¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­

´ðËܤ϶ô¤Ã¤Æ¤ë¤«°û¤ó¤Ç¤ë¤«¤Ç¤¹¤¬¡¢¤è¤¯¼ñÌ£¤Ç¥«¥é¥ª¥±¡¦PKI¡¦½ð̾¡¦Ç§¾Ú¡¦¥×¥í¥°¥é¥ß¥ó¥°¡¦¾ðÊ󥻥­¥å¥ê¥Æ¥£¤ò¤ä¤Ã¤Æ¤¤¤Þ¤¹¡£Î¹¹¥¤­¡£¥Æ¥ì¥Ó¹¥¤­¤Ç·ÝǽÄÌ

PKI

Mozilla Firefox¤ÎCRLite¤ÇÍ·¤Ö (moz_crlite_query¤ÎÏÃ)

OCSP¤Ë¤è¤ë¼º¸ú¸¡¾Ú¤Ï¡¢ÀèÆü¤ÎApple macOS Big Burr¤Î¥½¥Õ¥È¥¦¥§¥¢¥³¡¼¥É½ð̾¤ÎÂçÎ̤θ¡¾Ú¤Ç¡¢OCSP¥ì¥¹¥Ý¥ó¥À¹âÉé²Ù¤Ë¤è¤ë¼º¸ú¸¡¾Ú¤Î¾ã³²¤¬½Ð¤¿¤Î¤Ç¤Ï¤È¿ä¬¤µ¤ì¤ë¤è¤¦¤Ë¡¢ÄÌ¿®¾ã³²¡¢¥µ¡¼¥Ð¡¼¾ã³²¤Ê¤É¤ÇOCSP±þÅú¤¬¼è¤ì¤Ê¤¤¤Ê¤É¤Î¤³¤È¤¬¤¢¤Ã¤Æ¡¢ºÇ¶áÈó¾ï¤ËɾȽ¤¬°­¤¤¤Ç¤¹¡£¤½¤Î¤¿¤á¡¢¥¦¥§¥Ö¥Ö¥é¥¦¥¶¤ÎÀ¤³¦¤Ç¤Ï¡¢Chrome¤Ç¤Ï CRLSet¡¢Firefox ¤Ç¤ÏCRLite¤È¤¤¤¦Ê̤μº¸ú¸¡¾ÚÊýË¡¤ò»È¤ª¤¦¤È¤·¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¡£Chrome¤ÎCRLSet¤Ë¤Ä¤¤¤Æ¤Ï2013ǯ2·î¤Ë¡¢CRLSet¤ÇËÜÅö¤ËÂç¾æÉפʤó¤À¤í¤¦¤«¤È»×¤¤¡Ö¾­ÍèGoogle Chrome¤¬SSL¾ÚÌÀ½ñ¤Î¥ª¥ó¥é¥¤¥ó¼º¸ú¸¡¾Ú¤ò¤ä¤á¤ÆÆȼ«¤Î¼º¸ú¾ðÊó¥×¥Ã¥·¥å¤ò¹Ô¤¦¤È¤¤¤¦º¤¤Ã¤¿ÏáפȤ¤¤¦¥Ö¥í¥°¥¨¥ó¥È¥ê¤ò½ñ¤«¤»¤Æ¤¤¤¿¤À¤­¤Þ¤·¤¿¡£(¤¬¡¢¤½¤Î¸å¡¢Chrome CRLSet¤¬¤É¤¦¤Ê¤Ã¤Æ¤¤¤ë¤Î¤«¤è¤¯¤ï¤«¤Ã¤Æ¤¤¤Þ¤»¤ó¡£)

mushimegane_boy ¤Ç¡¢Firefox CRLite¤Ë¤Ä¤¤¤Æ¤Ç¤¹¤¬¡¢ ÀèÆü¡¢¡ÖQuerying CRLite for WebPKI Revocations¡×(2020.11.26)¤È¤¤¤¦µ­»ö¤¬¸ø³«¤µ¤ì¤Þ¤·¤¿¡£Firefox Nightly ¥Ð¡¼¥¸¥ç¥ó¤Ç¼ÂÁõ¤µ¤ì¤Æ¤¤¤ëCRLite¼º¸ú¸¡¾Ú¤Îµ¡Ç½¤ò³Îǧ¤¹¤ë¤¿¤á¤ÎPython¤Î¥Ä¡¼¥ë moz_crlite_query ¤¬¹ç¤ï¤»¤Æ¸ø³«¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Firefox Nightly 85.0 ¤Ç¼ÂÁõ¤µ¤ì¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤Ê¤Î¤Ç¡¢2021ǯ1·î26Æü¥ê¥ê¡¼¥¹Í½Äê¤ÎFirefox 85Àµ¼°ÈǤǤÏCRLite¼º¸ú¸¡¾Ú¤¬»È¤ï¤ì¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤Ê¤Î¤Ç¤·¤ç¤¦¡£(´Ö°ã¤Ã¤Æ¤¤¤¿¤é¤´¤á¤ó¤Ê¤µ¤¤¡£) ¤ª¤ª¡¢Firefox¤ÎCRLite¤¬¤¤¤è¤¤¤è¼Â±¿ÍѤµ¤ì¤ë¤ó¤À¤Ê¤¡¡¢¡¢¡¢¤Èwktk¤·¤Ê¤¬¤é¡¢º£Æü¤Ï¤³¤Î moz_crlite_query ¤ò»î¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¥¤¥ó¥¹¥È¡¼¥ë

Python 3.7 °Ê¾å¤Î´Ä¶­¤Ç

% pip install moz_crlite_query
¤È¤¹¤ì¤Ð¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£°Í¸¤¹¤ëPython¥â¥¸¥å¡¼¥ë¤ò¥Ó¥ë¥É¤¹¤ë¤Î¤Ëgcc¡¢g++¤¬É¬Íפˤʤë¤ß¤¿¤¤¤Ç¤¹¡£

»ä¤ÎMac Book Air¤Ï¸Å¤¯¤«¤é»È¤Ã¤Æ¤¤¤ÆPython´Ä¶­¤¬±ø¤ì¤Æ¤¤¤Æ¡¢OS¤ÇÄ󶡤µ¤ì¤ëPython2.7¡¢Python3?¡¢macports¤ÎPython2¡¢Python3¤Ê¤É¤¢¤ê¡¢ÀÚ¤êÂؤ¨¤¬¤¦¤Þ¤¯¤¤¤«¤º¡¢¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤È¤Æ¤â¥Ï¥Þ¤ê¤Þ¤·¤¿¡£ ¸Å¤¤Python setuptools¤À¤È¡¢2.7Åù¡¢¥Ð¡¼¥¸¥ç¥ó¤¬¸Å¤¯¤Æ¤â¥¤¥ó¥¹¥È¡¼¥ë¥¨¥é¡¼¤Ë¤Ê¤é¤Ê¤¤¤è¤¦¤Ç¡¢¤³¤ì¤Ç¥Ï¥Þ¤ê¤Þ¤·¤¿¡£ ºÇ½é¤«¤épyenv»È¤Ã¤È¤­¤ã¤è¤«¤Ã¤¿¤ó¤À¤è¤Ê¤¡¡¢¡¢¡¢¡£pyenv¤ÇPython 3.9¤òÆþ¤ìľ¤·¤Æ¡¢Windows 10 WSL2¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿moz_crlite_query¥¹¥¯¥ê¥×¥È¤ò¥³¥Ô¡¼¤·Ìᤷ¤Æ¤ä¤Ã¤ÈÆ°¤¯¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£pyenv¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¤È¤­moz_crlite_query¥¹¥¯¥ê¥×¥È¤Ï¤É¤³¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤ó¤À¡©¡©¡©

Windows 10 WSL2¤ÎUbuntu¤ËÆþ¤ì¤ë¤Î¤Ï¡¢¤½¤ì¤Û¤ÉÂçÊѤǤϤ¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£apt¥³¥Þ¥ó¥É¤Ç­¤ê¤Æ¤Ê¤«¤Ã¤¿¡¢gcc¡¢g++¡¢python3-dev¤òÆþ¤ì¤Æpip¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤Þ¤·¤¿¡£

¥µ¥¤¥È¤Ç¾Ò²ð¤µ¤ì¤Æ¤ë¼Â¹ÔÎã¤Ï¡¢¤¤¤Á¤¤¤ÁPEM¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë»ý¤Ã¤Æ¤­¤Æ¤Þ¤¹¤¬¡¢¡Ömoz_crlite_query --hosts Ä´¤Ù¤¿¤¤TLS¥µ¥¤¥ÈFQDN¡×¤ÇÄ´¤Ù¤é¤ì¤Þ¤¹¡£Î㤨¤ÐMac¤Çwww.nist.gov¤òÄ´¤Ù¤ì¤Ð¤³¤ó¤Ê´¶¤¸¡¢
crlite-mac
Windows WSL¤Çec.europa.eu¤òÄ´¤Ù¤ì¤Ð¤³¤ó¤Ê´¶¤¸¤Ç¼Â¹Ô¤Ç¤­¤Þ¤¹¡£
crlite-win
(³¨Ê¸»ú»È¤¦¤ó¤¸¤ã¤Í¡Á¡Á¡ª¡ª¡ª)
PEM¾ÚÌÀ½ñ¤ò»ØÄꤷ¤Æ¡Ömoz_crlite_query PEM¾ÚÌÀ½ñ¥Õ¥¡¥¤¥ë¡×¤Ç¤âÄ´¤Ù¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¤Ç¡¢¤Á¤ç¤Ã¤È¸«¤Æ¤ß¤ë¤¾¡¢¤È

CRLite¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ï°ìÆü¤Ë4²ó¹¹¿·¤·¤ÆÇÛÉÛ¤µ¤ì¤ë¤½¤¦¤Ç¡¢moz_crlite_query¥³¥Þ¥ó¥É¤Ï¡¢¥Ç¡¼¥¿¥Ù¡¼¥¹¤ò³Îǧ¤·¤Æ¿·¤·¤¤¤Î¤¬¤¢¤ì¤Ð~/.crlite_db¤Ë¥Ç¡¼¥¿¥Ù¡¼¥¹°ì¼°¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ»ÈÍѤ·¤Þ¤¹¡£¥Õ¥¡¥¤¥ë¤Î°ìÍ÷¤Ï¤³¤ó¤Ê´¶¤¸¡£

2020-11-24T00:08:12+00:00Z-full 2020-11-26T18:08:13+00:00Z-diff 2020-11-24T06:08:12+00:00Z-diff 2020-11-27T00:08:16+00:00Z-diff 2020-11-24T12:08:14+00:00Z-diff 2020-11-27T06:08:13+00:00Z-diff 2020-11-24T18:08:15+00:00Z-diff 2020-11-27T12:08:20+00:00Z-diff 2020-11-25T00:08:23+00:00Z-diff 2020-11-27T18:08:11+00:00Z-diff 2020-11-25T06:08:05+00:00Z-diff 2020-11-28T00:08:14+00:00Z-diff 2020-11-25T12:08:22+00:00Z-diff 2020-11-28T06:08:12+00:00Z-diff 2020-11-25T18:08:11+00:00Z-diff 2020-11-28T12:08:12+00:00Z-diff 2020-11-26T00:08:11+00:00Z-diff 2020-11-28T18:08:21+00:00Z-diff 2020-11-26T06:08:17+00:00Z-diff intermediates.sqlite 2020-11-26T12:08:14+00:00Z-diff
¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤Èɽ¼¨¤µ¤ì¤Æ¤¤¤ëÄ̤ꡢ2457¤Î¥Ñ¥Ö¥ê¥Ã¥¯¤ÊÃæ´ÖCA¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç¡¢FAQ¤Ç¤Ï¡Ö¤¹¤Ù¤Æ¤ÎCA¡×¤È¤«¸À¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¤¬¡¢¤½¤¦¤¤¤¦¤ï¤±¤Ç¤Ï¤Ê¤µ¤½¤¦¡£¥¨¥ó¥É¥¨¥ó¥Æ¥£¥Æ¥£¤¬SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë¤è¤¦¤ÊÃæ´ÖCA¤Ï³µ¤ÍÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñȯ¹ÔÍѤǤʤ¤CA¤ä¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Î¸¡¾Ú¤Ë»È¤¦CA¤ÏÅÐÏ¿¤µ¤ì¤Æ¤¤¤Ê¤¤¤è¤¦¤Ç¤¹¡£ÅÐÏ¿¤µ¤ì¤Æ¤Ê¤¤Ãæ´ÖCA¤ËÂФ·¤Æ¥¯¥¨¥ê¤ò¤«¤±¤ë¤È¡ÖEnrolled in CRLite: ✕¡×¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ìÅÐÏ¿¤µ¤ì¤Æ¤Ê¤¤¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£(³¨Ê¸»ú¥ä¥á¥íw)

¡Öintermediates.sqlite¡×¤¬Ãæ´ÖCA¤ÎSQLite¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢Ãæ¤Ë¤Ï¥Æ¡¼¥Ö¥ë¤Ï°ì¤Ä¤·¤«¤Ê¤¯¡¢¤³¤ó¤Ê´¶¤¸¤Ç¥¹¥­¡¼¥ÞÄêµÁ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤Ê¤ó¤È¤Ê¤¯ÁÛÁü¤Ä¤­¤Þ¤¹¤Í¡£

CREATE TABLE intermediates ( id TEXT PRIMARY KEY, last_modified TEXT, subject TEXT, subjectDN BLOB, derHash BLOB, pubKeyHash BLOB, crlite_enrolled BOOLEAN, -- crlite_enrolled = FALSE¤ÊÃæ´ÖCA¤Ï1656¤Ê¤Î¤Ç¡¢Âбþ¤·¤Æ¤ë¤Î¤Ï801 CA? whitelist BOOLEAN); -- whitelist = TRUE¤ÊÃæ´ÖCA¤ÏÅÐÏ¿¤µ¤ì¤Æ¤Ê¤«¤Ã¤¿

¤È¤Þ¤¡¡¢¤³¤ó¤Ê´¶¤¸¤Ê¤ó¤Ç¤¹¤¬¡¢CRLSet¤Î¤È¤­¤Ë½ñ¤¤¤¿µ¿Ìä¤Ïʧ¿¡¤µ¤ì¤º¡¢ËÜÅö¤Ë¿®ÍѤǤ­¤ë¤Î¤«¥â¥ä¥â¥ä¤·¤Þ¤¹¤Í¡Á¡Á¡Á¡£¤Ê¤ó¤«¥ä¥Ù¡¼¡¼¡¼¤Î¸«¤Ä¤±¤Á¤ã¤Ã¤¿µ¤¤â¤¹¤ë¤·¡£¥Ö¥é¥¦¥¶¤Ç¤É¤¦»È¤ï¤ì¤Æ¤¤¤ë¤Î¤«¸«¤Ê¤¤¤È²¿¤È¤â¤¤¤¨¤Ê¤¤¤Ç¤¹¤¬¡¢¡¢¡¢¡¢

º£Æü¤Ï¤³¤ó¤Ê¤È¤³¤Ç¡£´Ä¶­¤â±ø¤ì¤Æ¤­¤¿¤·¥Ð¥Ã¥Æ¥ê¡¼¤â¹ó¤¤¾õ¶·¤Ê¤Î¤ÇM1 Mac Book AirÇ㤦¤«¤Ê¤¡¡¢¡¢¡¢

ºÇ¶á¤Î¾ÚÌÀ½ñ¤ÎÏÃÂê(3): ¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ·Á¼°¤ÎÅŻҰÑǤ¾õ¤Î¥×¥í¥Õ¥¡¥¤¥ë¤Ë´Ø¤¹¤ë¹Í»¡

¤ªÏͤӡ§¤³¤Îµ­»ö¤Ï£³·î¤Ë½ñ¤­»Ï¤á¡¢£µ·î¤ËÂçÊý¤Ç¤­¤Æ¤¤¤¿¤Î¤Ç¤¹¤¬¡¢¤Ê¤ó¤«¥Ü¥ê¥å¡¼¥àËþÅÀ¤Ê³ä¤Ë¡¢Íî¤È¤·½ê¤¬¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¡¢¿É¤¯¤Ê¤Ã¤ÆÊüÃÖ¤·¤Æ¤¤¤Þ¤·¤¿¡£¤³¤ì¤¬½ª¤ï¤é¤Ê¤¤¤»¤¤¤Ç¡¢Â¾¤Îµ­»ö¤â²¿¤È¤Ê¤¯½ñ¤¯¤Î¤¬²¯¹å¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤·¤¿¡£¤ä¤Ã¤È£¸·îËö¤Îº£Æü¡¢¾¯¤·½ñ¤­Â­¤·¤ÆÀ¸¼Ñ¤¨µ­»ö¤È¤·¤Æ¶¡Íܤµ¤»¤Æ¤¯¤À¤µ¤¤m(_ _)m¡£¤¿¤À¤³¤³¤Ç¸À¤¤¤¿¤¤¤Î¤Ï
(ÅŻҾÚÌÀ½ñÊý¼°¤Î)ÅŻҰÑǤ¾õ¤Ï¡¢¤ªÌò½ê¤Ø¤Î¿½ÀÁ¤À¤±¤Ç¤Ê¤¯¡¢´ë¶È´Ö¤ÎÅŻҷÀÌó¤Ç¤â¡¢Á°¤è¤ê³ÊÃʤ˻Ȥ¤¤ä¤¹¤¤¾ÚÌÀ½ñ¤Ê¤Î¤Ç¡Ö¤Á¤ã¤ó¤ÈÉáµÚ¤·¤Æ¤¯¤À¤µ¤¤¡ª¡ª¡ª¡×
¤Ã¤Æ¤³¤È¤À¤±¤Ç¤¹¡£

º£Æü¤ÏÀµ³Î¤Ë¤Ï¾ÚÌÀ½ñ¥Ï¥ó¥¿¡¼¥Í¥¿¤È¤Ï¸À¤¨¤Ê¤¤¤ó¤Ç¤¹¤¬¡¢º£¸å¤ª¤â¤·¤í¤½¤¦¤Ê¡¢¡ÖÅŻҰÑǤ¾õ¡×¤È¤¤¤¦¾ÚÌÀ½ñ¤¬½Ð¤Æ¤­¤½¤¦¤Ã¤Æ¤³¤È¤Ç¾Ò²ð¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£¤Á¤ç¤Ã¤ÈŤ¤¤Ç¤¹¡£¤´ÍƼϤ¯¤À¤µ¤¤¡£

¤â¤¯¤¸
1. ÅŻҰÑǤ¾õ¤È¤Ï
2. ¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤Î¹½Â¤(¤ª¤µ¤é¤¤)
3. ¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ·Á¼°¤ÎÅŻҰÑǤ¾õ¤Î¥µ¥ó¥×¥ëȯ¹Ô
4. ÈÆÍѤξÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤Ç¼çÂμÔÊÌ̾¤Îɽ¼¨¤ÏÌäÂê¤Ê¤¤¤«
¡¡4.1. Windows¤Îɽ¼¨
¡¡4.2. macOS¤Îɽ¼¨
¡¡4.3. Firefox¤Îɽ¼¨
¡¡4.4. Adobe Acrobat Reader DC¤Îɽ¼¨
¡¡4.5. Java JCE SUN¥×¥í¥Ð¥¤¥À¤Îɽ¼¨
¡¡4.6. Java JCE BouncyCastle BC¥×¥í¥Ð¥¤¥À¤Îɽ¼¨
¡¡4.7. OpenSSL¤Îx509 -text¥³¥Þ¥ó¥É¤Ë¤è¤ëɽ¼¨
¡¡4.8. ɽ¼¨·ë²Ì¥µ¥Þ¥ê
5. ÅŻҰÑǤ¾õ¤Î¼±ÊÌ̾¤Ë´Ø¤¹¤ë¹Í»¡
¡¡5.1. °À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ
¡¡5.2. organizationIdentifier°À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ
¡¡5.3. description°À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ
¡¡5.4. OU¤ò»È¤¦»ö¤ÎÀ§Èó¤Ë¤Ä¤¤¤Æ
¡¡5.5. ¤Ç¤Ï¤É¤Î°À­¥¿¥¤¥×¤ò»È¤¦¤Î¤¬Îɤ«¤Ã¤¿¤Î¤«
¡¡5.6. »÷¤¿ÆüËܸìʸ»ú¤ÎÌäÂê
¡¡5.7. ¤½¤Î¾¡¢µ­ºÜÎã¤Ë¤ª¤±¤ëºÙ¤«¤¤²ÝÂê

1. ÅŻҰÑǤ¾õ¤È¤Ï

´û¤Ë¤´Í÷¤Ë¤Ê¤Ã¤Æ¤¤¤ëÊý¤â¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢ 2018ǯ1·î¤«¤é¡ÖÅŻҰÑǤ¾õ¤ÎÉáµÚ¤ÎÂ¥¿Ê¤Ë´Ø¤¹¤ëˡΧ¡ÊÅŻҰÑǤ¾õË¡¡Ë¡×¤¬»Ü¹Ô¤µ¤ì¤Þ¤·¤¿¡£

¤¢¤ëÄøÅ٤ε¬Ìϰʾå¤Î²ñ¼Ò¤Ë¤Ê¤Ã¤Æ¤¯¤ë¤È¡¢·ÀÌó¤ä¹ÔÀ¯¼ê³¤­¤Ê¤É¤Ç¡¢¼ÒŤµ¤ó¼«¤é¤½¤Î¤è¤¦¤Ê»ö̳½èÍý¤ò¤¹¤ë¤³¤È¤Ï¾¯¤Ê¤¤¤È»×¤¤¤Þ¤¹¤¬¡¢IC¥«¡¼¥É»È¤Ã¤ÆÅŻҽð̾¤¹¤ë¤È¤«¸À¤¦¤ÈËܿͤ·¤«°Å¾ÚÈÖ¹æÃΤé¤Ê¤¤¤Ï¤º¤Ê¤Î¤Çº¤¤Ã¤Á¤ã¤¦¤ó¤Ç¤¹¤è¤Í¡£¥Ñ¥½¥³¥ó¶ì¼ê¤Ê¼ÒŤµ¤ó¤À¤È¡¢IC¥«¡¼¥É¤È°Å¾ÚÈÖ¹æËèÅϤ·¤Á¤ã¤Ã¤Æ½èÍý¤ò¤ª´ê¤¤¤·¤¿¤ê¤·¤Æ¤Í¡£
ÅŻҰÑǤ¾õfig1
¤½¤³¤Ç¡¢¼ÒŤµ¤ó¤¬·è¤á¤¿ÂåÍý¤Î¿Í¤ËÂФ·¤Æ¡¢ÅŻҰÑǤ¾õ¤Ê¤ë¥Ç¡¼¥¿¤òÍ¿¤¨¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢¤½¤Î¤è¤¦¤Ê·ÀÌó¤ä¿½ÀÁ¼ê³¤­¤ò¥ª¥Õ¥£¥·¥ã¥ë¤Ë¼ÒŤÎÂåÍý¤Ç¤Ç¤­¤ë¤è¤¦¤Ë¤·¤Æ¡¢ÅŻҲ½¤òÂ¥¿Ê¤·¤è¤¦¤È¤¤¤¦Ë¡Î§¤Ê¤Î¤À¤½¤¦¤Ç¤¹¡£
ÅŻҰÑǤ¾õfig2
IC¥«¡¼¥É¤È°Å¾ÚÈÖ¹æ¤Ï¡¢Ëܿͤ·¤«»È¤¨¤Ê¤¤¤è¤¦¤Ë´ÉÍý¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤È¤¤¤¦¤Î¤¬ÍøÍѤθ¶Â§¤Ê¤ó¤Ç¤¹¤¬¡¢ÅŻҰÑǤ¾õ¤Ë¤è¤Ã¤Æ¡¢¤Á¤ã¤ó¤È¿½ÀÁ¤ä·ÀÌ󤹤ëËÜ¿Í(=ÂåÍý¿Í)¤¬´ÉÍý¤¹¤ëIC¥«¡¼¥É¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ë¤È¤¤¤¦¤Î¤¬¥ß¥½¤«¤È»×¤¤¤Þ¤¹¡£

¤½¤¦¤¤¤¨¤ÐÀèÆü¡¢5·î23Æü¤ËÆüËܥͥåȥ¥¯¥»¥­¥å¥ê¥Æ¥£¶¨²ñ(JNSA)¤ÎÅŻҽð̾WG½Õº×¤ê¡ÖÅŻҽð̾¤ÎÀ¤³¦(SIGN WORLD)¡×¤¬¤¢¤ê¡¢ÊÛ¸î»Î¤ÎµÜÆ⹨ÀèÀ¸¤¬¡Ö¸Ä¿Í¤ÎÅŻҾÚÌÀ½ñ¤ÈË¡¿ÍÌò¿¦¼Ô¤ÎÅŻҾÚÌÀ½ñ ¡¡¡Á°Õ³°¤È»È¤¨¤ëÅŻҰÑǤ¾õË¡¡Á¡×¤È¤¤¤¦¥¿¥¤¥È¥ë¤Ç¤ªÏä·¤·¤Æ¤¯¤À¤µ¤¤¤Þ¤·¤¿¡£ ÅŻҰÑǤ¾õ¤Ë¤Ä¤¤¤Æ¤Ï¡¢°ìÈÖÎɤ¤²òÀ⥹¥é¥¤¥É¤À¤È»×¤¦¤Î¤Ç¤ß¤Ê¤µ¤ó¸«¤ÆÍߤ·¤¤¤ó¤Ç¤¹¤¬¡¢ °ìÈÖ¥¹¥È¥ó¤Èç¥Íî¤Á¤·¤¿¤Î¤¬¤³¤ÎÅŻҾÚÌÀ½ñ¤ÎÈæ³Ó¤Ë´Ø¤¹¤ë¥¹¥é¥¤¥É¤Ç¡¢¥Þ¥¤¥Ê¥ó¥Ð¡¼¥«¡¼¥É¤â¡¢Ç§Äêǧ¾Ú¶È̳¤Î¾ÚÌÀ½ñ¤â¡¢ÆÃÄêǧ¾Ú¶È̳¤Î¾ÚÌÀ½ñ¤â¡¢¾¦¶ÈÅе­¤Î¾ÚÌÀ½ñ¤·¤«¤ê¡¢ÆüËܤÎÅŻҽð̾ˡ¤Ç»È¤¨¤ë¾ÚÌÀ½ñ¤Ï

  • ´ðËÜŪ¤Ë¤Ï²ñ¼Ò¤ÎÂåɽ¼Ô(²ñŤµ¤ó¡¢¼ÒŤµ¤ó)¸þ¤±¤Î¾ÚÌÀ½ñ¤«¡¢
  • ¸Ä¿Í¤Î»á̾¤È½»½ê¾ðÊó¤¬Æþ¤Ã¤Æ¤¤¤ë¾ÚÌÀ½ñ
¤·¤«¡¢»È¤¨¤Ê¤¤¤ó¤Ç¤¹¤è¤Í¡£¥Ó¥¸¥Í¥¹¤À¤È¡¢ÉôŤµ¤ó¤Î¼«Âð½»½ê¤Ê¤ó¤«¤É¤¦¤Ç¤â¤è¤¯¤Æ¡¢Ì¾Á°¤â¾ì¹ç¤Ë¤è¤Ã¤Æ¤ÏɬÍפʤ¯¡¢¤à¤·¤í¸ª½ñ¤­¤Ê¤ó¤«¤ò½ñ¤¤¤Æ¤¤¤¢¤ëÊý¤¬½ÅÍפǤ¹¤è¤Í¡£¤³¤ê¤ã¡¢¤³¤ì¤Þ¤Ç¤Î¾ÚÌÀ½ñ¤Ï¥Ó¥¸¥Í¥¹¤Ç»È¤¤¤Ë¤¯¤¤¤ï¤±¤À¤Ê¤¡¡¢¡¢¡¢¤È¡£¤³¤ì¤È¤Ï°ã¤Ã¤Æ¡¢¾ÊÄ£¤ÎÊý¤Î´±¿¦¾ÚÌÀ½ñ¤Ï̾Á°¤â¡¢½»½ê¤âÆþ¤Ã¤Æ¤¤¤Ê¤¤¤¯¤Æ¡¢¾ÊÄ£¤Î̾Á°¤ÈÌò¿¦¤Ç¡¢»È¤¤¤ä¤¹¤¯¤Ê¤Ã¤Æ¤ë¤Î¤Ë¤Í¡£

ÅŻҰÑǤ¾õ¤Îȯ¹Ô¤Ï¡¢Ã¯¤Ç¤âȯ¹Ô¤Ç¤­¤ë¤ï¤±¤Ç¤Ê¤¯¡¢Ìò½ê¤¬¤¹¤ë¤ï¤±¤Ç¤â¤Ê¤¯¡¢ÅŻҰÑǤ¾õ¼è°·¶È̳¤Î»ñ³Ê¤ò»ý¤ÄÂè»°¼Ô¤Î¥µ¡¼¥Ó¥¹¤¬¤½¤ì¤ò¹Ô¤¦¤³¤È¤Ë¤Ê¤ë¤½¤¦¤Ç¡¢¿½ÀÁ³Îǧ¥×¥í¥»¥¹¤¬Æ±¤¸¤Ê¤Î¤Ç¡¢¹ñÆâ¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤¬Ã´¤¦¤è¤¦¤Ë¤Ê¤ê¤½¤¦¤È¤Î»ö¡£ÅŻҰÑǤ¾õ¤ÏÉáÄ̤ÎPDF(½ð̾)ʸ½ñ¤Î¤è¤¦¤Ê·Á¼°¤â¤¢¤ë¤½¤¦¤Ç¤¹¤¬¡¢X.509¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤Ë¤è¤ë·Á¼°¤â¤¢¤ë¤½¤¦¤Ç¤¹¡£(¥³¥³¡¢¿©¤¤¤Ä¤­½ê¤Ç¤¹¤è¤Ã¡ª¡ª¡ª)

¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ·Á¼°¤ÎÅŻҰÑǤ¾õ¤Ë¤Ä¤¤¤Æ¡¢¤É¤Î¤è¤¦¤Ê¹àÌܤòµ­ºÜ¤¹¤ë¤«¡¢¤¤¤ï¤æ¤ë¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤Ë¤Ä¤¤¤Æ¤Ï¡¢Áí̳¾Ê¤¬È¯¹Ô¤·¤Æ¤¤¤ë»Ø¿Ë¤Î²òÀâ½ñ¤Î25¥Ú¡¼¥¸¤Ëµ­ºÜÎ㤬¤¢¤ê¤Þ¤¹¡£¤³¤Îµ­ºÜÎã¤òºî¤ë»þ¤Ë¡¢Áí̳¾Ê¡¢ÆüËÜÅÅ»Òǧ¾Ú¶É²ñµÄ¡¢ÆüËܥͥåȥ¥¯¥»¥­¥å¥ê¥Æ¥£¶¨²ñ(JNSA) ÅŻҽð̾WG¤¬µÄÏÀ¤¹¤ë²ñ¹ç¤¬¤¢¤ê¤Þ¤·¤Æ¡¢»ä¤â¤¿¤Þ¤¿¤ÞÀ¼¤ò¤«¤±¤Æ失¤Þ¤·¤¿¡£

¤³¤Îµ­ºÜÎã¤Ë¤Ï¡¢´ö¤Ä¤«²ÝÂê¤â¤¢¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¤¬¡¢¤½¤³¤Ï¥¹¥ë¡¼¤·¤Æ¡¢ÅŻҾÚÌÀ½ñÊý¼°¤ÎÅŻҰÑǤ¾õ¤Î¥Ý¥¤¥ó¥È¤Ï°Ê²¼¤«¤È»×¤¤¤Þ¤¹¡£

  • ¼ÒŤµ¤ó¤Ê¤É°ÑǤ¤¹¤ë¦¤Î¿Í(°ÑǤ¼Ô)¤È°ÑǤ¤µ¤ì¤ë¿Í(¼õǤ¼Ô)¤Î¾ðÊó¤ÏsubjectAltName(SAN)¤Ë¡¢ directoryName¤È¤·¤Æµ­ºÜ¤µ¤ì¤ë¡£
  • (SAN)¤ÎdirectoryName¤Î°À­¥¿¥¤¥×¤Ï¡¢ O¡¢OU¡¢CN¡¢ST(stateOrProvince)¡¢L(Locality)¡¢T(title)¡¢description¡¢organizationIdentifier¤¬»È¤ï¤ì¤ë¡£
  • µ­ºÜÆâÍƤξܺ٤ˤĤ¤¤Æ¤Ï¡¢Äê¤á¤é¤ì¤¿¥×¥ê¥Õ¥£¥¯¥¹¤â´Þ¤á¤Æ¡¢¥Ç¥£¥ì¥¯¥È¥ê°À­ÃͤËÀßÄꤷ¤Æ¤¤¤ë¡£Î㤨¤Ð¡¢¼ÒŤµ¤ó¤Ê¤ÉÁÈ¿¥¤ÎÂåɽ¼Ô¤Ë¤Ï¡ÖÁÈ¿¥Âåɽ¼Ô̾¡§¡×¤È¤¤¤¦¥×¥ê¥Õ¥£¥¯¥¹¤ò»È¤Ã¤Æ ¡ÖÁÈ¿¥Âåɽ¼Ô̾¡§»³ÅÄÂÀϺ¡×¤Î¤è¤¦¤ËÀßÄꤷ¤Æ¤¤¤ë¡£

2. ¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤Î¹½Â¤(¤ª¤µ¤é¤¤)

¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤Ï

°À­1¥¿¥¤¥×1=°À­ÃÍ1, °À­1¥¿¥¤¥×2=°À­ÃÍ2, °À­1¥¿¥¤¥×3=°À­ÃÍ3 ...
¤Î¹½Â¤¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£Â°À­¥¿¥¤¥×¤Ï¥ª¥Ö¥¸¥§¥¯¥È¼±ÊÌ»Ò(OID)¤Ç¡¢2.5.4.10¤ß¤¿¤¤¤Ê¤ä¤Ä¡¢Â°À­ÃͤÏASN.1¤Îʸ»úÎ󥿥¤¥×(DirectoryStringType)¤Ë¤Ê¤ê¤Þ¤¹¡£

3. ¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ·Á¼°¤ÎÅŻҰÑǤ¾õ¤Î¥µ¥ó¥×¥ëȯ¹Ô

¼ñÌ£¤Çjsrsasign ¤È¤¤¤¦¡¢JavaScript¥Ù¡¼¥¹¤Î°Å¹æ/PKI¥é¥¤¥Ö¥é¥ê¤ò¸ø³«¤·¤Æ¤¤¤Þ¤¹¤¬¡¢ º£²ó¤ÎÄ´ºº¤Ë¹ç¤ï¤»¤Æ¡¢¤³¤ÎÅŻҰÑǤ¾õ¤ËɬÍפÊÁ´Â°À­¥¿¥¤¥×¤Î¥µ¥Ý¡¼¥È¤òÄɲä·¤Þ¤·¤¿¤Î¤Ç¡¢ ¥µ¥ó¥×¥ë¤ÎCA¥Ú¡¼¥¸ ¤ò»È¤¨¤Ð´Êñ¤ËÅŻҰÑǤ¾õ¤â¤É¤­¤Î¾ÚÌÀ½ñ¤òÀ¸À®¤·¡¢¾ÚÌÀ½ñ¤Îɽ¼¨³Îǧ¤Ê¤É¤Ë »È¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
toolca

ÅŻҰÑǤ¾õ¤Ç¤Ï¼çÂμÔÊÌ̾(subjectAltName)¤ËÆÃħ¤¬¤¢¤ë¤Î¤Ç¡¢ ³Îǧ¤Ç¤Ï¤³¤ì¤Î¤ß¤òÀßÄꤹ¤ì¤Ð¤è¤¯¡¢ ¥¿¥¤¥×¤ò¡ÖDN¡×¤Ë¤·¡¢Ãͤ˰ʲ¼¤ò¥Ú¡¼¥¹¥È¤·¡¢
toolca-san

/organizationIdentifier=JCN1111111111111/O=³ô¼°²ñ¼Ò¥¢¥¤¥Ä¡¼/description=ÁÈ¿¥½êºßÃÏ¡§ÅìµþÅÔ½Âë¶è¿ÀµÜÁ°£³¡Ý£³/description=ÁÈ¿¥Âåɽ¼Ô¸ª½ñ¤­¡§Âåɽ¼èÄùÌò¼ÒĹ/description=ÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡§1972/04/27/description=ÁÈ¿¥Âåɽ¼Ô̾¡§ÎëÌÚ²Ö»Ò/CN=»³ÅÄÂÀϺ/T=¹ØÇãÉôĹ/description=ÉôÌç½êºßÃÏ¡§ÅìµþÅÔ¿·½É¶èÀ¾¿·½É£µ¡Ý£µ/description=ÂåÍý¸¢ÆâÍÆ¡§ÆüËܹñÆâ¤Î1²¯±ß°Ê²¼¤Î¹ØÇã¹Ô°Ù/description=Âåɽ¸¢À©¸Â¡§1²¯±ß°Ê²¼¤ÎȯÃí¹ØÇã
µ¤¤Ë¤Ê¤ë¤Ê¤é¤Ð¡¢¼çÂμÔ̾(subject)¤ò°Ê²¼¤ËÀßÄꤷ¤Þ¤¹¡£
/CN=Taro Yamada/ST=Tokyo/L=Shinjuku-ku Nishi-Shinjuku 5-5
¡ÖIssue Certificate(¾ÚÌÀ½ñȯ¹Ô)¡×¥Ü¥¿¥ó¤ò²¡¤»¤Ð¡¢¾ÚÌÀ½ñ¥Ç¡¼¥¿¤¬À¸À®¤ì¤Þ¤¹¡£ ¾åµ­¤ÎÆþÎϤǤϡ¢¼çÂμÔÊÌ̾¤Î°À­¥¿¥¤¥×¤òÁªÂò¤Ç¤­¤ë¤â¤Î¤Ï°ìÈÌŪ¤ÊOU¤Ç¤Ï¤Ê¤¯¡¢É½¼¨¥Æ¥¹¥È¤Î¤¿¤á¤ËÄÁ¤·¤¤description¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¡£¤Þ¤¿¡¢²òÀâ½ñ¤Ç¤Ï¼çÂμÔ̾¤ÎÅÔÆ»Éܸ©¤ÇS=Tokyo¤Î¤è¤¦¤ËstateOrProvince¤Ï"S="¤ò»È¤Ã¤Æ¤¤¤Þ¤¹¤¬¡¢OpenSSL¤äjsrsasign¤Ç¤Ï"ST="¤ò»È¤¤¤Þ¤¹¡£

¾åµ­¤Î¼çÂμÔÊÌ̾¤ÎÎã¤ò¸«¤ä¤¹¤¤¤è¤¦¤Ë²þ¹Ô¤òÆþ¤ì¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£

/organizationIdentifier=JCN1111111111111 /O=³ô¼°²ñ¼Ò¥¢¥¤¥Ä¡¼ /description=ÁÈ¿¥½êºßÃÏ¡§ÅìµþÅÔ½Âë¶è¿ÀµÜÁ°£³¡Ý£³ /description=ÁÈ¿¥Âåɽ¼Ô¸ª½ñ¤­¡§Âåɽ¼èÄùÌò¼ÒĹ /description=ÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡§1972/04/27 /description=ÁÈ¿¥Âåɽ¼Ô̾¡§ÎëÌÚ²Ö»Ò /CN=»³ÅÄÂÀϺ /T=¹ØÇãÉôĹ /description=ÉôÌç½êºßÃÏ¡§ÅìµþÅÔ¿·½É¶èÀ¾¿·½É£µ¡Ý£µ /description=ÂåÍý¸¢ÆâÍÆ¡§ÆüËܹñÆâ¤Î1²¯±ß°Ê²¼¤Î¹ØÇã¹Ô°Ù /description=Âåɽ¸¢À©¸Â¡§1²¯±ß°Ê²¼¤ÎȯÃí¹ØÇã
Ãͤϡ¢¼«Ê¬¤Î̾Á°¤Ê¤É¡¢¼«Í³¤ËÊѹ¹¤·¤ÆÆþÎϤ·¤Æ¤â¤é¤¨¤ì¤ÐÎɤ¤¤«¤È»×¤¤¤Þ¤¹¡£

4. ÈÆÍѤξÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤Ç¼çÂμÔÊÌ̾¤Îɽ¼¨¤ÏÌäÂê¤Ê¤¤¤«

ÅŻҰÑǤ¾õ¤Ç¥Ç¥¸¥¿¥ë½ð̾¤µ¤ì¤¿¿½ÀÁʸ½ñ¤ä¥Ç¡¼¥¿¤Îɽ¼¨¤Ë¤Ï¡¢ÀìÍÑ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬Ä󶡤µ¤ì¤ë²ÄǽÀ­¤â¹â¤¤¤Ç¤¹¤¬¡¢PDF¤äWord¤Ê¤ÉÈÆÍÑ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥Ç¡¼¥¿¤È¤·¤Æ¸ò´¹¤µ¤ì¤ë¤³¤È¤â¤¢¤ë¤«¤È»×¤¤¤Þ¤¹¡£OS¤ä¥Ö¥é¥¦¥¶¤ËÅëºÜ¤µ¤ì¤Æ¤¤¤ë¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤ÇÅŻҰÑǤ¾õÍѤΥǥ¸¥¿¥ë¾ÚÌÀ½ñ¤òɽ¼¨¤µ¤»¤¿¾ì¹ç¡¢Æä˼çÂμÔÊÌ̾¤Îɽ¼¨¤ËÌäÂ꤬¤Ê¤¤¤«¡¢¤Á¤ç¤Ã¤È¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£

4.1. Windows¤Îɽ¼¨

Windows¤Ç¤Ï°Ê²¼¤Î¤è¤¦¤Êɽ¼¨¤Ë¤Ê¤ê³µ¤ÍÌäÂê¤Ê¤µ¤½¤¦¤Ç¤¹¡£¥¹¥¯¥í¡¼¥ë¤µ¤»¤Ê¤­¤ã¤¤¤±¤Ê¤¤¤Î¤Ç²èÁü¤Ï¾¯¤·Å½¤êÉÕ¤±¤·¤Æ¤Þ¤¹¡£
attorney5_win1merge

4.2. macOS¤Îɽ¼¨

macOS¤Î¥­¡¼¥Á¥§¡¼¥ó¤ò¤Ä¤«¤Ã¤Æ¡¢¾åµ­¤ÎÊýË¡¤ÇºîÀ®¤·¤¿ÅŻҰÑǤ¾õ¾ÚÌÀ½ñ¥µ¥ó¥×¥ë¤Î¼çÂμÔÊÌ̾¤òɽ¼¨¤µ¤»¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
cer-attorney-mac

4.3. Firefox¤Îɽ¼¨

Firefox¤Ç¤Ï°Ê²¼¤Î¤è¤¦¤Êɽ¼¨¤Ë¤Ê¤ê³µ¤ÍÌäÂê¤Ê¤µ¤½¤¦¤Ç¤¹¡£¥¹¥¯¥í¡¼¥ë¤µ¤»¤Ê¤­¤ã¤¤¤±¤Ê¤¤¤Î¤Ç²èÁü¤Ï¾¯¤·Å½¤êÉÕ¤±¤·¤Æ¤Þ¤¹¡£
attorney5-ff1merge

4.4. Adobe Acrobat Reader DC¤Îɽ¼¨

¥Ç¥¸¥¿¥ë½ð̾¤·¤¿PDF¤òºîÀ®¤·¡¢Adobe Acrobat Reader DC¤Çɽ¼¨¤µ¤»¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤Á¤é¤â³µ¤ÍÌäÂꤢ¤ê¤Þ¤»¤ó¡£
attorney5-pdf1

4.5. Java JCE SUN¥×¥í¥Ð¥¤¥À¤Îɽ¼¨

Java JCE¤Çɸ½à¤ÎSUN¥×¥í¥Ð¥¤¥À¤ò»È¤Ã¤Æ¾ÚÌÀ½ñ¤òÆɤ߹þ¤ß¥ª¥Ö¥¸¥§¥¯¥È¤òprintln()¤Çɽ¼¨¤µ¤»¤¿»þ¤Î¡¢¼çÂμÔÊÌ̾Éôʬ¤Îɽ¼¨¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£¤³¤Á¤é¤âÆäËÌäÂê¤Ï¤¢¤ê¤Þ¤»¤ó¡£

