¼«ÂÄÍî¤Êµ»½Ñ¼Ô¤ÎÆüµ­

´ðËܤ϶ô¤Ã¤Æ¤ë¤«°û¤ó¤Ç¤ë¤«¤Ç¤¹¤¬¡¢¤è¤¯¼ñÌ£¤Ç¥«¥é¥ª¥±¡¦PKI¡¦½ð̾¡¦Ç§¾Ú¡¦¥×¥í¥°¥é¥ß¥ó¥°¡¦¾ðÊ󥻥­¥å¥ê¥Æ¥£¤ò¤ä¤Ã¤Æ¤¤¤Þ¤¹¡£Î¹¹¥¤­¡£¥Æ¥ì¥Ó¹¥¤­¤Ç·ÝǽÄÌ

ÀȼåÀ­

SSL Pulse¤ÎÅý·×¾ðÊó¤Ç¤ß¤ëSSL/TLS¤Î°ú±Û¤·¤Ë¤Ä¤¤¤Æ

2014ǯ11·îº¢¤«¤é¡¢SSL¤Ë´Ø¤¹¤ëÅý·×¾ðÊó¤ò¸ø³«¤·¤Æ¤¤¤ë¥µ¥¤¥ÈSSL Pulse¤Î¥Ç¡¼¥¿¤«¤é¿ä°Ü¾ðÊó¤ò¥Ö¥í¥°¤Ç¸ø³«¤·¤Æ¤­¤Þ¤·¤¿¡£³Ö·î¤Ç¹¹¿·¤¹¤ë¤è¤¦¤Ê¤³¤È¤ò¸À¤Ã¤Æ¤Æ¡¢2015ǯ12·î¤«¤é¹¹¿·¤¬Ìµ¤¤¾õÂ֤ˤʤäƤª¤ê¡¢¡Ö¥³¥é¡Á¡Á¡ª¥µ¥Ü¤Ã¤Æ¤ó¤¸¤ã¤Í¡Á¡Á¡×Ū¤Ê¤³¤È¤ò»×¤ï¤ì¤¿¤«¤¿¤â¤¤¤é¤Ã¤·¤ã¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤¹¤ß¤Þ¤»¤ó¡£¤¹¤ß¤Þ¤»¤ó¡£¤¹¤ß¤Þ¤»¤ó¡£

¿·¤·¤¤¥µ¥¤¥È

SSL Pulse Trends(SSL Pulse¥Ç¡¼¥¿¤Î¿ä°Ü) https://kjur.github.io/www/sslpulsetrend/index_j.html¤È¤¤¤¦¥µ¥¤¥È¤òºî¤ê¤Þ¤·¤¿¡£º£¸å¤ÎËè·î¤Î¹¹¿·¤Ï¤³¤Á¤é¤Ç¤ä¤Ã¤Æ¤¤¤­¤Þ¤¹¡£

¥µ¥¤¥È¤ò°Ü¹Ô¤·¤¿·Ð°Þ¤Ê¤É¡¢¡¢¡¢

Á°¤Ï¡¢¥¨¥¯¥»¥ë¤Ê¤É¶î»È¤·¤Æ¥°¥é¥ÕÉÁ¤¤¤Æ¤¿¤ó¤Ç¤¹¤¬¡¢¤½¤ê¤ã¤â¤¦¡¢·ë¹½¼ê´Ö¤¬¤«¤Ã¤Æ¤¿¤ó¤Ç¤¹¤è¡£¼«Ê¬¤â¶½Ì£¤¬¤¢¤Ã¤ÆËè·î¤¹¤°ÃΤꤿ¤¤¤ó¤À¤±¤É¡¢¤È¤Æ¤â¡¢Ëè·î¤Ï¤Ç¤­¤Ê¤¤¤Ê¤È¡¢¡¢¡¢¤¶¤Ã¤¯¤ê¤È¤·¤¿Î®¤ì¤Ï¤³¤ó¤Ê´¶¤¸¡§

  • º£·î¤Î¥Ç¡¼¥¿¥Õ¥¡¥¤¥ë(JSON)¤òwget¤Ç¥À¥¦¥ó¥í¡¼¥É¤¹¤ë
  • ¥Ç¡¼¥¿¤Î¿ä°Ü¤òTSV·Á¼°¤Ë¤Ê¤ë¤è¤¦¤ËÊÑ´¹¤¹¤ë¥Ä¡¼¥ë¤ò¼Â¹Ô¤¹¤ë¡£¥°¥é¥Õ¤ËɬÍפʥǡ¼¥¿Îó¤â¤³¤Î»þºî¤ë¡£
  • TSV¥Õ¥¡¥¤¥ë¤òUTF-16¤Ë¤¹¤ë(Mac ExcelÂкö)
  • Excel¤ÇÆɤ߹þ¤ß
  • ¥Ç¡¼¥¿¤òºÙ¤«¤¤À°·Á(ÆüÉÕ¥Õ¥©¡¼¥Þ¥Ã¥È¤äɽ¥Ø¥Ã¥À¤Ê¤É)
  • ɬÍפʥ°¥é¥Õ¤òºî¤ë
  • ¥°¥é¥Õ¤òEMF(³ÈÄ¥¥á¥¿¥Õ¥¡¥¤¥ë)¤Ç¥¨¥¯¥¹¥Ý¡¼¥È¤¹¤ë
  • PowerPoint¤Ë¿á¤­½Ð¤·Åù¤òŽ¤êÉÕ¤±(°ÌÃÖÄ´À°)
  • PowerPoint¤Î²èÌ̤ò²èÁü¥­¥ã¥×¥Á¥ã¤·¡¢¥Ö¥í¥°¤Ø
¤Þ¤º¡¢Âè°ì¤Îµ´Ìç¤Ê¤ó¤Ç¤¹¤¬¡¢¼«Ê¬¤Ï¼«Âð¤Ç¤ÏMac Book Air¤ò»È¤Ã¤Æ¤Þ¤·¤Æ¡¢MacÍѤÎExcel(Á°¤Î2011¤âº£¤Î¤ä¤Ä¤â)¤Ï¡¢Ê¸»ú²½¤±¤·¤Ê¤¤¤è¤¦¤ËCSV¤äTSV¥Õ¥¡¥¤¥ë¤òÆɤ߹þ¤à¤Î¤¬¹ü¤¬ÀÞ¤ì¤ë¤ó¤Ç¤¹¤è¡£°ì±þ¥Õ¥¡¥¤¥ë¤ÎÆþÎϸõÊä¤È¤·¤Æ¤ÏÉáÄ̤ÎUTF-8¤Ç¤âÂç¾æÉפ½¤¦¤Ë¸«¤¨¤ë¤ó¤À¤±¤É¡¢¤¦¤Þ¤¯¤¤¤«¤º¡£·ë¶É¤¦¤Þ¤¯¤¤¤Ã¤¿¤Î¤Ï¥á¥âÄ¢¥¢¥×¥ê¤ÇUTF-16¤ËÊÑ´¹¤·¤Æ¤«¤éÆɤ߹þ¤Þ¤»¤ë¤È¤¤¤¦ÊýË¡¤Ç¤¹¡£Google¤È¤«¤Ç"Mac Excel TSV ʸ»ú²½¤±"¤ß¤¿¤¤¤Ê¥­¡¼¥ï¡¼¥É¤Ç¸¡º÷¤¹¤ì¤Ð¡¢ÊýË¡¤¬½Ð¤Æ¤¯¤ë¤Ç¤·¤ç¤¦¡£
07

¤½¤·¤Æ¡¢°ì¤Ä°ì¤Ä¥°¥é¥Õ¤òºî¤Ã¤Æ¤¤¤¯¤ï¤±¤Ç¤¹¡£
01
¤Ç¡¢Excel¤Î¥°¥é¥Õ¤ÎËÞÎã¤Ç¤Ï¤Á¤ç¤Ã¤È¸«¤Å¤é¤¤¤Î¤Ç¥Ñ¥ï¥Ý¤Ç¿á¤­½Ð¤·¤ò¤Ä¤±¤Þ¤¹¡£
39
¤É¤¦¤Ç¤¹¡©·ë¹½ÌÌÅݤ¯¤µ¤½¤¦¤Ç¤·¤ç¤¦¡©

¤Ç¡¢¿·¤·¤¤¥µ¥¤¥È¤Ç¤Ï

¤È¤Ë¤«¤¯Excel¤Ç¥°¥é¥Õ¤ò¤Ä¤¯¤ë¤Î¤Ï¤ä¤á¤Ë¤·¤¿¤¯¡¢JavaScript¥Ù¡¼¥¹¤Ç¥°¥é¥Õ¤òÉÁ¤±¤Ê¤¤¤â¤ó¤«¤È¡¢Ä´¤Ù¤Æ¤ß¤Þ¤·¤¿¡£ºÇ½é¤Ï¡¢ccchart¤Ê¤ó¤«¤¬¥Ç¥¶¥¤¥ó¤âÎɤ¤¤«¤Ê¤¡¤È¹Í¤¨¤Æ¤¤¤¿¤ó¤Ç¤¹¤¬¡¢»×¤Ã¤Æ¤¤¤¿¥Ç¥¶¥¤¥ó¤Ë¤¹¤ë¤Î¤Ï¡¢»êÆñ¤Îµ»¤Ç¤¢¤ë¤ÈÃΤꡢD3.js¤È¤¤¤¦Í­Ì¾¤Ê¥é¥¤¥Ö¥é¥ê¤â¸«¤¿¤ó¤Ç¤¹¤¬¡¢°ì¤Ä¤Î¥Õ¥Ä¡¼¤Î¥°¥é¥Õ½ñ¤¯¤Î¤Ë¿¤¯¤Î¥³¡¼¥É¤ò½ñ¤«¤Í¤Ð¤Ê¤é¤ºÃÇÇ°¡£D3.js¤ò´Êñ¤Ë»È¤¦¤¿¤á¤Î¥é¥Ã¥Ñ¡¼¤¬¤¢¤ë¤½¤¦¤Ç¡¢¤½¤ì¤ò´ö¤Ä¤«¸«¤Æ¡¢rickshaw¤Ç²¿¤È¤«µö¤»¤ë¥°¥é¥Õ¤¬ÉÁ¤±¤¿¤Î¤Ç¤½¤ì¤ò»È¤¦¤³¤È¤Ë¤·¤Þ¤·¤¿¡£

ËÜÅö¤Ï¡¢SSL Pulse¤ËÃÖ¤¤¤Æ¤¢¤ëJSON·Á¼°¤Î¥Ç¡¼¥¿¥Õ¥¡¥¤¥ë¤ò¤½¤Î¤Þ¤Þ¡¢É½¼¨¤ÎÅ٤˼è¤ê¹þ¤ó¤Ç²Ã¹©¤·¤Æ¤«¤é¥°¥é¥Õɽ¼¨¤·¤è¤¦¤È¤·¤¿¤ó¤Ç¤¹¤¬¡¢½ô¡¹CORS¤ÎÊɤËÁˤޤìÃÇÇ°¡£Æ°Åª¤Ë¥À¥¦¥ó¥í¡¼¥É¤¹¤ëɬÍפâ¤Ê¤¯¤Ê¤ê¡¢¥¹¥¿¥Æ¥£¥Ã¥¯¤Ê²òÀϥǡ¼¥¿¤òNode¤Çºî¤Ã¤Æ¡¢SOURCE¥¿¥°¤ÇÉáÄ̤˥ǡ¼¥¿¼è¤ê¹þ¤à¤³¤È¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

¥Ö¥í¥°¤Ç¤¿¤Þ¤¿¤ÞSSL Pulse¤Ë¤Ä¤¤¤Æ½ñ¤¯¤À¤±¤Ê¤é¡¢ÆÃÊ̤ÊÃǤê¤ò¤¤¤ì¤Ê¤¯¤Æ¤â¤¤¤¤¤«¤È»×¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢Äê¾ïŪ¤Ëº£¸å¤Ï±Ñ¸ì¤Ç¤â¥Ú¡¼¥¸¤ò¸ø³«¤¹¤ë¤È¤Ê¤ë¤È¡¢SSL Pulse¤Îºî¼Ô¤ÎIvan Risti椵¤ó¤Ë¿ÎµÁ¤È¤¤¤¦¤«³Îǧ¼è¤Ã¤È¤¤¤¿¤Û¤¦¤¬¤¤¤¤¤«¤Ê¤È»×¤¤¤Þ¤·¤¿¡£Ivan¤µ¤ó¤ÏSSL/TLS¤Îµ»½Ñ²òÀâ½ñ¤ÎÃæ¤Ç¤ÏºÇ¹â¤ËÎɤ¤¤È»×¤¦Bulletproof SSL and TLS¤ÎÃø¼Ô¤Ç¤¢¤ê¡¢SSL¤ÎÀßÄêɾ²Á¥µ¥¤¥È¤Ç¤¢¤ëssllabs¤Î³«È¯¤Ê¤É¤â¤·¤Æ¤¤¤Þ¤¹¡£

Bulletproof SSL and TLS
Ivan Ristic
Lightning Source Inc
2014-08

ºÇ½é¤Ï¡¢Twitter¤ÎDM¤ÇÏ¢Íí¼è¤í¤¦¤È¤·¤¿¤ó¤Ç¤¹¤¬¡¢ÅöÁ³¤Ê¤¬¤é»ä¤Î¥Õ¥©¥í¡¼¤·¤Æ夤¤Æ¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤ÇDM¤¬Á÷¤ì¤º¡¢¥á¡¼¥ë¥¢¥É¥ì¥¹¤â¤É¤³¤Ë¤âµ­ºÜ¤µ¤ì¤Æ¤¤¤Ê¤Î¤Ç¡¢Ï¢Íí¤¬¤Ä¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£¤½¤³¤Ç¡¢¤¤¤Ä¤âJavaScript¤Î°Å¹æ/PKI¥é¥¤¥Ö¥é¥ê¤Ç¤Ï¾ðÊó¸ò´¹¤Ê¤É¤µ¤»¤Æ夭ÂçÊѤªÀ¤ÏäˤʤäƤ¤¤ëRyan Hurst¤µ¤ó¤ËÍê¤ß¹þ¤ß¡¢Ï¢Íí¤È¤Ã¤Æ¤¯¤ì¤Ê¤¤¤«¤ÈÅÁ¤¨¤Þ¤·¤¿¡£Ryan¤µ¤ó¤Ï¡ÖKenji¤ò¾Ò²ð¤¹¤ë¤è¡£Èà¤Ï¡¢¤¹¤²¡¼JavaScript¤Î°Å¹æ/JWT/X.509¥é¥¤¥Ö¥é¥ê¤Îºî¼Ô¤À¡£¡×¤È»ä¤«¤é¤Î¤ª´ê¤¤»ö¹à¤Î¥á¡¼¥ë¤òžÁ÷¤·¤Æ¤¯¤ì¤Þ¤·¤¿¡£2Æü¤°¤é¤¤ÂԤäƤơ¢¡Ö¤¦¡Á¡Á¤ó¡×¤³¤ê¤ã¥ì¥¹Ìµ¤·¤«¤Ê¤¡¤È¤â»×¤Ã¤Æ¤¿¤ó¤Ç¤¹¤¬¡¢ÊÖ»ö¤¬Íè¤Þ¤·¤Æ¡ÖSSL Labs¤Ï¼«Í³¤Ê¥³¥ó¥Æ¥ó¥Ä¥é¥¤¥»¥ó¥¹¤Ë¤Ê¤Ã¤Æ¤Æ¡¢·¯¤Î¾ì¹ç¤Ç¤âÁ´¤¯ÌäÂê¤Ê¤¤¤È¤ï¤«¤ë¤È»×¤¦¤è¡£Æ±¤¸¤è¤¦¤Ê¤³¤È(=¥Ç¡¼¥¿¿ä°Ü¾ðÊó)¤ò¤ä¤ê¤¿¤¤¤È»×¤Ã¤Æ¤¿¤ó¤À¤±¤É¡¢»þ´Ö¤¬¤Ê¤¯¤Æ¤Í¡Á¡Á¡£¡×¤È¤Î»ö¤Ç¤·¤¿¡£¤è¤«¤Ã¤¿¡¢¤è¤«¤Ã¤¿¡£¤³¤ì¤Ç°Â¿´¤·¤ÆÄê¾ïŪ¤Ë¸ø³«¤Ç¤­¤½¤¦¤Ç¤¹¡£

Rickshaw¤Î»È¤¤Êý¤Ï³µ¤Í¤³¤ó¤Ê´¶¤¸¤Ç¤¹¡£

<div id="chart_container"><div id="grade_chart"></div></div> <script> var graph = new Rickshaw.Graph({ element: ¥°¥é¥Õ¤òÉÁ¤¯¥­¥ã¥ó¥Ð¥¹¤¬ÁÞÆþ¤µ¤ì¤ëDIV¤ÎDOM, width: ¥°¥é¥ÕÉý, height: ¥°¥é¥Õ¹â, renderer: ¥°¥é¥Õ·Á¼°(ËÀ¥°¥é¥Õ¤È¤«ÀÞ¤ìÀþ¥°¥é¥Õ¤È¤«), series: [{"color": ¥°¥é¥Õ¥Ç¡¼¥¿¿§, "name": ¥Ç¡¼¥¿Ì¾(TLS1.2¤È¤«SHA256withRSA¤È¤«¥Ç¡¼¥¿Ì¾), "data": [{x: ÃÍ, y: ÃÍ}, {x: ÃÍ, y: ÃÍ} ...]}, : (Ê£¿ô¤Î¥Ç¡¼¥¿¤¬¤¢¤ì¤Ð³¤¯) ] }); graph.render(); </script>
Ʊ¤¸·Á¼°¤Î¥°¥é¥ÕÉÁ¤¯¤Î¤Ë¡¢Æ±¤¸¤è¤¦¤Ê¥³¡¼¥É½ñ¤¯¤Î¤âÌÌÅݤʤΤǡ¢¤µ¤é¤Ë¥é¥Ã¥Ñ¡¼¤òºî¤ê¤Þ¤·¤¿¡£
RickshawUtilGraph(¥°¥é¥ÕÉÁ¤¯DOM ID¤Î¶¦Ḁ̈إåÉ(¥°¥é¥Õ¤äËÞÎã¡¢XY¼´¤Ê¤É), ¥°¥é¥Õ¤Î¶¦Ḁ̈ƥó¥×¥ì¡¼¥È, ¥Ç¡¼¥¿(¥°¥é¥Õ¥Ç¡¼¥¿¡¢¥Ç¡¼¥¿Ì¾) [,¥ª¥×¥·¥ç¥ó¤Ç¥°¥é¥Õ·Á¼°¤òÊѤ¨¤¿¤¤¾ì¹ç¤Î¥Ñ¥é¥á¡¼¥¿] [,¥ª¥×¥·¥ç¥ó¤Ç¥°¥é¥Õ¿§ÊѤ¨¤¿¤¤¾ì¹ç¤Î¥Ñ¥é¥á¡¼¥¿]);
¤³¤ì¤Ç¤è¤¦¤ä¤¯¡¢SSL Pulse¤Î¹¹¿·¤¬¤¢¤Ã¤Æ¤â¡¢make °ìȯ¤Ç¥°¥é¥Õ¥Ç¡¼¥¿¤òºî¤ì¤ë¤Î¤Ç¡¢Ëè·î¤Î¹¹¿·¤âÉéô¤Ë¤Ê¤é¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£

¤È¤¤¤¦¤ï¤±¤Ç¡¢¤Þ¤ÀÁǤõ¤¤Ê¤¤¥Ú¡¼¥¸¤Ç¤¹¤¬ÆüËܸì¥Ú¡¼¥¸¸ø³«¤Ë¤³¤®¤Ä¤±¤Þ¤·¤¿¡£º£¤Þ¤Ç¤Ê¤«¤Ã¤¿É¾²Á¥°¥ì¡¼¥É(A-F)¤ÎʬÉÛ¿ä°Ü¤Î¥°¥é¥Õ¤ÏNPN¤ÎHTTP/2¥µ¥Ý¡¼¥È¥×¥í¥È¥³¥ë¤Î¿ä°Ü¤Î¥°¥é¥Õ¤âÉÕ¤±²Ã¤ï¤Ã¤Æ¤¤¤Þ¤¹¡£
42
¤·¤Ð¤é¤¯¤·¤¿¤é±Ñ¸ì¥Ú¡¼¥¸¤ÎºîÀ®¤Ë¤È¤ê¤«¤«¤ê¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

º£¸å¤È¤â¡¢¤è¤í¤·¤¯¤ª´ê¤¤¤·¤Þ¤¹¡£

´ØÏ¢µ­»ö

go.jp¥É¥á¥¤¥ó¤ÎHTTPS¥µ¥¤¥È¤Î¾õ¶·¤Ë¤Ä¤¤¤Æ»ä¤â¤ß¤Æ¤ß¤Þ¤·¤¿(2015ǯ3·î4Æü»þÅÀ)

·Ä±þµÁ½ÎÂç³Ø¤È¥ì¥Ô¥À¥à¤µ¤ó¤Ç¶¦Æ±Ä´ºº¤µ¤ì¤¿¡ÖÆüËÜÀ¯Éܵ¡´ØWeb¥µ¥¤¥È(.go.jp)¤ÎTLSÂбþ¾õ¶·¤Ë¤Ä¤¤¤Æ(2015.03.04)¡×¤òÂçÊѶ½Ì£¿¼¤¯ÇÒ¸«¤·¡¢¤â¤¦¤Á¤ç¤Ã¤ÈÃΤꤿ¤¤¤³¤È¤â¿¡¹¤¢¤Ã¤¿¤Î¤Ç¡¢»ä¤âÄ´¤Ù¤Æ¤ß¤ë¤«¤Ê¤¡¤È»×¤¤¡¢º£Æü¤Ï¤½¤Î¤´Êó¹ð¤ò¡¢¤È¡£

Ä´ººÂоÝ

.go.jp¥É¥á¥¤¥ó¤Î¥µ¥¤¥È¤Ë¤Ï¾ÊÄ£¡¢³°¶É¡¢ÆÈΩ¹ÔÀ¯Ë¡¿Í¡¢À¯ÉܷϤΥ¤¥Ù¥ó¥È¤Çºî¤é¤ì¤¿¥µ¥¤¥È¤Ê¤É¤¬¤¢¤ê¡¢¤½¤Î¤¦¤Á¥Ñ¥Ö¥ê¥Ã¥¯¤Ê¥µ¥¤¥È¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎËç¿ô¤Ï2015ǯ3·î4Æü»þÅÀ¤ÇÎß·×1,819Ëç¤Î¤è¤¦¤Ç¤·¤¿¡£¤½¤Î¤¦¤Á¡¢¥æ¥Ë¡¼¥¯¤Ê¥³¥â¥ó¥Í¡¼¥à(FQDN¤â¤·¤¯¤Ï¥ï¥¤¥ë¥É¡¼¥«¡¼¥É¾ÚÌÀ½ñ¤Î¥É¥á¥¤¥ó)¤Î¿ô¤Ï877¤¢¤ê¤Þ¤·¤¿¡£
gojp-01
¾ÊÄ£¡¢¤½¤ì¤é¤Î³°¶É¡¢¤½¤ì¤é¤¬½ê´É¤¹¤ëÆÈΩ¹ÔÀ¯Ë¡¿Í¤Î¿ô¤ÇʬÎह¤ë¤È°Ê²¼¤Î¤è¤¦¤Ê¹½À®¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£(¼Â¤Ï¤³¤Îɽ¤òºî¤ë¤Î¤¬°ìÈÖÂçÊѤÀ¤Ã¤¿¡£¾ÚÌÀ½ñ¤Ï¤¢¤ë¤«¤éFQDN¤Ï¤¹¤°¤Ë½¸¤Þ¤ë¤ó¤À¤±¤É¤â¡¢FQDN¤ÎÆÈË¡¤ä¶É¤ä°Ñ°÷²ñ¤Ê¤ó¤«¤¬¤É¤³¤Î¾ÊÄ£¤¬½ê´É¤·¤Æ¤¤¤ë¤Î¤«¤È¤«¡¢¥¤¥Ù¥ó¥È¥µ¥¤¥È¤Ï¤É¤³¤Ç´ÉÍý¤µ¤ì¤Æ¤¤¤ë¤«¤Ê¤É¤òGoogleÀèÀ¸¤ä¥Ö¥é¥¦¥¶¤Ç³«¤¤¤¿¤ê¤Ê¤ó¤«¤·¤Æ¡¢¤Á¤Þ¤Á¤ÞÄ´¤Ù¤ë¤ï¤±¤Ç¤¹¡£¤¤¤ä¡Á¡¢ÆÈË¡¤Ã¤Æ¤¤¤Ã¤Ñ¤¤¤¢¤ë¤ó¤¹¤Íorz)
gojp-02
ÆÈΩ¹ÔÀ¯Ë¡¿Í¤ò½ü¤¤¤¿¤â¤Î¤ÎÈæΨ¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤·¤¿¡£¤³¤ì¤Ë¤ÏºÇ¹âºÛȽ½ê¡¢Æâ³Õ´±Ë¼¡¢²ñ·×¸¡ºº±¡¡¢¹ñ²ñ¿Þ½ñ´Û¤Ê¤É¤â´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
gojp-03

¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢¤½¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¤¤¤ëǤ°Õ¤Î1¤Ä¤Î¥µ¥¤¥È¤¬¸«¤Ä¤«¤ì¤Ð¡¢¤½¤Î¥µ¥¤¥È¤òÄ´ººÂоݤȤ·¤Þ¤·¤¿¡£

¥¤¥Ù¥ó¥È¤Ç°ì»þŪ¤ËΩ¤Á¾å¤¬¤Ã¤Æ¤¿¥µ¥¤¥È¤äÄä»ß¤·¤¿¥µ¡¼¥Ð¡¼¤Ê¤É¤¬¤¢¤ê¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤«¤é¥¢¥¯¥»¥¹²Äǽ¤Êgo.jp¥É¥á¥¤¥ó¤ÎHTTPS¥µ¥¤¥È¤Ï882Ãæ¡¢722¤Ç¤¢¤ê¡¢ º£²ó¤Ï722¤Îgo.jp¥É¥á¥¤¥ó¥µ¥¤¥È¤òÄ´ººÂоݤȤ·¤Þ¤·¤¿¡£

