¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­

´ðËܤ϶ô¤Ã¤Æ¤ë¤«°û¤ó¤Ç¤ë¤«¤Ç¤¹¤¬¡¢¤è¤¯¼ñÌ£¤Ç¥«¥é¥ª¥±¡¦PKI¡¦½ð̾¡¦Ç§¾Ú¡¦¥×¥í¥°¥é¥ß¥ó¥°¡¦¾ðÊ󥻥­¥å¥ê¥Æ¥£¤ò¤ä¤Ã¤Æ¤¤¤Þ¤¹¡£Î¹¹¥¤­¡£¥Æ¥ì¥Ó¹¥¤­¤Ç·ÝǽÄÌ

SSL¾ÚÌÀ½ñ

ºÇ¶á¤Î¾ÚÌÀ½ñ¤ÎÏÃÂê(2): CloudFlare DNS 1.1.1.1¥µ¥¤¥È¤ÎIPv6¾ÚÌÀ½ñ

º£Æü¤â¡¢¾ÚÌÀ½ñ¥Ï¥ó¥¿¡¼¥Í¥¿¤ÎÂèÆóÃƤȤ¤¤¦¤³¤È¤Ç¡¢¡¢¡¢

4·î1Æü¤Ë¸ø³«¤Ë¤Ê¤Ã¤¿APNIC¤ÈCloudFlare¤¬Ä󶡤¹¤ë¡¢¥ì¥¹¥Ý¥ó¥¹¤¬Â®¤¯¤Æ¡¢¥×¥é¥¤¥Ð¥·¡¼¤ËÇÛθ¤·¤¿±½¤Î1.1.1.1¤È¤¤¤¦¥Ñ¥Ö¥ê¥Ã¥¯DNS¥µ¡¼¥Ó¥¹¤¬ÍøÍѤǤ­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£DNS¥µ¡¼¥Ð¡¼¤Ï¡¢ÄÌ¿®¤¬°Å¹æ²½¤µ¤ì¤Æ¤¤¤Æ¤â¡¢¤É¤ÎIP¤«¤é¤É¤ÎIP¤Ë¥¢¥¯¥»¥¹¤·¤¿¤«¤È¤¤¤¦µ­Ï¿¤¬»Ä¤ë¤Î¤Ç¡¢¤½¤ì¤ò¥¿¡¼¥²¥Æ¥£¥ó¥°¹­¹ð¤Ê¤É¤Ë»È¤Ã¤¿¤ê¤¹¤ë¤½¤¦¤Ç¤¹¡£¤³¤ÎDNS¥µ¡¼¥Ó¥¹¤Ï¡¢¥×¥é¥¤¥Ð¥·¡¼¤ËÇÛθ¤·¤Æ¥í¥°¤ÎÊݸ´ü´Ö¤ò1½µ´Ö¤È¤·¡¢¹­¹ð¤Ê¤É¤Ë»È¤ï¤ì¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¡£

¤³¤ó¤Êµ­»ö¸«¤Á¤ã¤¦¤ÈÄÌ¿®Á´ÂΤÇÁ᤯¤Ê¤ë¤Î¤«¤É¤¦¤«¤Ï¤è¤¯¤ï¤«¤é¤Ê¤¤¤Ç¤¹¤Í¡£¤Ç¡¢¤³¤Î¥µ¡¼¥Ó¥¹¤Î¸ø¼°¾Ò²ð¥µ¥¤¥Èhttps://1.1.1.1/¤Ê¤ó¤Ç¤¹¤¬¡¢FQDN¤Ç¤Ê¤¯¡¢IP¥¢¥É¥ì¥¹¤Çȯ¹Ô¤·¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¡£²¿¤ä¤é¤ª¤â¤·¤í¤½¤¦¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¡£Áᮡ¢¾ÚÌÀ½ñ¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¤ß¤Æ¡¢ÆâÍƤò¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£

$ openssl x509 -in ip1.1.1.1.cer -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 05:6c:de:b4:14:65:ff:27:07:16:c0:6e:91:16:2e:19 Signature Algorithm: <font color=¡Èorange¡É>ecdsa-with-SHA256</font> Issuer: C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA Validity Not Before: Mar 30 00:00:00 2018 GMT Not After : Mar 25 12:00:00 2020 GMT Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=*.cloudflare-dns.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:b2:45:0b:31:ac:50:63:ce:21:e6:7c:34:23:1a: c5:c1:53:45:96:97:7a:31:87:bb:e0:ea:1d:95:f5: ff:25:04:ca:75:f0:f6:3f:b5:df:51:e9:5b:c9:3d: ad:b4:03:05:73:20:92:3e:74:be:8e:4b:1b:e2:68: 86:44:6e:62:bb ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:A3:9D:E6:1F:F9:DA:39:4F:C0:6E:E8:91:CB:95:A5:DA:31:E2:0A:9F X509v3 Subject Key Identifier: DF:97:4D:E5:43:B3:B0:41:A7:42:F2:90:CF:89:7F:AE:12:57:84:E1 X509v3 Subject Alternative Name: DNS:*.cloudflare-dns.com, IP Address:1.1.1.1, IP Address:1.0.0.1, DNS:cloudflare-dns.com, IP Address:2606:4700:4700:0:0:0:0:1111, IP Address:2606:4700:4700:0:0:0:0:1001 X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/ssca-ecc-g1.crl Full Name: URI:http://crl4.digicert.com/ssca-ecc-g1.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114412.1.1 CPS: https://www.digicert.com/CPS Policy: 2.23.140.1.2.2 Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/ DigiCertECCSecureServerCA.crt X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: ecdsa-with-SHA256 30:65:02:31:00:8e:8c:b2:d8:e8:21:d6:2d:7f:2a:1f:7e:a6: c3:1c:d4:e0:a1:95:02:2f:40:5e:80:92:88:d9:4b:cc:a5:89: aa:fa:9b:ca:b9:9e:a0:b7:a9:ed:21:1d:1d:1f:13:1c:0b:02: 30:2e:79:64:67:1d:7e:10:27:d9:68:a8:c8:6c:3e:4d:cd:07: 40:ac:d2:64:ad:b0:d0:cd:1b:af:c3:a4:26:30:ed:79:a3:a0: 6d:f2:d4:b4:bb:66:46:59:9a:a3:67:d9:0f
¤³¤Î¾ÚÌÀ½ñ¤ÎÆÃħ¤Ï¤³¤ó¤Ê¤È¤³¡§
  • DigiCert¤¬È¯¹Ô¤·¤Æ¤¤¤ë
  • Âʱ߶ÊÀþ(ECC)¤Î¸ø³«¸°¾ÚÌÀ½ñ
  • ¼çÂμÔÊÌ̾(subjectAltName)¤ËIPv4¥¢¥É¥ì¥¹¤ÈIPv6¥¢¥É¥ì¥¹¤¬µ­ºÜ¤µ¤ì¤Æ¤¤¤ë
¤¤¤ä¡Á¡Á¡Á¡¢¤¹¤´¤¤¤Ç¤¹¤Í¡£¾ÚÌÀ½ñ¥Ï¥ó¥¿¡¼¤Ê¤Î¤Ç¤¤¤í¤¤¤í¾ÚÌÀ½ñ¤òõ¤·¤Æ¸«¤Æ¤Þ¤¹¤±¤É¡¢IPv6¥¢¥É¥ì¥¹¸þ¤±¤Î¥×¥é¥¤¥Ù¡¼¥È¤¸¤ã¤Ê¤¤¾ÚÌÀ½ñ¤ò½é¤á¤Æ¸«¤Þ¤·¤¿¤è¡£¤³¤ì¤Ï¡¢Áᮥ³¥ì¥¯¥·¥ç¥óÂоݤǤ¹¤è¤Ã¡ª¡ª¡ª

ÀèÆü¡¢¥Ç¡¼¥¿ÄÌ¿®¶¨²ñ¤Î¥»¥ß¥Ê¡¼¤ÇÁí̳¾Ê¤ÎÊý¤Î¹Ö±é¤òÇÒÄ°¤·¤¿¤ó¤Ç¤¹¤¬¡¢ ¡ÖiPhone¤È¤«¥¹¥Þ¥Û¤Î¤ª¤«¤²¤ÇIPv6¤Ã¤ÆËÜÅö¤ËÉáµÚ¤·¤Á¤ã¤Ã¤¿¡£¡×¤È¶Ä¤Ã¤Æ¤¤¤Þ¤·¤¿¡£ ¥Û¥ó¥È¡¢¤½¤ÎÄ̤ê¤Ê¤ó¤Ç¤¹¤Í¤§¡£ÆüËܤ«¤éGoogle¤Ø¤Î¥¢¥¯¥»¥¹¤Ï17%¤¬IPv6¤Ê¤ó¤À¤½¤¦¤Ç¤¹¡£ Apple iOS¤Ç¤Ï¡¢IPv4¤À¤È(¤ï¤¶¤È¡©)Ãٱ䤵¤»¤ë»ÅÁȤߤ¬Æþ¤ë¤½¤¦¤Ç¡¢º£¸å¡¢IPv6¤Ø¤Î°Ü¹Ô¤¬²Ã®¤µ¤ì¤ë¤À¤í¤¦¤È¤Î»ö¤Ç¤·¤¿¡£

¼Â¤Ï¡¢¼ñÌ£¤Çºî¤Ã¤¿jsrsasign¤È¤¤¤¦JavaScript¼ÂÁõ¤Î°Å¹æ/PKI´ØÏ¢¥é¥¤¥Ö¥é¥ê¤ò¸ø³«¤·¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢¤è¤¯¹Í¤¨¤Æ¤ß¤¿¤éIPv6Âбþ¤·¤Æ¤Ê¤«¤Ã¤¿¤ó¤Ç¤¹¤è¡£¤³¤ê¤ã¥Þ¥º¥¤¤Ê¤¡¡¢¡¢¡¢¤È¡£Áᮡ¢Âбþ¤µ¤»¤Æ¤ß¤Þ¤·¤¿¡£

ºÇ¸å¤Î¥µ¥ó¥×¥ë¤Ï¤¤¤í¤ó¤Ê¾ÚÌÀ½ñ¤ò´Êñ¤Ëºî¤ì¤ë¤Î¤Ç¡¢Í·¤ó¤Ç¤ä¤Ã¤Æ¤¯¤À¤µ¤¤¡£ ¤½¤¦¤¤¤¦°ÕÌ£¤Ç¤ÏOpenSSL¤Î¾ÚÌÀ½ñ¤Îɽ¼¨¤Ï
IP Address:2606:4700:4700:0:0:0:0:1001
¤Î¤è¤¦¤Ê´¶¤¸¤ÇRFC 5952¤ÇÀµµ¬²½¤µ¤ì¤Æ¤¤¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¡¢°ì°Õ¤¸¤ã¤Ê¤¤É½µ­¤Î¤ä¤Ä¤Ê¤ó¤Ç¤¹¤Í¤§¡£Àµµ¬²½¤·¤¿¤é¤³¤¦¤Ê¤ê¤Þ¤¹¤è¤Í¡£
IP Address:2606:4700:4700::1001
RFC 5952¤Ê¤ó¤ÆÃΤé¤Ê¤«¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢JPNIC¤µ¤ó¤Î¡ÖRFC5952-IPv6¥¢¥É¥ì¥¹¤Î¿ä¾©É½µ­ IPv6¥¢¥É¥ì¥¹É½µ­¤Î½ÀÆðÀ­¤¬µ¯¤³¤¹ÌäÂê¤ÈRFC5952¤Î²òÀâ¡×¤ò¸«¤ÆÊÙ¶¯¤µ¤»¤Æ¤â¤é¤¤¤Þ¤·¤¿¡£¤¢¤ê¤¬¤¿¤ä¡£¤¢¤ê¤¬¤¿¤ä¡£

¤Æ¤Ê¤ï¤±¤Ç¡¢º£Æü¤â¥Ê¥¤¥¹¤Ê¾ÚÌÀ½ñ¤ò¥²¥Ã¥È¤À¤¼¡£º£Æü¤Ï¤³¤ÎÊդǡ¢¡¢¡¢

ºÇ¶á¤Î¾ÚÌÀ½ñ¤ÎÏÃÂê(1) ´Ú¹ñÀ¯ÉÜPKI¤Î¥Þ¥º¤¤¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñȯ¹Ô

¤É¤¦¤â¡¢¾ÚÌÀ½ñ¥Ï¥ó¥¿¡¼¤Ç¤¹¡£ºÇ¶á¡¢¸Ä¿ÍŪ¤Ë¤ª¤â¤·¤í¤¤¾ÚÌÀ½ñ¤ÎÏÃÂ꤬¥Ý¥ó¥Ý¥ó½Ð¤Æ¤­¤¿¤Î¤Ç¡¢²¿²ó¤«¤Ëʬ¤±¤Æ¤´¾Ò²ð¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

»³²ì¤µ¤ó¤ÎFacebook¤Î¥Õ¥£¡¼¥É¤ò¸«¤Æ¤¤¤¿¤é¡¢ ´Ú¹ñÀ¯ÉÜPKI¤Ç¤Þ¤º¤¤¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤¿¤È¤¤¤¦¥Ë¥å¡¼¥¹(GoogleËÝÌõ¤ÇÆɤó¤Ç¤¯¤À¤µ¤¤w)¤ò¶µ¤¨¤Æ¤¤¤¿¤À¤­¤Þ¤·¤Æ¡¢¥Ï¥ó¥¿¡¼¤È¤·¤Æ¤Ï¥²¥Ã¥È¤·¤Æ¥³¥ì¥¯¥·¥ç¥ó¤Ë²Ã¤¨¤Æ¤ª¤­¤¿¤¤¤È¤³¤í¡£

¤½¤ÎÌäÂê¤È¤¤¤¦¤Î¤Ï¡¢´Ú¹ñÀ¯ÉÜPKI¤¬·Ä¾°ÆîÆ»¶µ°éÄ£¤ËÉÔŬÀڤʥ磻¥ë¥É¥«¡¼¥ÉSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤·¤Þ¤Ã¤¿¤È¤¤¤¦¤â¤Î¡£ ·Ä¾°ÆîÆ»¤Ï´Ú¹ñ¤ÎÆîÅì¡¢³ø»³¤Î¤¹¤°Ë̤ˤ¢¤ë¤Î¤À¤½¤¦¤Ç¤¹¡£

´Ú¹ñ¤Î¥µ¥¤¥È¤ÏÆüËܤÈƱ¤¸¤Ç¥»¥«¥ó¥É¥ì¥Ù¥ë¤òÁÈ¿¥¼ïÊ̤Ȥ¹¤ë°À­·¿¥É¥á¥¤¥ó̾¤òºÎÍѤ·¤Æ¤¤¤Æ¡¢À¯Éܷϥɥᥤ¥ó¤Ï¡Ögo.kr¡×¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¤¬¡¢°Ê²¼¤Î¥É¥á¥¤¥ó¤ËÂФ·¤Æ¥ï¥¤¥ë¥É¥«¡¼¥ÉSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£

  • *.hs.kr - ¹â¹»
  • *.ms.kr - Ãæ³Ø¹»
  • *.es.kr - ¾®³Ø¹»
  • *.kg.kr - ÍÄÃÕ±à
  • *.sc.kr - ¤½¤Î¾¤Î³Ø¹»
  • *.or.kr - Èó±ÄÍøÃÄÂÎ
¤¹¤ë¤È¡¢¤³¤Î¾ÚÌÀ½ñ¤ÈÈëÌ©¸°¤¬¤¢¤ì¤Ð¡¢´Ú¹ñ¤ÎǤ°Õ¤Î³Ø¹»¤Î¥Õ¥£¥Ã¥·¥ó¥°¥µ¥¤¥È¤òºî¤Ã¤¿¤ê¡¢°Å¹æÄÌ¿®¤ÎÅðÄ°¤ä²þ¤¶¤ó¤¬¤Ç¤­¤Æ¤·¤Þ¤¦²ÄǽÀ­¤¬¤¢¤ê¡¢´Ú¹ñÀ¯ÉÜǧ¾Ú´ðÈ×(GPKI)¤Î¿®Í꤬Íɤ餤¤Ç¤·¤Þ¤Ã¤¿¤È¥Ë¥å¡¼¥¹¤Ç¤Ï»ØŦ¤·¤Æ¤¤¤Þ¤¹¡£°ìÂΡ¢¤É¤ó¤Ê¥É¥á¥¤¥ó³Îǧ½èÍý(validation)¤ò¤·¤Æ¤¿¤ó¤Ç¤¹¤«¤Í¤§¡©

GoogleÀèÀ¸¤Ëʹ¤¤¤Æ¤ß¤Æ¤â¤¹¤°¤Ï¤½¤Î¥Þ¥º¥¤¾ÚÌÀ½ñ¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó¤Ç¤·¤¿¤¬¡¢Certificate Transparency¤Î¥í¥°¤ò¸«¤Æ¤ß¤¿¤é¡£¥³¥³¤Ë¤¢¤ê¤Þ¤·¤¿¡£(CT¤¢¤ê¤¬¤È¡Á¡Á¡Á¡Á¡¢ÀÎÈóÆñ¤·¤Æ¤Æ¤´¤á¤ó¤è¡Á¡Á¡Á(µã))

subjectAltName¤ò¸«¤Æ¤ß¤ë¤È

X509v3 Subject Alternative Name: DNS:www.haeseong.kr DNS:haeseong.kr DNS:www.gandhischool.net DNS:gandhischool.net DNS:www.milgo.org DNS:milgo.org DNS:*.go.kr DNS:*.co.kr DNS:*.sc.kr DNS:*.or.kr DNS:*.kg.kr DNS:*.hs.kr DNS:*.ms.kr DNS:*.es.kr DNS:*.gne.go.kr DNS:support.gne.go.kr
°ìÉô¤ÎÆÃÄê¤Î¹â¹»¤Þ¤ÇÆþ¤Ã¤Æ¤ë¤Î¤â¤É¤¦¤«¤È»×¤¤¤Þ¤¹¤¬¡¢ ¥Ð¥Ã¥Á¥ê¥ï¥¤¥ë¥É¥«¡¼¥ÉÆþ¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¤Í¤§¡¢¡¢¡¢¤Ã¤Æ¡¢¤¢¤ì¤ì¡©¡©¡© ¡Ö*.go.kr¡×¤ÎÀ¯Éܸþ¤±¥É¥á¥¤¥ó¤ä¡Ö*.co.kr¡×´ë¶È¸þ¤± ¤Î¥ï¥¤¥ë¥É¤¬Æþ¤Ã¤Á¤ã¤Ã¤Æ¤ë¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¡©¡©¡© ¥Ë¥å¡¼¥¹¤Ë¤¢¤ë¾ÚÌÀ½ñ¤Î¥­¥ã¥×¥Á¥ã¤È°ã¤¦¤¾¡ª¡ª¡ª ³Ø¹»¥µ¥¤¥È¤Ê¤ó¤«¤É¡Á¡Á¤Ç¤â¤è¤¯¤Æ¡¢¤½¤ì¤è¤ê¡¢ Á´´Ú¹ñÀ¯Éܷϥɥᥤ¥ó¸þ¤±¤ä¡¢Á´´Ú¹ñ´ë¶È¸þ¤±¤Î¥ï¥¤¥ë¥É¤ÎÊý¤¬¡¢ ÆÃÂç¤ÎÌäÂê¤Ç¡¢ÅðÄ°¤Ê¤ó¤«¤µ¤ì¤¿¤é¥Þ¥º¥¤¤ó¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¤Í¤§¡£ ¤½¤Î¤¢¤¿¤ê¤ÏÊóÆ»¤¬×ÖÅÙ¤·¤¿¤ó¤Ç¤¹¤«¤Í¤§¡¢¡¢¡¢

¤¿¤À¡¢¤³¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ï¡¢¥ë¡¼¥È¤¬´Ú¹ñÀ¯ÉܤΥ롼¥ÈCA¤Ç¡¢Chrome¤Ç¤âFirefox¤Ç¤â¿®Íꤵ¤ì¤¿¥ë¡¼¥È¤ËÆþ¤Ã¤Æ¤¤¤Ê¤¤¤«¤é¡¢´Ú¹ñ¤Î¿Í°Ê³°¤¬Èï³²¤Ë¹ç¤¦¤³¤È¤Ï¡¢¤Û¤È¤ó¤É̵¤¤¤ó¤¸¤ã¤Ê¤¤¤«¤È»×¤¤¤Þ¤¹¡£

¤Ç¡¢¤³¤Î¾ÚÌÀ½ñ¤¬¤Á¤ã¤ó¤È¼º¸ú¤µ¤ì¤Æ¤¤¤ë¤«ÃΤꤿ¤«¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢CRLDP¤¬

URI:ldap://ldap.epki.go.kr:389/cn=crl1p1dp14256,ou=CRL,ou=GPKI,o=Government of Korea,c=kr?certificateRevocationList;binary
LDAP URI¤Ë¤Ê¤Ã¤Æ¤¤¤Æ¡¢¤³¤ÎLDAP¥µ¡¼¥Ð¡¼¤¬¤É¤¦¤âƿ̾¥¢¥¯¥»¥¹¤¬¤Ç¤­¤º¡¢ÉáÄ̤ˤÏCRL¤ò¼èÆÀ¤Ç¤­¤Ê¤½¤¦¤Ë¤Ê¤¤¤ó¤Ç¤¹¡£Chrome¤âFirefox¤âIE¤âLDAP URI¤Ë¤è¤ë¼º¸ú¸¡¾Ú¤Ï(IE¤ÈAD¥µ¡¼¥Ð¡¼¤ÎÁȤ߹ç¤ï¤»°Ê³°¤Ï¡©)¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢CRL¼º¸ú¸¡¾Ú¤Ï¤Ç¤­¤º¡¢OCSP¤â¤Ê¤¤¤è¤¦¤Ê¤Î¤Ç¡¢¤É¤¦¤ä¤Ã¤Æ¥Ö¥é¥¦¥¶¤Ç¼º¸ú¸¡¾Ú¤¹¤ê¤ã¤¤¤ó¤Ç¤¹¤«¤Í¡©´Ú¹ñ¤ÎPKI¤Ë¾Ü¤·¤¤¤ªÍ§Ã£¤¬¤¤¤ëÊý¤Ï¡¢¶µ¤¨¤Æ¤¤¤¿¤À¤±¤ë¤È´ò¤·¤¤¤Ç¤¹¡£

¤È¤¤¤¦¤ï¤±¤Ç¡¢´Ú¹ñGPKI¤Î¥Þ¥º¥¤¾ÚÌÀ½ñȯ¹Ô¤Î¥Ë¥å¡¼¥¹¤ò¾Ò²ð¤·¡¢»ä¤Ï̵»ö¡¢¤ª¤â¤·¤í¤¤¾ÚÌÀ½ñ¡Ö¥²¥Ã¥È¤À¤¼¡ª¡×

º£Æü¤Ï¤³¤ÎÊդǡ¢¡¢¡¢¤¢¤ÈÆóËܤ°¤é¤¤¡¢¶áÆüÃæ¤Ë½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤Þ¤¹¡£

Äɵ­(2018.04.11)

¾¤Î´Ú¹ñGPKIȯ¹Ô¤Î¾ÚÌÀ½ñ¤ò¸«¤Æ¤¤¤¿¤é¡¢HTTP¤«¤éCRL¤ò¼è¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤è¤¦¤Ç¡¢LDAP URI¤Î¾ðÊ󤫤éÅö³º¤ÎCRL¤ò¼èÆÀ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤·¤¿¡£¤Ç¡¢Ãæ¿È¤ò¸«¤Æ¤ß¤¿¤È¤³¤í¡¢¤³¤Î¥Þ¥º¥¤¾ÚÌÀ½ñ¤â´Þ¤á¡¢¸½»þÅÀ¤Ç°ìËç¤â¼º¸ú¤µ¤»¤Æ¤¤¤ë¾ÚÌÀ½ñ¤Ï¤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¤Î¤Ç¡¢°ì±þ¤´Êó¹ð¡£

Äɵ­(2018.04.14)

¤Á¤ç¤Ã¤Èõ¤·¤â¤Î¤ò¤·¤Æ¤¤¤¿¤È¤³¤í¸«¤Ä¤±¤¿¡¢´Ú¹ñGPKI¤¬È¯¹Ô¤·¤Æ¤¤¤ë

Subject DN: CN=e-csinfo.*.go.kr
SAN DNS: e-csinfo.*.go.kr
¤Î¤³¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ¤â¤È¤Æ¤â²ø¤·¤¤¡£ ´ÉÍý¼çÂΤ¬Á´¤¯¤ï¤«¤é¤º¡¢Á´¾ÊÄ£¤Î e-csinfo.*.go.kr ¥µ¥¤¥È¤òÊݸ¤Æ¤¤¤ë¤Ã¤Æ¡¢ ¤³¤ì²¿¤À¡©¡©¡©¶ñÂÎŪ¤Ê¥µ¥¤¥È¤Ï jbe.go.kr¡¢ sen.go.kr ¤Ê¤É¤¬¤¢¤ë¤è¤¦¤Ç¡¢¶¦ÄÌ´ÉÍý¤Ï¤µ¤ì¤Æ¤¤¤ë¤Ã¤Ý¤¤¤ó¤À¤±¤É¡£

(¾®¥Í¥¿) Chrome 60¤Ç¾ÚÌÀ½ñ¤òɽ¼¨¤µ¤»¤ë¥Õ¥é¥°ÀßÄê

Chrome 56¤«¤éGoogle¤Î¡ÖÁǿͤϤ¹¤Ã¤³¤ó¤Ç¤í¡×UI/UX¥Ý¥ê¥·¡¼¤Ë¤è¤êHTTPS¤ÇÀܳ¤·¤¿ºÝ¤Ë»ÈÍѤ·¤Æ¤¤¤ëSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Îɽ¼¨¤¬¸°¥¢¥¤¥³¥ó¤«¤é´Êñ¤Ë¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¾ÚÌÀ½ñÂç¹¥¤­¤Ã»Ò¤Ë¤Ï¤Ê¤ó¤È¤â¿É¤¤»ÅÂǤÁ¤Ç¤·¤¿¡£³«È¯¥Ä¡¼¥ë¤«¤é¤Ï¾ÚÌÀ½ñ¤¬É½¼¨¤Ç¤­¤ë¤Î¤Ç¡¢¥á¥Ë¥å¡¼¤òé¤Ã¤ÆÁàºî¤¹¤ë¤«¡¢¥·¥ç¡¼¥È¥«¥Ã¥È¥­¡¼¤òÁÇ¿¶¤ê100²ó¤·¤Æ¤¤¤¿Êý¤â¿¤¤¤Î¤Ç¤Ï¤È»×¤¤¤Þ¤¹¡£

Windows: Ctrl + Shift + I or F12
Mac: ⌘ + Opt + I

º£Æü¤Ï¡¢¤ä¤Ã¤ÈChrome 60¤«¤é¥Õ¥é¥°ÀßÄê¤Ç¾ÚÌÀ½ñ¤¬´Êñ¤Ëɽ¼¨¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤Î¤Ç¡¢º£Æü¤Ï¤½¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¾Ò²ð¤·¤Þ¤¹¡£

²¿¤âÀßÄꤷ¤Æ¤¤¤Ê¤¤¤È¡¢HTTPS¥µ¥¤¥È¤ò¸«¤Æ¤¤¤ëºÝ¤Î¡¢¸°¥¢¥¤¥³¥ó¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¸«¤é¤ì¤ë¥á¥Ë¥å¡¼¤Ï¤³¤ó¤Ê´¶¤¸¡£
before
¤½¤³¤Ç¡¢¥¢¥É¥ì¥¹¥Ð¡¼¤Ç°Ê²¼¤Î¤è¤¦¤ËÆþÎϤ·¤Þ¤¹¡£

chrome://flags/#show-cert-link
¤¹¤ë¤È¡¢¤³¤Î¤è¤¦¤Ê¥Õ¥é¥°ÀßÄ꤬ɽ¼¨¤µ¤ì¤Þ¤¹¡£
flag
¡ÖÍ­¸ú¤Ë¤¹¤ë¡×¤ò¥¯¥ê¥Ã¥¯¤·¡¢»Ø¼¨¤Ë½¾¤Ã¤Æ¥Ö¥é¥¦¥¶¤òºÆµ¯Æ°¤·¤Þ¤¹¡£¤¹¤ë¤È¡¢HTTPS¥µ¥¤¥È¤òɽ¼¨¤·¤¿¾ì¹ç¤³¤Î¤è¤¦¤Ë
after
¡Ö¾ÚÌÀ½ñ¡¢Í­¸ú¡×¤È¤¤¤¦¥ê¥ó¥¯¤¬É½¼¨¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¡¢¥¯¥ê¥Ã¥¯¤¹¤ë¤È¾ÚÌÀ½ñ¤¬É½¼¨¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£¤¤¤ä¡Á¡Á¡¢¤è¤«¤Ã¤¿¡¢¤è¤«¤Ã¤¿¡£
52

Amazon AWS¤Îǧ¾Ú¶É¤¬¾¯¤·²ø¤·¤¤·ï

Amazon AWS¤ÎELB¤ÈCloudFront¤Ç»È¤¨¤ë¤é¤·¤¤¡¢ÌµÎÁ¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ç¡¢AWS Certificate Manager(ACM)¤È¤¤¤¦¤Î¤¬¤¢¤ë¤½¤¦¤Ç¤¹¡£([»²¹Í1])¡£¤Á¤ç¤Ã¤Èµ¤¤Ë¤Ê¤Ã¤¿¤­¤Ã¤«¤±¤ÏJava¤«¤éHTTPS¤Ç·Ò¤°¤È¸¡¾Ú¼ºÇÔ¤¹¤ë¥±¡¼¥¹¤¬¤¢¤Ã¤¿


¤È¤¤¤¦¤Î¤Ç¡¢¤Á¤ç¤Ã¤È¸«»Ï¤á¤¿¤é¥É¥Ä¥Ü¤Ë¤Ï¤Þ¤Ã¤¿¤Î¤Ç¡¢¾¯¤·¥á¥â¤ò½ñ¤­»Ä¤·¤Æ¤ª¤³¤¦¤«¤È¤ª¤â¤¤¤Þ¤¹¡£

ACM¤Î¾ÚÌÀ½ñ¤ò»È¤Ã¤¿¥µ¥¤¥È¤Ë¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤Ç¤ß¤ë¤È¡¢¡¢¡¢

Java¤Ç·Ò¤¬¤é¤Ê¤¤¤È¤Ê¤ë¤È¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤¬Æþ¤Ã¤Æ¤Ê¤¤¤ó¤À¤í¤¦¤Èµ¿¤Ã¤Æ¤ß¤ë¤È¤ª¤â¤¤¤Þ¤¹¡£ ¤È¤ê¤¢¤¨¤º¡¢¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤À¤ê¤·¤Æ¤ß¤Þ¤·¤¿¡£Windows 7¤ÎChrome¤äIE¤À¤È¤³¤ó¤Ê¥Ñ¥¹¡£
view-ch-ie
Mac OS X(¤ä¿ʬiOS¤â)¤À¤ÈSafari¤Ç¤âChrome¤À¤È¤³¤ó¤Ê¥Ñ¥¹¡£
safari-view
Firefox¤À¤ÈOS¤Ë¤è¤é¤º¡¢Windows¤Ç¤âMac OS X¤Ç¤â¤³¤ó¤Ê¥Ñ¥¹¡£
view-ff-chain
¥¯¥é¥¤¥¢¥ó¥ÈËè¤Ë»È¤ï¤ì¤Æ¤¤¤ë¿®Íꤹ¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤¬°ã¤¦¤è¤¦¤Ç¤¹¡£ Starfield¥ë¡¼¥È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¥±¡¼¥¹¤â¤¢¤ê¤Þ¤¹¤Í¡£ Ä´¤Ù¤Æ¤ß¤ë¤È¡¢Amazon¤ÏGoDaddy¤«¤éStarfield¥ë¡¼¥Èǧ¾Ú¶É¤ò°ì¤ÄÇã¤Ã¤¿¤Î¤À¤½¤¦¤Ç¤¹¡£