[4]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ OID.2.5.4.13="Âåɽ¸¢À©¸Â¡§1²¯±ß°Ê²¼¤ÎȯÃí¹ØÇã ", OID.2.5.4.13=ÂåÍý¸¢ÆâÍÆ¡§ÆüËܹñÆâ¤Î1²¯±ß°Ê²¼¤Î¹ØÇã¹Ô°Ù, OID.2.5.4.13=ÉôÌç½êºßÃÏ¡§ÅìµþÅÔ¿·½É¶èÀ¾¿·½É£µ¡Ý£µ, T=¹ØÇãÉôĹ, CN=»³ÅÄÂÀϺ, OID.2.5.4.13=ÁÈ¿¥Âåɽ¼Ô̾¡§ÎëÌÚ²Ö»Ò, OID.2.5.4.13=ÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡§1972/04/27, OID.2.5.4.13=ÁÈ¿¥Âåɽ¼Ô¸ª½ñ¤­¡§Âåɽ¼èÄùÌò¼ÒĹ, OID.2.5.4.13=ÁÈ¿¥½êºßÃÏ¡§ÅìµþÅÔ½Âë¶è¿ÀµÜÁ°£³¡Ý£³, O=³ô¼°²ñ¼Ò¥¢¥¤¥Ä¡¼, OID.2.5.4.97=JCN1111111111111 ]

4.6. Java JCE BouncyCastle BC¥×¥í¥Ð¥¤¥À¤Îɽ¼¨

Java JCE¤Ç¡¢¥Õ¥ê¡¼¤Çͭ̾¤Ê°Å¹æ¥é¥¤¥Ö¥é¥ê BouncyCastle¤ÎBC¥×¥í¥Ð¥¤¥À¤ò»È¤Ã¤Æ¾ÚÌÀ½ñ¤òÆɤ߹þ¤ß¥ª¥Ö¥¸¥§¥¯¥È¤òprintln()¤Çɽ¼¨¤µ¤»¤¿»þ¤Î¡¢¼çÂμÔÊÌ̾Éôʬ¤Îɽ¼¨¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£ASN.1¥À¥ó¥×¤È¤·¤Æɽ¼¨¤µ¤ì¤ë¤À¤±¤Ç¤¹¤¬¡¢¤³¤Á¤é¤âÆäËÌäÂê¤Ï¤¢¤ê¤Þ¤»¤ó¡£

Tagged [4] DER Sequence DER Set DER Sequence ObjectIdentifier(2.5.4.97) UTF8String(JCN1111111111111) DER Set DER Sequence ObjectIdentifier(2.5.4.10) UTF8String(³ô¼°²ñ¼Ò¥¢¥¤¥Ä¡¼) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÁÈ¿¥½êºßÃÏ¡§ÅìµþÅÔ½Âë¶è¿ÀµÜÁ°£³¡Ý£³) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÁÈ¿¥Âåɽ¼Ô¸ª½ñ¤­¡§Âåɽ¼èÄùÌò¼ÒĹ) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡§1972/04/27) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÁÈ¿¥Âåɽ¼Ô̾¡§ÎëÌÚ²Ö»Ò) DER Set DER Sequence ObjectIdentifier(2.5.4.3) UTF8String(»³ÅÄÂÀϺ) DER Set DER Sequence ObjectIdentifier(2.5.4.12) UTF8String(¹ØÇãÉôĹ) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÉôÌç½êºßÃÏ¡§ÅìµþÅÔ¿·½É¶èÀ¾¿·½É£µ¡Ý£µ) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÂåÍý¸¢ÆâÍÆ¡§ÆüËܹñÆâ¤Î1²¯±ß°Ê²¼¤Î¹ØÇã¹Ô°Ù) DER Set DER Sequence ObjectIdentifier(2.5.4.13) UTF8String(Âåɽ¸¢À©¸Â¡§1²¯±ß°Ê²¼¤ÎȯÃí¹ØÇã )

4.7. OpenSSL¤Îx509 -text¥³¥Þ¥ó¥É¤Ë¤è¤ëɽ¼¨

OpenSSL¤Î°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ç¾ÚÌÀ½ñ¾ðÊó¤òɽ¼¨¤µ¤»¤¿¾ì¹ç¡¢

% openssl x509 -in aaa.cer -noout -text
·ë²Ì¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
X509v3 Subject Alternative Name: DirName: /2.5.4.97=JCN1111111111111 /O=\\xE6\\xA0\\xAA\\xE5\\xBC\\x8F\\xE4\\xBC\\x9A\\xE7\\xA4\\xBE \\xE3\\x82\\xA2\\xE3\\x82\\xA4\\xE3\\x83\\x84\\xE3\\x83\\xBC
ÆüËܸìÉôʬ¤Ï16¿Ê¿ôɽ¼¨¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£

4.8. ɽ¼¨·ë²Ì¥µ¥Þ¥ê

Ä´ºº¤·¤¿Ê£¿ô¤ÎÈÆÍÑ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë¤ª¤¤¤Æ¡¢¾ÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤ÇÅŻҰÑǤ¾õ¤Î¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤òɽ¼¨¤·¤¿·ë²Ì¤Î¤Þ¤È¤á¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£ÌäÂê¤Î¤¢¤ë²Õ½ê¤òÀַϤΥ»¥ë¤Ë¤·¤Æ¤¤¤Þ¤¹¡£

macOS Windows Firefox Acrobat Java SUN Java BC OpenSSL
Æɤ߹þ¤ß ÌäÂê¤Ê¤· ÌäÂê¤Ê¤· ÌäÂê¤Ê¤· ÌäÂê¤Ê¤· ÌäÂê¤Ê¤· ÌäÂê¤Ê¤· ÌäÂê¤Ê¤·
ɽ¼¨Êø¤ì ¤Ê¤· ¤Ê¤· ¤Ê¤· ¤Ê¤· ¤Ê¤· ¤Ê¤· ¤¢¤ê(¢¨1)
stateOrProvince(ST)°À­É½¼¨ ÅÔÆ»Éܸ©/½£ S=(¢¨2) ST= st= ST= OID¤Þ¤Þ ST=
locality(L)°À­É½¼¨ ½êºßÃÏ L= L= l= L= OID¤Þ¤Þ L=
organization(O)°À­É½¼¨ ÁÈ¿¥ O= O= o= O= OID¤Þ¤Þ O=
organizationalUnit(OU)°À­É½¼¨ Éô½ð OU= OU= ou= OU= OID¤Þ¤Þ OU=
commonName(CN)°À­É½¼¨ Ä̾ΠCN= CN= cn= CN= OID¤Þ¤Þ CN=
description°À­É½¼¨ ÀâÌÀ Description= OID¤Þ¤Þ OID¤Þ¤Þ OID¤Þ¤Þ OID¤Þ¤Þ description=
title(T)°À­É½¼¨ ¥¿¥¤¥È¥ë T= OID¤Þ¤Þ title= T= OID¤Þ¤Þ title=
organizationIdentifier°À­É½¼¨ ¤½¤Î¾̾Á°(¢¨9) OID¤Þ¤Þ(¢¨3) OID¤Þ¤Þ(¢¨4) OID¤Þ¤Þ(¢¨5) OID¤Þ¤Þ(¢¨6) OID¤Þ¤Þ(¢¨7) OID¤Þ¤Þ(¢¨8)
¢¨1¡§OpenSSL¥³¥Þ¥ó¥É¤Ç¤ÏSAN¤ÎÁ´¤Æ¤ÎRDN¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡£ÆüËܸì°À­Ãͤ¬16¿Ê¿ôɽµ­¤Ç²ÄÆÉÀ­¤¬¤Ê¤¤¡£
¢¨2¡§Wiindows¤Î¤ßstateOrProvince¤ò"S="¤Î¤è¤¦¤Ë¾Êάɽµ­¤¹¤ë¡£
¢¨3¡§Windows¤ÎOIDɽµ­Îã¡ÖOID.2.5.4.97=ÃÍ¡×
¢¨4¡§Firefox¤ÎOIDɽµ­Îã¡ÖObject Identifier (2 5 4 13) = ÃÍ¡×
¢¨5¡§Adobe Acrobat Reader DC¤ÎOIDɽµ­Îã¡Ö2.5.4.13=ÃÍ¡×
¢¨6¡§Java JCE SUN¥×¥í¥Ð¥¤¥À¡¼¤ÎOIDɽµ­Îã¡ÖOID.2.5.4.97=ÃÍ¡×
¢¨7¡§Java JCE BC¥×¥í¥Ð¥¤¥À¡¼¤ÎOIDɽµ­Îã¡ÖDER Sequence ObjectIdentifier(2.5.4.13) UTF8String(ÃÍ)¡×
¢¨8¡§OpenSSL¤ÎOIDɽµ­Îã¡Ö2.5.4.97=ÃÍ¡×
¢¨9¡§macOS¤Ç¤Ï¡Ö¤½¤Î¾̾Á°¡×¤È¤Ê¤ê¸µOID¤¬²¿¤Ç¤¢¤Ã¤¿¤«¾ðÊó¤¬Ìµ¤¯¤Ê¤ë¡£

5. ÅŻҰÑǤ¾õ¤Î¼±ÊÌ̾¤Ë´Ø¤¹¤ë¹Í»¡

²òÀâ½ñ¤Ë´ð¤¤¤Æ¥µ¥ó¥×¥ë¤ÎÅŻҰÑǤ¾õ¤òȯ¹Ô¤·¤Æ¤ß¤Þ¤·¤¿¤¬¡¢¼çÂμÔ̾¡¢¼çÂμÔÊÌ̾¤Ë¤ª¤±¤ë²ÝÂê¤Ë¤Ä¤¤¤Æ¹Í»¡¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

5.1. °À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ

¼çÂμÔ̾(subject)¤ä¼çÂμÔÊÌ̾(subjectAltName)¤Î¼±ÊÌ̾¤Ë¤ª¤¤¤Æ¡¢ °À­¥¿¥¤¥×¤ÏITU-T X.509¤È¤·¤Æ¤Ï²¿¤Ç¤â¹½¤ï¤Ê¤¤¤¬¡¢ ɸ½àŪ¤Ê¤â¤Î¤ÏITU-T X.520¤ÇÄêµÁ¤µ¤ì¤Æ¤¤¤Æ¡¢ X.500 attirube types¤Î°ìÍ÷¤Ï¤³¤³¤Ç¤â¸«¤é¤ì¤Þ¤¹¡£ ¤¿¤À¡¢ITU-T X.520¤Ç¤Ï¡¢X.500¥Ç¥£¥ì¥¯¥È¥ê¤äLDAP¤Ç»ÈÍѲÄǽ¤Ê °À­¥¿¥¤¥×¤¬Á´¤Æ´Þ¤Þ¤ì¤Æ¤¤¤Æ¡¢Î㤨¤ÐLDAP¥¨¥ó¥È¥ê¤È¤·¤Æ¡¢ ¥æ¡¼¥¶¡¼¤Î¥Ñ¥¹¥ï¡¼¥É¤ò³ÊǼ¤¹¤ë id-at-userPassword°À­¤ä¡¢ CA¾ÚÌÀ½ñ¤ò³ÊǼ¤¹¤ë id-at-cACertificate °À­¤¬ÄêµÁ¤µ¤ì¤Æ¤¤¤¿¤È¤·¤Æ¤â¡¢ ¾ÚÌÀ½ñ¤Ç¤³¤Î°À­¥¿¥¤¥×¤ò»È¤¦¤³¤È¤Ï¾ï¼±Åª¤Ë¤Ê¤¤¤Ç¤·¤ç¤¦¡£

¤½¤³¤Ç¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ç¾ÚÌÀ½ñ¤ò´Þ¤à¥Ç¡¼¥¿¤ò¸ò´¹¤¹¤ë¾ì¹ç¤Î¤¿¤á¤Ë¡¢ ITU-T X.509¤Ç¤Ï¡¢ÁªÂò»è¤¬¹­¤¹¤®¤Æº¤¤Ã¤Æ¤¤¤¿¤â¤Î¤ò¡¢ ÍøÍѲÄǽ¤Ê¥ª¥×¥·¥ç¥ó¤òÀ©¸Â¤¹¤ë¤¿¤á¤Î¥×¥í¥Õ¥¡¥¤¥ë¤ò RFC 5280¤È¤·¤Æ ÄêµÁ¤·¤Æ¤¤¤Þ¤¹¡£

°À­¥¿¥¤¥×¤Ë´Ø¤¹¤ëµ­½Ò¤Ï¡¢ 4.1.2.4Àá ȯ¹Ô¼Ô(Issuer)¤ÎÀá¤Ë½ñ¤«¤ì¤Æ¤ª¤ê¡¢ ¤³¤ì¤ÈƱ¤¸¥ë¡¼¥ë¤¬¼çÂμÔ̾¡¢¼çÂμÔÊÌ̾¤Ë¤âŬÍѤµ¤ì¤Þ¤¹¡£ ¥ë¡¼¥È¤·¤Æ¤Ï¡¢¼ÂÁõ¤¬½èÍý¤Þ¤¿¤Ï¼õÍý¤Ç¤­¤ë°À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ½Ò¤Ù¤é¤ì¤Æ¤¤¤Þ¤¹¡£

  • C¡¢O¡¢OU¡¢distinguishedNameQualifier¡¢ST¡¢CN¡¢serialNumber¡¢DC¤Ï¼õÍý¤Ç¤­¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤(MUST)¡£
  • L¡¢T¡¢surname¡¢givenName¡¢initials¡¢pseudonym¡¢generationQualifier¤Ï¼õÍý¤Ç¤­¤ë¤Ù¤­¤Ç¤¢¤ë(SHOULD)¡£
¤³¤ì¤é¤Ë¤Ê¤¤Â°À­¥¿¥¤¥×¤¬Á´¤¯»È¤ï¤ì¤Ê¤¤¤ï¤±¤Ç¤Ï¤Ê¤¯¡¢Î㤨¤ÐEV¾ÚÌÀ½ñ¤ÇjurisdictionOfIncorporationC(ÅÐÏ¿´É³í¹ñ)¤Ê¤É¤Î°À­¤¬»È¤ï¤ì¤Æ¤¤¤ë¤¬¡¢Ê̤Υ¬¥¤¥É¤äɸ½à¤Çµ¬Äꤷ¤Ê¤¤¸Â¤ê¤Ï¡¢¾åµ­°Ê³°¤Î°À­¥¿¥¤¥×¤ò»È¤Ã¤Æ¡¢¥×¥í¥°¥é¥à¤¬°Û¾ï½ªÎ»¤·¤¿¤ê¡¢¥¨¥é¡¼¤¬È¯À¸¤·¤¿¤È¤·¤Æ¤âʸ¶ç¤Ï¸À¤¨¤Ê¤¤¤ï¤±¤Ç¤¹¡£Áê¸ß±¿ÍÑÀ­¤ÎÌäÂ꤬ȯÀ¸¤¹¤ë¤Î¤Ç¡¢RFC 5280¤Çµ­ºÜ¤µ¤ì¤¿Â°À­¥¿¥¤¥×¤ò»È¤¦Êý¤¬°Â¿´¤«¤È»×¤¤¤Þ¤¹¡£

5.2. organizationIdentifier°À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ

organizationIdentifier°À­¥¿¥¤¥×¤Ï¡¢°ìÈ̤ˤϴë¶È¤äÁÈ¿¥¤ÎÈÖ¹æ¤òɽ¤¹¤¿¤á¤ËÍѤ¤¤é¤ì¡¢ÅŻҰÑǤ¾õ¤Ç¤Ï¡Ö¹ñÀÇÄ£¤¬»ØÄꤹ¤ëË¡¿ÍÈÖ¹æ¡×¤òµ­ºÜ¤¹¤ë¤È¤·¤Æ¤¤¤Þ¤¹¡£²¤½£¤Î¹ṉ̃ID¤Ç¤¢¤ëeIDASµ¬Â§¤ÎÅŻҾÚÌÀ½ñ¤Ç¤â¡¢organizationIdentifier¤¬»È¤ï¤ì¤Æ¤ª¤ê¡¢½ù¡¹¤Ë¿»Æ©¤·¤Æ¤¤¤¯¤Ç¤¢¤í¤¦Â°À­¤Ç¤Ï¤¢¤ê¤Þ¤¹¤¬¡¢

  • 5.1Àá¤Ç½Ò¤Ù¤¿Ä̤ꡢRFC 5280¤Ë¤Ï̵¤¤Â°À­¤Ç¤¢¤ê
  • 4.8Àá¤ÎÈÆÍѾÚÌÀ½ñ¥Ó¥å¡¼¥¢¡¼¤Ç¤âɽ¼¨¤µ¤ì¤Ê¤¤Â°À­¥¿¥¤¥×¤Ç¤¢¤ë
  • ¾¤Î¤Û¤È¤ó¤É¤Î°À­¤Ç¤Ï¡¢¡ÖÂåÍý¸¢ÆâÍÆ¡§¡×¤Î¤è¤¦¤Ê¥×¥ê¥Õ¥£¥¯¥¹¤ò»È¤Ã¤¿É½µ­¤Ë¤·¤Æ¤¤¤ë
¤Ê¤É¤Î»ö¤«¤é¡¢¤³¤Î°À­¤À¤±¤ò¡¢ÌµÍý¤Ë¸·³Ê¤ËorganizationIdentifier¤ò»È¤¦É¬Íפâ¤Ê¤«¤Ã¤¿¤Î¤Ç¤Ï¤Ê¤¤¤«¤È¤¤¤¦µ¤¤¬¤·¤Þ¤¹¡£

5.3. description°À­¥¿¥¤¥×¤Ë¤Ä¤¤¤Æ

ÅŻҰÑǤ¾õ¤Î¼çÂμÔÊÌ̾(subjectAltName)¤Ëµ­ºÜ¤µ¤ì¤ë¿¤¯¤Î°À­¤Ï¡¢ description(2.5.4.13) ¤â¤·¤¯¤Ï organizationName(2.5.4.10)¤Î¤¤¤º¤ì¤«¤Î°À­¥¿¥¤¥×¤òÍѤ¤¡¢ ¡ÖÂåÍý¸¢ÆâÍÆ¡§¡×¤Î¤è¤¦¤Ê¥×¥ê¥Õ¥£¥Ã¥¯¥¹¤òÃͤ˴ޤá¤Æµ­ºÜ¤¹¤ë¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£ »ä¤Ï¡¢ÍÍ¡¹¤ÊÊѤï¤Ã¤¿X.509¾ÚÌÀ½ñ¤ò¼ý½¸¤¹¤ë¤Î¤¬¼ñÌ£¤Ç¡¢ ¤¤¤í¤ó¤Ê¾ÚÌÀ½ñ¤ò¤³¤ì¤Þ¤Ç¸«¤Æ¤­¤Þ¤·¤¿¤¬¡¢¼±ÊÌ̾¤Ëdescription°À­¥¿¥¤¥×¤ò»ÈÍѤ·¤¿ ¾ÚÌÀ½ñ¤ò¸«¤¿¤³¤È¤¬¤¢¤ê¤Þ¤»¤ó¡£ description¤Ï°ìÈ̤ˤϡ¢LDAP¤Ê¤É¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤ª¤¤¤Æ¡¢ ¤¢¤ë¥¨¥ó¥È¥ê¤ÎÊä­¾ðÊó¤äÈ÷¹Í¾ðÊó¤ò¥á¥âŪ¤Ëµ­ºÜ¤¹¤ë¤¿¤á¤ËÍѤ¤¤ë¤Î¤¬ °ìÈÌŪ¤Ê»ÈÍÑË¡¤«¤È»×¤¤¤Þ¤¹¡£ Áê¸ß±¿ÍÑÀ­¤Î´ÑÅÀ¤«¤é¡¢¤¢¤Þ¤ê»ÈÍѤ·¤Ê¤¤Êý¤¬Îɤ«¤Ã¤¿¤Î¤Ç¤Ï¤Ê¤¤¤«¤È¹Í¤¨¤Þ¤¹¡£ ³¤³°¤ÎPKIÍ­¼±¼Ô¤â¡ÖÆüËܤϥإó¤Ê»ö¤ä¤Ã¤Á¤ã¤Ã¤Æ¤ë¤Ê¤¡¡¢¡¢¡¢¡×¤È¹Í¤¨¤ë¤ó¤¸¤ã¤Ê¤¤¤«¤È»×¤¤¤Þ¤¹¡£

5.4. OU¤ò»È¤¦»ö¤ÎÀ§Èó¤Ë¤Ä¤¤¤Æ

Á°½Ò¤Î¤è¤¦¤ËÅŻҰÑǤ¾õ¤Î¿¤¯¤Î°À­¤Ç¤Ï¡¢ ¤½¤Î°À­¤¬Ëܿͤ˵¢Â°¤¹¤ë¤â¤Î¤«¡¢ ÁÈ¿¥¤Ëµ¢Â°¤¹¤ë¤â¤Î¤«¤Ë´Ø¤ï¤é¤º¡¢ ¼±ÊÌ̾¤Î°À­¥¿¥¤¥×¤¬OU¤â¤·¤¯¤Ïdescription¤Î ¤¤¤º¤ì¤«¤ò»È¤¦¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

°ìÈ̤ˡ¢OU¤Ï¿Í»öÉô¡¢Áí̳Éô¡¢³«È¯Éô¡¢ºÎÍѲݤȤ¤¤Ã¤¿ Éô½ð̾¤òɽ¤¹¤¿¤á¤Î°À­¤Ç¤¹¤Î¤Ç¡¢ ¼çÂμԤËɳ¤Å¤¯»¨Â¿¤Ê°À­ ¤òµ­ºÜ¤¹¤ë¤¿¤á¤Î¤Õ¤µ¤ï¤·¤¤Â°À­¥¿¥¤¥×¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£ OU¤ò»È¤Ã¤¿¾ì¹ç¤Ë¡¢Æä˰ãÏ´¶¤¬¤¢¤ëÅŻҰÑǤ¾õ¤Î°À­¤Ï¡¢ °Ê²¼¤Î¤È¤³¤í¤«¤È»×¤¤¤Þ¤¹¡£

  • °ÑǤ¼Ô¤¹¤ë¦¤ÎË¡¿Í¤Î¾¦¶ÈÅе­¤Ë¤ª¤±¤ëËÜŹ½êºßÃÏ¡§(Îã)OU=ÁÈ¿¥½êºßÃÏ¡§ËÜÄ®£³¡Ý£³
  • °ÑǤ¼Ô¤¹¤ë¦¤ÎË¡¿ÍÂåɽ¼Ô¤Î¸ª½ñ¤­¡§(Îã)OU=ÁÈ¿¥Âåɽ¼Ô¸ª½ñ¤­¡§Âåɽ¼èÄùÌò¼ÒĹ
  • °ÑǤ¼Ô¤¹¤ë¦¤ÎË¡¿ÍÂåɽ¼Ô̾¡§(Îã)OU=ÁÈ¿¥Âåɽ¼Ô̾¡§»³ÅÄÂÀϺ
  • °ÑǤ¼Ô¤¹¤ë¦¤¬¸Ä¿Í»ö¶È¼ç¤Î¾ì¹ç¡¢¤½¤ÎÀ¸Ç¯·îÆü¡§(Îã)OU=ÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡§1970/04/01
¼çÂμԤΰÀ­¤Ç¤¢¤ì¤Ð¡¢CN(commonName)¤ò»È¤¦¤Ù¤­¤À¤Ã¤¿¤Î¤Ç¤Ï¤È»×¤¤¤Þ¤¹¡£

5.5. ¤Ç¤Ï¤É¤Î°À­¥¿¥¤¥×¤ò»È¤¦¤Î¤¬Îɤ«¤Ã¤¿¤Î¤«

°Ê¾å¤Ç¼¨¤·¤Æ¤­¤¿¤è¤¦¤Ë¡¢

  • description°À­¥¿¥¤¥×¤ÎÍøÍѤϡ¢²áµî¤Ë»ÈÍÑÎ㤬¸«Åö¤¿¤é¤ºÁê¸ß±¿ÍÑÀ­¤Î´ÑÅÀ¤«¤é¤âÌäÂ꤬¤¢¤ë¤Î¤Ç¤Ï¤Ê¤¤¤«¡£
  • OU°À­¥¿¥¤¥×¤ÎÍøÍѤÏËÜÍè¡¢Éô½ð̾¤òɽ¤¹Â°À­¤Ç¤¢¤ë¤¿¤áŬÀڤǤϤʤ¤¤Î¤Ç¤Ï¤Ê¤¤¤«¡£
¤¤¤º¤ì¤â¡¢Â¿¾¯¤Ê¤ê¤È¤âÌäÂ꤬¤¢¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£ ¼çÂμԸĿͤ˵¢Â°¤¹¤ë°À­¤ÏcommonName(CN)¤ò»ÈÍѤ¹¤ë¤Î¤¬Îɤ«¤Ã¤¿¤Î¤Ç¤Ï¤Ê¤¤¤«¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£

EV¾ÚÌÀ½ñ¤Î¤è¤¦¤Ë¡¢¸Ä¡¹¤Î°À­¤ËÂФ·¡¢¸ÄÊ̤ΰÀ­¥¿¥¤¥×¡¢Î㤨¤Ð¡ÖÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡×¤ËÂФ·¤Æ¡Ö0.2.440.100145...23¡×¤òÄêµÁ¤¹¤ëÊýË¡¤â¤¢¤Ã¤¿¤ï¤±¤Ç¤¹¤¬¡¢¤½¤Î¤è¤¦¤ÊÆüì¤Ê°À­¤ÏÈÆÍѤξÚÌÀ½ñ¥Ó¥å¡¼¥ï¡¼¤Ç¤Ïɽ¼¨¤µ¤ì¤º»ëǧÀ­¤¬°­¤¤¤Î¤Ç¡¢description¤äOU¤ò»È¤¤¡¢¡ÖÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¡§¡×¤Î¤è¤¦¤Ê¥×¥ê¥Õ¥£¥¯¥¹¤òÍѤ¤¤Æɽµ­¤¹¤ë¤Î¤Ï¡¢¤½¤ì¤Û¤É°­¤¯¤Ê¤¤ÊýË¡¤À¤Ã¤¿¤Î¤«¤Ê¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£

5.6. »÷¤¿ÆüËܸìʸ»ú¤ÎÌäÂê

¥×¥ê¥Õ¥£¥¯¥¹¤Ë¡ÖÁÈ¿¥½êºßÃÏ¡§¡×¤Î¤è¤¦¤Ë¥³¥í¥ó¡Ö¡§¡×¤¬»È¤ï¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢ ²òÀâ½ñ¤Î¥Ú¡¼¥¸¤Ç¤ÏÁ´³Ñʸ»ú¤ò»È¤¦»ö¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£É½µ­¤ÎÍɤ餮¤¬¤Ê¤¤¤è¤¦¤Ë¡¢¥×¥ê¥Õ¥£¥¯¥¹¤ÏUTF-8¤Ç¤É¤Î¤è¤¦¤Ê¥Ð¥¤¥ÈÎó(¥ª¥¯¥Æ¥Ã¥ÈÎó)¤Ë¤Ê¤ë¤Î¤«¡¢ÌÀµ­¤·¤Æ¤ª¤¯¤Î¤¬Îɤ¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

¤Þ¤¿¡¢¤¢¤ëʸ»ú¤È°Û¤Ê¤ëʸ»ú¡¢Èó¾ï¤Ë¤Ë¤¿·Á¤Îʸ»ú¤¬¥Ð¥¤¥ÈÎó¾å(=Unicode¥³¡¼¥É¥Ý¥¤¥ó¥È¾å)Ê̤Îʸ»ú¤Ë¤µ¤ì¤Æ¤·¤Þ¤¦¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤ò¹¶·â¤Ë»È¤Ã¤¿¾ì¹ç¥Û¥â¥°¥é¥Õ¹¶·â¤È¸Æ¤Ð¤ì¤Æ¤ª¤ê¡¢¤³¤ì¤òÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Îȯ¹Ô¤Ë»È¤ï¤ì¤Æ¤·¤Þ¤¦¤«¤â¤·¤ì¤Þ¤»¤ó¡£Î㤨¤Ð¡¢²¼¤Î¡ÖÆü¡×ʸ»ú¤Ï·Á¤¬»÷¤Æ¤¤¤Þ¤¹¤¬Ê̤Îʸ»ú¤Ç¤¹¡£

ÆüÌî»Ô (Æü=U+65E5 Àµ¤·¤¤)
Û©Ìî»Ô (Û©=U+66F0)

ÆüËÜ¡¢Ãæ¹ñ¡¢´Ú¹ñ¤Ç»È¤ï¤ì¤ëʸ»ú¤Ç¤³¤Î¤è¤¦¤Ê»÷¤¿¤è¤¦¤Ê·Á¤Ç¡¢°Û¤Ê¤ëʸ»ú¤Ï¤¢¤ë¤è¤¦¤Ç¡¢ÅŻҰÑǤ¾õ¤Ë¤ª¤¤¤Æ¤Ï²òÀâ½ñÊÌɽ¤Ë

ÆüËܸì¤Çµ­ºÜ¤¹¤ë¾ì¹ç¡¢JISÂ裱¿å½à¡¦Â裲¿å½à¡¢Êä½õ´Á»ú°Ê³°¤Îʸ»ú¤Ï¡¢ÂåÂØʸ»ú¤ËÊÑ´¹¤¹¤ë¤³¤È¡£¤³¤Î¤È¤­¡¢ÂåÂØʸ»ú»ÅÍÍ°ÌÃÖ¾ðÊó¤ò¾ÚÌÀ½ñ¤ËÉÕÍ¿¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤·¤¤¡£
¤Èµ­ºÜ¤µ¤ì¤Æ¤ª¤ê¡¢¾åµ­¤Î¡ÖÆü¡×¤âÀµ¤·¤¤¡ÖÆü¡×¤ÇÅý°ì¤µ¤ì¤ë¤è¤¦¤ËÂåÂØʸ»ú¤ÎÊÑ´¹¾ðÊó¤¬Ä󶡤µ¤ì¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£Ç§¾Ú¶É¤Ï¡ÖJISÂ裱¿å½à¡¦Â裲¿å½à¡¢Êä½õ´Á»ú¡×¤ÎÈÏ°ÏÆâ¤Ç¤¢¤ë¤«¤Î³Îǧ¤¬É¬Íפˤʤê¤Þ¤¹¤Í¡£

¥¢¥Ñ¡¼¥È¤ä¥Þ¥ó¥·¥ç¥ó¤Î̾¾Î¤Ç¥í¡¼¥Þ¿ô»ú(IVÅù)¤¬»È¤ï¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¤¬¡¢¤³¤ì¤Ï³ÈÄ¥´Á»ú¤È¤Ê¤ë¤Î¤ÇÃí°Õ¤¬É¬Íפǡ¢¥¢¥ë¥Õ¥¡¥Ù¥Ã¥È¤Çɽµ­¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£(¡ÖI¡×+¡ÖV¡×=¡ÖIV(Æóʸ»ú)¡×)

5.7. ¤½¤Î¾¡¢µ­ºÜÎã¤Ë¤ª¤±¤ëºÙ¤«¤¤²ÝÂê

²òÀâ½ñÊÌɽ¤Îµ­ºÜÎã¤Ç¡¢Â¾¤Ë¾¯¤·µ¤¤Ë¤Ê¤Ã¤¿¤È¤³¤í¤ò¤Þ¤È¤á¤Æ¤ª¤­¤Þ¤¹¡£

  • CRLDistributionPoints¤Îµ­ºÜÎ㤬CRL¤ò»²¾È¤·¤Æ¤ª¤é¤ºHTML¤Ø¤ÎURL¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£*.crl ¤Î¤è¤¦¤ËÀµ¤·¤¤³ÈÄ¥»Ò¤Ë¤¹¤ë¤Î¤¬Îɤ¤¤«¤È»×¤¤¤Þ¤¹¡£
  • ÁÈ¿¥Âåɽ¼ÔÀ¸Ç¯·îÆü¤¬¡Öyyyy/mm/dd¡×¤È¤Ê¤Ã¤Æ¤¤¤ë¤¬¡¢¥¹¥é¥Ã¥·¥å"/"¤ÏOpenSSL¤Ç¤Î¥Ç¥£¥ì¥¯¥È¥ê̾ɽµ­¤ÈÁêÀ­¤¬°­¤¤¤Î¤Ç̵¤¤Êý¤¬¤è¤«¤Ã¤¿¤Ç¤·¤ç¤¦¡£
  • µ­ºÜÎã¤Ï¡¢¤É¤³¤Ë²¿¤¬µ­ºÜ¤µ¤ì¤Æ¤¤¤ë¤Î¤«¥Ð¥é¥Ð¥é¤Ç¸«¿É¤¯¡¢¤Á¤ã¤ó¤È¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤Î¹½Â¤¤Çµ­ºÜ¤¹¤ë¤Î¤¬Îɤ«¤Ã¤¿¤«¤Ê¤È»×¤¤¤Þ¤¹¡£°ìÉô¡¢¥¢¥ë¥´¥ê¥º¥à¤ä¥·¥ê¥¢¥ë¤Ê¤É¥×¥í¥Õ¥¡¥¤¥ë¤Î¤ß¤Ëµ­ºÜ¤¹¤Ù¤­¾ðÊó¤âµ­ºÜ¤µ¤ì¤Æ¤ª¤ê¡¢º®Í𤷤䤹¤¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£°Ê²¼¤Î¤è¤¦¤Ê¥×¥í¥Õ¥¡¥¤¥ë¤Î´ðËܹ½Â¤¤ò¼¨¤¹¤È¤ï¤«¤ê¤ä¤¹¤«¤Ã¤¿¤«¤È»×¤¤¤Þ¤¹¡£
    ¥Õ¥£¡¼¥ë¥É/³Èĥ̾ÆâÍÆ
    ȯ¹Ô¼Ô̾ ÅŻҰÑǤ¾õ¼è°·¥µ¡¼¥Ó¥¹(=ȯ¹Ô¼Ô)¤Î±Ñ¸ì̾¾Î
    Í­¸ú´ü´Ö °ÑǤ¤µ¤ì¤ë´ü´Ö
    ¼çÂμÔ̾ (ÉôŤµ¤óÅù)¼õǤ¼Ô¤Ë´Ø¤¹¤ë¼çÍפʱѸì¾ðÊó(»á̾¡¢½êºßÃÏÅù)
    ȯ¹Ô¼ÔÊÌ̾ ÅŻҰÑǤ¾õ¼è°·¥µ¡¼¥Ó¥¹(=ȯ¹Ô¼Ô)¤ÎÆüËܸì̾¾Î
    ¼çÂμÔÊÌ̾ ¡¦(ÉôŤµ¤óÅù)¼õǤ¼Ô¤Ë´Ø¤¹¤ëÆüËܸì¤Î¾ðÊó
    ¡¦(¼ÒŤµ¤óÅù)°ÑǤ¼Ô¤Ë´Ø¤¹¤ëÆüËܸì¤Î¾ðÊó
    ¡¦(ÉôŤµ¤ó¤Î¸¢¸ÂÈÏ°ÏÅù)ÂåÍý¸¢¤Î¾ðÊó

¤Ê¤ó¤«¡¢Ä¹¡¹¤È¼è¤êα¤á¤â¤Ê¤¤Ïäò½ñ¤¤¤Á¤ã¤Ã¤Æ¤´¤á¤ó¤Ê¤µ¤¤¤Í¡£

Gmail¥¢¥«¥¦¥ó¥È¤ÇS/MIME ½ð̾/°Å¹æ¥á¡¼¥ë¤ò»È¤¦(¤½¤Î1 iOSɸ½à¥á¡¼¥é¡¼ÊÔ)

¤È¤¢¤ëƿ̾¤Î¿Â»Î¤¬¤´¸ü°Õ¤Ç¡¢JCAN¤ÎS/MIME¾ÚÌÀ½ñ¤ò¤ï¤¿¤·¤ÎGmail¤Î¥¢¥É¥ì¥¹¤Ëȯ¹Ô¤·¤Æ¤¯¤À¤µ¤ê¡¢iOS¤Îɸ½à¥á¡¼¥é¡¼¤ÎGmail¥¢¥«¥¦¥ó¥È¤«¤éS/MIME½ð̾/°Å¹æ¥á¡¼¥ë¤¬Á÷¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£ docomo¥¢¥«¥¦¥ó¥È¤Î¥á¡¼¥ë¤ÏS/MIME»È¤¨¤Ê¤¤¤Î¤ÇÅϤê¤ËÁ¥¤Ç¤·¤¿¡£(ƿ̾¤Î½Ê½÷¤«¤é¤¤¤¿¤À¤¤¤Æ¤¤¤¿S/MIME¾ÚÌÀ½ñ¤Ï¤È¤Ã¤¯¤Ë´ü¸ÂÀÚ¤ì¤Ë¤Ê¤êº¤¤Ã¤Æ¤¤¤Þ¤·¤¿¡£)

¡Ö¥Ö¥í¥°¤Ë½ñ¤¤¤Æ²¼¤µ¤¤¤è¡Á¡Á¡Á¡×¤È¤½¤Î¿Â»Î¤Ë¸À¤ï¤ì¤Æ¤¤¤¿¤Î¤Ç¡¢¤Á¤ç¤Ã¤È½ñ¤¤¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¤³¤³¤Ë½ñ¤¤¤Æ¤¢¤ë¤Î¤Ï¡¢JCAN¾ÚÌÀ½ñ¤Ë¸Â¤Ã¤¿ÏäǤϤʤ¤¤Î¤Ç¡¢iOSɸ½à¥á¡¼¥é¡¼¤ÎǤ°Õ¤Î¥¢¥«¥¦¥ó¥È¸þ¤±¤Î¾ÚÌÀ½ñ¤Ç»È¤¨¤ëÏäǤ¹¡£¸½»þÅÀ¤ÇºÇ¿·¤ÎiOS 10.3.2¤Ç»î¤·¤Þ¤·¤¿¡£

­¡¤Þ¤º¤Ï¼«Ê¬¤ÎS/MIME¾ÚÌÀ½ñ¤Î¥¤¥ó¥¹¥È¡¼¥ë

ȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤ÈÈëÌ©¸°¤Î¥Õ¥¡¥¤¥ë¤Ç¤¢¤ë¡Ö*.p12¡×¤ä¡Ö*.pfx¡×¤òźÉÕ¥Õ¥¡¥¤¥ë¤Ë¤·¤ÆiOSɸ½à¥á¡¼¥é¡¼¤Î¥¢¥«¥¦¥ó¥È¤ËÁ÷¤ê¡¢ÅºÉÕ¥Õ¥¡¥¤¥ë¤ò³«¤­¤Þ¤¹¡£
IMG_2600m
ɽ¼¨¤µ¤ì¤Æ¤¤¤ë¡Ö¥¤¥ó¥¹¥È¡¼¥ë¡×¤Î¥ê¥ó¥¯¤ò¥¯¥ê¥Ã¥¯¤·¡¢iOS¤Î¥í¥Ã¥¯²ò½ü¥Ñ¥¹¥³¡¼¥É¤òÆþÎϤ·¡¢Â³¤¤¤Æ *.p12 ¤Þ¤¿¤Ï *.pfx ¥Õ¥¡¥¤¥ë¤Î¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ¹¤ì¤Ð¾ÚÌÀ½ñ¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Þ¤¹¡£
IMG_2601m

­¢¼¡¤ËGmail¥¢¥«¥¦¥ó¥È¤Ø¤ÎS/MIME¾ÚÌÀ½ñ¤ÎÀßÄê

¼¡¤Ë¡¢iOS¤Îɸ½à¥á¡¼¥é¡¼¤«¤éGmail¤Î¥¢¥«¥¦¥ó¥È¤ÇS/MIME½ð̾¥á¡¼¥ë¤òÁ÷¤ì¤ë¤è¤¦¤Ë¡¢¾ÚÌÀ½ñ(¤È¸°)¤ÎÀßÄê¤ò¤·¤Þ¤¹¡£¡ÖÀßÄê¡ä¥á¡¼¥ë¡ä¥¢¥«¥¦¥ó¥È¡äGmail¡ä¥¢¥«¥¦¥ó¥È¡ä¾ÜºÙ¡×¤Î°ìÈÖ²¼¤ÎÊý¤ËS/MIME¤ÎÀßÄ꤬¤¢¤ê¤Þ¤¹¡£S/MIME¤ò¥ª¥ó¤Ë¤·¤Æ¡Ö½ð̾¡×¤ò³«¤­¡¢
IMG_2602m
¡Ö½ð̾¡×¤ò¥ª¥ó¤Ë¤·¤Æ¾ÚÌÀ½ñ¤òÁªÂò¤·¤Þ¤¹¡£JCAN¤«¤é¤Î¾ÚÌÀ½ñ¤Ï¡ÖBN-±Ñ¸ì»á̾¡×¤È¤Ê¤Ã¤Æ¤¤¤ë¤È»×¤¤¤Þ¤¹¡£
IMG_2603m
¤³¤Î»þÅÀ¤Ç¤Ï¡Ö¥Ç¥Õ¥©¥ë¥È¤Ç°Å¹æ²½¡×¤Ï¡Ö¤¤¤¤¤¨¡×¤Î¤Þ¤Þ¤¬¤¤¤¤¤Ç¤¹¡£

­£iOSɸ½à¥á¡¼¥é¡¼¤«¤éS/MIME½ð̾¥á¡¼¥ë¤òÁ÷¤Ã¤Æ¤ß¤ë

iOSɸ½à¥á¡¼¥é¡¼¤«¤éGmail¥¢¥«¥¦¥ó¥È¤òÁª¤ó¤Ç¿·µ¬¥á¡¼¥ë¤òÁ÷¤Ã¤Æ¤ß¤Þ¤·¤ç¤¦¡£
IMG_2604m
°¸À褬¶õÍó¤Î»þ¤Ë¤Ï¡¢¾ûÁ°¥¢¥¤¥³¥ó¤Ï¡Ö¥°¥ì¡¼¤Ç³«¤¤¤¿¡×¾õÂ֤Ǥ¹¡£¾ûÁ°¤¬³«¤¤¤Æ¤¤¤ë¾õÂ֤ϡÖÁê¼ê¤ËÂФ·¤Æ°Å¹æ²½¤·¤Þ¤»¤ó¤è¡×¤È¤¤¤¦°ÕÌ£¤Ç¤¹¡£¤Þ¤¿¡¢¥°¥ì¡¼¤Î¾ûÁ°¤¬¤¢¤ë¾õÂ֤ϡÖS/MIME¤¬ÍøÍѲÄǽ¡×¤Ê¾õÂ֤ˤ¢¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£¼¡¤Ë¡¢S/MIME½ð̾¥á¡¼¥ë¤òÁ÷¤ê¤¿¤¤Áê¼ê¤òÁª¤ó¤Ç¤ß¤Þ¤·¤ç¤¦¡£
IMG_2606m
ÀĤ¤¾ûÁ°¤¬³«¤¤¤Æ¤¤¤ë¾õÂ֤ϡ֥᡼¥ë¤ÎÁ÷¿®¤¬²Äǽ¤Ç¡¢Áê¼ê¤Ë¤ÏS/MIME°Å¹æ²½¤ò¤·¤Ê¤¤¡×¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£½é´ü¾õÂ֤ǤÏÁê¼ê¤Î¾ÚÌÀ½ñ¤ò¤â¤é¤Ã¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢°Å¹æ²½¤Ç¤­¤Ê¤¤¤Î¤ÏÅöÁ³¤Ç¤¹¡£¤³¤³¤Ç¡¢ÌµÍý¤ä¤ê¡Ö³«¤¤¤¿ÀĤ¤¾ûÁ°¡×¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£
IMG_2607m
Áê¼ê¤Î¾ÚÌÀ½ñ¤ò»ý¤Ã¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢°¸À褬ÀÖ¤¯¤Ê¤ê¡ÖÀÖ¤¤¾ûÁ°¡×¤Î¥¢¥¤¥³¥ó¤Ë¤Ê¤ê¡Ö°Å¹æ²½¤Ç¤­¤Þ¤»¤ó¡×¤Èɽ¼¨¤µ¤ì¤Þ¤¹¡£¤â¤¦°ìÅÙ¥¯¥ê¥Ã¥¯¤·¤ÆÀĤËÌᤷ¡¢Á÷¿®¤·¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡£

­¤Á÷¤é¤ì¤Æ¤­¤¿½ð̾¥á¡¼¥ë¤ò¼õ¤±¤Æ¤ß¤ë

iOS¤Î¥á¡¼¥é¡¼¤«¤éÁ÷¤é¤ì¤Æ¤­¤¿¥á¡¼¥ë¤òS/MIMEÂбþ¤Î¥á¡¼¥é¡¼¡¢Î㤨¤ÐOutlook¤Ç¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
zzz01m