SSL/TLS¥×¥í¥È¥³¥ë

¤Þ¤ººÇ½é¤Ë¡¢go.jp¥É¥á¥¤¥ó¤Î¥µ¥¤¥È¤ÎSSL/TLS¥×¥í¥È¥³¥ë¤Î¥µ¥Ý¡¼¥È¾õ¶·¤ò¸«¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£¥À¥¦¥ó¥°¥ì¡¼¥É¹¶·â¤äPOODLE¹¶·â¤ÇÌäÂê¤È¤Ê¤ëSSLv2¡¢SSLv3¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¥µ¥¤¥È¤¬¤«¤Ê¤ê¤¢¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¡¢Á´¤Æ¤Î*.go.jp¥É¥á¥¤¥ó¡¢¤Ä¤Þ¤ê¾ÊÄ£¤ÈÆÈË¡¤ò¹ç¤ï¤»¤¿Àܳ²Äǽ¤Ê722¥µ¥¤¥È¤ËÂФ·¤Æ¡¢Âбþ¥×¥í¥È¥³¥ë¤ò¥°¥é¥Õ¤Ë¤·¤Þ¤·¤¿¡£
gojpa-1
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢333¥µ¥¤¥È¤¬Àܳ²Äǽ¤Ç¡¢Æ±ÍͤËÂбþ¥×¥í¥È¥³¥ë¤ò¥°¥é¥Õ¤Ë¤·¤Þ¤·¤¿¡£
gojpa-2
¥À¥¦¥ó¥°¥ì¡¼¥É¹¶·â¤ÇÀȼå¤ÊSSLv2¤Ï¤«¤Ê¤ê¾¯¤Ê¤¤¤Ç¤¹¤¬¡¢POODLE¹¶·â¤ÇÀȼå¤È¤µ¤ì¤ëSSLv3¤¬»È¤¨¤ë¥µ¥¤¥È¤Ï̤¤À¤Ë3¡¢4³ä¤Î¥µ¥¤¥È¤ÇÍøÍѲÄǽ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

°Å¹æ¥¹¥¤¡¼¥È(¶¦Ä̸°°Å¹æ)

¼¡¤Ë¡¢°Å¹æ¥¹¥¤¡¼¥È(CipherSuite)¤Î¤¦¤Á¡¢»ÈÍѲÄǽ¤Ê¶¦Ä̸°°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Ë¤Ä¤¤¤Æ¸«¤Æ¤¤¤­¤Þ¤·¤ç¤¦¡£ºÇ½é¤ËÁ´*.go.jp¥É¥á¥¤¥ó¤ËÂФ·¤Æ¤Ç¤¹¡£
gojpa-3
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¤Î¥°¥é¥Õ¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£
gojpa-4
¤É¤Á¤é¤âAES¤Ï¤Û¤È¤ó¤É¤Î¥µ¥¤¥È¤ÇÍøÍѤǤ­¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢¼å¤¤°Å¹æ¤Ç¤¢¤ë3DES¤äRC4¤â8¡¢9³ä¤Î¥µ¥¤¥È¤ÇÍøÍѤǤ­¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤Þ¤¿¡¢¹ñ»º¤Î°Å¹æ¤Ç¤¢¤ëCamellia¤â2³äÄøÅ٤Υµ¥¤¥È¤Ç»È¤¨¤Þ¤¹¤¬¡¢SEED¤äIDEA¤âƱÄøÅÙ¤·¤«¤Ê¤¤¤È¤¤¤¦¤Î¤Ï¾¯¤·»ÄÇ°¤Ç¤¹¤Í¡£

¥Ö¥í¥Ã¥¯°Å¹æ¥â¡¼¥É¤Ë¤Ä¤¤¤Æ¤Ï¡¢GCM¤ÈCBC¤·¤«¤¢¤ê¤Þ¤»¤ó¤¬¡¢Á´*.go.jp¤Ç¤Î¥µ¥Ý¡¼¥È¾õ¶·¤Ï°Ê²¼¤ÎÄ̤ê¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpa-5
¤Þ¤¿¡¢ÆÈË¡¤òÈ´¤¤¤¿¾ì¹ç°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpa-6
¥Ö¥í¥Ã¥¯°Å¹æ¤ò°ìÀÚ¥µ¥Ý¡¼¥È¤»¤º¡¢¥¹¥È¥ê¡¼¥à°Å¹æ¤Î°Å¹æ¥¹¥¤¡¼¥È¡¢¤Ä¤Þ¤êRC4¤·¤«¥µ¥Ý¡¼¥È¤·¤Ê¤¤¥µ¥¤¥È¤Ï̵¤«¤Ã¤¿¤¿¤á¡¢Á´¿ô¤Ï722¡¢333¤ÇƱ¤¸¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

°Å¹æ¥¹¥¤¡¼¥È(¸°¸ò´¹)

¼¡¤Ë¡¢°Å¹æ¥¹¥¤¡¼¥È¤Ç»È¤ï¤ì¤Æ¤¤¤ë¸°¸ò´¹¤Ë¤Ä¤¤¤Æ¤ß¤Æ¤ß¤Þ¤·¤ç¤¦¡£

¤Þ¤ººÇ½é¤Ëµ¤¤Ë¤Ê¤ë¤Î¤¬¡¢¥¹¥Î¡¼¥Ç¥ó¤Î˽Ϫ¤·¤¿NSA¤ÎÅðÄ°ÌäÂê¤ò¤­¤Ã¤«¤±¤Ë¡¢PFS(Perfect Forward Secrecy)¤ò¥µ¥Ý¡¼¥È¤¹¤ë°Å¹æ¥¹¥¤¡¼¥È¤ò»È¤¦¤³¤È¤ò¿ä¾©¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£ ¶ñÂÎŪ¤Ë¤ÏDH¡¢DHE¡¢ECDH¡¢ECHDE¤Î¤¤¤º¤ì¤«¤ò¸°¸ò´¹¤Ë»È¤¦°Å¹æ¥¹¥¤¡¼¥È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ PFS¡¢DH¡¢DHE¡¢ECDH¡¢ECDHE¤Î*.go.jp¥É¥á¥¤¥ó¤Ç¤Î¥µ¥Ý¡¼¥È¾õ¶·¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£
gojpa-7
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpa-8
DHE¤äDH¤Ï½èÍý¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤¬°­¤«¤Ã¤¿¤ê¡¢Ä¹¤¤¸°Ä¹¤ò¥µ¥Ý¡¼¥È¤¹¤ë¼ÂÁõ¤¬¾¯¤Ê¤¤¤Î¤Ç¡¢ECDH¤äECDHE¤ò»È¤¨¤ë¤è¤¦¤Ë¤·¤ÆÍߤ·¤¤¤Ç¤¹¤Í¡£

DH¡¢DHE¤Î°Å¹æ¥¹¥¤¡¼¥È¤ÇÉÔ½½Ê¬¤Ê¸°Ä¹¤ÎÀȼå¤Ê¥µ¥¤¥È¤¬Ìµ¤¤¤«³Îǧ¤¹¤ë¤¿¤á¤Ë¡¢DH¤Î¸°Ä¹Ê̤˥µ¥Ý¡¼¥È¾õ¶·¤ò¤ß¤Æ¤ß¤Þ¤·¤ç¤¦¡£¤Þ¤º¤ÏÁ´*go.jp¥É¥á¥¤¥ó¤Ç¸«¤Æ¤ß¤Þ¤¹¡£
gojpb-01
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpb-02
RSA 1024bit°Ê²¼¤Î¾ÚÌÀ½ñ¤¬»È¤¨¤Ê¤¯¤Ê¤Ã¤¿¤Î¤ÈƱÍͤËDiffie-Hellman(DH) 1024bit°Ê²¼¤Ë¤è¤ë¸°¸ò´¹¤ò¤¹¤ë¤Ù¤­¤Ç¤Ï¤Ê¤¤¤½¤¦¤Ç¤¹¡£¤¿¤À¡¢DH 1024bit°Ê²¼¤·¤«¥µ¥Ý¡¼¥È¤·¤Ê¤¤¼ÂÁõ¤¬Â¿¤«¤Ã¤¿¤ê¡¢¥Ç¥Õ¥©¥ë¥È¤ÇDH 1024bit¤Ç¤¢¤Ã¤¿¤ê¤¹¤ë¤³¤È¤«¤é¡¢¥ê¥¹¥¯²óÈò¤Î¤¿¤á¤ËDH¤äDHE¤ò»È¤ï¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Î¤¬Îɤ¤¤È»×¤¤¤Þ¤¹¡£

ECDH¡¢ECDHE¤Ç¤Ï¸°¥Ñ¥é¥á¡¼¥¿(=¶ÊÀþ̾)¤Ï¤É¤¦¤Ê¤Ã¤Æ¤¤¤ë¤Ç¤·¤ç¤¦¤«¡£¤Þ¤º¤Ï¡¢Á´*.go.jp¥É¥á¥¤¥ó¤Ç¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
gojpb-03
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpb-04
ECDH¡¢ECDHE¤ò¥µ¥Ý¡¼¥È¤¹¤ë¾ì¹ç¤Ë¡¢¸°¸ò´¹¤Ç»È¤ï¤ì¤ë̾Á°ÉÕ¤­¶ÊÀþ¤¬NIST P-256(=secp256r1)¤Ê¤Î¤Ï°ìÈÌŪ¤À¤·¡¢¥Ö¥é¥¦¥¶¤Ç¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë»ö¤¬Â¿¤¤¤Î¤Ç¤¤¤¤¤Ç¤¹¤¬¡¢NIST B-571(=sect571r1)¤Ã¤ÆÀ¤¤ÎÃæ¤Ç»È¤Ã¤Æ¤ë¤È¤³¤í¤ò¸«¤¿»ö¤¬¤Ê¤«¤Ã¤¿¤Î¤Ç¥Ó¥Ã¥¯¥ê¤·¤Þ¤·¤¿¡£¾ÊÄ£¤Î1¥µ¥¤¥È¤ÈÆÈË¡¤Î9¥µ¥¤¥È¤ÏÀè¿ÊŪ¤È¤¤¤¦¤«¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÀßÄꤵ¤ì¤º¡¢°Õ¿ÞŪ¤Ë¤ä¤Ã¤Æ¤ë¤Ë·è¤Þ¤Ã¤Æ¤ë¤Î¤ÇÀ¨¤¤¤Ê¤¡¤È»×¤¤¤Þ¤·¤¿¡£¤½¤³¤Ë¥Ö¥é¥¦¥¶¤Ç·Ò¤¤¤Ç¤ß¤¿¤ó¤Ç¤¹¤¬¡¢TLS_RSA_WITH_RC4_128_SHA¤ÇÀܳ¤·¤Æ¤·¤Þ¤¤»ÄÇ°orz¡£

°Å¹æ¥¹¥¤¡¼¥È(¥á¥Ã¥»¡¼¥¸Ç§¾Ú(MAC))

À¤¤ÎÃæ¤Ç¤Ï¡¢¥á¥Ã¥»¡¼¥¸Ç§¾Ú¤Ë´Ø¤·¤Æ¤ÏMD5¤Ï¥À¥á¡¢SHA1¤«¤éSHA2¤Ë°Ü¹Ô¤·¤Æ¤¤¤ë²áÄø¤Ë¤¢¤ë¤Î¤«¤Ê¤È»×¤¤¤Þ¤¹¡£¤Þ¤º¡¢Á´*.go.jp¥É¥á¥¤¥ó¤Ë¤Ä¤¤¤Æ¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
gojpb-05
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpb-06
Àȼå¤ÊHmacMD5¤ò»È¤Ã¤¿°Å¹æ¥¹¥¤¡¼¥È¤¬ÍøÍѤǤ­¤ë¥µ¥¤¥È¤¬4³ä¶á¤¯»Ä¤Ã¤Æ¤¤¤ë¤Î¤ÏÌäÂ꤫¤Ê¤È»×¤¤¤Þ¤¹¡£

SSL/TLS¹¶·â¤ËÀȼå¤Ê¥µ¥¤¥È

BEAST¹¶·â¡¢POODLE¹¶·â¡¢FREAK¹¶·â¤Ê¤É¡¢SSL/TLS¥×¥í¥È¥³¥ë¤ä°Å¹æ¥¹¥¤¡¼¥È¤ÎÀßÄê¤Ë¤è¤ëÀȼåÀ­¤Î±Æ¶Á¤ò¤ß¤Æ¤ß¤Þ¤·¤ç¤¦¡£Á´*.go.jp¥É¥á¥¤¥ó¤Ç¤Î¤³¤ì¤é¤Î¹¶·â¤Î±Æ¶Á¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£ (¾¯¤·¥°¥é¥Õ¤Ë¥´¥ß¤¬Æþ¤Ã¤¿¤±¤É¡¢¤Þ¤¡¡¢¤¤¤Ã¤«)
gojpb-07
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpb-08

¤½¤Î¾¤ÎSSL/TLS¥µ¡¼¥Ð¡¼¤ÎÀßÄê

SSL/TLS¤Ç¤ÏÀܳ¤¹¤ëºÝ¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¥¯¥é¥¤¥¢¥ó¥È¤¬Ä󼨤¹¤ë°Å¹æ¥¹¥¤¡¼¥È¤Î¥ê¥¹¥È¤ÎÍ¥Àè½ç°Ì¤Ë´ð¤Å¤¤¤Æ¡¢¥µ¡¼¥Ð¡¼¤È»ÈÍѤ¹¤ë°Å¹æ¥¹¥¤¡¼¥È¤¬¤µ¤ì¤Þ¤¹¤¬¡¢¤³¤ì¤À¤È¹ó¤¤¥¯¥é¥¤¥¢¥ó¥È¤Î¾ì¹ç¡¢Àȼå¤Ê°Å¹æ¥¹¥¤¡¼¥È¤¬»ÈÍѤµ¤ì¤Æ¤·¤Þ¤¦²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤òËɻߤ¹¤ë¤¿¤á¤Ë¡¢ÀßÄê¤Ë¤è¤ê¥µ¡¼¥Ð¡¼Â¦¤Î»ý¤Ä¥ê¥¹¥È¤òÍ¥À褷¤Æ»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¤³¤ì¤¬¡Ö¥µ¡¼¥Ð¡¼Â¦°Å¹æ¥¹¥¤¡¼¥ÈÍ¥Àè¡×¤Ç¤¹¡£Apache¤Ç¤¢¤ì¤ÐSSLHonorCipherOrder "on"¤ÇÀßÄê¤Ç¤­¤Þ¤¹¡£

OCSP Stapling¤È¤Ï¡¢TLS¤Î³ÈÄ¥¤Ç¥×¥é¥¤¥Ð¥·¡¼Êݸî¤È¾ÚÌÀ½ñ¼º¸ú¸¡¾Ú¤Î¸í¤ê¤Ø¤ÎÂкö¤Ç¤¹¡£ ¤Þ¤º¤ÏÁ´*go.jp¥É¥á¥¤¥ó¤Ç¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
gojpb-09
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpb-10
OCSP Stapling¤ÎƳÆþ¤Ï¤Ê¤«¤Ê¤«¿Ê¤ó¤Ç¤¤¤Ê¤¤¸½¾õ¤¬¤è¤¯¤ï¤«¤ê¤Þ¤¹¡£¤¿¤À¡¢Àè¿ÊŪ¤ÊÀßÄê¤ò¤·¤Æ¤¤¤ëÀ¯ÉÜ·Ï¥µ¥¤¥È¤â¤¢¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ

Á´*.go.jp¥É¥á¥¤¥ó¤Î¥¢¥¯¥Æ¥£¥Ö¤Ê¥µ¥¤¥È¤Î¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Îȯ¹Ô¸µ¤Î ¾ÚÌÀ½ñȯ¹Ô¥µ¡¼¥Ó¥¹¤ÇʬÎष¤¿¤Î¤¬°Ê²¼¤Ç¤¹¡£
gojpb-11
ÆÈË¡¤ò½ü¤¤¤¿¾ì¹ç¡¢°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
gojpb-12
¤ä¤Ï¤êVeriSign¤ÎÈæΨ¤¬¤«¤Ê¤ê¹â¤¯¡¢GPKI Application CA¡¢GlobalSign¡¢Cybertrust¤Ê¤É¤â´èÄ¥¤Ã¤Æ¤¤¤Þ¤¹¡£ÆäËÆÈË¡¤ò½ü¤¤¤¿¤Ë¤Ï¡¢GPKI Application CA 2¤ÎÈæΨ¤â¤«¤Ê¤ê¹â¤¤¤Ç¤¹¡£ ÄÁ¤·¤¤½ê¤Ç¤ÏServision¡¢KAGOYA¡¢Firstserver¡¢AlphaSSL¤Ê¤É¤ò»È¤Ã¤Æ¤¤¤ë¤È¤³¤í¤â¤¢¤ê¤Þ¤·¤¿¡£ 822Ëç¤Î¤¦¤Á¥ï¥¤¥ë¥É¥«¡¼¥É¾ÚÌÀ½ñ¤Ï19Ëç¡¢EV SSL¾ÚÌÀ½ñ¤Ï24Ëç¤Ç¤·¤¿¡£

¼¡¤ËÀܳ²Äǽ¤ÊÁ´*.go.jp 723¥É¥á¥¤¥ó¤Ë¤ª¤±¤ë¡¢¾ÚÌÀ½ñ¤Î¸ø³«¸°¥¢¥ë¥´¥ê¥º¥à¤È¸°Ä¹¤Ë¤Ä¤¤¤Æ¤ß¤Æ¤ß¤Þ¤·¤ç¤¦¡£Á´¤Æ¤¬RSA¸°¤Ç¤¢¤Ã¤Æ¡¢ECC¸°¤äDSA¸°¤Ï¤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£¤Þ¤¿¡¢¸°Ä¹¤Ï2048bit¤¬¤Û¤È¤ó¤É¤Ç¡¢¤Û¤ó¤Î¾¯¤·1024bit¤¬»Ä¤Ã¤Æ¤ª¤ê¡¢4098bit¤Ê¤É¤ÎŤ¤¤â¤Î¤Ï¤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£
gojpc-01
¤Þ¤¿¡¢723¤ÎRSA¸°¤Ë¤Ä¤¤¤Æ¸ø³«»Ø¿ô¤ÏÁ´¤Æ65537(0x10001)¤Ç¤·¤¿¡£¸ø³«»Ø¿ô¤Ë3¤Ê¤É¤¬»È¤ï¤ì¤Æ¤¤¤ë¤¿¤á¤ËÈëÌ©¸°¤¬Æþ¼ê¤Ç¤­¤ë¤È¤¤¤Ã¤¿ÌäÂ꤬¤¢¤ë¥µ¥¤¥È¤Ï0¤Ç¤·¤¿¡£
gojpc-02

½ð̾¥¢¥ë¥´¥ê¥º¥à¤Ë¤Ä¤¤¤Æ¤ÏSHA256withRSA¡¢SHA1withRSA¡¢MD5withRSA¤Î¤¤¤º¤ì¤«¤·¤«¤Ê¤¯¡¢SHA256withRSA¤Î°Ü¹Ô¤¬30%°Ê¾å¤ÈChrome¤äWindows¤ÎSHA1¤Î̵¸ú²½¤¬2017ǯ1·î¤ËÇ÷¤Ã¤Æ¤¤¤ë¤³¤È¤«¤é¡¢SHA1¤«¤éSHA2¤Ø¤Î°Ü¹Ô¤Ï¤«¤Ê¤ê¿Ê¤ó¤Ç¤¤¤Þ¤¹¡£
gojpc-03

¾ÚÌÀ½ñ¤ÎÍ­¸ú´ü´Ö¤Ë¤Ä¤¤¤Æ¤Ï¡¢1ǯʪ¡¢3ǯʪ¡¢2ǯʪ¤Î½ç¤Ë¿¤¯¡¢10ǯʪ¤Ï1¥µ¥¤¥È¤Î¤ß¤Ç¤·¤¿¡£
gojpc-04

Google Chrome¤¬2017ǯ1·î¤Þ¤Ç¤ËSHA1¾ÚÌÀ½ñ¤ËÂФ·¤ÆÃʳ¬Åª¤Ë·Ù¹ð¤ò½Ð¤·¤Æ¤¤¤­¡¢SHA2¾ÚÌÀ½ñ¤Ø¤Î°Ü¹Ô¤òÂ¥¤¹¤È¤¤¤¦¥Þ¥¤¥ë¥¹¥È¡¼¥ó¤¬¥¢¥Ê¥¦¥ó¥¹¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢Í­¸ú´ü¸Â¤¬¤É¤Î»þ´ü¤Ç¤¢¤ë¤«¤òÄ´¤Ù¤Æ¤ß¤Þ¤·¤¿¡£
gojpc-05
Í­¸ú´ü¸Â¤¬2017ǯ1·î¤òĶ¤¨¤ë¾ÚÌÀ½ñ¤¬144¥µ¥¤¥È¤Ç¤¢¤ê¡¢Chrome¤Ç¤Î·Ù¹ðɽ¼¨¤òÈò¤±¤ë¤¿¤á¤ËSHA2¾ÚÌÀ½ñ¤Ø¤Î¥ê¥×¥ì¡¼¥¹¤¬É¬Íפˤʤê¤Þ¤¹¡£

¤Þ¤¿¡¢¾ÚÌÀ½ñ¤ÎOCSP¤Ë¤è¤ë¼º¸ú¸¡¾Ú¡¢EV SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¡¢Certificate Transparency(CT)¤Î¤¿¤á¤ÎÁȹþ¤ß¤ÎSigned Certificate Timestamp(SCT)³ÈÄ¥¤Î¥µ¥Ý¡¼¥È¾õ¶·¤Ë¤Ä¤¤¤ÆÄ´¤Ù¤Æ¤ß¤Þ¤·¤¿¡£CT¥µ¥Ý¡¼¥È¤¬11¥µ¥¤¥È¤â¤¢¤Ã¤¿¤Î¤Ë¤Ï¡¢¾¯¤·¶Ã¤­¤Þ¤·¤¿¡£
gojpc-06

¤ª¤ï¤ê¤Ë

°Ê¾å¡¢*.go.jp ¥É¥á¥¤¥ó¤ÎHTTPS¥µ¥¤¥È¤Ë¤Ä¤¤¤Æ¼«Ê¬¤Ê¤ê¤ËÄ´ºº¤·¤Æ¤ß¤Þ¤·¤¿¡£SSL Pulse¤È¤Î¾õ¶·¤ÈÈæ³Ó¤·¤Æ¡¢°Ê²¼¤Î¥Ý¥¤¥ó¥È¤Ç¼ã´³¥³¥ó¥µ¥Ð¥Æ¥£¥Ö¤È¤¤¤¦¤«¸Å¤¤ÀßÄê¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Ê¤È¤¤¤¦´¶¤¸¤Ï¤·¤Þ¤¹¡£

  • GCM¤¬¤¢¤Þ¤ê»È¤ï¤ì¤Æ¤¤¤Ê¤¤
  • ECDHE¤è¤ê¤âDHE¤¬»È¤ï¤ì¤ë
  • EXP¡¢DES¤Ê¤É¤Î¸Å¤¤°Å¹æ¥¹¥¤¡¼¥È¤¬¤«¤Ê¤ê»Ä¤Ã¤Æ¤¤¤ë
  • SSLv2¤Ê¤É¤â¤«¤Ê¤ê»Ä¤Ã¤Æ¤¤¤ë´¶¤¸¤¬¤¹¤ë
¥µ¡¼¥Ð¡¼¤¬¤­¤Á¤ó¤ÈÂбþ¤·¤Æ¤¯¤ì¤Ê¤¤¤Ê¤é¡¢¥¯¥é¥¤¥¢¥ó¥È¦¤ÇºÇ¿·¤Î¥Ö¥é¥¦¥¶¤ò»È¤¦¤Ê¤É¤Ç¼«±Ò¤¹¤ë¤·¤«¤Ê¤¤¤Î¤«¤Ê¤È»×¤¤¤Þ¤¹¡£

º£Æü¤Ï¤³¤ÎÊդǡ£

Äɵ­

  • 2015.03.11 08:34 - 3/4¤«¤é3/11 0:00º¢¤Î¹¹¿·¤ò³Îǧ¤·¤¿¤égo.jp¥É¥á¥¤¥ó¤ÎHTTPS¥µ¥¤¥È¤Ï3¤Ä¤·¤«Áý¤¨¤Æ¤¤¤Ê¤¤¤è¤¦¤Ç¤¹¡£¤½¤ó¤Ê¤ËÉÑÈˤ˹¹¿·³Îǧ¤·¤Ê¤¯¤Æ¤è¤µ¤½¤¦¤Ê¤Î¤Ç¡¢¤Á¤ç¤Ã¤È°Â¿´¤·¤Þ¤·¤¿¡£¸½»þÅÀ¤Ç¤Ï¾ÚÌÀ½ñ¤ÎÄ´ºº¹àÌܤ¬½½Ê¬¤Ç¤Ê¤¤¤Î¤Ç¡¢¤½¤Î¤¦¤ÁÄɲ䷤Ƥª¤­¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
  • 2015.03.12 00:11 - *.go.jp¥É¥á¥¤¥ó¤ÎSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤ÆÄ´¤Ù¤¿»ö¤òÄɵ­¤·¤Þ¤·¤¿¡£
  • 2015.03.12 07:55 - ¾ÚÌÀ½ñ¤ÎÄ´ºº¤Ç¤Ê¤¼722¤«¤é723¤ËÁý¤¨¤¿¤«¤È¤¤¤¦¤È¡¢HTTPSÄÌ¿®¤Ï¤Ç¤­¤Æ¾ÚÌÀ½ñ¤Ï¼è¤ì¤ë¤ó¤À¤±¤É¡¢Âбþ°Å¹æ¥¹¥¤¡¼¥È¤òÄ´¤Ù¤è¤¦¤È¤¹¤ë¤È¥¿¥¤¥à¥¢¥¦¥È¤·¤Á¤ã¤¦¥µ¥¤¥È¤¬°ì¤Ä¤¢¤Ã¤¿¤¿¤á¡¢¤³¤ó¤Ê¤³¤È¤Ë¤Ê¤Ã¤Æ¤Þ¤¹¡£

POODLE¹¶·â¤Ë¤Ä¤¤¤ÆËÜÅö¤ËTLSv1.0¤Ê¤é°ÂÁ´¤Ê¤Î¤«¡©

POODLE¹¶·â¤Ï¡¢±¿Íѵ㤫¤»¤È¤¤¤¦¤«¡¢SSLv3¤Î¥µ¥Ý¡¼¥È¤òËÜÅö¤ËÀڤäÁ¤ã¤Ã¤Æ¤¤¤¤¤Î¤«¡¢¥ì¥¬¥·¡¼¥¯¥é¥¤¥¢¥ó¥È¤Ë¤Ä¤¤¤ÆÂбþ¤¹¤ë¤Î¤¬¤¤¤¤¤Î¤«¡¢Çº¤à½ê¤Ç¤¹¤è¤Í¡£ShellShockÁû¤®¤µ¤¨¤Þ¤À¤¦¤Á¤Ç¤Ï¼ý«¤·¤Æ¤¤¤Ê¤¤¤Î¤Ë¡¦¡¦¡¦

POODLE¹¶·â¤Ï¡¢¡ÖSSLv3¤ÎÌäÂê¤Ç¤¢¤Ã¤ÆTLSv1.0°Ê¾å¤Ç¤Ï(¥Ñ¥Ç¥£¥ó¥°¤ÎÊýË¡¤¬°ã¤¦¤Î¤Ç)±Æ¶Á¤¬Ìµ¤¤¡×¤È¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢nahi¤µ¤ó¤«¤é¥³¥á¥ó¥È¤â¤é¤Ã¤Æ¡Ö¼ÂÁõ°Í¸¤À¤±¤ÉTLSv1.0¤Ç¤â´í¸±¤Ê¼ÂÁõ¤¬¤¢¤ë¤ó¤¸¤ã¤Ê¤¤¤Î¡©¡×¤È¤¤¤¦¤³¤È¤Ç¡¢¤½¤Î»ö¤ò½ñ¤¤¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

