Ssl
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ssl as PDF for free.
More details
- Words: 2,720
- Pages: 9
ﻣﻔﺎﻫﻴﻢ ، SSLﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ SSL (Secure Sockets Layer), Digital Signature )And CA (Certificate Authority Fundamentals ﻣﺤﻤﻮﺩ ﻣﺮﻭﺝ [email protected] ﺩﺍﻧﺸﺠﻮﯼ ﻣﻬﻨﺪﺳﯽ ﮐﺎﻣﭙﻴﻮﺗﺮ ،ﮔﺮﺍﻳﺶ ﻧﺮﻡ ﺍﻓﺰﺍﺭ
‐١ﺗﻌﺮﻳﻒ ﺑﺮﺍﻱ ﺷﺮﻭﻉ ،ﺑﺎ ﺗﻌﺮﻳﻔﻲ ﮐﻠﻲ ﺍﺯ SSLﮐﻪ ﺩﺭ ﺳﺎﻳﺖ webopediaﺁﻣﺪﻩ ﺍﺳﺖ ﻣﻄﻠﺐ ﺭﺍ ﺁﻏﺎﺯ ﻣﻲ ﮐﻨﻴﻢ :
" SSLﭘﺮﻭﺗﮑﻞ ﺍﻱ ﺍﺳﺖ ﮐﻪ ﺗﻮﺳﻂ ﺷﺮﮐﺖ Netscapeﻭ ﺑﺮﺍﻱ ﺭﺩ ﻭ ﺑﺪﻝ ﮐﺮﺩﻥ ﺳﻨﺪ ﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺘﻪ ﺍﺳﺖ SSL.ﺍﺯ ﻳﮏ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺑﻪ ﺭﻣﺰ ﺩﺭ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺗﻲ ﮐﻪ ﺑﺮ ﺭﻭﻱ ﻳﮏ ﺍﺭﺗﺒﺎﻁ SSLﻣﻨﺘﻘﻞ ﻣﻲ ﺷﻮﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻧﻤﺎﻳﺪ .ﻫﺮ ﺩﻭ ﻣﺮﻭﺭﮔﺮ Internet Explorerﻭ ] Netscape Navigatorﻭ ﺍﻣﺮﻭﺯﻩ ﺗﻤﺎﻡ ﻣﺮﻭﺭﮔﺮ ﻫﺎﻱ ﻣﺪﺭﻥ[ ﺍﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲ ﻧﻤﺎﻳﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻭﺏ ﺳﺎﻳﺖ ﻫﺎ ﺑﺮﺍﻱ ﻓﺮﺍﻫﻢ ﮐﺮﺩﻥ ﺑﺴﺘﺮﻱ ﻣﻨﺎﺳﺐ ﺟﻬﺖ ﺣﻔﻆ ﮐﺮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﮐﺎﺭﺑﺮﺍﻥ )ﻣﺎﻧﻨﺪ ﺷﻤﺎﺭﻩ ﮐﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ( ﺍﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻧﻤﺎﻳﻨﺪ .ﻃﺒﻖ ﺁﻧﭽﻪ ﺩﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺁﻣﺪﻩ ﺍﺳﺖ URL ،ﻫﺎﻳﻲ ﮐﻪ ﻧﻴﺎﺯ ﺑﻪ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﺯ ﻧﻮﻉ SSLﺩﺍﺭﻧﺪ ﺑﺎ https:ﺑﻪ ﺟﺎﻱ http:ﺷﺮﻭﻉ ﻣﻲ ﺷﻮﻧﺪ. ﭘﺮﻭﺗﮑﻞ ﺩﻳﮕﺮﻱ ﮐﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺻﻮﺭﺕ ﺍﻣﻦ ﺑﺮ ﺭﻭﻱ ﺷﺒﮑﻪ ﺟﻬﺎﻧﻲ ﻭﺏ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﭘﺮﻭﺗﮑﻞ ﺍﻱ ﺍﺳﺖ ﺑﻪ ﻧﺎﻡ Secure HTTPﻳﺎ . S-HTTPﺩﺭ ﺣﺎﻟﻴﮑﻪ SSLﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﻣﻴﺎﻥ Clientﻭ Serverﺍﻳﺠﺎﺩ ﻣﻲ ﮐﻨﺪ ﺗﺎ ﻫﺮ ﺍﻃﻼﻋﺎﺗﻲ ﮐﻪ ﺑﺮ ﺭﻭﻱ ﺁﻥ ﻣﻨﺘﻘﻞ ﻣﻲ ﺷﻮﺩ ﺍﻣﻦ ﺑﺎﺷﺪ S-HTTP ،ﺑﺮﺍﻱ ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ ﺗﺎ ﻃﺒﻖ ﺁﻥ ﭘﻴﺎﻡ ﻫﺎﻱ
ﻣﻨﻔﺮﺩ] [١ﺑﻪ ﻃﻮﺭ ﺍﻣﻦ ﻣﻨﺘﻘﻞ ﺷﻮﻧﺪ.ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻳﻦ ﺩﻭ ﺗﮑﻨﻮﻟﻮﮊﻱ ﻗﺒﻞ ﺍﺯ ﺁﻧﮑﻪ ﺩﻭ ﺗﮑﻨﻮﻟﻮﮊﻱ ﺭﻗﻴﺐ ﺑﺎﺷﻨﺪ ،ﺩﻭ ﺗﮑﻨﻮﻟﻮﮊﻱ ﻣﮑﻤﻞ ﻫﺴﺘﻨﺪ .ﻫﺮ ﺩﻭ ﻱ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻫﺎ ﺑﻪ ﻋﻨﻮﺍﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﺯ ﺳﻮﻱ IETFﭘﺬﻳﺮﻓﺘﻪ ﺷﺪﻩ ﺍﻧﺪ”. ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﮐﻪ SSLﻳﮏ ﭘﺮﻭﺗﮑﻞ ﻣﺴﺘﻘﻞ ﺍﺯ ﻻﻳﻪ ﺑﺮﻧﺎﻣﻪ ﺍﺳﺖ ). (Application Independent ﺑﻨﺎﺑﺮﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻫﺎﻳﻲ ﻣﺎﻧﻨﺪ FTP ، HTTPﻭ Telnetﻗﺎﺑﻠﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺭﺍ ﺩﺍﺭﻧﺪ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ SSLﺑﺮﻭﻱ ﭘﺮﻭﺗﮑﻞ ﻫﺎﻱ FTP ، HTTPﻭ IPSecﺑﻬﻴﻨﻪ ﺷﺪﻩ ﺍﺳﺖ.