­¥¥Ñ¥½¥³¥ó¥æ¡¼¥¶¤ÎS/MIME½ð̾¥á¡¼¥ë¤«¤é¾ÚÌÀ½ñ¤òÅÐÏ¿¤¹¤ë

iPhone¤«¤é°Å¹æ¥á¡¼¥ë¤Þ¤¿¤Ï¡¢½ð̾°Å¹æ¥á¡¼¥ë¤òÁ÷¤ë¾ì¹ç¤Ë¤Ï¡¢iOS¤Îɸ½à¥á¡¼¥é¡¼¤ÎS/MIME´Ø·¸¤ÎÍøÍÑÊýË¡¤Ï¤¤¤í¤¤¤í¥¤¥Þ¥¤¥Á¤ÊÌ̤¬Â¿¤¤¤Ç¤¹¤¬¡¢½ð̾¥á¡¼¥ë¤Ëñ½ã¤ËÊÖ¿®¤¹¤ë·Á¤Ç¤ÏÁ÷¤ì¤º¡¢iPhone¤Ç¤ÎÁê¼ê¾ÚÌÀ½ñ¤Î»öÁ°ÅÐÏ¿¤¬É¬ÍפǤ¹¡£¤³¤³¤Ç¤Ï¡¢¤½¤Î¡ÖÁê¼ê¤Î¾ÚÌÀ½ñ¡×¤ÎÅÐÏ¿ÊýË¡¤ò¾Ò²ð¤·¤Þ¤¹¡£

¤Þ¤º¡¢Á÷¤é¤ì¤Æ¤­¤¿½ð̾¥á¡¼¥ë¤ò³«¤­¤Þ¤¹¡£
IMG_2606m
ÀĤ¤¾ûÁ°¤ò¥¯¥ê¥Ã¥¯¤·¤Æ¤â¡¢¾ÚÌÀ½ñ¤¬Ìµ¤¤¤Î¤ÇÀÖ¤¯¤Ê¤ë¤À¤±¤Ê¤Î¤Ç¡¢¤â¤¦°ìÅÙ¥¿¥Ã¥Á¤·¤ÆÀĤˤʤë¤è¤¦¤ËÌᤷ¤Þ¤¹¡£
IMG_2607m
¤Á¤Ê¤ß¤Ë¡¢Á÷¤é¤ì¤Æ¤­¤¿¥á¡¼¥ë¤¬½ð̾°Å¹æ¥á¡¼¥ë¤À¤È¡¢°Ê²¼¤Î¤è¤¦¤Ë¥Ð¥Ã¥¸(½ð̾)¤È¾ûÁ°(°Å¹æ²½)¤Î2¤Ä¤Î¥¢¥¤¥³¥ó¤Ä¤­¤Þ¤¹¡£
IMG_2609m
¤Á¤Ê¤ß¤Ë¡¢¤³¤Î¥á¡¼¥ë¤òiPhone¤Îɸ½à¥á¡¼¥é¡¼¤Ç¤Ï¤Ê¤¯¡¢Gmail¤Î¥¦¥§¥Ö¥¢¥×¥ê¤Ç¸«¤Æ¤ß¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£smime.p7m¤È¤¤¤¦¥Õ¥¡¥¤¥ë¤¬ÅºÉÕ¤µ¤ì¤Æ¤¤¤ë¤À¤±¤Ç¡¢°Å¹æ²½¤µ¤ì¤Æ¤ª¤ê¡¢¥Ð¥¤¥Ê¥ê¥Õ¥¡¥¤¥ë¤ò¸«¤Æ¤âÆâÍƤϤ狼¤é¤Ê¤¤¤Ç¤·¤ç¤¦¡£(¤½¤Î¤¦¤Á¡¢¤³¤ÎÃæ¿È¤Î¥Ð¥¤¥Ê¥ê¥Õ¥¡¥¤¥ë¤Î·Á¼°¤Ë¤Ä¤¤¤Æ½Ò¤Ù¤ë¤³¤È¤â¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£) Google¤Ë¤â¥á¡¼¥ë¤ÎÆâÍƤòÃΤé¤ì¤ë¤³¤È¤Ê¤¯¡¢°Â¿´¤Ç¤¹¤Í¡£
¥¹¥¯¥ê¡¼¥ó¥·¥ç¥Ã¥È 2017-06-09 22m
¤½¤³¤Ç¡¢Áê¼ê¤Î¥¢¥É¥ì¥¹¤ò¥¿¥Ã¥Á¤¹¤ë¤È¡¢Áê¼ê¤ÎÏ¢ÍíÀ褬ɽ¼¨¤µ¤ì¡¢¾ÚÌÀ½ñ¤Ë´Ø¤¹¤ëµ­½Ò¤â½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£
IMG_2597m
¡Ö¾ÚÌÀ½ñ¤òɽ¼¨¡×¤Î¥ê¥ó¥¯¤ò¥¿¥Ã¥Á¤¹¤ë¤È¡¢Áê¼ê¤Î¾ÚÌÀ½ñ¤¬É½¼¨¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢¡Ö¾ÜºÙ¡×¤òɽ¼¨¤Ê¤É¤·¤Æ¡¢ÆâÍƤò¤¶¤Ã¤È³Îǧ¤·¤Æ¡Ö¥¤¥ó¥¹¥È¡¼¥ë¡×¤ò¥¿¥Ã¥Á¤¹¤ë¤È¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Þ¤¹¡£
IMG_2598m
IMG_2610m
°Ê¾å¤ÇÁ÷¿®Àè¤Î¾ÚÌÀ½ñ¤òÅÐÏ¿¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤·¤¿¡£

­¦iPhone¤«¤éS/MIME½ð̾°Å¹æ¥á¡¼¥ë¤òÁ÷¤ë

Àè¤Û¤É¾ÚÌÀ½ñ¤òÅÐÏ¿¤·¤¿¿Í¤Ë¿·µ¬¤Ë¥á¡¼¥ë¤òÁ÷¤Ã¤Æ¤ß¤Þ¤¹¡£°¸Àè¤Ë¥á¡¼¥ë¥¢¥É¥ì¥¹¤òÆþÎϤ¹¤ë¤È¡¢ºÇ½é¤ÏÀĤ¤¾ûÁ°¤Ï³«¤¤¤Æ¤¤¤ë¾õÂ֤Ǥ¹¡£
IMG_2613m
ÀĤ¤¾ûÁ°¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤È¡¢Ìµ»ö¡Ö°Å¹æ²½ºÑ¤ß¡×¤Èɽ¼¨¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤¢¤È¤ÏÁ÷¿®¥Ü¥¿¥ó¤ò²¡¤¹¤À¤±¤Ç¤¹¡£
IMG_2614m
¥Ñ¥½¥³¥ó¤ÎOutlook¤Ç¼õ¤±¼è¤Ã¤Æ¤ß¤ë¤È̵»ö¡¢½ð̾°Å¹æ²½¥á¡¼¥ë¤ò¸«¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
zzz07m

¤ª¤ï¤ê¤Ë

°Ê¾å¡¢JCAN¤ÎS/MIME¾ÚÌÀ½ñ¤ò¤¤¤¿¤À¤¤¤¿¤Î¤Ç¡¢iPhoneɸ½à¥á¡¼¥é¡¼¤ÎGmail¥¢¥«¥¦¥ó¥È¤ËÀßÄꤷ¡¢ ½ð̾°Å¹æ¥á¡¼¥ë¤òÁ÷¼õ¿®¤·¤Æ¤ß¤Þ¤·¤¿¡£ ¤¹¤³¤·¡¢ÅÐÏ¿¤Ê¤É¤Þ¤É¤í¤Ã¤³¤·¤¤½ê¤â¤¢¤ë¤ó¤Ç¤¹¤¬¡¢Android¤Ç¤Ï¤Þ¤È¤â¤ÊS/MIME¥á¡¼¥é¡¼¤Ï̵¤¤¤Î¤Ç¡¢ iPhone¤Îɸ½à¥á¡¼¥é¡¼¤ÏS/MIME¤ò¡Ö¤Á¤ã¤ó¤È¡×»È¤¨¤ÆÂ礷¤¿¤â¤ó¤À¤Ê¤¡¡¢¡¢¡¢¤È»×¤¤¤Þ¤¹¡£ º£²ó¤Î¾ÚÌÀ½ñ¤ÏJCAN¤µ¤ó¤Î¤Ç¤·¤¿¤¬¡¢±Ñ¸ì¤Î¿½ÀÁ¤¬µ¤¤Ë¤Ê¤é¤Ê¤±¤ì¤ÐCOMODO¤«¤é¤â ̵ÎÁ¤ÎS/MIME¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤â¤é¤¨¤Þ¤¹¡£¤è¤«¤Ã¤¿¤é¥È¥é¥¤¤·¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡£

¤³¤ì¤Ç¡¢Google¤Ï¥æ¡¼¥¶¡¼¤Î¥á¡¼¥ë¤ÎÆâÍƤò´Æ»ë¤·¤Æ¤¤¤¿¤ê¤¹¤ë¤ó¤Ç¤·¤ç¤¦¤¬¡¢°Â¿´¤·¤Æ¥à¥Õ¥Õ¤Ê¥á¡¼¥ë¤Î¤ä¤ê¼è¤ê¤ò¾¤Î¿Í¤Ë¤Ï·è¤·¤Æ¤ß¤é¤ì¤ë¤³¤È¤Ê¤¯Á÷¤ì¤ë¤ï¤±¤Ç¤¹¡£¤¤¤ä¡Á¡Á¡¢ÁÇÀ²¤é¤·¤¤¤Ç¤¹¤Í¡£

Gmail¥¢¥«¥¦¥ó¥ÈÍѤÎS/MIME¾ÚÌÀ½ñ¤òÍߤ·¤«¤Ã¤¿¤Î¤Ï¡¢¼Â¤Ï Google¤ÎG-Suite Enterprise¤Ç¤Ï¥µ¡¼¥Ð¡¼¤ËÈëÌ©¸°¤È¾ÚÌÀ½ñ¤òÀßÄꤷ¤Æ ¥¯¥é¥¦¥É·¿¤ÇS/MIME¤Î½ð̾°Å¹æ¥á¡¼¥ë¤¬»È¤¨¤ë¤½¤¦¤Ç¡¢¤½¤ì¤ò»È¤Ã¤Æ¤ß¤¿¤«¤Ã¤¿¤È¤¤¤¦¤Î¤¬ ¤¢¤ê¤Þ¤¹¡£ºÇ¶á¡¢¥¤¥ó¥·¥Ç¥ó¥ÈÂбþ¤ËÄɤï¤ì¤Æ¤Ê¤«¤Ê¤«»þ´Ö¤¬¼è¤ì¤Ê¤¤¤ó¤Ç¤¹¤¬¡¢ ¤Ê¤ó¤È¤«»þ´Öºî¤Ã¤Æ»î¤·¤¿¤¤¤Ê¤¡¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£ ¤Ç¤Ï¤Ç¤Ï¡£

´ØÏ¢µ­»ö

Amazon AWS¤Îǧ¾Ú¶É¤¬¾¯¤·²ø¤·¤¤·ï

Amazon AWS¤ÎELB¤ÈCloudFront¤Ç»È¤¨¤ë¤é¤·¤¤¡¢ÌµÎÁ¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ç¡¢AWS Certificate Manager(ACM)¤È¤¤¤¦¤Î¤¬¤¢¤ë¤½¤¦¤Ç¤¹¡£([»²¹Í1])¡£¤Á¤ç¤Ã¤Èµ¤¤Ë¤Ê¤Ã¤¿¤­¤Ã¤«¤±¤ÏJava¤«¤éHTTPS¤Ç·Ò¤°¤È¸¡¾Ú¼ºÇÔ¤¹¤ë¥±¡¼¥¹¤¬¤¢¤Ã¤¿


¤È¤¤¤¦¤Î¤Ç¡¢¤Á¤ç¤Ã¤È¸«»Ï¤á¤¿¤é¥É¥Ä¥Ü¤Ë¤Ï¤Þ¤Ã¤¿¤Î¤Ç¡¢¾¯¤·¥á¥â¤ò½ñ¤­»Ä¤·¤Æ¤ª¤³¤¦¤«¤È¤ª¤â¤¤¤Þ¤¹¡£

ACM¤Î¾ÚÌÀ½ñ¤ò»È¤Ã¤¿¥µ¥¤¥È¤Ë¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤Ç¤ß¤ë¤È¡¢¡¢¡¢

Java¤Ç·Ò¤¬¤é¤Ê¤¤¤È¤Ê¤ë¤È¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤¬Æþ¤Ã¤Æ¤Ê¤¤¤ó¤À¤í¤¦¤Èµ¿¤Ã¤Æ¤ß¤ë¤È¤ª¤â¤¤¤Þ¤¹¡£ ¤È¤ê¤¢¤¨¤º¡¢¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤À¤ê¤·¤Æ¤ß¤Þ¤·¤¿¡£Windows 7¤ÎChrome¤äIE¤À¤È¤³¤ó¤Ê¥Ñ¥¹¡£
view-ch-ie
Mac OS X(¤ä¿ʬiOS¤â)¤À¤ÈSafari¤Ç¤âChrome¤À¤È¤³¤ó¤Ê¥Ñ¥¹¡£
safari-view
Firefox¤À¤ÈOS¤Ë¤è¤é¤º¡¢Windows¤Ç¤âMac OS X¤Ç¤â¤³¤ó¤Ê¥Ñ¥¹¡£
view-ff-chain
¥¯¥é¥¤¥¢¥ó¥ÈËè¤Ë»È¤ï¤ì¤Æ¤¤¤ë¿®Íꤹ¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤¬°ã¤¦¤è¤¦¤Ç¤¹¡£ Starfield¥ë¡¼¥È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¥±¡¼¥¹¤â¤¢¤ê¤Þ¤¹¤Í¡£ Ä´¤Ù¤Æ¤ß¤ë¤È¡¢Amazon¤ÏGoDaddy¤«¤éStarfield¥ë¡¼¥Èǧ¾Ú¶É¤ò°ì¤ÄÇã¤Ã¤¿¤Î¤À¤½¤¦¤Ç¤¹¡£

ACM¤Î¾ÚÌÀ½ñ¤ò»È¤Ã¤¿¥µ¥¤¥È¤Ë¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤Ç¤ß¤ë¤È¡¢¡¢¡¢

Amazon¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÏAmazon Trust Services¤È¤¤¤¦¤Î¤À¤½¤¦¤Ç¡¢ ¾ÚÌÀ½ñ¥Ý¥ê¥·¡¢Ç§¾Ú¼Â»Üµ¬Äø¤Ê¤É¤Îʸ½ñ¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Ê¤É¤¬ÃÖ¤¤¤Æ¤¢¤ë ¥ê¥Ý¥¸¥È¥ê¤Ï¤³¤Á¤é¤Ë¤¢¤ë¤è¤¦¤Ç¤¹¡£

¥ê¥Ý¥¸¥È¥ê¤ò¤è¤¯¸«¤Æ¤ß¤ë¤È¡¢¥¯¥í¥¹¾ÚÌÀ½ñ(ÊÒÊý¸þÁê¸ßǧ¾Ú¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ)¤Î ¥ê¥¹¥È¤¬¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¥Ï¥Ã¥·¥å¤È¾ÚÌÀ½ñ¤Î¥ê¥ó¥¯¤¬Ä¥¤Ã¤Æ¤¢¤ë¤À¤±¤Ç¡¢Â礷¤¿ÀâÌÀ¤â¤Ê¤¯ ¤¨¤é¤¯ÉÔ¿ÆÀڤʥڡ¼¥¸¤Ç¤¹¤è¤Í¡£ ǧ¾Ú¶É¤Î¹½À®¤¬¤è¤¯¤ï¤«¤é¤Ê¤«¤Ã¤¿¤Î¤Ç¡¢¤³¤ì¤ò¸µ¤Ë¿Þ¤Ë¤·¤¿¤Î¤¬¥³¥ì¤Ç¤¹¡£(¤«¤Ê¤ê¤ÎÎϺî¤À¤È¤ª¤â¤¤¤Þ¤¹¡£)
ca-structure

¤Ê¤ó¤«CA¤Î¸°»È¤¤¤Þ¤ï¤·¤Æ¤Ê¤¤¤Ç¤¹¤«¡©

¤³¤Î¥¯¥í¥¹¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Çµ¤¤Ë¤Ê¤Ã¤¿¤Î¤¬¡¢³ÆAmazon Root 1¡Á4¤ËÂФ·¤Æ¡¢orig¤È¤½¤¦¤¸¤ã¤Ê¤¤¤ä¤Ä¡¢Starfield¤Ë´Ø¤·¤Æ¤Ïv2¤È¤½¤¦¤¸¤ã¤Ê¤¤¤ä¤Ä¤¬¤¢¤ë½ê¤Ç¤¹¡£ Î㤨¤Ð¡¢Amazon Root 1¤Îorig¤È¤½¤¦¤¸¤ã¤Ê¤¤¤ä¤Ä¤òÈæ³Ó¤·¤Æ¤ß¤ë¤È °Ê²¼¤Î3ÅÀ¤¬°ã¤¦¤À¤±¤Ç¡¢

  • ¥·¥ê¥¢¥ëÈֹ椬°ã¤¦
  • notBefore¤¬°ã¤¦(orig¤¬2015ǯ10·î¤Ç¡¢orig̵¤·¤¬2015ǯ5·î)
  • authorityInfoAccess³ÈÄ¥¤ÎcaIssuer¤ÎURL¤¬¾¯¤·°ã¤¦¡£ http://{crl,crt}.rootg2.amazontrust.com/rootg2.cer ¤È¤Ê¤Ã¤Æ¤¤¤ë¡£orig¤¬crl¤Ç¡¢orig¤Ê¤·¤¬crt¡£
¤È¤Û¤È¤ó¤ÉƱ¤¸¤Ç¡¢caIssuer¤òľ¤·¤¿¤¤¤À¤±¤Î¤Ä¤Þ¤é¤Ê¤¤Íýͳ¤Î¤¿¤á¤Ë¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤òºÆȯ¹Ô¤·¤¿¤è¤¦¤Ç¤¹¡£ ¤³¤ì¤Ã¤ÆÃæ´ÖCA¤Î¸°¤ò»È¤¤¤Þ¤ï¤·¤Æ¤Þ¤¹¤è¤Í¡£¥Þ¥º¤¯¤Ê¤¤¤ó¤Ç¤¹¤«¤Í¡© ¤µ¤é¤ËÌäÂê¤Ê¤Î¤Ï¡¢
  • ¤É¤Á¤é¤¬Àµ¤·¤¤¾ÚÌÀ½ñ¤Ê¤Î¤«¤ï¤«¤é¤Ê¤¤¡£
  • ¥Õ¥¡¥¤¥ë̾¤«¤é¤Ïorig¤¬¸Å¤¤¤è¤¦¤Ë¸«¤¨¤ë¤¬¡¢ notBeforeŪ¤Ë¤ÏµÕ¤Ëorig¤¬¿·¤·¤¤¤è¤¦¤Ë¤â¸«¤¨¤ë¡£
  • ¤É¤Á¤é¤«°ìÊý¤ò¼º¸ú¤·¤Æ¤¤¤ë¤ï¤±¤Ç¤â¤Ê¤¯¡¢¤É¤Á¤é¤âÍ­¸ú¡£
  • ¥Ñ¥¹¸¡¾Ú¤È¤·¤Æ¤Ï¤É¤Á¤é¤ò»È¤Ã¤Æ¤â¸¡¾ÚÀ®¸ù¤È¤Ê¤ë¤¬¡¢¤½¤ó¤Ê»ö¤Ç¤¤¤¤¤Î¤«¡©
  • ¾­Íè¡¢{crl,crt}.rootg2.amazontrust.com¤Î¤¤¤º¤ì¤«¤ò̵¤¯¤¹·×²è¤¬¤¢¤ë¤È»×¤¦¤¬¡¢ ¤½¤ì¤¬ÌÀ¤é¤«¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£
¤È¤¤¤Ã¤¿½ê¤Ç¤¹¡£ ¤Á¤Ê¤ß¤Ë¡¢caIssuer¤Ëµ­ºÜ¤µ¤ì¤¿URL¤Ï¡¢º£¤Î½ê¤Ï¤É¤Á¤é¤â¥¢¥¯¥»¥¹²Äǽ¤Ê¤è¤¦¤Ç¤¹¡£ ξÊý¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¤Ê¤é¡¢¤Ê¤ª¤µ¤éÃæ´ÖCA¾ÚÌÀ½ñºÆȯ¹Ô¤ÎɬÍפ¬¤¢¤Ã¤¿¤ó¤Ç¤¹¤«¤Í¤§¡© ñ¤Ë¡¢DNS¤ÎÊÌ̾¡¢CNAME¥ì¥³¡¼¥É¤ÎÀßÄê¤À¤±¤ÎÌäÂê¤Ê¤ó¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¤Í¤§¡£ ¤Þ¤¿¡¢ËÜÅö¤Ï¤É¤Á¤é¤Ë´ó¤»¤¿¤¤¤È»×¤Ã¤Æ¤¤¤ë¤Î¤«¤âÌÀ¤é¤«¤Ë¤µ¤ì¤Æ¤Þ¤»¤ó¤è¤Í¤§¡£

ƱÍͤˡ¢Starfield Class 2 CA¤«¤éStarfield Services Root CA G2¤Ëȯ¹Ô¤·¤Æ¤¤¤ë Ãæ´ÖCA¾ÚÌÀ½ñ¤â²ø¤·¤¯¤Æ¡¢¥·¥ê¥¢¥ëÈÖ¹æ¤ÈnetBefore¤À¤±¤¬°ã¤¦¾ÚÌÀ½ñ¤¬¤¢¤ê¤Þ¤¹¡£ ¤É¤Á¤é¤â¼º¸ú¤·¤Æ¤¤¤Þ¤»¤ó¡£ ¤³¤ó¤Ê¤³¤È¤·¤ÆÂç¾æÉפʤó¤Ç¤¹¤«¤Í¤§¡© ºÇ¶á¡¢Certificate Transparency(CT)¤ÇSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñÁ´¤Æ¤Îȯ¹ÔÍúÎò»Ä¤µ¤ì¤Æ¤ª¤ê¡¢ (»ä¤ÏºÇ½é¤ÏCT¤Ï·ù¤¤¤À¤Ã¤¿¤Î¤Ç¤¹¤¬¡¢) ǧ¾Ú¶É¤¬ÌäÂꤢ¤ë¤È¡¢ (¥·¥Þ¥ó¥Æ¥Ã¥¯¤Î¤è¤¦¤Ë¡¢¡¢¡¢¡¢) ¤¤¤í¤ó¤Ê¿Í¤¬»ØŦ¤·¤Æ¤¯¤ì¤Þ¤¹¡£ Ãæ´ÖCA¾ÚÌÀ½ñ¤Îȯ¹Ô¤Ë¤Ä¤¤¤Æ¤â¡¢CT¥í¥°¤Ë»Ä¤·¤Æ¤ª¤«¤Ê¤¤¤È¡¢ ¥ä¥Ð¥¤±¿ÍѤ¬¤¢¤ë¤ó¤¸¤ã¤Ê¤¤¤«¤Ê¤¡¡¢¡¢¡¢¡¢¤È»×¤¤¤Þ¤¹¡£

Amazon¤Îǧ¾Ú¶É¤ÏWebTrustǧÄê¤â¤·¤Æ¤ª¤ê¡¢Ernst Young¤¬´Æºº¤·¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¤¬¡¢ ¤³¤ó¤Ê¤ó¤ÇËÜÅö¤ËÂç¾æÉפʤó¤Ç¤¹¤«¤Í¡©

Java 8?¤Îcacerts¤Îalias¤Ë¤Ä¤¤¤Æ

Amazon AWS¤äACM¤È¤ÏÁ´¤¯Ìµ´Ø·¸¤Ç¤¹¤¬¡¢ºÇ¶á¼«Ê¬¤Ï¡¢Java¤Ï¤á¤Ã¤­¤ê¿¨¤é¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¡¢º£²ó¤Î·ï¤Ç¤«¤Ê¤ê¶ìÏ«¤·¤Þ¤·¤¿¡£Java¤Î¿®Íꤹ¤ëǧ¾Ú¶É¤Î¤¿¤á¤Î¥­¡¼¥¹¥È¥¢¥Õ¥¡¥¤¥ë¤Ç¤¢¤ëjre/lib/security/cacerts¥Õ¥¡¥¤¥ë¤Ê¤ó¤Ç¤¹¤¬¡¢Ãæ¤Î¥Õ¥¡¥¤¥ë¤ò¼è¤ê½Ð¤½¤¦¤È¤¹¤ë¤È¡¢¤½¤ó¤Ê¥Õ¥¡¥¤¥ë¤Ï̵¤¤¤ÈÅܤé¤ì¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£ ¤è¤¯¸«¤ë¤È»È¤Ã¤Æ¤ß¤¿¿·¤·¤¤8u121¤Ç¤Ï¡¢alias¤Ï¤³¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢

% keytool -list -keystore jre/lib/security/cacerts ¡¡¡¡¡§Ãæά globalsigneccrootcar5 [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46: 3A:1B:69:AA starfieldservicesrootg2ca [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63: E8:25:6F:3F ttelesecglobalrootclass2ca [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF: 17:D8:94:E9 addtrustqualifiedca [jdk],2016/08/26, trustedCertEntry, ¾ÚÌÀ½ñ¤Î¥Õ¥£¥ó¥¬¥×¥ê¥ó¥È(SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E: C5:4D:8B:CF ¡¡¡¡¡§¸åά
Î㤨¤Ð¡Östarfieldservicesg2ca¡×¤À¤±¤Ç¤Ï¤À¤á¤Ç¡¢É½¼¨¤µ¤ì¤Æ¤¤¤ëÄ̤ê¡Östarfieldservicesg2ca [JDK]¡×¤Î¤è¤¦¤Ë¤Á¤ã¤ó¤È[JDK]¤Þ¤Ç¤Ä¤±¤Ê¤¤¤È¤¤¤±¤Ê¤¯¤Ê¤Ã¤¿¤Î¤À¤½¤¦¤Ç¤¹¡£ÃΤé¤Ê¤«¤Ã¤¿¤·¡¢¥Ï¥Þ¤ê¤Þ¤·¤¿¡£

GW¤Ê¤â¤ó¤Ç¡¢º£Æü¤Ï¤³¤ó¤Ê¤È¤³¤Ç¡£

»²¹Í¥ê¥ó¥¯

A look at AWS Certificate Manager
ACM¤ò»È¤¤»Ï¤á¤ë¤È¤­¤Ë»²¹Í¤Ë¤Ê¤ë¡£ACM¤ò»È¤Ã¤¿¥µ¥¤¥È¡£
Free SSL With Amazon¡Çs AWS Certificate Manager (ACM)
ACM¤ò»È¤¤»Ï¤á¤ë¤È¤­¤Ë»²¹Í¤Ë¤Ê¤ë¡£(¤½¤Î2)
ACM FAQ
¸ø¼°¥µ¥¤¥È¤ÎFAQ

ÄÉÅé Adobe CDS

PDF½ð̾¤ÎÍøÍѳÈÂç¤Ë¤Ä¤Ê¤¬¤ë¤È¡¢Ì©¤«¤Ë´üÂÔ¤·¤Æ¤¤¤¿¡¢¤È¤Æ¤âÀè¿ÊŪ¤Ê ¥µ¡¼¥Ó¥¹¤À¤Ã¤¿Adobe CDS¤¬¡¢¤¤¤è¤¤¤è¥µ¡¼¥Ó¥¹¤ò½ªÎ»¤·¡¢AATL (Adobe Approved Trust List)¤Ë°Ü¹Ô¤¹¤ë¤ÈÃΤê¤Þ¤·¤¿¡£¤Þ¤¡¡¢°Ü¹Ô¤È¤Ï¸À¤¨¤º¡¢¤¤¤í¤¤¤í¤Ê¤â¤Î¤ò¼Î¤Æµî¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤¬¡¢¡¢¡¢¤«¤Ä¤Æ¼«Ê¬¤â¿ÍÃì¤È¤·¤ÆAdobe CDSÂбþ¤Î¾ÚÌÀ½ñ¤È¥È¡¼¥¯¥ó¤ò¹ØÆþ¤·¡¢»È¤Ã¤Æ¤ß¤¿¤ê¤â¤·¡¢´ö¤Ä¤«¥Ö¥í¥°¤Ç½ñ¤«¤»¤Æ¤â¤é¤¤¡¢Îɤ¤¥µ¡¼¥Ó¥¹¤À¤Ã¤¿¤Î¤Ç¤¹¤¬¤È¤Æ¤â»ÄÇ°¤Ç¤¹¡£Èᤷ¤¹¤®¤ë¤Î¤ÇÄÉÅéµ­»ö¤Î¤è¤¦¤Ê¤â¤Î½ñ¤¤¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
cdstoken

Adobe CDS¤È¤Ï²¿¤«

Adobe Acrobat ¤Ë¤Ï郎½ð̾¤ò¤·¤¿¤«¡¢¤½¤ì¤¬²þ¤¶¤ó¤µ¤ì¤Æ¤¤¤Ê¤¤¤«¤ò¼¨¤¹¤¿¤á¤ÎPDF½ð̾µ¡Ç½¤¬¤¢¤ê¡¢Adobe Acrobat Reader¤Ë¤ÏPDF½ð̾¤Î¸¡¾Úµ¡Ç½¤¬¤Ä¤¤¤Æ¤¤¤Þ¤¹¡£PDF½ð̾¤Î±¿ÍѤò¸·³Ê²½¤·¡¢Adobe Acrobat Reader¤Î¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤Ã¤Æ¤â¡¢¤Á¤ã¤ó¤ÈËܿͳÎǧ¤ò¤·¤¿¾ÚÌÀ½ñ¤È¥Ï¡¼¥É¥¦¥§¥¢¥Ç¥Ð¥¤¥¹¤ò¤Ä¤«¤Ã¤Æ½ð̾¤·¤¿PDF½ð̾¤¬¸¡¾Ú¤Ç¤­¤ë¤è¤¦¤Ë¤¹¤ë¥µ¡¼¥Ó¥¹¤¬Adobe CDS¤Ç¤·¤¿¡£Adobe CDS¤Ë¤Ï

  • HSM¤ò»È¤Ã¤¿ÁÈ¿¥¤Ë¤è¤ë¥µ¡¼¥Ð¡¼¸þ¤±PDF½ð̾
  • USB¥È¡¼¥¯¥ó¤ò»È¤Ã¤¿¸Ä¿Í¤Ë¤è¤ëPDF½ð̾
¤Î2¼ïÎà¤ËÂбþ¤·¤Æ¤¤¤Þ¤·¤¿¡£¤¿¤À¤ÎPDF½ð̾¤È¤Ï¤É¤¦°ã¤¦¤Î¤«¡¢Èæ³Óɽ¤Ë¤Þ¤È¤á¤Æ¤ß¤Þ¤·¤¿¡£
°ìÈÌŪ¤ÊPDF½ð̾Adobe CDS PDF½ð̾
¾ÚÌÀ½ñȯ¹Ô¤ÎºÝ¡¢ËܿͳÎǧ¤ò¤·¤è¤¦¤¬¤·¤Þ¤¤¤¬¹½¤ï¤Ê¤¤ ¾ÚÌÀ½ñȯ¹Ô¤ÎËܿͳÎǧ¤Ï¤«¤Ê¤ê¸·³Ê¡£Î㤨¤Ð¡¢¥Ñ¥¹¥Ý¡¼¥È¤Î¥³¥Ô¡¼¡¢¥á¡¼¥ë¥¢¥É¥ì¥¹¤ÎÁ÷ÉÕ¤ÈÅÅÏäˤè¤ë(±Ñ¸ì¤Ç¤Î)Ëܿͤΰջ׳Îǧ¤Ê¤É
ÈëÌ©¸°¤Î´ÉÍý¤Ï¤Ê¤ó¤Ç¤â¤è¤¤ ÈëÌ©¸°¤Ïɬ¤º¥µ¡¼¥Ð¡¼·¿¤Ê¤éHSM¡¢¸Ä¿Í·¿¤Ê¤éUSB¥È¡¼¥¯¥ó¤Ë³ÊǼ¤µ¤ì¡¢¥¨¥¯¥¹¥Ý¡¼¥ÈÉԲġ£(¥¹¥Þ¡¼¥È¥«¡¼¥ÉÂбþ¤Îǧ¾Ú¥Ù¥ó¥À¡¼¤Ï¤Ê¤«¤Ã¤¿¤Ï¤º¡£)
¾ÚÌÀ½ñ¤Ï¥Ç¥¸¥¿¥ë½ð̾¤¬²Äǽ¤Ê¤é¤Ê¤ó¤Ç¤âÎɤ¤¡£Î㤨¤Ð¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÈÈëÌ©¸°¤Ç¤â¤è¤¤ Adobe CDS½ð̾ÀìÍѤξÚÌÀ½ñ¤Ç¤¢¤ê¡¢³ÈÄ¥Îΰè¤ËÀìÍѤγÈÄ¥¤¬¤¢¤ë¡£¾ÚÌÀ½ñ¥Ý¥ê¥·¤âCDSÂбþ¤Î¤â¤Î¤Ç¤Ê¤¤¤ÈAdobe CDS¤ËÅÐÏ¿¤Ç¤­¤ëCA¤È¤Ï¤Ê¤é¤Ê¤¤¡£
PAdES¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ä¤­PDF½ð̾¤Ç¤¢¤ëɬÍפϤʤ¯¡¢ÉáÄ̤ÎPDF½ð̾¤Ç¤â¤è¤¤ ½ð̾¤¹¤ë¤ÈPAdES½ð̾¥¿¥¤¥à¥¹¥¿¥ó¥×ÉÕ¤­¤ÎPDF½ð̾¤È¤Ê¤ë
¥¿¥¤¥à¥¹¥¿¥ó¥×¤ò¤Ä¤±¤è¤¦¤È¤¹¤ë¾ì¹ç¡¢ÆüËܤǤϰìÈ̤ËÊÌÅÓ¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×»ö¶È¼Ô¤È¤ÎÍøÍÑ·ÀÌó¤¬É¬Í× Adobe CDSÂбþ¤Îǧ¾Ú¶É¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤ò¹ØÆþ¤¹¤ì¤Ð¥¿¥¤¥à¥¹¥¿¥ó¥×¥µ¡¼¥Ó¥¹¤¬¹ç¤ï¤»¤ÆÄ󶡤µ¤ì¤ë¡£Adobe CDS¤Ç¤Ï¡¢Ç§¾Ú¥µ¡¼¥Ó¥¹¤´¤È¤Ë¡¢¤É¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¥µ¡¼¥Ó¥¹¤ò»ÈÍѤ¹¤ë¤«¤¬¡¢¾ÚÌÀ½ñ³ÈÄ¥¤Ëµ­ºÜ¤µ¤ì¤Æ¤ª¤ê¡¢¸ÇÄê¤Ç¤¢¤ë¡£Ç§¾Ú¥µ¡¼¥Ó¥¹¼«ÂΤ¬¥¿¥¤¥à¥¹¥¿¥ó¥×¥µ¡¼¥Ó¥¹¤òÄ󶡤·¤Æ¤¤¤ë¥±¡¼¥¹¤¬Â¿¤¤¡£
¿®Íꤹ¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤ÏAdobeÆȼ«¤Î¤â¤Î¤À¤Ã¤¿¡£¤³¤ÎÅÙ¤³¤ì¤¬¡¢Adobe Approved Trust List(AATL)¤È¤¤¤¦¥ë¡¼¥È¾ÚÌÀ½ñ¥×¥í¥°¥é¥à¤È¤·¤ÆÄêµÁ¤µ¤ì¡¢¸½»þÅÀ¤Ç58¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¡£Windows¤äMac OS X¤Ê¤É¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¿ô¤Ï400ÄøÅ٤Ȥ³¤ì¤è¤ê¤«¤Ê¤ê¿¤¤¤¬¡¢OS¤Î»ý¤Ä¥ë¡¼¥È¾ÚÌÀ½ñ¤ÏAcrobat Reader¤Î¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¿®Íꤷ¤Æ¤ª¤é¤º¡¢¤³¤ì¤ò¿®Íꤹ¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤ÏÀßÄêÊѹ¹¤ÎɬÍפ¬¤¢¤ë¡£ Adobe CDS¤Î¥ë¡¼¥Èǧ¾Ú¶É¤ÏAdobe¤Î¥ë¡¼¥È°ì¤Ä¤Ç¤¢¤ê¡¢Ãæ´Öǧ¾Ú¶É¤È¤·¤ÆAdobe CDSÂбþ¤Îǧ¾Ú¥Ù¥ó¥À¡¼6¤ÄÄøÅÙ¤¬¤¢¤ê¡¢¤½¤³¤«¤é¥æ¡¼¥¶ÍѤξÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤ë¡£Adobe CDSÍѤÎÀìÍѤα¿Íѥݥꥷ(CP/CPS)¤Ç±¿ÍѤµ¤ì¤Æ¤¤¤ë¡£¤É¤Î¤è¤¦¤ÊOS¤ÎAcrobat Reader¤Ç¤âOS¤Î¥È¥é¥¹¥È¥ê¥¹¥È¤Ë´Ø·¸¤Ê¤¯Æ±¤¸¸¡¾Ú·ë²Ì¤È¤Ê¤ë
Adobe CDS¥µ¡¼¥Ó¥¹¤Î¥Ý¥¤¥ó¥È¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ë¤È»×¤¤¤Þ¤¹¡£
  • ³Î¤«¤ËËܿͤ¬½ð̾¤·¤¿¤È¸«¤Ê¤»¤ë°õ´Õ¤Ç¸À¤¨¤Ð¼Â°õ¥ì¥Ù¥ë¤ÎPDF½ð̾¤¬¤Ç¤­¤ë
  • (ºÇ¶á¤¤¤í¤ó¤Êǧ¾Ú¶É¤¬ÌäÂ굯¤³¤·¤Æ¤¤¤Þ¤¹¤¬)±¿ÍѤΤ·¤Ã¤«¤ê¤·¤Æ¤¤¤Ê¤¤Ç§¾Ú¶É¤¬Ê¶¤ì¹þ¤à²ÄǽÀ­¤¬Èæ³ÓŪÄ㤤(¤±¤É¡¢¤³¤ÎÃæ¤Ë¤âÌäÂ굯¤³¤·¤¿¤È¤³¤í¤¢¤ê¤Þ¤·¤¿¤è¤Í)
  • Adobe CDSÀìÍѤξÚÌÀ½ñ¤Ç½ð̾¤¹¤ë
  • ÅŻҽð̾¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤¬Í­¸ú¤À¤Ã¤¿»þ¹ï¤Ë½ð̾¤µ¤ì¤¿¤³¤È¤ò¼¨¤¹¤¿¤á¤Ë¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¤¬É¬¿Ü¤È¤µ¤ì¤ë¤¬¡¢Adobe CDS¤Ç¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç½ð̾¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ä¤­PDF½ð̾¤È¤Ê¤ë
  • USB¥È¡¼¥¯¥ó¤Ê¤É¤Î¥Ï¡¼¥É¥¦¥§¥¢¥Ç¥Ð¥¤¥¹¤ò»ý¤Ã¤Æ¤¤¤ë¤Ï¤º¤ÎËܿͽð̾¤Ç¤­¤º¡¢Â¾¿Í¤¬¤Ê¤ê¤¹¤Þ¤·¤Æ½ð̾¤ò¤µ¤ì¤ë²ÄǽÀ­¤Ï¶Ë¤á¤ÆÄ㤤

Adobe CDS¤Î¥Ê¥¤¥¹¤Ê¤È¤³¤í

¥¿¥¤¥à¥¹¥¿¥ó¥×ÉÕ¤­PDF½ð̾¤ò¤·¤è¤¦¤È¤·¤¿¾ì¹ç¤Ë¡¢ÆüËܤǤϰìÈ̤˽ð̾ÍѤΥ¯¥é¥¤¥¢¥ó¥È¾ÚÌÀ½ñ¤È¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¥µ¡¼¥Ó¥¹¤ÎÍøÍѤ¬¤½¤ì¤¾¤ìɬÍפˤʤê¤Þ¤¹¡£¤³¤ì¤Ã¤Æ¡¢¤½¤ì¤¾¤ì¤ª¶â¤¬¤«¤«¤ë¤·¡¢ÈѤ路¤¤¤Ç¤¹¤è¤Í¡£ÆüËܤǥ¿¥¤¥à¥¹¥¿¥ó¥×ÉÕ¤­½ð̾¤¬Î®¹Ô¤é¤Ê¤¤Íýͳ¤Î°ì¤Ä¤Ê¤Î¤Ç¤Ï¤È¤â»×¤Ã¤Æ¤¿¤ê¤â¤·¤Þ¤¹¡£³¤³°¤Î½ð̾ÍѾÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ç¤Ï¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¥µ¡¼¥Ó¥¹¤È¥»¥Ã¥È¤ÇÄ󶡤¹¤ë¤â¤Î¤¬Â¿¤¤¤Ç¤¹¤·¡¢Adobe CDS¤â¥»¥Ã¥ÈÄ󶡤ǡ¢¤È¤Æ¤â»È¤¤¤ä¤¹¤¤¤Ç¤¹¡£

¥³¡¼¥É½ð̾ÍѾÚÌÀ½ñ¤Ê¤ó¤«¤â¡¢RFC 3161¥¿¥¤¥à¥¹¥¿¥ó¥×¤È¤Ï°ã¤¤¤Þ¤¹¤¬¡¢»÷¤¿¤è¤¦¤Ê¥«¥¦¥ó¥¿½ð̾¤Ë¤è¤ë¥¿¥¤¥à¥¹¥¿¥ó¥×¤Î»ÅÁȤߤ¬¥»¥Ã¥È¤ÇÄ󶡤µ¤ì¤ë¤Î¤Ç¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¥³¡¼¥É½ð̾¤Ë¤Ï¥¿¥¤¥à¥¹¥¿¥ó¥×¤¬¤Ä¤­¤Þ¤¹¡£

Adobe CDS¤Î²¿¤¬¤¤¤±¤Ê¤«¤Ã¤¿¤Î¤«

Adobe CDS¤ò»È¤Ã¤Æ¤¤¤ë¤«¤É¤¦¤«¤Ç¡¢PDF½ð̾¤ËÂФ¹¤ë¿®Íê¤ÎÅٹ礤¤ÏÁ´¤¯°Û¤Ê¤ë¤È»×¤¦¤Î¤Ç¤¹¤¬¡¢Acrobat Reader¤Ç¤Ï¡¢ÉáÄ̤ÎPDF½ð̾¤ÈAdobe CDS PDF½ð̾¤È¤Î°ã¤¤¤Ï¤¢¤ê¤Þ¤»¤ó¡£°ã¤¤¤â¤Ê¤¤¤Î¤Ê¤é¡¢¹â¤¤¤ª¶â¤òʧ¤Ã¤Æ¤Þ¤ÇAdobe CDS¤ò»È¤¦¥á¥ê¥Ã¥È¤âÇö¤¤¤Ç¤¹¤è¤Í¡£

¤Þ¤¿¡¢Ç§¾Ú¶É¤Ë¤È¤Ã¤Æ¤â¡¢ÆÈΩ¤·¤¿Ãæ´ÖCA¤ò±¿ÍѤ·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ÆÃÊ̤ʾÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤âɬÍפǡ¢Ç§¾Ú¶É¤Ë¤È¤Ã¤Æ¤â¤È¤Æ¤âÉéô¤È¤Ê¤ë¥×¥í¥°¥é¥à¤À¤Ã¤¿¤È»×¤¤¤Þ¤¹¡£ÁêÅöÍøÍѤ¬¿­¤Ó¤Ê¤¤¤È¥µ¡¼¥Ó¥¹¤ò°Ý»ý¤¹¤ë¤Î¤ÏÆñ¤·¤¤¤È»×¤¤¤Þ¤¹¡£