ACM¤Î¾ÚÌÀ½ñ¤ò»È¤Ã¤¿¥µ¥¤¥È¤Ë¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤Ç¤ß¤ë¤È¡¢¡¢¡¢

Amazon¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÏAmazon Trust Services¤È¤¤¤¦¤Î¤À¤½¤¦¤Ç¡¢ ¾ÚÌÀ½ñ¥Ý¥ê¥·¡¢Ç§¾Ú¼Â»Üµ¬Äø¤Ê¤É¤Îʸ½ñ¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Ê¤É¤¬ÃÖ¤¤¤Æ¤¢¤ë ¥ê¥Ý¥¸¥È¥ê¤Ï¤³¤Á¤é¤Ë¤¢¤ë¤è¤¦¤Ç¤¹¡£

¥ê¥Ý¥¸¥È¥ê¤ò¤è¤¯¸«¤Æ¤ß¤ë¤È¡¢¥¯¥í¥¹¾ÚÌÀ½ñ(ÊÒÊý¸þÁê¸ßǧ¾Ú¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ)¤Î ¥ê¥¹¥È¤¬¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¥Ï¥Ã¥·¥å¤È¾ÚÌÀ½ñ¤Î¥ê¥ó¥¯¤¬Ä¥¤Ã¤Æ¤¢¤ë¤À¤±¤Ç¡¢Â礷¤¿ÀâÌÀ¤â¤Ê¤¯ ¤¨¤é¤¯ÉÔ¿ÆÀڤʥڡ¼¥¸¤Ç¤¹¤è¤Í¡£ ǧ¾Ú¶É¤Î¹½À®¤¬¤è¤¯¤ï¤«¤é¤Ê¤«¤Ã¤¿¤Î¤Ç¡¢¤³¤ì¤ò¸µ¤Ë¿Þ¤Ë¤·¤¿¤Î¤¬¥³¥ì¤Ç¤¹¡£(¤«¤Ê¤ê¤ÎÎϺî¤À¤È¤ª¤â¤¤¤Þ¤¹¡£)
ca-structure

¤Ê¤ó¤«CA¤Î¸°»È¤¤¤Þ¤ï¤·¤Æ¤Ê¤¤¤Ç¤¹¤«¡©

¤³¤Î¥¯¥í¥¹¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Çµ¤¤Ë¤Ê¤Ã¤¿¤Î¤¬¡¢³ÆAmazon Root 1¡Á4¤ËÂФ·¤Æ¡¢orig¤È¤½¤¦¤¸¤ã¤Ê¤¤¤ä¤Ä¡¢Starfield¤Ë´Ø¤·¤Æ¤Ïv2¤È¤½¤¦¤¸¤ã¤Ê¤¤¤ä¤Ä¤¬¤¢¤ë½ê¤Ç¤¹¡£ Î㤨¤Ð¡¢Amazon Root 1¤Îorig¤È¤½¤¦¤¸¤ã¤Ê¤¤¤ä¤Ä¤òÈæ³Ó¤·¤Æ¤ß¤ë¤È °Ê²¼¤Î3ÅÀ¤¬°ã¤¦¤À¤±¤Ç¡¢

  • ¥·¥ê¥¢¥ëÈֹ椬°ã¤¦
  • notBefore¤¬°ã¤¦(orig¤¬2015ǯ10·î¤Ç¡¢orig̵¤·¤¬2015ǯ5·î)
  • authorityInfoAccess³ÈÄ¥¤ÎcaIssuer¤ÎURL¤¬¾¯¤·°ã¤¦¡£ http://{crl,crt}.rootg2.amazontrust.com/rootg2.cer ¤È¤Ê¤Ã¤Æ¤¤¤ë¡£orig¤¬crl¤Ç¡¢orig¤Ê¤·¤¬crt¡£
¤È¤Û¤È¤ó¤ÉƱ¤¸¤Ç¡¢caIssuer¤òľ¤·¤¿¤¤¤À¤±¤Î¤Ä¤Þ¤é¤Ê¤¤Íýͳ¤Î¤¿¤á¤Ë¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤òºÆȯ¹Ô¤·¤¿¤è¤¦¤Ç¤¹¡£ ¤³¤ì¤Ã¤ÆÃæ´ÖCA¤Î¸°¤ò»È¤¤¤Þ¤ï¤·¤Æ¤Þ¤¹¤è¤Í¡£¥Þ¥º¤¯¤Ê¤¤¤ó¤Ç¤¹¤«¤Í¡© ¤µ¤é¤ËÌäÂê¤Ê¤Î¤Ï¡¢
  • ¤É¤Á¤é¤¬Àµ¤·¤¤¾ÚÌÀ½ñ¤Ê¤Î¤«¤ï¤«¤é¤Ê¤¤¡£
  • ¥Õ¥¡¥¤¥ë̾¤«¤é¤Ïorig¤¬¸Å¤¤¤è¤¦¤Ë¸«¤¨¤ë¤¬¡¢ notBeforeŪ¤Ë¤ÏµÕ¤Ëorig¤¬¿·¤·¤¤¤è¤¦¤Ë¤â¸«¤¨¤ë¡£
  • ¤É¤Á¤é¤«°ìÊý¤ò¼º¸ú¤·¤Æ¤¤¤ë¤ï¤±¤Ç¤â¤Ê¤¯¡¢¤É¤Á¤é¤âÍ­¸ú¡£
  • ¥Ñ¥¹¸¡¾Ú¤È¤·¤Æ¤Ï¤É¤Á¤é¤ò»È¤Ã¤Æ¤â¸¡¾ÚÀ®¸ù¤È¤Ê¤ë¤¬¡¢¤½¤ó¤Ê»ö¤Ç¤¤¤¤¤Î¤«¡©
  • ¾­Íè¡¢{crl,crt}.rootg2.amazontrust.com¤Î¤¤¤º¤ì¤«¤ò̵¤¯¤¹·×²è¤¬¤¢¤ë¤È»×¤¦¤¬¡¢ ¤½¤ì¤¬ÌÀ¤é¤«¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£
¤È¤¤¤Ã¤¿½ê¤Ç¤¹¡£ ¤Á¤Ê¤ß¤Ë¡¢caIssuer¤Ëµ­ºÜ¤µ¤ì¤¿URL¤Ï¡¢º£¤Î½ê¤Ï¤É¤Á¤é¤â¥¢¥¯¥»¥¹²Äǽ¤Ê¤è¤¦¤Ç¤¹¡£ ξÊý¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¤Ê¤é¡¢¤Ê¤ª¤µ¤éÃæ´ÖCA¾ÚÌÀ½ñºÆȯ¹Ô¤ÎɬÍפ¬¤¢¤Ã¤¿¤ó¤Ç¤¹¤«¤Í¤§¡© ñ¤Ë¡¢DNS¤ÎÊÌ̾¡¢CNAME¥ì¥³¡¼¥É¤ÎÀßÄê¤À¤±¤ÎÌäÂê¤Ê¤ó¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¤Í¤§¡£ ¤Þ¤¿¡¢ËÜÅö¤Ï¤É¤Á¤é¤Ë´ó¤»¤¿¤¤¤È»×¤Ã¤Æ¤¤¤ë¤Î¤«¤âÌÀ¤é¤«¤Ë¤µ¤ì¤Æ¤Þ¤»¤ó¤è¤Í¤§¡£

ƱÍͤˡ¢Starfield Class 2 CA¤«¤éStarfield Services Root CA G2¤Ëȯ¹Ô¤·¤Æ¤¤¤ë Ãæ´ÖCA¾ÚÌÀ½ñ¤â²ø¤·¤¯¤Æ¡¢¥·¥ê¥¢¥ëÈÖ¹æ¤ÈnetBefore¤À¤±¤¬°ã¤¦¾ÚÌÀ½ñ¤¬¤¢¤ê¤Þ¤¹¡£ ¤É¤Á¤é¤â¼º¸ú¤·¤Æ¤¤¤Þ¤»¤ó¡£ ¤³¤ó¤Ê¤³¤È¤·¤ÆÂç¾æÉפʤó¤Ç¤¹¤«¤Í¤§¡© ºÇ¶á¡¢Certificate Transparency(CT)¤ÇSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñÁ´¤Æ¤Îȯ¹ÔÍúÎò»Ä¤µ¤ì¤Æ¤ª¤ê¡¢ (»ä¤ÏºÇ½é¤ÏCT¤Ï·ù¤¤¤À¤Ã¤¿¤Î¤Ç¤¹¤¬¡¢) ǧ¾Ú¶É¤¬ÌäÂꤢ¤ë¤È¡¢ (¥·¥Þ¥ó¥Æ¥Ã¥¯¤Î¤è¤¦¤Ë¡¢¡¢¡¢¡¢) ¤¤¤í¤ó¤Ê¿Í¤¬»ØŦ¤·¤Æ¤¯¤ì¤Þ¤¹¡£ Ãæ´ÖCA¾ÚÌÀ½ñ¤Îȯ¹Ô¤Ë¤Ä¤¤¤Æ¤â¡¢CT¥í¥°¤Ë»Ä¤·¤Æ¤ª¤«¤Ê¤¤¤È¡¢ ¥ä¥Ð¥¤±¿ÍѤ¬¤¢¤ë¤ó¤¸¤ã¤Ê¤¤¤«¤Ê¤¡¡¢¡¢¡¢¡¢¤È»×¤¤¤Þ¤¹¡£

Amazon¤Îǧ¾Ú¶É¤ÏWebTrustǧÄê¤â¤·¤Æ¤ª¤ê¡¢Ernst Young¤¬´Æºº¤·¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¤¬¡¢ ¤³¤ó¤Ê¤ó¤ÇËÜÅö¤ËÂç¾æÉפʤó¤Ç¤¹¤«¤Í¡©

Java 8?¤Îcacerts¤Îalias¤Ë¤Ä¤¤¤Æ

Amazon AWS¤äACM¤È¤ÏÁ´¤¯Ìµ´Ø·¸¤Ç¤¹¤¬¡¢ºÇ¶á¼«Ê¬¤Ï¡¢Java¤Ï¤á¤Ã¤­¤ê¿¨¤é¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¡¢º£²ó¤Î·ï¤Ç¤«¤Ê¤ê¶ìÏ«¤·¤Þ¤·¤¿¡£Java¤Î¿®Íꤹ¤ëǧ¾Ú¶É¤Î¤¿¤á¤Î¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Ç¤¢¤ëjre/lib/security/cacerts¥Õ¥¡¥¤¥ë¤Ê¤ó¤Ç¤¹¤¬¡¢Ãæ¤Î¥Õ¥¡¥¤¥ë¤ò¼è¤ê½Ð¤½¤¦¤È¤¹¤ë¤È¡¢¤½¤ó¤Ê¥Õ¥¡¥¤¥ë¤Ï̵¤¤¤ÈÅܤé¤ì¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£ ¤è¤¯¸«¤ë¤È»È¤Ã¤Æ¤ß¤¿¿·¤·¤¤8u121¤Ç¤Ï¡¢alias¤Ï¤³¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢

% keytool -list -keystore jre/lib/security/cacerts ¡¡¡¡¡§Ãæά globalsigneccrootcar5 [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46: 3A:1B:69:AA starfieldservicesrootg2ca [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63: E8:25:6F:3F ttelesecglobalrootclass2ca [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF: 17:D8:94:E9 addtrustqualifiedca [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E: C5:4D:8B:CF ¡¡¡¡¡§¸åά
Î㤨¤Ð¡Östarfieldservicesg2ca¡×¤À¤±¤Ç¤Ï¤À¤á¤Ç¡¢É½¼¨¤µ¤ì¤Æ¤¤¤ëÄ̤ê¡Östarfieldservicesg2ca [JDK]¡×¤Î¤è¤¦¤Ë¤Á¤ã¤ó¤È[JDK]¤Þ¤Ç¤Ä¤±¤Ê¤¤¤È¤¤¤±¤Ê¤¯¤Ê¤Ã¤¿¤Î¤À¤½¤¦¤Ç¤¹¡£ÃΤé¤Ê¤«¤Ã¤¿¤·¡¢¥Ï¥Þ¤ê¤Þ¤·¤¿¡£

GW¤Ê¤â¤ó¤Ç¡¢º£Æü¤Ï¤³¤ó¤Ê¤È¤³¤Ç¡£

»²¹Í¥ê¥ó¥¯

A look at AWS Certificate Manager
ACM¤ò»È¤¤»Ï¤á¤ë¤È¤­¤Ë»²¹Í¤Ë¤Ê¤ë¡£ACM¤ò»È¤Ã¤¿¥µ¥¤¥È¡£
Free SSL With Amazon¡Çs AWS Certificate Manager (ACM)
ACM¤ò»È¤¤»Ï¤á¤ë¤È¤­¤Ë»²¹Í¤Ë¤Ê¤ë¡£(¤½¤Î2)
ACM FAQ
¸ø¼°¥µ¥¤¥È¤ÎFAQ

HPKP(HTTP Public Key Pinning)¸ø³«¸°¥Ô¥Ë¥ó¥°¤Ë¤Ä¤¤¤Æ¹Í¤¨¤ë

¤â¤¯¤¸
1. ¤Ï¤¸¤á¤Ë
2. HPKP¤¬À¸¤Þ¤ì¤¿ÇØ·Ê
3. HPKP¤Î»ÅÁȤß
4. ¥Ô¥ó¤ÎÀßÄê¤Î¹Í»¡
¡¡4.1. ¥Ô¥ó¤ÎÃͤμèÆÀÊýË¡
¡¡4.2. ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ÎÁªÂò
¡¡4.3. ¾ÚÌÀ½ñ¹¹¿·¤ÈHPKP¥Ø¥Ã¥À¤ÎÀßÄêÊѹ¹¤Î±¿ÍÑÊýË¡
¡¡4.4. ¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤È¤¤¤¦Ì¾Á°¤Î¥¤¥±¤Æ¤Ê¤µ
¡¡4.5. CA¸°¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Î¥ª¥¹¥¹¥á¤ÎÃÍ
¡¡4.6. ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤ÇÊ£¿ô¥Ô¥ó¤ò¤Ä¤±¤Æ¤â°ÕÌ£¤Ï¤Ê¤¤
¡¡4.7. Ʊ¤¸CA¾ÚÌÀ½ñ¤ËPin¤·Â³¤±¤ë¾ì¹ç¤Î²ÝÂê
¡¡4.8. 2¤Ä¤ÎCA¾ÚÌÀ½ñ¤ËPin¤¹¤ë¾ì¹ç¤Î²ÝÂê
¡¡4.9. max-age¤Î¥ª¥¹¥¹¥áÃͤò¹Í¤¨¤ë
5. HPKP¤Ï¤É¤ÎÄøÅٻȤï¤ì¤Æ¤¤¤ë¤Î¤«
6. º£¤ÎHPKP¤Î²¿¤¬¤¤¤±¤Ê¤«¤Ã¤¿¤Î¤«
7. ¤ª¤ï¤ê¤Ë
8. (»²¹Í) HPKP´ØÏ¢¤ÎÊÙ¶¯¤Ë¤Ê¤ë¥ê¥ó¥¯
9. Äɵ­
¡¡9.1. Äɵ­(2017.02.26) HPKP¤Î¥Ö¥é¥¦¥¶¥µ¥Ý¡¼¥È¾õ¶·
¡¡9.2. Äɵ­(2017.02.26) smashingmagazine.com¤ÇȯÀ¸¤·¤¿HPKP¾ã³²

1. ¤Ï¤¸¤á¤Ë

HPKP¤È¤ÏHTTP Public Key Pinning¤Îά¤Ç¡¢RFC 7469 Public Key Pinning Extension for HTTP¤Çµ¬Äꤵ¤ì¤Æ¤ª¤ê¡¢ ¥¦¥§¥Ö¥µ¥¤¥È¤Î¥ª¡¼¥Ê¡¼¤¬¡¢¥Ë¥»¤Î¥µ¥¤¥È¤Ç°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬»È¤ï¤ì¤Ê¤¤¤è¤¦¤ËÊݸ¤ë¤¿¤á¤Î»ÅÁȤߤǤ¹¡£

ÆüËܸì²òÀâ¤Ï¾¯¤Ê¤¤¤Ç¤¹¤¬¡¢·É°¦¤¹¤ë jovi0608¤µ¤ó¤Îµ­»ö¤äJxck¤µ¤ó¤Îµ­»ö¤Ê¤É¤Ç¤â²òÀ⤵¤ì¤Æ¤¤¤Þ¤¹¡£

»ä¤â3ǯ¤Á¤ç¤¤Á°¡¢IPA¤Î¥¬¥¤¥É¤ò½ñ¤¤¤Æ¤¤¤¿Á°¤¢¤¿¤ê¤«¤é¡¢HPKP¤Î±¿ÍѾå¤Î²ÝÂê¤Ë¤Ä¤¤¤Æ¡¢²¿¤«¥Ö¥í¥°Åù¤Ç½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤¤¤¿¤Î¤Ç¤¹¤¬¡¢¤Ê¤ó¤«Æüº¢¤Î¥Ø¥ó¤Ê¤³¤È¤ËË»»¦¤µ¤ì¤Æ¡¢¤³¤ì¤Þ¤Ç¤Þ¤È¤á¤Æ½ñ¤¯¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£(¤Ê¤ó¤«½ñ¤³¤¦¤È»×¤Ã¤Æ¤¿¤éjovi¤µ¤ó¤Î¤¬½Ð¤Á¤ã¤Ã¤Æ¡¢¤Þ¤¡¤¤¤¤¤«¤È»×¤Ã¤Á¤ã¤Ã¤¿¤Ã¤Æ¤¤¤¦¤Î¤â¤¢¤ê¤Þ¤¹w) IPA¤Î¥¬¥¤¥É¤Î»þ¤â½ñ¤«¤»¤Æ¤â¤é¤ª¤¦¤È¤·¤¿¤ó¤Ç¤¹¤¬¡¢¤Ê¤ó¤À¤«Âç¿Í¤Î»ö¾ð¤ÇÄɲ䵤»¤Æ¤â¤é¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£¤È¤Û¤Û¡£

º£²ó¤Ï¡¢HPKP¤È¤Ï²¿¤«¤È¤¤¤Ã¤¿´ðËÜŪ¤Ê¤³¤È¤Ï¡¢Â¾¤ÎÊý¤Î¥Ö¥í¥°¤Ë¾ù¤ë¤È¤·¤Æ¡¢HPKP¤Î¸½¾õ¤äHPKP¤Î±¿ÍѾå¤Î²ÝÂê¤Ë¤Ä¤¤¤Æ¥Õ¥©¡¼¥«¥¹¤·¤Æ½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£Ä¹¤¯¤Ê¤ê¤½¤¦¤Ç¤¹¤¬¡¢¤´¤á¤ó¤Ê¤µ¤¤¤Í¡£

·ëÏÀ¤«¤é¸À¤¨¤Ð¡¢ËÜÈÖ¥µ¥¤¥È¤Ç°Â°×¤ËHPKP¤ò»È¤¦¤Î¤Ï¤ä¤á¤¿Êý¤¬¤¤¤¤¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£¤½¤ì¤Ï¡¢HPKP¤Î»ÅÍͼ«ÂΤ¬±¿ÍѤò¤·¤Ã¤«¤ê¹Í¤¨¤ÆÀ߷פµ¤ì¤Æ¤ª¤é¤º¡¢°ìÈÌŪ¤Ê¥µ¥¤¥È¤Ç¤ÏÂ礷¤¿¥»¥­¥å¥ê¥Æ¥£¾å¤Î¸ú²Ì¤¬Ìµ¤¤³ä¤Ë¡¢Ä¹´ü¤Î±¿ÍѤǥµ¡¼¥Ó¥¹¤òÄ󶡤Ǥ­¤Ê¤¯¤Ê¤ë´ü´Ö¤¬È¯À¸¤¹¤ë¥ê¥¹¥¯¤¬¹â¤¹¤®¤ë¤·¡¢¾ÚÌÀ½ñ¤Î¥³¥¹¥È¤â;·×¤Ë¤«¤«¤ë¤«¤é¤Ç¤¹¡£

¤ª¤½¤é¤¯¡¢HPKP¤Î±¿ÍѤˤĤ¤¤Æ¿¼¤¯Æͤùþ¤ó¤Ç¤«¤¤¤¿¡¢À¤³¦¤Ç¤Ï½é¤á¤Æ¤Î²òÀâ»ñÎÁ¤«¤Ê¤È»×¤¤¤Þ¤¹¡£¤´¾ÐǼ¤¯¤À¤µ¤¤w

2. HPKP¤¬À¸¤Þ¤ì¤¿ÇØ·Ê

2011ǯº¢¤«¤é¡¢Ç§¾Ú¶É¤òÂоݤˤ·¤¿¥µ¥¤¥Ð¡¼¹¶·â¤ä¡¢Ç§¾Ú¶É¤Î±¿ÍѾå¤ÎÉÔÈ÷¤Ê¤É¤Ç¡¢¹¶·â¤ËÍøÍѤ·¤ä¤¹¤¤Google¤äFacebook¤È¤¤¤Ã¤¿Í­Ì¾¥µ¥¤¥È¸þ¤±¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ(*.google.comÅù)¤ò¼èÆÀ¤µ¤ì¤Æ¤·¤Þ¤¦¤È¤¤¤¦»ö·ï¤¬Áý¤¨¤Æ¤­¤Þ¤·¤¿¡£Google¤òÅܤ餻¤Á¤ã¤Ã¤¿¤Î¤Ï2011ǯ¤Î¥ª¥é¥ó¥À¤Îǧ¾Ú¶ÉDigiNotar¤¬ÉÔÀµ¿¯Æþ¤ò¼õ¤±¡¢*.google.com¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ¤òȯ¹Ô¤µ¤ì¡¢¥¤¥é¥ó¤Î¥×¥í¥Ð¥¤¥À¤ÎÅðÄ°¤ä¹¶·â¤Ë»È¤ï¤ì¤¿¤È¤¤¤¦»ö·ï¤¬¤¢¤ê¤Þ¤·¤¿¡£
hpkp-digi
¤³¤Î¤è¤¦¤Ê»ö·ï¤òËɤ°¤¿¤á¤Ë¤Ï¡¢¥¦¥§¥Ö¥µ¥¤¥È¤ËÂФ·¤Æ¡¢¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤Î°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤¿¾ì¹ç¤Ë¡¢·Ù¹ð¤òȯ¤¹¤ë»ÅÁȤߤ¬É¬ÍפǤ¹¡£¤½¤³¤Ç³«È¯¤µ¤ì¤¿¤Î¤¬¡¢HPKP¤Ç¤¹¡£HPKP¤Ç¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¾ÚÌÀ½ñ¸ø³«¸°¤Î¥Ï¥Ã¥·¥å¤Î°ìÃפò³Îǧ¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢¥¦¥§¥Ö¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤Î°Õ¿Þ¤·¤¿¾ÚÌÀ½ñ¤«¤É¤¦¤«¸¡¾Ú¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
hpkp-hpkp1
jovi¤µ¤ó¤Î¥Ö¥í¥°¤Î1¾Ï¤ÇÇطʤȻÅÁȤߤò¤ï¤«¤ê¤ä¤¹¤¯²òÀ⤵¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¤½¤Á¤é¤â¤´Í÷失¤ì¤Ð¤È»×¤¤¤Þ¤¹¡£

3. HPKP¤Î»ÅÁȤß

HPKP¤Î¼ÂÁõÊýË¡¤Ë¤Ï2¤Ä¤ÎÊýË¡¤¬¤¢¤ê¤Þ¤¹¡£

  • 1) Google¡¢Facebook¡¢Twitter¤Ê¤É¤Îͭ̾¥µ¥¤¥È¸þ¤±¤Î¡¢Chrome¡¢Firefox¤Ê¤É¥Ö¥é¥¦¥¶¤ËÁȤ߹þ¤Þ¤ì¤¿¥Ô¥ó¤Î¥ê¥¹¥È(Preloaded Known Pinned Host List)¤È¾È¹ç¤¹¤ëÊýË¡
  • 2) HTTPS¤ÇÄÌ¿®¤¹¤ëºÝ¤Ë¡¢¥µ¡¼¥Ð¡¼¤«¤é¥Ô¥ó¾ðÊó¤ÎHTTP¥Ø¥Ã¥À¤ò¼èÆÀ¤·¡¢¤½¤ì¤ò¥Ö¥é¥¦¥¶¤ËÊݴɤ·¤Æ¤ª¤­¡¢°Ê¹ß¤ÎÄÌ¿®¤Ç¾È¹ç¤Ë»È¤¦ÊýË¡
1) ¤ÎÊýË¡¤Ï¡¢¥Ö¥é¥¦¥¶¤òºÇ¿·¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Ê¤é¤Ð²¿¤âÀßÄꤷ¤Ê¤¯¤Æ¤â¡¢Í­Ì¾¤Ê¥µ¥¤¥È¤Ë¤Ä¤¤¤Æ¤ÏHPKP¤ò»È¤Ã¤Æ°ÂÁ´¤ËÀܳ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£º£²ó¤Îµ­»ö¤ÇµÄÏÀ¤·¤¿¤¤¤Î¤Ï2)¤Î¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤¬ÀßÄꤹ¤ë¾ì¹ç¤Ë¤Ä¤¤¤Æ¤Ê¤Î¤Ç¡¢2)¤Î»ÅÁȤߤˤĤ¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
hpkp-sethead
¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ËÉÔÀµ¤Ê¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ËÀܳ¤µ¤»¤Ê¤¤¤¿¤á¤ÎHPKP HTTP¥Ø¥Ã¥À¤òÀßÄꤹ¤ë¤Î¤Ç¤¹¤¬¡¢¤³¤ì¤Ï¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHTTPSÀßÄê¤Ç»ÈÍѤ¹¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤«¤éSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Þ¤Ç¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¸µ¤ËÀßÄꤷ¤Þ¤¹¡£HTTP¥Ø¥Ã¥À¤È¤½¤ÎÃͤνñ¼°¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
Public-Key-Pins: \ ¡¡¡¡pin-sha256="¥Á¥§¡¼¥óÃæ¤Î¸ø³«¸°¤Î¤É¤ì¤«¤ÎSHA256¥Ï¥Ã¥·¥åÃͤÎBase64"; \ ¡¡¡¡pin-sha256="¥Á¥§¡¼¥óÃæ¤Î¸ø³«¸°¤Î¤É¤ì¤Ë¤â°ìÃפ·¤Ê¤¤SHA256¥Ï¥Ã¥·¥åÃͤÎBase64"; \ ¡¡¡¡[pin-sha256="¤½¤Î¾¥Ï¥Ã¥·¥åÃÍ1"; ...; ] \ ¡¡¡¡max-age=¥Ö¥é¥¦¥¶¤Ë¤³¤ÎHPKP¥Ø¥Ã¥À¤¬Êݴɤµ¤ì¤ëÉÿô; \ ¡¡¡¡[includeSubDomain;] \¡¡¡¡¡¡¡¡¥µ¥Ö¥É¥á¥¤¥ó(example.com¤Ê¤ésub.example.com)¤âHPKP¤ÎÂоݤˤ¹¤ë¤« ¡¡¡¡[report-uri="JSON·Á¼°¤Î¥¨¥é¡¼¥ì¥Ý¡¼¥È¤¬POST¤µ¤ì¤ëURL"; ] [...]¤Ï¥ª¥×¥·¥ç¥ó
  • pin-sha256¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¸µ¤ËÀßÄꤷ¤Þ¤¹¤¬¡¢¤½¤ÎÀßÄêÊýË¡¤ä¹Í»¡¤Ë¤Ä¤¤¤Æ¤Ï¸å¤Ç½Ò¤Ù¤Þ¤¹¡£
  • max-age¤ÎÊݸ´ü´Ö¤ÏRFC¤Î4.1Àá¤Ç¹Í»¡¤·¤Æ¤ª¤ê60Æü(=5184000ÉÃ)¤¬Îɤ¤¤Î¤Ç¤Ï¡©¤È¤·¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤Î¹Í»¡¤â¸å¤Ç½Ò¤Ù¤µ¤»¤Æ²¼¤µ¤¤¡£
  • includeSubDmain¤Ï¡¢¥µ¥Ö¥É¥á¥¤¥ó¤Þ¤Ç´Þ¤á¤ë¤«¡¢Î㤨¤Ð example.com ¤ËHPKP¤òÀßÄꤷ¤¿¤é¡¢sub1.example.com¤â¡¢www1.sub2.example.com¤âHPKP¤ÎÂоݤˤ¹¤ë¤È¤¤¤¦¥Õ¥é¥°¤Ç¤¹¡£¸½»þÅÀ¤Ç»ý¤Ã¤Æ¤¤¤Ê¤¤¤Ê¤é°Â°×¤ËÀßÄꤷ¤Ê¤¤Êý¤¬Îɤ¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£
  • HPKP¤Ï¡¢CSP¤Ê¤É¤ÈƱÍͤˤ˥֥饦¥¶Â¦¤Ç¸¡¾Ú¤¹¤ë¤Î¤Ç¡¢¥µ¡¼¥Ð¡¼Â¦¤Ë¤Ï¥¨¥é¡¼¸¶°ø¤¬ÇÄ°®¤Ç¤­¤ºº¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£report-uri¤ò»È¤¨¤Ð¡¢¥Ö¥é¥¦¥¶¤ÇHPKP¤Î¥¨¥é¡¼¤¬È¯À¸¤·¤¿ºÝ¤Ë¡¢»ØÄꤷ¤¿URL¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ËJSON·Á¼°¤Î¥¨¥é¡¼¥ì¥Ý¡¼¥È¤òPOST¤¹¤ë¤³¤È¤ÇÁ÷¿®¤·¤Þ¤¹¤Î¤Ç¡¢ÀßÄê¾å¤ÎÌäÂê¤òÃΤë¤Î¤ËÌòΩ¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¡£Jxck¤µ¤ó¤Î¥Ö¥í¥°¤ÇÀßÄê¤ò»î¤·¤Æ¤ß¤¿¤È¤¤¤¦¾Ü¤·¤¤Êó¹ð¤¬¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¤´Í÷¤Ë¤Ê¤ë¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£¥Ö¥í¥°¤Ç¤â½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¥ì¥Ý¡¼¥È¤¬½ÐÎϤµ¤ì¤ë¾ò·ï¤¬¤è¤¯¤ï¤«¤é¤º¡¢¥Ö¥é¥¦¥¶¤ä¥Ð¡¼¥¸¥ç¥ó¤Ë¤â°Í¸¤¹¤ë¤è¤¦¤Ç¡¢»ä¤â¥ì¥Ý¡¼¥ÈÀ¸À®¤¬¤¦¤Þ¤¯¤Ç¤­¤Æ¤¤¤Þ¤»¤ó¡£
¤Þ¤¿¡¢HTTP¥Ø¥Ã¥À¤Ë¤Ä¤¤¤Æ "Public-Key-Pins" ¤Ç¤Ï¤Ê¤¯¡¢"Public-Key-Pins-Report-Only" ¤ÈÀßÄꤹ¤ì¤Ð¡¢¥Ö¥é¥¦¥¶¤Ç¤Ï¥¨¥é¡¼¤òȯÀ¸¤µ¤»¤ë¤³¤È¤Ê¤¯¡¢¥¨¥é¡¼¥ì¥Ý¡¼¥È¤Î¼ý½¸¤Ï¤Ç¤­¤Þ¤¹¤Î¤Ç¡¢¥Æ¥¹¥È¤ÎºÝ¤Ë¤³¤ì¤ò»È¤¦¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£