–٢ﻣﻔﺎﻫﻴﻢ ﺭﻣﺰ ﻧﮕﺎﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻭ ﻧﺎ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺎﺱ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻫﺎ ﻭﺟﻮﺩ ﮐﻠﻴﺪ ﻫﺎ ﻣﻲ ﺑﺎﺷﻨﺪ.ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺷﻤﺎ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﻧﻈﺮ ﺧﻮﺩ ﺭﺍ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻗﻔﻞ ﻣﻲ ﮐﻨﻴﺪ ﻭ ﺳﭙﺲ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ ﻣﺠﺪﺩﺍ ﺍﺯ ﮐﻠﻴﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﻴﺪ .ﺩﺭ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﺑﺎ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ،ﻫﺮ ﺩﻭ ﮐﻠﻴﺪﻱ ﮐﻪ ﺑﺮﺍﻱ ﻗﻔﻞ ﻭ ﺑﺎﺯ ﮐﺮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ ﻳﮑﺴﺎﻥ ﻣﻲ ﺑﺎﺷﺪ .ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﻫﺮ ﺩﻭ ﻃﺮﻑ ﺍﺯ ﻳﮏ ﮐﻠﻴﺪ ﻳﮑﺴﺎﻥ ﺑﻬﺮﻩ ﻣﻲ ﺑﺮﻧﺪ ﮐﻪ ﺑﺎﻳﺪ ﻧﺰﺩ ﺧﻮﺩﺷﺎﻥ ﺍﻣﻦ ﺑﺎﺷﺪ. ﺗﻮﺟﻪ ﮐﻨﻴﺪ ﮐﻪ ﻣﻔﻬﻮﻡ ﮐﻠﻴﺪ ﺩﺭ ﻣﺒﺎﺣﺚ ﻣﺮﺗﺒﻂ ،ﻋﻤﻮﻣﺎ ﻳﮏ ﺁﺭﺍﻳﻪ ﺍﺯ ﺑﺎﻳﺖ ﻫﺎ ﻣﻲ ﺑﺎﺷﺪ ﮐﻪ ﺑﺮ ﺍﺳﺎﺱ ﻧﻮﻉ ﺍﻣﻨﻴﺖ ﻃﻮﻝ ﻣﺘﻔﺎﻭﺗﻲ ﺩﺍﺭﺩ.ﻣﺜﻼ ٠١١٠١١٠٠١١٠٠١٠١١١٠٠١ﻣﻲ ﺗﻮﺍﻧﺪ ﻳﮏ ﮐﻠﻴﺪ ﺑﺎﺷﺪ.ﺍﻟﺒﺘﻪ ﻋﻤﻮﻣﺎ ﮐﻠﻴﺪ ﻫﺎ ﺩﺭ ﻣﺒﻨﺎﻱ ١٦ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﻣﻲ ﺷﻮﻧﺪ .ﺑﻪ ﻫﺮ ﺣﺎﻝ ﻭﻇﻴﻔﻪ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﮐﻠﻴﺪ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﻧﺪﻩ ﺁﻥ ﺍﺳﺖ! ﺩﺭ ﺷﮑﻞ ﺯﻳﺮ ﻧﺤﻮﻩ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ:
ﺍﻣﺎ ﻧﻮﻋﻲ ﺩﻳﮕﺮ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﮐﻪ ﺍﺳﺎﺱ SSLﻧﻴﺰ ﻣﻲ ﺑﺎﺷﺪ.ﺩﺭ ﺍﻳﻦ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮐﻪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻧﺎ ﻣﺘﻘﺎﺭﻥ ﻳﺎ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻧﺎﻣﻴﺪﻩ ﻣﻲ ﺷﻮﺩ ،ﺩﻭ ﻧﻮﻉ ﮐﻠﻴﺪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ : •
ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ
•
ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ
][٦ ][١٥
ﺩﺭ ﺍﻳﻦ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮔﻔﺘﻪ ﻣﻲ ﺷﻮﺩ ﮐﻪ ﺍﮔﺮ ﺩﺍﺩﻩ ﺍﻱ ﺑﺎ ﻳﮏ ﮐﻠﻴﺪ ﻗﻔﻞ ﺷﺪ ،ﺑﺎ ﻫﻤﺎﻥ ﮐﻠﻴﺪ ﺑﺎﺯ ﻧﻤﻲ ﺷﻮﺩ ﻭ ﻓﻘﻂ ﺍﻣﮑﺎﻥ ﺑﺎﺯ ﺷﺪﻥ ﺁﻥ ﺑﺎ ﮐﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻳﻦ ﮐﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ ﻧﺰﺩ ﻃﺮﻑ ﻣﻘﺎﺑﻞ ﺍﺳﺖ ﻭ ﺍﻣﮑﺎﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺁﻥ ﺍﺯ ﮐﻠﻴﺪ ﺩﻳﮕﺮ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺳﺎﺩﻩ ﺗﺮ ﺍﮔﺮ ﺷﻤﺎ ﺩﺭ ﺧﺎﻧﻪ ﺗﺎﻥ ﺭﺍ ﺑﺎ ﮐﻠﻴﺪ Aﻗﻔﻞ ﻧﻤﻮﺩﻳﺪ ،ﺗﻨﻬﺎ ﺍﻣﮑﺎﻥ ﺑﺎﺯ ﺷﺪﻥ ﺁﻥ ﺑﺎ ﮐﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ Bﻭﺟﻮﺩ
ﺩﺍﺭﺩ ﻭ ﺍﻳﻦ ﺩﺭ ﺣﺎﻟﻴﺴﺖ ﮐﻪ ﺍﻣﮑﺎﻥ ﻓﻬﻤﻴﺪﻥ ﺁﻧﮑﻪ ﮐﻠﻴﺪ Bﭼﮕﻮﻧﻪ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ ﺑﺮﺍﻱ ﺷﻤﺎ ﻧﻴﺰ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺣﺎﻝ ﺍﮔﺮ ﮐﻠﻴﺪ ﺧﻮﺩ ﺭﺍ ﺩﺭﻭﻥ ﺩﺭ ﻧﻴﺰ ﺟﺎ ﺑﮕﺬﺍﺭﻳﺪ ،ﻣﺴﺎﻟﻪ ﺍﻱ ﻧﻴﺴﺖ! ﺣﺎﻝ ﺑﻪ ﺑﺤﺚ ﺑﺎﺯ ﻣﻲ ﮔﺮﺩﻳﻢ :ﺷﻤﺎ ﺩﺭﺧﻮﺍﺳﺖ ﺩﺍﺩﻩ ﺍﻱ ﺭﺍ ﺍﺯ ﻳﮏ ﺳﺮﻭﺭ ﺍﻣﻦ ﻣﻲ ﮐﻨﻴﺪ ،ﺳﺮﻭﺭ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ .ﺷﻤﺎ ﺩﺍﺩﻩ ﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺍﻳﻦ ﮐﻠﻴﺪ ﻗﻔﻞ ﻣﻲ ﮐﻨﻴﺪ ﻭ ﺑﺮﺍﻱ ﺳﺮﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﻴﺪ .ﺣﺎﻝ ﺍﮔﺮ ﺍﻳﻦ ﻭﺳﻂ ﮐﺴﻲ ﺧﻮﺍﺳﺖ ﺩﺍﺩﻩ ﻫﺎ ﺭﺍ ﺑﺒﻴﻨﺪ] ، [١٨ﻧﻤﻲ ﺗﻮﺍﻧﺪ ،ﭼﺮﺍﮐﻪ ﺍﻳﻦ ﺩﺍﺩﻩ ﻫﺎ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺎﺯ ﻧﻤﻲ ﺷﻮﻧﺪ! .ﺩﺭ ﻃﺮﻑ ﻣﻘﺎﺑﻞ ﺳﺮﻭﺭ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺹ ﺧﻮﺩ ﺩﺍﺩﻩ ﻫﺎ ﺭﺍ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﻣﻲ ﮐﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﺪ. ﺷﮑﻞ ﺯﻳﺮ ﺭﻭﻧﺪ ﺫﮐﺮ ﺷﺪﻩ ﺭﺍ ﻣﻲ ﺭﺳﺎﻧﺪ :
