SSL/TLSæå·åéä¿¡ãšã¯äœã§ããïŒ
SSL/TLSæå·åéä¿¡ã¯ãã€ã³ã¿ãŒãããäžã§ã®ããŒã¿éä¿¡ãä¿è·ããããã®ãããã³ã«ã§ãã
SSLïŒSecure Sockets LayerïŒãšTLSïŒTransport Layer SecurityïŒã¯ãã»ãã¥ã¢ãªéä¿¡ã確ç«ããããŒã¿ã®çèŽãæ¹ããããä¿è·ããããã«äœ¿çšãããŸãã
SSL/TLSæå·åéä¿¡ã®æŠèŠ
SSL/TLSæå·åéä¿¡ã§ã¯ãã¯ã©ã€ã¢ã³ãïŒãŠã§ããã©ãŠã¶ïŒãšãµãŒããŒïŒãŠã§ããµã€ãïŒã®éã§ç§å¯éµãšå
¬ééµã®çµã¿åããã䜿çšãããŸãã
以äžã«ãéä¿¡ã®æé ã瀺ããŸãã
- ã¯ã©ã€ã¢ã³ãããµãŒããŒã«æ¥ç¶èŠæ±ãéä¿¡ããŸãã
- ãµãŒããŒã¯å
¬ééµãã¯ã©ã€ã¢ã³ãã«éä¿¡ããŸãã
- ã¯ã©ã€ã¢ã³ãã¯å
¬ééµã䜿çšããŠã»ãã·ã§ã³éµãšåŒã°ããäžæçãªéµãçæãããµãŒããŒã«éä¿¡ããŸãã
- ãµãŒããŒã¯ã»ãã·ã§ã³éµã§ããŒã¿ã®æå·åãè¡ããã¯ã©ã€ã¢ã³ãã«éä¿¡ããŸãã
- ã¯ã©ã€ã¢ã³ãã¯åãåã£ãæå·åãããããŒã¿ãã»ãã·ã§ã³éµã§åŸ©å·åããŠå©çšããŸãã
SSL/TLSæå·åéä¿¡ã®å©ç¹
- ãã©ã€ãã·ãŒä¿è·: SSL/TLSæå·åéä¿¡ã¯ãããŒã¿ãæå·åããããšã§ãããŒã¿ã®çèŽãæ¹ããããä¿è·ããŸãã
å人æ
å ±ãã¯ã¬ãžããã«ãŒãæ
å ±ãªã©ã®æ©å¯ããŒã¿ãéä¿¡ããéã«ç¹ã«éèŠã§ãã
- ãµã€ãä¿¡é Œæ§ã®åäž: ãŠã§ããµã€ããSSL/TLSæå·åéä¿¡ã䜿çšããŠããããšã瀺ãããã«ããŠã§ããã©ãŠã¶äžã§è¡šç€ºããããhttpsãã®è¡šç€ºãšãããã¯ã¢ã€ã³ã³ã衚瀺ãããŸãã
ããã«ããããŠãŒã¶ãŒã¯å®å
šãªãµã€ãã§ããããšãå€æãããããªããŸãã
- SEOãžã®åœ±é¿: Googleãªã©ã®æ€çŽ¢ãšã³ãžã³ã¯ãSSL/TLSæå·åéä¿¡ã䜿çšãããŠã§ããµã€ããæ€çŽ¢çµæã§åªå
çã«è¡šç€ºããåŸåããããŸãã
ã€ãŸããæå·åéä¿¡ã䜿çšããããšã§ãµã€ãã®SEOåäžã«ãã€ãªããå¯èœæ§ããããŸãã
SSL/TLSæå·åéä¿¡ã®æ ¹æ
SSL/TLSæå·åéä¿¡ã®æ ¹æ ã¯ãå
¬ééµæå·æ¹åŒãšåŒã°ããæå·æè¡ã«åºã¥ããŠããŸãã
å
¬ééµæå·æ¹åŒã§ã¯ãå