4. ¥Ô¥ó¤ÎÀßÄê¤Î¹Í»¡

pin-sha256°À­¤ò»È¤Ã¤Æ¥Ô¥ó¤òÀßÄꤹ¤ë¤³¤È¤Ë¤è¤ê¡¢¥µ¡¼¥Ð¡¼¥ª¡¼¥Ê¡¼¤¬°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤ë¤³¤È¤òËɤ°¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ ¥Ô¥ó¤ÎÃͤϡ¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¾ÚÌÀ½ñ¤Î²¿¤ì¤«¤Î¾ÚÌÀ½ñ¤Ë°ìÃפ¹¤ë¤â¤Î¤òºÇÄã°ì¤Ä¡¢ ¤É¤ì¤Ë¤â°ìÃפ·¤Ê¤¤¤â¤Î¤òºÇÄã°ì¤Ä¤Î·×2¤Ä°Ê¾å¤Ë¤è¤ê¹½À®¤µ¤ì¤Þ¤¹¡£
hpkp-intersect

4.1. ¥Ô¥ó¤ÎÃͤμèÆÀÊýË¡

¤µ¤Æ¡¢°ìÈÖ´Êñ¤Ê¥Ï¥Ã¥·¥åÃͤμèÆÀÊýË¡¤Ç¤¹¤¬¡¢¤¹¤Ç¤Ë¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHTTPSÀßÄ꤬´°Î»¤·¤Æ¤¤¤ë¤Ê¤é¤Ð¡¢Scott Helme»á¤ÎHPKP¥Ï¥Ã¥·¥å¤Î½êÆÀ¥Ú¡¼¥¸¤òÍøÍѤ¹¤ë¤Î¤¬Îɤ¤¤Ç¤¹¡£¼«Ê¬¤Î¤Ç¤â¾¿Í¤Î¤Ç¤âHTTPS¥µ¥¤¥È¤ÎURL¤òÆþÎϤ¹¤ì¤Ð¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î³Æ¾ÚÌÀ½ñ¤Î¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤò·×»»¤·¤Æ¤¯¤ì¤Þ¤¹¡£
index
SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤«¤é½ç¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Þ¤Ç¡¢¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤ¬

pin-sha256="hUIG87ch71EZQYhZBEkq2VKBLjhussUw7nR8wyuY7rY="
¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢¤É¤Î¥Ô¥ó¤ò»È¤¦¤Î¤«¤ò·è¤á¤ÆHTTP¥Ø¥Ã¥À¤ËÀßÄꤹ¤ë¤À¤±¤Ç¤¹¡£

°ì¤Ä¤Î¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤη׻»¤Ç¤¹¤¬¡¢¾ÚÌÀ½ñ¤«¤é¤Ç¤â¡¢¾ÚÌÀ½ñȯ¹ÔÍ×µá(CSR/PKCS#10)¤Ç¤â¡¢ ÈëÌ©¸°¤È¸°¥¢¥ë¥´¥ê¥º¥à¤Ë¤è¤Ã¤Æ¤Ï¸°¥Ñ¥é¥á¡¼¥¿¡¼¤«¤éÃê½Ð¤µ¤ì¤¿PKCS#8¸ø³«¸°¤«¤é¤Ç¤â¥Ï¥Ã¥·¥åÃͤò·×»»¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ ¤¿¤À¡¢¤¤¤í¤ó¤Ê¿Í¤Î¥Ö¥í¥°¤Ç¤Ï¡¢¤ï¤¶¤ï¤¶CSR¤òºî¤Ã¤Æ¤«¤é¥Ï¥Ã¥·¥åÃͤò·×»»¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢Æä˾ÚÌÀ½ñ¤Î¤Þ¤À̵¤¤¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Î¾ì¹ç¤Ë¤Ï¡¢ ¤½¤ó¤Ê¤³¤È¤ò¤·¤Ê¤¯¤È¤â¡¢¸ø³«¸°¤«¤é¥Ï¥Ã¥·¥å·×»»¤¹¤ë¤Î¤¬Îɤ¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£ Àè¤Û¤É¤ÈƱÍͤˡ¢Scott Helme»á¤Î¥Ä¡¼¥ë¤ÇPEM·Á¼°¤ÎPKCS#8¸ø³«¸°¡¢CSR¡¢X.509¾ÚÌÀ½ñ¤òÆþÎϤ¹¤ì¤Ð¡¢¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤò·×»»¤·¤Æ¤¯¤ì¤ë¥Ú¡¼¥¸¤¬¤¢¤ë¤Î¤Ç¡¢¤³¤ì¤ò»È¤¦¤Î¤¬´Êñ¤Ç¤¹¡£

¼êºî¶È¤Ç¥Ô¥ó¤ò¼èÆÀ¤¹¤ë¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤ò¼Â»Ü¤¹¤ì¤Ð¸ø³«¸°¤ÎSHA256¥Ï¥Ã¥·¥å¤Ç¤¢¤ë¥Ô¥ó¤ÎÃͤ¬¼èÆÀ¤Ç¤­¤Þ¤¹¡£Â¾¤Î²òÀâµ­»ö¤Ç¤Ï¡¢base64¥³¥Þ¥ó¥É¤ò»È¤Ã¤¿¤ê¡¢CSR¤ò¤¤¤Á¤¤¤ÁÀ¸À®¤¹¤ë¤Î¤ò¶¯À©¤µ¤»¤¿¤ê¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢¤³¤³¤Ç¾Ò²ð¤¹¤ëÊýË¡¤ÏOpenSSL¥³¥Þ¥ó¥É¤·¤«»È¤ï¤º¡¢¤¤¤í¤¤¤í¤Ê¥±¡¼¥¹¤ËÂбþ¤·¤Æ¡¢¥Ô¥ó¤Î¼èÆÀ¤¬¤Ç¤­¤ë¤è¤¦¤Ë¡¢Îã¤ò¼¨¤·¤Æ¤ª¤­¤Þ¤·¤¿¡£

X.509¾ÚÌÀ½ñ¤«¤ésubjectPublicKeyInfo¥Õ¥£¡¼¥ë¥É¤Ë¤¢¤ëPKCS#8¸ø³«¸°¤Î¥Ô¥ó¤ÎÆþ¼ê % openssl x509 -in PEM¾ÚÌÀ½ñ -pubkey -noout | openssl rsa -pubin -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= CSR¤«¤ésubjectPKInfo¥Õ¥£¡¼¥ë¥É¤Ë¤¢¤ëPKCS#8¸ø³«¸°¤Î¥Ô¥ó¤ÎÆþ¼ê % openssl req -in PEMCSR¥Õ¥¡¥¤¥ë -pubkey -noout | openssl rsa -pubin -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= PKCS#8ÈëÌ©¸°¤«¤é¥Ô¥ó¤ÎÆþ¼ê % openssl rsa -in PKCS#8ÈëÌ©¸° -pubout -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= PKCS#8¸ø³«¸°¤«¤é¥Ô¥ó¤ÎÆþ¼ê % openssl rsa -pubin -in PKCS#8¸ø³«¸° -pubout -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= ÆÀ¤é¤ì¤¿Ãͤò pin-sha256="te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU=" ¤Î¤è¤¦¤Ë¥Ø¥Ã¥À¤ËÀßÄꤹ¤ë¡£
Ãͤò¼èÆÀ¤·¤¿¤é¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHTTP¥Ø¥Ã¥À¤ËÀßÄꤷ¤Þ¤¹¡£Î㤨¤Ð¡¢Apache HTTP Server¤Î¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Þ¤¹¡£
<VirtualHost _default_:443> ... Header set Public-Key-Pins \ "pin-sha256=\"MRnxhYBVCMAxZHwalTJ7ZVl6P2005lll4ttWr+RN1Ro=\"; \ pin-sha256=\"633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q=\"; \ max-age=2592000; \ report-uri=\"https://report.example.com\"" ... Æɤߤ䤹¤µ¤Î¤¿¤á¤Ë¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å¤È²þ¹Ô¤òÆþ¤ì¤Æ¤¤¤Þ¤¹¡£2592000ÉäÏ30Æü¤Ç¤¹¡£

4.2. ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ÎÁªÂò

HPKP¤Ç¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ò1¤Ä°Ê¾åÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ËÜÀá¤Ç¤Ï¡¢¼¡¤Î2¤Ä¤Ëʬ¤±¤Æ¹Í»¡¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

  • 1) ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤Î¤É¤ì¤«°ì¤Ä¤Î¤ß¤òÁªÂò¤¹¤ë¾ì¹ç¤ÎÈæ³Ó¸¡Æ¤
  • 2) ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤Î2¤Ä°Ê¾å¡¢¤Þ¤¿¤ÏÁ´Éô¤òÁªÂò¤¹¤ë¾ì¹ç¤Î¹Í»¡

4.2. ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ÎÁªÂò

¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¤è¤¦¤Ê3ÃʤξÚÌÀ½ñ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢ ÉÔÀµ¤Ê°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¤«¤É¤¦¤«¸¡¾Ú¤¹¤ë¤¿¤á¤Ë¡¢ ¤É¤ì¤«°ì¤Ä¤Î¥Ô¥ó¤òÁª¤Ö¤È¤¹¤ì¤Ð¡¢¤É¤ì¤òÁª¤Ù¤ÐÎɤ¤¤Ç¤·¤ç¤¦¤«¡£ ¤³¤ì¤é3¤Ä¤Î¥±¡¼¥¹¤Ç¡¢¤½¤ì¤¾¤ìĹ½ê¡¢Ã»½ê¤¬¤¢¤ë¤Î¤Ç¡¢¹Í»¡¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£ SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤Æ¤Ï¡¢¿ôǯ¸å¾ÚÌÀ½ñ¹¹¿·¤ÎºÝ¤Ë»ÈÍѤ¹¤ë¸°¥Ú¥¢¤¬¤¢¤é¤«¤¸¤á·è¤Þ¤Ã¤Æ¤¤¤ë¾ì¹ç(=¸°»öÁ°À¸À®)¡¢·è¤Þ¤Ã¤Æ¤¤¤Ê¤¤¾ì¹ç(=¸°»öÁ°À¸À®¤Ê¤·)¤Î¥±¡¼¥¹¤Ëʬ¤±¤Æ¹Í»¡¤·¤Þ¤¹¡£

¾ÚÌÀ½ñĹ½êû½ê°ÂÁ´À­±¿ÍÑÉéô
­¡¥ë¡¼¥ÈCA¾ÚÌÀ½ñ
  • Í­¸ú´ü´Ö¤¬Ä¹¤¤¤¿¤á¥Ô¥óÊѹ¹¤ÎÉÑÅÙ¤¬¾¯¤Ê¤¯¤ÆºÑ¤à¡£¤ª¤½¤é¤¯10ǯÄøÅÙ¤ÏÊѹ¹ÉÔÍ×
  • ¥Ö¥é¥¦¥¶ÁȤ߹þ¤ß¤Î¥×¥ê¥í¡¼¥É¥Ô¥ó¤Ç¤Ï¥ë¡¼¥È¾ÚÌÀ½ñ¤ò»ÈÍÑ
  • ¸°¹¹¿·¸å¤Î¸ø³«¸°¤Ï»öÁ°¤Ë¤Ï¤ï¤«¤é¤º¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Ï»È¤¨¤Ê¤¤
  • ¿·¤·¤¤SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò¹ØÆþ¤·¤¿¾ì¹ç¤Ë¡¢Æ±¤¸¥ë¡¼¥Èǧ¾Ú¶É¤È¤Ï¸Â¤é¤º¡¢¤½¤ÎºÝ¤Ï¥Ô¥ó¤Î°Ü¹Ô¤¬É¬Í×
  • ¥ë¡¼¥È¾ÚÌÀ½ñÇÛ²¼¤Î¾ÚÌÀ½ñ¤Î¿ô¤ÏÈó¾ï¤Ë¿¤¯¡¢¤½¤Îǧ¾Ú¶É¤¬ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤òȯ¹Ô¤µ¤ì¤¿¾ì¹ç¤Ë¡¢¹¶·â¤òËɤ²¤Ê¤¤¥ê¥¹¥¯¤Ï¹â¤¤¡£Î㤨¤Ð¡¢¥·¥Þ¥ó¥Æ¥Ã¥¯¼Ò¤¬Google¤Ëµö²Ä¤Ê¤¯Google¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë»ö·ï¤¬¤¢¤Ã¤¿¡£
  • ¾ÚÌÀ½ñ¹¹¿·¤Ç¥ë¡¼¥ÈCA¤¬Êѹ¹¤Ë¤Ê¤ë²ÄǽÀ­¤ÏÄ㤤¤¬¡¢Êѹ¹¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢max-age¤ËÇÛθ¤·¤¿ÌÌÅݤʰܹԤ¬É¬ÍפDZ¿ÍÑÉé²Ù¤¬¹â¤¤
Äã¹â
­¢Ãæ´ÖCA¾ÚÌÀ½ñ
  • Í­¸ú´ü´Ö¤¬¤ä¤äŤ¤¤¿¤á¥Ô¥óÊѹ¹¤ÎÉÑÅÙ¤¬¼ã´³¾¯¤Ê¤¯¤ÆºÑ¤à¡£¤ª¤½¤é¤¯5ǯÄøÅÙ¤ÏÊѹ¹ÉÔÍ×
  • °ÂÁ´À­¤È±¿ÍÑÉéô¤ÎÌ̤ǥХé¥ó¥¹¤¬¼è¤ì¤Æ¤¤¤ë¤«¡©
  • ¥Ô¥ó¤¹¤ëÃæ´ÖCA¤Î¸ø³«¸°¤ËÊѹ¹¤¬¤Ê¤«¤Ã¤¿¾ì¹ç¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·¤ÏÈæ³ÓŪ³Ú
  • ¥Ô¥ó¤·¤Æ¤¤¤ëÃæ´ÖCA¤Î¸ø³«¸°¤¬¡¢¼¡²ó¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¹¹¿·»þ¤ËƱ¤¸¤Ç¤¢¤ë¤È¤¤¤¦ÊݾڤϤʤ¤¡£
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤¬Êѹ¹¤Ë¤Ê¤ë¥ê¥¹¥¯¤¬¤¢¤ë¤¬¡¢¤½¤ì¤¬»öÁ° ¼þÃΤµ¤ì¤Ê¤¤¤¿¤á¤Ë¡¢SSLÀܳÉÔ¶ñ¹ç¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¥ê¥¹¥¯¤¬¹â¤¤
  • Ãæ´ÖCA¾ÚÌÀ½ñ¤¬Êѹ¹¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Î°Ü¹Ô¤Ë·¸¤ë±¿ÍÑÉéô¤Ï¡¢²ó¿ô¤â¡¢ºî¶ÈÉé²Ù¤â Èó¾ï¤Ë¹â¤¤
  • Ʊ¤¸Ãæ´ÖCA¤«¤é¡¢ÉÔÀµ¤ËƱ¤¸¥É¥á¥¤¥ó¤ËÂФ¹¤ë¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤¿¾ì¹ç¤Ë¤â¸¡¾ÚÍ­¸ú¤È¤Ê¤Ã¤Æ¤·¤Þ¤¦¥ê¥¹¥¯¤¬¤¢¤ë¡£­¡¤è¤ê¤Ï¥ê¥¹¥¯¤ÏÄ㤤¤¬¡¢­£­¤¤è¤ê¤Ï¹â¤¤
  • ¾ÚÌÀ½ñ¹¹¿·¤ÇÃæ´ÖCA¤¬Êѹ¹¤Ë¤Ê¤ë²ÄǽÀ­¤Ï¤¢¤ëÄøÅÙ¤¢¤ê¡¢­¡¤è¤ê¤Ï³ÎΨ¤¬¹â¤¤¡£Êѹ¹¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢max-age¤ËÇÛθ¤·¤¿ÌÌÅݤʰܹԤ¬É¬ÍפDZ¿ÍÑÉé²Ù¤¬¹â¤¤
̾̾
­£SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ(¸°»öÁ°À¸À®)
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¡¢¥Ô¥ó¤·¤¿¸ø³«¸°¤Î¥Þ¥Ã¥Á¥ó¥°ÀßÄê¤Ë¼ºÇÔ¤¹¤ë²ÄǽÀ­¤¬Ä㤯¡¢HPKPÀßÄêÉÔÈ÷¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¤Î¥ê¥¹¥¯¤ÏºÇ¤âÄ㤤
  • HPKP¤ÎRFC¤Ç¤Ï¡¢(¤µ¤é¤Ã¤È´Êñ¤Ë¤Ç¤­¤ë¤È¼è¤ì¤ë¤è¤¦¤Êµ­½Ò¤¬¤µ¤ì¤Æ¤ª¤ê)¿ä¾©¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¼è¤ì¤ëÊýË¡
  • ÉÔÀµ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬»È¤ï¤ì¤ë¥ê¥¹¥¯¤Ï¡¢(ÈëÌ©¸°Ï³±Ì¤Î¥ê¥¹¥¯¤ò½ü¤±¤Ð)­¤¤ÈƱÄøÅ٤ˡ¢­¡­¢¤è¤ê¹â¤¤
  • ¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¡¢Êѹ¹¤µ¤ì¤ë¥Ô¥ó¤¬¤¢¤é¤«¤¸¤á¤ï¤«¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢(max-ageÆâ¤ËºÆÅÙ¾ÚÌÀ½ñ¹¹¿·¤ò¤¹¤ë¤³¤È¤ò¤·¤Ê¤±¤ì¤Ð)max-age¤ò¤¢¤Þ¤êµ¤¤Ë¤»¤º¤Ë¾ÚÌÀ½ñ¤Î¹¹¿·¤¬¤Ç¤­¤ë
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¡¢¸°¥Ú¥¢¤Î»öÁ°À¸À®¤¬²Äǽ¤Ê¤Î¤Ï¡¢OpenSSLÅù¤Ë¤è¤ê¼êºî¶È¤Ç¸°¥Ú¥¢À¸À®¤·¤¿¾ì¹ç¤Î¤ß¤Ç¤¢¤ê¡¢¾ÚÌÀ½ñ¤Îȯ¹Ô»þ¤Ë¡¢CSR¤ò¼«Á°¤ÇÀ¸À®¤¹¤ëɬÍפ¬¤Ê¤¯¡¢¥Ö¥é¥¦¥¶¤Î¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ç¼«Æ°Åª¤Ë¸°¥Ú¥¢À¸À®¤¹¤ë¤è¤¦¤Ê¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Î¾ì¹ç¤Ë¤Ï¡¢ËÜÊý¼°¤Ï»È¤¨¤Ê¤¤
  • Let's Encrypt¤Ï»È¤¨¤º¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¼«Æ°¹¹¿·¤Ë·¸¤ë±¿ÍÑÉéô¤Î·Ú¸º¤Ï¸«¹þ¤á¤Ê¤¤
  • ¸°¥Ú¥¢¤Ï°ìÈ̤ˡ¢¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¹Ô¤ï¤ì¤ë¤â¤Î¤À¤¬¡¢¤½¤ì¤ò2ǯÄøÅÙÁ°¤Ë¼Â»Ü¤¹¤ë¤³¤È¤Ë¤Ê¤ë¡£»öÁ°À¸À®¤·¤Æ¤ª¤¯¤È¡¢¤½¤Îʬ¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÈëÌ©¸°¤¬Ï³±Ì¤¹¤ë¥ê¥¹¥¯¤Ï¹â¤¯¡¢µ¡Ì©Êݴɤα¿ÍÑÉéô¤ÏÂ礭¤¤
  • ¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¤Ï¡¢¤½¤ì¤Ê¤ê¤ËÀßÄêÊѹ¹¤Ëµ¤¤ò»È¤¦É¬Íפ¬¤¢¤ë¡£¤Þ¤¿¡¢¤½¤Î²ó¿ô¤â2ǯ¼åÄøÅÙ¤ª¤­¤Ç¤¢¤ê¡¢±¿ÍÑÉéô¤ÏÈæ³ÓŪ¹â¤¤
̾̾
­¤SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ(¸°»öÁ°À¸À®¤Ê¤·)
  • Á´¤Æ¤ò¼«¸ÊÀ©¸æ¤Ç¤­¡¢ÀßÄêÉÔÈ÷¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¥ê¥¹¥¯¤Ï­£¤ÈƱÄøÅ٤˹⤤
  • ­£¤ËÈæ¤Ù¤ÆSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÈëÌ©¸°¤¬Ï³±Ì¤¹¤ë¥ê¥¹¥¯¤âÄ㤤
  • ÉÔÀµ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬»È¤ï¤ì¤ë¥ê¥¹¥¯¤Ï¡¢(ÈëÌ©¸°Ï³±Ì¤Î¥ê¥¹¥¯¤ò½ü¤±¤Ð)­¤¤ÈƱÄøÅ٤ˡ¢­¡­¢¤è¤ê¹â¤¤
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò»È¤¨¤ë´ü´Ö¤¬¡¢É¬¤º (max-age + ¦Á)¡ß2 ʬ¤À¤±¸º¤ë¡£2ǯʪ¾ÚÌÀ½ñ¤Î¾ì¹ç¡¢max-age¤ò2¥ö·î¤È¤·¤¿¾ì¹ç¡¢¥Æ¥¹¥È¤ä;͵¤â´Þ¤á4¡Á5¥ö·îÄøÅÙ¤Ïû¤¯¤Ê¤ë¤³¤È¤Ë¤Ê¤ê¡¢¾ÚÌÀ½ñ¤ÎÈñÍÑÉéô¤¬Áý¤¨¤ë
  • ¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤òmax-age+¦Á¤Ç¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤µ¤»¤ì¤Ð¡¢É¬¤ºmax-age¤ËÇÛθ¤·¤Ê¤¬¤é¥Ô¥ó¤ÎÊѹ¹¤ò¹Ô¤¦¤³¤È¤Ë¤Ê¤ë¡£±¿ÍѤÎÉéô¤Ï¤¢¤ë¤¬¡¢¥Ô¥ó¤¬Êѹ¹¤Ë¤Ê¤ë¤«Ç§¾Ú¶É¼¡Âè¤Ç¤É¤¦¤Ê¤ë¤«¤ï¤«¤é¤Ê¤¤­¡­¢¤ËÈæ¤Ù¤Æ¡¢É¬¤ºmax-age¤ËÇÛθ¤·¤¿¡¢¾ÚÌÀ½ñ¹¹¿·¡¢HPKPÀßÄêÊѹ¹¤Î¥¹¥±¥¸¥å¡¼¥ë¤¬ÁȤá¤ë¤Î¤Ç¡¢Äê·¿±¿ÍѤˤǤ­¤ë¤¿¤á±¿ÍѤο´ÍýŪÉéô¤Ï­¡­¢¤è¤ê¤Ï¼ã´³¾¯¤Ê¤¤
  • ¹âÃæ
    ¤Ç¤Ï¡¢­¡¡Á­¤¤Ç¤Ï¡¢²¿¤òÁªÂò¤¹¤ë¤«¤Ç¤¹¤¬¡¢¥Ö¥é¥¦¥¶ÁȤ߹þ¤ß¤Î¥Ô¥ó¤¬»È¤¨¤Ê¤¤°ìÈÌ¥µ¥¤¥È¤Î¾ì¹ç¤Ï¡¢ ­¢¡Á­£¤Î¤¤¤º¤ì¤«¤¬ÂÅÅö¤À¤È»×¤¤¤Þ¤¹¤¬¡¢¤É¤ì¤â±¿ÍѤÎÉéô¤ä¡¢¥µ¡¼¥Ó¥¹Äó¶¡ÉÔǽ¤Ë¤Ê¤ë¥ê¥¹¥¯¤¬¤¢¤ê¡¢ ¸Ä¿Í¤¬¥Æ¥¹¥ÈÌÜŪ¤ÇÀßÄꤹ¤ë¾ì¹ç¤Ï²¿¤Ç¤âÎɤ¤¤È¤·¤Æ¡¢ ¼«Ê¬¤¬¾¦ÍÑ¥µ¥¤¥È¤Î±¿ÍѤòǤ¤µ¤ì¤Æ¤¤¤ë¤Ê¤é¤Ð¡¢¤â¤Ã¤È¤â·üÇ°¤¹¤Ù¤­¤Ï Ĺ´ü´Ö¥µ¡¼¥Ó¥¹Äó¶¡ÉÔǽ¤Ë¤Ê¤ê¥¯¥ì¡¼¥à¤¬µ¯¤­¤ë¤³¤È¤Ê¤Î¤Ç¡¢ HPKP¤Ï»È¤ï¤Ê¤¤¤È¤¤¤¦È½ÃǤò¤¹¤ë¤È»×¤¤¤Þ¤¹¡£

    4.3. ¾ÚÌÀ½ñ¹¹¿·¤ÈHPKP¥Ø¥Ã¥À¤ÎÀßÄêÊѹ¹¤Î±¿ÍÑÊýË¡

    4.2Àá¤Ç¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¤É¤³¤Ë¥Ô¥ó¤òÀßÄꤹ¤ë¤«¤Ç¡¢ ¤É¤Î¤è¤¦¤Ê°ã¤¤¤¬¤¢¤ë¤Î¤«¤Ë¤Ä¤¤¤Æ¹Í»¡¤·¤Þ¤·¤¿¡£

    ËÜÀá¤Ç¤Ï¡¢4.2Àá¤Î¹Í»¡¤ò¼õ¤±¤Æ¡¢ÀßÄêÉÔ¶ñ¹ç¤Ë¤è¤ë¥µ¡¼¥Ó¥¹ÍøÍÑÉÔǽ¤ò Ëɤ®¤Ê¤¬¤é¡¢HPKP¤ò»È¤Ã¤¿¥µ¥¤¥È¤Î¾ÚÌÀ½ñ¹¹¿·¡¢HPKP¥Ø¥Ã¥À¤ÎÊѹ¹¤ò¡¢¤É¤Î¤è¤¦¤Ë±¿ÍѤ¹¤ì¤Ð¤è¤¤¤Î¤«¤Ë¤Ä¤¤¤Æ ¹Í»¡¤·¤Þ¤¹¡£

    HPKP¤ò»È¤Ã¤¿¾ì¹ç¤Î¾ÚÌÀ½ñ¹¹¿·¤Î±¿ÍѤλÅÊý¤Ï4¤Ä¤Î¥±¡¼¥¹¤Ë¤ï¤±¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