º£²ó¤ÎPOODLE¹¶·â¤Ë¤Ä¤¤¤Æ¤Ï¡¢²¿¤¬ÌäÂê¤Ç¤É¤Î¤è¤¦¤Ë¤¹¤ì¤Ð¹¶·â¤Ç¤­¤ë¤Î¤«¤È¤¤¤¦¡¢¾Ü¤·¤¤¿ÞÆþ¤ê¤ÎÁÇÀ²¤é¤·¤¯È½¤ê¤ä¤¹¤¤²òÀâ¤ò¥â¥Ð¥²¡¼¤µ¤ó¤¬ ¡ÖSSL v3.0¤ÎÀȼåÀ­¡ÖPOODLE¡×¤Ã¤Æ¤«¤ï¤¤¤¤Ì¾Á°¤À¤±¤É²¿¡©¡© - Padding Oracle On Downgraded Legacy Encryption¤Î»ÅÁÈ¤ß -¡×¤Ç¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¤½¤Á¤é¤ò¤´Í÷¤Ë¤Ê¤ë¤ÈÎɤ¤¤È»×¤¤¤Þ¤¹¡£

SSLv3¤ÈTLSv1.0°Ê¹ß¤Î¥Ö¥í¥Ã¥¯°Å¹æ¤Î¥Ñ¥Ç¥£¥ó¥°¤Î°ã¤¤

SSL/TLS¤ÇAES¤ä3DES¤Ê¤É¤Î¥Ö¥í¥Ã¥¯°Å¹æ¤ò»È¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢°Å¹æ²½¤¹¤ë¥Ç¡¼¥¿¤Ï¥Ö¥í¥Ã¥¯¤ÎÂ礭¤µ¤ÎÀ°¿ôÇÜ¡¢¤Ä¤Þ¤ê¡¢AES-256¤Ê¤é32¥Ð¥¤¥È¡¢AES-128¤Ê¤é16¥Ð¥¤¥È¡¢3DES¤Ê¤é24¥Ð¥¤¥È¤ÎÇÜ¿ô¤Ç¤Ê¤¤¤È¤¤¤±¤Þ¤»¤ó¡£¤Ç¡¢¤½¤ÎÂ礭¤µ¤Ë·¤¦¤è¤¦¤Ë¥Ñ¥Ç¥£¥ó¥°¤È¸Æ¤Ð¤ì¤ë·ä´Ö¤ÎµÍ¤áʪ¤ò¤·¤ÆÇÜ¿ô¤Ë¤Ê¤ë¤è¤¦¤ËÄ´À°¤¹¤ë¤ï¤±¤Ç¤¹¡£

Î㤨¤Ð¡¢°Å¹æ¥¹¥¤¡¼¥È¤È¤·¤Æ¡¢AES-128(16¥Ð¥¤¥È)¡¢SHA1(20¥Ð¥¤¥È)¤ò»È¤Ã¤Æ¤¤¤ë¤È¤·¤Æ¡¢8¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¤ò°Å¹æ²½¤¹¤ë¤È¤·¤Þ¤·¤ç¤¦¡£¥Ñ¥Ç¥£¥ó¥°¤·¤¿°Å¹æ²½¤¹¤ë¤¿¤á¤ÎÆþÎϤÏ

ʿʸ(8)¡ÜHmacSHA1¥á¥Ã¥»¡¼¥¸Ç§¾Ú¥³¡¼¥É(20)¡Ü¥Ñ¥Ç¥£¥ó¥°(3)+¥Ñ¥Ç¥£¥ó¥°Ä¹(1)¡áAES¥Ö¥í¥Ã¥¯Ä¹(16)¡ß2
¤È¤Ê¤ê¤Þ¤¹¡£É¬¤º¥Ñ¥Ç¥£¥ó¥°Ä¹¤Î1¥Ð¥¤¥È¤Ï´Þ¤Þ¤ì¤Þ¤¹¡£¥Ñ¥Ç¥£¥ó¥°¤ÎŤµ¤Ï(¥Ö¥í¥Ã¥¯Ä¹-1)¤òĶ¤¨¤Ê¤¤ÃͤǺ£²ó¤Ï3¤È¤Ê¤ê¤Þ¤¹¡£

¤µ¤Æ¡¢SSLv3¤ÈTLSv1.0¤Î¥Ñ¥Ç¥£¥ó¥°ÊýË¡¤Î°ã¤¤¤Ç¤¹¤¬¡¢

  • SSLv3¤Î¾ì¹ç¤Ï¥Ñ¥Ç¥£¥ó¥°¤ÎÃͤÏǤ°Õ¤ÎÃͤò¼è¤ì¤ë
  • TLSv1.0¤Î¾ì¹ç¤Ï¥Ñ¥Ç¥£¥ó¥°¤ÏPKCS#5¥Ñ¥Ç¥£¥ó¥°Êý¼°¤òÍѤ¤¡¢ ¶ñÂÎŪ¤Ë¤Ï¥Ñ¥Ç¥£¥ó¥°ÃͤγƥХ¤¥È¤Ï¥Ñ¥Ç¥£¥ó¥°Ä¹¤ÈƱ¤¸Ãͤ¬ÀßÄꤵ¤ì¤ë¡£
¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£Àè¤Û¤É¤Î3¥Ð¥¤¥È¤Î¥Ñ¥Ç¥£¥ó¥°¤¬¤¢¤ë¥±¡¼¥¹¤Ç¤Ï ²¼¤ÎÎã¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
¥Ñ¥Ç¥£¥ó¥°(3)+¥Ñ¥Ç¥£¥ó¥°Ä¹ [a0][f3][62][03] - SSLv3¤Î¾ì¹ç(ÀèƬ3¥Ð¥¤¥È¤ÏǤ°Õ) [03][03][03][03] - TLSv1.0¤Î¾ì¹ç(ÀèƬ3¥Ð¥¤¥È¤Ï¥Ð¥¤¥ÈŤÈƱ¤¸ÃÍ)
º£²ó¤ÎPOODLE¹¶·â¤Ç¤Ï¡¢SSLv3¤¬¥Ñ¥Ç¥£¥ó¥°¤ÎÃͤ¬Ç¤°Õ¤Ç¤¢¤ë¤¿¤á¤Ë¡¢ ¸úΨŪ¤ËÆÃÄê¤Î°ÌÃÖ¤Î1¥Ð¥¤¥È¤Îʿʸ¤òÉü¸µ¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¤ï¤±¤Ç¤¹¡£ ¥â¥Ð¥²¡¼¤µ¤ó¤Î²òÀâ¤Ë¤¢¤ëÄ̤ꡢSSLv3¤Î¾ì¹ç¤Ï256²ó¤ÎHTTPSÍ×µá¤Î»î¹Ô¤Ç 1¥Ð¥¤¥È¤ò²òÆɤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¤¬¡¢TLSv1.0¤Î¾ì¹ç¤Ë¤Ï256¤Î16¾è¤Î »î¹Ô¤¬É¬Íפʤ¿¤á¤Ë¸½¼ÂŪ¤Ê»þ´Ö¤ÇÉü¸µ¤¹¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£

¤Ç¡¢ËÜÅö¤ËTLSv1.0¤Ê¤é°ÂÁ´¤Ê¤Î¡©

º£Æü¤ÎËÜÂê¤ÎTLSv1.0¤Ê¤éËÜÅö¤Ë°ÂÁ´¤Ê¤Î¤«¡¢¤È¤¤¤¦Ïäʤó¤Ç¤¹¤¬¡¢ ¤È¤ê¤¢¤¨¤º¡¢TLSv1.1¤ÈTLSv1.0¤Î¥Ñ¥Ç¥£¥ó¥°¤Ë´Ø¤¹¤ëµ¬Äê¤ò ¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£

¤Þ¤º¡¢TLSv1.1¤Ë¤Ä¤¤¤Æ¤Ç¤¹¤¬¡¢

RFC 4346 TLSv1.1 6.2.3.2 CBC Block Cipher¤è¤ê
padding
Padding that is added to force the length of the plaintext to be an integral multiple of the block cipher's block length. The padding MAY be any length up to 255 bytes, as long as it results in the TLSCiphertext.length being an integral multiple of the block length. Lengths longer than necessary might be desirable to frustrate attacks on a protocol that are based on analysis of the lengths of exchanged messages. Each uint8 in the padding data vector MUST be filled with the padding length value. The receiver MUST check this padding and SHOULD use the bad_record_mac alert to indicate padding errors.
¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

°ìÊý¡¢TLSv1.0¤Ç¤¹¡£

RFC 2246 TLSv1.0 6.2.3.2 CBC Block Cipher ¤è¤ê
padding
Padding that is added to force the length of the plaintext to be an integral multiple of the block cipher's block length. The padding may be any length up to 255 bytes long, as long as it results in the TLSCiphertext.length being an integral multiple of the block length. Lengths longer than necessary might be desirable to frustrate attacks on a protocol based on analysis of the lengths of exchanged messages. Each uint8 in the padding data vector must be filled with the padding length value.

TLSv1.0¤Ç¤Ï¡¢¡Ö¥Ñ¥Ç¥£¥ó¥°¥Ç¡¼¥¿¤Ï¥Ñ¥Ç¥£¥ó¥°Ä¹¤ÇËä¤á¤é¤ì¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£¡× ¤È½ñ¤¤¤Æ¤¢¤ê¤Þ¤¹¤¬¡¢ TLSv1.1¤Ç¤Ï¡¢¡Ö ¥Ñ¥Ç¥£¥ó¥°¥Ç¡¼¥¿¤Ï¥Ñ¥Ç¥£¥ó¥°Ä¹¤ÇËä¤á¤é¤ì¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤(MUST)¡£ ¼õ¿®¼Ô¤Ï¤³¤Î¥Ñ¥Ç¥£¥ó¥°¤ò¥Á¥§¥Ã¥¯¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤º(MUST)¡¢ ¥Ñ¥Ç¥£¥ó¥°¥¨¥é¡¼¤ò¼¨¤¹¤Ë¤Ïbad_record_mac¥¢¥é¡¼¥È¤ò»È¤¦ ¤Ù¤­¤Ç¤¢¤ë(SHOULD)¡£¡× ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£ ¤Ä¤Þ¤ê¡¢TLSv1.0¤Ç¤Ï¥Ñ¥Ç¥£¥ó¥°¥Ç¡¼¥¿¤¬¤Á¤ã¤ó¤È¥Ñ¥Ç¥£¥ó¥°Ä¹¤ÎÃÍ¤Ç ¤¦¤á¤é¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤Î¥Á¥§¥Ã¥¯¤Ïmust¤È¤Ï½ñ¤¤¤Æ¤¢¤ê¡¢ ¿¤¯¤Î¼ÂÁõ¤Ï¤Á¤ã¤ó¤È¤·¤Æ¤¯¤ì¤Æ¤¤¤ë¤È»×¤¤¤Þ¤¹¤¬¡¢ RFC¾å¤Îɬ¿ÜÍ×·ï(MUST)¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¥Á¥§¥Ã¥¯¤·¤Ê¤¤¼ÂÁõ¤¬¤¢¤Ã¤Æ¤â ¤ª¤«¤·¤¯¤Ê¤¯¡¢ ¥Á¥§¥Ã¥¯¤µ¤ì¤Ê¤¤¾ì¹ç¡¢¤³¤ì¤Ç¤ÏSSLv3¤ÈƱ¤¸¤Ç¡¢°ìÈÌŪ¤ÊSSL/TLS¤Î¼ÂÁõ¤Ç¤Ï MUST¤È½ñ¤«¤ì¤Æ¤¤¤Ê¤¤»ö¤Ï¼ÂÁõ¤¹¤ëɬÍפâ¤Ê¤¤¤Î¤Ç (¼ÂºÝ¡¢SHOULD¤È½ñ¤¤¤Æ¤¢¤ì¤Ð¡¢¤³¤ì¤ËÂбþ¤·¤Ê¤¤¼ÂÁõ¤â¿¤¤)¡¢ ¼ÂÁõ¤Ë¤è¤Ã¤Æ¤Ï¥Ñ¥Ç¥£¥ó¥°ÃͤΥÁ¥§¥Ã¥¯¤ò¤·¤Ê¤¤¤¿¤á¤Ë¡¢ SSLv3¤ÈƱ¤¸¤¯POODLE¹¶·â¤Î±Æ¶Á¤ò¼õ¤±¤ëTLSv1.0¼ÂÁõ¤¬¤¢¤ë²ÄǽÀ­¤¬¤¢¤ë ¤«¤â¤·¤ì¤Ê¤¤¤È¤¤¤¦»ö¤Ç¤¹¡£

»þ´Ö¤¬¤¢¤ë»þ¤Ë¡¢¤Á¤ç¤Ã¤È¼çÍפʥª¡¼¥×¥ó¥½¡¼¥¹¤Î¼ÂÁõ¤òÇÁ¤¤¤Æ¤ß¤è¤¦¤È»×¤¤¤Þ¤¹¡£

º£Æü¤Ï¤³¤ÎÊդǡ£nahi¤µ¤ó¡¢¾ðÊ󤢤꤬¤È¤¦¤´¤¶¤¤¤Þ¤·¤¿¡£

Äɵ­

ÍÍ¡¹¤Ê¥µ¡¼¥Ð¡¼¤ÎPOODLE SSLv3ÀȼåÀ­(CVE-2014-3566)Âкö¤Î¤Þ¤È¤á(¹¹¿·3)

¤â¤¯¤¸

1. ¤Ï¤¸¤á¤Ë

¤¤¤ä¡Á¡¢º£Ç¯¤ÏÀȼåÀ­Âкö¤¬Åö¤¿¤êǯ¤Ç¤¹¤Í¡Á¡Á(¥È¥Û¥Û)¡£ bash ShellShock¤ÎÂкö¤â·Ñ³¤·¤Æ´Ñ»¡¤·¤Æ¤¤¤ë¤Ê¤«¡¢ ¿·¤·¤¤POODLE¤È¤¤¤¦SSLv3¥×¥í¥È¥³¥ë¤Ë´Ø¤¹¤ëÀȼåÀ­¤¬½Ð¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£ »Ò¸¤¤Î¥×¡¼¥É¥ë¤À¤Ã¤Æ¡ª²Ä°¦¤¯¤Ê¤¤¤Ã¤Ä¡Á¡Á¤Î¡ª¡ª SSLv3¥×¥í¥È¥³¥ë¤Î¥Ñ¥Ç¥£¥ó¥°¤ÎÌäÂêÅÀ¤òÆͤ¤¤Æ¡¢¸úΨŪ¤Ë°Å¹æʸ¤ò Éü¹æ¤Ç¤­¤·¤Þ¤¦¤Î¤Ç¡¢Î㤨¤Ð¥»¥Ã¥·¥ç¥ó¥¯¥Ã¥­¡¼¤òÉü¹æ¤·¤ÆÄÌ¿®¤òÅðÄ°¤¹¤ë¤³¤È¤¬ ¤Ç¤­¤ë¤Î¤À¤½¤¦¤Ç¤¹¡£ POODLE¤ÏPadding Oracle On Downgraded Legacy Encryption¤Îά¤À¤½¤¦¤Ç¡¢ ¥Ñ¥Ç¥£¥ó¥°¥ª¥é¥¯¥ë¤È¤Ï¥Ñ¥Ç¥£¥ó¥°¤ò´Þ¤à°Å¹æʸ¤òÆþÎϤȤ·¤ÆÁ÷¤ê¤Ä¤±¤ë¤È¡¢ ¤½¤Î¥Ñ¥Æ¥£¥ó¥°¤¬Àµ¤·¤¤¤«¤É¤¦¤«¤òÊÖ¤·¤Æ¤¯¤ì¤ë¥Ö¥é¥Ã¥¯¥Ü¥Ã¥¯¥¹¤Î¤è¤¦¤Ê ·×»»µ¡¤Î¤³¤È¡£ SSLv3¤ß¤¿¤¤¤Ê¤Ç¤­¤Æ15ǯ¤Ë¤â¤Ê¤ë¼å¤¤°Å¹æÄÌ¿®¥×¥í¥È¥³¥ë¤Ë¡¢ ¶¯À©Åª¤Ë¥À¥¦¥ó¥°¥ì¡¼¥É¤µ¤»¤Æ¡¢ ¥ª¥é¥¯¥ë¤ËÂФ·¤Æ²¿²ó¤â¤¤¤í¤¤¤íÆþÎϤòÊѤ¨¤Æ»î¹Ô¤·¤Æ¡¢ ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤Ê¤É¤É¤¦È¿±þ¤¹¤ë¤«¤ò¸«¤ë»ö¤Ç¡¢ °Å¹æʸ¤Î²òÆɤ¬¸úΨÎɤ¯¹Ô¤¨¤ë¤È¤¤¤¦¹¶·â¤Ç¤¹¡£

µ¤¤¬¤Ä¤¤¤¿¤Þ¤Ç¤Î·Ð°Þ¤ÏÅöÆü¤É¤ó¤Ê´¶¤¸¤À¤Ã¤¿¤«¤È¤¤¤¦¤È¡¢ÆüËÜ»þ´Ö¤Ç10·î14Æü¤Î23:30º¢¡¢ The Register¤Î¡ÖNASTY SSL 3.0 vuln to be revealed soon¡×¤Îµ­»ö¤ò¸«¤Ä¤±¤Æ¤¤¤Þ¤¤¡¢¤³¤ê¤ã¡¢¤ä¤Ð¤²¤À¤Ê¤È¡£ÃΤê¹ç¤¤¤ËÌÀÆü¥ä¥Ð¥¤¤Î¤¬¤Þ¤¿Í褽¤¦¤ÈÏ¢Íí¤·¤Þ¤·¤¿¡£TLS 1.0¤ÈSSL 3.0¤È¥Ð¡¼¥¸¥ç¥óÈֹ椬°ã¤¦¤À¤±¤À¤È¸À¤¤Ä¥¤ë¿Í¤â¿¤¤Ãæ¡¢Mac¤È¤«¡¢¥Ñ¥Ç¥£¥ó¥°¤È¤«¤½¤Î¤Á¤ç¤Ã¤È¤Î°ã¤¤¤¬µØ¤Ë¤Ê¤ë¤ó¤¸¤ã¤Ê¤¤¤«¤È¡¢¤º¤Ã¤Èµ¤¤Ë¤Ê¤Ã¤Æ¤¿¤ó¤Ç¤¹¤¬¡¢¤È¤¦¤È¤¦Í褿¤«¤È¡£¾ÜºÙ¾ðÊó¤ÏÌ뤬ÌÀ¤±¤Ê¤¤¤È¤ï¤«¤é¤Ê¤¤¤Î¤Ç¡¢È¾Ê¬ wktk ¤·¤Ê¤¬¤é¿²¤ÆÂԤäƤ¿¤ó¤Ç¤¹¤¬¡¢Ä«¤Ë¤Ê¤Ã¤Æ¡¢Google¤Î¥Ö¥í¥° ¡ÖThis POODLE bites: exploiting the SSL 3.0 fallback¡×¤¬½Ð¤Æ¤­¤¿¤â¤Î¤Î¡¢¤ï¤«¤Ã¤¿¤³¤È¤Ï¥×¡¼¥É¥ë¤È¤¤¤¦²Ä°¦¤é¤·¤¤¹¶·â¤Î̾Á°¤È¡¢Google¥µ¥¤¥È¤ÈChrome¤Ï¤È¤Ã¤¯¤ËTLS_FALLBACK_SCSV¤ËÂбþ¤·¤Æ¤¤¤ë¤¼¡ª¤ß¤¿¤¤¤Ê¡£ ¼«Ëý¤«¤Ã¡©µ»½Ñ¾ÜºÙ¤Ê¤¯¼«Ëý¤À¤±¤Ê¤Î¤«¤Ã¡ª¤ÈÊ°¤ê¤Ä¤Ä¡¢¤·¤Ð¤é¤¯ÂԤäƤë¤È¡¢ ¤ä¤Ã¤È°ÂÄê¤ÎImperialViolet¤Ç ¡ÖPOODLE attacks on SSLv3 (14 Oct 2014)¡× µ»½Ñ²òÀ⤬½Ð¤¿¤Î¤ò¸«¤Æ¡¢¤³¤ê¤ã¥Þ¥¸¤ä¤Ù¡Á¡Á¤Ê¡¢¤È¡¦¡¦¡¦ ¤½¤Î¸å¡¢¾ðÊó¤Î¤È¤ê¤Þ¤È¤á¤Ë¤¤¤½¤·¤ó¤Ç¤ª¤ê¤Þ¤·¤¿¡£

¤³¤Îµ­»ö¤Ç¤Ï¡¢ÍÍ¡¹¤ÊHTTPS¥µ¡¼¥Ð¡¼¤ËÂФ¹¤ëPOODLEÀȼåÀ­Âкö¤Î ÊýË¡¤Ë¤Ä¤¤¤Æ¡¢¤Þ¤È¤á¤Æ¤ª¤­¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

2. SSLv3¤ò̵¸ú²½¤Ç¤­¤ë¾ì¹ç¤Î¥µ¡¼¥Ð¡¼Âкö

¸Å¤¤¥¬¥é¥±¡¼¤ä¡¢°ìÉô¤Î¥²¡¼¥àµ¡¤ä¡¢¸Å¤¤´Ä¶­¤Ç¤ÎAPIÍøÍѤʤɤò½ü¤¤¤Æ¡¢ °ìÈ̤Υ֥饦¥¶¤Ç¤¢¤ì¤ÐSSLv3¤Ç¤·¤«ÄÌ¿®¤Ç¤­¤Ê¤¤¤È¤¤¤¦»ö¤Ï̵¤¤¤Î¤Ç¡¢ SSLv3¤ò̵¸ú²½¤¹¤ë¤È¤¤¤¦¤Î¤¬¡¢°ìÈÖÀµÅö¤ÊPOODLEÂкö¤Ç¤¢¤ë¤È»×¤¤¤Þ¤¹¡£ ¤³¤Î¾Ï¤Ç¤Ï¡¢SSLv3¤ò̵¸ú¤Ë¤¹¤ë¤¿¤á¤Ë¡¢ ¥µ¡¼¥Ð¡¼¤Î¥½¥Õ¥È¥¦¥§¥¢Ëè¤Ë¤É¤Î¤è¤¦¤ËÀßÄꤹ¤ì¤Ð¤è¤¤¤«¤ò¤Þ¤È¤á¤Þ¤¹¡£

2.1. Apache HTTPD Server + mod_ssl

httpd.conf¤ässl.conf¤Ë

SSLProtocol All -SSLv2 -SSLv3
¤Èµ­ºÜ¤·¥µ¡¼¥Ð¡¼¤òºÆµ¯Æ° (¢¨Apache 2.4°Ê¹ß¤ÏSSLv2¤Ï̵¸ú)

2.2. Apache HTTPD Server + mod_nss

nss.conf¤â¤·¤¯¤Ïhttpd.conf¤Ç

NSSProtocol TLSv1.0,TLSv1.1
¤Èµ­ºÜ¤·¥µ¡¼¥Ð¡¼¤òºÆµ¯Æ°

2.3. nginx

ssl_protocols TLSv1 TLSv1.1 TLSv1.2
¤Èµ­ºÜ¤·¥µ¡¼¥Ð¡¼¤òºÆµ¯Æ°

2.4. lighttpd

lighttpd 1.4.28 °Ê¹ß¤ò»ÈÍÑ¡£¤½¤ì°ÊÁ°¤Ç¤ÏSSLv3¤ò̵¸ú²½¤Ç¤­¤Þ¤»¤ó¡£

ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
¤Èµ­ºÜ¤·¥µ¡¼¥Ð¡¼¤òºÆµ¯Æ°

2.5. Microsoft IIS

¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç°Ê²¼¤ò¼Â¹Ô¤¹¤ë¤³¤È¤Ç¡¢¥ì¥¸¥¹¥È¥êÀßÄê¤Ë¤è¤ê̵¸ú²½¤·¤Þ¤¹¡£ (»²¹Í [1] [2] [3])

reg add "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f

2.6. Apache Tomcat (Java JSSE)

Tomcat¤ÎÀßÄê¥Õ¥¡¥¤¥ë "server.xml"¤Î"Connector"Í×ÁǤˤª¤¤¤Æ¡¢ Tomcat¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë°Í¸¤·¤Æ¡¢ sslEnabledProtocols°À­¤â¤·¤¯¤Ïprotocols°À­¤Ë »ÈÍѤ¹¤ë¥×¥í¥È¥³¥ë¤òSSLv3¤ò½ü¤¤¤¿TLSv1¡¢TLSv1.1¡¢TLSv1.2 ¤òÀßÄꤹ¤ë¤³¤È¤Ë¤è¤ê¡¢ SSLv3¤Ç¤ÎÀܳ¤ò̵¸ú²½¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£ (»²¹Í [4])

Tomcat¥Ð¡¼¥¸¥ç¥óÀßÄêÎã
5.0.x¡¢5.5.x¡¢6.0.0¡Á6.0.37
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="/etc/tomcat/server.jks" keystorePass="password" sslProtocol="TLS" protocols="TLSv1,TLSv1.1,TLSv1.2"/>
6.0.39¡Á¡¢7.0.x¡¢8.0.x
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="/etc/tomcat/server.jks" keystorePass="password" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"/>

2.7. Node.js

TomcatƱÍͤ³¤ì¤â¥¤¥ó¥¿¡¼¥Í¥Ã¥Èľ½Ð¤·¤·¤Æ¤¤¤ë»ö¤Ï¤Ê¤¤¤È»×¤¤¤Þ¤¹¤¬ °Ê²¼¤Î¼ÂÁõÎã¤Î¤è¤¦¤ËsecureOptions¤ÇSSLv2,SSLv3¤ò»ÈÍѤ·¤Ê¤¤¤è¤¦ÀßÄ꤬²Äǽ¤Ç¤¹¡£ (»²¹Í [6])

var constants = require('constants') , https = require('https') , path = require('path') , tls = require('tls') , fs = require('fs'); https.createServer({ secureProtocol: 'SSLv23_method', secureOptions: (constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2), cert: fs.readFileSync(path.join(__dirname, 'ssl', 'server.crt')), key: fs.readFileSync(path.join(__dirname, 'ssl', 'server.key')), }, function (req, res) { res.end('works'); }).listen(443);

2.8. (Äɵ­)IBM HTTP Server

¥¢¥É¥Ð¥¤¥¶¥ê ¤¬¸ø³«¤µ¤ì¤Æ¤¤¤Þ¤¹¡£httpd.conf¤Ç°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¡¢¥µ¡¼¥Ð¡¼¤òºÆµ¯Æ°¤·¤Þ¤¹¡£

