Mozilla ta sanar cewa za ta maye gurbin amfani da ESNI da ECH (Abokin Abokin Abokin Hulɗa Na Sannu) a cikin Firefox 85 (sigar da aka tsara za a saki a Janairu 26) don ɓoye bayanan sigogin zaman TLS, kamar sunan yankin da aka nema.
Firefox ya ambaci cewa ECH yana ci gaba da haɓaka daga ESNI kuma yana cikin tsararren mataki don zama mizanin IETF. Don tsara aiki a kan adireshin IP na shafuka da yawa na HTTPS, an haɓaka TLS SNI a lokaci guda, wanda ke ba da sunan mai masauki a cikin bayyanannen rubutu a cikin saƙon ClientHello, wanda aka watsa kafin shigar da hanyar sadarwa mai ɓoyewa.
Shekaru biyu da suka gabata, mun sanar da tallafi na gwaji don fadada sunan Suna na Sabis (Server) wanda ke kare sirri a cikin Firefox Nightly. A Server Name Nuni (SNI) TLS tsawo damar uwar garke da kuma takardar shaidar selection ta hanyar watsa bayyanannu kwafin rubutu na uwar garken ta rundunar sunan a cikin TLS abokin ciniki hello sako.
Wannan yana wakiltar yoyon sirri kamar na DNS, kuma kamar yadda DNS-over-HTTPS ke hana tambayoyin DNS daga fallasa sunan mai masauki ga masu lura a cikin hanyar, ESNI yayi ƙoƙari don hana ɓoyayyen sunan mai shiga daga yarjejeniyar yarjejeniya. TLS mahada.
Wannan fasalin yana ba da damar tantance zaɓin zirga-zirgar HTTPS da kuma nazarin waɗanne rukunin yanar gizo masu amfani suka buɗe, wanda baya bada damar samun cikakkiyar sirri yayin amfani da HTTPS.
Don hana kwararar bayanai game da shafin da aka nema, shekaru da yawa da suka gabata an haɓaka haɓakar ESNI, wanda ke aiwatar da ɓoye bayanai tare da sunan yanki (ban da SNI, DNS na iya zama tushen ɓarkewar bayanai, sabili da haka, ban da ESNI, ya zama dole ayi amfani da DNS akan HTTPS ko DNS akan fasahar TLS). A yayin kokarin aiwatar da ESNI, an gano cewa tsarin da aka gabatar bai wadatar da tabbatar da cikakken zaman zaman HTTPS ba.
Musamman lokacin sake dawo da zaman da aka kafa a baya, sunan yankin a cikin cikakken rubutu zuwada alama tsakanin sigogin ƙara TLS PSK (Key-Shared Key), ma'ana, ɓoye ɓoyayyen filayen SNI bai isa ba kuma ya zama dole a ƙirƙiri analog na ESNI na PSK da kuma nan gaba, mai yuwuwa ga sauran fannoni. Bugu da ƙari, yunƙurin aiwatar da ESNI sun gano daidaito da haɓaka al'amura,
Dangane da buƙatar ɓoyewa sigogi na kowane tsawo na TLS, an tsara tsarin ECH na duniya, wanda babban banbancin sa da ESNI shine, maimakon wani fanni na daban, dukkan sakon ClientHello an rufeshi.
ECH ya ƙunshi nau'ikan saƙonni biyu na ClientHello: saƙon ClientHelloInner ɓoyayyen da kuma asusun da ba a ɓoye ba ClientHelloOuter, tare da idan uwar garken tana tallafawa ECH kuma ta sami damar warware ClientHelloInner, ci gaba da amfani da wannan nau'in don zaman TLS. In ba haka ba, ana karɓar bayanan daga ClientHelloOuter.
A ƙarshe, ECH ingantaccen juyin halitta ne na ESNI, kuma Firefox zai zo don tallafawa yarjejeniya. Muna aiki tuƙuru don tabbatar da aiki tare kuma ana iya sa shi a sikelin, kuma ba za mu iya jira masu amfani su fahimci fa'idodin sirrin wannan fasalin ba.
ECH kuma yana amfani da maɓallin rarraba maɓalli daban don ɓoyewa: Ana watsa bayanan maɓallin jama'a a cikin rikodin DNS HTTPSSVC kuma ba a cikin rikodin TXT ba. Ana amfani da ɓoyayyen ɓoye na ƙarshe zuwa ƙarshe dangane da Sirrin Maballin Maballin Jama'a (HPKE) don amfani da ɓoye mabuɗin. Har ila yau ECH tana goyan bayan amintaccen relay na maɓallan daga uwar garken, wanda za'a iya amfani dashi idan akwai maɓallin juyawa akan sabar kuma don magance matsaloli tare da samun maɓallan da suka tsufa daga ɓoyayyen DNS.
Har ila yau, za mu iya nuna shawarar da ta dace ta yadda za a kunna a Firefox 86 karfinsu da tsarin hoto na AVIF (Tsarin Hoto na AV1), wanda ke amfani da fasahar matsewa ta intra-frame daga tsarin tsara bidiyo na AV1. Akwatin don rarraba bayanan matsawa a cikin AVIF kwatankwacin HEIF.
Source: https://blog.mozilla.org