RFC 9849. Iklayenti Elibethelwe le-TLS Sawubona

Ukuzulazula ku-Evolving Internet Landscape

Amashumi eminyaka, i-inthanethi ithembele ebhalansini ethambile phakathi kokuphepha nokubonakala. Amaphrothokholi afana ne-Transport Layer Security (TLS), isisekelo sesithonjana se-padlock esipheqululini sakho, abe nesandla ekubetheleni idatha yethu. Kodwa-ke, ucezu olubalulekile lolwazi lusalokhu lusobala: Inkomba Yegama Leseva (SNI). Le mibhalo yedijithali, etshela iseva ukuthi iyiphi iwebhusayithi ozama ukuyifinyelela, ithunyelwa ingabhaliwe ngesikhathi sokuxhawula i-TLS kokuqala. Nakuba kudingekile ekuhambiseni ithrafikhi emhlabeni wokubamba okwabiwe, lokhu kuvezwa kudala igebe elibalulekile lobumfihlo. Abahlinzeki besevisi ye-inthanethi, abalawuli benethiwekhi, nabangase balalele bangakwazi ukubona yonke iwebhusayithi oyivakashelayo, ngisho noma okuqukethwe ngokwako kubethelwe. Yilapho intuthuko enkulu, ebhalwe ku-RFC 9849 futhi eyaziwa ngokuthi i-Encrypted Client Hello (ECH), ingena khona esigabeni, ithembisa ukuvala le mbobo yokugcina enkulu ekuyimfihlo kwewebhu.

Iyini i-RFC 9849 kanye ne-Encrypted Client Hello (ECH)?

RFC 9849, enesihloko ngokusemthethweni esithi "Ukucaciswa Kwesevisi Nokucaciswa Kwepharamitha nge-DNS," iyidokhumenti yezindinganiso echaza uhlaka lwe-Hello Yeklayenti Elibethelwe. I-ECH iyisandiso sephrothokholi ye-TLS 1.3 ebethela wonke umlayezo we-Client Hello, okuhlanganisa nedatha ebucayi ye-SNI. Ngamafuphi, ithatha indawo yombhalo osobala othi "Ngifuna ukuxhuma ku-example.com" ngomlayezo obethelwe ongenziwa yiseva yewebhusayithi ehlosiwe kuphela engasusa ukubethela. Lokhu kuqinisekisa ukuthi kusukela esinyathelweni sokuqala senqubo yokuxhuma, indawo oya kuyo ifihliwe ukuthi ingabonwa ngamehlo kunethiwekhi. I-ECH ayifihli nje i-SNI; iphinde ifihle ezinye izigxivizo zeminwe ezingaba khona ekuxhawulaneni, njengama-ciphersuites asekelwayo, ukudala ukuphequlula okufana nokuyimfihlo. Ubuchwepheshe busebenzisa amasu e-cryptographic ukuvumela iklayenti ukuthi likhiqize ukhiye osesidlangalaleni ovela kumarekhodi ewebhusayithi e-DNS, elibese liwasebenzisela ukubethela idatha ebucayi yokuxhawula izandla.

Izinzuzo Ezibambekayo Zokutholwa Kwe-ECH Okusabalele

Ukusetshenziswa kwe-ECH kuphawula isikhathi esibalulekile sobumfihlo nokuphepha kwedijithali. Izinzuzo zako zidlulela ngale kokufihla umlando wakho wokuphequlula ku-ISP yakho.

• Izimfihlo Zomsebenzisi Ezithuthukisiwe: Ngokubhala ngekhodi i-SNI, i-ECH ivimbela izinkampani zangaphandle ekwakheni iphrofayela enemininingwane yemisebenzi yakho ye-inthanethi ngokusekelwe kumawebhusayithi owavakashelayo. Lesi isinyathelo esibalulekile sokubuyisela ukungaziwa komsebenzisi kuwebhu.
• Ukunqanda Ukucwaninga Nokucwasa: Kwezinye izifunda, ukufinyelela ku-inthanethi kuhlunga ngokusekelwe ku-SNI. I-ECH ikwenza kube nzima kakhulu ngezihlungi zezinga lenethiwekhi ukuvimba ukufinyelela kumawebhusayithi athile noma izinsiza, ezithuthukisa i-inthanethi evuleke kakhudlwana.
• Indawo Eyehlisiwe Ye-Cyberattacks: Abahlaseli bavamise ukusebenzisa idatha ye-SNI engabetheliwe ukuze baqondise izinsiza ezithile noma abasebenzisi. Ngokufiphaza lolu lwazi, i-ECH yenza kube nzima ukuhlaziywa kwethrafikhi kanye nezinhlobo ezithile zokuhlasela komuntu phakathi nendawo.
• Amazinga E-inthanethi Afakazela Ikusasa: I-ECH imele ukuvela kwemvelo kwe-TLS, ukuvala igebe elidala lobumfihlo futhi iqondaniswe nomgomo "wobethela yonke into." Isetha isisekelo esisha salokho abasebenzisi okufanele bakulindele ekuxhumekeni okuphephile.