<VirtualHost *:443>
SSLEnable
SSLProtocolDisable SSLv2 SSLv3
¤½¤Î¾¤ÎÀßÄê
</VirtualHost>

2.9. (Äɵ­)Amazon Web Services

AWS¤«¤é ¥»¥­¥å¥ê¥Æ¥£¥¢¥É¥Ð¥¤¥¶¥ê¤¬¸ø³«¤µ¤ì¤Æ¤ª¤ê²¿Å٤⥢¥Ã¥×¥Ç¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ ÍøÍѤ¹¤ë¥µ¡¼¥Ó¥¹¤Ë¤è¤Ã¤Æ¤½¤ì¤¾¤ìÂкö¤¬É¬ÍפǤ¹¡£

¥µ¡¼¥Ó¥¹Âбþºö
Linux AMI 2014ǯ10·î16Æü7»þ¤ËOpenSSL´ØÏ¢¤ÎÁ´¤Æ¤Î¥Ñ¥Ã¥±¡¼¥¸¤ËPOODLEÂбþºÑ¤Î ¤â¤Î¤Ë¥¢¥Ã¥×¥¢¥Ã¥×¥Ç¡¼¥È¤·¤Æ¤¤¤Þ¤¹¡£¥¦¥§¥Ö¥µ¡¼¥Ð¡¼Åù¤ÎÀßÄê¤Ï¡¢ ¤½¤ì¤¾¤ì¼Â»Ü¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
ELB 2014ǯ10·î15Æü9»þ°Ê¹ß¤ËÀ¸À®¤Ç¤¢¤ì¤Ð¥Ç¥Õ¥©¥ë¥ÈSSLv3̵¸ú¡£ ¤½¤ì°ÊÁ°¤ËÀ¸À®¤Ç¤¢¤ì¤Ð°Ê²¼¤ò¼Â»Ü¤·¤Þ¤¹¡£ ELB Manegement Console¡äEC2¡äLoad Balancers¡ä Change¡äPredefined Security Policy¤ÎÁªÂò¤ò³Îǧ¡ä ELBSecurityPolicy-2014-10¤òÁªÂò¡äSave¡ä¸Ä¡¹¤Î¥ê¥¹¥Ê¤ÇÀßÄê¤ò·«¤êÊÖ¤¹
CloudFront Management Console¡äDistribution Settings¡ä Edit¡äGeneral Tab¡äCustom SSL Client Support¡ä ¡äOnly Client that Suppot SNI¡äYes Edit¡äSSLv3̵¸ú²½
TLS_FALLBACK_SCSV¥ª¥×¥·¥ç¥ó¤Ë¤Ä¤¤¤Æ¤Ï10·î20Æü¤Î½µ¤Ë¥µ¥Ý¡¼¥ÈͽÄê¡£
(Âбþºö¤Ï2014ǯ10·î18Æü12:00»þÅÀ¤Ç¤Î¥¢¥É¥Ð¥¤¥¶¥ê¤Ë´ð¤Å¤¤¤Æ¤¤¤Þ¤¹¡£ »þ´Ö¤Ï¤¤¤º¤ì¤âÆüËÜ»þ´Ö¡£RDB¤Ë¤Ä¤¤¤Æ¤ÏPOODLE̵´Ø·¸¤Î¤è¤¦¤Çµ­ºÜ¤»¤º¡£)

2.10. ¤½¤Î¾¤Î¥µ¡¼¥Ð¡¼

¤½¤Î¾¤Î¥µ¡¼¥Ð¡¼¤Ë¤Ä¤¤¤Æ¤Ï¡¢°Ê²¼¤ò»²¹Í¤Ë¤·¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡£

2.11. SSLv3 ¤ò̵¸ú²½¤¹¤ë¥ê¥¹¥¯

¸½ºß¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ëPC¤ä¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Î¥Ö¥é¥¦¥¶¤Ç¤ÏTLSv1.0°Ê¹ß ¤¬¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¤Î¤ÇÌäÂê¤Ë¤Ê¤é¤Ê¤¤¤È»×¤¤¤Þ¤¹¤¬¡¢ Î㤨¤Ð¡¢2007ǯ½©°ÊÁ°¤Îdocomo¤Î¥¬¥é¥±¡¼¤äSONY PS3¤Ç¤Ï¡¢SSLv3¤·¤«¥µ¥Ý¡¼¥È ¤·¤Æ¤¤¤Ê¤¤¤³¤È¤ò¼Âµ¡¤Ç³Îǧ¤·¤Æ¤¤¤Þ¤¹¡£ ¸Å¤¤¥¬¥é¥±¡¼¡¢¥²¡¼¥àµ¡¡¢Áȹþ¤ßµ¡´ï¤ËÂбþ¤¹¤ë¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤ò ±¿ÍѤ¹¤ë¾ì¹ç¤Ë¤Ï¡¢Àܳ¤Ç¤­¤º¥¯¥ì¡¼¥à¤Ë¤Ê¤ë²ÄǽÀ­¤â¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢ ¥¯¥é¥¤¥¢¥ó¥È¦¤ÎÂбþ´Ä¶­¤ò³Îǧ¤¹¤ë¤ÈÎɤ¤¤È»×¤¤¤Þ¤¹¡£

¤Þ¤¿¡¢¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤òAPI¤ÇÍøÍѤ¹¤ë¾ì¹ç¤Ë¤â¡¢¤É¤Î¤è¤¦¤Ê´Ä¶­¡¢ ¸À¸ì¼ÂÁõ¤ò»È¤¦¤«¤ÇÌäÂ꤬¤¢¤ë¥±¡¼¥¹¤¬¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢ ³Îǧ¤·¤Æ¤ª¤¯¤ÈÎɤ¤¤È»×¤¤¤Þ¤¹¡£Twitter¤äFacebook¤â APIÍøÍѤµ¤ì¤Æ¤¤¤ë¤¿¤á¤Ë¥È¥é¥Ö¥ë¤Ë¤Ê¤Ã¤¿¤½¤¦¤Ç¤¹¡£

2.12. (Äɵ­)OpenLDAP

OpenLDAP¤Ë¤Ä¤¤¤Æ¤Ïslapd.conf¤ò°Ê²¼¤Î¤è¤¦¤ËÀßÄꤷ¤Þ¤¹¡£ (»²¹Í [?])

¥Ð¡¼¥¸¥ç¥ó 2.4.36°Ê¹ß¤Î¾ì¹ç
TLSProtocolMin 3.1
¥Ð¡¼¥¸¥ç¥ó 2.4.14¡Á2.4.35¤Î¾ì¹ç
TLSProtocolMin 769
¾åµ­°ÊÁ°¤Î¥Ð¡¼¥¸¥ç¥ó¤Î¾ì¹ç¤Ë¤Ï¥¢¥Ã¥×¥Ç¡¼¥È¤ÎɬÍפ¬¤¢¤ê¤Þ¤¹¡£

3. ½ôÈ̤λö¾ð¤Ç SSLv3 ¤òÍ­¸ú¤Ë¤»¤¶¤ë¤òÆÀ¤Ê¤¤¾ì¹ç

°ìÈÌŪ¤Ê¥Ö¥é¥¦¥¶¤Ë´Ø¤·¤Æ¤ÏSSLv3¤ò̵¸ú²½¤¹¤ëÊý¸þ¤Ç¿Ê¤ó¤Ç¤ª¤ê¡¢ ¥¦¥§¥Ö¥µ¥¤¥È¤Ç¤âSSLv3¤ò̵¸ú²½¤¹¤ë¤Î¤¬¡¢Àµ¤·¤¤Âбþ¤À¤È»×¤¤¤Þ¤¹¤¬¡¢ ¸Å¤¤´Ä¶­¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤¿¤á¤Ë¡¢SSLv3¤òÍ­¸ú¤Ë ¤·¤Æ¤ª¤«¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¥±¡¼¥¹¤â¤¢¤ë¤È»×¤¤¤Þ¤¹¡£ 3¾Ï¤Ç¤Ï¡¢SSLv3¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¥±¡¼¥¹¤Ç¤Î¡¢ ÀȼåÀ­¤Î´ËϺö¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

3.1. °Å¹æ¥¹¥¤¡¼¥ÈÀßÄê¤ÇÂн褹¤ëÊýË¡

POODLEÀȼåÀ­¤ÏSSLv3¤È¥Ö¥í¥Ã¥¯°Å¹æ¤ÎCBC¥Ö¥í¥Ã¥¯¥â¡¼¥É¤ò»ÈÍѤ·¤¿ ¾ì¹ç¤Ë±Æ¶Á¤¬¤¢¤ë¤Î¤Ç¡¢°Å¹æ¥¹¥¤¡¼¥È¤È¤·¤Æ°Ê²¼¤òÁªÂò¤¹¤ë¤³¤È¤Ç ÌäÂê¤ò´ËϤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

  • ǧ¾ÚÉհŹ沽Êý¼°(AEAD)¤Ç¤¢¤ëGCM¥Ö¥í¥Ã¥¯¥â¡¼¥É¤Î°Å¹æ¥¹¥¤¡¼¥È¤ò»ÈÍѤ¹¤ë
  • ¥¹¥È¥ê¡¼¥à°Å¹æ(RC4,ChaCha¤Ê¤É)¤ò»ÈÍѤ¹¤ë
¸Å¤¤¥¬¥é¥±¡¼¡¢¥²¡¼¥àµ¡¡¢Áȹþ¤ßµ¡´ï¡¢APIÍøÍѤʤɡ¢SSLv3¤ò »È¤ï¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤è¤¦¤Ê´Ä¶­¤Ç¤Ï¡¢GCM¥â¡¼¥É¤ò»È¤¦¤³¤È¤â¤Ç¤­¤º °Å¹æ¥¹¥¤¡¼¥È¤È¤·¤ÆTriple DES¤«RC4¤ÎÁªÂò»è¤¬¤¢¤ê¤Þ¤»¤ó¡£

RC4¥¹¥È¥ê¡¼¥à°Å¹æ¤Ï¡¢¸½¼ÂŪ¤Ê»þ´ÖÆâ¤ËÉôʬŪ¤Ë²òÆɤ¹¤ë¤³¤È¤¬ ²Äǽ¤Ê´íËز½¤·¤¿°Å¹æ¤Ç»ÈÍѤ¹¤Ù¤­¤Ç¤Ê¤¤¤È¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢ POODLEÀȼåÀ­¤ÏŬÍѾò·ï¤ä²òÆɤˤ«¤«¤ë¼ê´Ö¤¬¶Ëü¤Ë¾¯¤Ê¤¤¤Î¤Ç¡¢ Triple DES¤òCBC¥â¡¼¥É¤Ç»È¤¦¤è¤ê¤âRC4¤ÎÊý¤¬¡¢¤Þ¤À°ÂÁ´¤Ç¤¢¤ë¤È ¸À¤¨¤Þ¤¹¡£

½¾¤Ã¤Æ¡¢
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA ¤ò´Þ¤àÁ´¤Æ¤Î°Å¹æ¥¹¥¤¡¼¥È¤ò̵¸ú²½
  • ¤½¤Î¾å¤Ç¡¢TLS_RSA_WITH_RC4_128_SHA ¤Î¤ß¤òÍ­¸ú²½
  • Ʊ»þ¤Ë¿·¤·¤á¤Î¥¯¥é¥¤¥¢¥ó¥È¤â´Ä¶­¤â¥µ¥Ý¡¼¥È¤·¤¿¤¤¤Ê¤éGCM¤Î°Å¹æ¥¹¥¤¡¼¥È¤òÍ­¸ú¤Ë¤¹¤ë
¤¹¤ë¤°¤é¤¤¤·¤«¼ê¤¬¤¢¤ê¤Þ¤»¤ó¡£

¤¿¤À¤·¡¢¥Þ¥¤¥¯¥í¥½¥Õ¥ÈÀ½ÉʤǤÏ2014ǯ8·î¤Î¥¢¥Ã¥×¥Ç¡¼¥È°Ê¹ß¡¢RC4¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢ Windows·Ï¤Î¥µ¡¼¥Ð¡¼µ¡¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ë¤Ï¡¢Apache¤Ê¤É¾¤Î¥µ¡¼¥Ð¡¼¤ò»È¤¦É¬Íפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£

3.2. TLS_FALLBACK_SCSV¤ò»È¤¦ÊýË¡(¸½»þÅÀ¤Ç¶Ë¤á¤Æ¸ÂÄêŪ)

SSL/TLS¤ÇÄÌ¿®¤ò³«»Ï¤·¤¿Ä¾¸å¤ÏTLSv1.0°Ê¾å¤ÇÌäÂê¤Ê¤¤Àܳ¤Ç¤¢¤Ã¤¿¤È¤·¤Æ¤â¡¢ ¤¢¤ë¼ï¤Î¹¶·â¤Ë¤è¤êÀȼå¤ÊSSLv3.0°Ê²¼¤Ë¥À¥¦¥ó¥°¥ì¡¼¥É¤µ¤»¤ë¹¶·â¤¬¤¢¤ê¤Þ¤¹¡£

¤³¤ì¤ò¡¢Ëɤ°¤¿¤á¤Î¿·¤·¤¯Äó°Æ¤µ¤ì¤Æ¤¤¤ë»ÅÁȤߤ¬ TLS_FALLBACK_SCSV ¥ª¥×¥·¥ç¥ó¤ò»È¤¦ÊýË¡¤Ç¤¹¡£¤³¤ì¤ò¥µ¡¼¥Ð¡¼¤È¥¯¥é¥¤¥¢¥ó¥È¤ÎÁÐÊý¤¬ ¥µ¥Ý¡¼¥È¤¹¤ë¾ì¹ç¡¢TLS¤«¤éSSLv3.0°Ê²¼¤Ë¶¯À©¥À¥¦¥ó¥°¥ì¡¼¥É¤µ¤»¤ë¤³¤È¤Ï ¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£

¤¿¤À¡¢¤³¤ì¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë´Ä¶­¤Ï¸½»þÅÀ(2014.10.18)¤Ç¤ÏÈó¾ï¤Ë¸ÂÄêŪ¤Ç¤¹¡£

  • ¥¯¥é¥¤¥¢¥ó¥È
    • Google Chrome¤Î¤ß
  • ¥µ¡¼¥Ð¡¼
    • ºÇ¿·¤Î2014.10.15¥ê¥ê¡¼¥¹¤ÎOpenSSL 1.0.1j/1.0.0o/0.9.8zc¤òÍøÍѤ¹¤ëApache,Nginx,Lighttpd¤Ê¤É¤Î¥µ¡¼¥Ð¡¼
    • GoogleÄ󶡤Υµ¡¼¥Ó¥¹(2014ǯ2·îº¢¤«¤é¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤¿¤é¤·¤¤)
°Ê²¼¤Î¤è¤¦¤Ê¾ò·ï¤Î¥µ¡¼¥Ð¡¼¤òɬÍפȤ·¤Æ¤¤¤ë¾ì¹ç¤Ç¡¢ TLS_FALLBACK_SCSV¤ò¥µ¥Ý¡¼¥È¤¹¤ë´Ä¶­¤Ê¤éƳÆþ¤ò¸¡Æ¤¤·¤Æ¤â ¤è¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
  • CBC¥Ö¥í¥Ã¥¯°Å¹æ¥â¡¼¥É¤ò¤É¤¦¤·¤Æ¤â»È¤¦É¬Íפ¬¤¢¤ê¡¢
  • TLS¤ÇºÇ½éÀܳ¤Ç¤­¤¿ÍøÍѼԤˤÏSSLv3¥À¥¦¥ó¥°¥ì¡¼¥É¤»¤º°ÂÁ´¤Ë»ÈÍѤ·¤ÆÍߤ·¤¤¡£
  • SSLv3¤ÇÀܳ¤·¤Æ¤­¤¿ÍøÍѼԤˤϥꥹ¥¯¤ò¾µÃΤÇCBC¥â¡¼¥É¤ÇÀܳ¤·¤Æ¤â¤é¤Ã¤Æ¤â¤è¤¤¡£
SSLv3¤ò̵¸ú²½¤Ç¤­¤ë¤«¡¢3.1Àá¤ÎÂкö¤¬¼è¤ì¤ë¤Ê¤é¤Ð¡¢ OpenSSL¤Îº£²ó¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤ä¡¢TLS_FALLBACK_SCSV¤ÎƳÆþ¤Ï¤¢¤Þ¤ê µ¤¤Ë¤¹¤ëɬÍפ¬Ìµ¤¤¤È»×¤¤¤Þ¤¹¡£

4. (Äɵ­)Âбþºö(°Æ)¤ÎÀ°Íý

¼«Ê¬¤Ê¤ê¤Ë¥±¡¼¥¹Ëè¤ÎÂбþºö(°Æ)¤òÀ°Íý¤·¤Æ¤ß¤Þ¤·¤¿¡£¤è¤«¤Ã¤¿¤é»²¹Í¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£

¥±¡¼¥¹Âбþºö(°Æ)
(¥±¡¼¥¹1) ÍøÍѼԤ¬¸Å¤¤´Ä¶­¤ä¸Å¤¤¸À¸ì¤ÎAPI¤ò»È¤Ã¤Æ¤ª¤é¤º¡¢ SSLv3.0¤ÎÄä»ß¤¬²Äǽ¤Ê¾ì¹ç (Âкö1)2¾Ï¤Ë½¾¤¤¥µ¡¼¥Ð¡¼¤ÏÁ´¤ÆSSLv3̵¸ú²½¤¹¤ë¡£
(¥±¡¼¥¹2) ÍøÍѼԴĶ­¤ÎȽÃǤ¬¤Ä¤«¤Ê¤¤¾ì¹ç¤ä¡¢ TLS¤ÈSSLv3.0¤ÎÁÐÊý¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¾ì¹ç¤ä¡¢ Éý¹­¤¤´Ä¶­¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¾ì¹ç (¥±¡¼¥¹2-1) Äɲäγ«È¯/¹½ÃÛ/¥ê¥½¡¼¥¹¤¬Ç§¤á¤é¤ì¤ë¾ì¹ç (Âкö2-1) ¥ì¥¬¥·¡¼¸þ¤±¤ÎSSLv3ÀìÍÑ(RC4)¤È¥â¥À¥óÍÑ(SSLv3̵¸ú)¤Ë¥µ¡¼¥Ð¡¼/¥³¥ó¥Æ¥ó¥Ä¤òʬ¤±¤ë¡£ ·ë¶ÉÂкö¤Ï(Âкö1)(Âкö3)¤ÎÊÌ·ú¤ÆÊ»ÍѤΤ褦¤Ë¤Ê¤ë¡£
(¥±¡¼¥¹2-2) Äɲå꥽¡¼¥¹¤¬Ç§¤á¤é¤ì¤º¡¢¤¢¤ëÄøÅ٥ꥹ¥¯¼õÍƤ·¤Æ¤â ¥µ¡¼¥Ð¡¼¤Ð1Âæ¤ÇÀßÄê¤ò¹©Éפ·¤ÆÄ󶡤¹¤ëɬÍפ¬¤¢¤ë¾ì¹ç¡¢ ¤«¤Äǧ¾Ú°Å¹æ(GCMÅù)¤¬»È¤¨¤ë¥µ¡¼¥Ð¡¼¤Î¾ì¹ç (Âкö2-2) ¥×¥í¥È¥³¥ëÀßÄê¤ÇSSLv3¤ÈTLSv1.x¤ÎÁÐÊý¤òÍ­¸ú¤È¤·¡¢ °Å¹æ¥¹¥¤¡¼¥È¤ÇCBC¥Ö¥í¥Ã¥¯¥â¡¼¥É¤òÁ´¤Æ¼è¤ê¤ä¤á¡¢ °Å¹æ¥¹¥¤¡¼¥ÈÀßÄê¤ÇGCM¤ÈRC4¤Î¤ß¤òÍ­¸ú¤Ë¤¹¤ë¡£ RC4¤Î²òÆɥꥹ¥¯¤Ï¼õÍƤ¹¤ë¡£
(¥±¡¼¥¹2-3) SSLv3¥À¥¦¥ó¥°¥ì¡¼¥É¹¶·â¤Î¤ßÂкö¤¹¤ë (Âкö2-3) OpenSSL·Ï¤Ç¤¢¤ì¤ÐTLS_FALLBACK_SCSV¥ª¥×¥·¥ç¥ó¤ò¥µ¥Ý¡¼¥È¤¹¤ëºÇ¿·¤ÎOpenSSL(10/15¤Ë¸ø³«¤µ¤ì¤¿1.0.1j/v1.0.0o/v0.9.8zc¤ÇÂбþ)¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤·¡¢É¬Íפ˱þ¤¸¥¦¥§¥Ö¥µ¡¼¥Ð¡¼¤â¥ê¥Ó¥ë¥É¤¹¤ë¡£ TLS¤«¤éSSLv3¤Ë¥À¥¦¥ó¥°¥ì¡¼¥É¤µ¤ì¤ë¹¶·â¤«¤é¤Î¤ßÍøÍѼԤòÊݸ¡¢ºÇ½é¤«¤éSSLv3¤ÇÀܳ¤·¤Æ¤¯¤ëÍøÍѼԤÏÊݸ¤º¥ê¥¹¥¯¼õÍƤ·¤Æĺ¤¯¡£
(¥±¡¼¥¹2-4) POODLE¹¶·â¤Ï¡¢Î㤨¤ÐRC4¥¹¥È¥ê¡¼¥à°Å¹æ¥¢¥ë¥´¥ê¥º¥à¤Î´íËز½¤ËÈæ¤Ù¤Æ¡¢ ·ÚÈù¤Ê¹¶·â¤Èª¤¨¤ë¾ì¹ç¤ä¡¢²¿¤âÂкö¤¬ÂǤƤʤ¤¾ì¹ç (Âкö2-4) Âкö¤È¤·¤Æ²¿¤â¤·¤Ê¤¤¡£ ¥µ¡¼¥Ð¡¼´ÉÍý¦¤âÍøÍѼԤâÁÐÊý¥ê¥¹¥¯¼õÍƤ¹¤ë¡£ ²Äǽ¤Ê¤éÍøÍѼԤËÂФ·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ÎÀßÄê¤ÇSSLv3¤ò̵¸ú¤Ë¤·¤Æ¤â¤é¤¦¤è¤¦¤Ë·¼Ìؤ¹¤ë¡£
(¥±¡¼¥¹3) ¥ì¥¬¥·¡¼¤Ê¡¢ ¸Å¤¤´Ä¶­¤ä¸Å¤¤¸À¸ì¤ÎAPI¤ò»È¤Ã¤Æ¤ª¤ê¡¢SSLv3.0¤Î¤ß¥µ¥Ý¡¼¥È¤¹¤ì¤Ð¤è¤¤¾ì¹ç¤Ç¡¢¤«¤Ä ¥µ¡¼¥Ð¡¼¤ä¥¯¥é¥¤¥¢¥ó¥È¤¬Ç§¾Ú°Å¹æ¤ò»È¤¨¤Ê¤¤¾ì¹ç (Âкö3) SSLv3¤Î¤ß¤òÍ­¸ú¤È¤·¡¢°Å¹æ¥¹¥¤¡¼¥È¤ÏRC4¤Î¤â¤Î¤ò»È¤¦¡£ RC4¤Î²òÆɥꥹ¥¯¤Ï¼õÍƤ¹¤ë¡£

ɽ¤Ë¤Ä¤¤¤Æ¡¢¾¯¤·Êä­¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£Âкö¤È¤·¤Æ¤Ï¡¢SSLv3¤ò̵¸ú¤Ë¤¹¤ë¤Î¤¬´ðËÜŪ¤ÊÂкö¤È¤Ê¤ê¤Þ¤¹¤¬¡¢SSLv3¤ò»Ä¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¾ì¹ç¤Ë¡¢´ö¤Ä¤«¤Î¥±¡¼¥¹¤ËʬÎष¤Æ¤ß¤Þ¤·¤¿¡£

°ìÈÖÎɤ¤¤Î¤Ï¡¢¤ä¤Ï¤ê(¥±¡¼¥¹2-1)¤Î¤è¤¦¤ËTLSv1.x¤Î¥µ¡¼¥Ð¡¼¤È¡¢SSLv3¤Î¥µ¡¼¥Ð¡¼¤È¤òʬ¤±¤ë»ö¤Ç¤¢¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£ºÇ¶á¤Î¥¦¥§¥Ö¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ç¤ÏHTML5¡¢JavaScript¡¢CSS¤Ê¤É¥ê¥Ã¥Á¥³¥ó¥Æ¥ó¥Ä¤¬Áý¤¨¤Æ¡¢¤½¤¦¤·¤¿¥â¥À¥ó¤Ê¥Ö¥é¥¦¥¶¸þ¤±¤Î¥µ¡¼¥Ó¥¹¤È¡¢SSLv3¤·¤«¥µ¥Ý¡¼¥È¤·¤Ê¤¤¥µ¡¼¥Ó¥¹¤È¤òʬ¤±¤ë¤³¤È¤Ç¡¢¸ß¤¤¤Ë°ÂÁ´¤ËÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

¤É¤¦¤·¤Æ¤â1Âæ¤Î¥µ¡¼¥Ð¡¼¤Ç¥â¥À¥ó¤Ê¥Ö¥é¥¦¥¶¤Î¥æ¡¼¥¶¤È¡¢SSLv3¤Î¤ß¤Ë¤·¤«Âбþ¤·¤Ê¤¤¥æ¡¼¥¶¤Ë Âбþ¤¹¤ëɬÍפ¬¤¢¤ë¾ì¹ç¤Ë¤Ï¡¢(¥±¡¼¥¹2-2)¤Î¤è¤¦¤Ë¡¢CBC¥â¡¼¥É¤ò»È¤¦¤³¤È¤ò¤¢¤­¤é¤á¡¢¥â¥À¥ó¤Ê¥Ö¥é¥¦¥¶¥æ¡¼¥¶¤Ï TLSv1.x¤òGCM¥â¡¼¥É¤ÇÀܳ¤¹¤ë¤³¤È¤Ë¤Ê¤ê¡¢GCM¥â¡¼¥É¤ËÂбþ¤Ç¤­¤Ê¤¤¥æ¡¼¥¶¤Ï¡¢¼å¤¤°Å¹æ¤Ç¤¢¤ëRC4¤Î¥ê¥¹¥¯¤ò ¼õÍƤ·¤ÆÍøÍѤ·¤Æ¤â¤é¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Î㤨¤Ð¡¢°Ê²¼¤Î½ç½ø¤Ç°Å¹æ¥¹¥¤¡¼¥È¤òÀßÄꤹ¤ë¤Î¤¬Îɤ¤¤Ç¤·¤ç¤¦¡£

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA
  • TLS_RSA_WITH_AES_256_GCM_SHA
  • TLS_RSA_WITH_RC4_128_SHA