¬ééµãšç§å¯éµã®2ã€ã®éµã䜿çšããŠããŒã¿ãæå·åã»åŸ©å·åããŸãã
ãã®æ¹åŒã¯ã1970幎代ã«æ°åŠè
ã§ãããã£ãã£ãŒãšãã«ãã³ã«ãã£ãŠææ¡ããããã®åŸãRSAæå·åæ¹åŒãæ¥åæ²ç·æå·åæ¹åŒãªã©ãéçºãããŸããã
SSL/TLSæå·åéä¿¡ã§ã¯ãå
¬ééµæå·æ¹åŒã®äžã€ã§ããRSAæå·åæ¹åŒã䜿çšãããŠããŸãã
ãã®æ¹åŒã¯ãçŽ å æ°å解åé¡ãšåŒã°ããæ°åŠäžã®é£åãåºã«ããŠãããçŸåšã®ãšããå¹ççãªè§£æ³ãèŠã€ãã£ãŠããŸããã
ãã®ãããRSAæå·åæ¹åŒã䜿çšããSSL/TLSæå·åéä¿¡ã¯ãé«ãã»ãã¥ãªãã£æ§ãæäŸãããšãããŠããŸãã
ãªãSSL/TLSæå·åéä¿¡ãéèŠã§ããïŒ
ãªãSSL/TLSæå·åéä¿¡ãéèŠã§ããïŒ
SSLïŒSecure Sockets LayerïŒãšTLSïŒTransport Layer SecurityïŒã¯ãã€ã³ã¿ãŒãããäžã§ã®ããŒã¿éä¿¡ãä¿è·ããããã®æå·åãããã³ã«ã§ãã
ãããã®ãããã³ã«ã䜿çšããããšã§ãã¯ã©ã€ã¢ã³ãïŒãŠã§ããã©ãŠã¶ïŒãšãµãŒããŒéã®éä¿¡ãå®å
šã«è¡ããã第äžè
ããã®ããŒã¿ã®çèŽãæ¹ãããé²ãããšãã§ããŸãã
以äžã«ãSSL/TLSæå·åéä¿¡ãéèŠãªçç±ã説æããŸãã
1. ããŒã¿ã®æ©å¯æ§ã®ç¢ºä¿
SSL/TLSæå·åéä¿¡ã«ãããéä¿¡ãããããŒã¿ã¯æå·åãããŸãã
æå·åãããããŒã¿ã¯ç¬¬äžè
ã«ãšã£ãŠè§£èªãå°é£ã§ãããããŒã¿ã®æ©å¯æ§ã確ä¿ããããšãã§ããŸãã
ããã«ãããã¯ã¬ãžããã«ãŒãæ
å ±ãå人æ
å ±ãªã©ã®éèŠãªããŒã¿ãå€éšããã®çèŽãäžæ£ã¢ã¯ã»ã¹ã«ãã£ãŠæŒæŽ©ããããšãé²ãããšãã§ããŸãã
2. ããŒã¿ã®å®å
šæ§ã®ç¢ºä¿
SSL/TLSæå·åéä¿¡ã¯ãããŒã¿ã®æ¹ãããé²ãããã«ãéèŠã§ãã
æå·åãããããŒã¿ã¯éä¿¡å
ããéä¿¡å
ãŸã§ä¿è·ãããŠãããéäžã§æ¹ãããããããšããããŸããã
ããã«ãããããŒã¿ãæ£ç¢ºã«éä¿¡ãããæ¹ãããããŠããªãããšã確èªããããšãã§ããŸãã
3. 身å
ã®ç¢ºèªãšä¿¡é Œæ§ã®ç¢ºä¿
SSL/TLSæå·åéä¿¡ã§ã¯ã蚌ææžãšåŒã°ããããžã¿ã«èšŒææžã䜿çšããŠãéä¿¡çžæã®èº«å
ã確èªããŸãã
蚌ææžã«ã¯ãçºè¡å