Adobe CDS¤Î¤è¤¦¤ËUSB¥È¡¼¥¯¥ó¤ò»È¤Ã¤¿¤ê¡¢¥Þ¥¤¥Ê¥ó¥Ð¡¼¥«¡¼¥É¤Î¤è¤¦¤Ë¥¹¥Þ¡¼¥È¥«¡¼¥É¤ò»È¤Ã¤¿¤ê¡¢¥Ï¡¼¥É¥¦¥§¥¢¥Ç¥Ð¥¤¥¹¤ò»ÈÍѤ·¤Æ¡¢¸·³Ê¤ÊËܿͳÎǧ¤Î¤â¤Èȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ë´Ø¤·¤Æ¤Ï¡¢¶¦Ä̤ÎÀìÍѤξÚÌÀ½ñ³ÈÄ¥¤ò»ý¤¿¤»¤ë¤è¤¦¤Ë¤·¡¢ÉáÄ̤νð̾¤È¤Ï¶èÊ̤·¡¢EV¾ÚÌÀ½ñ¤ÎÎФΥ¢¥É¥ì¥¹¥Ð¡¼¤Î¤è¤¦¤Êɽ¼¨¾å¤Î¶èÊ̤ò¤·¤Ê¤¤¤È¡¢¥Ï¡¼¥É¥¦¥§¥¢¥Ç¥Ð¥¤¥¹¤ò»È¤Ã¤¿½ð̾¤¬¤Ê¤«¤Ê¤«ÉáµÚ¤·¤Ê¤¤¤Î¤«¤Ê¤È¤â»×¤¤¤Þ¤¹¡£

ºÇ¶á¤Ç¤Ï¡¢¥¯¥é¥¦¥É¾å¤ÇÈëÌ©¸°¤Î´ÉÍý¤ò¤·¡¢¥ê¥â¡¼¥È¤Ç½ð̾¤ò¹Ô¤¦¤è¤¦¤Ê±¿ÍÑ·ÁÂÖ¤âÁý¤¨¤Æ¤ª¤ê¡¢¥Ï¡¼¥É¥Ç¥Ð¥¤¥¹¤òËܿͤ¬´ÉÍý¤·¤Æ½ð̾¤¹¤ë¤È¤¤¤¦¤Î¤Ï¡¢¤À¤ó¤À¤ó»þÂå¤Ë¤â¹ç¤ï¤Ê¤¯¤Ê¤Ã¤Æ¤­¤¿¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£

¤ª¤ï¤ê¤Ë

Adobe CDS¤Ï¡¢°Ý»ýÈñÍѤâ·ë¹½¤«¤«¤ë¤Î¤Ç¡¢·ë¶É»ý¤Á³¤±¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¤¬¡¢¡Ö¼Â°õ¥ì¥Ù¥ë¤Î¤Á¤ã¤ó¤È¤·¤¿¡×PDF½ð̾¤Ç¤¢¤ëAdobe CDS¤Ï¡¢¤Ê¤¯¤Ê¤Ã¤ÆÍߤ·¤¯¤Ï¤Ê¤«¤Ã¤¿¤Ç¤¹¡£¥Û¥ó¥È¤µ¤Ó¤·¤¤¡£¥Ð¥¤¥Ð¥¤ Adobe CDS¡£

´ØÏ¢µ­»ö

HPKP(HTTP Public Key Pinning)¸ø³«¸°¥Ô¥Ë¥ó¥°¤Ë¤Ä¤¤¤Æ¹Í¤¨¤ë

¤â¤¯¤¸
1. ¤Ï¤¸¤á¤Ë
2. HPKP¤¬À¸¤Þ¤ì¤¿ÇØ·Ê
3. HPKP¤Î»ÅÁȤß
4. ¥Ô¥ó¤ÎÀßÄê¤Î¹Í»¡
¡¡4.1. ¥Ô¥ó¤ÎÃͤμèÆÀÊýË¡
¡¡4.2. ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ÎÁªÂò
¡¡4.3. ¾ÚÌÀ½ñ¹¹¿·¤ÈHPKP¥Ø¥Ã¥À¤ÎÀßÄêÊѹ¹¤Î±¿ÍÑÊýË¡
¡¡4.4. ¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤È¤¤¤¦Ì¾Á°¤Î¥¤¥±¤Æ¤Ê¤µ
¡¡4.5. CA¸°¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Î¥ª¥¹¥¹¥á¤ÎÃÍ
¡¡4.6. ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤ÇÊ£¿ô¥Ô¥ó¤ò¤Ä¤±¤Æ¤â°ÕÌ£¤Ï¤Ê¤¤
¡¡4.7. Ʊ¤¸CA¾ÚÌÀ½ñ¤ËPin¤·Â³¤±¤ë¾ì¹ç¤Î²ÝÂê
¡¡4.8. 2¤Ä¤ÎCA¾ÚÌÀ½ñ¤ËPin¤¹¤ë¾ì¹ç¤Î²ÝÂê
¡¡4.9. max-age¤Î¥ª¥¹¥¹¥áÃͤò¹Í¤¨¤ë
5. HPKP¤Ï¤É¤ÎÄøÅٻȤï¤ì¤Æ¤¤¤ë¤Î¤«
6. º£¤ÎHPKP¤Î²¿¤¬¤¤¤±¤Ê¤«¤Ã¤¿¤Î¤«
7. ¤ª¤ï¤ê¤Ë
8. (»²¹Í) HPKP´ØÏ¢¤ÎÊÙ¶¯¤Ë¤Ê¤ë¥ê¥ó¥¯
9. Äɵ­
¡¡9.1. Äɵ­(2017.02.26) HPKP¤Î¥Ö¥é¥¦¥¶¥µ¥Ý¡¼¥È¾õ¶·
¡¡9.2. Äɵ­(2017.02.26) smashingmagazine.com¤ÇȯÀ¸¤·¤¿HPKP¾ã³²

1. ¤Ï¤¸¤á¤Ë

HPKP¤È¤ÏHTTP Public Key Pinning¤Îά¤Ç¡¢RFC 7469 Public Key Pinning Extension for HTTP¤Çµ¬Äꤵ¤ì¤Æ¤ª¤ê¡¢ ¥¦¥§¥Ö¥µ¥¤¥È¤Î¥ª¡¼¥Ê¡¼¤¬¡¢¥Ë¥»¤Î¥µ¥¤¥È¤Ç°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬»È¤ï¤ì¤Ê¤¤¤è¤¦¤ËÊݸ¤ë¤¿¤á¤Î»ÅÁȤߤǤ¹¡£

ÆüËܸì²òÀâ¤Ï¾¯¤Ê¤¤¤Ç¤¹¤¬¡¢·É°¦¤¹¤ë jovi0608¤µ¤ó¤Îµ­»ö¤äJxck¤µ¤ó¤Îµ­»ö¤Ê¤É¤Ç¤â²òÀ⤵¤ì¤Æ¤¤¤Þ¤¹¡£

»ä¤â3ǯ¤Á¤ç¤¤Á°¡¢IPA¤Î¥¬¥¤¥É¤ò½ñ¤¤¤Æ¤¤¤¿Á°¤¢¤¿¤ê¤«¤é¡¢HPKP¤Î±¿ÍѾå¤Î²ÝÂê¤Ë¤Ä¤¤¤Æ¡¢²¿¤«¥Ö¥í¥°Åù¤Ç½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤¤¤¿¤Î¤Ç¤¹¤¬¡¢¤Ê¤ó¤«Æüº¢¤Î¥Ø¥ó¤Ê¤³¤È¤ËË»»¦¤µ¤ì¤Æ¡¢¤³¤ì¤Þ¤Ç¤Þ¤È¤á¤Æ½ñ¤¯¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£(¤Ê¤ó¤«½ñ¤³¤¦¤È»×¤Ã¤Æ¤¿¤éjovi¤µ¤ó¤Î¤¬½Ð¤Á¤ã¤Ã¤Æ¡¢¤Þ¤¡¤¤¤¤¤«¤È»×¤Ã¤Á¤ã¤Ã¤¿¤Ã¤Æ¤¤¤¦¤Î¤â¤¢¤ê¤Þ¤¹w) IPA¤Î¥¬¥¤¥É¤Î»þ¤â½ñ¤«¤»¤Æ¤â¤é¤ª¤¦¤È¤·¤¿¤ó¤Ç¤¹¤¬¡¢¤Ê¤ó¤À¤«Âç¿Í¤Î»ö¾ð¤ÇÄɲ䵤»¤Æ¤â¤é¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£¤È¤Û¤Û¡£

º£²ó¤Ï¡¢HPKP¤È¤Ï²¿¤«¤È¤¤¤Ã¤¿´ðËÜŪ¤Ê¤³¤È¤Ï¡¢Â¾¤ÎÊý¤Î¥Ö¥í¥°¤Ë¾ù¤ë¤È¤·¤Æ¡¢HPKP¤Î¸½¾õ¤äHPKP¤Î±¿ÍѾå¤Î²ÝÂê¤Ë¤Ä¤¤¤Æ¥Õ¥©¡¼¥«¥¹¤·¤Æ½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£Ä¹¤¯¤Ê¤ê¤½¤¦¤Ç¤¹¤¬¡¢¤´¤á¤ó¤Ê¤µ¤¤¤Í¡£

·ëÏÀ¤«¤é¸À¤¨¤Ð¡¢ËÜÈÖ¥µ¥¤¥È¤Ç°Â°×¤ËHPKP¤ò»È¤¦¤Î¤Ï¤ä¤á¤¿Êý¤¬¤¤¤¤¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£¤½¤ì¤Ï¡¢HPKP¤Î»ÅÍͼ«ÂΤ¬±¿ÍѤò¤·¤Ã¤«¤ê¹Í¤¨¤ÆÀ߷פµ¤ì¤Æ¤ª¤é¤º¡¢°ìÈÌŪ¤Ê¥µ¥¤¥È¤Ç¤ÏÂ礷¤¿¥»¥­¥å¥ê¥Æ¥£¾å¤Î¸ú²Ì¤¬Ìµ¤¤³ä¤Ë¡¢Ä¹´ü¤Î±¿ÍѤǥµ¡¼¥Ó¥¹¤òÄ󶡤Ǥ­¤Ê¤¯¤Ê¤ë´ü´Ö¤¬È¯À¸¤¹¤ë¥ê¥¹¥¯¤¬¹â¤¹¤®¤ë¤·¡¢¾ÚÌÀ½ñ¤Î¥³¥¹¥È¤â;·×¤Ë¤«¤«¤ë¤«¤é¤Ç¤¹¡£

¤ª¤½¤é¤¯¡¢HPKP¤Î±¿ÍѤˤĤ¤¤Æ¿¼¤¯Æͤùþ¤ó¤Ç¤«¤¤¤¿¡¢À¤³¦¤Ç¤Ï½é¤á¤Æ¤Î²òÀâ»ñÎÁ¤«¤Ê¤È»×¤¤¤Þ¤¹¡£¤´¾ÐǼ¤¯¤À¤µ¤¤w

2. HPKP¤¬À¸¤Þ¤ì¤¿ÇØ·Ê

2011ǯº¢¤«¤é¡¢Ç§¾Ú¶É¤òÂоݤˤ·¤¿¥µ¥¤¥Ð¡¼¹¶·â¤ä¡¢Ç§¾Ú¶É¤Î±¿ÍѾå¤ÎÉÔÈ÷¤Ê¤É¤Ç¡¢¹¶·â¤ËÍøÍѤ·¤ä¤¹¤¤Google¤äFacebook¤È¤¤¤Ã¤¿Í­Ì¾¥µ¥¤¥È¸þ¤±¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ(*.google.comÅù)¤ò¼èÆÀ¤µ¤ì¤Æ¤·¤Þ¤¦¤È¤¤¤¦»ö·ï¤¬Áý¤¨¤Æ¤­¤Þ¤·¤¿¡£Google¤òÅܤ餻¤Á¤ã¤Ã¤¿¤Î¤Ï2011ǯ¤Î¥ª¥é¥ó¥À¤Îǧ¾Ú¶ÉDigiNotar¤¬ÉÔÀµ¿¯Æþ¤ò¼õ¤±¡¢*.google.com¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ¤òȯ¹Ô¤µ¤ì¡¢¥¤¥é¥ó¤Î¥×¥í¥Ð¥¤¥À¤ÎÅðÄ°¤ä¹¶·â¤Ë»È¤ï¤ì¤¿¤È¤¤¤¦»ö·ï¤¬¤¢¤ê¤Þ¤·¤¿¡£
hpkp-digi
¤³¤Î¤è¤¦¤Ê»ö·ï¤òËɤ°¤¿¤á¤Ë¤Ï¡¢¥¦¥§¥Ö¥µ¥¤¥È¤ËÂФ·¤Æ¡¢¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤Î°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤¿¾ì¹ç¤Ë¡¢·Ù¹ð¤òȯ¤¹¤ë»ÅÁȤߤ¬É¬ÍפǤ¹¡£¤½¤³¤Ç³«È¯¤µ¤ì¤¿¤Î¤¬¡¢HPKP¤Ç¤¹¡£HPKP¤Ç¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¾ÚÌÀ½ñ¸ø³«¸°¤Î¥Ï¥Ã¥·¥å¤Î°ìÃפò³Îǧ¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢¥¦¥§¥Ö¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤Î°Õ¿Þ¤·¤¿¾ÚÌÀ½ñ¤«¤É¤¦¤«¸¡¾Ú¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
hpkp-hpkp1
jovi¤µ¤ó¤Î¥Ö¥í¥°¤Î1¾Ï¤ÇÇطʤȻÅÁȤߤò¤ï¤«¤ê¤ä¤¹¤¯²òÀ⤵¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¤½¤Á¤é¤â¤´Í÷失¤ì¤Ð¤È»×¤¤¤Þ¤¹¡£

3. HPKP¤Î»ÅÁȤß

HPKP¤Î¼ÂÁõÊýË¡¤Ë¤Ï2¤Ä¤ÎÊýË¡¤¬¤¢¤ê¤Þ¤¹¡£

  • 1) Google¡¢Facebook¡¢Twitter¤Ê¤É¤Îͭ̾¥µ¥¤¥È¸þ¤±¤Î¡¢Chrome¡¢Firefox¤Ê¤É¥Ö¥é¥¦¥¶¤ËÁȤ߹þ¤Þ¤ì¤¿¥Ô¥ó¤Î¥ê¥¹¥È(Preloaded Known Pinned Host List)¤È¾È¹ç¤¹¤ëÊýË¡
  • 2) HTTPS¤ÇÄÌ¿®¤¹¤ëºÝ¤Ë¡¢¥µ¡¼¥Ð¡¼¤«¤é¥Ô¥ó¾ðÊó¤ÎHTTP¥Ø¥Ã¥À¤ò¼èÆÀ¤·¡¢¤½¤ì¤ò¥Ö¥é¥¦¥¶¤ËÊݴɤ·¤Æ¤ª¤­¡¢°Ê¹ß¤ÎÄÌ¿®¤Ç¾È¹ç¤Ë»È¤¦ÊýË¡
1) ¤ÎÊýË¡¤Ï¡¢¥Ö¥é¥¦¥¶¤òºÇ¿·¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Ê¤é¤Ð²¿¤âÀßÄꤷ¤Ê¤¯¤Æ¤â¡¢Í­Ì¾¤Ê¥µ¥¤¥È¤Ë¤Ä¤¤¤Æ¤ÏHPKP¤ò»È¤Ã¤Æ°ÂÁ´¤ËÀܳ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£º£²ó¤Îµ­»ö¤ÇµÄÏÀ¤·¤¿¤¤¤Î¤Ï2)¤Î¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤¬ÀßÄꤹ¤ë¾ì¹ç¤Ë¤Ä¤¤¤Æ¤Ê¤Î¤Ç¡¢2)¤Î»ÅÁȤߤˤĤ¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
hpkp-sethead
¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ËÉÔÀµ¤Ê¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ËÀܳ¤µ¤»¤Ê¤¤¤¿¤á¤ÎHPKP HTTP¥Ø¥Ã¥À¤òÀßÄꤹ¤ë¤Î¤Ç¤¹¤¬¡¢¤³¤ì¤Ï¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHTTPSÀßÄê¤Ç»ÈÍѤ¹¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¤«¤éSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Þ¤Ç¤Î¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¸µ¤ËÀßÄꤷ¤Þ¤¹¡£HTTP¥Ø¥Ã¥À¤È¤½¤ÎÃͤνñ¼°¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
Public-Key-Pins: \ ¡¡¡¡pin-sha256="¥Á¥§¡¼¥óÃæ¤Î¸ø³«¸°¤Î¤É¤ì¤«¤ÎSHA256¥Ï¥Ã¥·¥åÃͤÎBase64"; \ ¡¡¡¡pin-sha256="¥Á¥§¡¼¥óÃæ¤Î¸ø³«¸°¤Î¤É¤ì¤Ë¤â°ìÃפ·¤Ê¤¤SHA256¥Ï¥Ã¥·¥åÃͤÎBase64"; \ ¡¡¡¡[pin-sha256="¤½¤Î¾¥Ï¥Ã¥·¥åÃÍ1"; ...; ] \ ¡¡¡¡max-age=¥Ö¥é¥¦¥¶¤Ë¤³¤ÎHPKP¥Ø¥Ã¥À¤¬Êݴɤµ¤ì¤ëÉÿô; \ ¡¡¡¡[includeSubDomain;] \¡¡¡¡¡¡¡¡¥µ¥Ö¥É¥á¥¤¥ó(example.com¤Ê¤ésub.example.com)¤âHPKP¤ÎÂоݤˤ¹¤ë¤« ¡¡¡¡[report-uri="JSON·Á¼°¤Î¥¨¥é¡¼¥ì¥Ý¡¼¥È¤¬POST¤µ¤ì¤ëURL"; ] [...]¤Ï¥ª¥×¥·¥ç¥ó
  • pin-sha256¤Ï¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤ò¸µ¤ËÀßÄꤷ¤Þ¤¹¤¬¡¢¤½¤ÎÀßÄêÊýË¡¤ä¹Í»¡¤Ë¤Ä¤¤¤Æ¤Ï¸å¤Ç½Ò¤Ù¤Þ¤¹¡£
  • max-age¤ÎÊݸ´ü´Ö¤ÏRFC¤Î4.1Àá¤Ç¹Í»¡¤·¤Æ¤ª¤ê60Æü(=5184000ÉÃ)¤¬Îɤ¤¤Î¤Ç¤Ï¡©¤È¤·¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤Î¹Í»¡¤â¸å¤Ç½Ò¤Ù¤µ¤»¤Æ²¼¤µ¤¤¡£
  • includeSubDmain¤Ï¡¢¥µ¥Ö¥É¥á¥¤¥ó¤Þ¤Ç´Þ¤á¤ë¤«¡¢Î㤨¤Ð example.com ¤ËHPKP¤òÀßÄꤷ¤¿¤é¡¢sub1.example.com¤â¡¢www1.sub2.example.com¤âHPKP¤ÎÂоݤˤ¹¤ë¤È¤¤¤¦¥Õ¥é¥°¤Ç¤¹¡£¸½»þÅÀ¤Ç»ý¤Ã¤Æ¤¤¤Ê¤¤¤Ê¤é°Â°×¤ËÀßÄꤷ¤Ê¤¤Êý¤¬Îɤ¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£
  • HPKP¤Ï¡¢CSP¤Ê¤É¤ÈƱÍͤˤ˥֥饦¥¶Â¦¤Ç¸¡¾Ú¤¹¤ë¤Î¤Ç¡¢¥µ¡¼¥Ð¡¼Â¦¤Ë¤Ï¥¨¥é¡¼¸¶°ø¤¬ÇÄ°®¤Ç¤­¤ºº¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£report-uri¤ò»È¤¨¤Ð¡¢¥Ö¥é¥¦¥¶¤ÇHPKP¤Î¥¨¥é¡¼¤¬È¯À¸¤·¤¿ºÝ¤Ë¡¢»ØÄꤷ¤¿URL¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ËJSON·Á¼°¤Î¥¨¥é¡¼¥ì¥Ý¡¼¥È¤òPOST¤¹¤ë¤³¤È¤ÇÁ÷¿®¤·¤Þ¤¹¤Î¤Ç¡¢ÀßÄê¾å¤ÎÌäÂê¤òÃΤë¤Î¤ËÌòΩ¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¡£Jxck¤µ¤ó¤Î¥Ö¥í¥°¤ÇÀßÄê¤ò»î¤·¤Æ¤ß¤¿¤È¤¤¤¦¾Ü¤·¤¤Êó¹ð¤¬¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¤´Í÷¤Ë¤Ê¤ë¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£¥Ö¥í¥°¤Ç¤â½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¥ì¥Ý¡¼¥È¤¬½ÐÎϤµ¤ì¤ë¾ò·ï¤¬¤è¤¯¤ï¤«¤é¤º¡¢¥Ö¥é¥¦¥¶¤ä¥Ð¡¼¥¸¥ç¥ó¤Ë¤â°Í¸¤¹¤ë¤è¤¦¤Ç¡¢»ä¤â¥ì¥Ý¡¼¥ÈÀ¸À®¤¬¤¦¤Þ¤¯¤Ç¤­¤Æ¤¤¤Þ¤»¤ó¡£
¤Þ¤¿¡¢HTTP¥Ø¥Ã¥À¤Ë¤Ä¤¤¤Æ "Public-Key-Pins" ¤Ç¤Ï¤Ê¤¯¡¢"Public-Key-Pins-Report-Only" ¤ÈÀßÄꤹ¤ì¤Ð¡¢¥Ö¥é¥¦¥¶¤Ç¤Ï¥¨¥é¡¼¤òȯÀ¸¤µ¤»¤ë¤³¤È¤Ê¤¯¡¢¥¨¥é¡¼¥ì¥Ý¡¼¥È¤Î¼ý½¸¤Ï¤Ç¤­¤Þ¤¹¤Î¤Ç¡¢¥Æ¥¹¥È¤ÎºÝ¤Ë¤³¤ì¤ò»È¤¦¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£

4. ¥Ô¥ó¤ÎÀßÄê¤Î¹Í»¡

pin-sha256°À­¤ò»È¤Ã¤Æ¥Ô¥ó¤òÀßÄꤹ¤ë¤³¤È¤Ë¤è¤ê¡¢¥µ¡¼¥Ð¡¼¥ª¡¼¥Ê¡¼¤¬°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤ë¤³¤È¤òËɤ°¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ ¥Ô¥ó¤ÎÃͤϡ¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¾ÚÌÀ½ñ¤Î²¿¤ì¤«¤Î¾ÚÌÀ½ñ¤Ë°ìÃפ¹¤ë¤â¤Î¤òºÇÄã°ì¤Ä¡¢ ¤É¤ì¤Ë¤â°ìÃפ·¤Ê¤¤¤â¤Î¤òºÇÄã°ì¤Ä¤Î·×2¤Ä°Ê¾å¤Ë¤è¤ê¹½À®¤µ¤ì¤Þ¤¹¡£
hpkp-intersect

4.1. ¥Ô¥ó¤ÎÃͤμèÆÀÊýË¡

¤µ¤Æ¡¢°ìÈÖ´Êñ¤Ê¥Ï¥Ã¥·¥åÃͤμèÆÀÊýË¡¤Ç¤¹¤¬¡¢¤¹¤Ç¤Ë¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHTTPSÀßÄ꤬´°Î»¤·¤Æ¤¤¤ë¤Ê¤é¤Ð¡¢Scott Helme»á¤ÎHPKP¥Ï¥Ã¥·¥å¤Î½êÆÀ¥Ú¡¼¥¸¤òÍøÍѤ¹¤ë¤Î¤¬Îɤ¤¤Ç¤¹¡£¼«Ê¬¤Î¤Ç¤â¾¿Í¤Î¤Ç¤âHTTPS¥µ¥¤¥È¤ÎURL¤òÆþÎϤ¹¤ì¤Ð¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î³Æ¾ÚÌÀ½ñ¤Î¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤò·×»»¤·¤Æ¤¯¤ì¤Þ¤¹¡£
index
SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤«¤é½ç¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Þ¤Ç¡¢¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤ¬

pin-sha256="hUIG87ch71EZQYhZBEkq2VKBLjhussUw7nR8wyuY7rY="
¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢¤É¤Î¥Ô¥ó¤ò»È¤¦¤Î¤«¤ò·è¤á¤ÆHTTP¥Ø¥Ã¥À¤ËÀßÄꤹ¤ë¤À¤±¤Ç¤¹¡£

°ì¤Ä¤Î¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤη׻»¤Ç¤¹¤¬¡¢¾ÚÌÀ½ñ¤«¤é¤Ç¤â¡¢¾ÚÌÀ½ñȯ¹ÔÍ×µá(CSR/PKCS#10)¤Ç¤â¡¢ ÈëÌ©¸°¤È¸°¥¢¥ë¥´¥ê¥º¥à¤Ë¤è¤Ã¤Æ¤Ï¸°¥Ñ¥é¥á¡¼¥¿¡¼¤«¤éÃê½Ð¤µ¤ì¤¿PKCS#8¸ø³«¸°¤«¤é¤Ç¤â¥Ï¥Ã¥·¥åÃͤò·×»»¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ ¤¿¤À¡¢¤¤¤í¤ó¤Ê¿Í¤Î¥Ö¥í¥°¤Ç¤Ï¡¢¤ï¤¶¤ï¤¶CSR¤òºî¤Ã¤Æ¤«¤é¥Ï¥Ã¥·¥åÃͤò·×»»¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢Æä˾ÚÌÀ½ñ¤Î¤Þ¤À̵¤¤¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Î¾ì¹ç¤Ë¤Ï¡¢ ¤½¤ó¤Ê¤³¤È¤ò¤·¤Ê¤¯¤È¤â¡¢¸ø³«¸°¤«¤é¥Ï¥Ã¥·¥å·×»»¤¹¤ë¤Î¤¬Îɤ¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£ Àè¤Û¤É¤ÈƱÍͤˡ¢Scott Helme»á¤Î¥Ä¡¼¥ë¤ÇPEM·Á¼°¤ÎPKCS#8¸ø³«¸°¡¢CSR¡¢X.509¾ÚÌÀ½ñ¤òÆþÎϤ¹¤ì¤Ð¡¢¥Ô¥ó¤Î¥Ï¥Ã¥·¥åÃͤò·×»»¤·¤Æ¤¯¤ì¤ë¥Ú¡¼¥¸¤¬¤¢¤ë¤Î¤Ç¡¢¤³¤ì¤ò»È¤¦¤Î¤¬´Êñ¤Ç¤¹¡£

¼êºî¶È¤Ç¥Ô¥ó¤ò¼èÆÀ¤¹¤ë¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤ò¼Â»Ü¤¹¤ì¤Ð¸ø³«¸°¤ÎSHA256¥Ï¥Ã¥·¥å¤Ç¤¢¤ë¥Ô¥ó¤ÎÃͤ¬¼èÆÀ¤Ç¤­¤Þ¤¹¡£Â¾¤Î²òÀâµ­»ö¤Ç¤Ï¡¢base64¥³¥Þ¥ó¥É¤ò»È¤Ã¤¿¤ê¡¢CSR¤ò¤¤¤Á¤¤¤ÁÀ¸À®¤¹¤ë¤Î¤ò¶¯À©¤µ¤»¤¿¤ê¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢¤³¤³¤Ç¾Ò²ð¤¹¤ëÊýË¡¤ÏOpenSSL¥³¥Þ¥ó¥É¤·¤«»È¤ï¤º¡¢¤¤¤í¤¤¤í¤Ê¥±¡¼¥¹¤ËÂбþ¤·¤Æ¡¢¥Ô¥ó¤Î¼èÆÀ¤¬¤Ç¤­¤ë¤è¤¦¤Ë¡¢Îã¤ò¼¨¤·¤Æ¤ª¤­¤Þ¤·¤¿¡£

X.509¾ÚÌÀ½ñ¤«¤ésubjectPublicKeyInfo¥Õ¥£¡¼¥ë¥É¤Ë¤¢¤ëPKCS#8¸ø³«¸°¤Î¥Ô¥ó¤ÎÆþ¼ê % openssl x509 -in PEM¾ÚÌÀ½ñ -pubkey -noout | openssl rsa -pubin -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= CSR¤«¤ésubjectPKInfo¥Õ¥£¡¼¥ë¥É¤Ë¤¢¤ëPKCS#8¸ø³«¸°¤Î¥Ô¥ó¤ÎÆþ¼ê % openssl req -in PEMCSR¥Õ¥¡¥¤¥ë -pubkey -noout | openssl rsa -pubin -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= PKCS#8ÈëÌ©¸°¤«¤é¥Ô¥ó¤ÎÆþ¼ê % openssl rsa -in PKCS#8ÈëÌ©¸° -pubout -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= PKCS#8¸ø³«¸°¤«¤é¥Ô¥ó¤ÎÆþ¼ê % openssl rsa -pubin -in PKCS#8¸ø³«¸° -pubout -outform DER | \ openssl dgst -sha256 -binary | openssl enc -base64 te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU= ÆÀ¤é¤ì¤¿Ãͤò pin-sha256="te4kc4F/5BhtIosKLOS9sy049x7a/LQHNRRG1WHfvyU=" ¤Î¤è¤¦¤Ë¥Ø¥Ã¥À¤ËÀßÄꤹ¤ë¡£
Ãͤò¼èÆÀ¤·¤¿¤é¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHTTP¥Ø¥Ã¥À¤ËÀßÄꤷ¤Þ¤¹¡£Î㤨¤Ð¡¢Apache HTTP Server¤Î¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Þ¤¹¡£
<VirtualHost _default_:443> ... Header set Public-Key-Pins \ "pin-sha256=\"MRnxhYBVCMAxZHwalTJ7ZVl6P2005lll4ttWr+RN1Ro=\"; \ pin-sha256=\"633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q=\"; \ max-age=2592000; \ report-uri=\"https://report.example.com\"" ... Æɤߤ䤹¤µ¤Î¤¿¤á¤Ë¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å¤È²þ¹Ô¤òÆþ¤ì¤Æ¤¤¤Þ¤¹¡£2592000ÉäÏ30Æü¤Ç¤¹¡£

4.2. ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ÎÁªÂò

HPKP¤Ç¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ò1¤Ä°Ê¾åÀßÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ËÜÀá¤Ç¤Ï¡¢¼¡¤Î2¤Ä¤Ëʬ¤±¤Æ¹Í»¡¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

  • 1) ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤Î¤É¤ì¤«°ì¤Ä¤Î¤ß¤òÁªÂò¤¹¤ë¾ì¹ç¤ÎÈæ³Ó¸¡Æ¤
  • 2) ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤Î2¤Ä°Ê¾å¡¢¤Þ¤¿¤ÏÁ´Éô¤òÁªÂò¤¹¤ë¾ì¹ç¤Î¹Í»¡

4.2. ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë°ìÃפ¹¤ë¥Ô¥ó¤ÎÁªÂò

¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ç¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¤è¤¦¤Ê3ÃʤξÚÌÀ½ñ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢ ÉÔÀµ¤Ê°Õ¿Þ¤·¤Ê¤¤¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¤Ê¤Ã¤Æ¤¤¤Ê¤¤¤«¤É¤¦¤«¸¡¾Ú¤¹¤ë¤¿¤á¤Ë¡¢ ¤É¤ì¤«°ì¤Ä¤Î¥Ô¥ó¤òÁª¤Ö¤È¤¹¤ì¤Ð¡¢¤É¤ì¤òÁª¤Ù¤ÐÎɤ¤¤Ç¤·¤ç¤¦¤«¡£ ¤³¤ì¤é3¤Ä¤Î¥±¡¼¥¹¤Ç¡¢¤½¤ì¤¾¤ìĹ½ê¡¢Ã»½ê¤¬¤¢¤ë¤Î¤Ç¡¢¹Í»¡¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£ SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤Æ¤Ï¡¢¿ôǯ¸å¾ÚÌÀ½ñ¹¹¿·¤ÎºÝ¤Ë»ÈÍѤ¹¤ë¸°¥Ú¥¢¤¬¤¢¤é¤«¤¸¤á·è¤Þ¤Ã¤Æ¤¤¤ë¾ì¹ç(=¸°»öÁ°À¸À®)¡¢·è¤Þ¤Ã¤Æ¤¤¤Ê¤¤¾ì¹ç(=¸°»öÁ°À¸À®¤Ê¤·)¤Î¥±¡¼¥¹¤Ëʬ¤±¤Æ¹Í»¡¤·¤Þ¤¹¡£

¾ÚÌÀ½ñĹ½êû½ê°ÂÁ´À­±¿ÍÑÉéô
­¡¥ë¡¼¥ÈCA¾ÚÌÀ½ñ
  • Í­¸ú´ü´Ö¤¬Ä¹¤¤¤¿¤á¥Ô¥óÊѹ¹¤ÎÉÑÅÙ¤¬¾¯¤Ê¤¯¤ÆºÑ¤à¡£¤ª¤½¤é¤¯10ǯÄøÅÙ¤ÏÊѹ¹ÉÔÍ×
  • ¥Ö¥é¥¦¥¶ÁȤ߹þ¤ß¤Î¥×¥ê¥í¡¼¥É¥Ô¥ó¤Ç¤Ï¥ë¡¼¥È¾ÚÌÀ½ñ¤ò»ÈÍÑ
  • ¸°¹¹¿·¸å¤Î¸ø³«¸°¤Ï»öÁ°¤Ë¤Ï¤ï¤«¤é¤º¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Ï»È¤¨¤Ê¤¤
  • ¿·¤·¤¤SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò¹ØÆþ¤·¤¿¾ì¹ç¤Ë¡¢Æ±¤¸¥ë¡¼¥Èǧ¾Ú¶É¤È¤Ï¸Â¤é¤º¡¢¤½¤ÎºÝ¤Ï¥Ô¥ó¤Î°Ü¹Ô¤¬É¬Í×
  • ¥ë¡¼¥È¾ÚÌÀ½ñÇÛ²¼¤Î¾ÚÌÀ½ñ¤Î¿ô¤ÏÈó¾ï¤Ë¿¤¯¡¢¤½¤Îǧ¾Ú¶É¤¬ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤òȯ¹Ô¤µ¤ì¤¿¾ì¹ç¤Ë¡¢¹¶·â¤òËɤ²¤Ê¤¤¥ê¥¹¥¯¤Ï¹â¤¤¡£Î㤨¤Ð¡¢¥·¥Þ¥ó¥Æ¥Ã¥¯¼Ò¤¬Google¤Ëµö²Ä¤Ê¤¯Google¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë»ö·ï¤¬¤¢¤Ã¤¿¡£
  • ¾ÚÌÀ½ñ¹¹¿·¤Ç¥ë¡¼¥ÈCA¤¬Êѹ¹¤Ë¤Ê¤ë²ÄǽÀ­¤ÏÄ㤤¤¬¡¢Êѹ¹¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢max-age¤ËÇÛθ¤·¤¿ÌÌÅݤʰܹԤ¬É¬ÍפDZ¿ÍÑÉé²Ù¤¬¹â¤¤
Äã¹â
­¢Ãæ´ÖCA¾ÚÌÀ½ñ
  • Í­¸ú´ü´Ö¤¬¤ä¤äŤ¤¤¿¤á¥Ô¥óÊѹ¹¤ÎÉÑÅÙ¤¬¼ã´³¾¯¤Ê¤¯¤ÆºÑ¤à¡£¤ª¤½¤é¤¯5ǯÄøÅÙ¤ÏÊѹ¹ÉÔÍ×
  • °ÂÁ´À­¤È±¿ÍÑÉéô¤ÎÌ̤ǥХé¥ó¥¹¤¬¼è¤ì¤Æ¤¤¤ë¤«¡©
  • ¥Ô¥ó¤¹¤ëÃæ´ÖCA¤Î¸ø³«¸°¤ËÊѹ¹¤¬¤Ê¤«¤Ã¤¿¾ì¹ç¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·¤ÏÈæ³ÓŪ³Ú
  • ¥Ô¥ó¤·¤Æ¤¤¤ëÃæ´ÖCA¤Î¸ø³«¸°¤¬¡¢¼¡²ó¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¹¹¿·»þ¤ËƱ¤¸¤Ç¤¢¤ë¤È¤¤¤¦ÊݾڤϤʤ¤¡£
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤¬Êѹ¹¤Ë¤Ê¤ë¥ê¥¹¥¯¤¬¤¢¤ë¤¬¡¢¤½¤ì¤¬»öÁ° ¼þÃΤµ¤ì¤Ê¤¤¤¿¤á¤Ë¡¢SSLÀܳÉÔ¶ñ¹ç¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¥ê¥¹¥¯¤¬¹â¤¤
  • Ãæ´ÖCA¾ÚÌÀ½ñ¤¬Êѹ¹¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Î°Ü¹Ô¤Ë·¸¤ë±¿ÍÑÉéô¤Ï¡¢²ó¿ô¤â¡¢ºî¶ÈÉé²Ù¤â Èó¾ï¤Ë¹â¤¤
  • Ʊ¤¸Ãæ´ÖCA¤«¤é¡¢ÉÔÀµ¤ËƱ¤¸¥É¥á¥¤¥ó¤ËÂФ¹¤ë¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤¿¾ì¹ç¤Ë¤â¸¡¾ÚÍ­¸ú¤È¤Ê¤Ã¤Æ¤·¤Þ¤¦¥ê¥¹¥¯¤¬¤¢¤ë¡£­¡¤è¤ê¤Ï¥ê¥¹¥¯¤ÏÄ㤤¤¬¡¢­£­¤¤è¤ê¤Ï¹â¤¤
  • ¾ÚÌÀ½ñ¹¹¿·¤ÇÃæ´ÖCA¤¬Êѹ¹¤Ë¤Ê¤ë²ÄǽÀ­¤Ï¤¢¤ëÄøÅÙ¤¢¤ê¡¢­¡¤è¤ê¤Ï³ÎΨ¤¬¹â¤¤¡£Êѹ¹¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢max-age¤ËÇÛθ¤·¤¿ÌÌÅݤʰܹԤ¬É¬ÍפDZ¿ÍÑÉé²Ù¤¬¹â¤¤
̾̾
­£SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ(¸°»öÁ°À¸À®)
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¡¢¥Ô¥ó¤·¤¿¸ø³«¸°¤Î¥Þ¥Ã¥Á¥ó¥°ÀßÄê¤Ë¼ºÇÔ¤¹¤ë²ÄǽÀ­¤¬Ä㤯¡¢HPKPÀßÄêÉÔÈ÷¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¤Î¥ê¥¹¥¯¤ÏºÇ¤âÄ㤤
  • HPKP¤ÎRFC¤Ç¤Ï¡¢(¤µ¤é¤Ã¤È´Êñ¤Ë¤Ç¤­¤ë¤È¼è¤ì¤ë¤è¤¦¤Êµ­½Ò¤¬¤µ¤ì¤Æ¤ª¤ê)¿ä¾©¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¼è¤ì¤ëÊýË¡
  • ÉÔÀµ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬»È¤ï¤ì¤ë¥ê¥¹¥¯¤Ï¡¢(ÈëÌ©¸°Ï³±Ì¤Î¥ê¥¹¥¯¤ò½ü¤±¤Ð)­¤¤ÈƱÄøÅ٤ˡ¢­¡­¢¤è¤ê¹â¤¤
  • ¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¡¢Êѹ¹¤µ¤ì¤ë¥Ô¥ó¤¬¤¢¤é¤«¤¸¤á¤ï¤«¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢(max-ageÆâ¤ËºÆÅÙ¾ÚÌÀ½ñ¹¹¿·¤ò¤¹¤ë¤³¤È¤ò¤·¤Ê¤±¤ì¤Ð)max-age¤ò¤¢¤Þ¤êµ¤¤Ë¤»¤º¤Ë¾ÚÌÀ½ñ¤Î¹¹¿·¤¬¤Ç¤­¤ë
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¡¢¸°¥Ú¥¢¤Î»öÁ°À¸À®¤¬²Äǽ¤Ê¤Î¤Ï¡¢OpenSSLÅù¤Ë¤è¤ê¼êºî¶È¤Ç¸°¥Ú¥¢À¸À®¤·¤¿¾ì¹ç¤Î¤ß¤Ç¤¢¤ê¡¢¾ÚÌÀ½ñ¤Îȯ¹Ô»þ¤Ë¡¢CSR¤ò¼«Á°¤ÇÀ¸À®¤¹¤ëɬÍפ¬¤Ê¤¯¡¢¥Ö¥é¥¦¥¶¤Î¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ç¼«Æ°Åª¤Ë¸°¥Ú¥¢À¸À®¤¹¤ë¤è¤¦¤Ê¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Î¾ì¹ç¤Ë¤Ï¡¢ËÜÊý¼°¤Ï»È¤¨¤Ê¤¤
  • Let's Encrypt¤Ï»È¤¨¤º¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¼«Æ°¹¹¿·¤Ë·¸¤ë±¿ÍÑÉéô¤Î·Ú¸º¤Ï¸«¹þ¤á¤Ê¤¤
  • ¸°¥Ú¥¢¤Ï°ìÈ̤ˡ¢¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¹Ô¤ï¤ì¤ë¤â¤Î¤À¤¬¡¢¤½¤ì¤ò2ǯÄøÅÙÁ°¤Ë¼Â»Ü¤¹¤ë¤³¤È¤Ë¤Ê¤ë¡£»öÁ°À¸À®¤·¤Æ¤ª¤¯¤È¡¢¤½¤Îʬ¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÈëÌ©¸°¤¬Ï³±Ì¤¹¤ë¥ê¥¹¥¯¤Ï¹â¤¯¡¢µ¡Ì©Êݴɤα¿ÍÑÉéô¤ÏÂ礭¤¤
  • ¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¤Ï¡¢¤½¤ì¤Ê¤ê¤ËÀßÄêÊѹ¹¤Ëµ¤¤ò»È¤¦É¬Íפ¬¤¢¤ë¡£¤Þ¤¿¡¢¤½¤Î²ó¿ô¤â2ǯ¼åÄøÅÙ¤ª¤­¤Ç¤¢¤ê¡¢±¿ÍÑÉéô¤ÏÈæ³ÓŪ¹â¤¤
̾̾
­¤SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ(¸°»öÁ°À¸À®¤Ê¤·)
  • Á´¤Æ¤ò¼«¸ÊÀ©¸æ¤Ç¤­¡¢ÀßÄêÉÔÈ÷¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¥ê¥¹¥¯¤Ï­£¤ÈƱÄøÅ٤˹⤤
  • ­£¤ËÈæ¤Ù¤ÆSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÈëÌ©¸°¤¬Ï³±Ì¤¹¤ë¥ê¥¹¥¯¤âÄ㤤
  • ÉÔÀµ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤¬»È¤ï¤ì¤ë¥ê¥¹¥¯¤Ï¡¢(ÈëÌ©¸°Ï³±Ì¤Î¥ê¥¹¥¯¤ò½ü¤±¤Ð)­¤¤ÈƱÄøÅ٤ˡ¢­¡­¢¤è¤ê¹â¤¤
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò»È¤¨¤ë´ü´Ö¤¬¡¢É¬¤º (max-age + ¦Á)¡ß2 ʬ¤À¤±¸º¤ë¡£2ǯʪ¾ÚÌÀ½ñ¤Î¾ì¹ç¡¢max-age¤ò2¥ö·î¤È¤·¤¿¾ì¹ç¡¢¥Æ¥¹¥È¤ä;͵¤â´Þ¤á4¡Á5¥ö·îÄøÅÙ¤Ïû¤¯¤Ê¤ë¤³¤È¤Ë¤Ê¤ê¡¢¾ÚÌÀ½ñ¤ÎÈñÍÑÉéô¤¬Áý¤¨¤ë
  • ¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤òmax-age+¦Á¤Ç¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤µ¤»¤ì¤Ð¡¢É¬¤ºmax-age¤ËÇÛθ¤·¤Ê¤¬¤é¥Ô¥ó¤ÎÊѹ¹¤ò¹Ô¤¦¤³¤È¤Ë¤Ê¤ë¡£±¿ÍѤÎÉéô¤Ï¤¢¤ë¤¬¡¢¥Ô¥ó¤¬Êѹ¹¤Ë¤Ê¤ë¤«Ç§¾Ú¶É¼¡Âè¤Ç¤É¤¦¤Ê¤ë¤«¤ï¤«¤é¤Ê¤¤­¡­¢¤ËÈæ¤Ù¤Æ¡¢É¬¤ºmax-age¤ËÇÛθ¤·¤¿¡¢¾ÚÌÀ½ñ¹¹¿·¡¢HPKPÀßÄêÊѹ¹¤Î¥¹¥±¥¸¥å¡¼¥ë¤¬ÁȤá¤ë¤Î¤Ç¡¢Äê·¿±¿ÍѤˤǤ­¤ë¤¿¤á±¿ÍѤο´ÍýŪÉéô¤Ï­¡­¢¤è¤ê¤Ï¼ã´³¾¯¤Ê¤¤
  • ¹âÃæ
    ¤Ç¤Ï¡¢­¡¡Á­¤¤Ç¤Ï¡¢²¿¤òÁªÂò¤¹¤ë¤«¤Ç¤¹¤¬¡¢¥Ö¥é¥¦¥¶ÁȤ߹þ¤ß¤Î¥Ô¥ó¤¬»È¤¨¤Ê¤¤°ìÈÌ¥µ¥¤¥È¤Î¾ì¹ç¤Ï¡¢ ­¢¡Á­£¤Î¤¤¤º¤ì¤«¤¬ÂÅÅö¤À¤È»×¤¤¤Þ¤¹¤¬¡¢¤É¤ì¤â±¿ÍѤÎÉéô¤ä¡¢¥µ¡¼¥Ó¥¹Äó¶¡ÉÔǽ¤Ë¤Ê¤ë¥ê¥¹¥¯¤¬¤¢¤ê¡¢ ¸Ä¿Í¤¬¥Æ¥¹¥ÈÌÜŪ¤ÇÀßÄꤹ¤ë¾ì¹ç¤Ï²¿¤Ç¤âÎɤ¤¤È¤·¤Æ¡¢ ¼«Ê¬¤¬¾¦ÍÑ¥µ¥¤¥È¤Î±¿ÍѤòǤ¤µ¤ì¤Æ¤¤¤ë¤Ê¤é¤Ð¡¢¤â¤Ã¤È¤â·üÇ°¤¹¤Ù¤­¤Ï Ĺ´ü´Ö¥µ¡¼¥Ó¥¹Äó¶¡ÉÔǽ¤Ë¤Ê¤ê¥¯¥ì¡¼¥à¤¬µ¯¤­¤ë¤³¤È¤Ê¤Î¤Ç¡¢ HPKP¤Ï»È¤ï¤Ê¤¤¤È¤¤¤¦È½ÃǤò¤¹¤ë¤È»×¤¤¤Þ¤¹¡£

