁͳ5-4௨৴ σʔλ͸कΕͳ͍Ͱ͢ɻ ͋͊ɺ͖͋ΒΊ·͠ΐ͏PS[

ύωϧσΟεΧογϣϯ ʙ8FCαʔόӡ༻ͷ؍఺Ͱʙ *OUFSOFU8FFL ೥݄೔ େ௡ൟथ Ϡϑʔגࣜձࣾ ஌Βͳ͍ͱࠔΔʁʂೝূہͱ)5514ͷ࠷৽ٕज़ಈ޲

*&5'ޙͷ 5-4ͷ࠷৽ಈ޲ w ٕज़࢓༷͸ɺ΄΅֬ఆ w ్தͷNJEEMFCPY͕5-4Λ੾அ͢Δಁաੑͷ໰୊͕໌Β͔ ʹɻ w (PPHMF.P[JMMB͕֤छύλʔϯΛࢼͯ͠ಁաੑΛ਺ϲ݄ଌఆ
w 5-4ʹͦͬ͘Γʹ͢ΔΑ͏ ҙຯͷͳ͍ σʔλΛ෇༩ͤ͞Δ ͱಁա཰͕޲্͢ΔݟࠐΈͰ͋Δ͜ͱ͕Θ͔Δɻ w ࢓༷Λߋ৽ɺ࠶౓ଌఆ̏͠ճ໨ͷ-BTU$BMMʹɻ͜ΕͰຊ౰ʹ֬ ఆ͢ΔݟࠐΈɻ

αʔόϓϩάϥϜ୲౰ऀʹ 5-4Λ࢖͍͍ͨͱݴΘΕͨΒ w 5-4ಋೖϙΠϯτͷεϥΠυ ΞϓϦ։ൃऀ΍αʔό؅ཧऀ͕Կ ΛؾΛ͚ͭΕ͹͍͍ͷ͔ʁɺҠߦͷλΠϛϯάͳͲʣΛνΣοΫ w 5-4ͷ࢓༷Խޙ͸֤छϒϥ΢βͰ͙͢αϙʔτ༧ఆɻ0QFO44- ͷϦϦʔε΋5-4׬ྃ଴ͪɻ w
/*45ΨΠυϥΠϯҊIUUQTDTSDOJTUHPWQVCMJDBUJPOTEFUBJM TQSFWESBGU w ೥݄೔·Ͱʹ5-4΁ͷҠߦΛٻΊΔɻ ࠓޙٸ଎ʹ5-4ͷීٴ͕ݟࠐ·ΕΔͷͰ֮ޛΛ

*&5'ޙͷ *&5'26*$ͷ࠷৽ಈ޲ w ೥݄ͷجຊ࢓༷ͷࡦఆ׬ྃ༧ఆΛ೥݄ʹԆ ظ͢Δɻ w ࠓޙͷ*&5'26*$ͷόʔδϣϯΞοϓͰมΘΒͳ͍෦෼Λ ֬ఆͤ͞Δɻ w
*&5'26*$W͸)551ରԠʹݶఆɻͨͩ͠কདྷతʹ)551 Ҏ֎΋࢖͑Δ͜ͱ΋഑ྀ͢Δɻ w ϓϩτλΠϐϯά΍தؒձٞͰ΋ͬͱ࢓༷Խ࡞ۀΛ΋ͬͱ ͢͢ΊΔɻ

αʔόϓϩάϥϜ୲౰ऀʹ26*$ Λ࢖͍͍ͨͱݴΘΕͨΒ w *&5'26*$ͱ(PPHMF26*$ͷҧ͍Θ͔ͬͯΔʁ w (PPHMF26*$͸Ἒͷಓ w *&5'26*$͸ࠓ·͞ʹ࢓༷Խ࡞ۀத