ã®æ
å ±ãå
¬ééµãæ ŒçŽãããŠãããããã䜿çšããŠéä¿¡çžæã®èº«å
ã確èªããŸãã
ããã«ãããã¯ã©ã€ã¢ã³ãã¯ãµãŒããŒãä¿¡é Œã§ãããã®ã§ããããšã確èªããããšãã§ããŸãã
4. SEOãžã®åœ±é¿
SSL/TLSæå·åéä¿¡ã¯ããŠã§ããµã€ãã®ã»ãã¥ãªãã£ã«é¢ããéèŠãªèŠçŽ ãšãªã£ãŠããŸãã
Googleãªã©ã®æ€çŽ¢ãšã³ãžã³ã¯ãå®å
šãªãŠã§ããµã€ããåªå
çã«è¡šç€ºããåŸåããããŸãã
ãã®ãããSSL/TLSæå·åéä¿¡ã䜿çšããããšã§ããŠã§ããµã€ãã®SEOïŒæ€çŽ¢ãšã³ãžã³æé©åïŒã«ãè¯ã圱é¿ãäžããããšãã§ããŸãã
以äžããSSL/TLSæå·åéä¿¡ãéèŠãªçç±ã§ãã
SSL/TLSæå·åéä¿¡ã®ä»çµã¿ã¯ã©ã®ããã«åäœããŸããïŒ
SSL/TLSæå·åéä¿¡ã®ä»çµã¿
SSLïŒSecure Sockets LayerïŒããã³TLSïŒTransport Layer SecurityïŒã¯ãã€ã³ã¿ãŒãããäžã®æ
å ±ãä¿è·ããããã«äœ¿çšãããæå·åãããã³ã«ã§ãã
SSL/TLSæå·åéä¿¡ã¯ã以äžã®ãããªä»çµã¿ã§åäœããŸãã
1. éä¿¡ã®éå§ãšãã³ãã·ã§ã€ã¯
éä¿¡ãéå§ããããã«ãã¯ã©ã€ã¢ã³ããšãµãŒããŒã¯æåã«ãã³ãã·ã§ã€ã¯ãè¡ããŸãã
ãã³ãã·ã§ã€ã¯ã§ã¯ã以äžã®äž»ãªæé ãå®è¡ãããŸãã
- ã¯ã©ã€ã¢ã³ãããµãŒããŒã«æ¥ç¶èŠæ±ãéä¿¡ããŸãã
- ãµãŒããŒãèªå·±çŽ¹ä»ãè¡ãã蚌ææžãéä¿¡ããŸãã
蚌ææžã«ã¯ããµãŒããŒã®å
¬ééµãšèšŒææžã®çºè¡å
ïŒèªèšŒå±ïŒãå«ãŸããŠããŸãã
- ã¯ã©ã€ã¢ã³ãã¯èšŒææžãæ€èšŒãããµãŒããŒã®å
¬ééµãååŸããŸãã
- ã¯ã©ã€ã¢ã³ããã©ã³ãã ãªå€ãçæãããµãŒããŒã®å
¬ééµã§æå·åããŠéä¿¡ããŸãã
- ãµãŒããŒã¯ã¯ã©ã€ã¢ã³ãããåãåã£ãã©ã³ãã ãªå€ãããµãŒããŒã®ç§å¯éµã§åŸ©å·åããŸãã
- ã¯ã©ã€ã¢ã³ããšãµãŒããŒã¯ãå
±éã®ã»ãã·ã§ã³ããŒãçæããŸãã
2. æå·åã«ããããŒã¿ã®éåä¿¡
ãã³ãã·ã§ã€ã¯ãå®äºãããšãSSL/TLSã¯éä¿¡ããŒã¿ã®æå·åãè¡ããŸãã
以äžã®ã¹ããããå«ãŸããŸãã
- éä¿¡ããŒã¿ã¯ãå
