` è ^ Ù î è · 2019-01-02 · Subresource Integrity ` è ^ Ù î è ¢ • ] È X +hash 1 R à...
Transcript of ` è ^ Ù î è · 2019-01-02 · Subresource Integrity ` è ^ Ù î è ¢ • ] È X +hash 1 R à...
-
2014 2017
-
• DNS • HTTP • HTTPS • • Q&A
-
Freepik Smashicons
DNS
1
2
CDN
3
-
• • •
•
-
DNS
• ISP •
• •
UDP
www.meituan.com IP
-
DNS
•DNS • •
com meituan.com
TTL
-
DNS
•
•
www.meituan.com IP
-
DNS
• hosts • DNS
• DNS • DNS
• •
-
DNS
1
2
DNS over XXX
• TLS (Cloudflare) • HTTP ( ) • HTTPS (Cloudflare Google)
Web
-
Content Security Policy
Content-Security-Policy: directive: rules;
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';
• • XSS • https
• http • •
-
Subresource Integrity
• hash
• http • • • iOS Safari
-
HTTPS
SSL/TLS http
-
HTTPS
80 HTTP
https://
443 TCP
-
HTTPS
SSL/TLS
-
SSL / TLS
SSL 1.0 N/A N/A N/A
SSL 2.0 1995
SSL 3.0 1996 IE 6
TLS 1.0 1999 IE 6 SSL 3.0
TLS 1.1 2006 IE 8
TLS 1.2 2008 IE 8
TLS 1.3 2018 Chrome 64
-
• : TLS • / : RSA • : AES_128_GCM • : SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
-
HTTPS
SSL/TLS
/
-
• “ ” “ ” • •
-
HTTPS
SSL/TLS
/
HTTP
( )
-
SSL strip
HTTP 80
https://
HTTP 80
-
SSL strip
https://
https://
http
-
HTTP Strict-Transport-Security
Strict-Transport-Security: max-age=
• HTTPS • 1 • Chrome
• HTTP • • Chrome “ ”
-
SSL / TLS (FREAK)
SSL
512 RSA
-
512 RSA
https://github.com/eniac/faas
The purpose of the FaaS (Factoring as a Service) project is to demonstrate that 512-bit integers can be factored in only a few hours, for less than $100 of compute time in a public cloud environment. This illustrates the amazing progress in computing power over time, and
the risk of continued use of 512-bit RSA keys.
“
”
512 $100
-
https://wiki.mozilla.org/Security/Server_Side_TLS
-
CDN
• •
!
"
-
CDN
CDN
• CDN • CDN
!
#
-
CDN
DNS
CDN
1
2 DNS CDN
-
CDN
CDN HTTP
CDN
• •
!
$
-
KA
RD
&
• • •
-
• 200 0 http • •
CDN gzip
-
• A•
• B html error• js
• C•
• D CSP SRI•
-
•URL
•
•
• Damocles
CDN
Damocles
-> -> ->
-
• 3 10,480,084
• 3 13 21 SRE
CDN PM
-
Q&A•
• Node.js? Service Worker? WebAssembly?
•
-
“ ”