    4.3. ¾ÚÌÀ½ñ¹¹¿·¤ÈHPKP¥Ø¥Ã¥À¤ÎÀßÄêÊѹ¹¤Î±¿ÍÑÊýË¡

    4.2Àá¤Ç¤Ï¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¤É¤³¤Ë¥Ô¥ó¤òÀßÄꤹ¤ë¤«¤Ç¡¢ ¤É¤Î¤è¤¦¤Ê°ã¤¤¤¬¤¢¤ë¤Î¤«¤Ë¤Ä¤¤¤Æ¹Í»¡¤·¤Þ¤·¤¿¡£

    ËÜÀá¤Ç¤Ï¡¢4.2Àá¤Î¹Í»¡¤ò¼õ¤±¤Æ¡¢ÀßÄêÉÔ¶ñ¹ç¤Ë¤è¤ë¥µ¡¼¥Ó¥¹ÍøÍÑÉÔǽ¤ò Ëɤ®¤Ê¤¬¤é¡¢HPKP¤ò»È¤Ã¤¿¥µ¥¤¥È¤Î¾ÚÌÀ½ñ¹¹¿·¡¢HPKP¥Ø¥Ã¥À¤ÎÊѹ¹¤ò¡¢¤É¤Î¤è¤¦¤Ë±¿ÍѤ¹¤ì¤Ð¤è¤¤¤Î¤«¤Ë¤Ä¤¤¤Æ ¹Í»¡¤·¤Þ¤¹¡£

    HPKP¤ò»È¤Ã¤¿¾ì¹ç¤Î¾ÚÌÀ½ñ¹¹¿·¤Î±¿ÍѤλÅÊý¤Ï4¤Ä¤Î¥±¡¼¥¹¤Ë¤ï¤±¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

    • a)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë³Îǧ¤·¡¢¥Ô¥ó¤ò¹Ô¤Ã¤Æ¤¤¤ë¸°¤ËÊѹ¹¤¬¤Ê¤¤¾ì¹ç
    • b)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¥Ô¥ó¤ò¹Ô¤¦¸ø³«¸°¤¬²¿¤ËÊѹ¹¤µ¤ì¤ë¤«¤ï¤«¤Ã¤Æ¤¤¤ë¾ì¹ç
    • c)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¥Ô¥ó¤ò¹Ô¤¦¸ø³«¸°¤¬²¿¤ËÊѹ¹¤µ¤ì¤ë¤«¤ï¤«¤é¤Ê¤¤¡¢¤â¤·¤¯¤ÏÊѹ¹¤¬ÌÀ¤é¤«¤À¤¬¡¢¹¹¿·¤ÎÁ°¸å¤Î¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤òmax-age + ¦Á¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤Ç¤­¤ë¾ì¹ç
    • d)¾ÚÌÀ½ñ¹¹¿·¤Îmax-age¤è¤êÁ°¤Ë¾ÚÌÀ½ñ¹¹¿·¤ÎÁ°¸å¤Ç¥Ô¥ó¤ò¹Ô¤¦¸ø³«¸°¤¬²¿¤ËÊѹ¹¤µ¤ì¤ë¤«¤ï¤«¤é¤Ê¤¤¡¢¤â¤·¤¯¤ÏÊѹ¹¤¬ÌÀ¤é¤«¤À¤¬¡¢¹¹¿·¤ÎÁ°¸å¤Î¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤òmax-age + ¦Á¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤Ç¤­¤Ê¤¤¾ì¹ç
    ¤³¤Î¤è¤¦¤ÊÀâÌÀ¤Ç¤Ï¡¢¶ñÂÎŪ¤Ê¥¤¥á¡¼¥¸¤¬¤ï¤«¤Ê¤¤¤È»×¤¤¤Þ¤¹¤Î¤Ç¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤Î¾ÚÌÀ½ñ¤Ëʬ¤±¤Æ¶ñÂÎÎã¤ò¼¨¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£
    • a-1) ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤ª¤ê¡¢¸ÜµÒ¥µ¥Ý¡¼¥È¤ËÌä¹ç¤»¤¿¤é¡¢¼¡²ó¡¢max-age¸å¤Î¾ÚÌÀ½ñ¹¹¿·¤Ç¤Ï¡¢»ÈÍѤ¹¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Ë¤ÏÊѹ¹¤¬¤Ê¤¤¤³¤È¤¬¤ï¤«¤Ã¤¿¾ì¹ç¡£(¸ÜµÒ¥µ¥Ý¡¼¥È¤Ë±³¤ò¤Ä¤«¤ì¤¿¤é¡¢°ìÉô¥æ¡¼¥¶¤Ë2¥ö·î(=max-age)¥µ¡¼¥Ó¥¹¾ã³²¤Ë¤Ê¤ë¥ê¥¹¥¯¤¢¤ê¡£)
      hpkp-move1
    • b-1) ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤ª¤ê¡¢¸ÜµÒ¥µ¥Ý¡¼¥È¤ËÌä¹ç¤»¤¿¤é¡¢¼¡²ó¡¢max-age¸å¤Î¾ÚÌÀ½ñ¹¹¿·¤Ç¤Ï¡¢»ÈÍѤ¹¤ë¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤¬¤É¤ì¤ËÊѹ¹¤µ¤ì¤ë¤«¶µ¤¨¤Æ¤â¤é¤¨¤¿¾ì¹ç¡£¤â¤·¤¯¤Ï¥µ¥Ý¡¼¥È¥Ú¡¼¥¸¤Ê¤É¤Ç¹ðÃΤµ¤ì¤Æ¤¤¤ë¾ì¹ç¡£¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÎÊѹ¹¡¢EV¤Ø¤ÎÊѹ¹¤Ê¤É¤âƱÍÍ¡£
      hpkp-move-b1
    • b-2) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤ª¤ê¡¢OpenSSLÅù¤Ç¼¡²ó¤Î¾ÚÌÀ½ñ¹¹¿·¤Ç»ÈÍѤ¹¤ë¸°¥Ú¥¢¤¬¤¹¤Ç¤Ë»öÁ°À¸À®¤µ¤ì¡¢Êݴɤµ¤ì¤Æ¤¤¤ë¾ì¹ç
      hpkp-move-b2
    • c-1) ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢¼¡²ó¾ÚÌÀ½ñ¹¹¿·¸å¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤ÎÊѹ¹¤Ë¤Ä¤¤¤Æ¡¢¸ÜµÒ¥µ¥Ý¡¼¥È¤«¤é¤Î²óÅú¤¬ÆÀ¤é¤ì¤º¡¢Êѹ¹¤µ¤ì¤ë¤«¤É¤¦¤«È½ÃǤ¬¤Ä¤«¤Ê¤¤¤¿¤á¡¢»ÅÊý¤Ê¤¯¡¢¾ÚÌÀ½ñ¹¹¿·¤òmax-age + ¦ÁÁ°¤Ë¼Â»Ü¤·¤ÆÍ­¸ú´ü´Ö¤ò½Å¤Í¤ë¤è¤¦»öÁ°¾ÚÌÀ½ñȯ¹Ô¤·¤¿¤é¡¢¤ä¤Ï¤ê¥ë¡¼¥È¾ÚÌÀ½ñ¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤ÏÊѹ¹¤Ë¤Ê¤Ã¤Æ¤¤¤¿¾ì¹ç(Êѹ¹¤¬¤Ê¤±¤ì¤Ða-1¤Î¥±¡¼¥¹¤È¤Ê¤ë¡£)
      hpkp-move-c1
    • c-2) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢OpenSSL¤ò»È¤ï¤º¡¢¥Ö¥é¥¦¥¶¤Îµ¡Ç½¤Ç¸°¥Ú¥¢À¸À®¤¹¤ë¥¿¥¤¥×¤Îǧ¾Ú¶É¤Ç¤¢¤ë¤¿¤á¡¢»öÁ°¤Ë¹¹¿·¸å¤Î¸ø³«¸°¤Ï¤ï¤«¤é¤º¡¢¾ÚÌÀ½ñ¹¹¿·¤òmax-age + ¦ÁÁ°¤Ë¼Â»Ü¤·¤ÆÍ­¸ú´ü´Ö¤ò½Å¤Í¤ë¤è¤¦»öÁ°¾ÚÌÀ½ñȯ¹Ô¤Ç¤­¤ë¾ì¹ç
      hpkp-move-c2
    • c-3) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢HSMµ¡Ç½¤ò»È¤¦SSL¥¢¥¯¥»¥é¥ì¡¼¥¿¡¼¤ò»È¤Ã¤Æ¤ª¤ê¡¢»öÁ°¤Ë¹¹¿·¸å¤Î¸ø³«¸°¤Ï¤ï¤«¤é¤º¡¢¾ÚÌÀ½ñ¹¹¿·¤òmax-age + ¦ÁÁ°¤Ë¼Â»Ü¤·¤ÆÍ­¸ú´ü´Ö¤ò½Å¤Í¤ë¤è¤¦»öÁ°¾ÚÌÀ½ñȯ¹Ô¤Ç¤­¤ë¾ì¹ç¡£°Ü¹Ô¤Î¿Þ¤Ïc-2¤ÈƱ¤¸¤Ë¤Ê¤ê¤Þ¤¹
    • d-1) SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤷ¤Æ¤¤¤ë¤¬¡¢Let's Encrypt¤ä°ìÉô¤Îǧ¾Ú¶É¤Î¤è¤¦¤Ë¡¢¾ÚÌÀ½ñ¹¹¿·¸å¡¢Á°¤Î¾ÚÌÀ½ñ¤Ï¨»þ¤Ë¼º¸ú½èÍý¤¬¤µ¤ì¡¢max-age + ¦Á¤Î´ü´Ö¤ÎÍ­¸ú´ü´Ö¤Î¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤¬¤Ç¤­¤Ê¤¤¾ì¹ç
      hpkp-move-d1
    ¼«Ê¬¤Î±¿ÍѤ¬¤É¤Î¥±¡¼¥¹¤Ë¤¢¤Æ¤Ï¤Þ¤ë¤«¡¢¾åµ­¤ÎÀâÌÀ¤Ç¤ï¤«¤Ã¤¿¤Ç¤·¤ç¤¦¤«¡£¤µ¤Æ¡¢a¡Ád¤Î¥±¡¼¥¹¤Ç¡¢¤É¤Î¤è¤¦¤ËÂбþ¤¹¤ë¤«¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£
    • a¤ÎÂбþ) ¾ÚÌÀ½ñ¹¹¿·¤ËºÝ¤·¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHPKP¥Ø¥Ã¥À¤ÎÀßÄê¤ÏÊѹ¹¤·¤Ê¤¯¤Æ¤è¤¤
    • b¤ÎÂбþ) max-age¤ò¤Ï¤¢¤Þ¤êµ¤¤Ë¤»¤º¡¢¾ÚÌÀ½ñ¹¹¿·¸å¤Î¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Î¾ÚÌÀ½ñÀßÄê¡¢HPKP¥Ø¥Ã¥À¤òÀßÄêÊѹ¹¤·¤Æ¤è¤¤
    • c¤ÎÂбþ) ¤â¤Ã¤È¤â¿À·Ð¤ò¸¯¤¦¡¢max-age¤ËÇÛθ¤·¤¿¡¢¾ÚÌÀ½ñ¹¹¿·¡¢HPKP¥Ø¥Ã¥ÀÀßÄ꤬ɬÍס£¾ÚÌÀ½ñ¤Î¹¹¿·¤ÎÁ°¸å¤Ç¡¢Í­¸ú´ü´Ö¤Î¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤¬É¬Í×
    • d¤ÎÂбþ) ¤³¤Î¥±¡¼¥¹¤Ç¤ÏHPKP¤Ï»È¤¨¤Ê¤¤¡£Â¾¤Î¾ÚÌÀ½ñ¡¢¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ø¤Î¥Ô¥óÀßÄê¤ÎÊѹ¹¤ò¸¡Æ¤¤¹¤ëɬÍפ¬¤¢¤ë¡£»È¤Ã¤Æ¤â¡¢°ìÉô¥æ¡¼¥¶¤Ë¥µ¡¼¥Ó¥¹ÀܳÉÔǽ¾ã³²¤¬max-ageÄøÅÙȯÀ¸¤¹¤ë¡£
    ¤É¤ó¤Ê¾ÚÌÀ½ñ¹¹¿·¡¢HPKP¥Ø¥Ã¥ÀÀßÄê¤Î°Ü¹Ô¤ò¹Ô¤¦¤Ë¤·¤Æ¤â¡¢¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü¸Â¡¢max-age¡¢ÈëÌ©¸°¤ÎÊݴɤʤɡ¢ÍÍ¡¹¤Ê¤³¤È¤Ëµ¤¤ò¸¯¤¤¤Ê¤¬¤é¡¢°Ü¹Ô·×²è¤òΩ¤Æ¡¢°Ü¹Ô¤·¤Ê¤¤¤È¤Ê¤é¤º¡¢¤­¤Á¤ó¤È¹Í¤¨¤Ê¤¤¤ÈĹ´ü¤Î¥µ¡¼¥Ó¥¹¾ã³²È¯À¸¤¹¤ë¤È¤¤¤¦±¿ÍѾå¤ÎÉéô¤ä¥ê¥¹¥¯¤ÏÂ礭¤¤¤È»×¤¤¤Þ¤¹¡£

    4.4. ¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤È¤¤¤¦Ì¿Ì¾¤Î¤¤¤±¤Æ¤Ê¤µ

    Àè¤Ë½Ò¤Ù¤¿¤è¤¦¤Ë¡¢²¿¤«°ì¤Ä¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤È¤Ï¥Þ¥Ã¥Á¤·¤Ê¤¤¥Ô¥ó¤òɬ¤º´Þ¤á¤Ê¤±¤ì¤Ð¤¤¤±¤Þ¤»¤ó¡£SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤ò¤¹¤ë¾ì¹ç¤Ï¡¢¸½ºß»È¤Ã¤Æ¤¤¤ëSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÈëÌ©¸°¤ËÂФ·¤Æ¡¢¾­Íè¡¢¾ÚÌÀ½ñ¹¹¿·¤Ç»È¤¦Í½Äê¤ÎÈëÌ©¸°¤â»öÁ°¤ËÀ¸À®¤·¤Æ¤ª¤±¤ë¤Ê¤é¡¢¤½¤Î¸ø³«¸°¤ò¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤È¤·¤ÆÀßÄꤷ¤Æ¤ª¤±¤Ð¡¢¤Þ¤µ¤·¤¯¥Ð¥Ã¥¯¥¢¥Ã¥×¤È¤·¤Æ»ÈÍѤǤ­¡¢(¸å½Ò¤ÎÌäÂꤢ¤ê¤¢¤ê¤Ç¤¹¤¬)¥¹¥à¡¼¥¹¤Ê¾ÚÌÀ½ñ¤È¥Ô¥ó¤Î°Ü¹Ô¤¬²Äǽ¤Ç¤¹¡£

    ¤·¤«¤·¤Ê¤¬¤é¡¢ÈëÌ©¸°¤ò°Ü¹ÔÀè¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¤È¤·¤Æ»öÁ°À¸À®¤·¤Æ¤ª¤­¡¢¤³¤ì¤¬ÍøÍѤǤ­¤ë¤È¤¤¤¦¥±¡¼¥¹¤Ï¥ì¥¢¥±¡¼¥¹¤Ç¤¹¡£Î㤨¤Ð°Ê²¼¤Î°ìÈ̤˵¯¤³¤ê¤¦¤ë¥±¡¼¥¹¤Ç¤Ï¡¢¾ÚÌÀ½ñ¹¹¿·¤ÎºÝ¤Ë¡¢¤½¤Î»öÁ°À¸À®¤·¤¿ÈëÌ©¸°¤ò»ÈÍѤ¹¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£

    CA¾ÚÌÀ½ñ¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×Pin
    ǧ¾Ú¶É¤¬¹Ô¤¦¾ÚÌÀ½ñ¹¹¿·¤â¤·¤¯¤Ï¸°¹¹¿·¤Ë¤ª¤¤¤Æ¡¢»öÁ°¤Ë°Ü¹ÔÀè¤ÎÈëÌ©¸°¤¬Â¸ºß¤¹¤ë¤È¤¤¤¦¤³¤È¤â¤¢¤ê¤Þ¤»¤ó¤·¡¢°Ü¹ÔÀè¤Î¸ø³«¸°¤ÎPin¤ò¥æ¡¼¥¶¤Ë¸ø³«¤·¤Æ¤¯¤ì¤ëǧ¾Ú¶É¤â¤¢¤ê¤Þ¤»¤ó¡£
    HSM¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×
    ǧ¾Ú¶É¤äSSL¥¢¥¯¥»¥é¥ì¡¼¥¿¡¼¤ò»È¤Ã¤Æ¤¤¤ë¥±¡¼¥¹¤Ç¤Ï¡¢ÈëÌ©¸°¤ò¼è¤ê½Ð¤·ÉÔ²Äǽ¤Ê¥Ï¡¼¥É¥¦¥§¥¢¥»¥­¥å¥ê¥Æ¥£¥â¥¸¥å¡¼¥ë(HSM)¤Ç´ÉÍý¤¹¤ë¤Î¤¬°ìÈÌŪ¤Ç¤¹¡£HSM¤ò»ÈÍѤ·¤¿¸°¹¹¿·¡¢¾ÚÌÀ½ñ¹¹¿·¤Ç¤Ï¡¢»öÁ°¤ËÈëÌ©¸°¤ò´ö¤Ä¤«À¸À®¤·¤Æ¤ª¤­¡¢¹¹¿·»þ¤Ë¤½¤ì¤ò»ØÄꤷ¤Æ¹¹¿·¤Ë»ÈÍѤ¹¤ë¤È¤¤¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£¹¹¿·»þ¤Ë¤Ï¡¢¿·¤¿¤Ë¸°¥Ú¥¢¤òÀ¸À®¤·¤Æ¡¢¤³¤ì¤ò»ÈÍѤ·¤Þ¤¹¡£¤³¤Î¤¿¤á¤Ë¡¢Ç§¾Ú¶É¤Ç¤Ï¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤ò¸ø³«¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¤Î¤Ç¤¹¡£
    ¥¦¥§¥Ö²èÌ̤Ǹ°¥Ú¥¢À¸À®¤·¤ÆSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñȯ¹Ô¤¹¤ëǧ¾Ú¶É¤Î¾ì¹ç
    ǧ¾Ú¶É¤Ë¤è¤Ã¤Æ¤Ï¡¢¥¦¥§¥Ö¥Ö¥é¥¦¥¶¤Îµ¡Ç½¤ò»ÈÍѤ·¤Æ¡¢¥Ü¥¿¥ó¤ò²¡¤»¤Ð¼«Æ°¤Ç¸°¥Ú¥¢À¸À®¤ò¹Ô¤¤¡¢¤³¤ì¤òÍѤ¤¤Æ¾ÚÌÀ½ñ¤òȯ¹Ô¤·¡¢¿·¤·¤¤¾ÚÌÀ½ñ¤ò³ÊǼ¤¹¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£¤½¤Î¤è¤¦¤Êǧ¾Ú¶É¤Ç¤Ï¡¢»öÁ°¤ËÀ¸À®¤·¤Æ¤ª¤¤¤¿¸°¤òȯ¹Ô»þ¤Ë»ÈÍѤ¹¤ë¤È¤¤¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£
    Let's Encrypt¤ò»È¤¦¾ì¹ç
    ̵ÎÁ¤ÇÀ¤³¦°ì¤Îȯ¹Ô¿ô¤ò¸Ø¤ë¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Ç¤¢¤ëLet's Encrypt¤Ç¤Ï¡¢¾ÚÌÀ½ñ¤Îȯ¹Ô¥×¥í¥»¥¹¤¬¥¹¥¯¥ê¥×¥È¤Ë¤è¤ê¼«Æ°²½¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤³¤ì¤â¾ÚÌÀ½ñ¤Î¹¹¿·»þ¤Ë¤Ï¼«Æ°¤Ç¸°¥Ú¥¢À¸À®¤µ¤ì¤ë¤Î¤Ç¡¢»öÁ°¤ËÀ¸À®¤·¤Æ¤¤¤¿¸°¥Ú¥¢¤ò»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£
    ËÜÅö¤Î°ÕÌ£¤Ç¤Î¡Ö¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¡×¤¬»È¤¨¤ë¤Î¤Ï¡¢°Ê²¼¤Î¾ì¹ç¤Ë¤Î¤ß²Äǽ¤Ç¤¢¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
    • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ËÂФ·¤ÆPin¤ò¤¹¤ë¾ì¹ç¤Ç¡¢¤«¤Ä¡¢
    • OpenSSL¤Ê¤É¤Î¥³¥Þ¥ó¥É¤Ç¸°¥Ú¥¢À¸À®¤·¡¢¥Þ¥Ë¥å¥¢¥ë¤Ç¾ÚÌÀ½ñȯ¹ÔÍ×µá¤òÀ¸À®¤·¤Æ¡¢¾ÚÌÀ½ñȯ¹Ô¤·¤Æ¤â¤é¤¨¤ëǧ¾Ú¶É¤ò»ÈÍѤ¹¤ë¾ì¹ç
    ½¾¤Ã¤Æ¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ë¥Þ¥Ã¥Á¤·¤Ê¤¤¤â¤Î¤ò¡¢¡Ö¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¡×¤È¸Æ¤Ö¤Î¤Ï¡¢¾å½Ò¤Î¤Û¤È¤ó¤É¤Î¥±¡¼¥¹¤ÇŬÀڤǤʤ¤¤Î¤Ç¡¢Ì¾¾Î¤Ë¤ÏÌäÂ꤬¤¢¤ë¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£

    4.5. CA¸°¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ô¥ó¤Î¥ª¥¹¥¹¥á¤ÎÃÍ

    ¥ë¡¼¥È¾ÚÌÀ½ñ¤äÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÀßÄꤹ¤ë¾ì¹ç¡¢ °ìÃפ·¤Ê¤¤¥Ô¥ó¤Ï¡¢¾­Íè¤Î¹¹¿·À褬¤ï¤«¤é¤Ê¤¤¾ì¹ç¤Ë¤Ï²¿¤Ç¤â¤è¤¯¡¢ ¤µ¤é¤Ë¤Ï¡¢ËÜʪ¤Î¸ø³«¸°¤Î¥Ï¥Ã¥·¥å¤Ç¤¢¤ëɬÍפ⤢¤ê¤Þ¤»¤ó¡£ SHA256¤Ê¤Î¤Ç¡¢Ã±¤Ë32¥Ð¥¤¥È¤ÎÃͤǤ¢¤ì¤Ð²¿¤Ç¤âÎɤ¤¤ï¤±¤Ç¤¹¡£

    ¤¿¤À¡¢HPKP¥Ø¥Ã¥À¤Ç°ì¸«¤·¤Æ°ìÃפ·¤Ê¤¤¥Ô¥ó¤À¤È¤ï¤«¤Ã¤¿¤Û¤¦¤¬¡¢ ¸í¤Ã¤Æºï½ü¤¹¤ë¤Ê¤É¤Î±¿Íѥߥ¹¤òËɤ°°ÕÌ£¤Ç¤âÎɤ¤¤È¹Í¤¨¤Æ¤ª¤ê¡¢ ¤½¤³¤Ç¡¢¥ª¥¹¥¹¥á¤·¤¿¤¤¤Î¤¬¡¢°Ê²¼¤ÎÃͤǤ¹¡£

    pin-sha256="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; ¤³¤ì¤Ï¡¢16¿Ê¿ô¤Ç 0000000000000000000000000000000000000000000000000000000000000000 (32¥Ð¥¤¥È)
    ¤È¤Ê¤ê¤Þ¤¹¡£Î®¹Ô¤ë¤È¤¤¤¤¤Ê¤È»×¤Ã¤Æ¤¤¤Þ¤¹w

    4.6. ¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤ÇÊ£¿ô¥Ô¥ó¤ò¤Ä¤±¤Æ¤â°ÕÌ£¤Ï¤Ê¤¤

    ¤³¤ì¤Þ¤Ç¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤È°ìÃפ¹¤ë¥Ô¥ó¤Î¿ô¤Ï1¤Ä¤òÁ°Äó¤ËµÄÏÀ¤·¤Æ¤­¤Þ¤·¤¿¤¬¡¢ ¤³¤ì¤òÊ£¿ô¡¢Î㤨¤Ð¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤È¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤È¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¥Ô¥ó¤ò°ìÃפµ¤»¤¿¾ì¹ç¤Ë¤Ï¡¢ ¤É¤¦¤Ê¤ë¤Î¤«¤ò¹Í»¡¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

    ¤Þ¤º¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÂǤäơ¢¼¡¤ËÃæ´ÖCA¾ÚÌÀ½ñ¡¢¼¡¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥Ô¥ó¤òÄɲ䷤Ƥ¤¤¯ ¤³¤È¤ò¹Í¤¨¤Æ¤Þ¤·¤ç¤¦¡£ Ʊ¤¸¸°¥Ú¥¢¤òÊ£¿ô¤Îǧ¾Ú¶É¤«¤é¤Î¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñȯ¹Ô¤Ç»ÈÍѤ·¤Ê¤¤¤È¤¤¤¦¡¢Åö¤¿¤êÁ°¤Î»ö¤òÁ°Äó¤È¤·¤Þ¤¹¡£ SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¥Ô¥ó¤òÂǤĻö¤¬ºÇ¤â¡¢ÈϰϤ¬¸ÂÄêŪ¤Ç¥Ë¥»HTTPS¤ËÂФ¹¤ë ºÇ¤â¶¯¤¤Âкö¤Ç¤¢¤ë¤È¡¢4.2Àá­£­¤¤Ç½Ò¤Ù¤Þ¤·¤¿¡£

    ¤½¤³¤ËÃæ´ÖCA¾ÚÌÀ½ñ¤Î°ìÃפ¹¤ë¥Ô¥ó¤ò­¤·¤Æ¤ß¤¿¤é¤É¤¦¤Ç¤·¤ç¤¦¤«¡£¥Ô¥ó¤ÇÆÃÄꤹ¤ë¾ÚÌÀ½ñ¤ÎÈϰϤÏÁ´¤¯ÊѤï¤ê¤Þ¤»¤Î¤Ç¡¢Ãæ´ÖCA¾ÚÌÀ½ñ¤Î¥Ô¥ó¤ò­¤¹¤³¤È¤Ç¡¢¥Ë¥»HTTPS¥µ¥¤¥Èºî¤ê¤¬Æñ¤·¤¯¤Ê¤Ã¤¿¤ê¤Ï¤»¤º¡¢¥»¥­¥å¥ê¥Æ¥£¤Î¶¯ÅÙ¤â¾å¤¬¤ê¤Þ¤»¤ó¡£¤Þ¤¿¡¢±¿ÍÑÌ̤Ǥϡ¢¥Ô¥ó¤Î°ìÃפÎÇÛ褬¥Ô¥ó°ì¤Ä¤ÈÈæ¤Ù¤ÆÆñ¤·¤¯¡¢¤Þ¤¿¡¢¥¦¥§¥Ö¥µ¥¤¥È¥ª¡¼¥Ê¡¼¤À¤±¤Ç´ÉÍý¤Ç¤­¤Ê¤¤ÈϰϤȤʤë¤Î¤Ç¾ÚÌÀ½ñ¤ä¥Ô¥ó¥Ø¥Ã¥ÀÊѹ¹¤Î±¿ÍѤϳÊÃʤËÊ£»¨¤ÇÌÌÅݤˤʤê¤Þ¤¹¡£¤³¤ì¤ËÂФ·¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥Ô¥ó¤ò²Ã¤¨¤¿¾ì¹ç¤Ç¤âÁ´¤¯Æ±¤¸¤³¤È¤Ç¤¹¡£¥»¥­¥å¥ê¥Æ¥£¶¯Å٤Ͼ夬¤é¤º¡¢°Ü¹Ô¤Î±¿ÍѤÏÊ£»¨¤Ë¤Ê¤ë¤Î¤Ç¤¹¡£
    hpkp-multipin

    ½¾¤Ã¤Æ¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥óÃæ¤ÇÊ£¿ô¤Î¥Ô¥ó¤ò¤Ä¤±¤Æ¤â°ÕÌ£¤¬¤Ê¤¯¡¢¤«¤¨¤Ã¤Æ±¿ÍѤ¬Ê£»¨¤Ë¤Ê¤ë¤À¤±¤Ê¤Î¤Ç¡¢»ß¤á¤¿¤Û¤¦¤¬¤è¤¤¤È¤¤¤¦¤³¤È¤¬¸À¤¨¤Þ¤¹¡£

    4.7. Ʊ¤¸CA¾ÚÌÀ½ñ¤ËPin¤·Â³¤±¤ë¾ì¹ç¤Î²ÝÂê

    º£¸åÅöÌ̤ϡ¢Æ±¤¸¥ë¡¼¥Èǧ¾Ú¶É¡¢Ãæ´Öǧ¾Ú¶É¤«¤éȯ¹Ô¤·¤Æ¤â¤é¤¦¾ì¹ç¤Ë¡¢¤½¤Îǧ¾Ú¶É¤Î¾ÚÌÀ½ñ¤Î¸ø³«¸°¤ËPin¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤½¤Î¾ì¹ç¤Ë¤Ï¡¢¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤Ï¡¢Ç§¾Ú¶É¤«¤é°Ü¹ÔÀè¤ÎPin¤ò¶µ¤¨¤Æ¤â¤é¤¨¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¤Ê¤ó¤Ç¤âŬÅö¤ÊÃͤÇÎɤ¤¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£¸ø³«¸°¤Î¥Ï¥Ã¥·¥å¤Ç¤¢¤ëɬÍפâ¤Ê¤¯¡¢32¥Ð¥¤¥È¤ÎÃͤÎBase64ɽ¸½¤Ç¤¢¤ì¤Ð(¾×Æͤ·¤Ê¤±¤ì¤Ð)²¿¤Ç¤âÎɤ¤¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£

    ¤¿¤À¤·¡¢¡ÖÅöÌ̤ϡפȽñ¤­¤Þ¤·¤¿¤¬¡¢SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë»ÈÍѤ·¤Æ¤¤¤¿Ãæ´Öǧ¾Ú¶É¤¬¡¢¼¡¤Î¾ÚÌÀ½ñȯ¹Ô»þ¤Ë¤âƱ¤¸Ãæ´Öǧ¾Ú¶É¡¢Æ±¤¸¸ø³«¸°¤Ç¤¢¤ë¤È¤¤¤¦Êݾڤ¬¤¢¤ê¤Þ¤»¤ó¡£°Ê²¼¤ÎÍýͳ¤Ë¤è¤ê¡¢Æ±¤¸Ãæ´ÖCA¾ÚÌÀ½ñ¤¬»È¤ï¤ì¤Ê¤¤²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£

    • Ãæ´ÖCA¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü¸Â¤Ï¡¢5ǯ¤«¤é10ǯÄøÅ٤Ǥ¹¡£¤½¤ÎÍ­¸ú´ü¸Â¤ÎȾʬÄøÅÙ¤«¤é¡¢ºÇŤǤâ2¡¢3ǯ¤ò»Ä¤·¤Æ¡¢¤½¤ÎÃæ´Öǧ¾Ú¶É¤«¤é¤Ï¾ÚÌÀ½ñ¤¬È¯¹Ô¤µ¤ì¤Ê¤¯¤Ê¤ê¡¢ÍøÍѼԤÏÊ̤ÎCA¤«¤é¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤â¤é¤¦¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
    • ¾ÚÌÀ½ñ¤Îȯ¹Ô¿ôËç¿ô¤¬Â¿¤¯¤Ê¤ë¤È¡¢¤½¤ì¤À¤±¡¢¾ÚÌÀ½ñ¼º¸ú¥ê¥¹¥È(CRL)¤Î¥µ¥¤¥º¤âÂ礭¤¯¤Ê¤ê¤Þ¤¹¤Î¤Ç¡¢°ì¤Ä¤ÎÃæ´ÖCA¤«¤éȯ¹ÔËç¿ô¤òÀ©¸Â¤·¤Æ¡¢°Ê¹ß¤Î¾ÚÌÀ½ñȯ¹Ô¤Ï¡¢¿·¤·¤¤Ãæ´ÖCA¤«¤éȯ¹Ô¤µ¤»¤ë¥±¡¼¥¹¤¬¤¢¤ê¤Þ¤¹¡£
    • ¶áǯ¡¢Ç§¾Ú¶É¤Î±¿ÍѾå¤ÎÉÔÈ÷¡¢¥µ¥¤¥Ð¡¼¹¶·â¤Ê¤É¤«¤é¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹Á´ÂΤ䡢ÆÃÄê¤ÎÃæ´ÖCA¤¬±¿ÍÑÄä»ß¡¢¥µ¡¼¥Ó¥¹½ªÎ»¤Ë¤Ê¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
    ¤³¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¤Ï¡¢Æ±¤¸Ãæ´ÖCA¤ÎPin¤ò»È¤¦¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£

    Í­¸ú¤ÊPin¤òÀßÄꤷ¤¿Æ±¤¸¥ë¡¼¥ÈCA¤â¤·¤¯¤ÏÃæ´ÖCA¤«¤é¡¢¿·¤·¤¤¾ÚÌÀ½ñ¤¬È¯¹Ô¤·¤Æ¤â¤é¤¨¤Ê¤¤¤È¤ï¤«¤Ã¤¿ºÝ¤Ë¡¢Ê̤ξÚÌÀ½ñ¤Î°Ü¹Ô¤Ï¡¢¤¹¤°¤Ë¤Ï¤Ç¤­¤º¡¢max-age¤Ç»ØÄꤷ¤¿´ü´Ö¡¢°ìÈ̤ˤÏ1¥ö·î¤«¤é1ǯÄøÅ٤ϡ¢¾ÚÌÀ½ñ¤ÎÆþ¤ìÂؤ¨¤¬¤Ç¤­¤Þ¤»¤ó¡£ºÇ°­¤Î¾ì¹ç¡¢¤½¤Î´ü´Ö¡¢Í­¸ú¤ÊHTTPSÄÌ¿®¤¬¤Ç¤­¤Ê¤¤¤È¤¤¤¦»ö¤â¤¢¤ê¤¨¤Þ¤¹¡£

    ¤³¤Î¤è¤¦¤Ê±Æ¶Á¤ò¡¢·Ú¸º¤¹¤ëÊýË¡¤¬Ìµ¤¤¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£¾ÚÌÀ½ñ¤ò¹¹¿·¤¹¤ë¤ÈȽÃǤ·¡¢Æ±¤¸Ãæ´ÖCA¤«¤é¾ÚÌÀ½ñ¤¬È¯¹Ô¤Ç¤­¤Ê¤¤¤È¤ï¤«¤Ã¤¿»þÅÀA¤Ç¡¢¤½¤³¤«¤émax-age·Ð²á¤·¤¿»þÅÀB¤òµ­Ï¿¤·¤Æ¤ª¤­¡¢¿·¤·¤¤¾ÚÌÀ½ñ¤ò¼èÆÀ¤·¤Þ¤¹¡£(¤¬»È¤¤¤Þ¤»¤ó¡£)¡£¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤È¤·¤Æ¡¢¤½¤Î¿·¤·¤¤¾ÚÌÀ½ñ¤ÎÊ̤ÎÃæ´ÖCA¾ÚÌÀ½ñ¤Î¸ø³«¸°¤ÎPin¤ò¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Î¥Ø¥Ã¥À¤ËÀßÄꤷ¤Þ¤¹¡£»þÅÀB¤Ë¤Ê¤Ã¤Æ¡¢½é¤á¤Æ¿·¤·¤¤¾ÚÌÀ½ñ¤Ø¤ÎÆþ¤ìÂؤ¨¤ò¼Â»Ü¤·¤Þ¤¹¡£¤³¤Î»ö¤«¤é¡¢max-age¤ò1ǯÅù¡¢Ä¹¤¯¤È¤ì¤Ðµ¶¥µ¥¤¥È¤ÎËɻߤˤÏÌòΩ¤Á¤Þ¤¹¤¬¡¢º£½Ò¤Ù¤¿¤è¤¦¤Ê¾ÚÌÀ½ñ¹¹¿·¤Î¥ê¥¹¥¯¤â¤¢¤ê¡¢È¾·î¤«¤é1¥ö·îÄøÅÙ¤ËÀßÄꤹ¤ë¤Î¤¬ÂÅÅö¤Ê¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

    4.8. 2¤Ä¤ÎCA¾ÚÌÀ½ñ¤ËPin¤¹¤ë¾ì¹ç¤Î²ÝÂê

    SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¹¹¿·¤ÎºÝ¤Ë¡¢2¤Ä¤Î¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¡¢Î㤨¤ÐSymantec¤ÈGlobalSign¤ò¸ò¸ß¤Ë¾è¤ê´¹¤¨¤ë¤È¤·¤Æ¡¢¤³¤ì¤é2¤Ä¤ÎÃæ´ÖCA¾ÚÌÀ½ñ¤ÎPin¤ò¥Ø¥Ã¥À¤ËÀßÄꤷ¡¢»ÈÍѤ·¤Æ¤Ê¤¤¤Ê¤¤Êý¤ò¥Ð¥Ã¥¯¥¢¥Ã¥×Pin¤È¤¹¤ë¤Î¤Ï¡¢¤Ê¤«¤Ê¤«¸­¤¤ÊýË¡¤À¤È»×¤¤¤Þ¤¹¡£
    hpkp-two

    ¤·¤«¤·¤Ê¤¬¤é¡¢Á°½Ò¤ÎÍýͳ¤Ë¤è¤ê¡¢Symantec¤Î¼¡¤Ëȯ¹Ô¤·¤Æ¤â¤é¤ª¤¦¤ÈͽÄꤷ¤Æ¤¤¤¿GlobalSign¤ÎÃæ´ÖCA¾ÚÌÀ½ñ¤ÎPin¤¬»È¤¨¤Ê¤¤¥±¡¼¥¹¤¬¤¢¤ê¤Þ¤¹¡£

    °Ê¾å¤Î¤è¤¦¤Ë¡¢CA¾ÚÌÀ½ñ¤ËPin¤òÂǤĥ±¡¼¥¹¤Ç¤Ï¡¢¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤Îµ¤¤Þ¤°¤ì¤Ë¥Ó¥¯¥Ó¥¯¤·¤Ê¤¬¤é¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ÎHPKP¤ò±¿ÍѤ¹¤ë¤Î¤Ï¤È¤Æ¤âÌÌÅݤÀ¤È»×¤¤¤Þ¤»¤ó¤«? ¤½¤ì¤Ê¤é¡¢¤Þ¤À¡¢¼«Ê¬¤Ç¥³¥ó¥È¥í¡¼¥ë¤Ç¤­¤ëSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ËPin¤òÂǤÄÊý¤¬¡¢ÌÌÅݤǤâÎɤ¤¤è¤¦¤Êµ¤¤â¤·¤Æ¤­¤Þ¤¹¡£

    4.9. max-age¤Î¥ª¥¹¥¹¥áÃͤò¹Í¤¨¤ë

    RFC 7469 4.1Àá¤Î ¥»¥­¥å¥ê¥Æ¥£¹Í»¡¤Ë¤ª¤¤¤Æ¡¢max-age¤ÎºÇÂçÃͤˤĤ¤¤Æ°Ê²¼¤Î¤è¤¦¤Ëµ­ºÜ¤µ¤ì¤Æ¤ª¤ê¡¢ ¡Ö60Æü¤¬¥Ð¥é¥ó¥¹¤Î¼è¤ì¤¿Ãͤ«¤â¤Í¡×¤È¸À¤Ã¤Æ¤¤¤Þ¤¹¡£

    RFC 7469 4.1. Maximum max-age ¤è¤ê
    However, a value on the order of 60 days (5,184,000 seconds) may be considered a balance between the two competing security concerns.
    ¤¿¤À¡¢5¾Ï¤ÎScott Helme»á¤ÎHPKPÂбþ¥É¥á¥¤¥ó¥ê¥¹¥È¤Ë´ð¤Å¤¤¤¿»ä¤ÎÄ´ºº¤Ç¤Ï¡¢ ¤Þ¤È¤â¤Ê±¿ÍѤò¤·¤Æ¤¤¤ëÀßÄê¤ÎÃæ¤Ç¤Ï¡¢ 30Æü¤¬26%¡¢¼¡¤¤¤Ç60Æü¤¬19%¤È¿¤¤¤Ç¤¹¡£

    max-age¤ÎÃͤ¬Ä¹¤¹¤®¤ë¤È¡¢

    • ÀßÄê¥ß¥¹¤Ë¤è¤ë¾ã³²È¯À¸»þ¤ËĹ´ü´ÖÀܳ¤Ç¤­¤Ê¤¤¥æ¡¼¥¶¤¬½Ð¤Æ¤·¤Þ¤¦
    • Í­¸ú´ü´Ö¤Î¥ª¡¼¥Ð¡¼¥é¥Ã¥×¤¬É¬Íפʾì¹ç¡¢¼Â¼ÁŪ¤Ê¾ÚÌÀ½ñÍ­¸ú´ü´Ö¤¬Ìܸº¤ê¤·¤Æ±¿ÍÑ¥³¥¹¥È¤Ë±Æ¶Á¤¹¤ë
    ¤È¤¤¤¦¥ê¥¹¥¯¤Ë¤Ä¤¤¤Æ¡¢4.2Àá¤ÇÀâÌÀ¤µ¤»¤Æ夭¤Þ¤·¤¿¤¬¡¢ µÕ¤Ë¡¢max-age¤¬Ã»¤¹¤®¤ë¤È¤É¤¦¤Ê¤ë¤Î¤Ç¤·¤ç¤¦¤«¡©

    ´Êñ¤Ë¤Ï¡¢¥Ë¥»¤ÎHTTPS¥µ¥¤¥È¤Ë¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤¬¹â¤¯¤Ê¤ë¤È¤¤¤¦»ö¤«¤È»×¤¤¤Þ¤¹¡£ ËÜʪ¥µ¥¤¥È¤Îmax-age¤¬Ã»¤¯¤Æ¡¢Í­¸ú´ü¸Â¤¬Àڤ줿¥¿¥¤¥ß¥ó¥°¤Ç¡¢¥É¥á¥¤¥ó¾è¼è¤êÅù¤ÎÈï³²¤Ë¤¢¤Ã¤Æ µ¶¥µ¥¤¥È¤¬ºî¤é¤ì¡¢¤½¤³¤Ç1ǯÅùŤ¤max-age¤ÎHPKP¥Ø¥Ã¥ÀÂбþ¤Î¥Ë¥»¥µ¥¤¥È¤¬ºî¤é¤ì¤¿¤È¤¹¤ë¤È¡¢ °ìÅÙ¤½¤Î¤è¤¦¤Ë¤Ê¤ì¤Ð¡¢ÅöÌÌ1ǯ´Ö¤Ï¡¢¥Ë¥»¥µ¥¤¥È¤Ë¤·¤«·Ò¤²¤Ê¤¤¤è¤¦¤Ê¥æ¡¼¥¶¤¬È¯À¸¤¹¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
    hpkp-maxage
    max-age¤¬Ã»¤¤¤È¡¢¤½¤ì¤À¤±¹¶·â¤Î¥Á¥ã¥ó¥¹¤ÏÁý¤¨¤ë¤¿¤á¡¢max-age¤Ï¤¢¤ëÄøÅÙŤ¯¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£