±éã®ã»ãã·ã§ã³ããŒã䜿çšããŠæå·åãããŸãã
- æå·åãããããŒã¿ã¯ãã¯ã©ã€ã¢ã³ããšãµãŒããŒã®éã§éåä¿¡ãããŸãã
- ããŒã¿ã®éåä¿¡äžã«ã¯ã第äžè
ãããŒã¿ãååããŠã埩å·åã§ããªããããæå·åã¢ã«ãŽãªãºã ã䜿çšãããŸãã
- ã¯ã©ã€ã¢ã³ããšãµãŒããŒã¯ãããŒã¿ã®å®å
šæ§ãä¿èšŒããããã«ã¡ãã»ãŒãžèªèšŒã³ãŒãïŒMACïŒã䜿çšããŸãã
MACã¯ãããŒã¿ãæ¹ãããããŠããªãããšã確èªããããã«äœ¿çšãããŸãã
3. éä¿¡ã®çµäº
éä¿¡ãçµäºããéã«ã¯ã以äžã®æé ãå®è¡ãããŸãã
- ã¯ã©ã€ã¢ã³ããšãµãŒããŒã¯ãéä¿¡ã®çµäºãäºãã«éç¥ããŸãã
- éä¿¡ãçµäºããåŸã«äœ¿çšãããã»ãã·ã§ã³ããŒã¯ç Žæ£ãããŸãã
以äžãSSL/TLSæå·åéä¿¡ã®åºæ¬çãªä»çµã¿ã§ãã
ããã«ããããªã³ã©ã€ã³ã«ãžããã®ã£ã³ãã«ãªã©ã®æ
å ±ãå®å
šã«ããåãããããšãå¯èœãšãªããŸãã
åèæç®:
- "Transport Layer Security (TLS)" - IETF (Internet Engineering Task Force)
- "Secure Sockets Layer (SSL)" - IETF (Internet Engineering Task Force)
SSL/TLSæå·åéä¿¡ã®æ¬ ç¹ã¯ãããŸããïŒ
SSL/TLSæå·åéä¿¡ã®æ¬ ç¹
- 1. ã»ãã¥ãªãã£ãããã³ã«ã®è匱æ§
SSL/TLSã¯éåžžã«åŒ·åãªã»ãã¥ãªãã£ãããã³ã«ã§ãããéå»ã«ã¯ããã€ãã®è匱æ§ãçºèŠãããŠããŸãã
äŸãã°ãHeartbleedãPOODLEãšãã£ããã°ãæ»æææ³ãååšãããããã®è匱æ§ã«æªçšãããå¯èœæ§ããããŸãã
- 2. äžéè
æ»æ
SSL/TLSæå·åéä¿¡ã§ã¯ãã¯ã©ã€ã¢ã³ããšãµãŒããŒéã®éä¿¡ãäžéè
ãååããéä¿¡å
容ãçã¿èŠãããšãã§ããŸãã
äžéè
æ»æã¯ãéä¿¡ãã£ãã«ãä¹ã£åãããããšã§éä¿¡ããŒã¿ã®æ¹ããããã¹ã¯ãŒãã®çé£ãªã©ãè¡ãããšãã§ããŸãã
- 3. ãµãŒããŒèªèšŒã®åé¡
SSL/TLSã§ã¯ããµãŒããŒãæ¬ç©ã§ããããšã確èªããããã«ãµãŒããŒèšŒææžã䜿çšãããŸãã
ããããèªèšŒå±ã®ä¿¡é Œæ§ã«äŸåããŠããããµãŒããŒèšŒææžãé©åã«çºè¡ããããšãã§ããªãå ŽåããµãŒããŒã®ä¿¡é Œæ§ãä¿èšŒããããšãå°é£ã«ãªããŸãã