    • a)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë³Îǧ¤·¡¢¥Ô¥ó¤ò¹Ô¤Ã¤Æ¤¤¤ë¸°¤ËÊѹ¹¤¬¤Ê¤¤¾ì¹ç
    • b)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¥Ô¥ó¤ò¹Ô¤¦¸ø³«¸°¤¬²¿¤ËÊѹ¹¤µ¤ì¤ë¤«¤ï¤«¤Ã¤Æ¤¤¤ë¾ì¹ç
    • c)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¥Ô¥ó¤ò¹Ô¤¦¸ø³«¸°¤¬²¿¤ËÊѹ¹¤µ¤ì¤ë¤«¤ï¤«¤é¤Ê¤¤¡¢¤â¤·¤¯¤ÏÊѹ¹¤¬ÌÀ¤é¤«¤À¤¬¡¢¹¹¿·¤ÎÁ°¸å¤Î¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤òmax-age + ¦Á¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤Ç¤­¤ë¾ì¹ç
    • d)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¥Ô¥ó¤ò¹Ô¤¦¸ø³«¸°¤¬²¿¤ËÊѹ¹¤µ¤ì¤ë¤«¤ï¤«¤é¤Ê¤¤¡¢¤â¤·¤¯¤ÏÊѹ¹¤¬ÌÀ¤é¤«¤À¤¬¡¢¹¹¿·¤ÎÁ°¸å¤Î¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤òmax-age + ¦Á¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤Ç¤­¤Ê¤¤¾ì¹ç
    ¤³¤Î¤è¤¦¤ÊÀâÌÀ¤Ç¤Ï¡¢¶ñÂÎŪ¤Ê¥¤¥á¡¼¥¸¤¬¤ï¤«¤Ê¤¤¤È»×¤¤¤Þ¤¹¤Î¤Ç¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤Î¾ÚÌÀ½ñ¤Ëʬ¤±¤Æ¶ñÂÎÎã¤ò¼¨¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£
    • a-1) ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤ª¤ê¡¢¸ÜµÒ¥µ¥Ý¡¼¥È¤ËÌä¹ç¤»¤¿¤é¡¢¼¡²ó¡¢max-age¸å¤Î¾ÚÌÀ½ñ¹¹¿·¤Ç¤Ï¡¢»ÈÍѤ¹¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Ë¤ÏÊѹ¹¤¬¤Ê¤¤¤³¤È¤¬¤ï¤«¤Ã¤¿¾ì¹ç¡£(¸ÜµÒ¥µ¥Ý¡¼¥È¤Ë±³¤ò¤Ä¤«¤ì¤¿¤é¡¢°ìÉô¥æ¡¼¥¶¤Ë2¥ö·î(=max-age)¥µ¡¼¥Ó¥¹¾ã³²¤Ë¤Ê¤ë¥ê¥¹¥¯¤¢¤ê¡£)
      hpkp-move1
    • b-1) ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤ª¤ê¡¢¸ÜµÒ¥µ¥Ý¡¼¥È¤ËÌä¹ç¤»¤¿¤é¡¢¼¡²ó¡¢max-age¸å¤Î¾ÚÌÀ½ñ¹¹¿·¤Ç¤Ï¡¢»ÈÍѤ¹¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤¬¤É¤ì¤ËÊѹ¹¤µ¤ì¤ë¤«¶µ¤¨¤Æ¤â¤é¤¨¤¿¾ì¹ç¡£¤â¤·¤¯¤Ï¥µ¥Ý¡¼¥È¥Ú¡¼¥¸¤Ê¤É¤Ç¹ðÃΤµ¤ì¤Æ¤¤¤ë¾ì¹ç¡£¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÎÊѹ¹¡¢EV¤Ø¤ÎÊѹ¹¤Ê¤É¤âƱÍÍ¡£
      hpkp-move-b1
    • b-2) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤ª¤ê¡¢OpenSSLÅù¤Ç¼¡²ó¤Î¾ÚÌÀ½ñ¹¹¿·¤Ç»ÈÍѤ¹¤ë¸°¥Ú¥¢¤¬¤¹¤Ç¤Ë»öÁ°À¸À®¤µ¤ì¡¢Êݴɤµ¤ì¤Æ¤¤¤ë¾ì¹ç
      hpkp-move-b2
    • c-1) ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢¼¡²ó¾ÚÌÀ½ñ¹¹¿·¸å¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤ÎÊѹ¹¤Ë¤Ä¤¤¤Æ¡¢¸ÜµÒ¥µ¥Ý¡¼¥È¤«¤é¤Î²óÅú¤¬ÆÀ¤é¤ì¤º¡¢Êѹ¹¤µ¤ì¤ë¤«¤É¤¦¤«È½ÃǤ¬¤Ä¤«¤Ê¤¤¤¿¤á¡¢»ÅÊý¤Ê¤¯¡¢¾ÚÌÀ½ñ¹¹¿·¤òmax-age + ¦ÁÁ°¤Ë¼Â»Ü¤·¤ÆÍ­¸ú´ü´Ö¤ò½Å¤Í¤ë¤è¤¦»öÁ°¾ÚÌÀ½ñȯ¹Ô¤·¤¿¤é¡¢¤ä¤Ï¤ê¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤ÏÊѹ¹¤Ë¤Ê¤Ã¤Æ¤¤¤¿¾ì¹ç(Êѹ¹¤¬¤Ê¤±¤ì¤Ða-1¤Î¥±¡¼¥¹¤È¤Ê¤ë¡£)
      hpkp-move-c1
    • c-2) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢OpenSSL¤ò»È¤ï¤º¡¢¥Ö¥é¥¦¥¶¤Îµ¡Ç½¤Ç¸°¥Ú¥¢À¸À®¤¹¤ë¥¿¥¤¥×¤Îǧ¾Ú¶É¤Ç¤¢¤ë¤¿¤á¡¢»öÁ°¤Ë¹¹¿·¸å¤Î¸ø³«¸°¤Ï¤ï¤«¤é¤º¡¢¾ÚÌÀ½ñ¹¹¿·¤òmax-age + ¦ÁÁ°¤Ë¼Â»Ü¤·¤ÆÍ­¸ú´ü´Ö¤ò½Å¤Í¤ë¤è¤¦»öÁ°¾ÚÌÀ½ñȯ¹Ô¤Ç¤­¤ë¾ì¹ç
      hpkp-move-c2
    • c-3) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢HSMµ¡Ç½¤ò»È¤¦SSL¥¢¥¯¥»¥é¥ì¡¼¥¿¡¼¤ò»È¤Ã¤Æ¤ª¤ê¡¢»öÁ°¤Ë¹¹¿·¸å¤Î¸ø³«¸°¤Ï¤ï¤«¤é¤º¡¢¾ÚÌÀ½ñ¹¹¿·¤òmax-age + ¦ÁÁ°¤Ë¼Â»Ü¤·¤ÆÍ­¸ú´ü´Ö¤ò½Å¤Í¤ë¤è¤¦»öÁ°¾ÚÌÀ½ñȯ¹Ô¤Ç¤­¤ë¾ì¹ç¡£°Ü¹Ô¤Î¿Þ¤Ïc-2¤ÈƱ¤¸¤Ë¤Ê¤ê¤Þ¤¹
    • d-1) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢Let's Encrypt¤ä°ìÉô¤Îǧ¾Ú¶É¤Î¤è¤¦¤Ë¡¢¾ÚÌÀ½ñ¹¹¿·¸å¡¢Á°¤Î¾ÚÌÀ½ñ¤Ï¨»þ¤Ë¼º¸ú½èÍý¤¬¤µ¤ì¡¢max-age + ¦Á¤Î´ü´Ö¤ÎÍ­¸ú´ü´Ö¤Î¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤¬¤Ç¤­¤Ê¤¤¾ì¹ç
      hpkp-move-d1
    ¼«Ê¬¤Î±¿ÍѤ¬¤É¤Î¥±¡¼¥¹¤Ë¤¢¤Æ¤Ï¤Þ¤ë¤«¡¢¾åµ­¤ÎÀâÌÀ¤Ç¤ï¤«¤Ã¤¿¤Ç¤·¤ç¤¦¤«¡£¤µ¤Æ¡¢a¡Ád¤Î¥±¡¼¥¹¤Ç¡¢¤É¤Î¤è¤¦¤ËÂбþ¤¹¤ë¤«¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£
    • a¤ÎÂбþ) ¾ÚÌÀ½ñ¹¹¿·¤ËºÝ¤·¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHPKP¥Ø¥Ã¥À¤ÎÀßÄê¤ÏÊѹ¹¤·¤Ê¤¯¤Æ¤è¤¤
    • b¤ÎÂбþ) max-age¤ò¤Ï¤¢¤Þ¤êµ¤¤Ë¤»¤º¡¢¾ÚÌÀ½ñ¹¹¿·¸å¤Î¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Î¾ÚÌÀ½ñÀßÄê¡¢HPKP¥Ø¥Ã¥À¤òÀßÄêÊѹ¹¤·¤Æ¤è¤¤
    • c¤ÎÂбþ) ¤â¤Ã¤È¤â¿À·Ð¤ò¸¯¤¦¡¢max-age¤ËÇÛθ¤·¤¿¡¢¾ÚÌÀ½ñ¹¹¿·¡¢HPKP¥Ø¥Ã¥ÀÀßÄ꤬ɬÍס£¾ÚÌÀ½ñ¤Î¹¹¿·¤ÎÁ°¸å¤Ç¡¢Í­¸ú´ü´Ö¤Î¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤¬É¬Í×
    • d¤ÎÂбþ) ¤³¤Î¥±¡¼¥¹¤Ç¤ÏHPKP¤Ï»È¤¨¤Ê¤¤¡£Â¾¤Î¾ÚÌÀ½ñ¡¢¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ø¤Î¥Ô¥óÀßÄê¤ÎÊѹ¹¤ò¸¡Æ¤¤¹¤ëɬÍפ¬¤¢¤ë¡£»È¤Ã¤Æ¤â¡¢°ìÉô¥æ¡¼¥¶¤Ë¥µ¡¼¥Ó¥¹ÀܳÉÔǽ¾ã³²¤¬max-ageÄøÅÙȯÀ¸¤¹¤ë¡£
    ¤É¤ó¤Ê¾ÚÌÀ½ñ¹¹¿·¡¢HPKP¥Ø¥Ã¥ÀÀßÄê¤Î°Ü¹Ô¤ò¹Ô¤¦¤Ë¤·¤Æ¤â¡¢¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü¸Â¡¢max-age¡¢ÈëÌ©¸°¤ÎÊݴɤʤɡ¢ÍÍ¡¹¤Ê¤³¤È¤Ëµ¤¤ò¸¯¤¤¤Ê¤¬¤é¡¢°Ü¹Ô·×²è¤òΩ¤Æ¡¢°Ü¹Ô¤·¤Ê¤¤¤È¤Ê¤é¤º¡¢¤­¤Á¤ó¤È¹Í¤¨¤Ê¤¤¤ÈĹ´ü¤Î¥µ¡¼¥Ó¥¹¾ã³²È¯À¸¤¹¤ë¤È¤¤¤¦±¿ÍѾå¤ÎÉéô¤ä¥ê¥¹¥¯¤ÏÂ礭¤¤¤È»×¤¤¤Þ¤¹¡£

    4.4. ¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤È¤¤¤¦Ì¿Ì¾¤Î¤¤¤±¤Æ¤Ê¤µ

    Àè¤Ë½Ò¤Ù¤¿¤è¤¦¤Ë¡¢²¿¤«°ì¤Ä¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤È¤Ï¥Þ¥Ã¥Á¤·¤Ê¤¤¥Ô¥ó¤òɬ¤º´Þ¤á¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤ò¤¹¤ë¾ì¹ç¤Ï¡¢¸½ºß»È¤Ã¤Æ¤¤¤ëSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÈëÌ©¸°¤ËÂФ·¤Æ¡¢¾­Íè¡¢¾ÚÌÀ½ñ¹¹¿·¤Ç»È¤¦Í½Äê¤ÎÈëÌ©¸°¤â»öÁ°¤ËÀ¸À®¤·¤Æ¤ª¤±¤ë¤Ê¤é¡¢¤½¤Î¸ø³«¸°¤ò¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤È¤·¤ÆÀßÄꤷ¤Æ¤ª¤±¤Ð¡¢¤Þ¤µ¤·¤¯¥Ð¥Ã¥¯¥¢¥Ã¥×¤È¤·¤Æ»ÈÍѤǤ­¡¢(¸å½Ò¤ÎÌäÂꤢ¤ê¤¢¤ê¤Ç¤¹¤¬)¥¹¥à¡¼¥¹¤Ê¾ÚÌÀ½ñ¤È¥Ô¥ó¤Î°Ü¹Ô¤¬²Äǽ¤Ç¤¹¡£

    ¤·¤«¤·¤Ê¤¬¤é¡¢ÈëÌ©¸°¤ò°Ü¹ÔÀè¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¤È¤·¤Æ»öÁ°À¸À®¤·¤Æ¤ª¤­¡¢¤³¤ì¤¬ÍøÍѤǤ­¤ë¤È¤¤¤¦¥±¡¼¥¹¤Ï¥ì¥¢¥±¡¼¥¹¤Ç¤¹¡£Î㤨¤Ð°Ê²¼¤Î°ìÈ̤˵¯¤³¤ê¤¦¤ë¥±¡¼¥¹¤Ç¤Ï¡¢¾ÚÌÀ½ñ¹¹¿·¤ÎºÝ¤Ë¡¢¤½¤Î»öÁ°À¸À®¤·¤¿ÈëÌ©¸°¤ò»ÈÍѤ¹¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£

    CA¾ÚÌÀ½ñ¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×Pin
    ǧ¾Ú¶É¤¬¹Ô¤¦¾ÚÌÀ½ñ¹¹¿·¤â¤·¤¯¤Ï¸°¹¹¿·¤Ë¤ª¤¤¤Æ¡¢»öÁ°¤Ë°Ü¹ÔÀè¤ÎÈëÌ©¸°¤¬Â¸ºß¤¹¤ë¤È¤¤¤¦¤³¤È¤â¤¢¤ê¤Þ¤»¤ó¤·¡¢°Ü¹ÔÀè¤Î¸ø³«¸°¤ÎPin¤ò¥æ¡¼¥¶¤Ë¸ø³«¤·¤Æ¤¯¤ì¤ëǧ¾Ú¶É¤â¤¢¤ê¤Þ¤»¤ó¡£
    HSM¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×
    ǧ¾Ú¶É¤äSSL¥¢¥¯¥»¥é¥ì¡¼¥¿¡¼¤ò»È¤Ã¤Æ¤¤¤ë¥±¡¼¥¹¤Ç¤Ï¡¢ÈëÌ©¸°¤ò¼è¤ê½Ð¤·ÉÔ²Äǽ¤Ê¥Ï¡¼¥É¥¦¥§¥¢¥»¥­¥å¥ê¥Æ¥£¥â¥¸¥å¡¼¥ë(HSM)¤Ç´ÉÍý¤¹¤ë¤Î¤¬°ìÈÌŪ¤Ç¤¹¡£HSM¤ò»ÈÍѤ·¤¿¸°¹¹¿·¡¢¾ÚÌÀ½ñ¹¹¿·¤Ç¤Ï¡¢»öÁ°¤ËÈëÌ©¸°¤ò´ö¤Ä¤«À¸À®¤·¤Æ¤ª¤­¡¢¹¹¿·»þ¤Ë¤½¤ì¤ò»ØÄꤷ¤Æ¹¹¿·¤Ë»ÈÍѤ¹¤ë¤È¤¤¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£¹¹¿·»þ¤Ë¤Ï¡¢¿·¤¿¤Ë¸°¥Ú¥¢¤òÀ¸À®¤·¤Æ¡¢¤³¤ì¤ò»ÈÍѤ·¤Þ¤¹¡£¤³¤Î¤¿¤á¤Ë¡¢Ç§¾Ú¶É¤Ç¤Ï¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤ò¸ø³«¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¤Î¤Ç¤¹¡£
    ¥¦¥§¥Ö²èÌ̤Ǹ°¥Ú¥¢À¸À®¤·¤ÆSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñȯ¹Ô¤¹¤ëǧ¾Ú¶É¤Î¾ì¹ç
    ǧ¾Ú¶É¤Ë¤è¤Ã¤Æ¤Ï¡¢¥¦¥§¥Ö¥Ö¥é¥¦¥¶¤Îµ¡Ç½¤ò»ÈÍѤ·¤Æ¡¢¥Ü¥¿¥ó¤ò²¡¤»¤Ð¼«Æ°¤Ç¸°¥Ú¥¢À¸À®¤ò¹Ô¤¤¡¢¤³¤ì¤òÍѤ¤¤Æ¾ÚÌÀ½ñ¤òȯ¹Ô¤·¡¢¿·¤·¤¤¾ÚÌÀ½ñ¤ò³ÊǼ¤¹¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£¤½¤Î¤è¤¦¤Êǧ¾Ú¶É¤Ç¤Ï¡¢»öÁ°¤ËÀ¸À®¤·¤Æ¤ª¤¤¤¿¸°¤òȯ¹Ô»þ¤Ë»ÈÍѤ¹¤ë¤È¤¤¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£
    Let's Encrypt¤ò»È¤¦¾ì¹ç
    ̵ÎÁ¤ÇÀ¤³¦°ì¤Îȯ¹Ô¿ô¤ò¸Ø¤ë¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ç¤¢¤ëLet's Encrypt¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Îȯ¹Ô¥×¥í¥»¥¹¤¬¥¹¥¯¥ê¥×¥È¤Ë¤è¤ê¼«Æ°²½¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤³¤ì¤â¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¤Ï¼«Æ°¤Ç¸°¥Ú¥¢À¸À®¤µ¤ì¤ë¤Î¤Ç¡¢»öÁ°¤ËÀ¸À®¤·¤Æ¤¤¤¿¸°¥Ú¥¢¤ò»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£
    ËÜÅö¤Î°ÕÌ£¤Ç¤Î¡Ö¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¡×¤¬»È¤¨¤ë¤Î¤Ï¡¢°Ê²¼¤Î¾ì¹ç¤Ë¤Î¤ß²Äǽ¤Ç¤¢¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
    • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ËÂФ·¤ÆPin¤ò¤¹¤ë¾ì¹ç¤Ç¡¢¤«¤Ä¡¢
    • OpenSSL¤Ê¤É¤Î¥³¥Þ¥ó¥É¤Ç¸°¥Ú¥¢À¸À®¤·¡¢¥Þ¥Ë¥å¥¢¥ë¤Ç¾ÚÌÀ½ñȯ¹ÔÍ×µá¤òÀ¸À®¤·¤Æ¡¢¾ÚÌÀ½ñȯ¹Ô¤·¤Æ¤â¤é¤¨¤ëǧ¾Ú¶É¤ò»ÈÍѤ¹¤ë¾ì¹ç
    ½¾¤Ã¤Æ¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¥Þ¥Ã¥Á¤·¤Ê¤¤¤â¤Î¤ò¡¢¡Ö¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¡×¤È¸Æ¤Ö¤Î¤Ï¡¢¾å½Ò¤Î¤Û¤È¤ó¤É¤Î¥±¡¼¥¹¤ÇŬÀڤǤʤ¤¤Î¤Ç¡¢Ì¾¾Î¤Ë¤ÏÌäÂ꤬¤¢¤ë¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£

    4.5. CA¸°¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Î¥ª¥¹¥¹¥á¤ÎÃÍ

    ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤹ¤ë¾ì¹ç¡¢ °ìÃפ·¤Ê¤¤¥Ô¥ó¤Ï¡¢¾­Íè¤Î¹¹¿·À褬¤ï¤«¤é¤Ê¤¤¾ì¹ç¤Ë¤Ï²¿¤Ç¤â¤è¤¯¡¢ ¤µ¤é¤Ë¤Ï¡¢ËÜʪ¤Î¸ø³«¸°¤Î¥Ï¥Ã¥·¥å¤Ç¤¢¤ëɬÍפ⤢¤ê¤Þ¤»¤ó¡£ SHA256¤Ê¤Î¤Ç¡¢Ã±¤Ë32¥Ð¥¤¥È¤ÎÃͤǤ¢¤ì¤Ð²¿¤Ç¤âÎɤ¤¤ï¤±¤Ç¤¹¡£

    ¤¿¤À¡¢HPKP¥Ø¥Ã¥À¤Ç°ì¸«¤·¤Æ°ìÃפ·¤Ê¤¤¥Ô¥ó¤À¤È¤ï¤«¤Ã¤¿¤Û¤¦¤¬¡¢ ¸í¤Ã¤Æºï½ü¤¹¤ë¤Ê¤É¤Î±¿Íѥߥ¹¤òËɤ°°ÕÌ£¤Ç¤âÎɤ¤¤È¹Í¤¨¤Æ¤ª¤ê¡¢ ¤½¤³¤Ç¡¢¥ª¥¹¥¹¥á¤·¤¿¤¤¤Î¤¬¡¢°Ê²¼¤ÎÃͤǤ¹¡£

    pin-sha256="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; ¤³¤ì¤Ï¡¢16¿Ê¿ô¤Ç 0000000000000000000000000000000000000000000000000000000000000000 (32¥Ð¥¤¥È)
    ¤È¤Ê¤ê¤Þ¤¹¡£Î®¹Ô¤ë¤È¤¤¤¤¤Ê¤È»×¤Ã¤Æ¤¤¤Þ¤¹w

    4.6. ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤ÇÊ£¿ô¥Ô¥ó¤ò¤Ä¤±¤Æ¤â°ÕÌ£¤Ï¤Ê¤¤

    ¤³¤ì¤Þ¤Ç¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤È°ìÃפ¹¤ë¥Ô¥ó¤Î¿ô¤Ï1¤Ä¤òÁ°Äó¤ËµÄÏÀ¤·¤Æ¤­¤Þ¤·¤¿¤¬¡¢ ¤³¤ì¤òÊ£¿ô¡¢Î㤨¤Ð¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤È¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤È¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¥Ô¥ó¤ò°ìÃפµ¤»¤¿¾ì¹ç¤Ë¤Ï¡¢ ¤É¤¦¤Ê¤ë¤Î¤«¤ò¹Í»¡¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

    ¤Þ¤º¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÂǤäơ¢¼¡¤ËÃæ´ÖCA¾ÚÌÀ½ñ¡¢¼¡¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥Ô¥ó¤òÄɲ䷤Ƥ¤¤¯ ¤³¤È¤ò¹Í¤¨¤Æ¤Þ¤·¤ç¤¦¡£ Ʊ¤¸¸°¥Ú¥¢¤òÊ£¿ô¤Îǧ¾Ú¶É¤«¤é¤Î¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñȯ¹Ô¤Ç»ÈÍѤ·¤Ê¤¤¤È¤¤¤¦¡¢Åö¤¿¤êÁ°¤Î»ö¤òÁ°Äó¤È¤·¤Þ¤¹¡£ SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÂǤĻö¤¬ºÇ¤â¡¢ÈϰϤ¬¸ÂÄêŪ¤Ç¥Ë¥»HTTPS¤ËÂФ¹¤ë ºÇ¤â¶¯¤¤Âкö¤Ç¤¢¤ë¤È¡¢4.2Àá­£­¤¤Ç½Ò¤Ù¤Þ¤·¤¿¡£

    ¤½¤³¤ËÃæ´ÖCA¾ÚÌÀ½ñ¤Î°ìÃפ¹¤ë¥Ô¥ó¤ò­¤·¤Æ¤ß¤¿¤é¤É¤¦¤Ç¤·¤ç¤¦¤«¡£¥Ô¥ó¤ÇÆÃÄꤹ¤ë¾ÚÌÀ½ñ¤ÎÈϰϤÏÁ´¤¯ÊѤï¤ê¤Þ¤»¤Î¤Ç¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Î¥Ô¥ó¤ò­¤¹¤³¤È¤Ç¡¢¥Ë¥»HTTPS¥µ¥¤¥Èºî¤ê¤¬Æñ¤·¤¯¤Ê¤Ã¤¿¤ê¤Ï¤»¤º¡¢¥»¥­¥å¥ê¥Æ¥£¤Î¶¯ÅÙ¤â¾å¤¬¤ê¤Þ¤»¤ó¡£¤Þ¤¿¡¢±¿ÍÑÌ̤Ǥϡ¢¥Ô¥ó¤Î°ìÃפÎÇÛ褬¥Ô¥ó°ì¤Ä¤ÈÈæ¤Ù¤ÆÆñ¤·¤¯¡¢¤Þ¤¿¡¢¥¦¥§¥Ö¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤À¤±¤Ç´ÉÍý¤Ç¤­¤Ê¤¤ÈϰϤȤʤë¤Î¤Ç¾ÚÌÀ½ñ¤ä¥Ô¥ó¥Ø¥Ã¥ÀÊѹ¹¤Î±¿ÍѤϳÊÃʤËÊ£»¨¤ÇÌÌÅݤˤʤê¤Þ¤¹¡£¤³¤ì¤ËÂФ·¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥Ô¥ó¤ò²Ã¤¨¤¿¾ì¹ç¤Ç¤âÁ´¤¯Æ±¤¸¤³¤È¤Ç¤¹¡£¥»¥­¥å¥ê¥Æ¥£¶¯Å٤Ͼ夬¤é¤º¡¢°Ü¹Ô¤Î±¿ÍѤÏÊ£»¨¤Ë¤Ê¤ë¤Î¤Ç¤¹¡£
    hpkp-multipin

    ½¾¤Ã¤Æ¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤ÇÊ£¿ô¤Î¥Ô¥ó¤ò¤Ä¤±¤Æ¤â°ÕÌ£¤¬¤Ê¤¯¡¢¤«¤¨¤Ã¤Æ±¿ÍѤ¬Ê£»¨¤Ë¤Ê¤ë¤À¤±¤Ê¤Î¤Ç¡¢»ß¤á¤¿¤Û¤¦¤¬¤è¤¤¤È¤¤¤¦¤³¤È¤¬¸À¤¨¤Þ¤¹¡£

    4.7. Ʊ¤¸CA¾ÚÌÀ½ñ¤ËPin¤·Â³¤±¤ë¾ì¹ç¤Î²ÝÂê

    º£¸åÅöÌ̤ϡ¢Æ±¤¸¥ë¡¼¥Èǧ¾Ú¶É¡¢Ãæ´Öǧ¾Ú¶É¤«¤éȯ¹Ô¤·¤Æ¤â¤é¤¦¾ì¹ç¤Ë¡¢¤½¤Îǧ¾Ú¶É¤Î¾ÚÌÀ½ñ¤Î¸ø³«¸°¤ËPin¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤½¤Î¾ì¹ç¤Ë¤Ï¡¢¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤Ï¡¢Ç§¾Ú¶É¤«¤é°Ü¹ÔÀè¤ÎPin¤ò¶µ¤¨¤Æ¤â¤é¤¨¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¤Ê¤ó¤Ç¤âŬÅö¤ÊÃͤÇÎɤ¤¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£¸ø³«¸°¤Î¥Ï¥Ã¥·¥å¤Ç¤¢¤ëɬÍפâ¤Ê¤¯¡¢32¥Ð¥¤¥È¤ÎÃͤÎBase64ɽ¸½¤Ç¤¢¤ì¤Ð(¾×Æͤ·¤Ê¤±¤ì¤Ð)²¿¤Ç¤âÎɤ¤¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

    ¤¿¤À¤·¡¢¡ÖÅöÌ̤ϡפȽñ¤­¤Þ¤·¤¿¤¬¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë»ÈÍѤ·¤Æ¤¤¤¿Ãæ´Öǧ¾Ú¶É¤¬¡¢¼¡¤Î¾ÚÌÀ½ñȯ¹Ô»þ¤Ë¤âƱ¤¸Ãæ´Öǧ¾Ú¶É¡¢Æ±¤¸¸ø³«¸°¤Ç¤¢¤ë¤È¤¤¤¦Êݾڤ¬¤¢¤ê¤Þ¤»¤ó¡£°Ê²¼¤ÎÍýͳ¤Ë¤è¤ê¡¢Æ±¤¸Ãæ´ÖCA¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤Ê¤¤²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£

    • Ãæ´ÖCA¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü¸Â¤Ï¡¢5ǯ¤«¤é10ǯÄøÅ٤Ǥ¹¡£¤½¤ÎÍ­¸ú´ü¸Â¤ÎȾʬÄøÅÙ¤«¤é¡¢ºÇŤǤâ2¡¢3ǯ¤ò»Ä¤·¤Æ¡¢¤½¤ÎÃæ´Öǧ¾Ú¶É¤«¤é¤Ï¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤Ê¤¯¤Ê¤ê¡¢ÍøÍѼԤÏÊ̤ÎCA¤«¤é¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤â¤é¤¦¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
    • ¾ÚÌÀ½ñ¤Îȯ¹Ô¿ôËç¿ô¤¬Â¿¤¯¤Ê¤ë¤È¡¢¤½¤ì¤À¤±¡¢¾ÚÌÀ½ñ¼º¸ú¥ê¥¹¥È(CRL)¤Î¥µ¥¤¥º¤âÂ礭¤¯¤Ê¤ê¤Þ¤¹¤Î¤Ç¡¢°ì¤Ä¤ÎÃæ´ÖCA¤«¤éȯ¹ÔËç¿ô¤òÀ©¸Â¤·¤Æ¡¢°Ê¹ß¤Î¾ÚÌÀ½ñȯ¹Ô¤Ï¡¢¿·¤·¤¤Ãæ´ÖCA¤«¤éȯ¹Ô¤µ¤»¤ë¥±¡¼¥¹¤¬¤¢¤ê¤Þ¤¹¡£
    • ¶áǯ¡¢Ç§¾Ú¶É¤Î±¿ÍѾå¤ÎÉÔÈ÷¡¢¥µ¥¤¥Ð¡¼¹¶·â¤Ê¤É¤«¤é¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹Á´ÂΤ䡢ÆÃÄê¤ÎÃæ´ÖCA¤¬±¿ÍÑÄä»ß¡¢¥µ¡¼¥Ó¥¹½ªÎ»¤Ë¤Ê¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
    ¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¤Ï¡¢Æ±¤¸Ãæ´ÖCA¤ÎPin¤ò»È¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£

    Í­¸ú¤ÊPin¤òÀßÄꤷ¤¿Æ±¤¸¥ë¡¼¥ÈCA¤â¤·¤¯¤ÏÃæ´ÖCA¤«¤é¡¢¿·¤·¤¤¾ÚÌÀ½ñ¤¬È¯¹Ô¤·¤Æ¤â¤é¤¨¤Ê¤¤¤È¤ï¤«¤Ã¤¿ºÝ¤Ë¡¢Ê̤ξÚÌÀ½ñ¤Î°Ü¹Ô¤Ï¡¢¤¹¤°¤Ë¤Ï¤Ç¤­¤º¡¢max-age¤Ç»ØÄꤷ¤¿´ü´Ö¡¢°ìÈ̤ˤÏ1¥ö·î¤«¤é1ǯÄøÅ٤ϡ¢¾ÚÌÀ½ñ¤ÎÆþ¤ìÂؤ¨¤¬¤Ç¤­¤Þ¤»¤ó¡£ºÇ°­¤Î¾ì¹ç¡¢¤½¤Î´ü´Ö¡¢Í­¸ú¤ÊHTTPSÄÌ¿®¤¬¤Ç¤­¤Ê¤¤¤È¤¤¤¦»ö¤â¤¢¤ê¤¨¤Þ¤¹¡£

    ¤³¤Î¤è¤¦¤Ê±Æ¶Á¤ò¡¢·Ú¸º¤¹¤ëÊýË¡¤¬Ìµ¤¤¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£¾ÚÌÀ½ñ¤ò¹¹¿·¤¹¤ë¤ÈȽÃǤ·¡¢Æ±¤¸Ãæ´ÖCA¤«¤é¾ÚÌÀ½ñ¤¬È¯¹Ô¤Ç¤­¤Ê¤¤¤È¤ï¤«¤Ã¤¿»þÅÀA¤Ç¡¢¤½¤³¤«¤émax-age·Ð²á¤·¤¿»þÅÀB¤òµ­Ï¿¤·¤Æ¤ª¤­¡¢¿·¤·¤¤¾ÚÌÀ½ñ¤ò¼èÆÀ¤·¤Þ¤¹¡£(¤¬»È¤¤¤Þ¤»¤ó¡£)¡£¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤È¤·¤Æ¡¢¤½¤Î¿·¤·¤¤¾ÚÌÀ½ñ¤ÎÊ̤ÎÃæ´ÖCA¾ÚÌÀ½ñ¤Î¸ø³«¸°¤ÎPin¤ò¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Î¥Ø¥Ã¥À¤ËÀßÄꤷ¤Þ¤¹¡£»þÅÀB¤Ë¤Ê¤Ã¤Æ¡¢½é¤á¤Æ¿·¤·¤¤¾ÚÌÀ½ñ¤Ø¤ÎÆþ¤ìÂؤ¨¤ò¼Â»Ü¤·¤Þ¤¹¡£¤³¤Î»ö¤«¤é¡¢max-age¤ò1ǯÅù¡¢Ä¹¤¯¤È¤ì¤Ðµ¶¥µ¥¤¥È¤ÎËɻߤˤÏÌòΩ¤Á¤Þ¤¹¤¬¡¢º£½Ò¤Ù¤¿¤è¤¦¤Ê¾ÚÌÀ½ñ¹¹¿·¤Î¥ê¥¹¥¯¤â¤¢¤ê¡¢È¾·î¤«¤é1¥ö·îÄøÅÙ¤ËÀßÄꤹ¤ë¤Î¤¬ÂÅÅö¤Ê¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

    4.8. 2¤Ä¤ÎCA¾ÚÌÀ½ñ¤ËPin¤¹¤ë¾ì¹ç¤Î²ÝÂê

    SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·¤ÎºÝ¤Ë¡¢2¤Ä¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¡¢Î㤨¤ÐSymantec¤ÈGlobalSign¤ò¸ò¸ß¤Ë¾è¤ê´¹¤¨¤ë¤È¤·¤Æ¡¢¤³¤ì¤é2¤Ä¤ÎÃæ´ÖCA¾ÚÌÀ½ñ¤ÎPin¤ò¥Ø¥Ã¥À¤ËÀßÄꤷ¡¢»ÈÍѤ·¤Æ¤Ê¤¤¤Ê¤¤Êý¤ò¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤È¤¹¤ë¤Î¤Ï¡¢¤Ê¤«¤Ê¤«¸­¤¤ÊýË¡¤À¤È»×¤¤¤Þ¤¹¡£
    hpkp-two

    ¤·¤«¤·¤Ê¤¬¤é¡¢Á°½Ò¤ÎÍýͳ¤Ë¤è¤ê¡¢Symantec¤Î¼¡¤Ëȯ¹Ô¤·¤Æ¤â¤é¤ª¤¦¤ÈͽÄꤷ¤Æ¤¤¤¿GlobalSign¤ÎÃæ´ÖCA¾ÚÌÀ½ñ¤ÎPin¤¬»È¤¨¤Ê¤¤¥±¡¼¥¹¤¬¤¢¤ê¤Þ¤¹¡£

    °Ê¾å¤Î¤è¤¦¤Ë¡¢CA¾ÚÌÀ½ñ¤ËPin¤òÂǤĥ±¡¼¥¹¤Ç¤Ï¡¢¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Îµ¤¤Þ¤°¤ì¤Ë¥Ó¥¯¥Ó¥¯¤·¤Ê¤¬¤é¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHPKP¤ò±¿ÍѤ¹¤ë¤Î¤Ï¤È¤Æ¤âÌÌÅݤÀ¤È»×¤¤¤Þ¤»¤ó¤«? ¤½¤ì¤Ê¤é¡¢¤Þ¤À¡¢¼«Ê¬¤Ç¥³¥ó¥È¥í¡¼¥ë¤Ç¤­¤ëSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ËPin¤òÂǤÄÊý¤¬¡¢ÌÌÅݤǤâÎɤ¤¤è¤¦¤Êµ¤¤â¤·¤Æ¤­¤Þ¤¹¡£