ﺗﻮﺟﻪ :ﺩﺭ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺭﻭﻧﺪ ﺑﺮﻋﮑﺲ ﺍﺳﺖ).ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﭼﻴﺰﻱ ﺟﺰ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺩﺍﺩﻩ ﻫﺎ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻓﺮﺳﺘﻨﺪﻩ ﻧﻴﺴﺖ( .ﻣﺎ ﺩﺭ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲ ﺧﻮﺍﻫﻴﻢ ﺑﺒﻴﻨﻴﻢ ﮐﻪ ﺁﻳﺎ ﺩﺍﺩﻩ ﻫﺎﻱ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﻭﺍﻗﻌ ﹰﺎ ﺍﺯ ﻃﺮﻑ ﺷﺨﺼﻲ ﺍﺳﺖ ﮐﻪ ﺍﺩﻋﺎ ﻣﻲ ﮐﻨﺪ ﻳﺎ ﺧﻴﺮ؟ ﺑﻪ ﻃﻮﺭ ﺳﺎﺩﻩ ﮐﺎﺭﺑﺮ ﻧﺎﻡ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻣﻲ ﮐﻨﺪ .ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ﻫﻤﻪ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻭﻱ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻧﺎﻡ ﻭﻱ ﺭﺍ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﮐﻨﻨﺪ ﻭ ﺍﻳﻦ ﺻﺤﻴﺢ ﺍﺳﺖ! ﭼﺮﺍﮐﻪ ﻫﻴﭻ ﮐﺲ ﺩﻳﮕﺮ ﻗﺎﺩﺭ ﻧﻴﺴﺖ ﺩﺍﺩﻩ ﺍﻱ ﺗﻮﻟﻴﺪ ﮐﻨﺪ ﮐﻪ ﻧﺘﻴﺠﻪ ﺑﺎﺯ ﺷﺪﻥ ﺁﻥ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺷﺨﺺ ﺍﻣﻀﺎ ﮐﻨﻨﺪﻩ ﺑﺮﺍﺑﺮ ﺑﺎﺷﺪ!. ﺍﻟﺒﺘﻪ ﺩﺭ ﻋﻤﻞ ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﺯ ﺗﻮﺍﺑﻊ Hashﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ .ﭼﺮﺍﮐﻪ ﺩﺭ ﺣﺎﻟﺖ ﻓﻮﻕ ،ﺍﻭﻻ ﻧﺎﻡ ﮐﺎﺭﺑﺮ ﺭﺍ ﺑﺎﻳﺪ ﻓﻘﻂ ﮐﺎﺭﺑﺮ ﻭ ﺳﺮﻭﺭ ﺑﺪﺍﻧﻨﺪ ﻭ ﺩﻳﮕﺮ ﺁﻧﮑﻪ ﺍﺯ ﮐﺠﺎ ﻣﻌﻠﻮﻡ ﮐﻪ ﺩﺍﺩﻩ ﺍﺭﺳﺎﻟﻲ ﻫﻤﺎﻧﻲ ﺍﺳﺖ ﮐﻪ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﮐﺎﺭﺑﺮ ﺑﺎ ﺁﻥ ﺑﻮﺩﻩ ﺍﺳﺖ)ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺷﺎﻳﺪ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﻣﺘﻦ ﺍﻃﻼﻋﺎﺕ ﺗﻐﻴﻴﺮ ﮐﺮﺩ( ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺫﮐﺮ ﺷﺪ ،ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺍﺯ ﺗﻮﺍﺑﻊ Hashﮐﻪ ﻳﮏ ﻃﺮﻓﻪ ﻫﺴﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ.ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺍﮔﺮ ﺩﺍﺩﻩ ﺍﻱ hashﺷﺪ ،ﺩﻳﮕﺮ ﺑﻪ ﻫﻴﭻ ﻋﻨﻮﺍﻥ )ﻭ ﺗﻮﺳﻂ ﻫﻴﭻ ﮐﻠﻴﺪﻱ( ﻗﺎﺑﻞ ﺑﺮﮔﺸﺖ ﻧﻴﺴﺖ. ﺑﺪﻳﻦ ﻣﻨﻈﻮﺭ ﻣﺘﻦ ﻧﺎﻣﻪ ﺍﺑﺘﺪﺍ hashﻣﻲ ﮔﺮﺩﺩ ﻭ ﺳﭙﺲ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺍﻣﻀﺎ ﻣﻲ ﺷﻮﺩ.