I-ECH kanye Nekusasa Lokusebenza Kwebhizinisi Elivikelekile

Emabhizinisini, ukushintshela ku-inthanethi eyimfihlo kuthinta ngokuqondile indlela asebenza ngayo futhi avikele izimpahla zawo zedijithali. Njengoba izinkampani ziya ngokuya zithembela kumapulatifomu asekelwe ngamafu kanye nezinhlelo zokusebenza ezijwayelekile ezifana ne-Mewayz ukuze zilawule ukuhamba kwazo, ukuphepha kwakho konke ukuxhumana kubaluleke kakhulu. I-ECH iqinisekisa ukuthi ukuxhumana phakathi kwedivayisi yesisebenzi nezinhlelo zokusebenza zebhizinisi—okusingathwa ezinsizeni ezifana ne-Mewayz—kuvikelekile ekungeneni ephaketheni lokuqala. Lokhu kubaluleke kakhulu kumabhizinisi aphatha idatha ebucayi, njengoba yengeza isendlalelo esibalulekile sokuvikela ekulaleleni okuyinkimbinkimbi. Ukwamukela ubuchwepheshe obusekela i-ECH kubonisa ukuzibophezela ekuvikelekeni okuphambili, okungaba isici esibalulekile sokwethenjwa kumakhasimende nozakwethu. Njengoba omunye uchwepheshe wezokuphepha aphawule engxoxweni ngekusasa lamaphrothokholi ewebhu:

"I-ECH ayisona isici nje; iwukulungiswa okudingekile ekwakhiweni kwasekuqaleni kwe-TLS. Iqeda isithembiso sokubethela ngasemaphethelweni ngokuqinisekisa ukuthi 'imvilophu' yokuxhumana kwakho iyimfihlo njengohlamvu olungaphakathi."

Izinkundla ezibeka phambili intuthuko enjalo, okuhlanganisa i-Mewayz, isesimweni esingcono sokunikeza indawo evikelekile ngempela yokusebenza okubalulekile kwebhizinisi, iqinisekisa ukuthi idatha yenkampani ihlala iyimfihlo futhi ibalulekile.

Isiphetho: I-inthanethi Eyimfihlo Kakhudlwana isiseduze

I-RFC 9849 kanye neKlayenti Elibethelwe elithi Sawubona zimele ukugxumela phambili ekufuneni i-inthanethi eyimfihlo ngempela. Ngenkathi inguquko izodinga izibuyekezo kuzo zonke iziphequluli, amaseva, nengqalasizinda ye-DNS, umfutho uyakhula. Abathengisi besiphequluli abakhulu nabahlinzeki bamafu sebevele besebenzisa ukwesekwa. Kubasebenzisi bokugcina, kusho ukuthola kabusha ucezu lobumfihlo babo bedijithali. Kumabhizinisi asebenzisa izinkundla zesimanje, kusho izisekelo eziqinile zokuphepha. Njengoba leli zinga lizuza ukutholwa okubanzi, sisondela eduze ne-inthanethi lapho zonke izingxenye zokuxhumana kwethu zivikelwe khona ngokuzenzakalelayo, okukhuthaza ukwethenjwa okukhulu nokuphepha kwawo wonke umuntu oku-inthanethi.

Imibuzo Evame Ukubuzwa

Ukuzulazula ku-Evolving Internet Landscape

Amashumi eminyaka, i-inthanethi ithembele ebhalansini ethambile phakathi kokuphepha nokubonakala. Amaphrothokholi afana ne-Transport Layer Security (TLS), isisekelo sesithonjana se-padlock esipheqululini sakho, abe nesandla ekubetheleni idatha yethu. Kodwa-ke, ucezu olubalulekile lolwazi lusalokhu lusobala: Inkomba Yegama Leseva (SNI). Le mibhalo yedijithali, etshela iseva ukuthi iyiphi iwebhusayithi ozama ukuyifinyelela, ithunyelwa ingabhaliwe ngesikhathi sokuxhawula i-TLS kokuqala. Nakuba kudingekile ekuhambiseni ithrafikhi emhlabeni wokubamba okwabiwe, lokhu kuvezwa kudala igebe elibalulekile lobumfihlo. Abahlinzeki besevisi ye-inthanethi, abalawuli benethiwekhi, nabangase balalele bangakwazi ukubona yonke iwebhusayithi oyivakashelayo, ngisho noma okuqukethwe ngokwako kubethelwe. Yilapho intuthuko enkulu, ebhalwe ku-RFC 9849 futhi eyaziwa ngokuthi i-Encrypted Client Hello (ECH), ingena khona esigabeni, ithembisa ukuvala le mbobo yokugcina enkulu ekuyimfihlo kwewebhu.