5. ¤ª¤ï¤ê¤Ë

°Ê¾å¡¢SSL¥µ¡¼¥Ð¡¼¤ÇPOODLEÀȼåÀ­Âбþ¤ò¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤Æ¡¢¤¤¤í¤¤¤í¤Ê¥µ¡¼¥Ð¡¼ Ëè¤Ë¤Þ¤È¤á¤Æ¤ß¤Þ¤·¤¿¡£»²¹Í¤Ë¤Ê¤ì¤Ð¤¦¤ì¤·¤¤¤Ç¤¹¡£º£Æü¤Ï¡¢¤³¤ó¤Ê¤È¤³¤Ç¡£

SSLv3¤Î¥Ñ¥Ç¥£¥ó¥°¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤¤¤í¤¤¤íÊÙ¶¯¤·¤¿¤Î¤Ç¡¢¶á¤¤¤¦¤Á¤Ëµ­»ö¤Ë¤Ç¤­¤ë¤È¤¤¤¤¤Ê¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£

Äɵ­¡¦½¤Àµ

  • 2014.10.19 IBM HTTP Server, AWS, Âбþºö(°Æ)¤ÎÀ°Íý¤Ë¤Ä¤¤¤ÆÄɵ­¤·¤Þ¤·¤¿¡£
  • 2014.10.22 OpenLDAP ¤Ä¤¤¤ÆÄɵ­¤·¤Þ¤·¤¿¡£
  • 2014.10.28 Apache Tomcat¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¥³¥á¥ó¥È夭¤Þ¤·¤¿¤Î¤Ç¡¢ ¼ÂºÝ¤ËÄ´ºº¤ò¤·¡¢ µ­½Ò¤ò½¤Àµ¤·¤Þ¤·¤¿¡£¥³¥á¥ó¥È夭¤Þ¤·¤¿ura¤µ¤ó¡¢takeshi¤µ¤ó¡¢Youngdong.lee ¤µ¤ó¡¢¤¢¤ê¤¬¤È¤¦¤´¤¶¤¤¤Þ¤·¤¿¡£

Êƥ楿¤ÎDigiCert¤È¤Ï̵´Ø·¸¤Ê¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdnǧ¾Ú¶É¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¸«¤Æ¤ß¤¿¤¾(Êä­1)

ºòÆü½ñ¤¤¤¿¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdnǧ¾Ú¶É¤Îµ­»ö¤Ç ¤Á¤ç¤Ã¤ÈÊä­¤·¤Æ¤ª¤³¤¦¤È»×¤¤¤Þ¤¹¡£

CRL¤Ë¤Ä¤¤¤Æ

  • Digicert Sdn¤ÎÌäÂê¤ò»ØŦ¤µ¤ì¤¿2¤Ä¤ÎÃæ´ÖCA¤Ï¡¢ ȯ¹Ô¤·¤¿¾ÚÌÀ½ñ¤ËCRLÇÛÉÛÅÀ(CDP)³ÈÄ¥¤Ï̵¤¤¤ó¤À¤±¤É¤â¡¢ CRL¼«ÂΤϤ­¤Á¤ó¤È3Æü¤ª¤­¤Ëȯ¹Ô¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
  • Entrust¤Ï¡¢ Digicert Sdn¤ÎÃæ´ÖCA¤ò¾¯¤·°Ü¹Ô¤Þ¤Ç¤Îͱͽ´ü´Ö¤ò»ý¤¿¤» 11·î8Æü¤«¤½¤ì¤è¤êÁ°¤Ë¼º¸ú¤µ¤»¤ë¤ÈÀ¼ÌÀ¤·¤Æ¤¤¤Þ¤¹¡£ ¸½»þÅÀ(11·î7Æü18:50 JST)¤Ç¤Ï¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
  • GTE CyberTrust Global Root(Verizon)¤Ï ¼º¸ú¤µ¤»¤ë¤È¤¤¤Ã¤¿À¼ÌÀ¤Ï¤¢¤ê¤Þ¤»¤ó¡£ ¸½»þÅÀ(11·î7Æü18:50 JST)¤Ç¤Ï¼º¸ú¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£
CRL¤Îȯ¹Ô¼þ´ü¤ª¤è¤ÓºÇ¿·¤ÎCRL¤Îȯ¹ÔÆü¤Î¾ðÊó¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£
ǧ¾Ú¶É̾ȯ¹Ô¼þ´üthisUpdatenextUpdate
Entrust.net CA 2048 ¥ë¡¼¥Èǧ¾Ú¶É7Æü2011ǯ11·î6Æü2011ǯ11·î13Æü
Digisign Server ID - (Enrich) (EntrustÍÑ)Ãæ´Öǧ¾Ú¶É3Æü2011ǯ11·î6Æü2011ǯ11·î8Æü
GTE CyberTrust Global Root ¥ë¡¼¥Èǧ¾Ú¶É3¥ö·î2011ǯ11·î1Æü2012ǯ2·î4Æü
Digisign Server ID (Enrich) (GTEÍÑ)Ãæ´Öǧ¾Ú¶É3Æü2011ǯ11·î6Æü2011ǯ11·î8Æü

Mozilla(FireFox)¤Îǧ¾Ú¶É¥Ö¥é¥Ã¥¯¥ê¥¹¥ÈÄɲäΥ½¡¼¥¹¥³¡¼¥É¤Î¹¹¿·

Mozilla¤Ç¤ÏÁ°²ó¤ÎDigiNotar¤Î¾ÚÌÀ½ñ¤ò¥Ö¥é¥Ã¥¯¥ê¥¹¥È¤ËÆþ¤ì¤ëºÝ¡¢ certdata.txt ¤Ë¾ÚÌÀ½ñ¤òÅÐÏ¿¤·¡¢¤³¤ì¤«¤é¥³¡¼¥É certdata.c ¤ò¼«Æ°À¸À®¤·¤Æ¤¤¤Þ¤¹¡£

http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt
¤³¤Î¥Õ¥¡¥¤¥ë¤ÎºÇ½ª¹¹¿·¤Ï2011ǯ11·î3Æü¤Ç¤¹¤¬¡¢¤Þ¤ÀDigicert Sdn¤Ë Âбþ¤Ï¤·¤Æ¤¤¤Ê¤¤¤è¤¦¤Ç¤¹¡£

°Ê¾å¡¢¤Á¤ç¤Ã¤ÈÊ䭤Ǥ·¤¿¡£¥¢¥Ã¥×¥Ç¡¼¥È¤¬¤¢¤ì¤Ð¡¢¤Þ¤¿½ñ¤­¤Þ¤¹¡£

´ØÏ¢µ­»ö

Êƥ楿¤ÎDigiCert¤È¤Ï̵´Ø·¸¤Ê¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdnǧ¾Ú¶É¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¸«¤Æ¤ß¤¿¤¾

2011ǯ11·î3Æü¤Î¥Ë¥å¡¼¥¹ ¤Ç¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdn. Bhd.¼Ò¤È¤¤¤¦Ç§¾Ú¶É¤¬ÌäÂê¤Î¤¢¤ë¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤ª¤ê

  • ¸½ºß¡¢²òÆɤ¬²Äǽ¤È¤µ¤ì¤Æ¤¤¤ë512bit¤ÎRSA¸°¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë
  • SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤È¤·¤Æ»È¤¦¤Ë¤Ï¾ÚÌÀ½ñ¤Î³ÈÄ¥Îΰè¤ËÌäÂ꤬¤¢¤Ã¤¿
  • ¥Þ¥ì¡¼¥·¥¢À¯Éܵ¡´Ø¤Ëȯ¹Ô¤·¤¿¤â¤Î¤Ë¤â512bit¤Î¼å¤¤¸°¤¬»È¤ï¤ì¤Æ¤¤¤ë
  • ȯ¹Ô¤·¤¿22Ëç¤Î¾ÚÌÀ½ñ¤Ç512bit¸°¤¬»È¤ï¤ì¤Æ¤¤¤ë
¤½¤Î¤è¤¦¤Ê±¿ÍѤ¬ÌäÂê»ë¤µ¤ì¡¢
  • Microsoft¤äMozilla¤¬ÌäÂê¤Î¤¢¤Ã¤¿¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdn¤ÎÃæ´Ö¾ÚÌÀ½ñ¤ò ¥Ö¥é¥Ã¥¯¥ê¥¹¥È¤ËÆþ¤ì¤¿¡£FireFox¤Ç¤Ï8¤«¤é¤ÎÂбþ¤Ë¤Ê¤ë¡£
  • Digicert Sdn¤Î¾å°Ì¤Î¥ë¡¼¥Èǧ¾Ú¶É¤Ç¤¢¤ëEntrust¼Ò¤ÏÌäÂê¤Î¤¢¤ëÃæ´Ö¾ÚÌÀ½ñ¤ò¡¢¾¯¤·°Ü¹Ô¤Þ¤Ç¤Îͱͽ¤ò»ý¤¿¤»11·î8Æü¤«¤½¤ì¤è¤êÁ°¤Ë¼º¸ú¤µ¤»¤ë
¤È¤¤¤¦Âбþ¤ò¼è¤ê¤Þ¤·¤¿¡£

ºÇ½é¡¢¥Ä¥¤¥Ã¥¿¡¼¤Ê¤É¤Ç¤³¤ÎÌäÂ꤬¾Ò²ð¤µ¤ì¤¿¤È¤­Êƥ楿½£¤Ë¤¢¤ë³ä¤È ͭ̾¤Êǧ¾Ú¶ÉDigicert¤Î»Ò²ñ¼Ò¤¬ÌäÂ꤬µ¯¤³¤·¤¿¤Î¤«¤È ´ª°ã¤¤¤µ¤ì¤Æ¤¤¤¿¤è¤¦¤Ç¤¹¤¬¡¢Á´¤¯Ê̤Υޥ졼¥·¥¢¤Î²ñ¼Ò¤À¤Ã¤¿¤è¤¦¤Ç ÊÆDigiCert¼Ò¤âÀ¼ÌÀ¤ò½Ð¤·¤Æ¤¤¤Þ¤¹¡£ ÊÆDigiCert¼Ò¤ÏÀèÆü¤Î¥ª¥é¥ó¥À¤ÎDigiNotar¼Ò¤Î»þ¤â ̾Á°¤¬»÷¤Æ¤¿¤¿¤á¡Ö¤¦¤Á¤Ï´Ø·¸¤Ê¤¤¤è¡×¤ÈÀ¼ÌÀ¤À¤·¤Æ¤ª¤ê¡¢ºÇ¶áƧ¤ó¤À¤ê½³¤Ã¤¿¤ê¤Ç¤¹¤Íw¡£ ¤µ¤Æ¡¢º£Æü¤Ï¤³¤Î¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdnǧ¾Ú¶É¤Ë¤Ä¤¤¤Æ¡¢ ¤Á¤ç¤Ã¤È¸«¤Æ¤ß¤¿¤Î¤ÇÊó¹ð¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¥Þ¥ì¡¼¥·¥¢Digicert Sdn¼Ò¤Î´ö¤Ä¤«¤Îǧ¾Ú¶É

¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdn¼Ò¤Ï¥ë¡¼¥È¡¢Ãæ´Ö¤ò´Þ¤á(¤ª¤½¤é¤¯)13¤â¤Îǧ¾Ú¶É¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£²æ¡¹¤Ë´í¸±À­¤Î±Æ¶Á¤¬¤¢¤ë¤Î¤Ï¿Þ¤Îº¸Â¦¡¢Â¿¤¯¤Î¥Ö¥é¥¦¥¶¤Ë¿®Íꤹ¤ë¥ë¡¼¥Èǧ¾Ú¶É¤È¤·¤ÆÅëºÜ¤µ¤ì¤Æ¤¤¤ë Entrust¤ÈGTE CyberTrust(¸½Verizon)¤ò¥ë¡¼¥Èǧ¾Ú¶É¤È¤¹¤ë 2¤Ä¤ÎÃæ´Öǧ¾Ú¶É¤Ç¤¹¡£
fig1
Digicert¼Ò¤Î¤½¤ì¤¾¤ì¤Îǧ¾Ú¶É¤ÎÆÃħ¤Ê¤É¤ò²¼É½¤Ë¤Þ¤È¤á¤Æ¤ß¤Þ¤·¤¿¡£

ǧ¾Ú¶ÉÆÃħ
¥ë¡¼¥Èǧ¾Ú¶É
Digicert Class2 Root ÁÈ¿¥¡¢¸Ä¿Í(18ºÐ°Ê¾å)¸þ¤±¤Ëȯ¹Ô¤¹¤ë²¼°ÌCA¤ò»ý¤Ä¿®Íê¥ì¥Ù¥ë¹âÃæ¤Î¥ë¡¼¥Èǧ¾Ú¶É
Digicert Class1 Root ¸Ä¿Í¸þ¤±¤Ëȯ¹Ô¤¹¤ë²¼°ÌCA¤ò»ý¤Ä¿®Íê¥ì¥Ù¥ëÄã¤Î¥ë¡¼¥Èǧ¾Ú¶É
Malaysia Primier CA 1024 SHA1withRSA 1024bit
ÂçÎ̤ËMD5withRSA¥æ¡¼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô
¾¼Ò¥ë¡¼¥È¤ÎÃæ´Öǧ¾Ú¶É
Digisign Server ID (Enrich) ¾å°ÌCA¤ÏGTE CyberTrust Global Root
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¸ø³«¤·¤Æ¤Ê¤µ¤½¤¦
SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤È(¾ÚÌÀ½ñ´ÉÍý¼ÔÍÑ?)¥æ¡¼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô
Digisign Server ID - (Enrich) ¾å°ÌCA¤ÏEntrust.net Certification Authority (2048)
¼«¸Ê½ð̾¾ÚÌÀ½ñ¤Ï¸ø³«¤·¤Æ¤ë
SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤È(¾ÚÌÀ½ñ´ÉÍý¼ÔÍÑ?)¥æ¡¼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô
¾å¤Î¤È¤Ï " - "(¥Ï¥¤¥Õ¥ó)¤¬°ã¤¦
Digicert Class2 Root²¼°Ì¤ÎÃæ´Öǧ¾Ú¶É
Digisign Server ID SHA1withRSA 1024bit
¾ÚÌÀ½ñ´ÉÍý¼ÔÍѤΥ桼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë¤è¤¦¤À
¶âÍ»·Ï¤ä¥«¡¼¥É·Ï¤¬Â¿¤¤
Digisign ID (Enhanced) S/MIME¤Ë¤â»È¤¨¤½¤¦¤Ê¥æ¡¼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô
ÊѤʥץ饤¥Ù¡¼¥È³ÈÄ¥¤¬¤¢¤ë
Digisign ID (Basic) °ìÈ̤Υ桼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë¤è¤¦¤À
MyKAD Online °ìÈ̤Υ桼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë¤è¤¦¤À
DIGISIGN iVEST CA ¥æ¡¼¥¶¾ÚÌÀ½ñ¤«S/MIME¾ÚÌÀ½ñ¤«¡©
DIGISIGN iVEST CA Enhanced ¥æ¡¼¥¶¾ÚÌÀ½ñ¤«S/MIME¾ÚÌÀ½ñ¤«¡©
Digicert Class1 Root²¼°Ì¤ÎÃæ´Öǧ¾Ú¶É
DigiSign ID ¸½ºß¤Ç¤âÂçÎ̤ÎRSA 512bit¸°¤Î¥æ¡¼¥¶¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë¤è¤¦¤À
Digisign Corporate Email ËÜÃæ´ÖCA¾ÚÌÀ½ñ¤Ï2006ǯ¤Ë´ü¸ÂÀÚ¤ì
²¼¤Ë¥æ¡¼¥¶¾ÚÌÀ½ñ¤Ï¸«Åö¤¿¤é¤º
¤³¤ì¤é¤Î¤¹¤Ù¤Æ¤Îǧ¾Ú¶É¾ÚÌÀ½ñ¤Î¸°Ä¹¤Ï 1024bit¤«2048bit¤Ç¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤â ÆäËÌäÂê¤Ë¤Ê¤ê¤½¤¦¤ÊÅÀ¤Ï¸«¤Ä¤«¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£ ¾¤Ë¤â
  • CIMB Investment Bank Berhad Enterprise CA
  • Bank Negara Malaysia Sub CA
¤Ê¤É¥Þ¥ì¡¼¥·¥¢¤Î¶ä¹Ô¤Îǧ¾Ú¶É¤ò±¿ÍѤ·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¤¬¡¢ ¾ÚÌÀ½ñ¤¬¸«¤Ä¤«¤é¤ºÄ´ºº¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£

Entrust¤ÈGTE CyberTrust¥ë¡¼¥È¤ÎDigicert SdnÃæ´Öǧ¾Ú¶É

¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdn¤Î¥ë¡¼¥È¾ÚÌÀ½ñ¤ÏIE¤äFireFox¤Ê¤É¤Î ¥ë¡¼¥È¾ÚÌÀ½ñ¤Ë¤ÏÅëºÜ¤µ¤ì¤Æ¤ª¤é¤º¡¢ º£²ó¡¢Microsoft ¤ä Mozilla¤¬¥Ö¥é¥Ã¥¯¥ê¥¹¥È¤ËÆþ¤ì¤¿¤Î¤Ï Entrust¤äGTE CyberTrust¤ò¥ë¡¼¥Èǧ¾Ú¶É¤È¤¹¤ëDigicert Sdn¤Î Ãæ´ÖCA¾ÚÌÀ½ñ¤Ç¤¹¡£ IE¤Ç¤ß¤ë¤ÈGTE CyberTrust¥ë¡¼¥È¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ï¤³¤ó¤Ê´¶¤¸¡¢
certview-gte
IE¤Ç¤ß¤ë¤ÈEntrust¥ë¡¼¥È¤Î¾ì¹ç¡¢¾ÚÌÀ½ñ¥Á¥§¡¼¥ó¤Ï¤³¤ó¤Ê´¶¤¸¤Ç¤¹¡£
certview-entu
ξ¼Ô¤ò¾¯¤·¿ô»ú¤ÇÈæ³Ó¤·¤Æ¤ß¤Þ¤·¤ç¤¦¡£

Èæ³Ó¹àÌÜGTE CyberTrust¥ë¡¼¥ÈEntrust¥ë¡¼¥È
(a) ¾ÚÌÀ½ñȯ¹ÔËç¿ô(2011ǯ11·î5Æü»þÅÀ¡¢±ä¤Ù) 1198Ëç 984Ëç
(b) (a)¤Î¤¦¤Á2011ǯ11·î3Æü»þÅÀ¤ÇÍ­¸ú¤Ê¤â¤Î 110Ëç 448Ëç
(c) (a)¤Î¤¦¤Á2011ǯ11·î3Æü»þÅÀ¤ÇÍ­¸ú¤Ê¥Þ¥ì¡¼¥·¥¢À¯ÉܤΤâ¤Î 69Ëç 205Ëç
(d) (a)¤Î¤¦¤ÁRSA512bit¸°¤Î¤â¤Î 37Ëç 8Ëç
(e) (a)¤Î¤¦¤ÁRSA512bit¸°¤Ç¸½»þÅÀ(11/5)¤ÇÍ­¸ú¤Ê¤â¤Î 7Ëç 7Ëç
(f) (a)¤Î¤¦¤ÁRSA512bit¸°¤Ç¸½»þÅÀ(11/5)¤ÇÍ­¸ú¤Ê¥Þ¥ì¡¼¥·¥¢À¯Éܥɥᥤ¥ó¤Î¤â¤Î 0Ëç 5Ëç
¥Ë¥å¡¼¥¹¤Ç¼è¤ê¾å¤²¤é¤ì¤Æ¤¤¤ë22Ëç¤È¤¤¤¦¿ô»ú¤Ï ¤É¤³¤«¤é½Ð¤Æ¤­¤¿¤â¤Î¤Ê¤Î¤«¤è¤¯¤ï¤«¤ê¤Þ¤»¤ó¤Í¡£

¸½ºß¡¢²òÆɤµ¤ì¤¿¼ÂÀӤΤ¢¤ë512bit RSA¸°¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤¤¤ë ¤³¤È¤ÏÌäÂê¤È¤¤¤¨¤ÐÌäÂê¤Ç¤¹¤¬¡¢ÍøÍѼԤ¬¸°¤òÀ¸À®¤·¤Æ ¾ÚÌÀ½ñȯ¹ÔÍ׵ᤷ¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¤«¤éÍøÍѼÔ¦¤Ë¤âÌäÂ꤬¤¢¤ê¤Þ¤¹¤è¤Í¡£

ÌäÂê¤Î¤¢¤ë¾ÚÌÀ½ñ³ÈÄ¥Îΰè¤È¤Ï¡©

³ÈÄ¥Îΰè¤Î°ã¤¤¤ÏGTE CyberTrust¥ë¡¼¥È¤ÈEntrust¥ë¡¼¥È¤Ç¤Ï ¤Ê¤¯¤Æ¡¢¸°Ä¹¤Ë¤è¤êÈù̯¤Ë³ÈÄ¥¤¬°ã¤¦¤è¤¦¤Ç¤¹¡£ ¤³¤ì¤Ï¸°Ä¹2048bit¤Î¤â¤Î¡£
certext-gte1
¤³¤ì¤Ï512bit¤Î¤â¤Î¤Ç¤¹¡£
certext-entu1
¥Ë¥å¡¼¥¹¤Ç¤Ï¡¢Ä̾ïTLS¥µ¡¼¥Ð¡¼ÍѤȤ« TLS¥¯¥é¥¤¥¢¥ó¥ÈÍѤȤ«½ñ¤«¤ì¤ë ³ÈÄ¥¸°»ÈÍÑÌÜŪ(Extended Key Usage)¤¬¤Ê¤¤¤È¤«¡¢Â¾¤Ë¤â ³ÈÄ¥¤Ç¤ª¤«¤·¤Ê¤È¤³¤í¤¬¤¢¤ë¤È¸À¤Ã¤Æ¤¤¤Þ¤¹¡£ ¤ª¤«¤·¤Ê¤È¤³¤í¤ò¥ä¥Ð¤¤½ç¤Ë¤Þ¤È¤á¤Æ¤ß¤Þ¤·¤ç¤¦¡£

CRLÇÛÉÛÅÀ(CDP:CRL Distribution Points)¤¬Ìµ¤¤
¤³¤ì¤¬Ìµ¤¤¤¿¤á¾ÚÌÀ½ñ¤ò¼º¸ú¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¡£ º£²ó¤Î¤è¤¦¤Ëȯ¹Ô¤·¤¿¾ÚÌÀ½ñ¤ËÌäÂ꤬¤¢¤Ã¤¿»þ¤Ë¼º¸ú¤Ç¤­¤Ê¤¤¤³¤È¤Ï¥Û¥ó¥ÈÃ×̿Ū¡£
KeyUsage¤¬¤Ê¤¤¤â¤Î¤¬¤¢¤ë
512bit RSA¸°¤Î¾ì¹ç¤Ë³ÈÄ¥¤¬Ìµ¤¤¤è¤¦¤Ç¤¹¡£ RFC 3280Ū¤Ë¤ÏTLS¤Ç¤Ï½ð̾¸¡¾Ú¤Ë»È¤¦¤Î¤Çɬ¿Ü(MUST)¤Ç¤¹¤Í¡£
³ÈÄ¥¸°»ÈÍÑÌÜŪ(EKU:Extended Key Usage)¤¬¤Ê¤¤
ɬ¿Ü¤Ç¤Ï¤Ê¤«¤Ã¤¿µ¤¤¬¤·¤Þ¤¹¤¬ÉáÄ̤Ĥ¤¤Æ¤Þ¤¹¡£
KeyUsage¤¬¤¢¤Ã¤Æ¤â¡¢ÉÔÍפʥӥåȤ¬Î©¤Ã¤Æ¤¤¤ë
Key Usage³ÈÄ¥¤Ï512bit¤è¤êÂ礭¤¤¸°¤Î¾ÚÌÀ½ñ¤Ç¤ÏÍ­¤ë¤è¤¦¤Ç¤¹¤¬¡¢ ÃͤȤ·¤ÆDigital Signature¡¢Non-Repudiation¡¢Key Encipherment¡¢ Data Encipherment¤Î¥Ó¥Ã¥È¤¬Î©¤Ã¤Æ¤¤¤Þ¤¹¡£ SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ç¤ÏNon-Repudiation¡¢Data Encipherment¤Ï;·×¤Ç¤¹¤è¤Í¡£
RFC 5280 4.2.1.12 Extended Key Usage¤è¤ê
If a certificate contains both a key usage extension and an extended key usage extension, then both extensions MUST be processed independently and the certificate MUST only be used for a purpose consistent with both extensions.
Ãæά
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
-- TLS WWW server authentication
-- Key usage bits that may be consistent: digitalSignature,
-- keyEncipherment or keyAgreement
RFC 5280¤Ç¤ÏExtended Key Usage¤ÈKey Usage¤¬°ì´Ó¤·¤Æ¤¤¤ë »ö¤¬MUST¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
´ðËÜÀ©Ìó(Basic Constraints)¤¬Ìµ¤¤
¤Ê¤±¤ì¤Ðǧ¾Ú¶É¾ÚÌÀ½ñ¤Ç¤Ê¤¤¤Ã¤Æ¤³¤È¤Ê¤ó¤Ç¤¹¤¬¡¢°ìÈ̤ˤϤĤ±¤ë¤³¤È¤¬Â¿¤¤¤Ç¤¹¤è¤Í¡£ ¿ïʬÀΡ¢¤¢¤ë¥á¡¼¥é¡¼¤Ç´ðËÜÀ©Ìó¤¬Ìµ¤¤¤³¤È¤ò̵»ë¤·¤Æ¡¢¥æ¡¼¥¶¾ÚÌÀ½ñ¤«¤é²¼°Ì¾ÚÌÀ½ñȯ¹Ô¤·¤Æ¤â¸¡¾ÚÀ®¸ù¤À¤Ã¤¿¤³¤È¤òȯ¸«¤·¤Æ¤·¤Þ¤Ã¤¿¤ê¡¢¡¢¡¢
Authority/Subject Key Identifier¤Ç64bit¤ÏºÇ¶áÄÁ¤·¤¤
¤Ç¤¹¤è¤Í¡©
·ë¶É¡¢CRLÇÛÉÛÅÀ³ÈÄ¥¤¬¤Ê¤¯¼º¸ú¤Ç¤­¤Ê¤¤¤È¤¤¤¦¤Î¤¬°ìÈÖ¤ÎÌäÂê ¤À¤Ã¤¿¤ó¤À¤È»×¤¤¤Þ¤¹¡£¼º¸ú¤Ç¤­¤Æ¤¤¤ì¤Ð¡¢ ñ¤ËÌäÂê¤Î¤¢¤Ã¤¿¾ÚÌÀ½ñ¤ò¼º¸ú¤µ¤»¡¢¸°Ä¹¤ä³ÈÄ¥Îΰè¤Ë ÌäÂ꤬¤¢¤Ã¤¿¤È¤·¤Æ¤âÀµ¤·¤¤¤â¤Î¤òºÆȯ¹Ô¤¹¤ì¤Ð ¤è¤«¤Ã¤¿¤À¤±¤Ç¡¢¤³¤ó¤Ê¤ËÂ礭¤ÊÌäÂê¤Ë¤Ï¤Ê¤é¤Ê¤«¤Ã¤¿¤Ï¤º¤Ç¤¹¡£ ¼º¸ú¤Ç¤­¤Ê¤¤¤¿¤á¤Ëǧ¾Ú¶É´Ý¤´¤È¥Ö¥é¥Ã¥¯¥ê¥¹¥È²½¤¹¤ë¤·¤« ¼ê¤¬Ìµ¤«¤Ã¤¿¤ï¤±¤Ç¤¹¡£ ¥Ë¥å¡¼¥¹¤Ç¤ÏEKU¤¬Ìµ¤¤¤Î¤¬¤ª¤«¤·¤¤¤È¤« ¤ï¤±¤Î¤ï¤«¤é¤Ê¤¤»ö»ØŦ¤·¤Æ¤Þ¤¹¤è¤Í¡£