    4.9. max-age¤Î¥ª¥¹¥¹¥áÃͤò¹Í¤¨¤ë

    RFC 7469 4.1Àá¤Î ¥»¥­¥å¥ê¥Æ¥£¹Í»¡¤Ë¤ª¤¤¤Æ¡¢max-age¤ÎºÇÂçÃͤˤĤ¤¤Æ°Ê²¼¤Î¤è¤¦¤Ëµ­ºÜ¤µ¤ì¤Æ¤ª¤ê¡¢ ¡Ö60Æü¤¬¥Ð¥é¥ó¥¹¤Î¼è¤ì¤¿Ãͤ«¤â¤Í¡×¤È¸À¤Ã¤Æ¤¤¤Þ¤¹¡£

    RFC 7469 4.1. Maximum max-age ¤è¤ê
    However, a value on the order of 60 days (5,184,000 seconds) may be considered a balance between the two competing security concerns.
    ¤¿¤À¡¢5¾Ï¤ÎScott Helme»á¤ÎHPKPÂбþ¥É¥á¥¤¥ó¥ê¥¹¥È¤Ë´ð¤Å¤¤¤¿»ä¤ÎÄ´ºº¤Ç¤Ï¡¢ ¤Þ¤È¤â¤Ê±¿ÍѤò¤·¤Æ¤¤¤ëÀßÄê¤ÎÃæ¤Ç¤Ï¡¢ 30Æü¤¬26%¡¢¼¡¤¤¤Ç60Æü¤¬19%¤È¿¤¤¤Ç¤¹¡£

    max-age¤ÎÃͤ¬Ä¹¤¹¤®¤ë¤È¡¢

    • ÀßÄê¥ß¥¹¤Ë¤è¤ë¾ã³²È¯À¸»þ¤ËĹ´ü´ÖÀܳ¤Ç¤­¤Ê¤¤¥æ¡¼¥¶¤¬½Ð¤Æ¤·¤Þ¤¦
    • Í­¸ú´ü´Ö¤Î¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤¬É¬Íפʾì¹ç¡¢¼Â¼ÁŪ¤Ê¾ÚÌÀ½ñÍ­¸ú´ü´Ö¤¬Ìܸº¤ê¤·¤Æ±¿ÍÑ¥³¥¹¥È¤Ë±Æ¶Á¤¹¤ë
    ¤È¤¤¤¦¥ê¥¹¥¯¤Ë¤Ä¤¤¤Æ¡¢4.2Àá¤ÇÀâÌÀ¤µ¤»¤Æ夭¤Þ¤·¤¿¤¬¡¢ µÕ¤Ë¡¢max-age¤¬Ã»¤¹¤®¤ë¤È¤É¤¦¤Ê¤ë¤Î¤Ç¤·¤ç¤¦¤«¡©

    ´Êñ¤Ë¤Ï¡¢¥Ë¥»¤ÎHTTPS¥µ¥¤¥È¤Ë¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤¬¹â¤¯¤Ê¤ë¤È¤¤¤¦»ö¤«¤È»×¤¤¤Þ¤¹¡£ ËÜʪ¥µ¥¤¥È¤Îmax-age¤¬Ã»¤¯¤Æ¡¢Í­¸ú´ü¸Â¤¬Àڤ줿¥¿¥¤¥ß¥ó¥°¤Ç¡¢¥É¥á¥¤¥ó¾è¼è¤êÅù¤ÎÈï³²¤Ë¤¢¤Ã¤Æ µ¶¥µ¥¤¥È¤¬ºî¤é¤ì¡¢¤½¤³¤Ç1ǯÅùŤ¤max-age¤ÎHPKP¥Ø¥Ã¥ÀÂбþ¤Î¥Ë¥»¥µ¥¤¥È¤¬ºî¤é¤ì¤¿¤È¤¹¤ë¤È¡¢ °ìÅÙ¤½¤Î¤è¤¦¤Ë¤Ê¤ì¤Ð¡¢ÅöÌÌ1ǯ´Ö¤Ï¡¢¥Ë¥»¥µ¥¤¥È¤Ë¤·¤«·Ò¤²¤Ê¤¤¤è¤¦¤Ê¥æ¡¼¥¶¤¬È¯À¸¤¹¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
    hpkp-maxage
    max-age¤¬Ã»¤¤¤È¡¢¤½¤ì¤À¤±¹¶·â¤Î¥Á¥ã¥ó¥¹¤ÏÁý¤¨¤ë¤¿¤á¡¢max-age¤Ï¤¢¤ëÄøÅÙŤ¯¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£

    ÍÍ¡¹¤Ê¾ðÊ󥽡¼¥¹¤«¤é¡¢ ¥Ë¥»¥µ¥¤¥È¤òºî¤é¤ì¤Æ¤¤¤¿¤Èµ¤¤Å¤¯¤Þ¤Ç¤Ë¡¢¤½¤ì¤Û¤É»þ´Ö¤Ï¤«¤«¤é¤Ê¤¤¤È»×¤¤¤Þ¤¹¡£ ¿ôÆü¤«¤é1½µ´Ö¤â¤¢¤ì¤ÐÌäÂê¤Ëµ¤¤Å¤¯¤È»×¤¤¤Þ¤¹¡£ Ⱦ·î¤ä1¥ö·î¤âµ¤¤Å¤«¤Ê¤¤¤Þ¤Þ¤¤¤ë»ö¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¡£ ¡Ö¥Ë¥»HTTPS¥µ¥¤¥ÈÌäÂê¤Ëµ¤¤Å¤¯¤Þ¤Ç¤ËÃÙ¤¯¤È¤â¤É¤ì¤¯¤é¤¤¤«¤«¤ë¤«¡×¤Ë¤è¤Ã¤Æ max-age¤ÎºÇ¾®Ãͤò·è¤á¤ë¤Î¤¬¤è¤¤¤È»×¤¤¤Þ¤¹¡£

    ½¾¤Ã¤Æ¡¢¹¶·â¤È²ÄÍÑÀ­¤Î¥ê¥¹¥¯¤Î¥È¥ì¡¼¥É¥ª¥Õ¤Ç¡¢»ä¤Ïmax-age¤ò15Æü¤«30ÆüÄøÅÙ¤Ë ÀßÄꤹ¤ë¤Î¤¬Îɤ¤¤è¤¦¤Ë»×¤Ã¤Æ¤¤¤Þ¤¹¡£

    5. HPKP¤Ï¤É¤ÎÄøÅٻȤï¤ì¤Æ¤¤¤ë¤Î¤«

    2016ǯ3·î¤ÎNetcraft¼Ò¤ÎSSLÍøÍÑÄ´ºº¤Ë¤è¤ì¤Ð¡¢À¤³¦¤Ç¤ï¤º¤«0.09%¤Î4100¥µ¥¤¥È°Ê²¼¤°¤é¤¤¤·¤«¡¢HPKP¤òÀßÄꤷ¤Æ¤ª¤é¤º¡¢ÀßÄê¤Î¸í¤ê¤â¿¤¤¤½¤¦¤Ç¡¢Àµ¤·¤¯ÀßÄê¤Ç¤­¤Æ¤¤¤ë¤Î¤Ï¡¢¤½¤Î¤¦¤Á3000¥µ¥¤¥ÈÄøÅ٤ʤΤÀ¤½¤¦¤Ç¤¹¡£

    ¤Þ¤¿¡¢CSP(Content Security Policy)¤äHPKP¤Ë¾Ü¤·¤¯¡¢HPKP¤Î¸¡¾Ú¤ä¥ì¥Ý¡¼¥ÈÀ襵¥¤¥È¤ò±¿±Ä¤·¤Æ¤¤¤ëScott Helme»á¤Î¥Ö¥í¥°¤Ë¤è¤ì¤Ð¡¢Alexa¾å°Ì100Ëü¤Î¥µ¥¤¥È¤Î¤¦¤ÁHPKP¤òÀßÄꤷ¤Æ¤¤¤ë¤Î¤Ï¡¢¤ï¤º¤«375¥µ¥¤¥È¤Ç¤¢¤Ã¤¿¤È¤¤¤¦Êó¹ð¤â¤¢¤ê¤Þ¤¹¡£

    Scott Helme»á¤Ï¡¢Ä´ºº¤ÎºÝ¤Î¥Ç¡¼¥¿¤â¸ø³«¤·¤Æ¤ª¤ê¡¢2016ǯ8·î»þÅÀ¤Ç¤ÎHPKPÂбþ¥µ¥¤¥È¤Î¥É¥á¥¤¥ó̾¥ê¥¹¥È448·ï¤¬¤¢¤Ã¤¿¤Î¤Ç¡¢¤½¤ì¤ò¥Ù¡¼¥¹¤Ë2017ǯ2·î¸½ºß¤Ç¤âHPKP¥Ø¥Ã¥À¤òÊÖ¤¹¥µ¥¤¥È283·ï¤ËÂФ·¤Æ¾¯¤·Ä´ºº¤·¤Æ¤ß¤Þ¤·¤¿¡£

    hpkp-graph1
    ¤Þ¤º¡¢HPKP¥Ø¥Ã¥À¤È¤·¤ÆÀµ¤·¤¤¥Õ¥©¡¼¥Þ¥Ã¥È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤«¡¢¤Þ¤¿¡¢»ÅÍ;åPIN¤Î¥Ï¥Ã¥·¥åÃͤÏ2¤Ä°Ê¾åɬÍפǤ¹¤¬¡¢2¤Ä°Ê¾å¤¢¤ë¤«¤È¤¤¤¦´ÑÅÀ¤Ç¡¢¥Ø¥Ã¥À¤¬¤É¤ÎÄøÅÙÀµ¤·¤¤¤«¤òÄ´¤Ù¤Þ¤·¤¿¡£16%¤ÏÀßÄ꤬Àµ¤·¤¯¤Ê¤¤¤³¤È¤¬¤ï¤«¤ê¤Þ¤·¤¿¡£´Ö°ã¤Ã¤Æ¤¤¤ë¤â¤Î¤ÎÃæ¤Ë¤Ï¡¢pin-sha256°À­¤¬Ìµ¤¤¡¢pin-sha256¤ÎÃͤ¬ÉÔŬÀÚ¡¢pin-sha256°À­¤¬°ì¤Ä¤·¤«¤Ê¤¤¡¢¤Ê¤ÉÍÍ¡¹¤Ç¤¹¡£Î㤨¤Ð¤³¤ó¤Ê¤â¤Î¤¬¤¢¤ê¤Þ¤·¤¿¡£
    • ...
    • pin-sha256="base64+info1="; max-age=3
    hpkp-graph2
    ¼¡¤Ë¡¢HPKP¥Ø¥Ã¥À¤ÎPIN¤Î¥Ï¥Ã¥·¥åÃͤθĿô¤Ç¤¹¡£°ìÈ̤ˤÏPIN¤Î¥Ï¥Ã¥·¥åÃͤÏ2¤Ä¤Ç½½Ê¬¤Ç¡¢2¤Ä¤È¤Ê¤Ã¤Æ¤¤¤ë¥µ¥¤¥È¤¬Â¿¤¯Àê¤á¤Þ¤¹¤¬¡¢1¸Ä¤·¤«¤Ê¤¤¸í¤Ã¤¿¥µ¥¤¥È¤ä¡¢3¤Ä°Ê¾å¤òÀßÄꤷ¤Æ¤¤¤ë¥µ¥¤¥È¤âÁêÅö¿ô¤¢¤ê¤Þ¤¹¡£15¸ÄÀßÄꤷ¤Æ¤¤¤ë¤È¤¤¤¦ÌԼԤ⤢¤ê¤Þ¤·¤¿¡£
    hpkp-graph3
    HPKP¤ÇÍ­¸ú¤Ê¸ø³«¸°¥Ï¥Ã¥·¥å¤ÎÊݸ´ü´Ö¤òÄê¤á¤Æ¤¤¤ë¤Î¤¬¡¢max-age¤ÎÃͤǤ¹¡£RFC¤Ç¤Ï¡¢60Æü¤ò¿ä¾©¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢¼ÂºÝ¤Ë¤Ï30Æü¤òÀßÄꤹ¤ë¥µ¥¤¥È¤¬Â¿¤¤¤È¤ï¤«¤ê¤Þ¤¹¡£¤Þ¤¿¡¢¥Æ¥¹¥ÈÃæ¤Ê¤Î¤«1Æü°Ê²¼¤Ë¤·¤Æ¤¤¤ë¥µ¥¤¥È¤âÁêÅö¿ô¤¢¤ê¤Þ¤¹¡£Ã»¤¤¤È¥µ¥¤¥È¤ò¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤¬¹â¤Þ¤ê¤Þ¤¹¤·¡¢Ä¹¤¹¤®¤ë¤ÈÀßÄê¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤½¤Î´ü´ÖÀܳÉÔǽ¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤¹¡£1ǯ¤Ê¤É¤ÈÀßÄꤹ¤ë¤È¡¢ÀßÄ꼺ÇÔ¤·¤Æ¤¤¤¿¤é1ǯ´ÖÀܳ¤Ç¤­¤Ê¤¤¥æ¡¼¥¶¡¼¤¬½Ð¤Æ¥¯¥ì¡¼¥à³Î¼Â¤Ê¤Î¤Ë¶²¤í¤·¤¤¤Ç¤¹¤Í¡£
    hpkp-graph4
    report-uri¤òÀßÄꤹ¤ë¤È¡¢Âбþ¥Ö¥é¥¦¥¶¤Ê¤é¤Ð¡¢HPKP¤Î¥¨¥é¡¼¤ÎºÝ¤Ë»ØÄꤷ¤¿URL¤Ë¥ì¥Ý¡¼¥È¤òÁ÷¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£Jxck¤µ¤ó¤Î¥µ¥¤¥È¤Ç¤ÏÀßÄꤵ¤ì¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¤¬¡¢¤Þ¤À¤Þ¤ÀÀßÄꤷ¤Æ¤¤¤ë¥µ¥¤¥È¤Ï¾¯¤Ê¤½¤¦¤Ç¤¹¡£
    hpkp-graph5
    HPKP¥Ø¥Ã¥À¤ÎÃͤˤϡ¢includeSubDomain¤È¤¤¤¦¥×¥í¥Ñ¥Æ¥£¤ò¤Ä¤±¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤ì¤ò¤Ä¤±¤ë¤Èexample.com¤ËHPKP¤òÀßÄꤷ¤Æ¤ª¤±¤Ð¡¢sub1.example.com¥É¥á¥¤¥ó¤ËÂФ·¤Æ¤âŬÍѤµ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
    hpkp-graph6
    HPKP¥Ø¥Ã¥À¤È¤·¤Æ¡¢Ä̾ï¤Ï"Public-Key-Pins"¤ò»È¤¤¤Þ¤¹¤¬¡¢"Public-Key-Pins-Report-Only"¤ò»È¤¨¤Ð¡¢¥Ö¥é¥¦¥¶¤ÏHPKP¤ò¸¡¾Ú¤»¤º¤Ë¡¢¥¨¥é¡¼¤È¤Ê¤Ã¤Æ¤âHTTPSÀܳ¤Ï³¤±¤é¤ì¤ë¥Æ¥¹¥ÈÍѤε¡Ç½¤¬¤¢¤ê¤Þ¤¹¡£Ìó10%¤Î¥µ¥¤¥È¤¬¤³¤Î¥Æ¥¹¥ÈÍѤÎÀßÄê¤ò»È¤Ã¤Æ¤¤¤ë¤È¤ï¤«¤ê¤Þ¤¹¡£
    hpkp-graph7
    Scott Helme»á¤Î2017ǯ»þÅÀ¤ÇÀܳ²Äǽ¤ÊHPKPÂбþ¥µ¥¤¥È283·ï¤Î¤¦¤ÁgTLD(com¡¢orgÅù)¡¢ccTLD(de¡¢ru¡¢jpÅù)Ê̤˷ï¿ô¤òÄ´¤Ù¤Æ¤ß¤ë¤È¡¢com¤¬Â¿¤¤¤Î¤ÏÅöÁ³¤Ç¤È¤·¤Æ¡¢¼ÂºÝ¤Î³ÆTLD¤ÎÅÐÏ¿·ï¿ô¤ËÈæ³Ó¤·¤Æ¸²Ãø¤Ë¿¤¤TLD¤¬¸«¤é¤ì¤Þ¤·¤¿¡£com¤Ï1.3²¯¡¢net¤Ède¤Ï1600Ëü¡¢ru¤Ï540Ëü¥É¥á¥¤¥ó¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¥É¥á¥¤¥óÅÐÏ¿¿ô¤ËÈæ¤Ù¤Æ¡¢ÈæΨŪ¤Ëru¡¢org¡¢de¤ÏÆͽФ·¤Æ¿¤¯¤Þ¤¿¡¢¥°¥é¥Õ¾å¤Ï¤½¤Î¾¤È¤·¤Æ¤¤¤Þ¤¹¤¬¡¢¥Þ¥¤¥Ê¡¼¤ÊccTLD¤Î¹ñ¤Ë¤Ä¤¤¤Æ¤â¡¢Èæ³ÓŪHPKPÀßÄ꤬¿¤¤¹ñ¤¬¤¢¤ê¤Þ¤¹¡£¤Þ¤¿¡¢edu¤¬°Û¾ï¤Ë¾¯¤Ê¤¤¤Î¤âµ¤¤Ë¤Ê¤ê¤Þ¤·¤¿¡£¤½¤Î¾¤Ë¤Ï¡¢ar/br/cl/il/pt/nl/tn/sk¤Ê¤É¡¢¥Þ¥¤¥Ê¡¼¤Ê¤â¤Î¤¬ 50¶á¤¯¤¢¤ê¤Þ¤·¤¿¡£

    6. º£¤ÎHPKP¤Î²¿¤¬¤¤¤±¤Ê¤«¤Ã¤¿¤Î¤«

    hpkp¤ÎȯÁÛ¼«ÂΤϡ¢ÉÔÀµÈ¯¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»È¤Ã¤¿µ¶¥µ¥¤¥È¤òËɤ°¤¿¤á¤Î»ÅÁȤߤȤ·¤ÆÍ­ÍѤǤ¢¤ê¡¢Chrome¤äFirefox¤Î¥Ö¥é¥¦¥¶ÁȤ߹þ¤ß¤Î¥×¥ê¥í¡¼¥È¥Ô¥ó¤Ï ¤¦¤Þ¤¯µ¡Ç½¤·¤Æ¤¤¤ë¤è¤¦¤Ë»×¤¨¤Þ¤¹¡£ ¤½¤Î°ìÊý¤ÇHPKP¥Ø¥Ã¥À¤ò»È¤Ã¤¿Êý¼°¤Ï¡¢ ¤«¤Ê¤ê±¿ÍѤ¬Ê£»¨¤ÇÆñ¤·¤¯¡¢¼ºÇÔ¤¹¤ë¤È 2¥ö·î¤È¤¤¤Ã¤¿¡¢Ä¹´ü´Ö¡¢°ìÉô¤Î¥æ¡¼¥¶¤ÏÀܳ¤Ç¤­¤Ê¤¤¤È¤¤¤¦¡¢¾ã³²¤¬È¯À¸¤¹¤ë¥ê¥¹¥¯¤â¹â¤¤¤³¤È¤¬¤ï¤«¤ê¤Þ¤·¤¿¡£

    ¸Ä¿Í¤äÃæ¾®¤Î¥µ¥¤¥È¤ÇÉÔÀµ¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤Þ¤Çµ¶¥µ¥¤¥È¤òºî¤ë¥á¥ê¥Ã¥È¤Ï¸«Åö¤¿¤é¤º¡¢¹¶·â¤ò¼õ¤±¤ë²ÄǽÀ­¤â¶Ë¤á¤ÆÄ㤤¤¿¤á¡¢HPKP¤ò»È¤Ã¤Æ¥µ¡¼¥Ó¥¹¾ã³²¤Î¥ê¥¹¥¯¤ò¼è¤Ã¤Æ¤Þ¤ÇHPKP¤òƳÆþ¤¹¤ëɬÍפϤʤ¤¤È»×¤¤¤Þ¤¹¡£

    ¤Ç¤Ï¡¢°ìÈÌ¥µ¥¤¥È¸þ¤±¤ËHPKP¤ÎÉáµÚ¤¬¿Ê¤à¤¿¤á¤Ë¤Ï¡¢±¿ÍѤΤ·¤ä¤¹¤¤¥µ¡¼¥Ó¥¹¾ã³²¤¬µ¯¤­¤Ë¤¯¤¤»ÅÍͤÎÊѹ¹¤¬É¬ÍפÀ¤È»×¤¤¤Þ¤¹¤¬¡¢¤É¤¦¤¹¤ì¤Ð¤³¤ì¤¬²Äǽ¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¤«¡©

    max-age¤ò2¥ö·î¤È²¾Äꤷ¤Æ¡¢ HPKP¥Ø¥Ã¥À¤Ç±¿ÍѾå¤Î²ÝÂê¤Ê¤Î¤Ï¡¢¾ÚÌÀ½ñ¹¹¿·¤Î2¥ö·îÁ°¤Ë¡¢¥Ô¥ó¤¬Êѹ¹¤Ë¤Ê¤ë¤Ê¤éÀßÄê¤ò»öÁ°ÀßÄꤷ¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢´Ö°ã¤¨¤Ëµ¤¤Å¤¤¤Æ¥Ø¥Ã¥ÀÀßÄê¤òľ¤·¤Æ¤â¡¢2¥ö·î¤ÏÄÌ¿®¾ã³²¤¬È¯À¸¤¹¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£

    ¤½¤³¤Ç¡¢´Ö°ã¤¨¤Ëµ¤¤Å¤¤¤¿»þ¤Ë¤Ï¡¢¤¹¤°¤ËÀßÄêÊѹ¹¤¬È¿±Ç¤Ç¤­¤¿¤ê¡¢¥µ¡¼¥Ð¡¼Â¦¤Ç»ÃÄêŪ¤Ë¥Ö¥é¥¦¥¶¤ÎHPKP¸¡¾Ú¤ò̵¸ú²½¤Ç¤­¤ë¥­¥ë¥¹¥¤¥Ã¥Á¤¬¤¢¤ë¤È¤è¤¤¤È»×¤¦¤Î¤Ç¤¹¡£¿¼¤¯¹Í»¡¤·¤¿Ìõ¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢Î㤨¤Ð¡¢HPKP¹¹¿·Æü¤ò¥Ø¥Ã¥À¤Ëµ­ºÜ¤¹¤ë¤Ê¤É¤·¤Æ¡¢ÀßÄê¤Ë¹¹¿·¤¬¤¢¤ì¤Ðmax-age¤Ë´Ø¤ï¤é¤º¹¹¿·¤·¡¢Ìµ¸ú²½¤¹¤ë¤Ê¤é¡¢Ìµ¸ú²½¤¹¤ë¤È¤¤¤Ã¤¿µ¡Ç½¤òÄ󶡤¹¤ì¤Ð¡¢±¿ÍѤÏmax-age¤äÀßÄê¥ß¥¹¤Î¼öÇû¤«¤é²òÊü¤µ¤ì¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

    ¾¤Ë¤â¤³¤ÎÌäÂê¤Î²ò·èÊýË¡¤Ï¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢²¿¤é¤«¤Î¼êÅö¤Æ¤ò¤·¤Ê¤¤¸Â¤ê¡¢HPKP¤ÏÉáµÚ¤·¤½¤¦¤Ë¤Ï¤¢¤ê¤Þ¤»¤ó¡£

    7. ¤ª¤ï¤ê¤Ë

    °Ê¾å¡¢HPKP¤Ë¤Ä¤¤¤Æ¡¢¤É¤³¤Ë¥Ô¥ó¤òÂǤĤ«¡¢max-age¤Ï¤É¤¦¤¹¤ë¤«¤Ê¤É±¿ÍÑÌ̤«¤é¡¢ ¤¤¤í¤¤¤í¹Í»¡¤äÀ°Íý¤ò¤·¤Æ¤ß¤Þ¤·¤¿¡£ ¸½»þÅÀ¤Ç¤Ï¡¢HPKP¤òƳÆþ¤¹¤ë¤Î¤Ï»þ´ü¾°Áá¤Ç¡¢ ±¿ÍѤËÉéô¤ò¤«¤±¡¢¥µ¡¼¥Ó¥¹Ää»ß¤Î¥ê¥¹¥¯¤â¹â¤¤¤È¤¤¤¦¤³¤È¤â ¤´Íý²ò¤¤¤¿¤À¤±¤¿¤Î¤Ç¤Ï¤È»×¤¤¤Þ¤¹¡£

    ¤³¤ì¤Ç¡¢¼«Ê¬¤¬HPKP¤Ë¤Ä¤¤¤ÆÁ°¤«¤é½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤¤¤¿¤³¤È¤ò¡¢ Íî¤ÁÃ夤¤ÆÀ°Íý¤Ç¤­¡¢3ǯ±Û¤·¤°¤é¤¤¤ËÅǤ­½Ð¤»¤Þ¤·¤¿¡£ ¤ï¤«¤ê¤Ë¤¯¤«¤Ã¤¿¤ê¡¢Íý²ò¤¬´Ö°ã¤Ã¤Æ¤¤¤¿¤é¤¹¤ß¤Þ¤»¤ó¡£ ¸Ä¿ÍŪ¤Ë¤Ï¡¢HPKP¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤ì¤Ç¤ï¤À¤«¤Þ¤ê¤È¤«¥â¥ä¥â¥ä´¶¤È¤¤¤¦¤Ï³µ¤Í ʧ¿¡¤µ¤ì¤¿¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£ ¤Þ¤¡¡¢¡Ö¥Ö¥í¥°¤Ê¤ó¤Æ¤½¤ó¤Ê¥â¥Î¤è¤Í¡×¤Ã¤Æ¤³¤È¤Ç¡¢¡¢¡¢£÷

    8. (»²¹Í) HPKP´ØÏ¢¤ÎÊÙ¶¯¤Ë¤Ê¤ë¥ê¥ó¥¯

    Netcraft: Secure websites shun HTTP Public Key Pinning
    HPKP¤¬Î®¹Ô¤Ã¤Æ¤¤¤Ê¤¤¤³¤È¤ÎÅý·×¡£¤Ê¤¼Î®¹Ô¤é¤Ê¤¤¤«¤Î²òÀâ¡£Îɵ­»ö¡£
    Netcraft: HTTP Public Key Pinning: You're doing it wrong!
    Netcraft¼Ò¤Î¡¢À¤¤ÎÃæ¤ÎHPKPÂбþ¥µ¥¤¥È¤ÎÀßÄê¸í¤ê¤Ë´Ø¤¹¤ë²òÀâ¡£Îɵ­»ö¡£
    Scott Helme¤µ¤ó¤ÎHPKP¥Ö¥í¥°µ­»ö
    CSP¤äHSTS¤äHPKP¤Ê¤ÉSSL´ØÏ¢µ»½Ñ¤ÎÀìÌç²È¤Ç¡¢HPKP¤Ê¤É¤Î¥ì¥Ý¡¼¥ÈÀ襵¥¤¥È report-uri.io ¤ò ±¿±Ä¤·¤Æ¤¤¤ëScott Helme¤µ¤ó¤Î¥Ö¥í¥°¡£HPKPÂбþ¥µ¥¤¥È¤Î¥É¥á¥¤¥ó¥ê¥¹¥È¤Ê¤É¤Î¥Ç¡¼¥¿¤â¤¢¤ê¤Þ¤¹¡£
    Qualys Blog: Is HTTP Public Key Pinning Dead?
    Ivan Ristic»á¤Î¡¢¡ÖHPKP¤¬½ª¤ï¤Ã¤Æ¤¤¤ë¤«¡©¡×¤Ë´Ø¤¹¤ëµÄÏÀ¡£
    Raymii.org: HTTP Public Key Pinning Extension HPKP for Apache, NGINX and Lighttpd
    ²òÀâ¤Ï½¼¼Â¡£³Æ¥µ¡¼¥Ð¡¼Ëè¤ÎHPKP¥Ø¥Ã¥À¤ÎÀßÄêÎã¡£
    MDN: Public Key Pinning
    Mozilla¤Ë¤è¤ëHPKP²òÀâ¡£Chrome¤äFirefox¤Ç¤ÎHPKPÂбþ¥Ð¡¼¥¸¥ç¥ó¤Îµ­½Ò¡£¥µ¡¼¥Ð¡¼ÀßÄêÎã ¥ì¥Ý¡¼¥Èµ¡Ç½¤Ï¿·¤·¤¤Chrome¤·¤«»È¤¨¤Ê¤¤»ö¤Î¸ÀµÚ¤Ê¤É¡¢»²¹Í¤Ë¤Ê¤ë¡£
    Public Key Pinning¤Ë¤Ä¤¤¤Æ - Chris Palmer (¸¶Ê¸)
    Chris Palmer¤Ë¤è¤ëHPKP²òÀâ¡£¸í²ò¤â¤¢¤ë¤¬¡¢½é¤á¤Æ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¤É¤³¤Ë¥Ô¥ó¤òÀßÄꤹ¤ë¤«¡¢¤½¤Î¥±¡¼¥¹Ê¬¤±¤Ë¤Ä¤¤¤Æ¹Í»¡¤·¤¿µ­»ö¡£
    ¤Ü¤Á¤Ü¤ÁÆüµ­¡§ÉÔÀµ¤ÊSSL¾ÚÌÀ½ñ¤ò¸«ÇˤëPublic Key Pinning¤ò»î¤¹
    jovi¤µ¤ó¤Ë¤è¤ëHPKP(¥É¥é¥Õ¥È)¤Ë´Ø¤¹¤ë¾ÜºÙ¤«¤Ä¹­ÈϤʲòÀâ¤Ç¤¹¡£
    Jxck¤µ¤ó¤Î¥Ö¥í¥°¡§Public Key Pinning for HTTP(HPKP) Âбþ¤È report-uri.io ¤Ç¤Î¥ì¥Ý¡¼¥È¼ý½¸
    Jxck¤µ¤ó¤Î²òÀâ¡£ÆäËreport-uri¤Îµ¡Ç½¤ò»î¤·¤Æ¤ß¤¿Êó¹ð¤¬µ®½Å¡£
    ¸ø³«¸°¥Ô¥ó¥Ë¥ó¥°¤Ë¤è¤ë¥æ¡¼¥¶ÄÉÀ× HPKP Supercookies
    º£²ó¤Îµ­»ö¤È¤Ï¤¢¤Þ¤ê´Ø·¸¤Ê¤¤¤Ç¤¹¤¬¡¢ ¤Ë¤·¤à¤Í¤¢¤µ¤ó¤ÎHPKP¤ò»È¤Ã¤¿¥¯¥Ã¥­¡¼¤ò»È¤ï¤Ê¤¤¥æ¡¼¥¶¡¼ÆÃÄê¤ÎÌÌÇò¤¤»î¤ß¤Ë´Ø¤¹¤ë¥¹¥é¥¤¥É»ñÎÁ¡£
    OWASP: Certificate and Public Key Pinning
    OWASP¤Î²òÀâµ­»ö¡£ÌµÂ̤ʾðÊó¤â¿¤¤¡£