Iyini i-RFC 9849 kanye ne-Encrypted Client Hello (ECH)?

RFC 9849, enesihloko ngokusemthethweni esithi "Ukucaciswa Kwesevisi Nokucaciswa Kwepharamitha nge-DNS," iyidokhumenti yezindinganiso echaza uhlaka lwe-Hello Yeklayenti Elibethelwe. I-ECH iyisandiso sephrothokholi ye-TLS 1.3 ebethela wonke umlayezo we-Client Hello, okuhlanganisa nedatha ebucayi ye-SNI. Ngamafuphi, ithatha indawo yombhalo osobala othi "Ngifuna ukuxhuma ku-example.com" ngomlayezo obethelwe ongenziwa yiseva yewebhusayithi ehlosiwe kuphela engasusa ukubethela. Lokhu kuqinisekisa ukuthi kusukela esinyathelweni sokuqala senqubo yokuxhuma, indawo oya kuyo ifihliwe ukuthi ingabonwa ngamehlo kunethiwekhi. I-ECH ayifihli nje i-SNI; iphinde ifihle ezinye izigxivizo zeminwe ezingaba khona ekuxhawulaneni, njengama-ciphersuites asekelwayo, ukudala ukuphequlula okufana nokuyimfihlo. Ubuchwepheshe busebenzisa amasu e-cryptographic ukuvumela iklayenti ukuthi likhiqize ukhiye osesidlangalaleni ovela kumarekhodi ewebhusayithi e-DNS, elibese liwasebenzisela ukubethela idatha ebucayi yokuxhawula izandla.

Izinzuzo Ezibambekayo Zokutholwa Kwe-ECH Okusabalele

Ukusetshenziswa kwe-ECH kuphawula isikhathi esibalulekile sobumfihlo nokuphepha kwedijithali. Izinzuzo zako zidlulela ngale kokufihla umlando wakho wokuphequlula ku-ISP yakho.

I-ECH kanye Nekusasa Lokusebenza Kwebhizinisi Elivikelekile

Emabhizinisini, ukushintshela ku-inthanethi eyimfihlo kuthinta ngokuqondile indlela asebenza ngayo futhi avikele izimpahla zawo zedijithali. Njengoba izinkampani ziya ngokuya zithembela kumapulatifomu asekelwe ngamafu kanye nezinhlelo zokusebenza ezijwayelekile ezifana ne-Mewayz ukuze zilawule ukuhamba kwazo, ukuphepha kwakho konke ukuxhumana kubaluleke kakhulu. I-ECH iqinisekisa ukuthi ukuxhumana phakathi kwedivayisi yesisebenzi nezinhlelo zokusebenza zebhizinisi—okusingathwa ezinsizeni ezifana ne-Mewayz—kuvikelekile ekungeneni ephaketheni lokuqala. Lokhu kubaluleke kakhulu kumabhizinisi aphatha idatha ebucayi, njengoba yengeza isendlalelo esibalulekile sokuvikela ekulaleleni okuyinkimbinkimbi. Ukwamukela ubuchwepheshe obusekela i-ECH kubonisa ukuzibophezela ekuvikelekeni okuphambili, okungaba isici esibalulekile sokwethenjwa kumakhasimende nozakwethu. Njengoba omunye uchwepheshe wezokuphepha aphawule engxoxweni ngekusasa lamaphrothokholi ewebhu:

Isiphetho: I-inthanethi Eyimfihlo Kakhudlwana isiseduze

I-RFC 9849 kanye neKlayenti Elibethelwe elithi Sawubona zimele ukugxumela phambili ekufuneni i-inthanethi eyimfihlo ngempela. Ngenkathi inguquko izodinga izibuyekezo kuzo zonke iziphequluli, amaseva, nengqalasizinda ye-DNS, umfutho uyakhula. Abathengisi besiphequluli abakhulu nabahlinzeki bamafu sebevele besebenzisa ukwesekwa. Kubasebenzisi bokugcina, kusho ukuthola kabusha ucezu lobumfihlo babo bedijithali. Kumabhizinisi asebenzisa izinkundla zesimanje, kusho izisekelo eziqinile zokuphepha. Njengoba leli zinga lizuza ukutholwa okubanzi, sisondela eduze ne-inthanethi lapho zonke izingxenye zokuxhumana kwethu zivikelwe khona ngokuzenzakalelayo, okukhuthaza ukwethenjwa okukhulu nokuphepha kwawo wonke umuntu oku-inthanethi.