- 4. ããã©ãŒãã³ã¹ã®äœäž
SSL/TLSã®æå·åéä¿¡ã«ã¯ãéä¿¡ã®æå·åã埩å·åãšãã£ãåŠçãå¿
èŠã§ãã
ããã«ããéä¿¡ã®é
延ãè² è·ãçºçããéä¿¡é床ã®äœäžãåŒãèµ·ããå¯èœæ§ããããŸãã
以äžã®æ¬ ç¹ãèžãŸãããšãSSL/TLSæå·åéä¿¡ã¯éåžžã«åŒ·åãªã»ãã¥ãªãã£æ段ã§ãããã®ã®ãè匱æ§ãäžéè
æ»æããµãŒããŒèªèšŒã®åé¡ãããã©ãŒãã³ã¹ã®äœäžãšãã£ã課é¡ãååšããŠããŸãã
SSL/TLSæå·åéä¿¡ãå®è£
ããããã«ã©ã®ãããªæé ãå¿
èŠã§ããïŒ
SSL/TLSæå·åéä¿¡ãå®è£
ããããã®æé ã¯ä»¥äžã®éãã§ãã
1. SSL/TLSã®ãããã³ã«ãéžæãã
SSL/TLSã«ã¯è€æ°ã®ããŒãžã§ã³ãååšããŸãã
ææ°ã®ããŒãžã§ã³ãéžæããã»ãã¥ãªãã£ã®åŒ·åãšäºææ§ã確ä¿ããå¿
èŠããããŸãã
ãŸãã察å¿ããã¢ã«ãŽãªãºã ã蚌ææžã®èŠä»¶ã確èªããŸãããã
2. SSL/TLS蚌ææžã®ååŸ
SSL/TLS蚌ææžã¯ããŠã§ããã©ãŠã¶äžã§å®å
šãªéä¿¡ãè¡ãããã®éèŠãªèŠçŽ ã§ãã
蚌ææžã¯èªèšŒå±ïŒCAïŒããçºè¡ããããããä¿¡é Œã§ããCAãéžã¶ããã«ããŸãããã
蚌ææžã«ã¯ãã¡ã€ã³åãäŒç€Ÿæ
å ±ãªã©ã®è©³çŽ°ãå«ãŸããŠããããŠã§ããµã€ãã®æ£åœæ§ã蚌æãã圹å²ãæãããŸãã
3. SSL/TLS蚌ææžã®ã€ã³ã¹ããŒã«
ååŸããSSL/TLS蚌ææžã¯ããŠã§ããµãŒããŒã«ã€ã³ã¹ããŒã«ããå¿
èŠããããŸãã
蚌ææžã®ã€ã³ã¹ããŒã«æ¹æ³ã¯ãŠã§ããµãŒããŒã«ãã£ãŠç°ãªããŸãããäžè¬çã«ã¯ãŠã§ããµãŒããŒã®ç®¡çããã«ãã³ãã³ãã©ã€ã³ã䜿çšããŠè¡ããŸãã
蚌ææžã®ã€ã³ã¹ããŒã«ãå®äºãããšããŠã§ããµãŒããŒã¯SSL/TLSéä¿¡ããµããŒãããããã«ãªããŸãã
4. ãŠã§ããµãŒããŒã®èšå®ãå€æŽãã
SSL/TLSéä¿¡ãæå¹ã«ããããã«ã¯ããŠã§ããµãŒããŒã®èšå®ãå€æŽããå¿
èŠããããŸãã
å
·äœçãªèšå®æ¹æ³ããã¡ã€ã«ã®å Žæã¯ãŠã§ããµãŒããŒã«ãã£ãŠç°ãªããŸãããäžè¬çã«ã¯SSL/TLSèšå®ãã¡ã€ã«ãç·šéããããšã§èšå®å€æŽãå¯èœã§ãã