ﺳﭙﺲ ﺍﻣﻀﺎ ﻭ ﻣﺘﻦ ﻧﺎﻣﻪ ﺍﺭﺳﺎﻝ ﻣﻲ ﺷﻮﺩ .ﺩﺭ ﻃﺮﻑ ﺳﺮﻭﺭ ﻫﻢ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺩﺍﺩﻩ hashﺷﺪﻩ ﺑﺪﺳﺖ ﻣﻲ ﺁﻳﺪ .ﻣﺘﻦ ﺍﺭﺳﺎﻟﻲ ﻫﻢ hashﻣﻲ ﺷﻮﺩ .ﺣﺎﻝ ﺍﮔﺮ ﺍﻳﻦ ﺩﻭ ﻧﺘﻴﺠﻪ ﻳﮑﺴﺎﻥ ﺑﻮﺩ ،ﺩﺍﺩﻩ ﻫﺎ ﻭﺍﻗﻌ ﹰﺎ ﺍﺯ ﻃﺮﻑ ﮐﺴﻲ ﮐﻪ ﻣﺪﻋﻲ ﺁﻥ ﺍﺳﺖ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ .ﭼﺮﺍ ﮐﻪ ﺍﮔﺮ ﻣﺘﻦ ﻧﺎﻣﻪ ﻋﻮﺽ ﺷﻮﺩ ،ﻧﺘﻴﺠﻪ hashﺁﻥ ﻫﻢ ﻣﺘﻔﺎﻭﺕ ﻭ ﻣﻘﺎﻳﺴﻪ ﻧﺘﻴﺠﻪ ﻳﮑﺴﺎﻧﻲ ﺭﺍ ﺑﺮ ﻧﻤﻲ ﮔﺮﺩﺍﻧﺪ. ﺩﺭ ﻧﻤﻮﺩﺍﺭ ﺯﻳﺮ ،ﺭﻭﻧﺪ ﮐﺎﺭ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻣﻲ ﮐﻨﻴﺪ )ﻗﻄﻌﻪ ﻫﺎﻱ ﺧﺎﮐﺴﺘﺮﻱ ﺭﻧﮓ ﻧﺸﺎﻥ ﺩﻫﻨﺪﻩ Hashﺷﺪﻥ ﻣﺘﻦ ﻧﺎﻣﻪ ﻣﻲ ﺑﺎﺷﻨﺪ(
– ٣ﺳﺎﺧﺘﺎﺭ ﻭ ﺭﻭﻧﺪ ﺁﻏﺎﺯﻳﻦ ﭘﺎﻳﻪ ﮔﺬﺍﺭﻱ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﺩﺭ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻗﺒﻞ ﺍﺯ ﺁﻧﮑﻪ ﺍﻃﻼﻋﺎﺗﻲ ﻣﺎﺑﻴﻦ ﺩﺭﺧﻮﺍﺳﺖ ﺩﻫﻨﺪﻩ ﻭ ﺳﺮﻭﺭ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﻮﺩ ،ﻣﻲ ﺑﺎﻳﺴﺖ ﺍﺑﺘﺪﺍ ﺳﺮﻭﺭ ﺗﺼﺪﻳﻖ ﮔﺮﺩﺩ]. [٢ ﺑﻪ ﻃﻮﺭ ﮐﻠﻲ ﻣﺮﺣﻠﻪ ﺁﻏﺎﺯﻳﻦ ﺷﺮﻭﻉ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ] [٣ﺍﺯ ﺩﻭ ﻓﺎﺯ ﺗﺸﮑﻴﻞ ﺷﺪﻩ ﺍﺳﺖ :ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﺭ ﻭ ﻣﺮﺣﻠﻪ ﺍﺧﺘﻴﺎﺭﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺸﺘﺮﻱ .ﺩﺭ ﻓﺎﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﺭ ،ﺳﺮﻭﺭ ﺩﺭ ﺟﻮﺍﺏ ﺩﺭﺧﻮﺍﺳﺖ ﻣﺸﺘﺮﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺧﻮﺩ ﻭ ﻓﺮﻣﻮﻝ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺧﻮﺩ] [٤ﺭﺍ ﺑﺮﺍﻱ ﻣﺸﺘﺮﻱ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ .ﺳﭙﺲ ﻣﺸﺘﺮﻱ ﻳﮏ ﮐﻠﻴﺪ ﺍﺻﻠﻲ] [٥ﮐﻪ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ] [٦ﺳﺮﻭﺭ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲ ﮐﻨﺪ ﻭ ﺳﭙﺲ ﺍﻳﻦ ﮐﻠﻴﺪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ .ﺳﺮﻭﺭ ﮐﻠﻴﺪ ﺍﺻﻠﻲ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻣﻲ ﮐﻨﺪ ﻭ ﺧﻮﺩﺵ ﺭﺍ ﺑﺎ ﻓﺮﺳﺘﺎﺩﻥ ﭘﻴﻐﺎﻣﻲ ﺑﻪ ﻣﺸﺘﺮﻱ ﺗﺼﺪﻳﻖ ﻣﻲ ﻧﻤﺎﻳﺪ .ﺩﺭﺧﻮﺍﺳﺖ ﻫﺎﻱ ﺑﻌﺪﻱ ﺑﺎ ﮐﻠﻴﺪ ﻫﺎﻳﻲ ﮐﻪ ﺍﺯ ﮐﻠﻴﺪ ﺍﺻﻠﻲ ﻣﺸﺘﻖ ﺷﺪﻩ ﺍﻧﺪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻭ ﺗﺼﺪﻳﻖ ﻣﻲ ﺷﻮﻧﺪ. ﺩﺭ ﻓﺎﺯ ﺩﻭﻡ ﮐﻪ ﺍﺧﺘﻴﺎﺭﻱ ﺑﻮﺩ ،ﺳﺮﻭﺭ ﻳﮏ ﭼﺎﻟﺶ] [٧ﺭﺍ ﺑﺮﺍﻱ ﻣﺸﺘﺮﻱ ﺍﻳﺠﺎﺩ ﻣﻲ ﮐﻨﺪ ]ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ[ .ﻣﺸﺘﺮﻱ ﻧﻴﺰ ﺧﻮﺩﺵ ﺭﺍ ﺑﺮﺍﻱ ﺳﺮﻭﺭ ﺑﺎ ﺍﺭﺳﺎﻝ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺧﻮﺩ ] [٨ﻧﺴﺒﺖ ﺑﻪ ﺗﺼﺪﻳﻖ ﺧﻮﺩ ﺍﻗﺪﺍﻡ ﻣﻲ ﻧﻤﺎﻳﺪ.
ﺍﻟﮕﻮﺭﻳﺘﻢ ﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺟﻬﺖ ﭘﻨﻬﺎﻥ ﺳﺎﺯﻱ ﺩﺭ SSLﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﻧﺪ .ﺩﺭ ﻣﺮﺣﻠﻪ ﺁﻏﺎﺯﻳﻦ ﺷﺮﻭﻉ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻢ RSA public-key cryptosystemﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ .ﺑﻌﺪ ﺍﺯ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻥ ﮐﻠﻴﺪ ﻫﺎ ﻧﻴﺰ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﻧﺪ .ﺍﺯ ﺟﻤﻠﻪ triple-DES ، DES ، IDEA ، RC٤ ، RC٢ :ﻭ . MD٥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎﻱ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻫﻢ ﺍﺯ ﻗﻮﺍﻧﻴﻦ X.٥٠٩ﭘﻴﺮﻭﻱ ﻣﻲ ﮐﻨﻨﺪ).ﺳﺎﺧﺘﺎﺭ ﺩﺭﺧﺘﻲ CAﻫﺎ ﻭ ﺍﻣﻀﺎﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ ﮐﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺫﮐﺮ ﺧﻮﺍﻫﺪ ﺷﺪ ،ﻫﻤﮕﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﺳﺖ(
–٤ﭘﺮﻭﺗﮑﻞ ﻫﺎﻱ ﻣﺸﺎﺑﻪ ] TLS[٩ﻫﻢ ﭘﺮﻭﺗﮑﻞ ﺍﻱ ﺍﺳﺖ ﮐﻪ ﺑﺴﻴﺎﺭ ﻣﺸﺎﺑﻪ SSL ٣,٠ﻣﻲ ﺑﺎﺷﺪ. ﻫﻤﭽﻨﻴﻦ ﭘﺮﻭﺗﮑﻞ ] WTLS[١٠ﮐﻪ ﻣﺨﺼﻮﺹ ﺷﺒﮑﻪ ﻫﺎﻱ ﺑﻴﺴﻴﻢ ﺍﺳﺖ ﻭ ﺩﺭ ] WAP [١١ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮔﺮﺩﺩ.