    ÍÍ¡¹¤Ê¾ðÊ󥽡¼¥¹¤«¤é¡¢ ¥Ë¥»¥µ¥¤¥È¤òºî¤é¤ì¤Æ¤¤¤¿¤Èµ¤¤Å¤¯¤Þ¤Ç¤Ë¡¢¤½¤ì¤Û¤É»þ´Ö¤Ï¤«¤«¤é¤Ê¤¤¤È»×¤¤¤Þ¤¹¡£ ¿ôÆü¤«¤é1½µ´Ö¤â¤¢¤ì¤ÐÌäÂê¤Ëµ¤¤Å¤¯¤È»×¤¤¤Þ¤¹¡£ Ⱦ·î¤ä1¥ö·î¤âµ¤¤Å¤«¤Ê¤¤¤Þ¤Þ¤¤¤ë»ö¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¡£ ¡Ö¥Ë¥»HTTPS¥µ¥¤¥ÈÌäÂê¤Ëµ¤¤Å¤¯¤Þ¤Ç¤ËÃÙ¤¯¤È¤â¤É¤ì¤¯¤é¤¤¤«¤«¤ë¤«¡×¤Ë¤è¤Ã¤Æ max-age¤ÎºÇ¾®Ãͤò·è¤á¤ë¤Î¤¬¤è¤¤¤È»×¤¤¤Þ¤¹¡£

    ½¾¤Ã¤Æ¡¢¹¶·â¤È²ÄÍÑÀ­¤Î¥ê¥¹¥¯¤Î¥È¥ì¡¼¥É¥ª¥Õ¤Ç¡¢»ä¤Ïmax-age¤ò15Æü¤«30ÆüÄøÅÙ¤Ë ÀßÄꤹ¤ë¤Î¤¬Îɤ¤¤è¤¦¤Ë»×¤Ã¤Æ¤¤¤Þ¤¹¡£

    5. HPKP¤Ï¤É¤ÎÄøÅٻȤï¤ì¤Æ¤¤¤ë¤Î¤«

    2016ǯ3·î¤ÎNetcraft¼Ò¤ÎSSLÍøÍÑÄ´ºº¤Ë¤è¤ì¤Ð¡¢À¤³¦¤Ç¤ï¤º¤«0.09%¤Î4100¥µ¥¤¥È°Ê²¼¤°¤é¤¤¤·¤«¡¢HPKP¤òÀßÄꤷ¤Æ¤ª¤é¤º¡¢ÀßÄê¤Î¸í¤ê¤â¿¤¤¤½¤¦¤Ç¡¢Àµ¤·¤¯ÀßÄê¤Ç¤­¤Æ¤¤¤ë¤Î¤Ï¡¢¤½¤Î¤¦¤Á3000¥µ¥¤¥ÈÄøÅ٤ʤΤÀ¤½¤¦¤Ç¤¹¡£

    ¤Þ¤¿¡¢CSP(Content Security Policy)¤äHPKP¤Ë¾Ü¤·¤¯¡¢HPKP¤Î¸¡¾Ú¤ä¥ì¥Ý¡¼¥ÈÀ襵¥¤¥È¤ò±¿±Ä¤·¤Æ¤¤¤ëScott Helme»á¤Î¥Ö¥í¥°¤Ë¤è¤ì¤Ð¡¢Alexa¾å°Ì100Ëü¤Î¥µ¥¤¥È¤Î¤¦¤ÁHPKP¤òÀßÄꤷ¤Æ¤¤¤ë¤Î¤Ï¡¢¤ï¤º¤«375¥µ¥¤¥È¤Ç¤¢¤Ã¤¿¤È¤¤¤¦Êó¹ð¤â¤¢¤ê¤Þ¤¹¡£

    Scott Helme»á¤Ï¡¢Ä´ºº¤ÎºÝ¤Î¥Ç¡¼¥¿¤â¸ø³«¤·¤Æ¤ª¤ê¡¢2016ǯ8·î»þÅÀ¤Ç¤ÎHPKPÂбþ¥µ¥¤¥È¤Î¥É¥á¥¤¥ó̾¥ê¥¹¥È448·ï¤¬¤¢¤Ã¤¿¤Î¤Ç¡¢¤½¤ì¤ò¥Ù¡¼¥¹¤Ë2017ǯ2·î¸½ºß¤Ç¤âHPKP¥Ø¥Ã¥À¤òÊÖ¤¹¥µ¥¤¥È283·ï¤ËÂФ·¤Æ¾¯¤·Ä´ºº¤·¤Æ¤ß¤Þ¤·¤¿¡£

    hpkp-graph1
    ¤Þ¤º¡¢HPKP¥Ø¥Ã¥À¤È¤·¤ÆÀµ¤·¤¤¥Õ¥©¡¼¥Þ¥Ã¥È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤«¡¢¤Þ¤¿¡¢»ÅÍ;åPIN¤Î¥Ï¥Ã¥·¥åÃͤÏ2¤Ä°Ê¾åɬÍפǤ¹¤¬¡¢2¤Ä°Ê¾å¤¢¤ë¤«¤È¤¤¤¦´ÑÅÀ¤Ç¡¢¥Ø¥Ã¥À¤¬¤É¤ÎÄøÅÙÀµ¤·¤¤¤«¤òÄ´¤Ù¤Þ¤·¤¿¡£16%¤ÏÀßÄ꤬Àµ¤·¤¯¤Ê¤¤¤³¤È¤¬¤ï¤«¤ê¤Þ¤·¤¿¡£´Ö°ã¤Ã¤Æ¤¤¤ë¤â¤Î¤ÎÃæ¤Ë¤Ï¡¢pin-sha256°À­¤¬Ìµ¤¤¡¢pin-sha256¤ÎÃͤ¬ÉÔŬÀÚ¡¢pin-sha256°À­¤¬°ì¤Ä¤·¤«¤Ê¤¤¡¢¤Ê¤ÉÍÍ¡¹¤Ç¤¹¡£Î㤨¤Ð¤³¤ó¤Ê¤â¤Î¤¬¤¢¤ê¤Þ¤·¤¿¡£
    • ...
    • pin-sha256="base64+info1="; max-age=3
    hpkp-graph2
    ¼¡¤Ë¡¢HPKP¥Ø¥Ã¥À¤ÎPIN¤Î¥Ï¥Ã¥·¥åÃͤθĿô¤Ç¤¹¡£°ìÈ̤ˤÏPIN¤Î¥Ï¥Ã¥·¥åÃͤÏ2¤Ä¤Ç½½Ê¬¤Ç¡¢2¤Ä¤È¤Ê¤Ã¤Æ¤¤¤ë¥µ¥¤¥È¤¬Â¿¤¯Àê¤á¤Þ¤¹¤¬¡¢1¸Ä¤·¤«¤Ê¤¤¸í¤Ã¤¿¥µ¥¤¥È¤ä¡¢3¤Ä°Ê¾å¤òÀßÄꤷ¤Æ¤¤¤ë¥µ¥¤¥È¤âÁêÅö¿ô¤¢¤ê¤Þ¤¹¡£15¸ÄÀßÄꤷ¤Æ¤¤¤ë¤È¤¤¤¦ÌԼԤ⤢¤ê¤Þ¤·¤¿¡£
    hpkp-graph3
    HPKP¤ÇÍ­¸ú¤Ê¸ø³«¸°¥Ï¥Ã¥·¥å¤ÎÊݸ´ü´Ö¤òÄê¤á¤Æ¤¤¤ë¤Î¤¬¡¢max-age¤ÎÃͤǤ¹¡£RFC¤Ç¤Ï¡¢60Æü¤ò¿ä¾©¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢¼ÂºÝ¤Ë¤Ï30Æü¤òÀßÄꤹ¤ë¥µ¥¤¥È¤¬Â¿¤¤¤È¤ï¤«¤ê¤Þ¤¹¡£¤Þ¤¿¡¢¥Æ¥¹¥ÈÃæ¤Ê¤Î¤«1Æü°Ê²¼¤Ë¤·¤Æ¤¤¤ë¥µ¥¤¥È¤âÁêÅö¿ô¤¢¤ê¤Þ¤¹¡£Ã»¤¤¤È¥µ¥¤¥È¤ò¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤¬¹â¤Þ¤ê¤Þ¤¹¤·¡¢Ä¹¤¹¤®¤ë¤ÈÀßÄê¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤½¤Î´ü´ÖÀܳÉÔǽ¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤¹¡£1ǯ¤Ê¤É¤ÈÀßÄꤹ¤ë¤È¡¢ÀßÄ꼺ÇÔ¤·¤Æ¤¤¤¿¤é1ǯ´ÖÀܳ¤Ç¤­¤Ê¤¤¥æ¡¼¥¶¡¼¤¬½Ð¤Æ¥¯¥ì¡¼¥à³Î¼Â¤Ê¤Î¤Ë¶²¤í¤·¤¤¤Ç¤¹¤Í¡£
    hpkp-graph4
    report-uri¤òÀßÄꤹ¤ë¤È¡¢Âбþ¥Ö¥é¥¦¥¶¤Ê¤é¤Ð¡¢HPKP¤Î¥¨¥é¡¼¤ÎºÝ¤Ë»ØÄꤷ¤¿URL¤Ë¥ì¥Ý¡¼¥È¤òÁ÷¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£Jxck¤µ¤ó¤Î¥µ¥¤¥È¤Ç¤ÏÀßÄꤵ¤ì¤Æ¤¤¤ë¤½¤¦¤Ç¤¹¤¬¡¢¤Þ¤À¤Þ¤ÀÀßÄꤷ¤Æ¤¤¤ë¥µ¥¤¥È¤Ï¾¯¤Ê¤½¤¦¤Ç¤¹¡£
    hpkp-graph5
    HPKP¥Ø¥Ã¥À¤ÎÃͤˤϡ¢includeSubDomain¤È¤¤¤¦¥×¥í¥Ñ¥Æ¥£¤ò¤Ä¤±¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤ì¤ò¤Ä¤±¤ë¤Èexample.com¤ËHPKP¤òÀßÄꤷ¤Æ¤ª¤±¤Ð¡¢sub1.example.com¥É¥á¥¤¥ó¤ËÂФ·¤Æ¤âŬÍѤµ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
    hpkp-graph6
    HPKP¥Ø¥Ã¥À¤È¤·¤Æ¡¢Ä̾ï¤Ï"Public-Key-Pins"¤ò»È¤¤¤Þ¤¹¤¬¡¢"Public-Key-Pins-Report-Only"¤ò»È¤¨¤Ð¡¢¥Ö¥é¥¦¥¶¤ÏHPKP¤ò¸¡¾Ú¤»¤º¤Ë¡¢¥¨¥é¡¼¤È¤Ê¤Ã¤Æ¤âHTTPSÀܳ¤Ï³¤±¤é¤ì¤ë¥Æ¥¹¥ÈÍѤε¡Ç½¤¬¤¢¤ê¤Þ¤¹¡£Ìó10%¤Î¥µ¥¤¥È¤¬¤³¤Î¥Æ¥¹¥ÈÍѤÎÀßÄê¤ò»È¤Ã¤Æ¤¤¤ë¤È¤ï¤«¤ê¤Þ¤¹¡£
    hpkp-graph7
    Scott Helme»á¤Î2017ǯ»þÅÀ¤ÇÀܳ²Äǽ¤ÊHPKPÂбþ¥µ¥¤¥È283·ï¤Î¤¦¤ÁgTLD(com¡¢orgÅù)¡¢ccTLD(de¡¢ru¡¢jpÅù)Ê̤˷ï¿ô¤òÄ´¤Ù¤Æ¤ß¤ë¤È¡¢com¤¬Â¿¤¤¤Î¤ÏÅöÁ³¤Ç¤È¤·¤Æ¡¢¼ÂºÝ¤Î³ÆTLD¤ÎÅÐÏ¿·ï¿ô¤ËÈæ³Ó¤·¤Æ¸²Ãø¤Ë¿¤¤TLD¤¬¸«¤é¤ì¤Þ¤·¤¿¡£com¤Ï1.3²¯¡¢net¤Ède¤Ï1600Ëü¡¢ru¤Ï540Ëü¥É¥á¥¤¥ó¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¥É¥á¥¤¥óÅÐÏ¿¿ô¤ËÈæ¤Ù¤Æ¡¢ÈæΨŪ¤Ëru¡¢org¡¢de¤ÏÆͽФ·¤Æ¿¤¯¤Þ¤¿¡¢¥°¥é¥Õ¾å¤Ï¤½¤Î¾¤È¤·¤Æ¤¤¤Þ¤¹¤¬¡¢¥Þ¥¤¥Ê¡¼¤ÊccTLD¤Î¹ñ¤Ë¤Ä¤¤¤Æ¤â¡¢Èæ³ÓŪHPKPÀßÄ꤬¿¤¤¹ñ¤¬¤¢¤ê¤Þ¤¹¡£¤Þ¤¿¡¢edu¤¬°Û¾ï¤Ë¾¯¤Ê¤¤¤Î¤âµ¤¤Ë¤Ê¤ê¤Þ¤·¤¿¡£¤½¤Î¾¤Ë¤Ï¡¢ar/br/cl/il/pt/nl/tn/sk¤Ê¤É¡¢¥Þ¥¤¥Ê¡¼¤Ê¤â¤Î¤¬ 50¶á¤¯¤¢¤ê¤Þ¤·¤¿¡£

    6. º£¤ÎHPKP¤Î²¿¤¬¤¤¤±¤Ê¤«¤Ã¤¿¤Î¤«

    hpkp¤ÎȯÁÛ¼«ÂΤϡ¢ÉÔÀµÈ¯¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»È¤Ã¤¿µ¶¥µ¥¤¥È¤òËɤ°¤¿¤á¤Î»ÅÁȤߤȤ·¤ÆÍ­ÍѤǤ¢¤ê¡¢Chrome¤äFirefox¤Î¥Ö¥é¥¦¥¶ÁȤ߹þ¤ß¤Î¥×¥ê¥í¡¼¥È¥Ô¥ó¤Ï ¤¦¤Þ¤¯µ¡Ç½¤·¤Æ¤¤¤ë¤è¤¦¤Ë»×¤¨¤Þ¤¹¡£ ¤½¤Î°ìÊý¤ÇHPKP¥Ø¥Ã¥À¤ò»È¤Ã¤¿Êý¼°¤Ï¡¢ ¤«¤Ê¤ê±¿ÍѤ¬Ê£»¨¤ÇÆñ¤·¤¯¡¢¼ºÇÔ¤¹¤ë¤È 2¥ö·î¤È¤¤¤Ã¤¿¡¢Ä¹´ü´Ö¡¢°ìÉô¤Î¥æ¡¼¥¶¤ÏÀܳ¤Ç¤­¤Ê¤¤¤È¤¤¤¦¡¢¾ã³²¤¬È¯À¸¤¹¤ë¥ê¥¹¥¯¤â¹â¤¤¤³¤È¤¬¤ï¤«¤ê¤Þ¤·¤¿¡£

    ¸Ä¿Í¤äÃæ¾®¤Î¥µ¥¤¥È¤ÇÉÔÀµ¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤Þ¤Çµ¶¥µ¥¤¥È¤òºî¤ë¥á¥ê¥Ã¥È¤Ï¸«Åö¤¿¤é¤º¡¢¹¶·â¤ò¼õ¤±¤ë²ÄǽÀ­¤â¶Ë¤á¤ÆÄ㤤¤¿¤á¡¢HPKP¤ò»È¤Ã¤Æ¥µ¡¼¥Ó¥¹¾ã³²¤Î¥ê¥¹¥¯¤ò¼è¤Ã¤Æ¤Þ¤ÇHPKP¤òƳÆþ¤¹¤ëɬÍפϤʤ¤¤È»×¤¤¤Þ¤¹¡£

    ¤Ç¤Ï¡¢°ìÈÌ¥µ¥¤¥È¸þ¤±¤ËHPKP¤ÎÉáµÚ¤¬¿Ê¤à¤¿¤á¤Ë¤Ï¡¢±¿ÍѤΤ·¤ä¤¹¤¤¥µ¡¼¥Ó¥¹¾ã³²¤¬µ¯¤­¤Ë¤¯¤¤»ÅÍͤÎÊѹ¹¤¬É¬ÍפÀ¤È»×¤¤¤Þ¤¹¤¬¡¢¤É¤¦¤¹¤ì¤Ð¤³¤ì¤¬²Äǽ¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¤«¡©

    max-age¤ò2¥ö·î¤È²¾Äꤷ¤Æ¡¢ HPKP¥Ø¥Ã¥À¤Ç±¿ÍѾå¤Î²ÝÂê¤Ê¤Î¤Ï¡¢¾ÚÌÀ½ñ¹¹¿·¤Î2¥ö·îÁ°¤Ë¡¢¥Ô¥ó¤¬Êѹ¹¤Ë¤Ê¤ë¤Ê¤éÀßÄê¤ò»öÁ°ÀßÄꤷ¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢´Ö°ã¤¨¤Ëµ¤¤Å¤¤¤Æ¥Ø¥Ã¥ÀÀßÄê¤òľ¤·¤Æ¤â¡¢2¥ö·î¤ÏÄÌ¿®¾ã³²¤¬È¯À¸¤¹¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£

    ¤½¤³¤Ç¡¢´Ö°ã¤¨¤Ëµ¤¤Å¤¤¤¿»þ¤Ë¤Ï¡¢¤¹¤°¤ËÀßÄêÊѹ¹¤¬È¿±Ç¤Ç¤­¤¿¤ê¡¢¥µ¡¼¥Ð¡¼Â¦¤Ç»ÃÄêŪ¤Ë¥Ö¥é¥¦¥¶¤ÎHPKP¸¡¾Ú¤ò̵¸ú²½¤Ç¤­¤ë¥­¥ë¥¹¥¤¥Ã¥Á¤¬¤¢¤ë¤È¤è¤¤¤È»×¤¦¤Î¤Ç¤¹¡£¿¼¤¯¹Í»¡¤·¤¿Ìõ¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢Î㤨¤Ð¡¢HPKP¹¹¿·Æü¤ò¥Ø¥Ã¥À¤Ëµ­ºÜ¤¹¤ë¤Ê¤É¤·¤Æ¡¢ÀßÄê¤Ë¹¹¿·¤¬¤¢¤ì¤Ðmax-age¤Ë´Ø¤ï¤é¤º¹¹¿·¤·¡¢Ìµ¸ú²½¤¹¤ë¤Ê¤é¡¢Ìµ¸ú²½¤¹¤ë¤È¤¤¤Ã¤¿µ¡Ç½¤òÄ󶡤¹¤ì¤Ð¡¢±¿ÍѤÏmax-age¤äÀßÄê¥ß¥¹¤Î¼öÇû¤«¤é²òÊü¤µ¤ì¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

    ¾¤Ë¤â¤³¤ÎÌäÂê¤Î²ò·èÊýË¡¤Ï¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢²¿¤é¤«¤Î¼êÅö¤Æ¤ò¤·¤Ê¤¤¸Â¤ê¡¢HPKP¤ÏÉáµÚ¤·¤½¤¦¤Ë¤Ï¤¢¤ê¤Þ¤»¤ó¡£

    7. ¤ª¤ï¤ê¤Ë

    °Ê¾å¡¢HPKP¤Ë¤Ä¤¤¤Æ¡¢¤É¤³¤Ë¥Ô¥ó¤òÂǤĤ«¡¢max-age¤Ï¤É¤¦¤¹¤ë¤«¤Ê¤É±¿ÍÑÌ̤«¤é¡¢ ¤¤¤í¤¤¤í¹Í»¡¤äÀ°Íý¤ò¤·¤Æ¤ß¤Þ¤·¤¿¡£ ¸½»þÅÀ¤Ç¤Ï¡¢HPKP¤òƳÆþ¤¹¤ë¤Î¤Ï»þ´ü¾°Áá¤Ç¡¢ ±¿ÍѤËÉéô¤ò¤«¤±¡¢¥µ¡¼¥Ó¥¹Ää»ß¤Î¥ê¥¹¥¯¤â¹â¤¤¤È¤¤¤¦¤³¤È¤â ¤´Íý²ò¤¤¤¿¤À¤±¤¿¤Î¤Ç¤Ï¤È»×¤¤¤Þ¤¹¡£

    ¤³¤ì¤Ç¡¢¼«Ê¬¤¬HPKP¤Ë¤Ä¤¤¤ÆÁ°¤«¤é½ñ¤­¤¿¤¤¤È»×¤Ã¤Æ¤¤¤¿¤³¤È¤ò¡¢ Íî¤ÁÃ夤¤ÆÀ°Íý¤Ç¤­¡¢3ǯ±Û¤·¤°¤é¤¤¤ËÅǤ­½Ð¤»¤Þ¤·¤¿¡£ ¤ï¤«¤ê¤Ë¤¯¤«¤Ã¤¿¤ê¡¢Íý²ò¤¬´Ö°ã¤Ã¤Æ¤¤¤¿¤é¤¹¤ß¤Þ¤»¤ó¡£ ¸Ä¿ÍŪ¤Ë¤Ï¡¢HPKP¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤ì¤Ç¤ï¤À¤«¤Þ¤ê¤È¤«¥â¥ä¥â¥ä´¶¤È¤¤¤¦¤Ï³µ¤Í ʧ¿¡¤µ¤ì¤¿¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£ ¤Þ¤¡¡¢¡Ö¥Ö¥í¥°¤Ê¤ó¤Æ¤½¤ó¤Ê¥â¥Î¤è¤Í¡×¤Ã¤Æ¤³¤È¤Ç¡¢¡¢¡¢£÷

    8. (»²¹Í) HPKP´ØÏ¢¤ÎÊÙ¶¯¤Ë¤Ê¤ë¥ê¥ó¥¯

    Netcraft: Secure websites shun HTTP Public Key Pinning
    HPKP¤¬Î®¹Ô¤Ã¤Æ¤¤¤Ê¤¤¤³¤È¤ÎÅý·×¡£¤Ê¤¼Î®¹Ô¤é¤Ê¤¤¤«¤Î²òÀâ¡£Îɵ­»ö¡£
    Netcraft: HTTP Public Key Pinning: You're doing it wrong!
    Netcraft¼Ò¤Î¡¢À¤¤ÎÃæ¤ÎHPKPÂбþ¥µ¥¤¥È¤ÎÀßÄê¸í¤ê¤Ë´Ø¤¹¤ë²òÀâ¡£Îɵ­»ö¡£
    Scott Helme¤µ¤ó¤ÎHPKP¥Ö¥í¥°µ­»ö
    CSP¤äHSTS¤äHPKP¤Ê¤ÉSSL´ØÏ¢µ»½Ñ¤ÎÀìÌç²È¤Ç¡¢HPKP¤Ê¤É¤Î¥ì¥Ý¡¼¥ÈÀ襵¥¤¥È report-uri.io ¤ò ±¿±Ä¤·¤Æ¤¤¤ëScott Helme¤µ¤ó¤Î¥Ö¥í¥°¡£HPKPÂбþ¥µ¥¤¥È¤Î¥É¥á¥¤¥ó¥ê¥¹¥È¤Ê¤É¤Î¥Ç¡¼¥¿¤â¤¢¤ê¤Þ¤¹¡£
    Qualys Blog: Is HTTP Public Key Pinning Dead?
    Ivan Ristic»á¤Î¡¢¡ÖHPKP¤¬½ª¤ï¤Ã¤Æ¤¤¤ë¤«¡©¡×¤Ë´Ø¤¹¤ëµÄÏÀ¡£
    Raymii.org: HTTP Public Key Pinning Extension HPKP for Apache, NGINX and Lighttpd
    ²òÀâ¤Ï½¼¼Â¡£³Æ¥µ¡¼¥Ð¡¼Ëè¤ÎHPKP¥Ø¥Ã¥À¤ÎÀßÄêÎã¡£
    MDN: Public Key Pinning
    Mozilla¤Ë¤è¤ëHPKP²òÀâ¡£Chrome¤äFirefox¤Ç¤ÎHPKPÂбþ¥Ð¡¼¥¸¥ç¥ó¤Îµ­½Ò¡£¥µ¡¼¥Ð¡¼ÀßÄêÎã ¥ì¥Ý¡¼¥Èµ¡Ç½¤Ï¿·¤·¤¤Chrome¤·¤«»È¤¨¤Ê¤¤»ö¤Î¸ÀµÚ¤Ê¤É¡¢»²¹Í¤Ë¤Ê¤ë¡£
    Public Key Pinning¤Ë¤Ä¤¤¤Æ - Chris Palmer (¸¶Ê¸)
    Chris Palmer¤Ë¤è¤ëHPKP²òÀâ¡£¸í²ò¤â¤¢¤ë¤¬¡¢½é¤á¤Æ¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Î¤É¤³¤Ë¥Ô¥ó¤òÀßÄꤹ¤ë¤«¡¢¤½¤Î¥±¡¼¥¹Ê¬¤±¤Ë¤Ä¤¤¤Æ¹Í»¡¤·¤¿µ­»ö¡£
    ¤Ü¤Á¤Ü¤ÁÆüµ­¡§ÉÔÀµ¤ÊSSL¾ÚÌÀ½ñ¤ò¸«ÇˤëPublic Key Pinning¤ò»î¤¹
    jovi¤µ¤ó¤Ë¤è¤ëHPKP(¥É¥é¥Õ¥È)¤Ë´Ø¤¹¤ë¾ÜºÙ¤«¤Ä¹­ÈϤʲòÀâ¤Ç¤¹¡£
    Jxck¤µ¤ó¤Î¥Ö¥í¥°¡§Public Key Pinning for HTTP(HPKP) Âбþ¤È report-uri.io ¤Ç¤Î¥ì¥Ý¡¼¥È¼ý½¸
    Jxck¤µ¤ó¤Î²òÀâ¡£ÆäËreport-uri¤Îµ¡Ç½¤ò»î¤·¤Æ¤ß¤¿Êó¹ð¤¬µ®½Å¡£
    ¸ø³«¸°¥Ô¥ó¥Ë¥ó¥°¤Ë¤è¤ë¥æ¡¼¥¶ÄÉÀ× HPKP Supercookies
    º£²ó¤Îµ­»ö¤È¤Ï¤¢¤Þ¤ê´Ø·¸¤Ê¤¤¤Ç¤¹¤¬¡¢ ¤Ë¤·¤à¤Í¤¢¤µ¤ó¤ÎHPKP¤ò»È¤Ã¤¿¥¯¥Ã¥­¡¼¤ò»È¤ï¤Ê¤¤¥æ¡¼¥¶¡¼ÆÃÄê¤ÎÌÌÇò¤¤»î¤ß¤Ë´Ø¤¹¤ë¥¹¥é¥¤¥É»ñÎÁ¡£
    OWASP: Certificate and Public Key Pinning
    OWASP¤Î²òÀâµ­»ö¡£ÌµÂ̤ʾðÊó¤â¿¤¤¡£

    9. Äɵ­

    9.1. Äɵ­(2017.02.26) HPKP¤Î¥Ö¥é¥¦¥¶¥µ¥Ý¡¼¥È¾õ¶·

    caniuse.com¥µ¥¤¥È¤Ç¤ÏÍÍ¡¹¤Ê¥Ö¥é¥¦¥¶¤Îµ¡Ç½¤Î¥µ¥Ý¡¼¥È¾õ¶·¤ò¾ðÊóÄ󶡤·¤Æ¤¤¤Þ¤¹¤¬¡¢ 2017ǯ2·î»þÅÀ¤Ç¤Î HPKP¤Î¥Ö¥é¥¦¥¶¥µ¥Ý¡¼¥È¾õ¶·¤Ë¤Ä¤¤¤Æ¤â µ­ºÜ¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¼¨¤·¤Æ¤ª¤­¤Þ¤¹¡£Firefox¡¢Chrome¡¢Opera¡¢AndroidÈÇChrome¤Ç¤Ï ¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¤½¤ì°Ê³°¤Ç¤Ï¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
    hpkp-caniuse

    9.2. Äɵ­(2017.02.26) smashingmagazine.com¤ÇȯÀ¸¤·¤¿HPKP¾ã³²

    ¤½¤Î¸å¡¢HPKP¤Ë¤Ä¤¤¤Æ·Ñ³¤·¤ÆÄ´¤Ùʪ¤ò¤·¤Æ¤¤¤¿¤é¡¢ smashingmagazine.com¤Î¥Ö¥í¥°¤Ç¡¢ HPKP¤Ë¤è¤êȯÀ¸¤·¤¿Àܳ¾ã³²¤Ë¤Ä¤¤¤Æ¤Î¹Í»¡¤¬½ñ¤«¤ì¤Æ¤¤¤Þ¤·¤¿¡£ ¤³¤³¤Ç¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë½ñ¤«¤ì¤Æ¤¤¤Þ¤·¤¿¡£

    • HPKP¤ÏÃæ´Ö¼Ô¹¶·â¤ËÂФ·¤ÆÍ­¸ú¤Êµ¡Ç½¤À¤¬
    • HPKP¤ÎÀßÄê¥ß¥¹¤Ç2016ǯ10·î21Æü¤«¤é25Æü¤Ë¤«¤±HTTPSÀܳ¾ã³²¤¬È¯À¸
    • ¾ÚÌÀ½ñ´ü¸ÂÀÚ¤ì¤ÇHPKP¥Ø¥Ã¥À¤ò¹¹¿·¤·¤¿¤é¥¨¥é¡¼¤Ë¤Ê¤Ã¤¿
    • ¤¹¤Ç¤Ë¾ÚÌÀ½ñ¤Ï´ü¸ÂÀÚ¤ì¤Ç¥í¡¼¥ë¥Ð¥Ã¥¯¤Ï¤Ç¤­¤Ê¤¤
    ¶µ·±¤È¤·¤Æ¡¢¥Ö¥í¥°¤Ç¤Ï¡¢
    • ¶âÍ»¥µ¥¤¥È¤Ê¤É¤Ê¤é¤Ð¡¢HPKP¤ò»È¤¦²ÁÃͤϤ¢¤ë¤¬¡¢Ã±¤Ê¤ë¾ðÊóÄ󶡥µ¥¤¥È ¤Ê¤é¡¢¤½¤ÎɬÍפâ¤Ê¤¤¡£HPKPÀßÄê¥ß¥¹¤Ë¤è¤ë¥µ¡¼¥Ó¥¹Ää»ß¤Ï¡¢Ãæ´Ö¼Ô¹¶·â¤è¤ê¤âÂ礭¤Ê¶¼°Ò¤À
    • max-age¤òû¤¯¤¹¤ë¤³¤È¤Ë¤è¤êÌäÂê¤ò´ËϤǤ­¤ë
    »ä¤â¥µ¡¼¥Ó¥¹Äó¶¡ÉÔǽ¤ÎÊý¤¬¡¢Â礭¤ÊÌäÂê¤À¤È¤¤¤¦¤Î¤ÏƱ°Õ¤Ç¤¹¤¬¡¢ Á°¤Ë¤â½Ò¤Ù¤¿Ä̤ꡢmax-age¤òû¤¹¤®¤ëÃͤËÀßÄꤹ¤ë¤Î¤Ï·üÌ¿¤Ç¤Ï¤Ê¤¯¡¢Ãí°Õ¤¬É¬ÍפǤ¹¡£ ¤³¤Î¥µ¥¤¥È¤Ç¤Ï¡¢max-age¤ò1ǯ¤È¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢³Î¤«¤Ë¤³¤ì¤ÏŤ¹¤®¤Þ¤¹¡£ ¿·¤·¤¯ÀßÄꤵ¤ì¤¿HPKP¥Ø¥Ã¥À¤ò¸«¤Æ¤ß¤Þ¤·¤¿¤¬¡¢¸½¹Ô¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Î¾¤Ë 3¤Ä¥Ô¥ó¤¬ÀßÄꤵ¤ì¤Æ¤ª¤ê¡¢max-age¤Ï1Æü¤ËÀßÄꤵ¤ì¤Æ¤ª¤ê¡¢¤¤¤í¤¤¤í¤ÈÀßÄê¤Ë¤ÏÌäÂ꤬¤¢¤ê¤½¤¦¤Ç¤¹¡£

    X.509¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤Ê¤É¤Ç»È¤ï¤ì¤ëMulti-valued RDN¤Èjsrsasign¤Î¥µ¥Ý¡¼¥È¤Ë¤Ä¤¤¤Æ

    µ×¡¹¤Ë¤Á¤ç¤Ã¤ÈPKI´ØÏ¢¥Í¥¿¤Ç¤¹¡£¤¤¤ï¤æ¤ë¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ(X.509¾ÚÌÀ½ñ)¤Ë¤Ï¡¢¼çÂμÔ̾(Subject Name)¤äȯ¹Ô¼Ô̾(Issuer Name)¤Ë¼±ÊÌ̾(DN: Distinguished Name)¤ò»È¤¤¤Þ¤¹¡£Î㤨¤Ð¡¢

    CN=yourname@example.com,O=example,C=JP
    ¤Î¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£¥«¥ó¥Þ¤Ç¶èÀڤä¿°ì¤Ä°ì¤Ä¤òÁêÂм±ÊÌ̾(RDN: Relative Distinguished Name)¤È¸Æ¤ó¤Ç¤¤¤Þ¤¹¡£
    O=example
    °ìÈÌŪ¤Ë¤ÏÁêÂм±ÊÌ̾(RDN)¤Ï¡¢¡Ö°ì¤Ä¤Î¡×°À­¥¿¥¤¥×¤È°À­ÃͤΥڥ¢(AttributeTypeAndValue) ¤è¤ê¹½À®¤µ¤ì¤Þ¤¹¡£
    °À­¥¿¥¤¥×=°À­ÃÍ
    O=example
    ¤¿¤À¡¢¡Ö°ìÈÌŪ¤Ë¤Ï¡×¤È½ñ¤¤¤¿Ä̤ꡢRDN¤Ë¤Ä¤¤¤ÆÊ£¿ô¤ÎAttributeTypeAndValue¤ò»ý¤Ä¤³¤È¤â²Äǽ¤Ç¤¹¡£¤³¤ì¤òMulti-valued RDN¤È¸Æ¤ó¤Ç¤ª¤ê¡¢¥×¥é¥¹"+"µ­¹æ¤Ç¤Ä¤Ê¤¤¤Ç°Ê²¼¤Î¤è¤¦¤Ëɽ¸½¤·¤Þ¤¹¡£
    °À­¥¿¥¤¥×1=°À­ÃÍ1+°À­¥¿¥¤¥×2=°À­ÃÍ2...
    CN=User1+serialNumber=123
    Google¤È¤«¤Ç¡ÖMulti-valued RDN¡×¤Ç¸¡º÷¤¹¤ë¤È¤ï¤«¤ë¤È»×¤¦¤ó¤Ç¤¹¤¬¡¢±Ñ¸ì¤Ç¤Ï·ë¹½¤¢¤ë¤Î¤Ë¡¢ÆüËܸì¤Ç¿¨¤ì¤Æ¤¤¤ëµ­»ö¤Ã¤Æ¡¢¼«Ê¬¤Î¥Ö¥í¥°°Ê³°¤ß¤Ä¤«¤é¤Ê¤¤¤ß¤¿¤¤¤Ê¤ó¤Ç¤¹¤è¤Í¡£ º£Æü¤Ï¡¢ÀÛºî¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê jsrsasign ¤ä OpenSSL ¤ò»È¤¤¤Ê¤¬¤é¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤ÎMulti-valued RDN¤ä¡¢¼±ÊÌ̾¤Ë¤Ä¤¤¤Æ·¡¤ê²¼¤²¤Æ¤ß¤¿¤¤¤Þ¤¹¡£

    ¥¨¥ó¥È¥ê¤È¼±ÊÌ̾

    LDAP¤ä¡¢¤½¤Î¸µ¤È¤Ê¤Ã¤Æ¤¤¤ëX.500¥Ç¥£¥ì¥¯¥È¥ê¥µ¡¼¥Ó¥¹¤Ç¤Ï¡Ö¥¨¥ó¥È¥ê¡×¤Î¥Ä¥ê¡¼¹½Â¤¤Ë¤è¤ê¾ðÊó¤ò´ÉÍý¤·¡¢Î㤨¤Ð²ñ¼Ò¡¢ÉôÌç¡¢¼Ò°÷¤Ï°Ê²¼¤Î¤è¤¦¤Ë´ÉÍý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
    ¿Þ1
    LDAP¤Ç¤Ï¡¢¤¢¤ë¥¨¥ó¥È¥ê¤òÆÃÄꤹ¤ë¤¿¤á¤Ë¡Ö¡û¡ß¾¦»ö¡×¤Î¡ÖÁí̳Éô¡×¤Î¡Öº´Æ£Æóϯ¡×¤µ¤ó¤È¤¤¤¦ÆÃÄê¤Î»ÅÊý¤ò¤·¤Þ¤¹¡£¥¨¥ó¥È¥ê¤Î̾Á°¡¢¡ÖÁí̳Éô¡×¤ä¡Öº´Æ£Æóϯ¡×¤È¤¤¤¦Ãͤϡ¢Â°À­¥¿¥¤¥×¤È¤¤¤¦·¿¤ò¤Ä¤±¤ë¤³¤È¤¬¤Ç¤­¡¢ÁÈ¿¥Ì¾(O: Organization Name)¡¢Éô½ð̾(OU: Organizational Unit Name)¡¢°ìÈÌ̾(CN: Common Name)¤Ê¤É¤Î¥¿¥¤¥×¤¬¤¢¤ê¤Þ¤¹¡£
    ¿Þ2
    Î㤨¤Ð¡¢±Ä¶È¤ÎÎëÌÚ¤µ¤ó¤òÆÃÄꤹ¤ë¤È¤­¤Ë°ìÈÖ¾å¤Þ¤Ç¤Î¥¨¥ó¥È¥ê¤òé¤Ã¤Æ¡¢°Ê²¼¤Î¤è¤¦¤Ëɽ¸½¤·¤Þ¤¹¡£¤³¤ì¤ò¡Ö¼±ÊÌ̾(DN: Distinguished Name)¡×¤È¸Æ¤Ó¤Þ¤¹¡£¤³¤ì¤Ë¤è¤ê¾¤ÎÉô½ð¤ÎSuzuki¤µ¤ó¤È¤â¶èÊ̤Ǥ­¤Þ¤¹¡£

    CN=Suzuki,OU=Sales,O=MaruBatsu
    ¼±ÊÌ̾¤Î¤¦¤Á¡¢¡ÖOU=Sales¡×¤Î¤è¤¦¤Ë¥¨¥ó¥È¥ê¤Î´Ý¤ÎÃæ¤òÁêÂм±ÊÌ̾(RDN: Relative Distinguished Name)¤È¸Æ¤Ó¤Þ¤¹¡£

    ¤Þ¤¿¡¢¤³¤Î¥¨¥ó¥È¥ê¤Î¥Ä¥ê¡¼¹½Â¤¤òDIT(Directory Information Tree)¤È¸Æ¤Ó¤Þ¤¹¡£

    Muti-valued RDN¤È¤Ï¡©¤Ê¤¼É¬Íפ«¡©

    ¾åµ­¤ÇÀâÌÀ¤·¤¿¼±ÊÌ̾(DN)¤Ç¡¢Æ±¤¸±Ä¶ÈÉô¤ËÎëÌÚ²Ö»Ò¤µ¤ó¤¬Æó¿Í¤¤¤¿¤é¤É¤¦¤·¤Þ¤·¤ç¤¦¡£°ìÈÌ̾¤Ë¶èÊ̤¹¤ë¤¿¤á¤Î¿ô»ú¤òÄɲä·¤¿¤ê¡¢ÄɲäÎÃͤȤ·¤Æ¡¢¼Ò°÷ÈÖ¹æ¤ä¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ç¶èÊ̤¹¤ë¤³¤È¤â¤Ç¤­¡¢¥¨¥ó¥È¥ê¤òÄɲ䷤ƤâÎɤ¤¤Î¤Ç¤¹¤¬¡¢¤É¤ì¤â¥¤¥Þ¥¤¥Á¡£
    ¿Þ3
    ¤½¤³¤Ç¡¢°ì¤Ä¤Î¥¨¥ó¥È¥ê¤ËÊ£¿ô¤ÎÃͤò¤Ä¤±¤Æ¼±Ê̤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£¤³¤ì¤ò Multi-valued RDN¤È¸Æ¤ó¤Ç¤¤¤Þ¤¹¡£
    ¿Þ4
    ƱÀ­Æ±Ì¾¤Î¿Í¤Ï¿ʬ¤¤¤ë¤Ç¤·¤ç¤¦¤«¤é¡¢¼Ò°÷ÈÖ¹æ¤ä¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ê¤É¾¤Î°ì°Õ¤Ê¤â¤Î¤ÈÁȤ߹ç¤ï¤»¤Æ´ÉÍý¤¹¤ë¤Î¤Ï¥¹¥Þ¡¼¥È¤Ê´ÉÍýÊýË¡¤À¤È»×¤¤¤Þ¤¹¤·¡¢°ìÉô¤Î¾¦ÍѤΥǥ£¥ì¥¯¥È¥ê¥µ¡¼¥Ð¡¼À½ÉʤǤϡ¢ÍøÍѼԿô¥Ù¡¼¥¹¤Ç¥é¥¤¥»¥ó¥¹²Ý¶â¤¹¤ë¤¿¤á¤Ë¡¢¥¨¥ó¥È¥ê¿ô¤ò»È¤¦¤â¤Î¤â¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢Multi-valued RDN¤ò»È¤¦¤³¤È¤Ë¤è¤Ã¤Æ¥³¥¹¥Èºï¸º¤òÁÀ¤¦¤³¤È¤â¤Ç¤­¤Þ¤¹¡£¤¿¤À¡¢Multi-valued RDN¤Ï¡¢¤¹¤Ù¤Æ¤ÎÀ½ÉʤǻȤ¨¤ë¤È¤¤¤¦¤â¤Î¤Ç¤â¤Ê¤¤¤Î¤Ç(Î㤨¤Ð¡¢¤È¤¢¤ëÀ½ÉʤΥ¹¥Þ¡¼¥È¥«¡¼¥É¤È¤«802.1Xǧ¾Ú¤È¤«¤Ç¸å¤Ë¤Ê¤Ã¤ÆÌäÂê¤Ë¤Ê¤Ã¤¿¤³¤È¤¬¤¢¤ê¤Þ¤·¤¿¤è¤Í¡¢¡¢¡¢)ËÜÅö¤Ë»È¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤è¤¤¤«¤É¤¦¤«¤Ï¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÈÁêÃ̤·¤Æ·è¤á¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£

    ¼±ÊÌ̾¤Îʸ»úÎóɽ¸½

    ¼±ÊÌ̾¤Îʸ»úÎóɽ¸½¤Ë¤Ï¤¶¤Ã¤¯¤ê2¤Ä¤Îɽ¸½¤¬¤¢¤ê¤Þ¤¹¡£

    CN=Matsuda Kenji,OU=Sales,O=MaruBatsu
    /O=MaruBatsu/OU=Sales/CN=Matsuda Kenji
    DIT¤Î¥Ä¥ê¡¼¹½Â¤¤Î²¼¤«¤é½ç¤Ë¥«¥ó¥Þ","¤Ç¤Ä¤Ê¤¤¤ÀÊýË¡¤È¡¢¾å¤«¤é½ç¤Ë¥¹¥é¥Ã¥·¥å"/"¤Ç¤Ä¤Ê¤°ÊýË¡¤Ç¤¹¡£

    ¥«¥ó¥Þ¤ÇµÕ½ç¤Ë¤Ä¤Ê¤°ÊýË¡¤ÏRFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names¤ä¸å·Ñ¤Î4514¤Çµ¬Äꤵ¤ì¤Æ¤¤¤Þ¤¹¡£LDAP¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¥½¥Õ¥È¥¦¥§¥¢¤Ç¤Ï°ìÈÌŪ¤Ë»È¤ï¤ì¤Æ¤¤¤ëÊýË¡¤Ç¤¹¡£