    9. Äɵ­

    9.1. Äɵ­(2017.02.26) HPKP¤Î¥Ö¥é¥¦¥¶¥µ¥Ý¡¼¥È¾õ¶·

    caniuse.com¥µ¥¤¥È¤Ç¤ÏÍÍ¡¹¤Ê¥Ö¥é¥¦¥¶¤Îµ¡Ç½¤Î¥µ¥Ý¡¼¥È¾õ¶·¤ò¾ðÊóÄ󶡤·¤Æ¤¤¤Þ¤¹¤¬¡¢ 2017ǯ2·î»þÅÀ¤Ç¤Î HPKP¤Î¥Ö¥é¥¦¥¶¥µ¥Ý¡¼¥È¾õ¶·¤Ë¤Ä¤¤¤Æ¤â µ­ºÜ¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¼¨¤·¤Æ¤ª¤­¤Þ¤¹¡£Firefox¡¢Chrome¡¢Opera¡¢AndroidÈÇChrome¤Ç¤Ï ¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤ì°Ê³°¤Ç¤Ï¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
    hpkp-caniuse

    9.2. Äɵ­(2017.02.26) smashingmagazine.com¤ÇȯÀ¸¤·¤¿HPKP¾ã³²

    ¤½¤Î¸å¡¢HPKP¤Ë¤Ä¤¤¤Æ·Ñ³¤·¤ÆÄ´¤Ùʪ¤ò¤·¤Æ¤¤¤¿¤é¡¢ smashingmagazine.com¤Î¥Ö¥í¥°¤Ç¡¢ HPKP¤Ë¤è¤êȯÀ¸¤·¤¿Àܳ¾ã³²¤Ë¤Ä¤¤¤Æ¤Î¹Í»¡¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤·¤¿¡£ ¤³¤³¤Ç¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë½ñ¤«¤ì¤Æ¤¤¤Þ¤·¤¿¡£

    • HPKP¤ÏÃæ´Ö¼Ô¹¶·â¤ËÂФ·¤ÆÍ­¸ú¤Êµ¡Ç½¤À¤¬
    • HPKP¤ÎÀßÄê¥ß¥¹¤Ç2016ǯ10·î21Æü¤«¤é25Æü¤Ë¤«¤±HTTPSÀܳ¾ã³²¤¬È¯À¸
    • ¾ÚÌÀ½ñ´ü¸ÂÀÚ¤ì¤ÇHPKP¥Ø¥Ã¥À¤ò¹¹¿·¤·¤¿¤é¥¨¥é¡¼¤Ë¤Ê¤Ã¤¿
    • ¤¹¤Ç¤Ë¾ÚÌÀ½ñ¤Ï´ü¸ÂÀÚ¤ì¤Ç¥í¡¼¥ë¥Ð¥Ã¥¯¤Ï¤Ç¤­¤Ê¤¤
    ¶µ·±¤È¤·¤Æ¡¢¥Ö¥í¥°¤Ç¤Ï¡¢
    • ¶âÍ»¥µ¥¤¥È¤Ê¤É¤Ê¤é¤Ð¡¢HPKP¤ò»È¤¦²ÁÃͤϤ¢¤ë¤¬¡¢Ã±¤Ê¤ë¾ðÊóÄ󶡥µ¥¤¥È ¤Ê¤é¡¢¤½¤ÎɬÍפâ¤Ê¤¤¡£HPKPÀßÄê¥ß¥¹¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¤Ï¡¢Ãæ´Ö¼Ô¹¶·â¤è¤ê¤âÂ礭¤Ê¶¼°Ò¤À
    • max-age¤òû¤¯¤¹¤ë¤³¤È¤Ë¤è¤êÌäÂê¤ò´ËϤǤ­¤ë
    »ä¤â¥µ¡¼¥Ó¥¹Äó¶¡ÉÔǽ¤ÎÊý¤¬¡¢Â礭¤ÊÌäÂê¤À¤È¤¤¤¦¤Î¤ÏƱ°Õ¤Ç¤¹¤¬¡¢ Á°¤Ë¤â½Ò¤Ù¤¿Ä̤ꡢmax-age¤òû¤¹¤®¤ëÃͤËÀßÄꤹ¤ë¤Î¤Ï·üÌ¿¤Ç¤Ï¤Ê¤¯¡¢Ãí°Õ¤¬É¬ÍפǤ¹¡£ ¤³¤Î¥µ¥¤¥È¤Ç¤Ï¡¢max-age¤ò1ǯ¤È¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢³Î¤«¤Ë¤³¤ì¤ÏŤ¹¤®¤Þ¤¹¡£ ¿·¤·¤¯ÀßÄꤵ¤ì¤¿HPKP¥Ø¥Ã¥À¤ò¸«¤Æ¤ß¤Þ¤·¤¿¤¬¡¢¸½¹Ô¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¾¤Ë 3¤Ä¥Ô¥ó¤¬ÀßÄꤵ¤ì¤Æ¤ª¤ê¡¢max-age¤Ï1Æü¤ËÀßÄꤵ¤ì¤Æ¤ª¤ê¡¢¤¤¤í¤¤¤í¤ÈÀßÄê¤Ë¤ÏÌäÂ꤬¤¢¤ê¤½¤¦¤Ç¤¹¡£

    (¾®¥Í¥¿)Let's Encrypt¥Ù¡¼¥¿¾ÚÌÀ½ñȯ¹Ôµ­Ç°¡ª11/5¤Þ¤Ç¤ÎËÜÈִĶ­¤Î¾ÚÌÀ½ñȯ¹Ô¿ä°Ü

    ̵ÎÁ¤Ç³Ú¤Á¤ó¥Ý¥ó¤ÎDV¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÇÏÃÂê¤ÎLet's Encrypt¤Ç¤¹¤¬¡¢¥Ù¡¼¥¿¥×¥í¥°¥é¥à¤¬³«»Ï¤µ¤ì¡¢ËÜÈִĶ­¤Î¥ë¡¼¥È¤ò»ÈÍѤ·¤¿¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¡¢¿½¤·¹þ¤Þ¤Ê¤­¤ã¤È»×¤Ã¤Æ¤¤¤¿¤È¤³¤í¡¢¼«Ê¬¤Î¤â¤Ã¤Æ¤¤¤¿¥É¥á¥¤¥ó¤âÀÚ¤ì¤Æ¤ª¤ê¡¢»Å»ö¤â¤Á¤ç¤Ã¤ÈË»¤·¤¯¤Æ´°Á´¤Ë½ÐÃÙ¤ì¤Æ¤·¤Þ¤¤¡¢¤³¤ê¤ãInvitation¤¯¤ë¤Î¤Ï̵Íý¤«¤Ê¤¡¡¢¡¢¡¢¤È¡¢È¾¤ÐÄü¤á¤Æ¤¿¤ó¤Ç¤¹¤¬¡¢º£Ä«¡¢²¿¤ä¤éInvitation¤¬Íè¤Æ¡¢Ìµ»öËÜÈ֥롼¥È¤ò»È¤Ã¤¿¥Ù¡¼¥¿¤Î¾ÚÌÀ½ñ¤ËÆþ¤ìÂؤ¨¤ë¤³¤È¤¬¤Ç¤­¤Þ¤·¤¿¡£¤Á¤ç¤Ã¤È¤¦¤ì¤·¤¤¡£

    µ­Ç°¤Ëȯ¹ÔËç¿ô¿ä°Ü¤ò¥°¥é¥Õ¤Ë¤·¤Æ¤ß¤Þ¤·¤¿¡£9/12¤ËËÜÈ֥롼¥È¤È¤Ê¤ëºÇ½é¤Î¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¡¢10/26¤¢¤¿¤ê¤Ë¥Ù¡¼¥¿¤Î¾ÚÌÀ½ñȯ¹Ô¤¬³«»Ï¤µ¤ì¡¢11/4¤«¤éµÞ¤Ëȯ¹ÔËç¿ô¤¬Áý¤¨¤Æ¤¤¤ë¤Î¤¬¤ï¤«¤ë¤«¤È»×¤¤¤Þ¤¹¡£
    02

    Internet Week 2015¤Ç¡¢º£Ç¯¤ÎSSL/TLS¤Î¥È¥Ô¥Ã¥¯¤ä¤é¡¢Let's Encrypt¤ÎÏäʤ󤫤ò¤·¤Þ¤¹¤Î¤Ç¡¢¤è¤«¤Ã¤¿¤éÍè¤Æ¤¯¤À¤µ¤¤¡£

    Deep Inside Certificate Transparency (¤½¤Î1)

    Certificate Transparency(°Ê²¼CT)¤Ë¤Ï¿§¡¹ÌäÂ꤬¤¢¤Ã¤Æ²¿¤À¤«¤Ê¡Á¡Á¡Á¤È»×¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤¬¡¢»³¤¬¤½¤³¤Ë¤¢¤Ã¤¿¤é¡¢ÅФꤿ¤¯¤Ê¤ë¤Î¤â¤Þ¤¿¿Í¾ð¡Ê¡°¡°¡¨ CT¥í¥°¥µ¡¼¥Ð¡¼¤ä³ÊǼ¤µ¤ì¤Æ¤¤¤ë¥Ç¡¼¥¿¤Ë¤Ä¤¤¤Æ¡¢¤¤¤í¤ó¤Ê¥Ä¡¼¥ë¤òºî¤ê¤Ê¤¬¤éÄ´ºº¤ò¤·¤Æ¤¤¤Þ¤¹¡£²¿²ó¤«¤Ëʬ¤±¤Æ¡¢CT¤Ë¤Ä¤¤¤Æ¤ï¤«¤Ã¤¿¤³¤È¤ò½ñ¤¤¤Æ¤¤¤³¤¦¤È»×¤Ã¤Æ¤Þ¤¹¡£

    ¥×¥ì¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤Æ

    CT¤ËÂбþ¤·¤Æ¤¤¤ë¤³¤È¤ò¼¨¤¹¤¿¤á¤Ë¡¢´ö¤Ä¤«ÊýË¡¤Ï¤¢¤ë¤Î¤Ç¤¹¤¬¡¢¼ÂºÝ¤ËÍ­¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ïȯ¹Ô¤¹¤ë¾ÚÌÀ½ñ¤ËSigning Time Stamp(SCT)³ÈÄ¥¤òËä¤á¹þ¤à¤³¤È¤Ç¤¹¡£TLS¤Î³ÈÄ¥¤äOCSP¤È¤Ä¤¤¤Ç¤ËÅϤ¹¤È¤¤¤¦ÊýË¡¤Î¼ÂÁõ¤ò¸«¤¿¤³¤È¤¬¤¢¤ê¤Þ¤»¤ó¡£

    SCT³ÈÄ¥¤ò´Þ¤á¤ë¤¿¤á¤Ë¤Ï¥×¥ì¾ÚÌÀ½ñ¤Ê¤ë¾ÚÌÀ½ñ¤¬É¬Íפˤʤë¤ó¤Ç¤¹¤¬¡¢¥×¥ì¾ÚÌÀ½ñ¤¬¤É¤ó¤Ê¤â¤Î¤«¡¢¤É¤ó¤Ê¥Õ¥í¡¼¤Çȯ¹Ô¤µ¤ì¤ë¤Î¤«¤Ï¤³¤Î¥¹¥é¥¤¥É¤ÇÀâÌÀ¤·¤Æ¤¤¤Þ¤¹¡£DigiCert¤µ¤ó¤Î´ö¤Ä¤«¤Î¥Ú¡¼¥¸¤Ç¤â¥×¥ì¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤Æ²òÀ⤵¤ì¤Æ¤¤¤ë¤Î¤Ç¤è¤«¤Ã¤¿¤é¤´Í÷¤¯¤À¤µ¤¤¡£ [1] [2] [3]

    ¤³¤ì¤Þ¤Ç¤ËCT¤Î»ÅÁȤߤ¬Æ³Æþ¤µ¤ì¤ëÁ°¤Î¾ÚÌÀ½ñ¡¢CT¤ËÂбþ¤¹¤ëͽÄê¤Î¤Ê¤«¤Ã¤¿¾ÚÌÀ½ñ¤Ë´Ø¤·¤Æ¤ÏCT¤Î¥í¥°¥µ¡¼¥Ð¡¼¤ËÉáÄ̤ËX.509¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤¬³ÊǼ¤µ¤ì¤ë¤ó¤Ç¤¹¤¬¡¢CT¤Ë¤Þ¤È¤â¤ËÂбþ¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¥Ù¥ó¥À¡¼¤Î¾ÚÌÀ½ñ¤Ï¡¢¥×¥ì¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤¬³ÊǼ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Chrome¤Ç¡Ö¸ø³«´Æºº¾ðÊ󤬤¢¤ê¤Þ¤¹¡×¤Èɽ¼¨¤µ¤ì¤ë¤â¤Î¤Ë¤Ä¤¤¤Æ¤â¡¢¥×¥ì¾ÚÌÀ½ñ¥Ù¡¼¥¹¤ÎSCT³ÈÄ¥¤¬X.509¾ÚÌÀ½ñ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¤â¤Î¤·¤«¡¢¤³¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Ê¤¤¤È»×¤¤¤Þ¤¹¡£

    º£Æü¤Î»þÅÀ¤Ç¡¢Google pilot¤ÎCT¥í¥°¥µ¡¼¥Ð¡¼¤Ë¤ÏÌó670Ëü¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤Î¤¦¤Á¥×¥ì¾ÚÌÀ½ñ¤È¤·¤ÆÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤â¤Î(=Chrome¤Ç¸ø³«´Æºº¤¢¤ê¤Èɽ¼¨¤µ¤ì¤ë¤â¤Î)¤Ï16ËüËçʬ¤·¤«¤¢¤ê¤Þ¤»¤ó¡£

    ¥×¥ì¾ÚÌÀ½ñ¤Îȯ¹ÔËç¿ô¿ä°Ü

    Google pilot¥í¥°¥µ¡¼¥Ð¡¼¤Ø¤Î¥¨¥ó¥È¥ê¤ÎÅÐÏ¿¼«ÂΤÏ2013ǯ3·î26Æü¤«¤é¡¢´û¸¤Î¾ÚÌÀ½ñ(¥Ñ¥¹)¤Ë¤Ä¤¤¤ÆÅÐÏ¿¤¬³«»Ï¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢CTƳÆþ°Ê¹ß¤Î¥×¥ì¾ÚÌÀ½ñȯ¹ÔËç¿ô¿ä°Ü¤ò¥°¥é¥Õ¤Ç¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
    blog-pre
    ºÇ½é¤Î¥×¥ì¾ÚÌÀ½ñ¤¬Google pilot¤ÎCT¥í¥°¥µ¡¼¥Ð¡¼¤ËÅÐÏ¿¤µ¤ì¤¿¤Î¤¬¡¢2013ǯ11·î¤Ç¡¢¥×¥ì¾ÚÌÀ½ñ¤È¤¤¤¦¤«SCTÂбþ¤Î¾ÚÌÀ½ñȯ¹Ô¤ò¥µ¡¼¥Ó¥¹¤È¤·¤ÆÀµ¼°¤Ë¥µ¥Ý¡¼¥È¤·»Ï¤á¤¿¤Î¤Ï2014ǯ12·îº¢¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

    CT¤ÎÂбþ¤¬Áᤫ¤Ã¤¿¤Î¤Ï¤É¤³¤Îǧ¾Ú¶É(¥Ö¥é¥ó¥É)¤«

    2015ǯ9·î»þÅÀ¤Ç¡¢96¤ÎÃæ´Öǧ¾Ú¶É(¥µ¥ÖCA)¡¢30¤Î¥Ö¥é¥ó¥É¤¬¥×¥ì¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤Þ¤¹¡£ ¥×¥ì¾ÚÌÀ½ñ¤Îȯ¹Ô¤¬Áᤫ¤Ã¤¿30¤Î¥Ö¥é¥ó¥É¤Î½ç½ø¡¢È¯¹ÔÆü¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤·¤¿¡£

    ǧ¾Ú¶É¥Ö¥é¥ó¥É½é¥×¥ì¾ÚÌÀ½ñȯ¹ÔÆü
    DigiCert2013ǯ11·î01Æü
    COMODO2014ǯ01·î23Æü
    TAIWAN-CA2014ǯ05·î09Æü
    Entrust2014ǯ07·î21Æü
    AffirmTrust2014ǯ10·î27Æü
    Symantec2014ǯ11·î11Æü
    GlobalSign2014ǯ11·î28Æü
    GeoTrust2014ǯ12·î08Æü
    Thawte2014ǯ12·î08Æü
    Buypass2014ǯ12·î10Æü
    Network Solutions2014ǯ12·î15Æü
    USERTRUST2014ǯ12·î16Æü
    Trend Micro2014ǯ12·î22Æü
    Starfield2014ǯ12·î23Æü
    Go Daddy2014ǯ12·î23Æü
    TERENA2014ǯ12·î29Æü
    Trustwave2015ǯ01·î05Æü
    Cybertrust2015ǯ01·î07Æü
    VeriSign2015ǯ01·î12Æü
    QuoVadis2015ǯ01·î14Æü
    HydrantID2015ǯ01·î22Æü
    Google UK2015ǯ01·î27Æü
    Aetna2015ǯ01·î29Æü
    IZENPE2015ǯ02·î04Æü
    Certum2015ǯ02·î05Æü
    Camerfirma2015ǯ02·î20Æü
    NCC2015ǯ03·î30Æü
    SECOM Trust2015ǯ04·î30Æü
    Actalis2015ǯ05·î18Æü
    WoSign2015ǯ08·î20Æü
    CT¤Î»ÅÍͺöÄê¤ä¼ÂÁõ¤Ê¤É¤ÇGoogle¤È¶¨ÎÏ´Ø·¸¤Ë¤¢¤Ã¤¿DigiCert¤¬Âбþ¤¬Áᤤ¤Î¤Ï¤¤¤¤¤È¤·¤Æ¡¢ÂæÏѤÎTAIWAN-CA(TWCA)¤¬ÂбþÁᤫ¤Ã¤¿¤ó¤Ç¤¹¤Í¤§¡£ÆüËܤΥ٥ó¥À¡¼¤µ¤ó¤â´èÄ¥¤Ã¤Æ¤¤¤Þ¤¹¡£

    ¥×¥ì¾ÚÌÀ½ñ¤Îȯ¹ÔËç¿ô½ç°Ì

    ¼¡¤Ë¥×¥ì¾ÚÌÀ½ñ¤Îȯ¹ÔËç¿ô¤Ç¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£Âç¼ê¤¬Â¿¤¤¤Î¤ÏÅö¤¿¤êÁ°¤È¤·¤Æ¡¢ Cybertrust¤µ¤ó´èÄ¥¤Ã¤Æ¤¤¤ë´¶¤¬¤¢¤ê¤Þ¤¹¤Í¡£ ¤½¤¦¤¤¤¨¤Ð¡¢StartSSL¤Ï¤É¤¦¤Ê¤Ã¤Æ¤ë¤ó¤Ç¤·¤ç¤¦¤«¡£ 10ËçÄøÅٰʲ¼¤Î¤È¤³¤í¤Ï¡¢¤Þ¤À¥Æ¥¹¥ÈÃæ¤Ã¤Æ´¶¤¸¤Ç¤¹¤«¤Í¡£

    ǧ¾Ú¶É¥Ö¥é¥ó¥É¥×¥ì¾ÚÌÀ½ñȯ¹ÔËç¿ô
    Symantec50760
    DigiCert20856
    GeoTrust17447
    COMODO14573
    Cybertrust13020
    Go Daddy12635
    Thawte9891
    Entrust6616
    GlobalSign6063
    TERENA2363
    QuoVadis1873
    Google UK1861
    Starfield1262
    Network Solutions939
    Trend Micro615
    Certum367
    VeriSign196
    WoSign187
    Trustwave177
    SECOM Trust161
    Buypass154
    IZENPE116
    TAIWAN-CA76
    HydrantID37
    Aetna34
    NCC25
    AffirmTrust10
    Actalis7
    USERTRUST7
    Camerfirma4

    ¤É¤ó¤Ê¥Ä¡¼¥ë¤ò¤Ä¤¯¤Ã¤¿¤«

    Ä´¤Ù¤ë¤Ë¤¢¤¿¤Ã¤Æ¤Ï¡¢Perl¤äNode(+jsrsasign)¤Ê¤É¤Ç´ö¤Ä¤«¥Ä¡¼¥ë¤òºî¤Ã¤¿¤ê¤Ü¤Á¤Ü¤Á´Ä¶­¤òÀ°È÷¤·¤Æ¤¤¤Þ¤¹¡£¸ø³«¤·¤Æ¤â¤¤¤¤¤ó¤Ç¤¹¤±¤É¡¢¥É¥­¥å¥á¥ó¥ÈÀ°È÷¤·¤¿¤ê¡¢¥³¥Þ¥ó¥É¥é¥¤¥ó¥ª¥×¥·¥ç¥ó¤Ê¤É¤Á¤ã¤ó¤Èºî¤ê¹þ¤Þ¤Ê¤¤¤È¡¢¡Ö¥É¥­¥å¥á¥ó¥È¤¬¤Ê¤¤¤«¤é»È¤¤¤â¤ó¤Ë¤Ê¤ó¤Í¡Á¡Á¡ª¡ª¡×¤È¤«Åܤé¤ì¤ÆÈó¾ï¤Ë¥Ø¥³¤à¤ó¤¹¤è¤Í¡£¥ª¡¼¥×¥ó¥½¡¼¥¹¤Ê¤ó¤À¤«¤é¡¢¤Á¤ç¤Ã¤È¥³¡¼¥É¤ß¤Æ¤¯¤ì¤ê¤ã¤¤¤¤¤·¡¢¥Æ¥¹¥È¥³¡¼¥É¸«¤ê¤ã¤½¤Î¤Þ¤Þ»È¤¤Êý¥º¥Ð¥ê¤Ê¤Î¤Ç¡¢¡¢¡¢¤È»×¤¦¤ó¤¹¤±¤É¤Í¡Á¡Á¡Á¡£(jsrsasign¤Î¶òÃԤäݤ¯¤Æ¤¹¤ß¤Þ¤»¤ó¡£)

    ¤¶¤Ã¤¯¤ê¤³¤ó¤Ê¥Ä¡¼¥ë¤òºî¤Ã¤Æ¤ß¤Æ¤¤¤Þ¤¹¡£(¾¤Ë¤â¤¤¤í¤¤¤í¤¢¤ê¤Þ¤¹¤¬¡¢º£²ó¤Ë´Ø·¸¤¹¤ëʬ¤À¤±¡£)

    • ¥×¥ì¾ÚÌÀ½ñ¤È¤½¤Î²òÀϾðÊó¤À¤±¤ò½¸¤á¤¿SQLite¥Ç¡¼¥¿¥Ù¡¼¥¹
    • ¥í¥°¥¨¥ó¥È¥ê¤Îleaf_inputÊݸ¥Ä¡¼¥ë
    • ¥í¥°¥¨¥ó¥È¥ê¤Îextra_dataÊݸ¥Ä¡¼¥ë
    • ¥í¥°¥¨¥ó¥È¥ê¤«¤é¥×¥ì¾ÚÌÀ½ñ¤Î¥Á¥§¡¼¥ó¤ò¼è¤ê½Ð¤·¤Æ¾ÚÌÀ½ñ¤È¤·¤ÆÊݴɤ¹¤ë¥Ä¡¼¥ë
    • leaf_input¤Î¥Ç¡¼¥¿¥Õ¥¡¥¤¥ë¤Î²òÀϥġ¼¥ë
    • ¥×¥ì¾ÚÌÀ½ñ¤ÎTBSCertificate¤«¤é¥Ë¥»½ð̾¤ò¤Ä¤±¤ÆŬÅö¤Ê¾ÚÌÀ½ñ¤Ë»ÅΩ¤Æ¤ë¥Ä¡¼¥ë (TBSCertificate¥Ó¥å¡¼¥¢¡¼¤Ã¤Æ°ìÈÌŪ¤Ë̵¤¤¤Î¤Ç¤³¤ì¤¬¤Ç¤­¤ë¤È ÉáÄ̤ξÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼(openssl x509¥³¥Þ¥ó¥É¤Ê¤É)¤¬»È¤¨¤ë¤Î¤Ç¤È¤Æ¤âÊØÍø¡£)
    • ¥í¥°¥¨¥ó¥È¥ê¤ÎÅÐÏ¿Æü¤òɽ¼¨¤¹¤ë¥Ä¡¼¥ë

    ¤ª¤ï¤ê¤Ë

    º£²ó¤Ï¡¢¥í¥°¥Ç¡¼¥¿¥Ù¡¼¥¹¤òÄ´¤Ù¤Æ¤ï¤«¤Ã¤¿¡¢Åý·×Ū¤ÊÏäòÃæ¿´¤Ë¥ì¥Ý¡¼¥È¤·¤Þ¤·¤¿¡£¼¡²ó¤Ï¥Ç¡¼¥¿¹½Â¤¡¢¥×¥ì¾ÚÌÀ½ñ¤ÎÆâÍƤʤ󤫤òÃæ¿´¤Ë½ñ¤±¤ë¤È¤¤¤¤¤Ê¤È»×¤Ã¤Æ¤Þ¤¹¡£¤Ç¤Ï¤Ç¤Ï¡£

    Certificate Transparency¤Ç¤ï¤«¤Ã¤¿¤È¤¤¤¦Thawte¤Ë¤è¤ëgoogle.com¾ÚÌÀ½ñ¤ÎÉÔÀµÈ¯¹Ô¡©¡©¡©

    2015ǯ9·î19Æü(ÅÚ)¤Ë¡ÖSymantec caught issuing rogue Google.com certificates¡× ¤È¤¤¤¦µ­»ö¤¬Èô¤Ó¹þ¤ó¤Ç¤­¤Æ¡¢Ç§¾Ú¶É¡¢¾ÚÌÀ½ñ¡¢SSL´Ø·¸¤Î¥¤¥ó¥·¥Ç¥ó¥È¤À¤È ¤ï¤¯¤ï¤¯¤·¤ÆÈô¤Ó¤Ä¤¯¤ï¤±¤Ç¤¹¤¬¡¢¤¶¤Ã¤ÈÆɤó¤Ç¤ß¤ë¤È

    Âç¼ê¥»¥­¥å¥ê¥Æ¥£¥Ù¥ó¥À¡¼¤ÎSymantec¤Î»Ò²ñ¼Ò¤ÇÄã²Á¤Ê¾ÚÌÀ½ñ¤Îȯ¹Ô¥µ¡¼¥Ó¥¹¤ò¤ä¤Ã¤Æ¤¤¤ë Thawte¤¬¡¢2015ǯ9·î14Æü¤Ëgoogle.com¡¢www.google.comÍѤÎEV SSL¾ÚÌÀ½ñ¤ò¡¢Google¤Ëλ²ò¤Ê¤¯ ÉÔÀµ¤Ëȯ¹Ô¤·¤Æ¤¤¤¿¤³¤È¤¬¡¢¾ÚÌÀ½ñ¤Î¸ø³«´Æººµ­Ï¿(Certificate Transparency)¤Ë¤è¤ê¤ï¤«¤Ã¤¿¡£
    ¤È¤¤¤¦»ö¤Î¤è¤¦¤Ç¤¹¡£¸·³Ê¤Ê¿³ºº¤Çȯ¹Ô¤µ¤ì¤ëEV¾ÚÌÀ½ñ¤Ç¤³¤Î¤è¤¦¤ÊÌäÂ꤬µ¯¤­¤Á¤ã¤¦¤Î¤Ï ¥Þ¥º¥¤¤Ç¤¹¤Í¡Á¡£Twitter¤Ç¤Ï¤³¤Î¤è¤¦¤Ë¸À¤Ã¤Æ¤¤¤ë¿Í¤â¤¤¤Æ¡¢
    ¡ÖCertificate Transparency¤¬¤¢¤Ã¤¿¤ª¤«¤²¤À¤Í¡£¤è¤«¤Ã¤¿¤Í¡£¡×¤ß¤¿¤¤¤ÊÊ·°Ïµ¤¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢ºÇ°­¤À¤Ê¤¡¤È»×¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¡£ º£Æü¤Ï¥·¥ë¥Ð¡¼¥¦¥£¡¼¥¯¤Ç²Ë¤Ç¤¹¤·¡¢¤½¤Î¤¢¤¿¤ê¤Î»ö¤ò½ñ¤¤¤Æ¤ß¤è¤¦¤È»×¤¤¤Þ¤¹¡£

    Certificate Transparency¤È¤Ï

    Certificate Transparency(°Ê²¼ CT)¤È¤Ï¡¢Google¤ÎÃæ¤Î¿Í¤¬¹Í¤¨¤¿»ÅÁȤߤǡ¢ Á´¤Æ¤Îǧ¾Ú¶É¤«¤éȯ¹Ô¤µ¤ì¤¿²áµî¤«¤é¸½ºß¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ(¤È¾ÚÌÀ½ñ¥Á¥§¡¼¥ó)¤òÁ´¤Æ¡¢ ¥í¥°¥µ¡¼¥Ð¡¼¤È¸À¤ï¤ì¤ë¥µ¡¼¥Ð¡¼¤Ëµ­Ï¿¤·¤Æ¸ø³«¤·¡¢ ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Îȯ¹Ô¤òÀ¤³¦Ãæ¤Î¤ß¤ó¤Ê¤ÇÁ᤯¸«¤Ä¤±¤Æ¤Þ¤·¤ç¤¦¤È¤¤¤¦»ÅÁȤߤǤ¹¡£ °ìÉô¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ç¤Ï¤â¤¦Âбþ¤¬»Ï¤Þ¤Ã¤Æ¤ª¤ê¡¢ ¡ÖÆ©¤«¤·Æþ¤ê¾ÚÌÀ½ñ¡×¤Ê¤É¤È¸À¤Ã¤Æ¤¤¤ë²ñ¼Ò¤µ¤ó¤â¤¢¤ê¤Þ¤¹¤¬¡¢ ¡Ö¾ÚÌÀ½ñȯ¹Ô¤ÎÆ©ÌÀÀ­¡×¤È¸À¤Ã¤¿Êý¤¬°ÕÌ£¤òÀµ¤·¤¯ÅÁ¤¨¤é¤ì¤ë¤È»×¤¤¤Þ¤¹¡£

    ÅÐÏ¿¤Î¤¿¤á¤Î¥×¥í¥È¥³¥ë¡¢Êݴɤµ¤ì¤ë¥Ç¡¼¥¿¥Õ¥©¡¼¥Þ¥Ã¥È¡¢»ÅÁȤߤϼ¸³RFC¤Ë¤â¤Ê¤Ã¤Æ¤ª¤ê¡¢¥í¥°¥µ¡¼¥Ð¡¼¤ä¥¦¥§¥Ö¥Ö¥é¥¦¥¶¤äǧ¾Ú¶É¤Î¼ÂÁõ¤Î¼ÂÀÓ¤¬½½Ê¬¤Ç¤­¤¿¤«¤é¤È¤¤¤¦Íýͳ¤Ç¥¹¥¿¥ó¥À¡¼¥É¥È¥é¥Ã¥¯¤Ë°Ü¤¹·×²è¤â¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

    CT¤Ë´Ø¤·¤Æ¤Ï¡¢¤³¤Î1ǯ¤Û¤É¾Ü¤·¤¯¸«¤Æ¤¤¤Æ¡¢ÍÍ¡¹¤ÊÌäÂ꤬¤¢¤ë»ö¤«¤éCT¤ÎÍøÍѤˤĤ¤¤ÆÈÝÄêŪ¤Ê°Õ¸«¤ò»ý¤Ã¤Æ¤¤¤Æ¡¢ÊÙ¶¯²ñ¤Ê¤É¤Ç¤â¿ô²ó¤ªÏ䵤»¤Æ¤¤¤¿¤À¤¤¤Æ¤¤¤Þ¤¹¡£