αʔόϓϩάϥϜ୲౰ऀ͔Βͷཁ๬උ͑Δ *&5'PS(PPHMFʁ 26*$Λ࢖͍͍ͨ )551ʁ ೥݄Ҏલʁ *&5' (PPHMF :FT :FT /P
/P *&5'26*$Wͷର৅ൣғ֎ͳͷͰ౰໘ແཧͰ͢ɻ ΍ΔͳΒࣗ෼ͰESBGUͱ࣮૷ॻ͍ͯఏҊ͠·͠ΐ͏ɻ 26*$Wͷ࢓༷Խ͕׬ྃ͠ɺ֤छϒϥ΢βʔ΍044ɺ $%/αʔϏε͕ग़ͯ͘Δ·Ͱ଴ͪ·͠ΐ͏ɻ 26*$8(ʹࢀՃͯ͠ϓϩτλΠϓΛ࡞Γ·͠ΐ͏ɻ $ISPNFͷ։ൃ͕׆ൃͰ26*$ͷόʔδϣϯΞοϓ͕ ࣍ʑߦΘΕΔͷͰ௥ਵ͢Δͷ͕େมΑɻ

ࠓޙͲ͏ͳ͍ͬͯ͘ͷ͔

Ϣʔβʔʢ͓٬༷ʣ 04ɾϒϥ΢βϕϯμʔ 5-4ΫϥΠΞϯτ։ൃऀ ೝূہ 8FCαʔϏεఏڙऀ )5514FWFSZXIFSF࣌୅ͷεςʔΫϗϧμʔ )5514 SPPUূ໌ॻ ιϑτ΢ΣΞఏڙ ࣦޮ֬ೝ
ূ໌ॻఏڙ

Ϣʔβʔʢ͓٬༷ʣ 04ɾϒϥ΢βϕϯμʔ 5-4ΫϥΠΞϯτ։ൃऀ ೝূہ $%/αʔϏε )5514FWFSZXIFSF XJUI$MPVE$%/࣌୅ͷεςʔΫϗϧμʔ )5514 SPPUূ໌ॻ ιϑτ΢ΣΞఏڙ
ࣦޮ֬ೝ ূ໌ॻఏڙ 8FCαʔϏεఏڙऀ ίϯςϯπ "LBNBJ $MPVEqBSF 'BTUMZ FUD

Ϣʔβʔʢ͓٬༷ʣ 04ɾϒϥ΢βϕϯμʔ 5-4ΫϥΠΞϯτ։ൃऀ ೝূہ $%/αʔϏε )5514FWFSZXIFSF XJUI$MPVE$%/࣌୅ͷ"NB[POͷઓུ )5514 SPPUূ໌ॻ ιϑτ΢ΣΞఏڙ
ࣦޮ֬ೝ ূ໌ॻఏڙ 8FCαʔϏεఏڙऀ ίϯςϯπ "84 "NB[PO$FSUJpDBUF.BOBHFS "NB[PO5SVTU 4FSWJDFT *P5 SPPUূ໌ॻ ΫϥΠΞϯτূ໌ॻʁ

Ϣʔβʔʢ͓٬༷ʣ 04ɾϒϥ΢βϕϯμʔ 5-4ΫϥΠΞϯτ։ൃऀ ೝূہ $%/αʔϏε )5514FWFSZXIFSF XJUI$MPVE$%/࣌୅ͷ(PPHMFͷઓུ )5514 SPPUূ໌ॻ ιϑτ΢ΣΞఏڙ
ࣦޮ֬ೝ ূ໌ॻఏڙ 8FCαʔϏεఏڙऀ ίϯςϯπ (PPHMF$ISPNF ($1("& (PPHMF5SVTU 4FSWJDFT *P5 SPPUূ໌ॻ ΫϥΠΞϯτূ໌ॻʁ

運用の観点から見たTLSプロトコルの動き

運用の観点から見たTLSプロトコルの動き

More Decks by Shigeki Ohtsu

Other Decks in Technology

Featured

Transcript