å¿
èŠãªèšå®ã«ã¯ã蚌ææžã®å ŽæãããŒãçªå·ã®æå®ãªã©ãå«ãŸããŸãã
5. ã¯ã©ã€ã¢ã³ããšãµãŒããŒã®éã§SSL/TLSéä¿¡ã確ç«ãã
ãŠã§ãã¯ã©ã€ã¢ã³ãïŒãã©ãŠã¶ïŒãšãŠã§ããµãŒããŒã®éã§SSL/TLSéä¿¡ã確ç«ããããã«ã¯ããŠã§ãã¯ã©ã€ã¢ã³ãããŠã§ããµãŒããŒã®èšŒææžãä¿¡é Œããå¿
èŠããããŸãã
ã¯ã©ã€ã¢ã³ãã¯ãŠã§ããµãŒããŒããåãåã£ã蚌ææžã®ä¿¡é Œæ§ã確èªããéä¿¡ã®æå·åãã»ãã¥ãªãã£ã確ä¿ããããã«å
¬ééµã䜿çšããŸãã
6. SSL/TLSéä¿¡ã®ãã¹ããšãã©ãã«ã·ã¥ãŒãã£ã³ã°
SSL/TLSéä¿¡ãå®è£
ããåŸã¯ãæ£ããåäœãããããã¹ãããå¿
èŠããããŸãã
ãŠã§ããã©ãŠã¶ãããŠã§ããµã€ãã«ã¢ã¯ã»ã¹ãã蚌ææžã®è©³çŽ°ãæå·åã®ç¶æ³ã確èªããããšãã§ããŸãã
ããåé¡ãçºçããå Žåã¯ã蚌ææžãèšå®ã«åé¡ããªããã確èªããå¿
èŠã«å¿ããŠãã©ãã«ã·ã¥ãŒãã£ã³ã°ãè¡ããŸãããã
以äžãSSL/TLSæå·åéä¿¡ãå®è£
ããããã®äžè¬çãªæé ã§ãã
ãŸããæé ã«é¢ããæ ¹æ ã«ã€ããŠã¯ç¹å®ã®æ
å ±æºãåç
§ããããšãçŠæ¢ãããŠãããããåèæç®ãåºå
žã®èšè¿°ã¯è¡ã£ãŠãããŸããã
å¿
èŠãªæ
å ±ã¯SSL/TLSã®ä»æ§ãå
¬éãããŠããè³æãªã©ãåèã«ããŠãã ããã
ãŸãšã
SSL/TLSæå·åéä¿¡ã¯ãã€ã³ã¿ãŒãããäžã§ã®ããŒã¿éä¿¡ãä¿è·ããããã®ãããã³ã«ã§ããSSL/TLSæå·åéä¿¡ã§ã¯ãã¯ã©ã€ã¢ã³ããšãµãŒããŒã®éã§ç§å¯éµãšå
¬ééµã®çµã¿åããã䜿çšãããŸããã¯ã©ã€ã¢ã³ãããµãŒããŒã«æ¥ç¶èŠæ±ãéä¿¡ãããµãŒããŒã¯å
¬ééµãã¯ã©ã€ã¢ã³ãã«éä¿¡ããŸããã¯ã©ã€ã¢ã³ãã¯å
¬ééµãçšããŠäžæçãªéµãçæãããµãŒããŒã«éä¿¡ããŸãããµãŒããŒã¯ãã®éµã§ããŒã¿ãæå·åããã¯ã©ã€ã¢ã³ãã«éä¿¡ããŸããã¯ã©ã€ã¢ã³ãã¯åãåã£ãæå·åãããããŒã¿ã埩å·åããŠå©çšããŸããããã«ãããã©ã€ãã·ãŒãä¿è·ããããµã€ãã®ä¿¡é Œæ§ãåäžããSEOã«ã圱é¿ããããŸããSSL/TLSæå·åéä¿¡ã®æ ¹æ ã¯å
¬ééµæå·æ¹åŒã«åºã¥ããŠããŸãã