    ´Ø·¸¼Ô¤«¤é¤Î¥³¥á¥ó¥È¤ò¸«¤Æ¤ß¤ë

    º£²ó¤Î»ö·ï¤Ë¤Ä¤¤¤Æ¡¢Google¤Î¥»¥­¥å¥ê¥Æ¥£¡õ¥×¥é¥¤¥Ð¥·¡¼¤ÈCTôÅö¤¹¤ë¥×¥í¥¸¥§¥¯¥È¥Þ¥Í¡¼¥¸¥ã¡¼¤¬¥Ö¥í¥°¤Ç¡ÖImproved Digital Certificate Security¡×¤È¤¤¤¦µ­»ö¤ò9·î18Æü¤Ëȯɽ¤·¤Æ¤ª¤ê¡¢

    • 9·î14Æü19:20 GMTº¢¡¢Symantec¤Î»Ò²ñ¼ÒThawte¤ÎCA¤¬ google.com¤Èwww.google.comÍѤΥץì¾ÚÌÀ½ñ(pre-certificate)¤òȯ¹Ô¤·¤¿¡£
    • ¤³¤Î¥×¥ì¾ÚÌÀ½ñ¤Îȯ¹Ô¤Ï¡¢Google¤¬Í׵ᤷ¤¿¤â¤Î¤Ç¤Ï¤Ê¤¯¡¢Thawte¤¬¾¡¼ê¤Ëȯ¹Ô¤·¤¿¤â¤Î¡£
    • Google¤Ï¡¢CT¥í¥°¤«¤é¤³¤ÎÉÔÀµÈ¯¹Ô¤òȯ¸«¤·¤¿¡£
    • Google¤ÈThawte(Symantec)¤Î¾ðÊó¸ò´¹¤Ë¤è¤ê¡¢Thawte¤ÎÆâÉô¥Æ¥¹¥ÈÌÜŪ¤Îȯ¹Ô¤À¤È¤ï¤«¤Ã¤¿¡£
    • Google¤ÏChrome¤Ë·ÇºÜ¤µ¤ì¤ë¼º¸ú¾ðÊó¤Ë»ÈÍѤµ¤ì¤¿¸ø³«¸°¤òÅÐÏ¿¤·Ìµ¸ú²½¤·¤¿¡£
    • ¸½»þÅÀ¤Ç¤Ï¥ê¥¹¥¯¤Ï̵¤¤¡£
    ¤È¤·¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤ËÂФ·¡¢Thawte(Symantec)¤Î´Ø·¸¼Ô¤ÏƱ9·î18Æü¤Ë ¡ÖA Tough Day as Leaders¡×¤È¤¤¤¦¥Ö¥í¥°¤ò¸ø³«¤·¤Æ¤ª¤ê¡¢
    • 3¤Ä¤Î¥É¥á¥¤¥ó¤ËÂФ·¤Æ¿ôËç¤Î¥Æ¥¹¥È¾ÚÌÀ½ñ¤ò¡¢ÆâÉô¤ÇÉÔŬÀÚ¤Ëȯ¹Ô¤·¤Æ¤·¤Þ¤Ã¤¿¡£
    • ¤³¤ì¤é¤Î¸°¤ÏThawte¤Î´ÉÍý²¼¤Ë¤¢¤ê¡¢ÌäÂ꤬ȯ¸«¤µ¤ì¤Æ¤«¤é¤¹¤°¤Ë¾ÚÌÀ½ñ¤ò¼º¸ú¤µ¤»¤¿¡£
    • ¸½»þÅÀ¤Ç¤Ï¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤Ç¤¤¤«¤Ê¤ë´í¸±¤â¤Ê¤¤¡£
    • Åö³º¤Î¥É¥á¥¤¥ó¤Î¥ª¡¼¥Ê¡¼¤Ë¤ÏÊó¹ð¤·¤¿¡£
    • ±¿ÍѾå¤Î¥ß¥¹(human error)¤Ç¤¢¤Ã¤¿¤¬ºÆȯËɻߤËÅؤá¤ë¡£
    ¤È¤·¤Æ¤¤¤Þ¤¹¡£¤³¤Îµ­»ö¤Ç¤Ï¡Ö(²æ¡¹¤Ï)¥»¥­¥å¥ê¥Æ¥£¶È³¦¤Î¥ê¡¼¥À¡¼¤À¤«¤é(±¾¡¹)¡×¤È¤¤¤¦ ɽ¸½¤¬²¿Å٤⤢¤Ã¤Æ¡¢¥³¥á¥ó¥ÈÍó¤Ë¡Ö¤Á¤Ã¤È¤â¥ê¡¼¥À¡¼¤È¤·¤Æ¤ÎÂбþ¤¸¤ã¤Ê¤¤¤¸¤ã¤ó¡×¤ß¤¿¤¤¤Ê »ö¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤ÎÄ̤ê¤Ç¡¢¤«¤Ê¤ê̵ÀÕǤ¤ÊÊó¹ð¤À¤·¡¢ ¤³¤ì¤Ç½ª¤ï¤ê¤Ë¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤¤È»×¤¤¤Þ¤¹¡£Êó¹ð¤Ï°Ê²¼¤ÎÅÀ¤ÇÉÔËþ¤¬»Ä¤ê¤Þ¤¹¡£
    • ¤¤¤Ä¡¢ÉÔÀµ¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¡¢ÌäÂ꤬ȯ³Ð¤·¡¢GoogleÅù¤È¶¨µÄ¤·¡¢ ¾ÚÌÀ½ñ¤ò¼º¸ú¤µ¤»¡¢¥Ö¥é¥¦¥¶¤Î¾ÚÌÀ½ñ¥Ö¥é¥Ã¥¯¥ê¥¹¥È¤Ëµ­ºÜ¤·¤¿¤«¡¢»þ·ÏÎó¤¬ÌÀ¤é¤«¤Ç¤Ê¤¤¡£
    • ȯ¹ÔÂоݤΥɥᥤ¥ó¤¬ÌÀ¤é¤«¤Ç¤Ê¤¤¡£google.com¡¢www.google.com¤È°ì¤Ä¤Ï²¿¤«¡£
    • ²¿¤Î¥Æ¥¹¥È¤Ç¤¢¤Ã¤¿¤Î¤«¡¢¥Æ¥¹¥ÈÌÜŪ¤âÌÀ¤é¤«¤Ç¤Ê¤¤¡£
    • ¤Ê¤¼¡¢¥Æ¥¹¥È´Ä¶­¤Ç¤ä¤é¤Ê¤«¤Ã¤¿¤Î¤«ÌÀ¤é¤«¤Ç¤Ê¤¤¡£ËÜÍè¡¢ËÜÈִĶ­¤Ç¥Æ¥¹¥È¤¹¤Ù¤­¤Ç¤Ê¤¤¤Î¤Ë¡£
    • ¤Ê¤¼¡¢example.comÅù¥Æ¥¹¥ÈÍѤΥɥᥤ¥ó¤Ç¤ä¤é¤Ê¤«¤Ã¤¿¤Î¤«¡£ Æäˡ¢google.com¤Ï¹ñ²È¥ì¥Ù¥ë¤Ç¤ÎÅðÄ°¤Ë»È¤ï¤ìÌäÂê¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ë¡£
    • Thawte EVÍÑǧ¾Ú¶É¤Î±¿Íѵ¬Äø°ãÈ¿¤Ç¤¢¤ë²ÄǽÀ­¤¬¹â¤¤¤¬¡¢¸ÀµÚ¤¬¤Ê¤¤¡£
    • EV¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ëǧ¾Ú¶É¤Î´Æºº´ð½à¤Ç¤¢¤ë¡¢ WebTrust for CA - EV´Æºº´ð½à¤È¾È¤é¤·¤Æ¤É¤¦¤À¤Ã¤¿¤Î¤«¡£
    Thawte¤Ï¤³¤ì¤Þ¤Ç¤Ë¤â´ö¤Ä¤«¤ÎÌäÂê¤òµ¯¤³¤·¤Æ¤ª¤ê¡¢ ¶È³¦¤«¤é¡ÖÂà¾ì¡×夤¤¿¤Û¤¦¤¬¤¤¤¤¤ó¤¸¤ã¤Ê¤¤¤«¤Ê¡¢¤È¤â»×¤Ã¤Æ¤·¤Þ¤¤¤Þ¤¹¡£

    ¤µ¤Æ¤µ¤Æ¡¢¤¸¤ã¤¡CTÇÁ¤¤¤Æ¤ß¤Þ¤¹¤«

    Àè¤Ë¡¢¡Ö¥×¥ì¾ÚÌÀ½ñ¡×¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Æ¤ª¤­¤Þ¤·¤ç¤¦¡£ ÊÙ¶¯²ñ¥¹¥é¥¤¥É¤Î¤³¤Î¥Ú¡¼¥¸¤ò¤ß¤ë¤È¤¤¤¤¤ó¤Ç¤¹¤¬¡¢CT¤Ë¾ÚÌÀ½ñ¤Îȯ¹Ô¥í¥°¤¬µ­Ï¿¤µ¤ì¤¿¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤¿¤á¤Ë°Ê²¼¤Î¼ê½ç¤Çȯ¹Ô¤µ¤ì¤Þ¤¹¡£

    1. ǧ¾Ú¶É¤Ïȯ¹ÔͽÄê¤Î¾ÚÌÀ½ñ¤Î¥Ç¡¼¥¿(TBSCertificate)¤«¤é¥×¥ì¾ÚÌÀ½ñ¤òºî¤Ã¤Æ¥í¥°¥µ¡¼¥Ð¡¼¤ËÁ÷¤ë¡£
    2. ¥í¥°¥µ¡¼¥Ð¡¼¤Ç¥×¥ì¾ÚÌÀ½ñ¤ò¥í¥°ÅÐÏ¿¤·¡¢ÅÐÏ¿¤Î¾Úµò¤È¤·¤ÆSigned Certificate Timestamp(SCT)¤È¤¤¤¦½ð̾¥Ç¡¼¥¿¤òǧ¾Ú¶É¤ËÁ÷¤êÊÖ¤¹¡£
    3. ǧ¾Ú¶É¤Ï¡¢¥í¥°¥µ¡¼¥Ð¡¼¤ËÅÐÏ¿¤µ¤ì¤¿¾Úµò¤Ç¤¢¤ëSCT¤ò¾ÚÌÀ½ñ³ÈÄ¥Îΰè¤Ë´Þ¤á¡¢¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¡£
    ¥×¥ì¾ÚÌÀ½ñ¤Ï¡¢¥í¥°¥µ¡¼¥Ð¡¼¤ËÅÐÏ¿¤µ¤ì¤ë¾ðÊó¤Ç¡¢¡Öǧ¾Ú¶É¤¬¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤è¤¦¤È¤·¤¿¾Úµò¡×¤È¤·¤Æ¥í¥°¥µ¡¼¥Ð¡¼¤«¤é¸ø³«¤µ¤ì¤ë¤â¤Î¤Ç¤¹¡£

    Google¤«¤é¤Îȯɽ¤Ë¤è¤ë¤È¡¢¥×¥ì¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤¿¤Î¤Ï9·î14Æü19:20 GMTº¢¤À¤½¤¦¤Ê¤Î¤Ç¡¢ CT¥í¥°¥µ¡¼¥Ð¡¼¤Ë¥¢¥¯¥»¥¹¤·¤Æ¤½¤Î»þ´Ö¤¢¤¿¤ê¤Î¥í¥°¥¨¥ó¥È¥ê¤ò¤«¤­½¸¤á¤Þ¤¹¡£ CT¤Î¥Ç¡¼¥¿¹½Â¤¤ä¤é¥¢¥¯¥»¥¹API¤¬Á´¤¯¥¤¥±¤Æ¤Ê¤¯¤Æ¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Îȯ¹ÔÂÐ¾Ý ¥É¥á¥¤¥ó̾¤äǧ¾Ú¶É¤«¤é¸¡º÷¤¹¤ë¤³¤È¤ÏÁ´¤¯¤Ç¤­¤º¡¢¤È¤ê¤¢¤¨¤º¼è¤ê½Ð¤·¤Æ¤«¤éÄ´¤Ù¤Æ¤ß¤Ê¤¤¤È ¤¤¤±¤Ê¤¤¤ó¤Ç¤¹¤è¡£Á´¤¯¡¢¸¡º÷¤µ¤»¤ëµ¤¤¢¤ë¤ó¤Ç¤¹¤«¤Í¤§¡©Ã¯¤¬¤³¤ó¤Ê¹ó¤¤APIºî¤Ã¤¿¤ó¤Ç¤¹¤«¤Í¤§¡©

    ºÇ°­¤Ê¤³¤È¤Ë¤Ï¡¢¥í¥°¥µ¡¼¥Ð¡¼¤Î¥Ç¡¼¥¿¤Î¥ß¥é¡¼¤ò²ñ¼Ò¤ËÃÖ¤¤¤Æ¤­¤Æ¤·¤Þ¤¤¡¢ ²È¤ÎMac¤Ç¤Ï¡¢¤Ê¤¼¤«¼«ºî¤ÎPerl¤Î¥Ä¡¼¥ë·²¤âÆ°¤«¤Ê¤¤¤·(CPAN¥â¥¸¥å¡¼¥ë¤¬Æþ¤é¤Ê¤¤)¡¢ Ruby¤Î¥Ä¡¼¥ë¤â¤Ê¤¼¤«Æ°¤«¤º(¿·¤·¤¤¥Ð¡¼¥¸¥ç¥ó¤À¤ÈÆ°¤«¤Ê¤¤)¡¢ »ÅÊý¤Ê¤¤¤Î¤ÇNode¤Ç¤Á¤ã¤Á¤ã¤Ã¤È¥Ä¡¼¥ëºî¤êľ¤¹»ÏËö¡¢¡¢¡¢orz

    ¤È¤ê¤¢¤¨¤º¡¢Google¤Îpilot¥í¥°¥µ¡¼¥Ð¡¼¤ËÂФ·¤Æ¡¢9·î14Æü¤Î19:10¡Á19:30º¢¤Î´Ö¤Î ¥í¥°¥¨¥ó¥È¥ê¤ò¼è¤ê½Ð¤½¤¦¤«¤È¤¹¤ë¤ï¤±¤Ç¤¹¤¬¡¢»þ´Ö»ØÄê¤Ç¥¨¥ó¥È¥ê¤ò¼è¤ê½Ð¤¹¤³¤È¤â ¤Ç¤­¤Ê¤¤¤Î¤Ç¡¢¤Þ¤º¡¢Å¬Åö¤Ê¥¤¥ó¥Ç¥Ã¥¯¥¹¤Î¥¨¥ó¥È¥ê¤ò¼è¤ê½Ð¤·¤Æ¡¢»þ´Ö¤Î¤¢¤¿¤ê¤ò¤Ä¤± ÅÐÏ¿»þ¹ï¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤òÄ´¤Ù19:10¤Î¤ª¤ª¤è¤½¤Î¥¤¥ó¥Ç¥Ã¥¯¥¹¤ÎÃͤòÄ´¤Ù¤Þ¤¹¡£ Node¤Ç»ØÄꥤ¥ó¥Ç¥Ã¥¯¥¹¤Î»þ¹ï¤òÄ´¤Ù¤ë¥Ä¡¼¥ë¤òºî¤ê¡¢ 9213980¤¬19:09:03¡¢9214310¤¬19:31:22¤À¤È¤ï¤«¤ê¤Þ¤·¤¿¡£¤½¤Î´Ö¤Î¥¨¥ó¥È¥ê¿ô¤Ï¡¢ 330¸Ä¤Ê¤ó¤Ç¡¢¤«¤Ê¤ê¹Ê¤ì¤Þ¤·¤¿¡£

    ¤½¤Î330¸Ä¤Î¥í¥°¥¨¥ó¥È¥ê¤ò¼è¤ê½Ð¤·¤Æ¡¢X.509¤Î¤Á¤ã¤ó¤È¤·¤¿¾ÚÌÀ½ñ¤Ï½ü¤¤¤Æ¡¢ ¥×¥ì¾ÚÌÀ½ñ¤À¤±¤ò¥Õ¥¡¥¤¥ë¤ËÍî¤È¤¹¥Ä¡¼¥ë¤òºî¤ê¡¢19¸Ä¤Î¥Õ¥¡¥¤¥ë¤ò¸«¤Æ¤¤¤¯¤È¡¢ 19:20:01¤Ëȯ¹Ô¤µ¤ì¤¿¥¤¥ó¥Ç¥Ã¥¯¥¹9214148¤Î¤â¤Î¤¬google.comÍѤΠ¥×¥ì¾ÚÌÀ½ñ¤½¤¦¤À¤È¤ï¤«¤ê¤Þ¤·¤¿¡£

    ¤Ê¤ó¤Ç¤³¤ó¤Ê¤Ë¼ê´Ö¤«¤Ã¤Æ¤¤¤¦¤È¡¢¤Ê¤ó¤«¡¢¤³¤ì¤é¤Î¥×¥ì¾ÚÌÀ½ñÍÑ¤Î¥í¥°¥¨¥ó¥È¥ê¤¬¡¢ RFC¤Çµ¬Äꤵ¤ì¤Æ¤¤¤ë¥Ç¡¼¥¿¹½Â¤¤È°ã¤¦¤Ã¤Ý¤¯¤Ã¤Æ¡¢Àμ«Ê¬¤Çºî¤Ã¤¿¥Ä¡¼¥ë¤Ç¤Ï¥Ñ¡¼¥º¤Ç¤­¤Ê¤¤ ¥Ç¡¼¥¿¹½Â¤¤Ë¤Ê¤Ã¤Á¤ã¤Ã¤Æ¤ë¤ó¤Ç¤¹¤è¤Í¡Á¡Á¡Á¡Á¡£Â¿Ê¬¡¢ÅÐϿ¦¤¬RFC°ãÈ¿¤·¤Æ¤¤¤ë¤Î¤Ç¤Ï ¤È»×¤¦¤ó¤Ç¤¹¤¬¡¢¡¢¡¢

    ¼¡¤Ë¥×¥ì¾ÚÌÀ½ñ¤ò¸«¤Æ¤ß¤Þ¤¹

    ÌÜŪ¤Î¥í¥°¥¨¥ó¥È¥ê¤¬¸«¤Ä¤«¤Ã¤¿¤Î¤Ç¡¢¥×¥ì¾ÚÌÀ½ñ¤ò¼è¤ê½Ð¤·¤ÆÃæ¿È¤ò¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£ ¤Ç¤â¡¢¥Ç¡¼¥¿¸«¤¿¤é¥×¥ì¾ÚÌÀ½ñ¤ÎASN.1¹½Â¤¤¸¤ã¤Ê¤¯¤Æ¡¢Ã±¤Ëȯ¹ÔͽÄê¤ÎTBSCertificate¤Ê¤ó¤Ç¤¹¤è¤Í¡£ ¥×¥ì¾ÚÌÀ½ñÍѤγÈÄ¥¤â̵¤¤¤·¡¢¡¢¡¢¤Ê¤ó¤Ç¤À¤í¡£RFC°ãÈ¿¤¸¤ã¤Ê¤¤¤Î¤«¤Ê¤¡¡£ TBSCertificate¤ÎÃæ¿È¤Ï¤³¤ó¤Ê´¶¤¸¡£

    ¥·¥ê¥¢¥ëÈֹ桧0A B4 C7 3C 41 3A 01 94 9F 23 78 F2 B2 29 F6 6C
    ½ð̾¥¢¥ë¥´¥ê¥º¥à¡§SHA256withRSA
    ȯ¹Ô¼Ô̾¡§CN=thawte EV SSL CA - G3, O=thawte, Inc., CN=US
    Í­¸ú´ü´Ö¡§2015ǯ9·î14Æü 00:00:00 UTC¡Á2015ǯ9·î15Æü23:59:59 UTC
    ¼çÂμÔ̾¡§CN=google.com, L=Mountain view, ST=California, CN=US, SN=2158113, 
    ¡¡¡¡¡¡¡¡¡¡businessCategory=Private Organization,
    ¡¡¡¡¡¡¡¡¡¡organizationName=Symantec Corp, 
    ¡¡¡¡¡¡¡¡¡¡jurisdictionOfIncorporationSP=Delaware, 
    ¡¡¡¡¡¡¡¡¡¡jurisdictionOfIncorporationC=US
    ³ÈÄ¥Îΰ衧
    ¡¡¼çÂμÔÊÌ̾¡§www.google.com, google.com
    ¡¡´ðËÜÀ©Ì󡧶õ
    ¡¡¸°»ÈÍÑÌÜŪ¡§digitalSignature, keyEncipherment
    ¡¡CRLDP¡§http://ti.symcb.com/ti.crl
    ¡¡¾ÚÌÀ½ñ¥Ý¥ê¥·¡§
    ¡¡¡¡OID¡§Thawte EV policy (2 16 840 1 113733 1 7 48 1)
    ¡¡¡¡CPS¡§https://www.thawte.com/cps
    ¡¡¡¡UNotice¡§https://www.thawte.com/repository
    ¡¡³ÈÄ¥¸°»ÈÍÑÌÜŪ¡§serverAuth, clientAuth
    ¡¡È¯¹Ô¼Ô¸°¼±Ê̻ҡ§F07051DAD32A914F5277D78677740FCE711A6C22
    ¡¡AIA¡§
    ¡¡¡¡OCSP¡§http://ti.symcd.com
    ¡¡¡¡caIssuers¡§http://ti.symcb.com/ti.crt
    

    ¤¤¤ä¡Á¡Á¡¢¤â¤í¥·¥Þ¥ó¥Æ¥Ã¥¯¤¬¼çÂμԤˤʤäƤëgoogle.com¤ÎEVSSL¾ÚÌÀ½ñ¤Ë¤Ê¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¤Í¡Á¡Á¡£¤½¤ê¤ã¥Þ¥º¥¤¤Ç¤¹¤è¤Í¡Á¡Á¡Á¡£Thawte¤¬¾¡¼ê¤ËSymantec¼çÂμԤξÚÌÀ½ñ¤òȯ¹Ô¤·¤Á¤ã¤Ã¤Æ¤¤¤ë¤Î¤â¥Þ¥º¥¤¤Ç¤¹¤è¤Í¡£Í­¸ú´ü´Ö¤Ï1Æü¤È¤«¸À¤Ã¤Æ¤¿¤±¤É¡¢´ÝÆóÆü¤Ç¤¹¤è¤Í¡Á¡Á¡£

    ¤ª¤ï¤ê¤Ë

    ·ë¶É¤Ï¡¢Thawte¤Î¥ª¥Ú¥ß¥¹¤È¤¤¤¦¤«Â缺Â֤ǡ¢ËÜÈִĶ­¤Ç¡Ö¿À·Ð¤¬¥Ô¥ê¥Ô¥ê¤·¤Æ¤ëºÇ¤â¥Þ¥º¥¤¥É¥á¥¤¥ó¡×¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Á¤ã¤Ã¤¿¤Ã¤Æ¤³¤È¤Ê¤ó¤Ç¤¹¤¬¡¢¤Þ¤È¤â¤Êǧ¾Ú¶É¥½¥Õ¥È¥¦¥§¥¢¤ò»È¤Ã¤Æ¤¤¤ì¤ÐÆâÉô¤Î´Æºº¥í¥°¤Ë¤â»Ä¤ë¤·¡¢³°¤Ëϳ¤ì¤Ê¤­¤ãÆâÉô¥Æ¥¹¥È¤ÇºÑ¤ó¤Ç¤ë¤ó¤Ç¤¹¤¬¡¢Ç§¾Ú¶É¤¬¤·¤Ã¤«¤ê¤·¤Æ¤¤¤ì¤Ð¡¢¤³¤ó¤Ê¤³¤È¤Ï¤¢¤êÆÀ¤Ê¤¤¤Ï¤º¤Ê¤ó¤Ç¤¹¤è¤Í¡Á¡Á¡Á¡Á¡£CT¤Î±¿ÍѤÀ¤Ã¤Æ¤¤¤¤²Ã¸º¤À¤·¡¢µ»½ÑŪ¤Ë¤â´°Á´À­¤ò»ý¤¿¤Ê¤¤»ÅÁȤߤÀ¤·¡¢¥×¥é¥¤¥Ð¥·¡¼¤ÎÌäÂê¤â¤¢¤ë¤·¡¢CT¼«ÂΤˤ⤤¤í¤¤¤íÌäÂ꤬¤¢¤ë¤Î¤Ë¡¢¤½¤ó¤Ê¤³¤È¤ÏÁ´¤¯ÃíÌܤµ¤ì¤º¤Ë¡¢¡ÖCT¤¢¤Ã¤Æ¤è¤«¤Ã¤¿¡£¡×¤ß¤¿¤¤¤ÊÏÀÄ´¤Ë¤Ê¤Ã¤Æ¤Æ¡¢¤Ä¤±¤¤¤ë¥¹¥­¤òÍ¿¤¨¤Æ¤·¤Þ¤¤¥Û¥ó¥È»ÄÇ°¤À¤Ê¡¢¤È¡£Â¾¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤È¤¤¤¦¤«Ç§¾Ú¥Ù¥ó¥À¡¼¤ÏThawte¤ËÂФ·¤ÆÅܤäƤ¤¤¤¤·¡¢CA Browser Forum¤â¡¢SSL Browser Forum¤ß¤¿¤¤¤Ê¼ÂÂ֤ˤʤäƤë¤Î¤ÇÁ´¤¯Åö¤Æ¤Ë¤Ê¤é¤Ê¤¤¤·¡¢CA Security Council¤¢¤¿¤ê¤¬¸·¤·¤¯ÌäÂê¤Ë¤¢¤¿¤é¤Ê¤¤¤È¥Þ¥º¥¤¤È»×¤¦¤ó¤Ç¤¹¤±¤É¡¢¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÎµÚ¤Ó¹ø¤Ë¤Ï¡¢¥¬¥Ã¥«¥ê¤·¤Æ¤Þ¤¹¡£

    Äɵ­1 (2015.09.21 20:05)

    ȯ¹Ô¤µ¤ì¤Æ¤¤¤ëCRL¤ò³Îǧ¤·¤¿¤È¤³¤í¡¢Á°½Ò¤Î google.com ÉÔÀµ¾ÚÌÀ½ñ¤Ï¡¢2015ǯ9·î16Æü 17:53:55 UTC¤Ë¼º¸ú¤µ¤ì¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤·¤¿¡£¤É¤¦¤»Í­¸ú´ü¸ÂÀÚ¤ì¤Ê¤Î¤Ç¼º¸ú¤µ¤»¤ë¤³¤È¤â¤Ê¤¤¤È»×¤¤¤Þ¤¹¤±¤É¤Í¡£

    Äɵ­ (2015.10.01 20:00)

    ¥í¥°¥µ¡¼¥Ð¡¼¤Î¥×¥ì¾ÚÌÀ½ñ¤ÎÁ´¥í¥°¥¨¥ó¥È¥ê¤Î²òÀÏÍÑ¥·¥¹¥Æ¥à¤òºî¤Ã¤Æ¤¤¤¿¤Î¤Ç¡¢Êó¹ðÃÙ¤¯¤Ê¤ê¤Þ¤·¤¿¡£ Symantec¤ÎÊó¹ð¤Ë¤Ï

    We learned on Wednesday that a small number of test certificates were inappropriately issued internally this week for three domains during product testing.
    ¡Ö3¤Ä¤Î¥É¥á¥¤¥ó¡×¤È¤¢¤Ã¤¿¤Î¤Ç¡¢Åö³º¤Î¾ÚÌÀ½ñ www.google.com¤Ègoogle.com°Ê³°¤Ë¤É¤³¤«¤â¤¦°ì¤Ä¤¢¤ë¤Î¤Ç¤Ï¡©¤È»×¤¤¡¢¥×¥ì¾ÚÌÀ½ñ¤Î¥í¥°¥¨¥ó¥È¥ê¤òÁ´·ïÄ´ºº¤·¡¢¤Þ¤¿¡¢Åö³º¤Î¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤¿»þ´ü¤òÃí°Õ¿¼¤¯³Îǧ¤·¤¿¤È¤³¤í¡¢thawte¤«¤éȯ¹Ô¤µ¤ì¤¿¥×¥ì¾ÚÌÀ½ñ¤Ç¡¢Â¾¤Ë²ø¤·¤¤¤â¤Î¤Ï¤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£¹Í¤¨¤é¤ì¤ë»ö¤È¤·¤Æ¡¢
    • ¼çÂμԼ±ÊÌ̾(DN)¤ÎCN¤Îwww.google.com
    • ¼çÂμÔÊÌ̾(subjectAltName)³ÈÄ¥¤Îwww.google.com
    • ¼çÂμÔÊÌ̾(subjectAltName)³ÈÄ¥¤Îgoogle.com
    ¤ò3¤Ä¤È¤·¤Æ¿ô¤¨¤Æ¤¤¤Æ¡¢·ë¶É¤Ï www.google.com¡¢google.com¤Î2¤Ä¤À¤±¤À¤Ã¤¿¤È¤¤¤¦»ö¤Ê¤ó¤Ç¤¹¤«¤Í¡£¤Þ¤¡¡¢Îɤ«¤Ã¤¿¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£

    Äɵ­ (2015.11.01 23:59)

    10·î2Æü(or 10·î13Æü)¡¢Symantec¤¬º£²ó¤Î¥¤¥ó¥·¥Ç¥ó¥È¤Ë´Ø¤·¤ÆºÇ½ªÊó¹ð½ñ¤ò¸ø³«¤·¤Þ¤·¤¿¡£
    https://www-secure.symantec.com/connect/sites/default/files/Test_Certificates_Incident_Final_Report_10_13_2015v3b.pdf
    ¥ì¥Ý¡¼¥È¤Ë¤ÏÂ礷¤¿¤³¤È¤Ï½ñ¤«¤ì¤Æ¤¤¤Ê¤¤¤è¤¦¤Ë¸«¤¨¤Þ¤¹¡£

    ¤³¤ì¤ËÂФ·¤ÆGoogle¤¬¥Ö¥í¥°¤ËÅê¹Æ¤·¤Æ¤¤¤Þ¤¹¡£
    Sustaining Digital Certificate Security (2015/10/28)
    https://googleonlinesecurity.blogspot.jp/2015/10/sustaining-digital-certificate-security.html

    Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¥×¥í¥°¥é¥à(2014.09)¤Èµº¸À¤Ê¤É

    ¿ïʬÀΤÎÏäˤʤê¤Þ¤¹¤¬¡¢ 2014ǯ9·î¤Ë¸½»þÅÀ¤ÇºÇ¿·¤ÎWindows¥ë¡¼¥È¾ÚÌÀ½ñ¥×¥í¥°¥é¥à¤Î¥ê¥¹¥È¤¬¸ø³«¤µ¤ì¤Æ¤ª¤ê¡¢º£Æü¤Ïµ×¡¹¤Ë¤³¤ì¤ò¸«¤Æ¤¤¤³¤¦¤È»×¤¤¤Þ¤¹¡£