CPS(ǧ¾Ú¼Â»Üµ¬Äø)¤È¾È¤é¤·¤Æ¤É¤¦¤Ê¤Î¡©

ǧ¾Ú¶É¤Ç¤ÏCPS(ǧ¾Ú¼Â»Üµ¬Äø)¤ÇÄê¤á¤¿±¿ÍѤ˽¾¤¤ ¾ÚÌÀ½ñ¤òȯ¹Ô¤¹¤ë¤ï¤±¤Ç¤¹¤¬¡¢¤³¤ì¤È¾È¤é¤·¤Æ¤É¤¦¤À¤Ã¤¿¤Î¤« Digicert Sdn¤ÎCPS¤ò ¤Á¤ç¤Ã¤È¸«¤Æ¤ß¤Þ¤·¤¿¡£

  • ¸°Ä¹¤¬512bit°Ê²¼¤Ç¤Ï¥À¥á¤À¤È¤¤¤¦µ­½Ò¤Ï¸«Åö¤¿¤é¤Ê¤«¤Ã¤¿¤Î¤Ç CPSŪ¤Ë512bit¤Î¸°¤ËÂФ·¤Æ¾ÚÌÀ½ñȯ¹Ô¤¹¤ë¤³¤È¤ÏÌäÂ̵꤬¤«¤Ã¤¿¤è¤¦¤À¡£
  • ³ÈÄ¥Îΰè¤Ë¤Ä¤¤¤Æ¤Ïñ¤Ë»ÈÍѲÄǽ¤Ê³ÈÄ¥¤ò¤Þ¤È¤á¤Æ¤¤¤ë¤À¤±¤Ç ȯ¹Ô¤¹¤ë¾ÚÌÀ½ñ¤ÎÍÑÅÓ¤´¤È¤Ë¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤òÄê¤á¤Æ ¤¤¤Ê¤«¤Ã¤¿¤Î¤ÇCDP³ÈÄ¥¤Ê¤É³ÈÄ¥¤¬ÉÔ­¤·¤Æ¤¤¤¿¤êÌäÂ꤬¤¢¤Ã¤¿¤È ¤·¤Æ¤âCPS°ãÈ¿¤Ë¤Ê¤ë¤³¤È¤Ï̵¤¤¡£
¤È¤Þ¤¡¡¢¤³¤Î¤è¤¦¤Ê´¶¤¸¤ÇCPS¤Ë°ãÈ¿¤·¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤Ï ̵¤«¤Ã¤¿¤è¤¦¤Ç¤¹¡£

¤¿¤À¡¢CPSÃæ¤Î¾ÚÌÀ½ñ¥×¥í¥Õ¥¡¥¤¥ë¤Ë¤Ä¤¤¤Æ¡¢¤É¤Î¤è¤¦¤Ê³ÈÄ¥¤¬ ɬ¤º´Þ¤Þ¤ì¤ë¤Î¤«¡¢´Þ¤Þ¤ì¤Ê¤¤¤Î¤«ÌÀ³Î¤Ë¤Ê¤Ã¤Æ¤ª¤é¤º¡¢ CRLÇÛÉÛÅÀ³ÈÄ¥¤¬Ìµ¤¤¤È¤¤¤¦Ç§¾Ú¶ÉÀß·×¾å¤Î½ÅÂç¤Ê·ç´Ù¤¬ ÌÀ¤é¤«¤Ë¤Ê¤Ã¤Æ¤³¤Ê¤«¤Ã¤¿¤È¤¤¤¦ÌäÂê¤Ï¤¢¤ê¤Þ¤¹¤±¤É¤Í¡£

º£²ó¤ÎÌäÂê¤ËÂФ¹¤ëɾ²Á¤Ï¤³¤ì¤Ç¤¤¤¤¤Î¤«

º£²ó¤ÎÌäÂê¤Ï¡¢COMODO¤äDigiNotar¤Î¤è¤¦¤Ë¹¶·â¤µ¤ì¤Æ ¥µ¥ÖCA¤äRA¤¬¾è¤Ã¼è¤é¤ìÉÔÀµ¤Ê¾ÚÌÀ½ñ¤ò½Ð¤·ÊüÂê¤Ë¤Ê¤Ã¤Æ¤¤¤¿¤ï¤±¤Ç¤â ¤Ê¤¯¡¢Æ±Îó¤ËÌäÂê¤ò¸ì¤é¤ì¤Æ¤¤¤ë¤Î¤Ï°ãÏ´¶¤ò³Ð¤¨¤Þ¤¹¡£ ¹â¡¹¡¢Ç§¾Ú¶É¤Ç¤Ï¤Ê¤¯SSL¥µ¡¼¥Ð¾ÚÌÀ½ñ¤Î¸°¤¬ÉÔÀµ¤Ë»È¤ï¤ì¤ë¤À¤±¤Ç¤¹¤è¤Í¡£ 512bit¸°¤Î¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤·¤Þ¤Ã¤¿¤Î¤Ï¡¢ÍøÍѼÔ(¤ªµÒ¤µ¤ó)¤Ë¤â ÌäÂ꤬¤¢¤Ã¤¿¤ï¤±¤Ç¤¹¤è¤Í¡£ ¤È¤Æ¤â²ù¤ä¤Þ¤ì¤ë¤Î¤ÏCRL Distribution Points³ÈÄ¥¤¬ Æþ¤Ã¤Æ¤¤¤Ê¤«¤Ã¤¿¤½¤Î°ìÅÀ¤Ç¤¹¡£ ¤½¤ì¤µ¤¨Æþ¤Ã¤Æ¤¤¤ì¤Ð¡¢ÌäÂ꤬ȯ³Ð¤·¤Æ¤â ñ¤Ë¾ÚÌÀ½ñºÆȯ¹Ô¤¹¤ì¤ÐºÑ¤ó¤À¤Î¤Ë¡¢ Ãæ´ÖCA¾ÚÌÀ½ñ¤Î¥Ö¥é¥Ã¥¯¥ê¥¹¥ÈÆþ¤ê¤È¤¤¤¦·ë²Ì¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£ Ʊ¤¸CA¤«¤éȯ¹Ô¤µ¤ì¤Æ¤¤¤ëSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ç¤â ³ÈÄ¥¤Î¤Þ¤È¤â¤Ê¤â¤Î¤â¤¢¤ê
certext-entu3ok
´°Á´¤Ë¤È¤Ð¤Ã¤Á¤ê¤ò¿©¤Ã¤¿¤ªµÒ¤µ¤ó¤â¿¿ô¤¤¤ë¤ï¤±¤Ç¤¹¤è¤Í¡£ ²Ä°¥ÁÛ¤À¤Ê¤¡¤È»×¤¤¤Þ¤¹¡£

GTE CyberTrust Global Root¤ò±¿ÍѤ·¤Æ¤¤¤ëVerizon¤«¤é¤Ï ²¿¤Î¥³¥á¥ó¥È¤â̵¤¤¤Î¤âÊѤʴ¶¤¸¤Ç¤¹¤è¤Í¡£

¤ª¤ï¤ê¤Ë

°Ê¾å¡¢¥Þ¥ì¡¼¥·¥¢¤ÎDigicert Sdn¤Îǧ¾Ú¶É¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ ¤Á¤ç¤Ã¤ÈÄ´¤Ù¤¿¤È¤³¤í¤òÊó¹ð¤·¤Þ¤¤¤¿¡£ 512 bit RSA¸°¤¬ÌäÂê¤À¤ß¤¿¤¤¤Ê¥Ë¥å¡¼¥¹¤ÎÏÀÄ´¤Ç¤¹¤¬¡¢ ¤¢¤ì¤Ï¥æ¡¼¥¶¤Î¸°¤Ê¤Î¤ÇCA¸°¤È°ã¤Ã¤Æ´íËز½¤·¤Æ¤âÂ礷¤¿ÌäÂê¤Ç¤Ï ¤Ê¤¯¤Æ¡¢¤½¤ì¤è¤ê¤âCRLÇÛÉÛÅÀ³ÈÄ¥¤¬Ìµ¤¤¤³¤È¤Ë¤è¤ê¼º¸ú¤Î¼êΩ¤Æ¤¬¤Ê¤¯¡¢ Ãæ´ÖCA¼«ÂΤòÇÑ´þ¤¹¤ë¤·¤«¼ê¤¬Ìµ¤«¤Ã¤¿¤Ã¤Æ¤³¤È¤¬ÌäÂê¤À¤Ã¤¿¤ï¤±¤Ç¤¹¡£

¤ä¤Ù¤ä¤Ù¡¢Ìë¹¹¤«¤·¤·¤Á¤ã¤Ã¤¿¤è¡£ ¤Ç¤Ï¤Ç¤Ï¡¢¡¢¡¢

´ØÏ¢¥ê¥ó¥¯

¤ï¤±¤Î¤ï¤«¤é¤Ê¤¤DigiNotar Cyber CA¤Î¾ÚÌÀ½ñ

¥ª¥é¥ó¥À¤Îǧ¾Ú¶ÉDigiNotar¤¬¹¶·â¤ò¼õ¤±¡¢º£¤ï¤«¤Ã¤Æ¤¤¤ë¤À¤±¤ÇÉÔÀµ¤ÊSSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò531Ëç ȯ¹Ô¤·¤Æ¤·¤Þ¤Ã¤¿·ï¤ò¡¢µ¤¤Ë¤Ê¤Ã¤Æ¤º¤Ã¤È¥¦¥©¥Ã¥Á¤·¤Æ¤¤¤Þ¤¹¡£

¤¤¤í¤¤¤íµ¿Ìä¤Ë»×¤Ã¤Æ¤¤¤ë¤³¤È¤¬¤¢¤ê»þ´Ö¤¬¤¢¤ë¤È¤­¡¢¤³¤³¤Ç¤â¾Ò²ð¤·¤Æ¤¤¤­¤¿¤¤¤È »×¤Ã¤Æ¤¤¤ë¤ó¤Ç¤¹¤¬¡¢¤½¤Îµ¤¤Ë¤Ê¤ë¤È¤³¤í¤Î°ì¤Ä¤ËDigiNotar Cyber CA¤È¤¤¤¦¤Î¤¬¤¢¤ê¤Þ¤¹¡£ Tor¥×¥í¥¸¥§¥¯¥È¤Î¥Ú¡¼¥¸¤ÇÉÔÀµ¤Ëȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Î°ìÍ÷(531Ëç)¤¬CSV¤äExcel·Á¼°¤Ç ¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤ª¤ê¡¢ÉÔÀµ¤Ê¾ÚÌÀ½ñ¤òȯ¹Ô¤·¤Æ¤·¤Þ¤Ã¤¿DigiNotar´ÉÍý²¼¤Î ǧ¾Ú¶É¤Î°ìÍ÷¤Ï

  • DigiNotar Cyber CA
  • DigiNotar Extended Validation CA¡ú
  • DigiNotar Public CA - G2
  • DigiNotar Public CA 2025¡ú
  • Koninklijke Notariele Beroepsorganisatie CA
  • Stichting TTP Infos CA
¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¡Ö¡ú¡×°õ¤ò¤Ä¤±¤¿¤â¤Î¤Ï DigiNotar¤Î¥Ú¡¼¥¸¤«¤é ¥À¥¦¥ó¥í¡¼¥É¤Ç¤­¤ëÃæ´ÖCA¾ÚÌÀ½ñ¤Ë¤Ê¤ó¤Ç¤¹¤¬¡¢ ¾¤Î¤â¤Î¤ÏGoogleÅù¤Çõ¤·¤Æ¤ß¤Æ¤â¥À¥¦¥ó¥í¡¼¥É¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£ Èï³²¤¬¤¢¤Ã¤¿Ç§¾Ú¶É¤Î¾ÚÌÀ½ñ¤¬DigiNotar¤Î¥µ¥¤¥È¤Ç¸ø³«¤µ¤ì¤Æ¤¤¤Ê¤¤¤Î¤Ï Èó¾ï¤ËÌäÂê¤À¤È»×¤Ã¤Æ¤¤¤Æ¡¢ÆÃ¤Ë DigiNotar Cyber CA¤Ï "*.google.com"¡¢"*.skype.com" ¤Ê¤É¤ÎÁÛÄêÈï³²¤ÎÂ礭¤¤SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ò ȯ¹Ô¤·¤Æ¤¤¤ëCA¤Ê¤Î¤Ç¡¢CA¾ÚÌÀ½ñ¤¬Ìµ¤¤¤ÈÂкö¤ÎÂǤÁ¤è¤¦¤¬¤Ê¤¤¤È»×¤Ã¤Æ¤¤¤Þ¤·¤¿¡£ ÉÔÀµ¤Ëȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ë¤Ä¤¤¤ÆOCSP¥ª¥ó¥é¥¤¥ó¾ÚÌÀ½ñ¸¡¾Ú¤Î·ë²Ì¤¬¤Û¤È¤ó¤ÉÍ­¸ú¤Î¤Þ¤Þ ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï?¤ÈÊó¹ð¤·¤Æ¤¤¤ë¿Í¤â¤¤¤Æ(OCSP¥ì¥¹¥Ý¥ó¥À¾ÚÌÀ½ñ¤¬Ìµ¸ú¤Ç¤¢¤ì¤Ð ÌäÂê¤Ê¤¤¤ï¤±¤Ç¤¹¤¬)¤½¤ì¤òÄ´ºº¤¹¤ë¤¿¤á¤Ë¤âCA¾ÚÌÀ½ñ¤¬É¬Íפˤʤë¤ï¤±¤Ç¤¹¡£

¤ä¤Ã¤È¤ß¤Ä¤±¤¿

DigiNotar¤Î¥µ¥¤¥È¤Ë̵¤¤¤Î¤Ç¤Á¤ç¤Ã¤È¤¢¤­¤é¤áµ¤Ì£¤À¤Ã¤¿¤ó¤Ç¤¹¤¬¡¢ FireFox 3.6.22 ¤Î¾ÚÌÀ½ñ¥¹¥È¥¢¤ò¸«¤Æ¤ß¤¿¤é°Ê²¼¤Î¿®Íꤹ¤ëCA¾ÚÌÀ½ñ¤¬¤¢¤ê¤Þ¤·¤¿¡£

  • DigiNotar Root CA
  • DigiNotar Services 1024 CA
  • DigiNotar Cyber CA (2Ëç)
  • DigiNotar PKIoverheid CA Orgaisatie - G2
  • DigiNotar PKIoverheid CA Overheiden Berdrijven
¤Ê¤ó¤À¡¢DigiNotar Cyber CA¤¢¤ë¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¡¢¡¢¡¢¤½¤ì¤â2Ëç¤â¡£ ¤Ñ¤Ã¤È¸«¡¢¤Õ¤ó¤Õ¤ó¡¢Ì¾Á°¤¬¤Á¤ç¤Ã¤È°ã¤¦¥ë¡¼¥È¾ÚÌÀ½ñ¤ÇÍ­¸ú´ü´Ö¤â¤Á¤ç¤Ã¤È¤À¤±°ã¤¦¤ó¤À¤Ê¤È ǼÆÀ¤·¤½¤¦¤Ë¤Ê¤Ã¤¿¤ó¤Ç¤¹¡£¤Þ¤¡¡¢ÆÃÊ̤ʻö¾ð¤¬¤¢¤Ã¤ÆƱ¤¸¤è¤¦¤Ê¥ë¡¼¥Èºî¤Ã¤¿¤ó¤À¤í¤¦¤Ê¤¡¡¢¡¢¡¢¤È¡£
DigiNotar Cyber CA (1ËçÌÜ)
¡¡È¯¹Ô¼Ô¡§C=NL,O=DigiNotar,CN=DigiNotar Cyber CA,Email=info@diginotar.nl
¡¡¼çÂμԡ§C=NL,O=DigiNotar,CN=DigiNotar Cyber CA,Email=info@diginotar.nl
¡¡Í­¸ú´ü´Ö¡§2006.10.04-2011.10.04
DigiNotar Cyber CA (2ËçÌÜ)
¡¡È¯¹Ô¼Ô¡§C=NL,O=DigiNotar,CN=DigiNotar Cyber CA
¡¡¼çÂμԡ§C=NL,O=DigiNotar,CN=DigiNotar Cyber CA
¡¡Í­¸ú´ü´Ö¡§2006.09.27-2013.09.20
¤½¤·¤¿¤é¡¢¤¢¤ì¤ì¡©¡©¡©³ÈÄ¥Îΰ褢¤ë¤¸¤ã¤Ê¤¤¤Ç¤¹¤«¡©¡©¡©¤½¤ì¤âÁ´¤¯Æ±¤¸ÃÍ¡¢¡¢¡¢¡¢
ȯ¹Ô¼Ô¸°¼±Ê̻ҡ§
¡¡A6:0C:1D:9F:61:FF:07:17:B5:BF:38:46:DB:43:30:D5:8E:B0:52:06
¡¡C=US,O=GTE Corporation,OU=GTE CyberTrust Solutions, Inc.,CN=GTE CyberTrust Global Root
¡¡serial:01:A5
¼çÂμԸ°¼±Ê̻ҡ§
¡¡AB:F9:68:DF:CF:4A:37:D7:7B:45:8C:5F:72:DE:40:44:C3:65:BB:C2
¾ÚÌÀ½ñ¥Ý¥ê¥·¡§
¡¡CPS: http://www.public-trust.com/CPS/OmniRoot.html
CRLÇÛÉÛÅÀ
¡¡URI:http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl
¤Ã¤Æ¤³¤È¤Ï¡¢DigiNotar Cyber CA¤Î¾ÚÌÀ½ñ¤Ï2Ëç¤È¤â¼«¸Ê½ð̾¥ë¡¼¥È¾ÚÌÀ½ñ¤Ç¤Ï¤Ê¤¯¤Æ ¼çÂμÔ̾¡¢È¯¹Ô¼Ô̾¤¬Æ±¤¸¤Ê¤Î¤ËGTE CyberTrust Global Root¤«¤é ȯ¹Ô¤µ¤ì¤¿Ãæ´ÖCA¾ÚÌÀ½ñ¤Ã¤Æ¤³¤È¤Ê¤ó¤Ç¤¹¤è¤Í¡£ CPS¤äCRLDP¤Î¾ì½ê¤âGTE¤ò´ÉÍý¤·¤Æ¤¤¤ë½ê¤Î¤â¤Î¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤ß¤¿¤¤¤Ç¤¹¤·¤Í¡£

¤³¤Î2Ëç¤Î¾ÚÌÀ½ñ¤¬¤µ¤é¤ËÉԲIJò¤Ê¤Î¤Ï¥·¥ê¥¢¥ëÈÖ¹æ¤ÇξÊý¤È¤â(0x0fffffff)¤ÇƱ¤¸ÃͤˤʤäƤ¤¤ë¤Ã¤Æ¤³¤È¤Ç¤¹¡£CA¸°¤¬Æ±¤¸¤Ã¤Æ¤¤¤¦¤Î¤â¥¢¥ì¤Ç¤¹¤¬¡¢Æ±¤¸¥·¥ê¥¢¥ëÈÖ¹æ¤Î°Û¤Ê¤ë¾ÚÌÀ½ñ¤òGTE CyberTrust¤Ïȯ¹Ô¤·¤¿¤Ã¤Æ»ö¤Ë¤Ê¤ë¤ï¤±¤Ç¤¹¤è¤Í¡£ÉáÄ̤Îǧ¾Ú¶É¤Ê¤é¹Í¤¨¤é¤ì¤Ê¤¤ÏäǤ¹¤·¡¢¥·¥ê¥¢¥ëÈÖ¹æ¤ò¤¢¤¨¤ÆƱ¤¸¤Ë¤¹¤ë°Õ¿Þ¤â¤è¤¯¤ï¤«¤ê¤Þ¤»¤ó¡£

¤µ¤é¤Ë¤Ï¡¢DigiNotar Cyber CA¾ÚÌÀ½ñ¤Îȯ¹Ô¼Ô¤ÏƱ¤¸FireFox¤ËÆþ¤Ã¤Æ¤¤¤ëGTE CyberTrust Global Root¤Ç¤Ï¤Ê¤¯¤Æ¡¢Mac OSX¤Ë¤ÏÆþ¤Ã¤Æ¤¤¤¿¥·¥ê¥¢¥ëÈÖ¹æ(0x01A5)¤ÎÊý¤ÎGTE CyberTrust Global Root ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¡£ ¤É¤Î¤è¤¦¤Ê¥±¡¼¥¹¤ÇDigiNotar Cyber CA¤Î¤è¤¦¤Ê°Ü¹Ôºö¤¬É¬ÍפÀ¤Ã¤¿¤Î¤«¡¢ ¤½¤â¤½¤â¥á¥ê¥Ã¥È¤¬¤ï¤«¤é¤Ê¤¤¤Î¤è¤¯¤ï¤«¤ê¤Þ¤»¤ó¡£¤µ¤¾¤«¤·Âç¿Í¤Î»ö¾ð¤¬¤¢¤Ã¤¿¤Î¤Ç¤·¤ç¤¦¡£

OCSP¤Î¸¡¾Ú·ë²Ì¤â¤Þ¤¿¤ï¤«¤é¤Ê¤¤

2Ëç¤Î¤¦¤Á¤É¤Á¤é¤¬»È¤ï¤ì¤Æ¤¤¤ë¤«¤ï¤«¤é¤Ê¤¤¤Ê¤¬¤é¤âDigiNotar Cyber CA¤Î¾ÚÌÀ½ñ¤Ï ¤È¤ê¤¢¤¨¤ºÆþ¼ê¤Ç¤­¤¿¤ï¤±¤Ç¤¹¡£ DigiNotar Cyber CA¤«¤éȯ¹Ô¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤¬°ìËç¤âÆþ¼ê¤Ç¤­¤Æ¤¤¤Ê¤¤¤Î¤Ç ¤³¤ì¤¬DigiNotar¤Î¶¦Ä̤ÎOCSP¥ì¥¹¥Ý¥ó¥À¤Ç¸¡¾Ú¤Ç¤­¤ë¤Î¤«¤Ï¤ï¤«¤é¤Ê¤¤¤Î¤Ç¤¹¤¬¡¢ ¤¢¤ë°ì¤Ä¤ÎÉÔÀµ¤Ê¾ÚÌÀ½ñ¤Î¥·¥ê¥¢¥ë¤ÈCyber CA¤Î¾ÚÌÀ½ñ¤Ë¤è¤ê¸¡¾Ú¤·¤Æ¤ß¤Þ¤¹¡£ ¤¹¤ë¤È2¤Ä¤ÎCA¤ÇÊ̤ηë²Ì¤¬Ê֤äƤ­¤Æ

DigiNotar Cyber CA (1ËçÌÜ)¤¬È¯¹Ô¼Ô¤À¤Ã¤¿¤È¤·¤¿»þ¤ÎOCSP±þÅú¡§
¡¡malformed-request(1)
DigiNotar Cyber CA (2ËçÌÜ)¤¬È¯¹Ô¼Ô¤À¤Ã¤¿¤È¤·¤¿»þ¤ÎOCSP±þÅú¡§
¡¡Cert Status: unknown
¡¡This Update: GeneralizedTime "00010101000000Z"
¡¡Next Update: GeneralizedTime "00010101000000Z"
GeneralizedTime¤È¤·¤Æ¤â¤Î¤¹¤´¤¤Ãͤ¬Ê֤äƤ­¤Þ¤·¤¿¡£ ¾¤Ë¤â¤³¤ÎOCSP¥ì¥¹¥Ý¥ó¥À¤Ïµ¿Ìä¤Ë»×¤¦¤È¤³¤í¤¬Â¿¡¹¤¢¤Ã¤Æ¡¢ DigiNotarÍѤ˥«¥¹¥¿¥à¤Ç¼ÂÁõ¤·¤¿¤â¤Î¤Î¤è¤¦¤Êµ¤¤¬¤·¤Æ¤¤¤Þ¤¹¡£

Ê֤äƤ­¤¿£²¤Ä¤ÎÃͤ«¤é¡¢ DigiNotar Cyber CA¤«¤éȯ¹Ô¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤Ï OCSP¼º¸ú¸¡¾Ú¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤¤¤È¹Í¤¨¤ë¤Î¤¬¼«Á³¤Ç¤·¤ç¤¦¤«¡£

¤Á¤Ê¤ß¤ËDigiNotar Cyber CA¤Îȯ¹Ô¤¹¤ëCRL¤Ï¡©

¤Á¤Ê¤ß¤ËDigiNotar Cyber CA¤¬È¯¹Ô¤¹¤ëCRL¤ÎURL¤Ï1ËçÌܤ¬È¯¹Ô¤·¤¿¤â¤Î¤Ï¸«¤Ä¤«¤Ã¤¿¤â¤Î¤Î2ËçÌܤ¬È¯¹Ô¤·¤¿Êý¤Ï¸«¤Ä¤«¤Ã¤Æ¤¤¤Ê¤¤¡£CRL¤Î¸¡¾Ú¤Ç¤Ï¸°¤è¤ê¤â¤à¤·¤íȯ¹Ô¼Ô¼±ÊÌ̾¤ÎÊý¤¬É¬ÍפʤΤǡ¢1ËçÌܤÈ2ËçÌܤÈƱ¤¸CA¸°¤Ç¤¢¤Ã¤¿¤È¤·¤Æ¤â¡¢¤½¤ÎCRL¤Ï1ËçÌܤÎÊý¤Ë¤·¤«»È¤¨¤Ê¤¤¤Ç¤¹¤è¤Í¡£

º£Æü¤Ï¤³¤ó¤Ê¤È¤³¤í¤Ç

GTE CyberTrust Global Root¤Îȯ¹Ô¤¹¤ëCRL(Äɵ­)