    ¤â¤¦°ìÊý¤Î¡¢ÀèƬ¤Ë¥¹¥é¥Ã¥·¥å¤òÉÕ¤±¡¢¥¹¥é¥Ã¥·¥å¤ÇÀµ½ç¤Ç¤Ä¤Ê¤°ÊýË¡¤ÏOpenSSL compat¥Õ¥©¡¼¥Þ¥Ã¥È¤È¸Æ¤Ð¤ì¡¢OpenSSL¤Çɸ½àŪ¤Ë»È¤ï¤ì¤ë¤È¤È¤â¤Ë¡¢OpenSSL·Ï¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤Ç¤¢¤ëApache HTTP Server¡¢nginx¡¢lighttpd¤Ê¤É¤ÎÀßÄê¤Ê¤É¤Ç»È¤ï¤ì¤ëÊýË¡¤Ç¤¹¡£

    Multi-valued RDN¤Î¾ì¹ç¤Ë¤Ï¡¢¤É¤Á¤é¤Î·Á¼°¤Ç¤âÃͤò¥×¥é¥¹"+"µ­¹æ¤Ç¤Ä¤Ê¤¤¤Çɽ¸½¤·¤Þ¤¹¡£

    CN=Matsuda Kenji+emailAddress=matsu@mb.com,OU=Sales,O=MaruBatsu
    /O=MaruBatsu/OU=Sales/CN=Matsuda Kenji+emailAddress=matsu@mb.com
    ¥×¥é¥¹¤Ç·Ò¤¬¤ì¤¿ÃͤÎɽ¼¨½ç½ø¤Ë¤Ä¤¤¤Æ¤Ï¡¢Æä˷è¤Þ¤ê¤Ï̵¤¤¤Èǧ¼±¤·¤Æ¤ª¤ê¡¢°Ê²¼¤ÎMulti-valued RDN¤ÇCN¤ÈemailAddress¤Î¤É¤Á¤é¤òÀè¤Ë¤·¤Æ¤âÎɤ¤¤Ï¤º¤Ç¤¹¡£¤³¤ì¤¬¤É¤Î¤è¤¦¤ËASN.1¤Ç¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤«¤Ï¸å¤Ç½Ò¤Ù¤Þ¤¹¡£
    CN=Matsuda Kenji+emailAddress=matsu@mb.com
    emailAddress=matsu@mb.com+CN=Matsuda Kenji

    ¼¡¤ËCN¤äOU¤Ê¤É¤Î°À­¥¿¥¤¥×¤Îʸ»úÎóɽ¸½¤Ç¤¹¤¬¡¢¤É¤Î¤è¤¦¤Ëɽµ­¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤¤¤È¤¤¤Ã¤¿¸·³Ê¤Êɸ½à¤Ï¤Ê¤¯¡¢¼ÂÁõ¤â¥Ð¥é¥Ð¥é¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤Ã¤Æ¤¤¤Þ¤¹¡£8ǯÁ°¤ËXAdESĹ´ü½ð̾¤Ë´ØÏ¢¤·¤Æ¡¢¼±ÊÌ̾¤ÎÃæ¤Î°À­¥¿¥¤¥×¤Îɽµ­¤Î¼ÂÁõ¾õ¶·¤Ë¤Ä¤¤¤ÆÄ´ºº¤·¤Æ¤ª¤ê¡¢¤½¤Î»þ¤Ë¤Þ¤È¤á¤¿É½¤òºÆ·Ç¤·¤Þ¤¹¡£
    RFC2253¥Æ¥¹¥È1°À­¥¿¥¤¥×̾¤Î¥Æ¥¹¥È
    X.509¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤òÄê¤á¤¿RFC 5280¤Î4.1.2.4Àá ȯ¹Ô¼Ô̾(Issuer)¤Ç¤Ï¡¢¼±ÊÌ̾¤Î°À­¥¿¥¤¥×¤È¤·¤ÆÂбþ¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤(MUST)¥ê¥¹¥È¤È¡¢Âбþ¤¹¤Ù¤­(SHOULD)°À­¥¿¥¤¥×¤Î¥ê¥¹¥È¤¬·ÇºÜ¤µ¤ì¤Æ¤ª¤ê¡¢É½Ãæ¤Ç¤ÏMUST¤ò²«ÎС¢SHOULD¤ò²«¿§¡¢¤½¤Î¾¡¢¾ÚÌÀ½ñ¤Ç¼ÂºÝ¤Ë»È¤ï¤ì¤ë¤³¤È¤Î¤¢¤ë°À­¥¿¥¤¥×¤Î¥ê¥¹¥È¤òÇò¤È¤·¡¢.NET¤ä³Æ¼ïJava¥Ù¡¼¥¹¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¤Ç¤É¤Î¤è¤¦¤Ë°À­¥¿¥¤¥×¤¬É½µ­¤µ¤ì¤ë¤«¤ò¥Æ¥¹¥È¤·¤Þ¤·¤¿¡£É½¤ò¸«¤ì¤Ð¤ï¤«¤ë¤È¤ª¤ê¡¢·ë²Ì¤Ï¤«¤Ê¤ê¥Ð¥é¥Ð¥é¤Ç¤¹¡£¤Þ¤¿¡¢S/MIME¤Î¤¿¤á¤Ë»ÈÍѤµ¤ì¤ë»ö¤¬¤¢¤ê¡¢¼ÂºÝ¤Î¾ÚÌÀ½ñ¤Ç¤â¤«¤Ê¤ê´Þ¤Þ¤ì¤Æ¤¤¤ëemailAddress¤Î°À­¥¿¥¤¥×¤â¡¢É¸½à¤Ç¤Ï¼ÂÁõ¤òµá¤á¤Æ¤¤¤Ê¤¤¤¿¤á¤ËÂбþ¤Ë¤Ð¤é¤Ä¤­¤¬½Ð¤Æ¤¤¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

    º£¡¢¸«Ä¾¤·¤Æ¤ß¤ë¤ÈÅö»þ¤Ï¤Ê¤«¤Ã¤¿EV¾ÚÌÀ½ñÍѤΰʲ¼¤Î°À­¥¿¥¤¥×¤â¡¢º£¤Ê¤é¥Æ¥¹¥È¤¹¤Ù¤­¤À¤Ã¤¿¤«¤Ê¤¡¤È»×¤¤¤Þ¤¹¡£

    • jurisdictionOfIncorporationL - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(»ÔĮ¼)
    • jurisdictionOfIncorporationSP - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(ÅÔÆ»Éܸ©)
    • jurisdictionOfIncorporationC - Ë¡¿ÍÅÐÏ¿´É³íÃÏ(¹ñ)

    ¤Þ¤¿¡¢ ¥«¥ó¥Þ¤Ä¤Ê¤®¤Î¼±ÊÌ̾ɽµ­¤Ç¤¢¤ëRFC 2253¤È¤½¤Î¸å·Ñ¤ÎRFC 4584¤Î°ã¤¤¤Ë¤Ä¤¤¤Æ8ǯÁ°¤Îµ­»ö ¤Ç¤Þ¤È¤á¤Æ¤ª¤ê¡¢»ÅÍͤβþÄê¤Ë¤è¤Ã¤Æ¡¢¤è¤ê¼±ÊÌ̾ɽµ­¤¬°ì°Õ¤Ë¤Ê¤ëÊý¸þ¤Ë½¤Àµ¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢ »ÅÍͤÎÃæ¤Ç¡ÖRFC 4514¤Ï¼±ÊÌ̾ʸ»úÎó¤Ï°ì°Õ¤Ë¤Ê¤é¤Ê¤¤(=Àµµ¬²½¤·¤Ê¤¤)¡×¤È¤¤¤¦ »ö¤¬ÌÀµ­¤µ¤ì¤Æ¤ª¤ê¡¢¼±ÊÌ̾ʸ»úÎó¤Ï¡¢ÍÍ¡¹¤Êɽ¸½¤¬µö¤µ¤ì¤Æ¤ª¤ê¡¢ ñ½ã¤Êʸ»úÎóÈæ³Ó¤Ç¤ÏƱ¤¸¤Ç¤¢¤ë¤«¤É¤¦¤«¤òȽÃǤǤ­¤Ê¤¤»ö¤ËÃí°Õ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£

    ¼±ÊÌ̾¤ÎASN.1ÄêµÁ¤È¹½Â¤

    ¼¡¤Ë¡¢¼±ÊÌ̾¤¬¡¢ASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤Ë¤è¤ê¡¢¤É¤Î¤è¤¦¤Ë¥Ð¥¤¥ÈÎó¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¤ò¡¢ ÀâÌÀ¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¡¢¼±ÊÌ̾¤ÎASN.1ÄêµÁ¤ò¾Ò²ð¤·¤Þ¤·¤ç¤¦¡£ RFC 5280 4.1.2.4 Issuer¤è¤ê

    // X.500̾¡¢¼±ÊÌ̾(DN)¤ÏRDN¤ÎʤÓ(SEQUENCE) Name ::= CHOICE { rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName // RDN¤Ï¡¢AttributeTypeAndValue 1¤Ä°Ê¾å¤ÎSET // ¤Ä¤Þ¤ê¡¢Ê£¿ôAttributeTypeAndValue¤¬¤¢¤Ã¤Æ¤â¤è¤¤¡£ // ¤³¤ì¤¬Ê£¿ô¤¢¤ì¤Ð Multi-valued RDN RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue // °À­¥¿¥¤¥×¤È°À­ÃͤΥڥ¢ AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY // °À­ÃͤÏANY¤ÈÄêµÁ¤·¤Æ¤¤¤Ê¤¬¤é¤â¡¢DirectoryString¤Ç // ÄêµÁ¤µ¤ì¤¿¤¤¤º¤ì¤«¤Îʸ»ú¥¿¥¤¥×¤ò»ÈÍѤ¹¤ë DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1..MAX)), bmpString BMPString (SIZE (1..MAX)) }
    ¤Ä¤Þ¤ê¡¢
    • ¼±ÊÌ̾(DN)¤Ï¡¢ÁêÂм±ÊÌ̾(RDN)¤ÎʤÓ(SEQUENCE OF)¤Ç¤¢¤ê
    • ÁêÂм±ÊÌ̾(RDN)¤Ï¡¢Â°À­¥¿¥¤¥×¤ÈÃÍ(AttributeTypeAndValue)¤Î½¸¹ç(SET OF)¤Ç¤¢¤ê
    • °À­¥¿¥¤¥×¤ÈÃÍ(AttributeTypeAndValue)¤Ï¡¢Â°À­¥¿¥¤¥×¤ÈÃͤÎʤÓ(SEQUENCE)¤Ç¤¢¤ë
    ¤È¤¤¤¦»ö¤Ç¤¹¡£SEQUENCE¤ÈSET¤Ï¹½Â¤·¿¤È¸Æ¤Ð¤ì¤ëASN.1¥×¥ê¥ß¥Æ¥£¥Ö¤Ç¤¹¤¬¡¢
    • SEQUENCE¤ÏÇÛÎó¤Î¤è¤¦¤Ê¤â¤Î¤Ç¡¢½ç½ø´Ø·¸¤Î¤¢¤ëʤӤòɽ¤¹ºÝ¤Ë»È¤¤¤Þ¤¹¡£
    • SET¤Ï½¸¹ç¤Î¤è¤¦¤Ê¤â¤Î¤Ç¡¢¹½À®Í×ÁǤÎÃæ¤Ë¤ÏÆä˽ç½ø´Ø·¸¤Ï¤Ê¤¤¾ì¹ç¤Ë»È¤¤¤Þ¤¹¡£
    ¤Ä¤¤¤Ç¤Ë¡¢SEQUENCE¤äSET¤È¡¢SEQUENCE OF ¡Á¡¢SET OF ¡Á¤Î°ã¤¤¤Ç¤¹¤¬¡¢
    • ñ¤ËSEQUENCE¤äSET¤È¤Ê¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢¹½À®Í×ÁǤÎASN.1¥¯¥é¥¹¤¬°Û¤Ê¤ë¾ì¹ç¤Ë »È¤¤¤Þ¤¹¡£¾å¤ÎÎã¤Ç¤ÏAttributeTypeAndValue¤¬¤½¤ì¤ËÅö¤¿¤ê¤Þ¤¹¡£
    • SEQUENCE OF¡¢SET OF¤È¤·¤¿¾ì¹ç¡¢¹½À®Í×ÁǤÎASN.1¥¯¥é¥¹¤¬Æ±¤¸·¿¤Î¾ì¹ç¤Ë »È¤¤¤Þ¤¹¡£¾å¤ÎÎã¤Ç¤Ï¡¢Name¤äRDN¤¬¤½¤ì¤ËÅö¤¿¤ê¤Þ¤¹¡£

    ¤½¤ì¤Ç¤Ï¡¢Îã¤È¤·¤Æ°Ê²¼¤Î¼±ÊÌ̾¤òASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£

    CN=aaa,O=TEST,C=JP
    RFC 2253¤Î¾ì¹ç¤Ë¤Ï¡¢µÕ½ç¤ÇRDN¤¬Ê¤֤Τǡ¢°Ê²¼¤Î¤è¤¦¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤Þ¤¹¡£
    302A SEQUENCE(30) OF -- DN 310B SET(31) OF -- RDN[1] 3009 SEQUENCE(30) -- AttributeTypeAndValue 0603550406 ObjectIdentifier(06) countryName 13024A50 PrintableString(13) "JP" 310D SET(31) OF -- RDN[2] 300B SEQUENCE(30) -- AttributeTypeAndValue 060355040A ObjectIdentifier(06) organizationName 0C0454455354 UTF8String(0C) "TEST" 310C SET(31) OF -- RDN[3] 300A SEQUENCE(30) -- AttributeTypeAndValue 0603550403 ObjectIdentifier(06) commonName 0C03616161 UTF8String(0C) "aaa"
    ASN.1¥Ç¡¼¥¿¤Ï¥Ç¡¼¥¿·¿¤òɽ¤¹¥¿¥°¡¢¥Ð¥¤¥ÈĹ¡¢Ãͥǡ¼¥¿¤è¤ê¹½À®¤µ¤ì¡¢¾å¤ÎÎã¤ÎºÇ¸å¤Î¹Ô¤Ç¤Ï¡¢0C¤¬UTF8String·¿¡¢03¤¬¥Ð¥¤¥ÈĹ(=3)¡¢616161(=aaa)¤¬Ãͤòɽ¤·¤Æ¤¤¤Þ¤¹¡£

    ¤µ¤Æ¡¢¼¡¤ËMulti-valued RDN¤Î¾ì¹ç¤Ë¤Ï¤É¤Î¤è¤¦¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¡¢²¼¤ÎÎã¤ò¸µ¤Ë¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£¤³¤³¤Ç¤Ï¡¢CN=aaa¤ÈCN=a¤Î2¤Ä¤ÎAttributeTypeAndValue¤¬»ÈÍѤµ¤ì¤Æ¤¤¤Þ¤¹¡£

    CN=aaa+CN=a,O=TEST,C=JP
    ¤³¤ì¤òASN.1 DER¥¨¥ó¥³¡¼¥Ç¥£¥ó¥°¤¹¤ë¤È°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£ºÇ¸å¤ÎRDN¤ËÃíÌܤ·¤Æ¤¯¤À¤µ¤¤¡£CN=a¤ÈCN=aaa¤ÈÆó¤Ä¤ÎAttributeTypeAndValues¤¬¤¢¤ë¤³¤È¤¬³Îǧ¤Ç¤­¤Þ¤¹¡£¤Þ¤¿¡¢¤Þ¤¿¡¢CN=a¤ÈCN=aaa¤Ç¤Ï¡¢É¬¤ºCN=a¤¬Àè¤ËÍè¤ë¤³¤È¤Ë¤âÃíÌܤǤ¹¡£
    3034 DN 310B RDN[1] C=JP 3009 0603550406 13024A50 310D RDN[2] O=TEST 300B 060355040A 0C0454455354 3116 RDN[3] CN=aaa+CN=a SEQUENCE(30)¤¬2¤Ä¤¢¤ë 3008 ATV[1] CN=a CN=a¤ÎÊý¤¬Àè¤ËÍè¤Æ¤¤¤ë 0603550403 0C0161 300A ATV[2] CN=aaa 0603550403 0C03616161
    ¤³¤ÎRDNÃæ¤ÎCN=a¡¢CN=aaa¤Î½ç½ø´Ø·¸¤Ë¤ÏASN.1 DER¤ÈBER¤Î¤Á¤ç¤Ã¤È¤·¤¿°ã¤¤¤¬´Ø·¸¤¬¤¢¤ê¤Þ¤¹¡£DER¤ÏBER¤Î¥µ¥Ö¥»¥Ã¥È¤Ç¤Ê¤ó¤Ç¤¹¤¬¡¢BER¤Ç¤ÏÊ£¿ô¤Îɽ¸½¤¬µö¤µ¤ì¤ë¤Î¤ËÂФ·¡¢DER¤Ç¤Ïɬ¤º°ì°Õ¤Êɽ¸½¤Ë¤Ê¤ê¤Þ¤¹¡£¤½¤Î°ã¤¤¤òɽ¤Ë¤Þ¤È¤á¤Þ¤·¤¿¡£
    ASN.1 DERASN.1 BER
    ³µÍ×ASN.1¤Î°ì°Õ¤Ê¥¨¥ó¥³¡¼¥Éµ¬Â§ASN.1¤Î¥¨¥ó¥³¡¼¥Éµ¬Â§¡£DER¤Î¥¹¡¼¥Ñ¡¼¥»¥Ã¥È¤ÇDER¤Ç¤¢¤ì¤ÐBER
    ¶¦Ä̤ÎÆÃħÄÌ¿®¤ÎÀ¤³¦¤Ç¤ÏŤ¤Îò»Ë¤Î¤¢¤ë¡¢CPU¤äÀ°¿ô·¿¤Î¥µ¥¤¥º¤ËÀ©¸Â¤µ¤ì¤Ê¤¤¡¢µðÂç¤Ê¥Ç¡¼¥¿¤â°·¤¨¤ë¡¢Ç¤°Õ¤Î¹½Â¤²½¥Ç¡¼¥¿¤ò°·¤¨¤ë¥Ç¡¼¥¿É½¸½¡£XML, JSON¤ËÈæ¤Ù¥³¥ó¥Ñ¥¯¥È¡£
    ÍÑÅÓ¾ÚÌÀ½ñ¡¢CRL¡¢OCSP¡¢RFC3161¥¿¥¤¥à¥¹¥¿¥ó¥×S/MIME¥Ç¡¼¥¿¡¢CMS½ð̾¡¦°Å¹æ²½¥Ç¡¼¥¿¡¢PKCS#12
    Èæ³Óɬ¤ºÉ½¸½¤Ï°ì°Õ¡£Ä¶µðÂç¤Ê¥Ç¡¼¥¿¤Ç¤âŤµ¤¬Í½¤á¤ï¤«¤Ã¤Æ¤¤¤Ê¤¤¤È¤¤¤±¤Ê¤¤¤Î¤Ç¡¢¥¹¥È¥ê¡¼¥à½èÍý¤Ê¤ÉÉÔ¸þ¤­Ê£¿ô¤Îɽ¸½¤¬¤¢¤ë¡£Ä¶Â礭¤Ê¥Ç¡¼¥¿¤Ç¤â¼è¤ê°·¤¤²Äǽ
    SETÍ×ÁǤΥХ¤¥ÈÎó¤Ç¾º½ç¥½¡¼¥È¤¹¤ë¥½¡¼¥È¤·¤Ê¤¯¤ÆÎɤ¤
    BOOLEANTRUE¤Î¤ß»È¤¨¡¢FALSE¤Ï¾Êά¤¹¤ë¤è¤¦¥¯¥é¥¹ÄêµÁTRUE¡¢FALSE¤¬»È¤¨¤ë
    ÉÔÄêĹɽ¸½Ä¹¤µÉ½¸½¤Ï°ì°Õ¤Ç¡¢Í½¤á¥Ç¡¼¥¿¥µ¥¤¥º¤¬¤ï¤«¤Ã¤Æ¤¤¤Ê¤¤¤È¤¤¤±¤Ê¤¤¡£Ä¹¤µÉ½¸½¤ÇÉÔÄêĹɽ¸½¤¬»È¤¨¡¢Ä¹¤µ¤ò8000¤È¤·¤¿¾ì¹ç¤½¤ì¤Ï³«»Ïµ­¹æ¤Ç0000¤¬Â³¤¯¤Þ¤Ç°ì¤Ä¤ÎÍ×ÁǤǤ¢¤ê¡¢Â礭¤Ê¥Ç¡¼¥¿¤â°·¤¤¤ä¤¹¤¤¡£
    °Ê¾å¤Î¤è¤¦¤Ê°ã¤¤¤¬¤¢¤ê¡¢SET¤Î°ã¤¤¤Ë¤è¤êMulti-valued RDN¤ÎSET OF¤Î½ç½ø¤¬·è¤Þ¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¡£

    SET¤ÎÍ×ÁǤϡ¢³ÆÍ×ÁǤòASN.1¥¨¥ó¥³¡¼¥É¤·¤¿¤È¤­¤Î¾º½ç¤Î¼­½ñ½ç¤Ç¥½¡¼¥È¤µ¤ì¡¢¤¶¤Ã¤¯¤ê¸À¤¨¤Ð¡¢

    • Í×ÁǤÎû¤¤ÊªÄøÀè
    • Ʊ¤¸Ä¹¤µ¤Ê¤é°À­¥¿¥¤¥×¤ÎŤµ¤¬Ã»¤¤Êý¤¬Àè
    ¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Îã¤Ç¤ß¤Æ¤ß¤Þ¤·¤ç¤¦¡£
    3008 0603550403 0C0161 CN=a 300A 0603550403 0C03616161 CN=aaa ^^ Á´ÂΤÎŤµL¤¬08, 0A¤Î½ç¤Ë¤Ê¤ë¤Î¤ÇƱ¤¸Â°À­¥¿¥¤¥×Ĺ¤Ê¤é°À­ÃͤÎû¤¤Êý¤¬Àè C,O,OU,CN¤Ê¤É¼çÍפÊ°À­¥¿¥¤¥×¤ÏOID¤ÎÃͤ¬2.5.4.x¤Ë¤Ê¤ë¤Î¤ÇƱ°ì°À­¥¿¥¤¥×Ĺ
    Á´ÂΤÎŤµ¤¬Æ±¤¸»þ¡¢
    ^^ Á´ÂΤÎŤµ¤ÏƱ¤¸¤Ê¤é 3011 0603550403 0C0A6162636465666768696A CN=abcdefghij 3011 060B2B0601040182373C020103 0C024A50 jurisdictionOfIncorporateC=JP ^^ °À­¥¿¥¤¥×¤ÎÃͤÎû¤¤Êý¤¬Àè

    OpenSSL¤ÎMulti-valued RDNÂбþ

    OpenSSL¤ÏMULTI-valued RDN¤ËÂбþ¤·¤Æ¤ª¤ê¡¢"-multivalue-rdn"¤ò¤Ä¤±¤ë¤À¤±¤Ç¤¹¡£ Î㤨¤Ð¡¢´û¸¤ÎÈëÌ©¸°¤Ç¥ï¥ó¥é¥¤¥Ê¡¼¤ÇMulti-valued RDN¤Î¼«¸Ê½ð̾¾ÚÌÀ½ñ¤òºî¤ê¤¿¤¤»þ

    openssl genrsa 2048 > a.prv
    openssl req -new -key a.prv -x509 -subj /C=JP/O=Test/OU=b+CN=a -out c.cer -multivalue-rdn
    Multi-valued RDN¤Î¾ÚÌÀ½ñȯ¹ÔÍ×µá¤òºî¤ê¤¿¤¤¤È¤­
    openssl req -new -key a.prv -subj /C=JP/O=Test/OU=b+CN=a -out c.csr -multivalue-rdn
    ¤È¤Ê¤ê¤Þ¤¹¡£

    jsrsasign¤ÎMulti-valued RDNÂбþ

    jsrsasign¤Ï¡¢»ä¤¬¼ñÌ£¤Çºî¤Ã¤¿Pure JavaScript¤Ë¤è¤ë°Å¹æ¥é¥¤¥Ö¥é¥ê¤Ç¤·¤Æ¡¢2010ǯ¤°¤é¤¤¤«¤é¥Ü¥Á¥Ü¥Á²Ë¤ò¸«¤Ä¤±¤Æ¤ÏºòÆü¤òÄɲ䷤Ƥª¤ê¡¢ºÇ½é¤ÏRSA½ð̾¤À¤±¤À¤Ã¤¿¤â¤Î¤¬¡¢ASN.1¤ä¾ÚÌÀ½ñ¤ä¥¿¥¤¥à¥¹¥¿¥ó¥×¤äJOSE¤Ê¤ó¤«¡¢¼«Ê¬¤¬¡ÖÍߤ·¤¤¤Ê¡×¤È»×¤Ã¤¿»þ¤ËÁýÃÛ¤ò·«¤êÊÖ¤·¤Æ¤ª¤ê¡¢PKI¤äASN.1¤äJOSE(JWS,JWT,JWK)´Ø·¸¤Ç¤Á¤ç¤Ã¤È»î¤·¤¿¤¤¤Ê¤È»×¤Ã¤¿»þ¤Ë½ÅÊõ¤·¤Æ¤¤¤Þ¤¹¡£

    ¥¦¥§¥Ö¥Ö¥é¥¦¥¶¾å¤Ç¤â¡¢Node¤Ç¤â»È¤¨¡¢API¥É¥­¥å¥á¥ó¥È¤ä¥µ¥ó¥×¥ë¤â½¼¼Â¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¡¢·ë¹½¥æ¡¼¥¶¤ÏÀ¤³¦Ãæ¤Ë¤¤¤¿¤ê¡¢ºÇ¶á¤ÏSONY¤ä²£²Ï(¤ä¾¡¼ê¤Ë¤¦¤Á¤Î²ñ¼Ò¡Ê¡°¡°¡¨)¤Î¥Ï¡¼¥É¥¦¥§¥¢¾¦ÉʤǤâ»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤¬È¯³Ð¤·¤¿¤ê¡¢Node¤Înpm¥Ñ¥Ã¥±¡¼¥¸¤Ï·î´Ö10Ëü¼å¤Î¥À¥¦¥ó¥í¡¼¥É¤¬¤¢¤ë¤è¤¦¤Ç¡¢¥Û¥ó¥È¤¢¤ê¤¬¤¿¤¤ÏäǤ¹¡£

    JavaScript¤Î°Å¹æ¥é¥¤¥Ö¥é¥ê¤ÎAPI¤È¤·¤Æ¤Ï¡¢W3C Web Crypto API¤Ê¤É¤¢¤ë¤ó¤Ç¤¹¤¬¡¢¥â¥Ð¥¤¥ë¥Ö¥é¥¦¥¶¤Ç¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤Ê¤¤¥±¡¼¥¹¤¬¤¢¤Ã¤¿¤ê¡¢¸Å¤¤°Å¹æ¤¬»È¤¨¤Ê¤«¤Ã¤¿¤ê¡¢¤Á¤ç¤Ã¤È½ñ¤³¤¦¤È»×¤Ã¤Æ¤â²¿¹Ô¤â½ñ¤«¤Ê¤±¤ì¤Ð¤¤¤±¤Ê¤«¤Ã¤¿¤ê¡¢ÌÌÅݤ¯¤µ¤¤¤ó¤Ç¤¹¤è¤Í¡£¤½¤³¤Ç¡¢jsrsasign¤Ç¤Ï¡¢¡Ö¤Ê¤ë¤Ù¤¯¾¯¤Ê¤¤¹Ô¿ô¤Ç¤ä¤ê¤¿¤¤»ö¤¬¤Ç¤­¤ë¡×¤Ã¤Æ¤¤¤¦¤Î¤òÌÜɸ¤Ë¤·¤Æ¤¤¤Æ¡¢Î㤨¤Ð¸°¤Ê¤ó¤«¤ÏÈëÌ©¸°¤Ç¤â¸ø³«¸°¤Ç¤âPKCS#5¤Ç¤âPKCS#8¤Ç¤âJSON Web Key¤Ç¤â¤Ê¤ó¤Ç¤âKEYUTIL.getKey¤ËÅϤ·¤Æ¤·¤Þ¤¨¤ÐŬÅö¤Ë½èÍý¤·¤Þ¤¹¡£¤Þ¤¿¡¢PC¤Ç¤â¥¹¥Þ¥Û¤Ç¤âNode¤Ç¤â¡¢Â¿¾¯¸Å¤¤´Ä¶­¤Ç¤âJavaScript¤µ¤¨Æ°¤±¤Ð»È¤¨¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤Þ¤¿¡¢API¥É¥­¥å¥á¥ó¥È¤ä¥Á¥å¡¼¥È¥ê¥¢¥ë¤Î»ñÎÁ¤â¤Ç¤­¤ë¸Â¤ê½áÂô¤ËÍÑ°Õ¤·¤¿¤Ä¤â¤ê¤Ç¤¹¡£

    ³ä¤ÈºÇ¿·¤ÎÏäޤÇÆþ¤Ã¤Æ¤¤¤ë±Ñ¸ì¤ÎÆþÌ祹¥é¥¤¥É¤¬¤¢¤Ã¤¿¤ê¡¢
    slidee
    ¤Þ¤¿¤Á¤ç¤Ã¤È¸Å¤¤¤Ç¤¹¤¬¡¢2013ǯ¤ËJNSA¤ÎWG¤Ç¤ªÏä·¤¿jsrsasign¤Èjsjws¤¬Ê̤γ«È¯¥é¥¤¥ó¤À¤Ã¤¿»þ¤ÎÆþÌ祹¥é¥¤¥É ¤¬¤¢¤ë¤Î¤Ç¤è¤«¤Ã¤¿¤é»²¹Í¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
    slidej

    ¥É¥­¥å¥á¥ó¥ÈÎà¤ÏÀÛ¤¤±Ñ¸ì¤Î¤â¤Î¤·¤«¤Ê¤¯¤Æ¿½¤·Ìõ¤Ê¤¤¤Ç¤¹¤¬¡¢ÌäÂê¤È¤«¤¢¤ì¤Ð¡¢Issue¤Ë¤ÏÆüËܸì¤ÇÆþ¤ì¤Æ夤¤Æ¹½¤ï¤Ê¤¤¤Î¤ÇÆþ¤ì¤Æ失¤ì¤Ð¤È»×¤¤¤Þ¤¹¡£

    ¤Ç¡¢jsrsasign¤òMulti-valued RDNÂбþ¤µ¤»¤¿¤ê¡¢¥«¥ó¥Þ·Ò¤®DNÂбþ¤·¤¿¤¤¤Ê¤È»×¤Ã¤Æ¤¤¤Æ¡¢¤è¤¦¤ä¤¯6.2.2¤ò¥ê¥ê¡¼¥¹¤·¤¿ºÇ¶á¤Ë¤Ê¤Ã¤Æ¤«¤éÂбþ¤µ¤»¤Þ¤·¤¿¡£ Î㤨¤Ð¡¢Multi-valued RDN¤Î¼±ÊÌ̾¤¬¤É¤Î¤è¤¦¤ËASN.1 DER¥¨¥ó¥³¡¼¥É¤µ¤ì¤ë¤Î¤«¤Ê¤ó¤ÆÏäϡ¢¼¡¤Î¤è¤¦¤Ë³Îǧ¤Ç¤­¤Þ¤¹¡£

    % node > var X509Name = require("jsrsasign").KJUR.asn1.x509.X500Name; > new X509Name({str: "/C=JP/O=T1+CN=kjur"}).getEncodedHex(); '3027310b3009060355040613024a5031183009060355040a0c025431300b06035504030c046b6a7572'
    ¤¢¤È¤Ï¡¢¾ÚÌÀ½ñȯ¹ÔÍ×µá(CSR)¤òºî¤Ã¤¿¤ê¡¢
    var rs = require("jsrsasign"); var kp = rs.KEYUTIL.generateKeypair("RSA", 2048); pem = rs.KJUR.asn1.csr.CSRUtil.newCSRPEM({ subject: {ldapstr: 'OU=T1+CN=example.com,O=Test,C=US'}, ext: [ {subjectAltName: {array: [{dns: 'example.net'}]} ], sbjpubkey: pubKeyPEM, sigalg: "SHA256withRSA", sbjprvkey: prvKeyPEM });
    ¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤¿¤ê¤¹¤ë»þ¤Ë¤âMulti-valued RDN¤¬»È¤¨¤Þ¤¹¡£
    var pem = KJUR.asn1.x509.X509Util.newCertPEM({ serial: {int: 4}, sigalg: {name: 'SHA1withRSA', paramempty: true}, issuer: {str: '/C=US/O=a'}, notbefore: {str: '130504235959Z'}, notafter: {str: '140504235959Z'}, subject: {ldapstr: 'OU=kjur+CN=kjur,O=b,C=US'}, sbjpubkey: kp.pubKeyObj, ext: [ {basicConstraints: {cA: true, critical: true}}, {keyUsage: {bin: '11'}}, ], cakey: kp.pubKeyObj });
    ³ä¤ÈÍ»Ä̤¬Íø¤¯¤Î¤Ç¡¢¤è¤«¤Ã¤¿¤é»È¤Ã¤Æ¤ä¤Ã¤Æ¤¯¤À¤µ¤¤¡£

    ¤ª¤ï¤ê¤Ë

    ¤È¤¤¤¦¤ï¤±¤ÇĹ¡¹¡¢Multi-valued RDN¤ä¼±ÊÌ̾(DN)¤Î¤³¤È¤Ç¥À¥é¥À¥é½ñ¤¤¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤´¤á¤ó¤Ê¤µ¤¤¡£Ã¯¤«¤Î»²¹Í¤Ë¤Ê¤ì¤ÐÎɤ¤¤«¤Ê¡¢¤È»×¤¤¤Þ¤¹¡£

    Äɵ­(2016.12.19)

    ¤¢¤Ã¡¢¸í²ò¤µ¤ì¤Ê¤¤¤è¤¦¤Ë½ñ¤¤¤Æ¤ª¤­¤Þ¤¹¤È¡¢»ä¤È¤·¤Æ¤Ï¡¢Multi-valued RDN¤ò¹­¤á¤¿¤¤¤È¤«¡¢»È¤¦¤Ù¤­¤À¤È¤«¸À¤¦¤Ä¤â¤ê¤ÏÌÓƬ¤¢¤ê¤Þ¤»¤ó¡£Áê¸ß±¿ÍÑÀ­¤¬¹â¤¤Êý¸þ¤Ç¥¤¥ó¥Õ¥éÀ߷פ¹¤ë¤Î¤¬¸¶Â§¤Ç¤¢¤ê¡¢»È¤ï¤Ê¤¯¤ÆºÑ¤à¤Ê¤é»È¤ï¤Ê¤¤Êý¤¬¤¤¤¤¤Ç¤·¤ç¤¦¡£¤¿¤À¡¢¼õ¤±¼è¤Ã¤¿¤È¤·¤Æ¤â¡¢¤Ó¤Ã¤¯¤ê¤·¤Ê¤¤¤Ç¤Í¡¢¤È¡¢¡¢¡¢¡¢£÷

    ´ØÏ¢µ­»ö

    (¾®¥Í¥¿)¥¹¥Þ¥Û¤ÇS/MIME½ð̾¡¦°Å¹æ¥á¡¼¥ë»È¤¦¤Ê¤édocomo¤Ï¤ª¤ä¤á¤Ê¤µ¤¤

    ¤¤¤ä¡Á¡¢¥·¥ë¥Ð¡¼¥¦¥£¡¼¥¯²Ë¤Ç¤¹¤ï¡Á¡Á¡Á¡£iPhone¤È¤¤¤¦¤«iOS¤Îɸ½à¥á¡¼¥ë¥½¥Õ¤Ë¤ÏS/MIME½ð̾¡¦°Å¹æ¥á¡¼¥ë¤Îµ¡Ç½¤¬¤¢¤Ã¤Æ¡¢S/MIMEÍѾÚÌÀ½ñ¤È¤¤¤¦¥á¡¼¥ë¥¢¥É¥ì¥¹¤Î½ñ¤«¤ì¤¿¥Ç¥¸¥¿¥ë¾ÚÌÀ½ñ¤¬¤¢¤ì¤Ð¡¢¼«Ê¬¤¬Á÷¤Ã¤¿¥á¡¼¥ë¤ÎËÜʸ¤¬²þ¤¶¤ó¤µ¤ì¤Ê¤¤¤è¤¦¤Ë¥Ç¥¸¥¿¥ë½ð̾¤ÇÊݸ¤¿¤ê¡¢Á÷¿®Àè¡¢Á÷¿®¼Ô¤·¤«¥á¡¼¥ë¤¬¸«¤é¤ì¤Ê¤¤¤è¤¦¤Ë°Å¹æ¥á¡¼¥ë¤òÁ÷¤Ã¤¿¤ê¡¢¼õ¿®¤·¤¿¤ê¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

    Àè·î¤¢¤¿¤ê¡¢docomo iPhone¤ÎS/MIME¥á¡¼¥ë¤Ç¤Á¤ç¤Ã¤ÈÌäÂ꤬¤¢¤ë¤³¤È¤òÃΤäơ¢º£Æü¤Ï½ñ¤­¤½¤Ó¤ì¤Æ¤¤¤¿¤½¤Î¤³¤È¤ò¥Ö¥í¥°¤Ë½ñ¤³¤¦¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£

    ¤¢¤ëÆü¡¢²ñ¼Ò¤«¤éS/MIME½ð̾¥á¡¼¥ë¤òdocomo¤ÎiPhone¤ËÁ÷¤Ã¤Æ¤ß¤¿¤È¤³¤í¡¢¤³¤ó¤Ê´¶¤¸¤Ëɽ¼¨¤µ¤ì¤Þ¤·¤¿¡£
    IMG_0727
    ºÇ½é¤Ï¡¢²ñ¼Ò¤Î¸¡±Ü¤È¤¤¤¦¤«¥Õ¥£¥ë¥¿¥ê¥ó¥°¤Ë¤è¤Ã¤Æ¡¢S/MIME½ð̾¥á¡¼¥ë¤Î½ð̾Éôʬ¤òºï½ü¤·¤ÆÁ÷¤Ã¤Æ¤¤¤ë¤ó¤À¤í¤¦¤È»×¤Ã¤Æ¡¢¾ðÊó¥·¥¹¥Æ¥à¤Î±¿ÍÑÉôÌç¤ËÌ䤤¹ç¤ï¤»¤Æ¤ß¤¿¤ó¤Ç¤¹¤¬¡¢Æäˤ½¤Î¤è¤¦¤Ê¥Õ¥£¥ë¥¿¥ê¥ó¥°¤Ï¤·¤Æ¤¤¤Ê¤¤¤È¤Î»ö¡£¤µ¤é¤Ë¡¢¤¤¤í¤¤¤íÄ´¤Ù¤Æ¤¯¤ì¡¢au¤äSoftbank¤Ê¤É¤Ç¤Ï¤³¤Î¤è¤¦¤ÊÌäÂê¤ÏȯÀ¸¤»¤º¡¢Á÷¿®À褬docomo¤Î»þ¤À¤±È¯À¸¤¹¤ëÌäÂê¤À¤È¤ï¤«¤ê¤Þ¤·¤¿¡£

    ¤¤¤í¤¤¤í¡¢¥Í¥Ã¥È¤ÇÄ´¤Ù¤Æ¤ß¤ë¤È¡¢¤³¤ó¤ÊOCN¤Î¥Ú¡¼¥¸¤ò¸«¤Ä¤±¤Þ¤·¤¿¡£

    OCN¤«¤é¤Î¤ªÃΤ餻¡§ÅŻҽð̾¤Ë´Ø¤¹¤ë¤è¤¯¤¢¤ë¤ªÌ䤤¹ç¤ï¤»¤è¤ê°úÍÑ
    • Q: ¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤ÇÅŻҽð̾Éե᡼¥ë¤ò¼õ¿®¤¹¤ë¤È¤É¤¦¤Ê¤ê¤Þ¤¹¤«¡©
    • A: ¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Ç¼õ¿®¤·¤¿¾ì¹ç¡¢(...Ãæά...) (docomo¤ÎSP¥â¡¼¥É¤Î¤è¤¦¤Ê)·ÈÂÓÅÅÏäÈƱ¤¸³ÎǧÊýË¡¤¬¤¢¤ê¤Þ¤¹¡£(Ãæά)·ÈÂÓÅÅÏäÈƱ¤¸Êý¼°¤Ç¥á¡¼¥ë¤ò¼õ¿®¤µ¤ì¤¿¾ì¹ç¤Ï¡¢ÅŻҽð̾¤½¤Î¤â¤Î¤¬¡Öºï½ü¡×¤µ¤ì¤Þ¤¹¡£¤½¤Î¤¿¤á¡¢ÅŻҽð̾¤Ê¤·¤ÎÄ̾ï¤Î¥á¡¼¥ë¤ÈƱ¤¸°·¤¤¤Ë¤Ê¤ê¤Þ¤¹¡£
    ºÇ½é¡¢OCN¤ÎÅŻҽð̾ºï½ü¤Î¤ªÃΤ餻¥Ú¡¼¥¸¤ò¸«¤Ä¤±¤¿¤Î¤Ç¡¢docomo.ne.jp¤Î¥á¡¼¥ë¤ÏOCN¤ò»È¤Ã¤Æ¤¤¤ë¤Î¤À¤È´ª°ã¤¤¤·¤Æ¤¤¤¿¤ó¤Ç¤¹¤¬¡¢¤¤¤í¤ó¤ÊÊý¤Ë¥³¥á¥ó¥È夭¡¢iPhone¤Çdocomo.ne.jp¥É¥á¥¤¥ó¤Î¥á¡¼¥ë¤ò»È¤¦¾ì¹ç¤Ë¤Ï¡¢¥±¡¼¥¿¥¤¤Ç»È¤ï¤ì¤ëSP¥â¡¼¥É¥á¡¼¥ë¤ò¥¯¥é¥¦¥É¤Ç´ÉÍý¤¹¤ë¥É¥³¥â¥á¡¼¥ë¤È¤¤¤¦»ÅÁȤߤÇÁ÷¼õ¿®¤¹¤ë¤½¤¦¤Ç¤¹¡£

    SP¥â¡¼¥É¥á¡¼¥ë¤ä¥É¥³¥â¥á¡¼¥ë¤ÇÅŻҽð̾¤òºï½ü¤·¤Æ¤·¤Þ¤¦¤È¤¤¤¦ÀâÌÀ¤Ï·ë¶É¸«¤Ä¤±¤ë¤³¤È¤¬¤Ç¤­¤Ê¤«¤Ã¤¿¤Î¤Ç¤¹¤¬¡¢i¥â¡¼¥É¥á¡¼¥ë¤Ë´Ø¤·¤Æ¤Ï°Ê²¼¤Î¤è¤¦¤Êµ­½Ò¤ò¸«¤Ä¤±¤ë¤³¤È¤¬¤Ç¤­¤Þ¤·¤¿¡£¾É¾õ¤È¤·¤Æ¤ÏiPhone¤Ç¤Îdocomo.ne.jp¤Î¥á¡¼¥ë¤Î¾õ¶·¤ÈƱ¤¸¤«¤Ê¤È»×¤¤¤Þ¤¹¡£

    docomo: i¥â¡¼¥É¥á¡¼¥ë¤Ç¤Ç¤­¤ë¤³¤È¤è¤ê
    ÅŻҽð̾ÉÕ¤­¥á¡¼¥ë¤¬¼õ¿®¤Ç¤­¤ë
    ÅŻҽð̾¤¬¤¢¤ë¥á¡¼¥ë¤â¼õ¿®¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£
    Ãí°ÕÅŻҽð̾Éô¤Ïi¥â¡¼¥É¥»¥ó¥¿¡¼¤Çºï½ü¤µ¤ì¡¢¥á¡¼¥ëËÜʸ¤Ë¡ÖÅŻҽð̾ºï½ü¡×¤¬ÁÞÆþ¤µ¤ì¤Þ¤¹¡£
    ¤ª¡¢¤ª¤¤¤ª¤¤¡ª¡ª¡ªdocomo¤Î¥±¡¼¥¿¥¤¥á¡¼¥ë(SP¥â¡¼¥É)¤ÎS/MIME½ð̾¡¦¥á¡¼¥ëÂбþ¤Ë¤Ä¤¤¤Æ¡¢¤É¤³¤Ë¤âÃíµ­¤äÀâÌÀ¤Ï¤Ê¤¤¤è¤¦¤Ê¤Î¤Ç¤¹¤¬¡¢Â¿Ê¬¥¤¥ó¥Õ¥é¤È¤·¤ÆOCN¤ÈƱ¤¸´Ä¶­¤«»÷¤¿¤â¤Î¤ò»È¤Ã¤Æ¤¤¤ë¤È»×¤ï¤ì¡¢ S/MIME½ð̾¥á¡¼¥ë¤¬Á÷¤é¤ì¤Æ¤¯¤ë¤È¡¢°ìΧ¡¢S/MIMEÅŻҽð̾Éôʬ¤òºï½ü¤·¤Æ¤¯¤ì¤ë¤Î¤À¤½¤¦¤Ç¤¹¡£¤Ò¤É¤¤Ï两ã¤Ê¤¤¤Ç¤¹¤«¡£¤»¤Ã¤«¤¯²þ¤¶¤ó¸¡Ãε¡Ç½¤Î¤¿¤á¤ËS/MIME½ð̾¥á¡¼¥ë¤òÁ÷¤Ã¤Æ¤¤¤ë¤Î¤Ë¡¢S/MIME½ð̾¤òºï½ü¤·¤Æ¡¢ËÜʸ¤ò½ñ¤­´¹¤¨¤ÆÁ÷¤Ã¤Æ¤¯¤ë¤Î¤Ç¤¹¡£

