当前位置:
X-MOL 学术
›
ACM SIGCOMM Comput. Commun. Rev.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Tracking the deployment of TLS 1.3 on the web
ACM SIGCOMM Computer Communication Review ( IF 2.2 ) Pub Date : 2020-07-22 , DOI: 10.1145/3411740.3411742 Ralph Holz 1 , Jens Hiller 2 , Johanna Amann 3 , Abbas Razaghpanah 4 , Thomas Jost 2 , Narseo Vallina-Rodriguez 5 , Oliver Hohlfeld 6
ACM SIGCOMM Computer Communication Review ( IF 2.2 ) Pub Date : 2020-07-22 , DOI: 10.1145/3411740.3411742 Ralph Holz 1 , Jens Hiller 2 , Johanna Amann 3 , Abbas Razaghpanah 4 , Thomas Jost 2 , Narseo Vallina-Rodriguez 5 , Oliver Hohlfeld 6
Affiliation
Transport Layer Security (TLS) 1.3 is a redesign of the Web's most important security protocol. It was standardized in August 2018 after a four year-long, unprecedented design process involving many cryptographers and industry stakeholders. We use the rare opportunity to track deployment, uptake, and use of a new mission-critical security protocol from the early design phase until well over a year after standardization. For a profound view, we combine and analyze data from active domain scans, passive monitoring of large networks, and a crowd-sourcing effort on Android devices. In contrast to TLS 1.2, where adoption took more than five years and was prompted by severe attacks on previous versions, TLS 1.3 is deployed surprisingly speedily and without security concerns calling for it. Just 15 months after standardization, it is used in about 20% of connections we observe. Deployment on popular domains is at 30% and at about 10% across the com/net/org top-level domains (TLDs). We show that the development and fast deployment of TLS 1.3 is best understood as a story of experimentation and centralization. Very few giant, global actors drive the development. We show that Cloudflare alone brings deployment to sizable numbers and describe how actors like Facebook and Google use their control over both client and server endpoints to experiment with the protocol and ultimately deploy it at scale. This story cannot be captured by a single dataset alone, highlighting the need for multi-perspective studies on Internet evolution.
中文翻译:
跟踪网络上 TLS 1.3 的部署
传输层安全 (TLS) 1.3 是对 Web 最重要的安全协议的重新设计。经过长达四年、前所未有的设计过程,涉及许多密码学家和行业利益相关者,它于 2018 年 8 月实现标准化。我们利用难得的机会跟踪从早期设计阶段到标准化后一年多的新任务关键型安全协议的部署、采用和使用。为了深入了解,我们结合并分析了来自主动域扫描、大型网络的被动监控以及 Android 设备上的众包工作的数据。与 TLS 1.2 相比,TLS 1.2 的采用耗时超过五年,并且受到对先前版本的严重攻击的推动,而 TLS 1.3 的部署速度惊人,而且没有安全问题。标准化后仅 15 个月,它用于我们观察到的大约 20% 的连接中。流行域上的部署率为 30%,整个网络中的部署率约为 10%com/net/org 顶级域 (TLD)。我们表明,TLS 1.3 的开发和快速部署最好被理解为一个实验和集中化的故事。很少有巨大的全球参与者推动发展。我们展示了 Cloudflare 单独带来了可观的部署数量,并描述了 Facebook 和 Google 等参与者如何利用他们对客户端和服务器端点的控制来试验协议并最终大规模部署它。这个故事不能仅由单个数据集捕获,突出了对互联网演变进行多视角研究的必要性。
更新日期:2020-07-22
中文翻译:
跟踪网络上 TLS 1.3 的部署
传输层安全 (TLS) 1.3 是对 Web 最重要的安全协议的重新设计。经过长达四年、前所未有的设计过程,涉及许多密码学家和行业利益相关者,它于 2018 年 8 月实现标准化。我们利用难得的机会跟踪从早期设计阶段到标准化后一年多的新任务关键型安全协议的部署、采用和使用。为了深入了解,我们结合并分析了来自主动域扫描、大型网络的被动监控以及 Android 设备上的众包工作的数据。与 TLS 1.2 相比,TLS 1.2 的采用耗时超过五年,并且受到对先前版本的严重攻击的推动,而 TLS 1.3 的部署速度惊人,而且没有安全问题。标准化后仅 15 个月,它用于我们观察到的大约 20% 的连接中。流行域上的部署率为 30%,整个网络中的部署率约为 10%
京公网安备 11010802027423号