DigiNotar Cyber CA Ãæ´ÖCA¾ÚÌÀ½ñ¤ÏFireFox 3.6.22¤Î¿®Íꤹ¤ë CA¾ÚÌÀ½ñ¥ê¥¹¥È¤ËÆþ¤Ã¤Æ¤¤¤ë¤Î¤ÇGTE CyberTrust Global Root¤«¤é¤Î ¾ÚÌÀ½ñ¸¡¾Ú¤ò¤¹¤ëɬÍפâ¤Ê¤¤¤Ç¤¹¤¬¡¢DigiNotar Cyber CA¾ÚÌÀ½ñ¤Ë¤Ï CRLÇÛÉÛÅÀ¤â½ñ¤¤¤Æ¤¢¤ê¤Þ¤¹¤·¡¢ GTE CyberTrust Global Root¤Ïº£¤Ç¤âCRL¤òȯ¹Ô¤·¤Æ¤¤¤ë¤Î¤Ç ¼º¸ú¸¡¾Ú¤Ï¤Ç¤­¤Þ¤¹¡£¤½¤ÎCRL¤ò¤Á¤ç¤Ã¤È¤ß¤Æ¤ß¤ë¤È¡¢ ÂçÂÎ3¥ö·î¤ª¤­¤Ëȯ¹Ô¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç

thisUpdate: 2011.08.31
nextUpdate: 2011.12.03
¤È¤Ê¤Ã¤Æ¤ª¤êÅöÁ³DigiNotar Cyber CA¤Î2Ëç¤Î¾ÚÌÀ½ñ¤Î¥·¥ê¥¢¥ë 0x0fffffff¤Ïµ­ºÜ¤µ¤ì¤Æ¤ª¤é¤º¡¢DigiNotar Cyber CA¾ÚÌÀ½ñ¤¬ GTE CyberTrust¤«¤é¼º¸ú¤µ¤ì¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¡£

GTE CyberTrust Global Root¤ò¿®ÍêÅÀ¤È¤·¤Æ¸¡¾Ú¤·¤¿¾ì¹ç¡¢ ·ë¶É¡¢¼±ÊÌ̾¤Î¥Á¥§¡¼¥ó¤¬¤Ä¤Ê¤¬¤é¤Ê¤¤¤Î¤Ç¥Ñ¥¹¸¡¾Ú¼ºÇԤˤʤê¤Þ¤¹¤±¤É¤Í¡£

¹¹¿·ÍúÎò

  • 2011.09.11 - GTE CyberTrust¤ÎCRL¤Ë¤Ä¤¤¤ÆÄɵ­

RSA¥µ¥¤¥È¤Î¹¶·â¤Ë¤è¤ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥ÉSecurID¤Î±Æ¶Á¤òÁÛÁü¤·¤Æ¤ß¤ë

¥»¥­¥å¥ê¥Æ¥£´Ø·¸¤Ë¶½Ì£¤¬¤¢¤ëÊý¤Ï¸æ¸¤¸¤«¤È»×¤¤¤Þ¤¹¤¬RSA SecurID¤ÏÀ¤³¦¤ÇºÇ¤â»ÈÍѤµ¤ì¤Æ¤¤¤ë¤È»×¤¦(The Register¤Îµ­»ö¤Ç¤Ï4000Ëü¥æ¡¼¥¶¤È¤«¡©)¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¥È¡¼¥¯¥ó¤È¤¤¤¦Æ»¶ñ¤Ç¡¢Â礭¤Ê´ë¶È¤Î¥À¥¤¥¢¥ë¥¢¥Ã¥×¤äVPN¤Ê¤É¤Î¥í¥°¥¤¥ó¤ÎºÝ¤Ë¡¢ID¥Ñ¥¹¥ï¡¼¥É¤Î¾¤Ë60É䪤­¤Ëɽ¼¨¤µ¤ì¤ë6·å¤Î¿ô»ú(¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É)¤òÆþÎϤ¹¤ë¤³¤È¤Ë¤è¤ê¥ê¥â¡¼¥È¥í¥°¥¤¥ó¤Î¥»¥­¥å¥ê¥Æ¥£¶¯ÅÙ¤ò¶¯²½¤¹¤ë¤â¤Î¤Ç¤¹¡£¤Ä¤Þ¤ê¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤òÀ¸À®¤¹¤ëÆ»¶ñ¤ò¤â¤Ã¤Æ¤Ê¤¤¤È·ë¶É¥í¥°¥¤¥ó¤¬¤Ç¤­¤Ê¤¤»ö¤Ë¤Ê¤ê¤Þ¤¹¡£

¤³¤³¿ôÆüTwitter¤Î¥¿¥¤¥à¥é¥¤¥ó¤Ê¤É¤Ç¡ÖRSA¤Î¥¦¥§¥Ö¥µ¥¤¥È¤¬¹¶·â¤µ¤ìSecurID¤¬´í¤¦¤¤¡×¡¢¡ÖSecurID 40Ëü(?)¥¢¥«¥¦¥ó¥È¤¬Åð¤Þ¤ì¤¿¡×¡ÖRSA SecurID¤¬APT¹¶·â¤Ë¤è¤Ã¤ÆÀȼå¤Ë¤Ê¤Ã¤¿¡×¤ß¤¿¤¤¤Ê¤Ä¤Ö¤ä¤­¤¬Î®¤ì¤¿¤ê¥Ö¥í¥°¤Ç¾Ò²ð¤µ¤ì¤¿¤ê¤·¤Þ¤·¤¿¡£¤«¤Ê¡Á¤ê¸í²ò¤·¤Æ¤ë¤ó¤¸¤ã¤Ê¤¤¤Ê¤«¤Ê¤¡¤ÈÁÛÁü¤µ¤ì¤ëÀá¤â¤¢¤ë¤Î¤Ç¡¢¥Ö¥í¥°¤Ç½ñ¤¤¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

RSA SecurID¤Î»ÅÁȤß

¶áǯ¤³¤Î¤è¤¦¤Ê¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¤Î»ÅÁȤߤò ¥ª¡¼¥×¥óɸ½à²½¤·¤è¤¦¤È¤¤¤¦Æ°¤­¤¬¤¢¤ê Initiative for Open Authentication(OATH)¤È¤¤¤¦Ç§¾Ú¥Ù¥ó¥À¡¼¤Ë¤è¤ë ¶È³¦ÃÄÂΤÇɸ½à¤ÎºöÄ꤬¤Ê¤µ¤ì¤Æ¤ª¤êInformational RFC¤Ë¤â¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

RSA¤â¤½¤Î¥á¥ó¥Ð¡¼¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£»ÅÍͤˤϥµ¥ó¥×¥ë¥³¡¼¥É¤â¤Ä¤¤¤Æ¤¤¤Þ¤¹¤·¥¢¥ë¥´¥ê¥º¥à¤Ï¤¹¤°¤ï¤«¤ë¤È»×¤¤¤Þ¤¹¡£»ä¤â°ÊÁ°¤ËOATH»ÅÍͤΥï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥ÉÀ¸À®¥¢¥×¥ê¤òi¥¢¥×¥ê¡¢.NET¡¢Java¤Çºî¤Ã¤Æ¤ß¤Þ¤·¤¿¡£

RSA SecurID¤Î¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥ÉÀ¸À®¥¢¥ë¥´¥ê¥º¥à¤ÏRSA¼ÒÆȼ«¤Î¥×¥í¥×¥é¥¤¥¨¥¿¥ê¤Ê¤â¤Î¤Ç¤¹¤¬¡¢OATH¤Î»ÅÍͤò¸«¤Æ¤ß¤ì¤ÐÂçÏȤÏƱ¤¸»ÅÁȤߤÀ¤È»×¤¦¤Î¤ÇÀâÌÀ¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤Î»ÅÁȤߤÏǧ¾Ú¥µ¡¼¥Ð¡¼¤ÈÍøÍѼԤËÇۤ뤿¤¯¤µ¤ó¤Î¥È¡¼¥¯¥ó¤Ç¹½À®¤µ¤ì¤Þ¤¹¡£Ç§¾Ú¤¹¤ë¤¿¤á¤Ë¤ÏÁÐÊý¤¬Ï¢·È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¤±¤É¡¢ÊªÍýŪ¤ËʬΥ¤µ¤ì¤Æ¤ª¤ê¥±¡¼¥Ö¥ë¤Ç·Ò¤¤¤À¤ê̵Àþ¤ÇÄÌ¿®¤¹¤ë¤ï¤±¤Ç¤â¤Ê¤¤¤Î¤ÇÏ¢·È¤Î¹©Éפ¬É¬ÍפǤ¹¡£¤½¤Î¹©ÉפÎÊý¼°¤ËÂ礭¤¯2¼ïÎढ¤ê¤Þ¤¹¡£

  • »þ¹ïƱ´üÊý¼°¡§Ç§¾Ú¥µ¡¼¥Ð¡¼¤ÈÍøÍѼԤËÇÛ¤ë¥È¡¼¥¯¥ó¤¬¤½¤ì¤¾¤ì»ý¤Ã¤Æ¤¤¤ë»þ¹ï¤Ë¤è¤êƱ´ü¤¹¤ëÊý¼°
  • ¥¤¥Ù¥ó¥ÈƱ´üÊý¼°¡§Ç§¾Ú¥µ¡¼¥Ð¡¼¤ÈÍøÍѼԤËÇÛ¤ë¥È¡¼¥¯¥ó¤¬¤½¤ì¤¾¤ì»ý¤Ã¤Æ¤¤¤ë¥Ü¥¿¥ó¤ò²¡¤·¤¿²ó¿ô(¥¤¥Ù¥ó¥È)¤Ë¤è¤êƱ´ü¤¹¤ëÊý¼°

otp1

¸æ¸¤¸¤ÎÄ̤êRSA SecurID ¤Ï¥Ü¥¿¥ó¤ò²¡¤¹É¬ÍפΤʤ¤ÊØÍø¤Ê¤â¤Î¤Ç¡¢1ʬ¤ª¤­¤Ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤È¤Ê¤ë6·å¤Î¿ô»ú¤Îɽ¼¨¤¬¼«Æ°Åª¤ËÀÚ¤êÂؤï¤ë»þ¹ïƱ´üÊý¼°¤Ë¤è¤ë¤â¤Î¤Ç¤¹¡£¥È¡¼¥¯¥ó¤¬»ý¤Ã¤Æ¤¤¤ë»þ¹ï¤Ê¤É¤ò¸µ¤ËÆȼ«¤Î¥¢¥ë¥´¥ê¥º¥à¤Ç¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ÎÃͤò·×»»¤·É½¼¨¤·¤Þ¤¹¡£
otp2

¤¢¤ë¥¢¥ë¥´¥ê¥º¥à¤ÇÍøÍѼԤ¬½ê»ý¤¹¤ë¥È¡¼¥¯¥óËè¤ËÁÛÄꤵ¤ì¤ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ÎÃͤò·×»»¤¹¤ë¤ï¤±¤Ç¤¹¤¬¡¢¥È¡¼¥¯¥ó¤ò¶èÊ̤·¡¢¤Þ¤¿µ¶Â¤¤µ¤ì¤ë¤³¤È¤Î̵¤¤¤è¤¦¤ËƱ´üÍѤÎÃÍ(»þ¹ï¤Þ¤¿¤Ï¥¤¥Ù¥ó¥È)¤È¶¦Ä̸°(Shared Secret)¤ò¸µ¤Ë¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤òÀ¸À®¤·¤Æ¤¤¤ë¤È»×¤¤¤Þ¤¹¡£

º£²ó¤¦¤±¤¿¹¶·â¤Ï²¿¤Ê¤Î¤«¡©

RSA¤Î¥×¥ì¥¸¥Ç¥ó¥È¤Î¥¢¡¼¥È¥³¥Ó¥¨¥í»á¤Î¥Ë¥å¡¼¥¹¥ê¥ê¡¼¥¹¤Ç¹¶·â¤ò¼õ¤±¤¿»ö¼Â¤ò¥¢¥Ê¥¦¥ó¥¹¤·¤Æ¤¤¤Þ¤¹¡£ RSA¤Î¥µ¥¤¥È¤¬¼õ¤±¤¿¹¶·â¤ÏAPT(Advanced Persistent Threat)¹¶·â¤À¤È½ñ¤¤¤Æ¤¤¤Þ¤¹¤¬McAfee Blog¤Î²òÀâ¤äITÍѸ켭ŵ¤Ë ¤Ë¤¢¤ëÄ̤ꡢÆÃÊ̤ʹ¶·â¼êË¡¤Ç¤Ï¤Ê¤¯¡ÖRSA¤ËÂоݤòÆÃÄꤷ¤Æ¼¹Ù¹¤Ê¥¹¥Ñ¥¤¹Ô°Ù¡¢¹¶·â¹Ô°Ù¡×¤ò¤·¤¿¤È ¸À¤Ã¤Æ¤¤¤ë¤Ë¤¹¤®¤Þ¤»¤ó¡£

RSA SecurIDÍѤÎǧ¾Ú¥µ¡¼¥Ð¡¼(RSA Authentication Manager)¤¬¹¶·â¤ò¼õ¤±¤Æ¡¢²¿¤é¤«¤Î¾ðÊó¤¬Ï³¤¨¤¤¤·¤¿ ¤È¤¤¤Ã¤¿ÏäǤϤʤ¤¤Ç¤¹¡£

RSA¥µ¥¤¥È¤Î¹¶·â¤Ë¤è¤êϳ¤¨¤¤¤·¤¿¤â¤Î¤ÏRSA¼Ò¤Îµ¡Ì©¾ðÊóÁ´È̤ʤó¤À¤È»×¤¤¤Þ¤¹¤¬¡¢RSA SecurID¤Ë´Ø¤·¤Æ ϳ¤¨¤¤¤·¤Æº¤¤ë¤â¤Î¤Ï°Ê²¼¤Î2¼ïÎà¤À¤È»×¤¤¤Þ¤¹¡£

  • [¾ðÊó1] RSA SecurIDÍѤΥȡ¼¥¯¥ó¤Èǧ¾Ú¥µ¡¼¥Ð¡¼(RSA Authentication Manager/µìACE Server)¤ÎÀß·×¾ðÊó¡¢¥½¡¼¥¹¥³¡¼¥É¡¢Æȼ«¤Î¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥ÉÀ¸À®¥¢¥ë¥´¥ê¥º¥à¡¢»þ¹ïƱ´ü¤ÎÊý¼°¡¢Ç§¾Ú¥µ¡¼¥Ð¡¼¤ËÅÐÏ¿¤¹¤ë¥È¡¼¥¯¥ó¥ê¥¹¥È¾ðÊó(¥È¡¼¥¯¥óËè¤Î¶¦Ä̸°¤ò´Þ¤à)¤Î½èÍýÊýË¡¤Ê¤É¤ÎÀß·×¾ðÊó°ìÈÌ
  • [¾ðÊó2] À¤³¦Ãæ¤ËƳÆþ¤µ¤ì¤¿¤ªµÒÍͤÎǧ¾Ú¥µ¡¼¥Ð¡¼¤Ë¥¤¥ó¥Ý¡¼¥È¤¹¤ëRSA SecurID¤Îǧ¾Ú¥µ¡¼¥Ð¡¼¤ËÅÐÏ¿¤¹¤ë¥È¡¼¥¯¥ó¥ê¥¹¥È¾ðÊó(¥È¡¼¥¯¥óËè¤Î¶¦Ä̸°¤ò´Þ¤à)

RSA SecurID¤Ë´Ø¤¹¤ë¾ðÊó¤¬Ï³¤¨¤¤¤·¤¿¤È¤·¤Æ±Æ¶Á¤Ï¤É¤¦¤«

ϳ¤¨¤¤¤·¤¿¾ðÊó¤¬[¾ðÊó1]¤«[¾ðÊó2]¤Ê¤Î¤«¤Ë¤è¤Ã¤Æ±Æ¶Á¤Ï°Û¤Ê¤ê¤Þ¤¹¡£

ϳ¤¨¤¤¤·¤¿¤Î¤¬[¾ðÊó1]¤ÎÀß·×¾ðÊó¤Ç¤¢¤Ã¤¿¤È¤·¤¿¾ì¹ç¡¢¸ÜµÒ¤¬»ý¤Ã¤Æ¤¤¤ëSecurID¤Ë¤è¤ëǧ¾Ú¤¬¤¹¤°Àȼå¤Ë¤Ê¤ë¤È¤¤¤¦¤³¤È¤Ï̵¤¤¤È»×¤¤¤Þ¤¹¡£¸ÜµÒ¥·¥¹¥Æ¥à¤Î´ÉÍý¼Ô¤¬»ý¤Ã¤Æ¤¤¤ë¥È¡¼¥¯¥ó¥ê¥¹¥È¾ðÊ󤫤éÊ̤ε¶¥È¡¼¥¯¥ó¤äµ¶¥µ¡¼¥Ð¤òºî¤é¤ì¤È¤¤¤¦²ÄǽÀ­¤ÏÁ´¤¯¤Ê¤¤¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢¥³¥¹¥È¤Ï¤«¤«¤Ã¤Æ¤â¿·¤·¤¤¥È¡¼¥¯¥ó¤Îȯ¹Ô¤Ë¤è¤ê²óÈò¤Ç¤­¤Þ¤¹¤·¡¢Â¾¤ÎOATH¥Ù¡¼¥¹¤Î¥ª¡¼¥×¥ó»ÅÍͤΥȡ¼¥¯¥ó¤Ç¤â¾õ¶·¤ÏÊѤï¤é¤º¡¢¥¤¥ó¥Ý¡¼¥ÈÍѤΥѥ¹¥ï¡¼¥É¤ä¥ê¥¹¥È¤Î»ÅÁȤßÃΤäƤ¤¤ì¤Ðµ¶¥È¡¼¥¯¥ó¤òºî¤ì¤ë²ÄǽÀ­¤Ï¤¢¤ê¤Þ¤¹¡£Ï³¤¨¤¤¤Ë¤è¤êÀ½ÉÊÀß·×¾å¤Î·ç´Ù¤Ï¸«¤Ä¤«¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢¥·¥¹¥Æ¥à¤Î¥Ð¡¼¥¸¥ç¥ó¥¢¥Ã¥×¤Ë¤è¤ê²ò·è¤Ç¤­¤ëÌäÂê¤À¤È»×¤¤SecurID¤½¤Î¤â¤Î¤¬´íµ¡Åª¤Ê¾õÂ֤ˤ¢¤ë¤È¤Ï»×¤¨¤Þ¤»¤ó¡£

RSA SecurID¤Î¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥É¤ÎÀ¸À®¥¢¥ë¥´¥ê¥º¥à¤Ï¥×¥í¥×¥é¥¤¥¨¥¿¥ê¤Ç3DES¥Ù¡¼¥¹¤Î¤â¤Î¤À¤Ã¤¿¤È µ­²±¤·¤Æ¤¤¤Þ¤¹¤¬¡¢OATH¤Ç¤Ï¥¢¥ë¥´¥ê¥º¥à¤¢¥ª¡¼¥×¥ó¤Ç¤¹¤·¡¢¤½¤ì¼«ÂΤ¬Ï³¤¨¤¤¤·¸ø³«¤µ¤ì¤Æ¤·¤Þ¤Ã¤¿»ö¤Ç SecurID¤¬Àȼå¤Ë¤Ê¤ë¤³¤È¤Ï̵¤¤¤È»×¤¤¤Þ¤¹¡£¤à¤·¤í¡¢½é´ü¥»¥Ã¥È¥¢¥Ã¥×»þ¤Î¶¦Ä̸°¤ò¶¦Í­¤¹¤ë»ÅÁȤߤÎÊý¤¬ ½ÅÍפǤ·¤ç¤¦¡£¶¦Ä̸°¶¦Í­¤Î»ÅÁȤߤ¬Ï³¤ì¤¿¤È¤·¤Æ¤â¶¦Ä̸°¤¬Ï³¤ì¤Ê¤¤¤«¤®¤ê¡¢¤Þ¤¿¥¢¥ë¥´¥ê¥º¥à¤Î·ç´Ù¤¬¸«¤Ä¤«¤é¤Ê¤¤¸Â¤ê »È¤ï¤ì¤¿¶¦Ä̸°°Å¹æ¤äHMAC¤ÈƱÅù¤Î°Å¹æ¶¯Å٤ϼº¤ï¤ì¤ë¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£

¤¿¤À¡¢Êý¼°¤¬»þ¹ïƱ´üÊý¼°¤Ç¤¢¤ë¤¿¤á¤Ë¡¢µ¶¥È¡¼¥¯¥ó¤òºî¤Ã¤¿¾ì¹ç¤Ë½é²óƱ´ü¤¬¤·¤ä¤¹¤¤¤È¤¤¤¦»ÅÍ;å¤Î·çÅÀ¤Ï¤¢¤ë¤È»×¤¤¤Þ¤¹¡£¥¤¥Ù¥ó¥ÈƱ´üÊý¼°¤Ê¤é¤Ðǧ¾Ú¥µ¡¼¥Ð¡¼¤ÇÊÝ»ý¤·¤Æ¤¤¤ë¥È¡¼¥¯¥óËè¤Î¥«¥¦¥ó¥¿ÃͤÏÃΤê¤è¤¦¤â¤Ê¤¤¤Î¤Ç¡¢¿ô²ó¤Îǧ¾Ú¤Î¼ºÇԤθ奢¥«¥¦¥ó¥È¤¬¥í¥Ã¥¯¤µ¤ì¤Þ¤¹¡£»þ¹ïƱ´ü¤Î¾ì¹ç¤Ë¤Ï¸½ºß¤Î»þ¹ï¤ò¤â¤È¤Ë¥µ¡¼¥Ð¡¼¤Ç»ý¤Ã¤Æ¤¤¤ë»þ¹ïÃͤòÁÛÄê¤Ç¤­¤Þ¤¹¤«¤é¡¢¤½¤Î°ÕÌ£¤Ç¤ÏÌäÂ꤬¤¢¤ê¤Þ¤¹¡£

ϳ¤¨¤¤¤·¤¿¾ðÊó¤¬[¾ðÊó2]¤Î¾ì¹ç¡¢¤³¤ì¤Ï¸ÜµÒ¤Î¤¿¤á¤Îµ¡Ì©¾ðÊó¤¬Ï³¤¨¤¤¤·¤¿¤³¤È¤Ë¤Ê¤ë¤Î¤Ç¡¢¼Ò²ñŪÀÕǤ¤Ï½ÅÂç¤Ç¤¹¤¬¡¢[¾ðÊó1]¡¢[¾ðÊó2]¤È¥»¥Ã¥È¤Çή½Ð¤·¤Æ¤¤¤¿¤È¤·¤Æ¤â¡¢RSA SecurID¤Ï´ðËܤÏÆóÍ×ÁÇǧ¾ÚÀ½ÉʤʤΤǡ¢°ìÍ×ÁÇÌܤÎǧ¾Ú¤Ç¤¢¤ëID¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤Æ¤¤¤Þ¤¹¤·¡¢¤É¤ÎRSA SecurID¤Î¥È¡¼¥¯¥ó¤ò¤É¤ÎID¤Î¥æ¡¼¥¶¤¬ »È¤Ã¤Æ¤¤¤ë¤Î¤«¤¬¤ï¤«¤é¤Ê¤±¤ì¤Ð¡¢Ç§¾Ú¤Ë»È¤¦¤³¤È¤Ï¤Ç¤­¤Ê¤¤¤Î¤Ç±Æ¶Á¤Ï¸ÂÄêŪ¤Ê¤â¤Î¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£

¥³¥Ó¥¨¥í»á¤Î¥Ë¥å¡¼¥¹¥ê¥ê¡¼¥¹¤Ï²¿¤¬Ï³¤¨¤¤¤·¤¿¤Î¤«¡¢±Æ¶ÁÈϰϤϤɤ¦¤Ê¤Î¤«²¿¤âÀâÌÀ¤¹¤ë¤â¤Î¤Ç¤Ï¤Ê¤¤ ¤¿¤áÍøÍѼԤäƳÆþ¤ò¸¡Æ¤¤·¤Æ¤¤¤ë¿Í¡¢»ä¤Î¤è¤¦¤Ê¥Ë¥å¡¼¥¹¥ê¥ê¡¼¥¹¤ò¸«¤Æ¥Ö¥í¥°¤ò½ñ¤¤¤Æ¤¤¤ë¿Í¤Ï º®Í𤷤Ƥ¤¤ë¤È»×¤¤¤Þ¤¹¡£

´ö¤Ä¤«´ØÏ¢¤·¤¿¥Ö¥í¥°¤ä¥Ë¥å¡¼¥¹Æɤó¤ÀÃæ¤Ç¤Ï The Register¤ÎRSA breach leaks data for hacking SecurID tokens ¤Îµ­»ö¤¬Èæ³ÓŪÀµ³Î¤Ë¾ÜºÙ¤Ë»ö¼Â¤ò½Ò¤Ù¤Æ¤ª¤ê¡¢RSA¤Î¾ðÊó¸ø³«¤¬½½Ê¬¤Ç¤Ê¤¤¤³¤È¤ò ÈóÆñ¤¹¤ë¤è¤¦¤ÊÆâÍƤȤʤäƤ¤¤Þ¤¹¡£

RSA SecurID¤ÎÍøÍѸܵÒ¦¤Î´ÉÍýôÅö¼Ô¤Ë¤Ï»öÂÖ¤ÎÀâÌÀ¤Î¤¿¤á¤Î ¥Ó¥¸¥Í¥¹¥ì¥¿¡¼¤¬ÆϤ¤¤Æ¤ë¤ó¤Ç¤·¤ç¤¦¤«¡£ ¥»¥­¥å¥ê¥Æ¥£µ»½Ñ¼Ô¤äRSA SecurID¤ÎËöü¤ÎÍøÍѼԤⵤ¤Ë¤Ê¤ë¤È¤³¤í¤À¤È»×¤¦¤Î¤Ç ÁáµÞ¤Ë¾ðÊó¸ø³«¤ÈÂкö¤¬¤µ¤ì¤ë¤ÈÎɤ¤¤Ê¤¡¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£

¤³¤Î¥Ö¥í¥°¤Îµ­»ö¤ÏRSA¤Î¼Ò°÷¤Ç¤â´Ø·¸¼Ô¤Ç¤âÍøÍѼԤǤâ¤Ê¤¤»ä¤¬½ñ¤¤¤Æ¤¤¤Þ¤¹¡£ »ö¼Â¤Ë´Ö°ã¤¤¤Ê¤É¤¢¤ì¤Ð¤´»ØŦ¤¤¤¿¤À¤±¤ì¤Ð¤¢¤ê¤¬¤¿¤¤¤Ç¤¹¡£

¤¦¡Á¤à¡¢Å·µ¤¤ÎÎɤ¤¤¢¤¿¤¿¤«¤¤ÅÚÍˤÎÄ«¤Ë²¿¤ä¤Ã¤Æ¤ó¤À¤í¡¢¡¢¡¢¥ª¥ì¡¢¡¢¡¢¡¢
¤Ç¤Ï¤Ç¤Ï

Black Hat:SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñÃæ¤ÎCN¤ÎOID½èÍýÉÔ¶ñ¹ç¤òÆͤ¤¤¿¹¶·â(³¤­1)

Á°²ó¤Ï¡¢BlackHat¤Ç¾Ò²ð¤µ¤ì¤¿SSL¥µ¡¼¥Ð¡¼¾ÚÌÀ½ñ¤ÎÂоݥۥ¹¥È̾¤ò³ÊǼ¤¹¤ëCN(common name)°À­¤Î½èÍý¤ÎÉÔ¶ñ¹ç¤òÆͤ¤¤¿ÀȼåÀ­¤Ë¤Ä¤¤¤Æ¾Ò²ð¤·¤Þ¤·¤¿¡£

