2014 2017
• DNS • HTTP • HTTPS • • Q&A
Freepik Smashicons
DNS
1
2
CDN
3
• • •
•
DNS
• ISP •
• •
UDP
www.meituan.com IP
DNS
•DNS • •
com meituan.com
TTL
DNS
•
•
www.meituan.com IP
DNS
• hosts • DNS
• DNS • DNS
• •
DNS
1
2
DNS over XXX
• TLS (Cloudflare) • HTTP ( ) • HTTPS (Cloudflare Google)
Web
Content Security Policy
Content-Security-Policy: directive: rules;
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';
• • XSS • https
• http • •
Subresource Integrity
• hash
• http • • • iOS Safari
HTTPS
SSL/TLS http
HTTPS
80 HTTP
https://
443 TCP
HTTPS
SSL/TLS
SSL / TLS
SSL 1.0 N/A N/A N/A
SSL 2.0 1995
SSL 3.0 1996 IE 6
TLS 1.0 1999 IE 6 SSL 3.0
TLS 1.1 2006 IE 8
TLS 1.2 2008 IE 8
TLS 1.3 2018 Chrome 64
• : TLS • / : RSA • : AES_128_GCM • : SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
HTTPS
SSL/TLS
/
• “ ” “ ” • •
HTTPS
SSL/TLS
/
HTTP
( )
SSL strip
HTTP 80
https://
HTTP 80
SSL strip
https://
https://
http
HTTP Strict-Transport-Security
Strict-Transport-Security: max-age=
• HTTPS • 1 • Chrome
• HTTP • • Chrome “ ”
SSL / TLS (FREAK)
SSL
512 RSA
512 RSA
https://github.com/eniac/faas
The purpose of the FaaS (Factoring as a Service) project is to demonstrate that 512-bit integers can be factored in only a few hours, for less than $100 of compute time in a public cloud environment. This illustrates the amazing progress in computing power over time, and
the risk of continued use of 512-bit RSA keys.
“
”
512 $100
https://wiki.mozilla.org/Security/Server_Side_TLS
CDN
• •
!
"
CDN
CDN
• CDN • CDN
!
#
CDN
DNS
CDN
1
2 DNS CDN
CDN
CDN HTTP
CDN
• •
!
$
KA
RD
&
• • •
• 200 0 http • •
CDN gzip
• A•
• B html error• js
• C•
• D CSP SRI•
•URL
•
•
• Damocles
CDN
Damocles
-> -> ->
• 3 10,480,084
• 3 13 21 SRE
CDN PM
Q&A•
• Node.js? Service Worker? WebAssembly?
•
“ ”