    ¿ôǯÁ°¡¢Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¥×¥í¥°¥é¥à¤ÇÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¤Ë¤É¤ó¤ÊÊѹ¹¤¬¤¢¤Ã¤¿¤Î¤«¡¢Ä´ºº¤ò¤·¤Æ¥Ö¥í¥°¤Ç¸ø³«¤·¤Æ¤¤¤¿»þ´ü¤¬¤¢¤ê¤Þ¤·¤¿¡£¤½¤Î»þ¤ÏWindows XP¤Î»þÂå¤Ç¡¢ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¤Ï¤¹¤Ù¤Æɽ¼¨¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤¿¤Î¤Ç¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤òÁ´Éô¼è¤ê½Ð¤¹¥×¥í¥°¥é¥à¤ò½ñ¤¤¤Æ¡¢Á°²ó¤È¤Îº¹Ê¬¤òÈæ³Ó¤·¤Æ¤¤¤¿¤À¤±¤À¤Ã¤¿¤Î¤Ç¡¢Èæ³ÓŪ´Êñ¤ËÄ´ºº¤¬¤Ç¤­¤¿¤ï¤±¤Ç¤¹¡£

    ¤È¤³¤í¤¬¡¢Windows 7°Ê¹ß¡¢Windows¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤Ï¡¢ºÇ½é¤«¤é¤¹¤Ù¤ÆÅÐÏ¿¤µ¤ì¤ë¤ï¤±¤Ç¤Ï¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤Á¤ã¤ó¤ÈÄ´¤Ù¤¿¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¤ï¤«¤é¤Ê¤¤¤Î¤Ç¤¹¤¬¡¢³Î¤«OS¥¤¥ó¥¹¥È¡¼¥ëľ¸å¤Ï15¡Á25¤°¤é¤¤¤Î¼çÍפʥ롼¥Èǧ¾Úµ¡´Ø¤·¤«ÅÐÏ¿¡¢¤Ê¤é¤Ó¤Ëɽ¼¨¤µ¤ì¤Æ¤ª¤é¤º¡¢É½¼¨¤µ¤ì¤Æ¤¤¤Ê¤¤¥ë¡¼¥Èǧ¾Ú¶É¤Î¥µ¥¤¥È¤Ë¥¢¥¯¥»¥¹¤·¤¿¾ì¹ç¤Ë¡¢Æ°Åª¤ËÅÐÏ¿¤µ¤ì¤¿¥ë¡¼¥È¾ÚÌÀ½ñ¤¬Äɲ䵤ì¤ë¤è¤¦¤Ê»ÅÁȤߤËÊѹ¹¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

    Windows 7°Ê¹ß¤Î¥ë¡¼¥Èǧ¾Ú¶É¥ê¥¹¥È¤Î»ÅÁȤߤÎÌäÂêÅÀ

    Windows 7¤è¤êƳÆþ¤µ¤ì¤¿¥ë¡¼¥Èǧ¾Ú¶É¥ê¥¹¥È¤ÎÇÛÉÛÊý¼°¤Ï¡¢¸Ä¿ÍŪ¤Ë¡Ö¥¹¥Ã¥­¥ê¤·¤Ê¤¤¡×¤È¤¤¤¦¤«¡Ö·ù¤À¤Ê¤¡¡×¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£Íýͳ¤Ï¤³¤ó¤Ê¤È¤³¤í¤Ç¤¹¡£

    • ¥ë¡¼¥Èǧ¾Ú¶É¤Î¥ê¥¹¥È¤ÏPDF¤Îʸ½ñ¤È¤·¤Æ¸ø³«¤µ¤ì¤Æ¤¤¤ë¤¬¡¢°Ý»ýÁÈ¿¥¡¢¹ñ¡¢Ç§¾Ú¶É̾¡¢¸°¥¢¥ë¥´¥ê¥º¥à¡¢¸°Ä¹¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¥Ï¥Ã¥·¥åÃÍ(ÙÅ°õ)¤·¤«¸ø³«¤µ¤ì¤Æ¤ª¤é¤º¡¢¼±ÊÌ̾¤ä¾ÚÌÀ½ñ¤ÎÆâÍƤϤ狼¤é¤Ê¤¤¤Þ¤Þ¤Ç¤¢¤ë¡£Ãæ¤Ë¤Ï¡¢½é´ü¾õÂÖ¤Çɽ¼¨¤µ¤ì¤Ê¤¤ RSA 1000bit¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬»Ä¤Ã¤Æ¤¤¤¿¤ê¤¹¤ë¡£
    • ½é´ü¾õÂ֤ǤÏ20ÄøÅÙ¤Îǧ¾Ú¶É¤·¤«É½¼¨¤µ¤ì¤Æ¤ª¤é¤º¡¢ÍøÍѼԤ¬¤É¤Îǧ¾Ú¶É¤ò¿®Íꤷ¤Æ¤¤¤ë¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤«¡¢¤³¤ì¤òÃΤëÊýË¡¤¬¾å¤Î¥ê¥¹¥È¤Î¤ß¤Ç½½Ê¬¤Ç¤Ê¤¤¡£
    • Î㤨¤Ð¡¢¤¢¤ë¾®¹ñ¤Îǧ¾Ú¶É¤òÁ´À¤³¦¤Î¿Í¤¬¿®Íꤹ¤ëɬÍפ¬¤¢¤ë¤È¤Ï»×¤¨¤Ê¤¤¡£ÉÔÀµÈ¯¹Ô¤Ê¤É¤Î»ö¸Î¤òµ¯¤³¤·¤¿¾ì¹ç¤Ë¡¢¿®Íꤷ¤Æ¤¤¤Ê¤¤¤Û¤¦¤¬Îɤ«¤Ã¤¿¤È¤¤¤¦»ö¤â¤¢¤ë¤À¤í¤¦¡£¤½¤Î¤è¤¦¤Ê»þ¤Ë¡¢¼«Ê¬¤¬¿®Íꤷ¤Æ¤¤¤ëǧ¾Ú¶É¤¬¤É¤³¤Ç¤¢¤ë¤Î¤«¤òÇÄ°®¤Ç¤­¤Ê¤¤¤Î¤ÏÌäÂê¤À¡£
    • Windows 7°Ê¹ß¤Î¥·¥¹¥Æ¥à¤¬Ç§¤á¤¿¥ë¡¼¥Èǧ¾Ú¶É¤Ïºï½ü¤·¤¿¤È¤·¤Æ¤â¡¢ºÆÅÙ¥¢¥¯¥»¥¹¤¹¤ëºÝ¤ËÉü³è¤·¤Æ¤·¤Þ¤¦¡£¥æ¡¼¥¶¤Ï;·×¤Êǧ¾Ú¶É¤òÍøÍÑÄä»ß¤ä̵¸ú²½¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£
    • ¤Ä¤Þ¤ë½ê¡¢ºÇ½é¤«¤é¥ë¡¼¥Èǧ¾Ú¶É¥ê¥¹¥È¤¬ÌÀ¼¨¤µ¤ì¤º¡¢¸å½Ð¤·¥¸¥ã¥ó¥±¥ó¤Î¤è¤¦¤Ë¥ë¡¼¥Èǧ¾Ú¶É¤¬Àܳ»þ¤ËÄɲ䵤ì¤ë¤Î¤ÏÇ¡²¿¤Ê¤â¤Î¤À¤í¤¦¤«¡£
    ¤â¤Á¤í¤ó¥â¥Ð¥¤¥ë¸þ¤±¤Ë½é´üÇÛÉۤΥ롼¥Èǧ¾Ú¶É¤Ï¾®¤µ¤¯¤·¤¿¤¤¤È¤¤¤¦¤Î¤â¡¢¤ï¤«¤ëµ¤¤Ï¤·¤Þ¤¹¤¬¡¢¤É¤¦¤»400ÄøÅ٤Ǥ¹¤«¤é¡¢Â礷¤¿¥Ç¡¼¥¿Î̤Ǥâ¤Ê¤¤¤Î¤Ç¡¢ºÇ½é¤«¤éÅÐÏ¿¤·¤Æ¤¢¤Ã¤¿¤Û¤¦¤¬·é¤¤¤È»×¤¤¤Þ¤¹¡£

    2014ǯ9·îÈÇ Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·

    2014ǯ9·î¤ÎWindows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤Ç¤Ï¡¢411¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

    ¹ñÊ̤Ǹ«¤Æ¤ß¤ë¤È¡¢52¥ö¹ñ¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬ÅÐÏ¿¤µ¤ì¤Æ¤ª¤ê¡¢ÆâÌõ¤Ï¿¤¤½ç¤Ë°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤ä¤Ã¤Ñ¤ê¡¢Êƹñ¡¢¥¹¥Ú¥¤¥ó¤Ï¿¤¤¤Ç¤¹¤Í¡£°Õ³°¤Ë¾¯¤Ê¤¤¤Ê¤¡¤È»×¤¦¤Î¤¬±Ñ¹ñ¡¢¥ª¡¼¥¹¥È¥é¥ê¥¢¤Ç¤¹¡£
    country

    ¼¡¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤È¸°Ä¹¤Ë¤Ä¤¤¤Æ¤â¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
    keylen
    RSA 2048bit¤¬¤ä¤Ï¤ê¿¤¤¤Ç¤¹¤¬¡¢ RSA 4096bit¡¢Âʱ߶ÊÀþ°Å¹æ¤ÎECC NIST P-384¶ÊÀþ¤â¤«¤Ê¤êÁý¤¨¤Æ¤¤¤Þ¤¹¡£ Comodo¡¢ DigiCert¡¢ Entrust¡¢ GlobalSign¡¢ Symantec¡¢ Trend Micro¤¬ÂʱߤΥ롼¥È¾ÚÌÀ½ñ¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£¤½¤¦¤¤¤¨¤Ð¡¢ Microsoft¤«¤éȯ¹Ô¤µ¤ì¤Æ¤¤¤ë¥ê¥¹¥È¤Ë¤Ï SHA1¤«SHA2¤«¤Î¾ðÊó¤Ã¤Æ̵¤¤¤ó¤Ç¤¹¤è¤Í¡£»ÄÇ°¤À¤Ê¤¡¡£¤ä¤Ã¤Ñ¤ê¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤½¤Î¤â¤Î¤ò¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤ë¤è¤¦¤Ë¤·¤Æ¤Û¤·¤¤¤Ê¤¡¡£ Apple¤â¡¢ºÇ½é¤Ï¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¾Ü¤·¤¤¾ðÊó¤ò½Ð¤·¤Æ¤¤¤¿¤ó¤Ç¤¹¤¬¡¢ºÇ¶á¤ÏMicrosoft¤Ë½¬¤Ã¤Æ¡¢¾Ü¤·¤¤¾ðÊó½Ð¤¹¤Î»ß¤á¤Á¤ã¤Ã¤¿¤ó¤Ç¤¹¤è¤Í¡Á¡Á¡£¼ä¤·¤¤ÏäǤ¹¡£

    ¥ë¡¼¥È¾ÚÌÀ½ñ¿ô¤Î¿ä°Ü

    Windows·Ï¡¢Android¡¢Mac OS X¡¢iOS¤Ç¥Ç¥Õ¥©¥ë¥È¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¿ô¤¬¤É¤¦Áý¤¨¤Æ¤¤¤Ã¤¿¤Î¤«¥°¥é¥Õ¤Ë¤·¤Æ¤ß¤Þ¤·¤¿¡£AppleÀ½Éʤϸø¼°¥µ¥¤¥È¤Î¾ðÊ󤫤é¼èÆÀ¤·¤Æ¤¤¤Þ¤¹¡£Android¤Ë¤Ä¤¤¤Æ¤ÏÀÛºî¤ÎRoot CA Viewer Lite¤«²áµî¤Î¾ºî¶È¤ò¸µ¤ËÄ´¤Ù¤Æ¤¤¤Þ¤¹¡£
    osroot
    iOS¤ÏiOS3°Ê¹ß¡¢¥á¥¸¥ã¡¼¥Ð¡¼¥¸¥ç¥óËè¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¥ê¥¹¥È¤¬¸ø³«¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¤¹¤¬¡¢Mac OS X¤Ë¤Ä¤¤¤Æ¤Ï¿·¤·¤¤Mavericks¤ÈYosemite¤·¤«¾ðÊ󤬤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£ Apple iOS¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ë¡¼¥È¤Î¿ô¤¬Íð¹â²¼¤·¤Æ¤¤¤Æ¡¢¤Ê¤ó¤«·ÇºÜ¥Ý¥ê¥·¡¼¤¬Äê¤Þ¤Ã¤Æ¤Ê¤¤´¶¤¸¤Ê¤ó¤Ç¤¹¤«¤Í¡© ËÜÅö¤ÏMozilla¤äJava¤Ë¤Ä¤¤¤Æ¤âÄ´¤Ù¤Æ¤ß¤¿¤«¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢¤³¤ì¤Ïº£¸å¤Î²ÝÂê¤È¤¤¤¦¤³¤È¤Ç¡¢¡¢¡¢(^^;

    Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤òÄ´¤Ù¤ëÃÏÆ»¤Êºî¶È (µã)

    °ÊÁ°¤Ï¡¢¼«Á°¤Î¥Ä¡¼¥ë¤ò»È¤¨¤Ð´Êñ¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤òÃê½Ð¤Ç¤­¤¿¤Î¤Ç¡¢º£²ó¤Î¤è¤¦¤Ê¾ðÊó¤òÈæ³ÓŪ´Êñ¤ËÄ´ºº¤¹¤ë¤³¤È¤¬¤Ç¤­¤¿¤ó¤Ç¤¹¤¬¡¢ Windows 7°Ê¹ß¡¢¤½¤¦¤·¤¿»ö¤â¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤Ç¡¢º£²ó¤Ï¤È¤¤¤¦¤È¡¢¤³¤ó¤ÊÃÏÌ£¤Ê¼ê½ç¤òƧ¤ó¤ÇÄ´ºº¤·¤¿¤ó¤Ç¤¹(µã)¡£Microsoft¤ÎÃæ¤Î¿Í¤Ê¤é¥ê¥¹¥È¤Î¥¨¥¯¥»¥ë¥Õ¥¡¥¤¥ë¤È¤«¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤½¤Î¤â¤Î¤ò»ý¤Ã¤Æ¤¤¤Æ´Êñ¤ËÄ´ºº¤Ç¤­¤ë¤ó¤Ç¤·¤ç¤¦¤±¤É¤Í¤§¡¢¡¢¡¢¥È¥Û¥Û¡£

    1. ¸ø³«¤µ¤ì¤Æ¤¤¤ëPDF¥Õ¥¡¥¤¥ë¡Ö Windows Root Certificate Program Members - September 2014¡×¤«¤éCERTIFICATES IN DISTRIBUTION FROM ALL MEMBER CAs¤Îɽ¤ò³Æ¥Ú¡¼¥¸¡¢¥Æ¥­¥¹¥È¤Ç¥³¥Ô¥Ú¤¹¤ë¡£
    2. Emacs¤Î¥Æ¥­¥¹¥ÈÊÔ½¸¤Ç²¿¤È¤«¡¢TSV(¥¿¥Ö¶èÀÚ¤ê)¥Õ¥¡¥¤¥ë¤Ë¤¹¤ë¡£
    3. Mac¤Î¥Æ¥­¥¹¥È¥¨¥Ç¥£¥¿¤Ç³«¤­UTF-16¤ÇÊݸ¤¹¤ë¡£
    4. Mac¤ÎExcel¤Ç¥¤¥ó¥Ý¡¼¥È¤¹¤ë¡£
    5. ¥¤¥ó¥Ý¡¼¥È¤·¤¿»þÅÀ¤Ç¡¢¥«¥é¥à°ÌÃ֤Υº¥ì¤äʸ»ú²½¤±¤¬¤¢¤ë¤Î¤Ç¼êºî¶È¤Ç½¤Àµ¡£
    6. ¥ë¡¼¥È¾ÚÌÀ½ñ¥ê¥¹¥È¤ÎExcel¤¬´°À®¡ª¡ª¡ª (µã)
    7. ¤Á¤ã¤ó¤È¤·¤¿¥¨¥¯¥»¥ëɽ¤Ê¤Î¤Ç¡¢¥Õ¥£¥ë¥¿»È¤Ã¤ÆÄ´¤Ù¤¿¤ê¡¢´Êñ¤Ê¥¹¥¯¥ê¥×¥È½ñ¤¤¤Æ½¸·× ¤·¤¿¤ê¤Ç¤­¤ë¡£

    ¤µ¤é¤Ê¤ëÌî˾

    ²È²¤«¤é¡Ö¥ê¥Ó¥ó¥°¤Ë¥Õ¥¡¥ó¤¬ÈѤ¤¥Þ¥·¥ó¤òÃÖ¤¯¤Ê¡ª¡×¤ÈÈóÆñ¤µ¤ì¡¢µã¤¯µã¤¯¥Õ¥¡¥ó¥ì¥¹¤ÎĶ¾®·¿¥Þ¥·¥óDiginnos LIVA¤ò¥µ¡¼¥Ð¡¼Âå¤ï¤ê¤Ë»È¤Ã¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢¥Ö¥é¥¦¥¶¤ÇÊѤʥµ¥¤¥È¤Ë¹Ô¤¯¤³¤È¤â¤¢¤Þ¤ê¤Ê¤¤¤Î¤Ç¡¢¥ë¡¼¥Èǧ¾Ú¶É¤Î¥ê¥¹¥È¤Ï27¤Ç¡¢½é´ü½Ð²Ù»þ¤«¤é¤¢¤Þ¤êÁý¤¨¤Æ¤¤¤Ê¤¤¤Ï¤º¤Ç¡¢º£²ó¡¢»î¤·¤Ë³«¤¤¤Æ¡¢¥¤¥¿¥ê¥¢¤ÎActalis Authentication CA G1¤¬Áý¤¨¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£
    windialog
    ¤Ê¤ó¤«¤³¤¦¡¢ ¤¢¤ì¤Ç¤¹¡¢411¤â¤¢¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢¥Õ¥ë¥³¥ó¥×¤·¤¿¤¤¤Ç¤¹¤è¤Í¤§¡© ÀèÀ¸¡¢Âç»ö¤Ê¤³¤È¤À¤«¤é¤â¤¦°ì²ó¸À¤¤¤Þ¤¹¡£

    ¥Õ¥ë¥³¥ó¥×¤·¤¿¤¤¤Ç¤¹¤è¤Í¤§¡©¡ª¡ª¡ª
    ¤³¤ì¤ò¥Õ¥ë¥³¥ó¥×¤¹¤ë¤Ë¤Ï¡¢ 411¤ÎÁ´¤Æ¤Îǧ¾Ú¶É¤½¤ì¤¾¤ì¤Ë¡¢¤½¤³¤«¤éȯ¹Ô¤µ¤ì¤¿¤É¤ì¤«°ì¤Ä¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤¤¤ë¥µ¥¤¥È¸«¤Ä¤±¤Æ¡¢Internet Explorer¤ÇHTTPS¥¢¥¯¥»¥¹¤¹¤ì¤Ð¤¤¤¤¤À¤±¤Ç¤¹¤¬¡¢¥Þ¥¤¥Ê¡¼¤Êǧ¾Ú¶É¤«¤éȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤¤¤ë¥µ¥¤¥È¤ò¸«¤Ä¤±¤ë¤Ê¤ó¤Æ¡¢³¤¿åÍá¹Ô¤Ã¤¿³¤´ß¤Î¤É¤³¤«¤ÇÍî¤È¤·¤¿10±ß¶Ì¸«¤Ä¤±¤ë¤è¤¦¤Ê¤â¤ó¤Ç¡¢¤Û¤È¤ó¤É̵Íý¤Ç¤¹¤è¤Í¡£ Î㤨¤Ð¡¢Symantec¤Ê¤ó¤«¤Ï¿§¤ó¤Êǧ¾Ú¶É¤òÇã¤Ã¤¿¤Î¤Ç¡¢¥°¥ë¡¼¥×¤À¤±¤Ç70¤â¤Îǧ¾Ú¶É¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤¬¡¢Symantec¤Ë¤½¤ì¤¾¤ì¤Îǧ¾Ú¶É¤«¤éȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¤¹¤Ù¤Æ¤ò¸«¤Ä¤±¤ë¤Ê¤ó¤Æ¡¢¤â¤¦ÌµÍý¤Ç¤¹¡£

    ¤³¤¦¤¤¤¦»þ¤Ç¤¹¤Í¤§¡¢Certificate Transparency¤Î¸ø³«´Æºº¥í¥°¤ò¼ê¸µ¤Ë»ý¤Ã¤Æ¤¤¤ë¤È¤Ç¤¹¤Í¤§¡¢740ËüË礰¤é¤¤¤Î¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤È¡¢¤½¤Î¥ë¡¼¥Èǧ¾Ú¶É¤Þ¤Ç¤Î¥Á¥§¡¼¥ó¤¬¤¢¤ë¤Î¤Ç¡¢¤½¤ì¤¾¤ì¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤ò¼è¤ê½Ð¤·¤Æ¡¢Windows¥ë¡¼¥È¾ÚÌÀ½ñ¾ðÊó¤ÎPDF¤Ëµ­ºÜ¤µ¤ì¤¿¾ÚÌÀ½ñ¤ÎÙÅ°õ¥Ï¥Ã¥·¥åÃͤȤòÈæ³Ó¤¹¤ì¤Ð¡¢¤½¤³¤«¤éȯ¹Ô¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤¬°ì¤Ä¤ß¤Ä¤«¤ë¤Î¤Ç¡¢¤½¤³¤Ø¥¢¥¯¥»¥¹¤¹¤ì¤ÐÁ°½Ò¤Î¡Ö¾ÚÌÀ½ñ¥À¥¤¥¢¥í¥°¡×¤Ëɽ¼¨¤µ¤ì¤ë¤Î¤Ç¤Ï¤Ê¤¤¤«¤È¡ª¡ª¡ª(¥Ñ¥Á¥Ñ¥Á)

    ¥´¡¼¥ë¥Ç¥ó¥¦¥£¡¼¥¯Ãæ¤Ë¡¢¤Á¤ç¤Ã¤ÈGo¸À¸ì¤Ç¤³¤ó¤Ê¥Ä¡¼¥ë¤òºî¤í¤¦¤«¤Ê¤¡¡¢¡¢¡¢¤È»×¤Ã¤Æ¤Þ¤¹¡£

    ¤ª¤ï¤ê¤Ë

    ¤¤¤ä¡Á¡¢¥ª¥ì¤Î¥´¡¼¥ë¥Ç¥ó¥¦¥£¡¼¥¯¤ÏÍ­°ÕµÁ¤À¤Ê¤¡¡¢¡¢¡¢ (±ó¤¤ÌÜ ) ¤³¤ó¤Ê¤³¤È¤Ð¤«¤ê¤·¤Æ¤¤¤ë¤È¥«¥ß¤µ¤ó¤ËÅܤé¤ì¤ë¤Î¤Ç¡¢º£Æü¤Ï¤³¤Î¤Ø¤ó¤Ç¡£

    Äɵ­(2015.05.03 13:28)

    ¥ª¥Õ¥é¥¤¥ó¤Ç¥ë¡¼¥È¾ÚÌÀ½ñ¤ò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¸ø¼°¥¢¥Ã¥×¥Ç¡¼¥¿¡¼ http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe ¤«¤é¥ë¡¼¥È¾ÚÌÀ½ñ¤¬¡ÖÈ´¤±¤ë¡×¤ó¤¸¤ã¤Í¡©¤ÈË¿ÌÚ¼ÂçÀèÀ¸¤«¤é¤´»ØŦ¤¤¤¿¤À¤­¤Þ¤·¤¿¡£³Î¤«¤Ë¤½¤Î¤È¤ª¤ê¤Ç¤·¤¿¡£(¤Ä¡Á¤«¡¢Á°¤Ë¥Ä¡¼¥ë»È¤Ã¤Æ¤½¤ì¤¬¤Ç¤­¤Æ¤¿¤â¤Î¤¬¡¢»²¾È¾ðÊó¤·¤«¼è¤ì¤Ê¤¯¤Ê¤Ã¤¿¤È´ª°ã¤¤¤·¤Æ¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¡¢¤½¤Î¤Þ¤Þ¤Ë¤·¤Æ¤¿¤ó¤Ç¤¹¤¬ ¡¢»ØŦ¤ò夤¤Æ¤«¤é¸«¤Æ¤ß¤¿¤é¤Á¤ã¤ó¤È¤¢¤ê¤Þ¤·¤¿¡£) ¤½¤Î¼Â¹Ô¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ç¤¢¤ë .SST (Microsoft Serialized Certificate Files)¤¬Æþ¤Ã¤Æ¤ª¤ê¡¢¤½¤ÎÃ椫¤é¥ë¡¼¥È¾ÚÌÀ½ñ¤¬¼è¤ê½Ð¤»¤½¤¦¤Ç¤¹¡£Á°¤Ïºî¤Ã¤¿¥Ä¡¼¥ë»È¤Ã¤Æ¤¿¤ó¤Ç¤¹¤¬¡¢º£¤Ï PowerShell ¤«¤é¼è¤ê½Ð¤»¤½¤¦¡£»î¤·¤¿¤é¤Þ¤¿Êó¹ð¤·¤Þ¤¹¡£¥ë¡¼¥È¾ÚÌÀ½ñ¤¬È´¤±¤¿¤È¤·¤Æ¡¢¤¿¤À³«¤¤¤¿¤À¤±¤Ç¡¢¡Ö¿®Íꤹ¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¡×¤Î¥ê¥¹¥È¤Ëɽ¼¨¤µ¤ì¤ë¤ó¤«¤¤¤Ê¡©¡©¡©

    ´ØÏ¢µ­»ö

    ¤Á¤ç¤Ã¤È±ó¤¤´ØÏ¢µ­»ö

    Chrome¤ÎSHA1¾ÚÌÀ½ñÂбþ·×²è¤Î°ìÉô±ä´ü(2015ǯ3·î12Æüȯɽ)

    2015ǯ3·î12Æü¡¢Google¤Î¥Õ¥©¡¼¥é¥à¤Ç¡¢ Chrome³«È¯¥Á¡¼¥à¤Ç¥¯¥í¥¹¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤Î°Å¹æ¡¦PKI¥³¥¢¤Î³«È¯¤òôÅö¤·¤Æ¤¤¤ëRyan Sleevi»á¤«¤é¡¢ Chrome 41¤Î¥ê¥ê¡¼¥¹¤òSHA-1¾ÚÌÀ½ñ¤Î·Ù¹ðɽ¼¨¤Î¥Þ¥¤¥ë¥¹¥È¡¼¥ó¤È¤·¤Æ¤¤¤¿¤â¤Î¤ò Chrome 42¤ËÃ٤餻¤ë¤È¥¢¥Ê¥¦¥ó¥¹¤¬¤¢¤ê¤Þ¤·¤¿¡£

    ¶ñÂÎŪ¤ËChrome¥Ð¡¼¥¸¥ç¥ó¤È¥ê¥ê¡¼¥¹»þ´ü¤Èɽ¼¨¤µ¤ì¤ë·Ù¹ð¥¢¥¤¥³¥ó¤Ï¡¢°ÊÁ°¤Î·×²è¤Ç¤Ï °Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤¿¤â¤Î¤¬
    chromesha1-1
    °Ê²¼¤Î¤è¤¦¤ËChrome 41¤Î²Õ½ê¤¬Chrome 42¤ÇÊѹ¹¤¬È¿±Ç¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¡¢ 1¥ö·îȾ¥¹¥±¥¸¥å¡¼¥ë¤¬ÃÙ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤È¤¤¤¦»ö¤Ç¤¹¡£
    chromesha1-2

    SHA1¾ÚÌÀ½ñ·Ù¹ðɽ¼¨¤Î±Æ¶Á̵ͭ¤Î´Êñ¤Ê³ÎǧÊýË¡

    ¤¢¤ë¥µ¥¤¥È¤¬SHA1¾ÚÌÀ½ñ¤Î·Ù¹ðɽ¼¨¤Î±Æ¶Á¤¬¤¢¤ë¤«¤É¤¦¤«¤Ï¡¢ ´Êñ¤Ë³Îǧ¤Ç¤­¤ë¥Ä¡¼¥ë¤òÄ󶡤·¤Æ¤¤¤ë¤È¤³¤í¤¬2¤Ä¤Û¤É¤¢¤ê¤Þ¤¹¡£

    ¤³¤ÎDigiCert¤Î¤ä¤Ä¤Ï¥ª¥¹¥¹¥á¤Ç³Îǧ¤·¤¿¤¤¥É¥á¥¤¥ó¤òÆþÎϤ·¡ÖLOOKUP¡×¥Ü¥¿¥ó¤ò²¡¤»¤Ð¡¢³ÆChrome¤Î¥Ð¡¼¥¸¥ç¥ó¤Ç¤É¤Î¤è¤¦¤Ë·Ù¹ðɽ¼¨¤µ¤ì¤ë¤Î¤«¤ï¤«¤ê¤Þ¤¹¡£
    chromesha1-3
    (½Ðŵ¡§DigiCert SHA-1 Sunset Tool)

    ¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÎÂбþ¾õ¶·

    2015ǯ3·î7Æü¤ÎGoogle¤«¤é¤Îȯɽ¤ò¼õ¤±¤Æ¡¢ 2015ǯ3·î17Æü»þÅÀ¤Ç¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹³Æ¼Ò¤¬¡¢·ÇºÜ¾ðÊó¤ò¹¹¿·¤·¤¿¤«¤É¤¦¤« Ä´¤Ù¤Æ¤ß¤Þ¤·¤¿¡£

    ¤ª¤ï¤ê¤Ë

    °Ê¾å¡¢3·î12Æü¤ÎGoogle¤«¤é¤Îȯɽ¤ò¼õ¤±¤Æ¡¢ÃÙ¤¯¤Ê¤ê¤Þ¤·¤¿¤¬¡¢ Google Chrome¤ÎSHA1¾ÚÌÀ½ñ·Ù¹ðɽ¼¨¤Î°ìÉô±ä´ü¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤·¤¿¡£ º£Æü¤Ï¤³¤ÎÊդǡ£

    Äɵ­1

    ¤ª¤Ã¤È¡¢°ì¸À¸À¤¤Ëº¤ì¤¿¡£Google¤ÎSecurity-dev¥Õ¥©¡¼¥é¥à¤Ç¤Á¤ç¤Ã¤È½ñ¤«¤ì¤¿¤ä¤Ä¤ò°Ê¤Æ¡¢¤³¤ó¤ÊÂç»ö¤Ê»ö¤ò¡Ö¥¢¥Ê¥¦¥ó¥¹¤·¤¿¡×¤È¤¹¤ë¤Î¤Ï¡¢Google¤µ¤ó¤Ï¤Á¤ç¤Ã¤ÈÀ¿°Õ¤¬¤Ê¤µ¤¹¤®¤ë¤·¡¢¤Ò¤É¤¹¤®¤ë¤Ê¤È¡¢¡¢¡¢¤»¤á¤ÆChrome Releases¤Î¥Ú¡¼¥¸¤Ê¤É¤Ç¤Ï¾Ò²ð¤·¤ÆÍߤ·¤¤¤·¡¢¥Ö¥í¥°¤Ç¤âÀ°Íý¤·¤Æ²òÀ⤷¤ÆÍߤ·¤¤¤·¡¢ÆüËܸì¤Î¸ø¼°¤Ê¾ðÊó¤âÍߤ·¤¤¤Ê¤¡¤È»×¤¤¤Þ¤·¤¿¡£

    ºÇ¿·µ­»ö
    Categories
    Archives
    Twitter
    µ­»öGoogle¸¡º÷

    ËÜ¥Ö¥í¥°Æâ¤òGoogle¸¡º÷
    Yahoo!¥¢¥¯¥»¥¹²òÀÏ
    Travel Advisor
    µ­»ö¸¡º÷
    QR¥³¡¼¥É
    QR¥³¡¼¥É
    • ¥é¥¤¥Ö¥É¥¢¥Ö¥í¥°