|
STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication. STARTTLS is primarily intended as a countermeasure to passive monitoring. STARTTLS for IMAP and POP3 is defined in RFC 2595, for SMTP in RFC 3207, for XMPP in RFC 6120, for LDAP in RFC 2830, for NNTP in RFC 4642, and for FTP in RFC 4217. For IRC, the ''de facto'' definition is documented at the (InspIRCd wiki ). ==Layering== TLS is application-neutral; in the words of RFC 5246 :One advantage of TLS is that it is application protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently. The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left to the judgment of the designers and implementors of protocols that run on top of TLS. The style used to specify how to use TLS matches the same layer distinction that is also conveniently supported by several library implementations of TLS. E.g., the RFC 3207 SMTP extension illustrates with the following dialog how a client and server can start a secure session: S: <waits for connection on TCP port 25> C: <opens connection> S: 220 mail.example.org ESMTP service ready C: EHLO client.example.org S: 250-mail.example.org offers a warm hug of welcome S: 250 STARTTLS C: STARTTLS S: 220 Go ahead C: <starts TLS negotiation> C & S: <negotiate a TLS session> C & S: <check result of negotiation> C: EHLO client.example.org〔The last line in the example added for clarity. See e.g. the thread started by 〕 . . . The last ''EHLO'' command above is issued over a secure channel. Note that authentication is optional in SMTP, and the omitted server reply may now safely advertise an ''AUTH PLAIN'' SMTP extension, which is not present in the plain-text reply. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「STARTTLS」の詳細全文を読む スポンサード リンク
|