º£Æü¤Ï¡¢¼ÂºÝ¤Ë¥Æ¥¹¥È¥µ¡¼¥Ð¡¼¤òΩ¤Á¾å¤²¤Æ¥Ö¥é¥¦¥¶¤ÇÀܳ¤¹¤ë¤È¤É¤¦¤Ê¤ë¤Î¤«»î¤·¤Æ¤ß¤Þ¤¹¡£

Challenge PKI Test Suite(²þ)¤Îµ¡Ç½ÄɲÃ


¼ê»ý¤Á¤Î¾õÂÖ¤ÎTest Suite¤Ç¤Ï¡¢¾ÚÌÀ½ñ¼±ÊÌ̾¤Î¥ª¥Ö¥¸¥§¥¯¥È¼±Ê̻ҤˤĤ¤¤Æ
(1) ¥ª¥Ö¥¸¥§¥¯¥È¼±Ê̻ҤΥµ¥Ö¼±Ê̻ҤÇÂ礭¤ÊÀ°¿ô¤ò»ØÄꤹ¤ë¤È·å¤¬°î¤ì¤ë(µ¡ÃΤΥХ°)
(2) X.690¤Ë°ãÈ¿¤·¤Æ0x80¤Ç¥Ñ¥Ç¥£¥ó¥°¤·¤Æ¥¨¥ó¥³¡¼¥É¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£
¤È¤¤¤Ã¤¿¾õÂ֤Ǥ·¤¿¡£
RDN¤Î°À­¥¿¥¤¥×¤òɽ¤¹ÊýË¡¤È¤·¤Æ°Ê²¼¤Î¥µ¥Ý¡¼¥È¤òÄɲ䷤ơ¢¥Æ¥¹¥È¥³¡¼¥É¤òÄɲä·¤Þ¤·¤¿¡£
(1) CN, OU, O, C, serialNumber¤Ê¤É°À­¥¿¥¤¥×¤ò̾Á°¤Ç»ØÄê¤Ç¤­¤ë¡£(¸½¹Ô)
(2) 1.2.3.4 ¤Î¤è¤¦¤Ë½½¿Ê¥«¥ó¥Þ¶èÀÚ¤ê¤ÇOID¤ò»ØÄê¤Ç¤­¤ë¡£(¸½¹Ô¡¢·å°î¤ì¤Î¥Ð¥°)
(3) #550403 ¤Î¤è¤¦¤Ë16¿Ê¿ô¤Ç°À­¥¿¥¤¥×¤ò»ØÄê¤Ç¤­¤ë¡£(µ¡Ç½ÄɲÃ)

¾ÚÌÀ½ñ¤ÎÀ¸À®


SSL¥µ¡¼¥Ð¡¼¤Î¥Û¥¹¥È̾¤Ë°Ê²¼¤Î2¤Ä¤ò²¾Äꤷ¤Æȯ¹Ô¤·¤Þ¤¹¡£
CN=www.evil3.jp: °­°Õ¤Î¤¢¤ë¹¶·â¼Ô¤¬ËÜÅö¤Ë½ê»ý¤·¤Æ¤¤¤ë¥É¥á¥¤¥ó¤Î¥Û¥¹¥È
CN'=www.good-bank.com: º¾µ½ÂоݤΥۥ¹¥È


ËÜÍè¤Ê¤é¤ÐCN(2.5.4.3=0x550403)¤Ç¤¢¤ë¤è¤¦¤ÊOID¤ò¡¢ñÙ¤¹¤¿¤á¤Î¥Ë¥»¤ÎCN(CN')¤Îºî¤êÊý¤È¤·¤Æ¤Ï°Ê²¼¤Î2¤Ä¤Ç¹Ô¤¤¤Þ¤¹¡£

(1) ËöÈø"3"¤òX.690¤Ë°ãÈ¿¤·¤Æ0x80(Ê£¿ô²Ä)¤Ç¥Ñ¥Ç¥£¥ó¥°¤¹¤ë(0x05048003)
(2) ËöÈø"3"¤ò64bitÀ°¿ô¤Ç·å¤¢¤Õ¤ì¤·¤¿¸å"3"¤È¤Ê¤ëÃͤȤ¹¤ë¡£

ÊýË¡(2)¤Ë¤Ä¤¤¤Æ¤Ï¡¢·å°î¤ì¤¹¤ë¿ô¤ò"0x010000000000000003"(9¥Ð¥¤¥È)¤È¤·¤Æ¡¢¤³¤ì¤ò¥Ó¥Ã¥Èɽ¸½¤Ë¤·ËöÈø¤è¤ê7¥Ó¥Ã¥È¤Çʬ³ä¤·¤Æ¤³¤ì¤ò¥Ð¥¤¥È¤È¤·¡¢ËöÈø¤ò½ü¤­8¥Ó¥Ã¥ÈÌܤò1¤È¤·¡¢"2.5.4."¤ÎÉôʬ¤òÏ¢·ë¤¹¤ë¤È¡¢0x82808080808080808003¤È¤Ê¤ê¤Þ¤¹¡£

OpenSSL 0.9.8k¤Ç¤Ï¤É¤¦¸«¤¨¤ë¡©


OpenSSL¤Î¥³¥Þ¥ó¥É¤Ç¤Ï¤É¤Î¤è¤¦¤Ë¾ÚÌÀ½ñ¤Î¼±ÊÌ̾¤¬É½¼¨¤µ¤ì¤ë¤Î¤«³Îǧ¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£

¢£¥³¥Þ¥ó¥É
% openssl x509 -in ¾ÚÌÀ½ñ -noout -text
¢£OIDËöÈø"3"¤¬0x8003¤Î¾ì¹ç(X.690°ãÈ¿¤Î¥¼¥í¥Ñ¥Ç¥£¥ó¥°)
Subject: C=JP, O=Evil-CN-OID, CN=www.evil3.jp/2.5.4.3=www.good-bank.com
¢£OIDËöÈø"3"¤¬0x82808080808080808003(64bitÀ°¿ô·å°î¤ì)
Subject: C=JP, O=Evil-CN-OID, CN=www.evil3.jp/2.5.4.18446744073709551619=www.good-bank.com


CN¥â¥É¥­¤Ï¤Á¤ã¤ó¤È¶èÊ̤·¤Æɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£CN¤Ï2.5.4.3¤Ê¤ó¤Ç¤¹¤¬¡¢0x80¥Ñ¥Ç¥£¥ó¥°¤µ¤ì¤¿¤â¤Î¤È¤Ï¤­¤Á¤ó¤È¶èÊ̤·¤Æ¤¤¤Þ¤¹¡£(18446744073709551619¤Ï0x010000000000000003¤Î10¿Ê¿ôɽ¸½¤Ç¤¹¡£)

dumpasn1¤Ç¤Îɽ¼¨


¢£ËÜʪ¤ÎCN(common name)¤Îɽ¼¨
SEQUENCE {
#06 03 55 04 03
OBJECT IDENTIFIER commonName (2 5 4 3)
#13 0C 77 77 77 2E 65 76 69 6C 33 2E 6A 70
PrintableString 'www.evil3.jp'
}

¢£¥Ë¥»¤ÎCN­¡(X.690°ãÈ¿¤Î0x80¥Ñ¥Ç¥£¥ó¥°)
SEQUENCE {
#06 04 55 04 80 03
OBJECT IDENTIFIER '2 5 4 3'
#13 11 77 77 77 2E 67 6F 6F 64 2D 62 61 6E 6B 2E 63 6F 6D
PrintableString 'www.good-bank.com'
}

¢£¥Ë¥»¤ÎCN­¢(64¥Ó¥Ã¥ÈÀ°¿ô·å°î¤ì)
SEQUENCE {
#06 0C 55 04 82 80 80 80 80 80 80 80 80 03
OBJECT IDENTIFIER '2 5 4 3'
#13 11 77 77 77 2E 67 6F 6F 64 2D 62 61 6E 6B 2E 63 6F 6D
PrintableString 'www.good-bank.com'
}


­¡¤â­¢¤âɽ¼¨¾å¤ÏËÜÅö¤ÎCN¤È¶èÊ̤Ǥ­¤Æ¤¤¤Þ¤¹¡£¤·¤«¤·¤Ê¤¬¤é­¢¤Ç¤Ï¡¢OBJECT IDENTIFIER '2 5 4 3'¤È¤Ê¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤ª¤ê¡¢À°¿ô¤Î·å°î¤ì¤¬µ¯¤­¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£

¤Þ¤º¤ÏÀµ¼°¤Ê(°­¤¤¿Í¤Î)URL¤ËÀܳ


cnoid01

¤Á¤ã¤ó¤ÈÀµ¤·¤¯SSLÀܳ¤Ç¤­¤Æ¤Þ¤¹¤ó¤Ç¡¢¤³¤ì¤ÏÌäÂê̵¤·¡£

FireFox 3.5.2¤Ç¥Ë¥»CN¤Î¥Û¥¹¥È¤ËÀܳ


¤½¤ì¤Ç¤Ï¡¢¼¡¤ËX.690¤Ë°ãÈ¿¤·¤Æ0x80¤Ç¥Ñ¥Ç¥£¥ó¥°¤·¤Æ¤¢¤ë¥Ë¥»CN¤ÎURL "https://www.good-bank.com/" ¤ËÀܳ¤·¤Æ¤ß¤Þ¤¹¡£
cnoid02-ff35-err-yellow

¤ª¤ª¡¢¤Á¤ã¤ó¤È·Ù¹ð½Ð¤Þ¤¹¤Í¡£¥¨¥é¥¤¡£
cnoid02-ff35-dlg

¤ª¤ª¡¢¤Á¤ã¤ó¤È¥À¥¤¥¢¥í¥°¤Þ¤Ç¡¢¡¢¡¢¥á¥Ã¥»¡¼¥¸¤Ë¤â±³¤¬Ìµ¤¯¤Æ¹¥´¶¤¬»ý¤Æ¤Þ¤¹¡£¤Á¤Ê¤ß¤Ë¾ÚÌÀ½ñ¤Ï¤³¤ó¤Ê´¶¤¸¤Çɽ¼¨¤µ¤ì¤Þ¤¹¡£
cnoid03-ff35-crtdlg

cnoid04-ff35-crtdlg

¥Ë¥»CN¤Ë¤Ä¤¤¤Æ¡¢Ê¸»ú²½¤±¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢¤Þ¤¡¡¢²ø¤·¤¤¤È¤ï¤«¤ê¤Þ¤¹¡£

64bitÀ°¿ô·å¤¢¤Õ¤ì¤¹¤ë¾ì¹ç¤Ç¤â¡¢É½¼¨¤ÏƱ¤¸¤À¤Ã¤¿¤Î¤Ç¡¢¥­¥ã¥×¥Á¥ã¤Ï³ä°¦¤·¤Þ¤¹¡£

Internet Explorer 8¤Ç¥Ë¥»CN¤Î¥Û¥¹¥È¤ËÀܳ


Àè½µ¤¢¤¿¤ê¤ËWindows Update¤·¤¿¡¢¤Û¤ÜºÇ¿·¤À¤È»×¤¦IE8¤Ç¥Ë¥»CN¤ÎURL¤ËÀܳ¤·¤Æ¤ß¤Þ¤·¤¿¡£
cnoid06-ie8-goodbank

°ìÀÚ·Ù¹ð¤Ê¤¯¥Ë¥»CN¤Î¥µ¥¤¥È¤ËÀܳ¤Ç¤­¤Æ¤·¤Þ¤¤¤Þ¤¹¤Í¡£
cnoid07

¾ÚÌÀ½ñ¥À¥¤¥¢¥í¥°¤Ç´Ñ¤Æ¤ß¤ë¤ÈX.690°ãÈ¿¤Î0x80¥Ñ¥Ç¥£¥ó¥°¤Ç¤âÀ°¿ô·å°î¤ì¤Ç¤âɽ¼¨¾å¤ÏCN(common name)¤Ç¤¢¤ë¤È¤·¤Æɽ¼¨¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤¹¡£

Google Chrome 2¤Ç¥Ë¥»CN¥µ¥¤¥È¤ËÀܳ


º£Æü¤Î»þÅÀ¤ÇºÇ¿·¤À¤È»×¤¦Google Chrome 2.0.172.43¤ÇƱÍͤËÀܳ¤·¤Æ¤ß¤Þ¤·¤¿¡£
cnoid09

¤³¤Á¤é¤â·Ù¹ð¤Ê¤¯Àܳ¤Ç¤­¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
cnoid10

¾ÚÌÀ½ñ¤âwww.good-bank.comÍѤÇÌäÂê¤Ê¤¤¤³¤È¤Ë¤Ê¤Ã¤Á¤ã¤Ã¤Æ¤Þ¤¹¤Í¡£

Opera 9.5¤ÇÀܳ


¤³¤Î¾¤ËOpera for Windows 9.50 build10063¤Ç¤â»î¤·¤Æ¤ß¤¿¤ó¤Ç¤¹¤¬¡¢Opera¼«ÂΤ¬DNS¤Ç°ú¤±¤Ê¤¤¥Û¥¹¥È¤Ïɽ¼¨¤¬¤Ç¤­¤Ê¤¤¤è¤¦¤Êµ¤¤¬¤¹¤ë¤ó¤Ç¤¹(¥í¡¼¥«¥ëPC¤Îhttp://192.168.1.133/Åù¤Ç¤âÀܳÉÔǽ)¡£¤½¤Î¤¿¤á¥Æ¥¹¥È¤Ç¤­¤Þ¤»¤ó¤Ç¤·¤¿¡£
cnoid-opera-01

¤È¡¢¡¢¡¢»×¤Ã¤¿¤éñ¤Ë;·×¤Ê¥×¥í¥­¥·¤¬ÀßÄꤵ¤ì¤Æ¤¤¤¿¤À¤±¤Ç¤·¤¿¡£¤¹¤ß¤Þ¤»¤ó¡£µ¿¤Ã¤Æ¥´¥á¥ó¥è¡£µ¤¤ò¼è¤êľ¤·¤ÆÀܳ¤·¤Æ¤ß¤Þ¤¹¡£¤Þ¤º¤Ï¡¢(²ø¤·¤¤¤±¤É)Àµ¤·¤¤HTTPSÀܳ¡£
cnoid-opera-02

¤Þ¤¡¡¢°ÂÁ´¤Ç¤¹(¾Ð)¡£
cnoid-opera-03


¼¡¤Ë¥Ë¥»CN¤Î¥µ¥¤¥È¤ËÀܳ¤·¤Æ¤ß¤Þ¤¹¡£
cnoid-opera-04

cnoid-opera-05

¤Á¤ã¤ó¤È¿ÆÀڤʷٹ𤬤Ǥޤ¹¡£¤â¤¦¤Á¤ç¤Ã¤È¿§¤¬ÊѤï¤Ã¤¿¤ê¥¤¥ó¥Ñ¥¯¥È¤¬¤¢¤ë·Ù¹ð¤À¤È¤¤¤¤¤ó¤Ç¤¹¤±¤É¤Í¡£

¤³¤ì¤â¡¢¤É¤Ã¤Á¤Î¥Ë¥»CN¤Ç¤â·ë²Ì¤ÏƱ¤¸¤Ç¤·¤¿¡£

Opera¤ÎºÇ¿·ÈǤϸ½»þÅÀ¤Ç9.64¤À¤½¤¦¤Ç¡¢¤Á¤ç¤Ã¤È¸Å¤¤¤ä¤Ä¤Ç¤¹¤¬¡¢¥Ë¥»CN OIDÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¤Á¤ã¤ó¤ÈÂбþ¤µ¤ì¤Æ¤¤¤ë¤Ã¤Æ¤³¤È¤Ç¡¢¡¢¡¢

ruby + httpclient2


ruby¤Èhttpclient2¤Î¥â¥¸¥å¡¼¥ë¤Ç¤â»î¤·¤Æ¤ß¤Þ¤·¤¿¡£OpenSSL¥Ù¡¼¥¹¤Ç¤¹¤¬¡¢¥Ë¥»CN¥µ¥¤¥È¤ËÀܳ¤¹¤ë¤È¤Á¤ã¤ó¤È¥¨¥é¡¼¤Ë¤Ê¤Ã¤Æ¤¯¤ì¤Þ¤¹¡£
/usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check': hostname was not match with the server certificate (OpenSSL::SSL::SSLError)


°Ê¾å¡¢¤³¤ó¤Ê´¶¤¸¤Ç¼Â¸³Êó¹ð¤Ç¤·¤¿¡£

¤Ç¤Ï¤Ç¤Ï

¢¨Ãí°Õ¡§¤³¤Îµ­»ö¤Î¥¦¥£¥ó¥É¥¦¥­¥ã¥×¥Á¥ã²èÁü¤Ï¡¢Í¾·×¤ÊÉôʬ¡¢¶õÇò¤Ê¤É¤ò½ü¤¯¤¿¤á¤Ë¥È¥ê¥ß¥ó¥°¤·¤¿¤ê¡¢¶õÇò¤Îºï½üÅù¤Î²Ã¹©¤ò¤·¤Æ¤¤¤Þ¤¹¡£

´ØÏ¢µ­»ö



OpenSSL0.9.8[hij]¤ÎCMS½ð̾¸¡¾Ú¤ÎÀȼåÀ­

ISS X-Force Database: openssl-cmsverify-security-bypass(49432): OpenSSL CMS_verify() function security bypass
OpenSSL could allow a remote attacker to bypass security restrictions, caused by an error in the CMS_verify() function when handling error conditions. An attacker could exploit this vulnerability using malformed signed attributes containing invalid signed attributes to bypass content digest checks.


2009ǯ3·î25Æüº¢¡¢OpenSSL 0.9.8¤Îh¡¢i¡¢j¤Î3À¤Âå¤Î¥Þ¥¤¥Ê¡¼¥Ð¡¼¥¸¥ç¥ó¤ÎCMS½ð̾¤Î¸¡¾Ú¤ËÀȼåÀ­¤¬¤¢¤Ã¤¿ÌäÂ꤬Êó¹ð¤µ¤ì¡¢ÌäÂ꽤Àµ¤µ¤ì¤¿¤½¤¦¤Ç¤¹¤Í¡£

¡¦OpenSSL 0.9.8h (2008.05.28) ¡ßÀȼå
¡¦OpenSSL 0.9.8i (2008.09.15) ¡ßÀȼå
¡¦OpenSSL 0.9.8j (2009.01.07) ¡ßÀȼå
¡¦OpenSSL 0.9.8k (2009.03.25) ¡ûÌäÂ꽤Àµ

OpenSSL¤Ï¤¤¤í¤¤¤í¤ÊÀ½Éʤˤâ»È¤ï¤ì¤Æ¤¤¤Æ¡¢ÈÆÍѤνð̾¥¢¥×¥ê¡¢S/MIME½ð̾¥á¡¼¥ë¤äCAdESĹ´ü½ð̾¤Î¥Ù¡¼¥¹¤È¤·¤Æ¤³¤ì¤¬»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤â¤¢¤ë¤Î¤Ç¡¢¤Þ¤¡¡¢¤½¤ì¤Ê¤ê¤Ë±Æ¶Á¤¬¤¢¤ê¤Þ¤¹¡£

º£Æü¤ÏͼÊý²Ë¤À¤Ã¤¿¤Î¤Ç¡¢²¿¤¬ÌäÂê¤À¤Ã¤¿¤Î¤«¤Á¤ç¤Ã¤È¸«¤Æ¤ß¤Þ¤·¤¿¡£ÌäÂê¤Î¥³¡¼¥É¤Ï "crypto/cms/cms_smime.c" ¤Î CMS_verify() ´Ø¿ô¤Ê¤ó¤À¤½¤¦¤Ê¤ó¤Ç¤¹¤¬¡¢½¤Àµ¤µ¤ì¤¿¤Î¤Ï¾ò·ï¼°¤¬ "!" ¤« "<=" ¤«¤À¤±¤Î°ã¤¤¤Ç¤¹¡£


crypto/cms/cms_smime.c 428¹ÔÌÜ
¡ß½¤ÀµÁ°¡§if (!CMS_SignerInfo_verify_content(si, cmsbio))
¡û½¤Àµ¸å¡§if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)


CMS_SignerInfo_verify_content()´Ø¿ô¤Ï "crypto/cms/cms_sd.c" ¤ÇÄêµÁ¤µ¤ì¤Æ¤ª¤ê¡¢½ð̾ÂоÝʸ½ñ¤È¤Ê¤ëencapContentInfoÃæ¤ÎeContent¤È½ð̾¾ðÊóSignerInfo¤ËÂФ·¤Æ

¡¦SignerInfo¤Ë½ð̾°À­¤¢¤ì¤ÐMessageDigest°À­Ãæ¤Î¥Ï¥Ã¥·¥åÃͤÈ
¡¡¡¡eContent¤«¤é·×»»¤µ¤ì¤¿¥Ï¥Ã¥·¥åÃͤ¬°ìÃפ¹¤ë¤«
¡¦SignerInfo¤Ë½ð̾°À­¤¬Ìµ¤±¤ì¤ÐeContent¤ËÂФ¹¤ë½ð̾Ãͤ¬°ìÃפ¹¤ë¤«

¸¡¾Ú¤¹¤ë´Ø¿ô¤Ç¤¹¡£

¤Ç¤Ï¡¢CMS_SignerInfo_verify_content()´Ø¿ô¤ÎÌá¤êÃͤϤɤ¦¤Ê¤Î¤«¤òÄ´¤Ù¤Æ¤ß¤Þ¤¹¤È¡¢

Ìá¤êÃÍ "1" ¤Î¾ì¹ç(½ð̾ÂоÝʸ½ñeContent¤Î¥Ï¥Ã¥·¥å/½ð̾°ìÃ×)¡§
¡¦MessageDigest°À­¤¬¤¢¤êeContent¤Î¥Ï¥Ã¥·¥åÃͤȰìÃפ¹¤ë¾ì¹ç
¡¦½ð̾°À­¤¬¤Ê¤¯eContent¤Î½ð̾Ãͤ¬signature¥Õ¥£¡¼¥ë¥É¤È°ìÃפ¹¤ë¾ì¹ç

Ìá¤êÃÍ "0" ¤Î¾ì¹ç(½ð̾ÂоÝʸ½ñeContent¤Î¥Ï¥Ã¥·¥å/½ð̾ÉÔ°ìÃ×¥¨¥é¡¼)¡§
¡¦MessageDigest°À­¤¬¤¢¤ê¥Ï¥Ã¥·¥åĹ°ìÃפÀ¤¬¥Ï¥Ã¥·¥åÃͤ¬ÉÔ°ìÃפξì¹ç
¡¦½ð̾°À­¤¬¤Ê¤¯eContent¤Î½ð̾Ãͤ¬signature¥Õ¥£¡¼¥ë¥É¤ÈÉÔ°ìÃפξì¹ç

Ìá¤êÃÍ "-1" ¤Î¾ì¹ç(¤½¤Î¾¤Î¥¨¥é¡¼)¡§
¡¦½ð̾°À­¥Õ¥£¡¼¥ë¥É¤¬¤¢¤ë¤Î¤ËMessageDigest°À­¤¬¤Ê¤¤¾ì¹ç
¡¦SignerInfo¤ÎdigestAlgorithm¤Î¥¢¥ë¥´¥ê¥º¥à¤¬ÉÔÌÀ¤Ê¤É
¡¡¥Ï¥Ã¥·¥å·×»»¥³¥ó¥Æ¥­¥¹¥È¤Î½é´ü²½¤Ë¼ºÇÔ¤·¤¿¾ì¹ç
¡¦MessageDigest°À­¤¬¤¢¤êeContent¤«¤é¤Î¥Ï¥Ã¥·¥åÃÍ·×»»¤Ë¼ºÇÔ¤·¤¿¾ì¹ç
¡¦MessageDigest°À­¤¬¤¢¤ê¤½¤Î°À­Ãͤȷ׻»·ë²Ì¤Î¥Ï¥Ã¥·¥å¤È·ë²ÌŤ¬ÉÔ°ìÃ×

¤Ê¤è¤¦¤Ç¤¹¡£¤Ç¡¢ÌäÂê¤Î¤¢¤ë OpenSSL 0.9.8 h¡Áj ¤Ç¤Ï¥¨¥é¡¼¥±¡¼¥¹¤Ç¤¢¤ëÌá¤êÃÍ"-1"¤Î¾ì¹ç¤Ç¤â¡¢(! 1)==0¤ÈƱ¤¸¤¯(! -1)==0¤Ç¤¢¤ê¤ã¤ê¤ã¥¹¥ë¡¼¤Ã¤È½ð̾¸¡¾ÚÀ®¸ù¥Ð¥Ã¥Á¥êOK¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤è¤¦¤Ç¡¢

¡¦½ð̾ÂоÝʸ½ñ(eContent)¤È¥Ï¥Ã¥·¥åÃͤ¬ÉÔ°ìÃפÀ¤í¤¦¤¬
¡¦¤ï¤¶¤ÈÃΤé¤Ê¤½¤¦¤Ê¥Þ¥¤¥Ê¡¼¤Ê¥¢¥ë¥´¥ê¥º¥à¤òdigestAlgorithm¤òÀßÄꤷ¤Æ¤ä¤ì¤Ð

CMS½ð̾¸¡¾ÚOK¤È¤Ç¤­¤¿¤è¤¦¤Ç¤¹¡£

½ð̾ÂоÝʸ½ñ(eContent)¤È°ìÃ׳Îǧ¤ò¤·¤Æ¤¤¤Ê¤¤¤Î¤Ï¡¢¤«¤Ê¤ê¥Þ¥º¡¼¤Ç¤·¤¿¤Í¡¢¡¢¡¢¡Ê¡°¡°¡¨¤³¤¦¤¤¤¦¥·¥ç¥Ü¥¤´Ö°ã¤¤¤·¤Á¤ã¤¦¤Î¤â¡¢Ìá¤êÃͤȤ«´Ø¿ô¤ÎÀâÌÀ¤È¤«¥³¥á¥ó¥È¤òÁ´¤¯½ñ¤«¤Ê¤¤¤»¤¤¤Ê¤ó¤¸¤ã¤Ê¤¤¤«¤È»×¤Ã¤Æ¤ë¤ó¤Ç¤¹¤¬¤É¤¦¤Ç¤·¤ç¤¦¤«¡¢¡¢¡¢¡¢

¡ã¥ê¥ó¥¯¡ä
¡¦OpenSSL Security Advisory [25-Mar-2009]
ºÇ¿·µ­»ö
Categories
Archives
Twitter
µ­»öGoogle¸¡º÷

ËÜ¥Ö¥í¥°Æâ¤òGoogle¸¡º÷
Yahoo!¥¢¥¯¥»¥¹²òÀÏ
Travel Advisor
µ­»ö¸¡º÷
QR¥³¡¼¥É
QR¥³¡¼¥É
  • ¥é¥¤¥Ö¥É¥¢¥Ö¥í¥°