    ¥Õ¥¡¥¤¥ë¥µ¥¤¥º¤¬Â礭¤¤¤«¤é¤È¤«¡¢¥¦¥£¥ë¥¹´¶À÷¤Î¥ê¥¹¥¯¤¬¤¢¤ë¤«¤é¡¢¤È¤«²¿¤«Íýͳ¤¬¤¢¤ì¤Ð¡¢ºï½ü¤·¤Æ¤¯¤ë¤Î¤â¤ï¤«¤ê¤Þ¤¹¤¬¡¢Â礭¤Ê¥µ¥¤¥º¤Î²èÁü¤Ç¤âÁ÷¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¤·¡¢²¿¸Î¤«S/MIME½ð̾(¤È¿ʬS/MIME°Å¹æ¥á¡¼¥ë¤â)¤½¤ÎÉôʬ¤À¤±ºï½ü¤·¤ÆÁ÷¤Ã¤Æ¤¯¤ë¤Î¤Ç¤¹¡£¤Ê¤ó¤Ç¡¢¾¡¼ê¤Ë¤³¤ó¤Ê¤³¤È¤ò¤·¤Æ¤¯¤ì¤ë¤ó¤Ç¤¹¤«¤Í¤§¡©

    ¤»¤Ã¤«¤¯¤ÎiPhone¡¢iPad¤Îɸ½à¥á¡¼¥ë¥½¥Õ¥È¤ÎS/MIME½ð̾¡¦°Å¹æ¥á¡¼¥ë¤Îµ¡Ç½¤ò»È¤¤¤¿¤¤¤Ê¤é¡¢docomo¤Ï»È¤¤Êª¤Ë¤Ê¤é¤Ê¤¤¤Î¤Ç¡¢au¤äSoftbank¤ò»È¤¤¤Ê¤µ¤¤¤È¤¤¤¦»ö¤Ê¤Î¤À¤í¤¦¤È»×¤¤¤Þ¤¹¡£

    Android¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤³¤Î¿ôǯ¤º¤Ã¤ÈÎɤ¤S/MIMEÂбþ¥á¡¼¥ë¥¢¥×¥ê¤òõ¤·¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢Ì¤¤ÀÎɤ¤¥¢¥×¥ê¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó¡£¤É¤Ê¤¿¤«Îɤ¤¾ðÊ󤬤¢¤ì¤Ð¶µ¤¨¤Æ²¼¤µ¤¤¡£¤è¤í¤·¤¯¤ª´ê¤¤¤·¤Þ¤¹¡£

    º£ÈդϤ³¤ÎÊդǡ£

    (Äɵ­ 2015.09.22 07:00)

    OCN¤Ë¤Ä¤¤¤Æ¡¢Active Sync»È¤Ã¤ÆÌäÂê¤Ê¤¯Á÷¤ì¤Æ¤¤¤ë¤È¤Î¥³¥á¥ó¥È¤ò夭¤Þ¤·¤¿¡£¥³¥á¥ó¥ÈÍó¤´Í÷¤¯¤À¤µ¤¤¡£µ­»ö¤âľ¤·¤Æ¤ª¤ê¤Þ¤¹¡£

    (Äɵ­ 2015.09.22 10:00)

    ¥Ö¥í¥°¤Ë¤Ä¤¤¤Æ¤¤¤í¤¤¤í¡¢¥³¥á¥ó¥È¤ä¥ê¥Ä¥¤¡¼¥È¤Ê¤É¤¤¤¿¤À¤­¡¢docomo(mopera)¤Î¥á¡¼¥ë¤ÈOCN¤Ï̵´Ø·¸¤È¤¤¤¦¤³¤È¤¬¤ï¤«¤ê¤Þ¤·¤¿¡£¤¢¤ê¤¬¤È¤¦¤´¤¶¤¤¤Þ¤¹¡£docomo¤Î¥á¡¼¥ë(i¥â¡¼¥É¥á¡¼¥ë¡©)¤Ï¡¢¤³¤Î¥Ú¡¼¥¸¤Ç°Ê²¼¤Î¤è¤¦¤ÊÀâÌÀ¤¬¤¢¤ê¤Þ¤·¤¿¡£

    ÅŻҽð̾ÉÕ¤­¥á¡¼¥ë¤¬¼õ¿®¤Ç¤­¤ë
    ÅŻҽð̾¤¬¤¢¤ë¥á¡¼¥ë¤â¼õ¿®¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£
    Ãí°Õ¡§ÅŻҽð̾Éô¤Ïi¥â¡¼¥É¥»¥ó¥¿¡¼¤Çºï½ü¤µ¤ì¡¢¥á¡¼¥ëËÜʸ¤Ë¡ÖÅŻҽð̾ºï½ü¡×¤¬ÁÞÆþ¤µ¤ì¤Þ¤¹¡£

    Windows¿®Íꤹ¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¥³¥ó¥×¤Ø¤ÎÆ»(Âè°ì²ó)

    ÀèÆü¤Î¥Ö¥í¥°¡ÖWindows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¥×¥í¥°¥é¥à(2014.09)¤Èµº¸À¤Ê¤É¡×¤Ç¡¢

    ¥ª¥Õ¥é¥¤¥ó¤Ç¥ë¡¼¥È¾ÚÌÀ½ñ¤ò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¸ø¼°¥¢¥Ã¥×¥Ç¡¼¥¿¡¼ http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe ¤«¤é¥ë¡¼¥È¾ÚÌÀ½ñ¤¬¡ÖÈ´¤±¤ë¡×¤ó¤¸¤ã¤Í¡©¤ÈË¿ÌÚ¼ÂçÀèÀ¸¤«¤é¤´»ØŦ¤¤¤¿¤À¤­¤Þ¤·¤¿¡£
    ¼ÂºÝ¤Ë»î¤·¤Æ¤ß¤¿¤Î¤Ç¡¢¤Á¤ç¤Ã¤È½ñ¤¤¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

    ¥ë¡¼¥È¾ÚÌÀ½ñ¥¢¥Ã¥×¥Ç¡¼¥¿¡¼¤«¤éSST¤Î¼è¤ê½Ð¤·

    Windows 7°Ê¹ß¤Î¥ª¥Õ¥é¥¤¥ó´Ä¶­¤Ç¡¢¿®Íꤹ¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¤Î¥ê¥¹¥È¤ò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤Î¤Ë¥¢¥Ã¥×¥Ç¡¼¥¿¡¼ http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe¤¬¤¢¤ë¤È¤¤¤¦¤Î¤Ç¡¢ÁᮥÀ¥¦¥ó¥í¡¼¥É¤·¤Æ¤ß¤Þ¤¹¡£wget¤Ç¥Ø¥Ã¥À¸«¤Æ¤ß¤ë¤ÈºÇ½ª¹¹¿·¤Ï"Wed, 12 Nov 2014 17:33:07 GMT"¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢ºÇ¿·¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤Ë¤ÏÂбþ¤·¤Æ¤½¤¦¤«¤Ê¡©¤È¤â»×¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢¸å¤ËºÇ¿·¤Î¥ë¡¼¥È¹¹¿·¤Ë¤ÏÂбþ¤·¤Æ¤Ê¤«¤Ã¤¿¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹orz

    ¤³¤ì¤ÏCAB·Á¼°¼«¸Ê²òÅॢ¡¼¥«¥¤¥Ö¤ß¤¿¤¤¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢exe2cab(Vector¤Î¤Ï64bit¤Ç¤ÏÆ°ºî¤»¤º)¤ò»È¤Ã¤ÆÃæ¿È¤Îcab¥Õ¥¡¥¤¥ë¤ò¼è¤ê½Ð¤·¤Þ¤¹¡£

    cab¥Õ¥¡¥¤¥ë¤ÎÃæ¤Ï¤³¤ó¤Ê´¶¤¸¡£

    ADVPACK.DLL
    authroots.sst - ¥ë¡¼¥È¤Î¥¹¥â¡¼¥ë¥»¥Ã¥È¡©
    delroots.sst - ºï½ü¤¹¤ë¥ë¡¼¥È
    roots.sst - ºÇ¾®¸Â¤Î2¤Ä¤Î¥ë¡¼¥È
    rootsupd.inf -
    updroots.exe - ¥ë¡¼¥È¤ò¹¹¿·¤¹¤ë¥×¥í¥°¥é¥à
    updroots.sst - Äɲ䵤ì¤ë¿¤¯¤Î¥ë¡¼¥È
    
    cab¥Õ¥¡¥¤¥ë¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¸«¤Æ¤ß¤¿¤é¡¢2013ǯ4·î¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢¤É¤¦¤âľ¶á¤Î2014ǯ9·î¤Î¹¹¿·¤ËÂбþ¤·¤¿¥¢¥Ã¥×¥Ç¡¼¥È¥Õ¥¡¥¤¥ë¤Ç¤Ï̵¤µ¤½¤¦¤ÊÊ·°Ïµ¤¤Ç¤¹¡£

    SST¥Õ¥¡¥¤¥ë¤«¤é¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¼è¤ê½Ð¤·

    *.sst¥Õ¥¡¥¤¥ë¤ÏMicrosoft Serialized Certificate Files¤È¤¤¤¦¥Õ¥©¡¼¥Þ¥Ã¥È¤é¤·¤¯¡¢Á°¤Ë¤âÎϵ»¤Ç¾ÚÌÀ½ñ¼è¤ê½Ð¤¹¥¹¥¯¥ê¥×¥È¤ò½ñ¤¤¤¿µ­²±¤¬¤¢¤ë¤ó¤Ç¤¹¤¬orz¡¢¤Á¤ç¤Ã¤ÈÄ´¤Ù¤Æ¤ß¤¿¤éPowerShell¤ÎExport-Certificate¤äImport-Certificate¤ÇÁàºî¤Ç¤­¤½¤¦¤ÊÊ·°Ïµ¤¡£¥µ¥ó¥×¥ë¤Ë¤ÏSST¤Ë¾ÚÌÀ½ñ¤òÄɲ乤ëÎã¤Ê¤ó¤«¤â¾Ò²ð¤µ¤ì¤Æ¤¤¤Þ¤·¤¿¡£¤È¤³¤í¤¬¡¢¤É¤¦¤âSST¤«¤é¾ÚÌÀ½ñ¤ò¼è¤ê½Ð¤¹ÊýË¡¤¬¤è¤¯¤ï¤«¤é¤º¤Ë·ë¶ÉÃÇÇ°¡£

    ¤â¤¦¤Á¤ç¤Ã¤ÈÄ´¤Ù¤Æ¤ß¤ë¤ÈSST¤ÎÃæ¤Î¸Ä¡¹¤Î¾ÚÌÀ½ñ¥¨¥ó¥È¥ê¤ÏSerializedCertificateEntry¤È¤¤¤¦¹½Â¤¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤é¤·¤¯¡¢SST¤Î¥Ø¥Ã¥À¾ðÊó¤Î¤¢¤È¤Ï¤³¤ÎʤӤˤʤäƤ¤¤ë¤Î¤Ç¡¢Perl¤Ç¤Á¤ã¤Á¤ã¤Ã¤ÈÈ´¤­½Ð¤¹¥¹¥¯¥ê¥×¥È¤ò½ñ¤­¤Þ¤·¤¿¡£

    id - 4byte 0x00000020
    encodingType - 4byte 0x00000001 (= ASN.1 encoding)
    length - 4byte ³¤¯¾ÚÌÀ½ñ¥Ç¡¼¥¿¤ÎŤµ
    certificate - ²ÄÊÑĹ ¾ÚÌÀ½ñÀ¸¥Ç¡¼¥¿
    

    ¼è¤ê½Ð¤»¤¿¾ÚÌÀ½ñ¤Î¿ô¤Ï¤³¤ó¤Ê´¶¤¸¡¢2014ǯ9·î¤Î¥ë¡¼¥È¤Î¹¹¿·¤Ç¤Ï411¤À¤½¤¦¤Ç¤¹¤«¤é¡¢¤«¤Ê¤ê¾¯¤Ê¤á¡£¸Å¤¤¾ðÊó¤Ã¤Ý¤¯¤Æ¤Á¤ç¤Ã¤È°à¤¨µ¤Ì£¡£

    SST¥Õ¥¡¥¤¥ë¥ë¡¼¥È¾ÚÌÀ½ñ¿ô
    authroots.sst77
    roots.sst6
    updroots.sst275
    ·×358

    ¤Ç¡¢¤Ý¤Á¤Ý¤Á¥ë¡¼¥È¾ÚÌÀ½ñ¤ò³«¤¤¤Æ¤ß¤ë

    ¤È¤Þ¤¡¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¼è¤ê½Ð¤·¤Ï¤Ç¤­¤¿¤Î¤Ç¡¢¤³¤ì¤ò¤½¤ì¤¾¤ì³«¤¤¤Æ¤ß¤ë¤È ¡Ö¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥ª¥×¥·¥ç¥ó¡ä¥³¥ó¥Æ¥ó¥Ä¡ä¾ÚÌÀ½ñ¡ä¿®Íꤵ¤ì¤¿¥ë¡¼¥Èǧ¾Úµ¡´Ø¡×¤Ë ̤ɽ¼¨¤Î¤â¤Î¤À¤Ã¤¿¤é¡¢É½¼¨¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£

    Windows 8.1 Pro¤ÎºÇ¿·¥Ñ¥Ã¥ÁºÑ¤Î´Ä¶­¤Ç¡¢358¤Î¤¦¤Á¡¢Í­¸ú´ü¸ÂÀÚ¤ì¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤â¤Î¤ä¡¢¤¹¤Ç¤ËMicrosoft¤¬ÅÐÏ¿ºï½ü¤·¤Æ¤¤¤ë¤â¤Î¤â¤¢¤ë¤è¤¦¤Ç¡¢ºÇ½ªÅª¤Ë¤Ï271¸Ä¤Î¥ë¡¼¥Èǧ¾Úµ¡´Ø¤¬¤Á¤ã¤ó¤Èɽ¼¨¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£¤³¤ì¤Îºî¶ÈÁ°¤Ï³Î¤«27¤À¤Ã¤¿¤Î¤Ç¡¢ÂçÌö¿Ê¤È¤¤¤¦´¶¤¸¤Ç¤Ï¤¢¤ê¤Þ¤¹¡£
    winroot
    (TURKTRUST¤¬É½¼¨¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Ë¾°Õ¤Ï¤¢¤ê¤Þ¤»¤ó¡Ê¡°¡°¡¨

    ¤ª¤ï¤ê¤Ë

    ¤¤¤ä¡Á¡Á¡¢±£¤·µå¤Ã¤Ý¤¯¤Æµ¤»ý¤Á°­¤«¤Ã¤¿¤Î¤¬¡¢É½¼¨¤µ¤ì¤Æ¿ïʬ¤¹¤Ã¤­¤ê¤·¤Þ¤¹¤Í¡Á¡Á¡£¤¿¤À¡¢

    ¤ä¤Ã¤È271¤Ïɽ¼¨¤µ¤ì¤¿¤¬411¤Þ¤Ç¤Ï¤Þ¤À±ó¤¤

    »ä¤Ï¥Ó¥Ã¥¯¥ê¥Þ¥ó¥Á¥ç¥³À¤Âå¤Ç¤Ï¤Ê¤¤¤Ç¤¹¤¬¡¢²¾Ì̥饤¥À¡¼¥¹¥Ê¥Ã¥¯¤È¤«½¸¤á¤Þ¤·¤¿¤Í¡Á¡Á¡£¥½¥·¥ã¥²¡¼¤Î¥³¥ó¥×¥¬¥Á¥ã¤ß¤¿¤¤¤ó¤Ê¤â¤ó¤Ê¤ó¤Ç¤¹¤«¤Í¡Á¡Á¡£ºÇ¸å¤Þ¤Ç¤Á¤ã¤ó¤Èɽ¼¨¤µ¤»¤¿¤¯¤Ê¤ê¤Þ¤¹¤è¤Í¡Á¡Á¡Á¡£ 411¤Þ¤Ç¤Ï¤Þ¤ÀÆ»¤Î¤ê¤Ï±ó¤¤´¶¤¸¤Ç¤¹¤Í¤§¡£¤ä¤Ã¤Ñ¤ê¡¢Certificate Transparency¤Î¥Ç¡¼¥¿¤Ë¼ê¤ò¤Ä¤±¤Ê¤¤¤È¤¤¤«¤ó¤«¤Ê¤¡¡¢¡¢¡¢¤È»×¤Ã¤Æ¤¤¤ë¤È¤³¤í¤Ç¤¹¡£

    º£Æü¤Ï¡¢¤³¤ÎÊդǡ¢¡¢¡¢

    ´ØÏ¢µ­»ö

    Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¥×¥í¥°¥é¥à(2014.09)¤Èµº¸À¤Ê¤É

    ¿ïʬÀΤÎÏäˤʤê¤Þ¤¹¤¬¡¢ 2014ǯ9·î¤Ë¸½»þÅÀ¤ÇºÇ¿·¤ÎWindows¥ë¡¼¥È¾ÚÌÀ½ñ¥×¥í¥°¥é¥à¤Î¥ê¥¹¥È¤¬¸ø³«¤µ¤ì¤Æ¤ª¤ê¡¢º£Æü¤Ïµ×¡¹¤Ë¤³¤ì¤ò¸«¤Æ¤¤¤³¤¦¤È»×¤¤¤Þ¤¹¡£

    ¿ôǯÁ°¡¢Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¥×¥í¥°¥é¥à¤ÇÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¤Ë¤É¤ó¤ÊÊѹ¹¤¬¤¢¤Ã¤¿¤Î¤«¡¢Ä´ºº¤ò¤·¤Æ¥Ö¥í¥°¤Ç¸ø³«¤·¤Æ¤¤¤¿»þ´ü¤¬¤¢¤ê¤Þ¤·¤¿¡£¤½¤Î»þ¤ÏWindows XP¤Î»þÂå¤Ç¡¢ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¤Ï¤¹¤Ù¤Æɽ¼¨¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤¿¤Î¤Ç¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤òÁ´Éô¼è¤ê½Ð¤¹¥×¥í¥°¥é¥à¤ò½ñ¤¤¤Æ¡¢Á°²ó¤È¤Îº¹Ê¬¤òÈæ³Ó¤·¤Æ¤¤¤¿¤À¤±¤À¤Ã¤¿¤Î¤Ç¡¢Èæ³ÓŪ´Êñ¤ËÄ´ºº¤¬¤Ç¤­¤¿¤ï¤±¤Ç¤¹¡£

    ¤È¤³¤í¤¬¡¢Windows 7°Ê¹ß¡¢Windows¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤Ï¡¢ºÇ½é¤«¤é¤¹¤Ù¤ÆÅÐÏ¿¤µ¤ì¤ë¤ï¤±¤Ç¤Ï¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤Á¤ã¤ó¤ÈÄ´¤Ù¤¿¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¤ï¤«¤é¤Ê¤¤¤Î¤Ç¤¹¤¬¡¢³Î¤«OS¥¤¥ó¥¹¥È¡¼¥ëľ¸å¤Ï15¡Á25¤°¤é¤¤¤Î¼çÍפʥ롼¥Èǧ¾Úµ¡´Ø¤·¤«ÅÐÏ¿¡¢¤Ê¤é¤Ó¤Ëɽ¼¨¤µ¤ì¤Æ¤ª¤é¤º¡¢É½¼¨¤µ¤ì¤Æ¤¤¤Ê¤¤¥ë¡¼¥Èǧ¾Ú¶É¤Î¥µ¥¤¥È¤Ë¥¢¥¯¥»¥¹¤·¤¿¾ì¹ç¤Ë¡¢Æ°Åª¤ËÅÐÏ¿¤µ¤ì¤¿¥ë¡¼¥È¾ÚÌÀ½ñ¤¬Äɲ䵤ì¤ë¤è¤¦¤Ê»ÅÁȤߤËÊѹ¹¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

    Windows 7°Ê¹ß¤Î¥ë¡¼¥Èǧ¾Ú¶É¥ê¥¹¥È¤Î»ÅÁȤߤÎÌäÂêÅÀ

    Windows 7¤è¤êƳÆþ¤µ¤ì¤¿¥ë¡¼¥Èǧ¾Ú¶É¥ê¥¹¥È¤ÎÇÛÉÛÊý¼°¤Ï¡¢¸Ä¿ÍŪ¤Ë¡Ö¥¹¥Ã¥­¥ê¤·¤Ê¤¤¡×¤È¤¤¤¦¤«¡Ö·ù¤À¤Ê¤¡¡×¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£Íýͳ¤Ï¤³¤ó¤Ê¤È¤³¤í¤Ç¤¹¡£

    • ¥ë¡¼¥Èǧ¾Ú¶É¤Î¥ê¥¹¥È¤ÏPDF¤Îʸ½ñ¤È¤·¤Æ¸ø³«¤µ¤ì¤Æ¤¤¤ë¤¬¡¢°Ý»ýÁÈ¿¥¡¢¹ñ¡¢Ç§¾Ú¶É̾¡¢¸°¥¢¥ë¥´¥ê¥º¥à¡¢¸°Ä¹¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¥Ï¥Ã¥·¥åÃÍ(ÙÅ°õ)¤·¤«¸ø³«¤µ¤ì¤Æ¤ª¤é¤º¡¢¼±ÊÌ̾¤ä¾ÚÌÀ½ñ¤ÎÆâÍƤϤ狼¤é¤Ê¤¤¤Þ¤Þ¤Ç¤¢¤ë¡£Ãæ¤Ë¤Ï¡¢½é´ü¾õÂÖ¤Çɽ¼¨¤µ¤ì¤Ê¤¤ RSA 1000bit¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬»Ä¤Ã¤Æ¤¤¤¿¤ê¤¹¤ë¡£
    • ½é´ü¾õÂ֤ǤÏ20ÄøÅÙ¤Îǧ¾Ú¶É¤·¤«É½¼¨¤µ¤ì¤Æ¤ª¤é¤º¡¢ÍøÍѼԤ¬¤É¤Îǧ¾Ú¶É¤ò¿®Íꤷ¤Æ¤¤¤ë¤³¤È¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤«¡¢¤³¤ì¤òÃΤëÊýË¡¤¬¾å¤Î¥ê¥¹¥È¤Î¤ß¤Ç½½Ê¬¤Ç¤Ê¤¤¡£
    • Î㤨¤Ð¡¢¤¢¤ë¾®¹ñ¤Îǧ¾Ú¶É¤òÁ´À¤³¦¤Î¿Í¤¬¿®Íꤹ¤ëɬÍפ¬¤¢¤ë¤È¤Ï»×¤¨¤Ê¤¤¡£ÉÔÀµÈ¯¹Ô¤Ê¤É¤Î»ö¸Î¤òµ¯¤³¤·¤¿¾ì¹ç¤Ë¡¢¿®Íꤷ¤Æ¤¤¤Ê¤¤¤Û¤¦¤¬Îɤ«¤Ã¤¿¤È¤¤¤¦»ö¤â¤¢¤ë¤À¤í¤¦¡£¤½¤Î¤è¤¦¤Ê»þ¤Ë¡¢¼«Ê¬¤¬¿®Íꤷ¤Æ¤¤¤ëǧ¾Ú¶É¤¬¤É¤³¤Ç¤¢¤ë¤Î¤«¤òÇÄ°®¤Ç¤­¤Ê¤¤¤Î¤ÏÌäÂê¤À¡£
    • Windows 7°Ê¹ß¤Î¥·¥¹¥Æ¥à¤¬Ç§¤á¤¿¥ë¡¼¥Èǧ¾Ú¶É¤Ïºï½ü¤·¤¿¤È¤·¤Æ¤â¡¢ºÆÅÙ¥¢¥¯¥»¥¹¤¹¤ëºÝ¤ËÉü³è¤·¤Æ¤·¤Þ¤¦¡£¥æ¡¼¥¶¤Ï;·×¤Êǧ¾Ú¶É¤òÍøÍÑÄä»ß¤ä̵¸ú²½¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£
    • ¤Ä¤Þ¤ë½ê¡¢ºÇ½é¤«¤é¥ë¡¼¥Èǧ¾Ú¶É¥ê¥¹¥È¤¬ÌÀ¼¨¤µ¤ì¤º¡¢¸å½Ð¤·¥¸¥ã¥ó¥±¥ó¤Î¤è¤¦¤Ë¥ë¡¼¥Èǧ¾Ú¶É¤¬Àܳ»þ¤ËÄɲ䵤ì¤ë¤Î¤ÏÇ¡²¿¤Ê¤â¤Î¤À¤í¤¦¤«¡£
    ¤â¤Á¤í¤ó¥â¥Ð¥¤¥ë¸þ¤±¤Ë½é´üÇÛÉۤΥ롼¥Èǧ¾Ú¶É¤Ï¾®¤µ¤¯¤·¤¿¤¤¤È¤¤¤¦¤Î¤â¡¢¤ï¤«¤ëµ¤¤Ï¤·¤Þ¤¹¤¬¡¢¤É¤¦¤»400ÄøÅ٤Ǥ¹¤«¤é¡¢Â礷¤¿¥Ç¡¼¥¿Î̤Ǥâ¤Ê¤¤¤Î¤Ç¡¢ºÇ½é¤«¤éÅÐÏ¿¤·¤Æ¤¢¤Ã¤¿¤Û¤¦¤¬·é¤¤¤È»×¤¤¤Þ¤¹¡£

    2014ǯ9·îÈÇ Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·

    2014ǯ9·î¤ÎWindows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤Ç¤Ï¡¢411¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

    ¹ñÊ̤Ǹ«¤Æ¤ß¤ë¤È¡¢52¥ö¹ñ¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤¬ÅÐÏ¿¤µ¤ì¤Æ¤ª¤ê¡¢ÆâÌõ¤Ï¿¤¤½ç¤Ë°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤ä¤Ã¤Ñ¤ê¡¢Êƹñ¡¢¥¹¥Ú¥¤¥ó¤Ï¿¤¤¤Ç¤¹¤Í¡£°Õ³°¤Ë¾¯¤Ê¤¤¤Ê¤¡¤È»×¤¦¤Î¤¬±Ñ¹ñ¡¢¥ª¡¼¥¹¥È¥é¥ê¥¢¤Ç¤¹¡£
    country

    ¼¡¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤È¸°Ä¹¤Ë¤Ä¤¤¤Æ¤â¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
    keylen
    RSA 2048bit¤¬¤ä¤Ï¤ê¿¤¤¤Ç¤¹¤¬¡¢ RSA 4096bit¡¢Âʱ߶ÊÀþ°Å¹æ¤ÎECC NIST P-384¶ÊÀþ¤â¤«¤Ê¤êÁý¤¨¤Æ¤¤¤Þ¤¹¡£ Comodo¡¢ DigiCert¡¢ Entrust¡¢ GlobalSign¡¢ Symantec¡¢ Trend Micro¤¬ÂʱߤΥ롼¥È¾ÚÌÀ½ñ¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£¤½¤¦¤¤¤¨¤Ð¡¢ Microsoft¤«¤éȯ¹Ô¤µ¤ì¤Æ¤¤¤ë¥ê¥¹¥È¤Ë¤Ï SHA1¤«SHA2¤«¤Î¾ðÊó¤Ã¤Æ̵¤¤¤ó¤Ç¤¹¤è¤Í¡£»ÄÇ°¤À¤Ê¤¡¡£¤ä¤Ã¤Ñ¤ê¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤½¤Î¤â¤Î¤ò¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤ë¤è¤¦¤Ë¤·¤Æ¤Û¤·¤¤¤Ê¤¡¡£ Apple¤â¡¢ºÇ½é¤Ï¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¾Ü¤·¤¤¾ðÊó¤ò½Ð¤·¤Æ¤¤¤¿¤ó¤Ç¤¹¤¬¡¢ºÇ¶á¤ÏMicrosoft¤Ë½¬¤Ã¤Æ¡¢¾Ü¤·¤¤¾ðÊó½Ð¤¹¤Î»ß¤á¤Á¤ã¤Ã¤¿¤ó¤Ç¤¹¤è¤Í¡Á¡Á¡£¼ä¤·¤¤ÏäǤ¹¡£

    ¥ë¡¼¥È¾ÚÌÀ½ñ¿ô¤Î¿ä°Ü

    Windows·Ï¡¢Android¡¢Mac OS X¡¢iOS¤Ç¥Ç¥Õ¥©¥ë¥È¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¿ô¤¬¤É¤¦Áý¤¨¤Æ¤¤¤Ã¤¿¤Î¤«¥°¥é¥Õ¤Ë¤·¤Æ¤ß¤Þ¤·¤¿¡£AppleÀ½Éʤϸø¼°¥µ¥¤¥È¤Î¾ðÊ󤫤é¼èÆÀ¤·¤Æ¤¤¤Þ¤¹¡£Android¤Ë¤Ä¤¤¤Æ¤ÏÀÛºî¤ÎRoot CA Viewer Lite¤«²áµî¤Î¾ºî¶È¤ò¸µ¤ËÄ´¤Ù¤Æ¤¤¤Þ¤¹¡£
    osroot
    iOS¤ÏiOS3°Ê¹ß¡¢¥á¥¸¥ã¡¼¥Ð¡¼¥¸¥ç¥óËè¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¥ê¥¹¥È¤¬¸ø³«¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¤¹¤¬¡¢Mac OS X¤Ë¤Ä¤¤¤Æ¤Ï¿·¤·¤¤Mavericks¤ÈYosemite¤·¤«¾ðÊ󤬤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£ Apple iOS¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥ë¡¼¥È¤Î¿ô¤¬Íð¹â²¼¤·¤Æ¤¤¤Æ¡¢¤Ê¤ó¤«·ÇºÜ¥Ý¥ê¥·¡¼¤¬Äê¤Þ¤Ã¤Æ¤Ê¤¤´¶¤¸¤Ê¤ó¤Ç¤¹¤«¤Í¡© ËÜÅö¤ÏMozilla¤äJava¤Ë¤Ä¤¤¤Æ¤âÄ´¤Ù¤Æ¤ß¤¿¤«¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢¤³¤ì¤Ïº£¸å¤Î²ÝÂê¤È¤¤¤¦¤³¤È¤Ç¡¢¡¢¡¢(^^;

    Windows¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤òÄ´¤Ù¤ëÃÏÆ»¤Êºî¶È (µã)

    °ÊÁ°¤Ï¡¢¼«Á°¤Î¥Ä¡¼¥ë¤ò»È¤¨¤Ð´Êñ¤Ë¥ë¡¼¥È¾ÚÌÀ½ñ¤òÃê½Ð¤Ç¤­¤¿¤Î¤Ç¡¢º£²ó¤Î¤è¤¦¤Ê¾ðÊó¤òÈæ³ÓŪ´Êñ¤ËÄ´ºº¤¹¤ë¤³¤È¤¬¤Ç¤­¤¿¤ó¤Ç¤¹¤¬¡¢ Windows 7°Ê¹ß¡¢¤½¤¦¤·¤¿»ö¤â¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£¤Ç¡¢º£²ó¤Ï¤È¤¤¤¦¤È¡¢¤³¤ó¤ÊÃÏÌ£¤Ê¼ê½ç¤òƧ¤ó¤ÇÄ´ºº¤·¤¿¤ó¤Ç¤¹(µã)¡£Microsoft¤ÎÃæ¤Î¿Í¤Ê¤é¥ê¥¹¥È¤Î¥¨¥¯¥»¥ë¥Õ¥¡¥¤¥ë¤È¤«¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤½¤Î¤â¤Î¤ò»ý¤Ã¤Æ¤¤¤Æ´Êñ¤ËÄ´ºº¤Ç¤­¤ë¤ó¤Ç¤·¤ç¤¦¤±¤É¤Í¤§¡¢¡¢¡¢¥È¥Û¥Û¡£

    1. ¸ø³«¤µ¤ì¤Æ¤¤¤ëPDF¥Õ¥¡¥¤¥ë¡Ö Windows Root Certificate Program Members - September 2014¡×¤«¤éCERTIFICATES IN DISTRIBUTION FROM ALL MEMBER CAs¤Îɽ¤ò³Æ¥Ú¡¼¥¸¡¢¥Æ¥­¥¹¥È¤Ç¥³¥Ô¥Ú¤¹¤ë¡£
    2. Emacs¤Î¥Æ¥­¥¹¥ÈÊÔ½¸¤Ç²¿¤È¤«¡¢TSV(¥¿¥Ö¶èÀÚ¤ê)¥Õ¥¡¥¤¥ë¤Ë¤¹¤ë¡£
    3. Mac¤Î¥Æ¥­¥¹¥È¥¨¥Ç¥£¥¿¤Ç³«¤­UTF-16¤ÇÊݸ¤¹¤ë¡£
    4. Mac¤ÎExcel¤Ç¥¤¥ó¥Ý¡¼¥È¤¹¤ë¡£
    5. ¥¤¥ó¥Ý¡¼¥È¤·¤¿»þÅÀ¤Ç¡¢¥«¥é¥à°ÌÃ֤Υº¥ì¤äʸ»ú²½¤±¤¬¤¢¤ë¤Î¤Ç¼êºî¶È¤Ç½¤Àµ¡£
    6. ¥ë¡¼¥È¾ÚÌÀ½ñ¥ê¥¹¥È¤ÎExcel¤¬´°À®¡ª¡ª¡ª (µã)
    7. ¤Á¤ã¤ó¤È¤·¤¿¥¨¥¯¥»¥ëɽ¤Ê¤Î¤Ç¡¢¥Õ¥£¥ë¥¿»È¤Ã¤ÆÄ´¤Ù¤¿¤ê¡¢´Êñ¤Ê¥¹¥¯¥ê¥×¥È½ñ¤¤¤Æ½¸·× ¤·¤¿¤ê¤Ç¤­¤ë¡£

    ¤µ¤é¤Ê¤ëÌî˾

    ²È²¤«¤é¡Ö¥ê¥Ó¥ó¥°¤Ë¥Õ¥¡¥ó¤¬ÈѤ¤¥Þ¥·¥ó¤òÃÖ¤¯¤Ê¡ª¡×¤ÈÈóÆñ¤µ¤ì¡¢µã¤¯µã¤¯¥Õ¥¡¥ó¥ì¥¹¤ÎĶ¾®·¿¥Þ¥·¥óDiginnos LIVA¤ò¥µ¡¼¥Ð¡¼Âå¤ï¤ê¤Ë»È¤Ã¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢¥Ö¥é¥¦¥¶¤ÇÊѤʥµ¥¤¥È¤Ë¹Ô¤¯¤³¤È¤â¤¢¤Þ¤ê¤Ê¤¤¤Î¤Ç¡¢¥ë¡¼¥Èǧ¾Ú¶É¤Î¥ê¥¹¥È¤Ï27¤Ç¡¢½é´ü½Ð²Ù»þ¤«¤é¤¢¤Þ¤êÁý¤¨¤Æ¤¤¤Ê¤¤¤Ï¤º¤Ç¡¢º£²ó¡¢»î¤·¤Ë³«¤¤¤Æ¡¢¥¤¥¿¥ê¥¢¤ÎActalis Authentication CA G1¤¬Áý¤¨¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£
    windialog
    ¤Ê¤ó¤«¤³¤¦¡¢ ¤¢¤ì¤Ç¤¹¡¢411¤â¤¢¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢¥Õ¥ë¥³¥ó¥×¤·¤¿¤¤¤Ç¤¹¤è¤Í¤§¡© ÀèÀ¸¡¢Âç»ö¤Ê¤³¤È¤À¤«¤é¤â¤¦°ì²ó¸À¤¤¤Þ¤¹¡£

    ¥Õ¥ë¥³¥ó¥×¤·¤¿¤¤¤Ç¤¹¤è¤Í¤§¡©¡ª¡ª¡ª
    ¤³¤ì¤ò¥Õ¥ë¥³¥ó¥×¤¹¤ë¤Ë¤Ï¡¢ 411¤ÎÁ´¤Æ¤Îǧ¾Ú¶É¤½¤ì¤¾¤ì¤Ë¡¢¤½¤³¤«¤éȯ¹Ô¤µ¤ì¤¿¤É¤ì¤«°ì¤Ä¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤¤¤ë¥µ¥¤¥È¸«¤Ä¤±¤Æ¡¢Internet Explorer¤ÇHTTPS¥¢¥¯¥»¥¹¤¹¤ì¤Ð¤¤¤¤¤À¤±¤Ç¤¹¤¬¡¢¥Þ¥¤¥Ê¡¼¤Êǧ¾Ú¶É¤«¤éȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤¤¤ë¥µ¥¤¥È¤ò¸«¤Ä¤±¤ë¤Ê¤ó¤Æ¡¢³¤¿åÍá¹Ô¤Ã¤¿³¤´ß¤Î¤É¤³¤«¤ÇÍî¤È¤·¤¿10±ß¶Ì¸«¤Ä¤±¤ë¤è¤¦¤Ê¤â¤ó¤Ç¡¢¤Û¤È¤ó¤É̵Íý¤Ç¤¹¤è¤Í¡£ Î㤨¤Ð¡¢Symantec¤Ê¤ó¤«¤Ï¿§¤ó¤Êǧ¾Ú¶É¤òÇã¤Ã¤¿¤Î¤Ç¡¢¥°¥ë¡¼¥×¤À¤±¤Ç70¤â¤Îǧ¾Ú¶É¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤¬¡¢Symantec¤Ë¤½¤ì¤¾¤ì¤Îǧ¾Ú¶É¤«¤éȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î¤¹¤Ù¤Æ¤ò¸«¤Ä¤±¤ë¤Ê¤ó¤Æ¡¢¤â¤¦ÌµÍý¤Ç¤¹¡£

    ¤³¤¦¤¤¤¦»þ¤Ç¤¹¤Í¤§¡¢Certificate Transparency¤Î¸ø³«´Æºº¥í¥°¤ò¼ê¸µ¤Ë»ý¤Ã¤Æ¤¤¤ë¤È¤Ç¤¹¤Í¤§¡¢740ËüË礰¤é¤¤¤Î¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤È¡¢¤½¤Î¥ë¡¼¥Èǧ¾Ú¶É¤Þ¤Ç¤Î¥Á¥§¡¼¥ó¤¬¤¢¤ë¤Î¤Ç¡¢¤½¤ì¤¾¤ì¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤ò¼è¤ê½Ð¤·¤Æ¡¢Windows¥ë¡¼¥È¾ÚÌÀ½ñ¾ðÊó¤ÎPDF¤Ëµ­ºÜ¤µ¤ì¤¿¾ÚÌÀ½ñ¤ÎÙÅ°õ¥Ï¥Ã¥·¥åÃͤȤòÈæ³Ó¤¹¤ì¤Ð¡¢¤½¤³¤«¤éȯ¹Ô¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤¬°ì¤Ä¤ß¤Ä¤«¤ë¤Î¤Ç¡¢¤½¤³¤Ø¥¢¥¯¥»¥¹¤¹¤ì¤ÐÁ°½Ò¤Î¡Ö¾ÚÌÀ½ñ¥À¥¤¥¢¥í¥°¡×¤Ëɽ¼¨¤µ¤ì¤ë¤Î¤Ç¤Ï¤Ê¤¤¤«¤È¡ª¡ª¡ª(¥Ñ¥Á¥Ñ¥Á)

    ¥´¡¼¥ë¥Ç¥ó¥¦¥£¡¼¥¯Ãæ¤Ë¡¢¤Á¤ç¤Ã¤ÈGo¸À¸ì¤Ç¤³¤ó¤Ê¥Ä¡¼¥ë¤òºî¤í¤¦¤«¤Ê¤¡¡¢¡¢¡¢¤È»×¤Ã¤Æ¤Þ¤¹¡£

    ¤ª¤ï¤ê¤Ë

    ¤¤¤ä¡Á¡¢¥ª¥ì¤Î¥´¡¼¥ë¥Ç¥ó¥¦¥£¡¼¥¯¤ÏÍ­°ÕµÁ¤À¤Ê¤¡¡¢¡¢¡¢ (±ó¤¤ÌÜ ) ¤³¤ó¤Ê¤³¤È¤Ð¤«¤ê¤·¤Æ¤¤¤ë¤È¥«¥ß¤µ¤ó¤ËÅܤé¤ì¤ë¤Î¤Ç¡¢º£Æü¤Ï¤³¤Î¤Ø¤ó¤Ç¡£

    Äɵ­(2015.05.03 13:28)

    ¥ª¥Õ¥é¥¤¥ó¤Ç¥ë¡¼¥È¾ÚÌÀ½ñ¤ò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¸ø¼°¥¢¥Ã¥×¥Ç¡¼¥¿¡¼ http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe ¤«¤é¥ë¡¼¥È¾ÚÌÀ½ñ¤¬¡ÖÈ´¤±¤ë¡×¤ó¤¸¤ã¤Í¡©¤ÈË¿ÌÚ¼ÂçÀèÀ¸¤«¤é¤´»ØŦ¤¤¤¿¤À¤­¤Þ¤·¤¿¡£³Î¤«¤Ë¤½¤Î¤È¤ª¤ê¤Ç¤·¤¿¡£(¤Ä¡Á¤«¡¢Á°¤Ë¥Ä¡¼¥ë»È¤Ã¤Æ¤½¤ì¤¬¤Ç¤­¤Æ¤¿¤â¤Î¤¬¡¢»²¾È¾ðÊó¤·¤«¼è¤ì¤Ê¤¯¤Ê¤Ã¤¿¤È´ª°ã¤¤¤·¤Æ¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¡¢¤½¤Î¤Þ¤Þ¤Ë¤·¤Æ¤¿¤ó¤Ç¤¹¤¬ ¡¢»ØŦ¤ò夤¤Æ¤«¤é¸«¤Æ¤ß¤¿¤é¤Á¤ã¤ó¤È¤¢¤ê¤Þ¤·¤¿¡£) ¤½¤Î¼Â¹Ô¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢¾ÚÌÀ½ñ¤Î¥ê¥¹¥È¤Ç¤¢¤ë .SST (Microsoft Serialized Certificate Files)¤¬Æþ¤Ã¤Æ¤ª¤ê¡¢¤½¤ÎÃ椫¤é¥ë¡¼¥È¾ÚÌÀ½ñ¤¬¼è¤ê½Ð¤»¤½¤¦¤Ç¤¹¡£Á°¤Ïºî¤Ã¤¿¥Ä¡¼¥ë»È¤Ã¤Æ¤¿¤ó¤Ç¤¹¤¬¡¢º£¤Ï PowerShell ¤«¤é¼è¤ê½Ð¤»¤½¤¦¡£»î¤·¤¿¤é¤Þ¤¿Êó¹ð¤·¤Þ¤¹¡£¥ë¡¼¥È¾ÚÌÀ½ñ¤¬È´¤±¤¿¤È¤·¤Æ¡¢¤¿¤À³«¤¤¤¿¤À¤±¤Ç¡¢¡Ö¿®Íꤹ¤ë¥ë¡¼¥Èǧ¾Úµ¡´Ø¡×¤Î¥ê¥¹¥È¤Ëɽ¼¨¤µ¤ì¤ë¤ó¤«¤¤¤Ê¡©¡©¡©

    ´ØÏ¢µ­»ö

    ¤Á¤ç¤Ã¤È±ó¤¤´ØÏ¢µ­»ö

    ºÇ¿·µ­»ö
    Categories
    Archives
    Twitter
    µ­»öGoogle¸¡º÷

    ËÜ¥Ö¥í¥°Æâ¤òGoogle¸¡º÷
    Yahoo!¥¢¥¯¥»¥¹²òÀÏ
    Travel Advisor
    µ­»ö¸¡º÷
    QR¥³¡¼¥É
    QR¥³¡¼¥É
    • ¥é¥¤¥Ö¥É¥¢¥Ö¥í¥°