In the first half, we give an introduction to modern serialization systems, Protocol Buffers, Apache Thrift and Apache Avro. Which one does meet your needs?
In the second half, we show an example of data ingestion system architecture using Apache Avro.
In the first half, we give an introduction to modern serialization systems, Protocol Buffers, Apache Thrift and Apache Avro. Which one does meet your needs?
In the second half, we show an example of data ingestion system architecture using Apache Avro.
This is the presentation materials of Japanese OCDET of bare metal computing meeting.
In "GMO AppsCloud" of GMO Internet, Inc., by modifying the nova Baremetal compute of OpenStack Havana so as to drive the Ansible, by installing the OS in the cobbler, has commercialized the environment to start with disk boot loader.
26. Client Hello の脆弱性
TLS1.3 では、ClientHello より後にやり取りされるメッセージは全
て暗号化されたが、Client Hello 自身は平文のまま。
Client
TLS (HTTPS)
Server
DoH
Server
HTTPS
Secure
Channel
1) ClientHello <FQDN: www.zettant.com, ALPN:…>
Even if the FQDN is
securely hidden in the
phase of DNS query…
2) TLS negotiation is all encrypted after ClientHello.
The FQDN and other sensitive
information are visible in ClientHello!!!
0) Query DNS RR
for the target
FQDN
Figure: ClientHello からアクセス先の情報が漏れる
たとえ DNS のやりとりを暗号化しても、ClientHello を盗聴されれ
ばアクセス先が漏洩してしまう。
Jun Kurihara (Zettant) HPKE October 6, 2021 26 / 40
27. ECH: TLS ネゴシエーションを全部暗号化
Client Hello から全てネゴシエーションを暗号化してしまおう!
⇒ ECH。そしてその実現のために HPKE を応用。
Client
TLS (HTTPS)
Server
DoH
Server
HTTPS
Secure
Channel
Encrypted ClientHello by HPKE
All messages in TLS negotiation
are totally encrypted.
Fetch DNS records of
- IP Address of the
server
(A/AAAA record)
- “HPKE Public Key”
(HTTPS record)
Figure: DNS HTTPS レコードを利用した Encrypted Client Hello 概略
HPKE の Receiver (サーバ) Public Key 他を含む Config は、DNS の新設レ
コード “HTTPS” (Type65) に記述することが検討されている。22
22Optional であり、事前に端末に埋め込むなど、他の手法で取得しても良い。
Jun Kurihara (Zettant) HPKE October 6, 2021 27 / 40