–٥ﻣﻔﻬﻮﻡ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺩﺭ ﭘﺮﻭﺗﮑﻞ SSL ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺎﺯ ﺍﺳﺖ ﮐﻪ ﻳﮏ ﺑﺤﺚ ﮐﻠﻲ ﺩﺭ ﻣﻮﺭﺩ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ] [١٢ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺻﻮﺭﺕ ﮔﻴﺮﺩ.ﺑﻪ ﻃﻮﺭ ﻋﻤﻮﻡ )ﻏﻴﺮ ﺍﺯ ﺑﺤﺚ (SSLﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ ﺟﻨﺒﻪ ﺍﻋﺘﺒﺎﺭ ﺳﻨﺠﻲ ﺩﺍﺭﻧﺪ .ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﺩﺭ ﻳﮏ ﺑﺤﺚ ﺧﺎﺹ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺑﺎﺷﻴﺪ ،ﺑﻪ ﺷﻤﺎ ﺍﻋﺘﻤﺎﺩ ﺑﻴﺸﺘﺮﻱ ﻣﻲ ﮐﻨﻨﺪ.ﺍﻣﺎ ﻣﻤﮑﻦ ﺍﺳﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭﻟﻲ ﮐﺎﺭ ﺧﻮﺩ ﺭﺍ ﻫﻢ ﺑﻪ ﻧﺤﻮ ﺍﺣﺴﻨﺖ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ.ﺑﻪ ﻃﻮﺭ ﻣﺜﺎﻝ ﺷﻤﺎ ﻗﻬﺮﻣﺎﻥ ﻣﺴﺎﺑﻘﺎﺕ ﻓﺮﻣﻮﻝ ١ﺟﻬﺎﻥ ﻫﺴﺘﻴﺪ ،ﺍﻣﺎ ﺩﺭ ﺻﻮﺭﺗﻲ ﮐﻪ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﻫﺮﮔﺰ ﺍﺟﺎﺯﻩ ﻧﺨﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ ﮐﻪ ﺩﺭ ﺷﻬﺮ ﺗﺮﺩﺩ ﮐﻨﻴﺪ! ﺩﺭ ﻣﻮﺭﺩ SSLﻫﻢ ﺗﻘﺮﻳﺒﺎ ﺑﺤﺚ ﺑﻪ ﻫﻤﻴﻦ ﮔﻮﻧﻪ ﺍﺳﺖ ﺑﺎ ﺍﻳﻦ ﺗﻔﺎﻭﺕ ﮐﻪ ﺫﺍﺕ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺑﺤﺚ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺍﮔﺮ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺒﺎﺷﻴﺪ ،ﻗﺎﺩﺭ ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ ﮐﻪ ﻳﮏ ﭘﻴﺎﺩﻩ ﺳﺎﺯﻱ ﺍﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.ﺷﺎﻳﺪ ﺩﺭ ﻋﺎﻟﻢ ﺭﺍﻧﺪﻥ ﺍﺗﻮﻣﺒﻴﻞ ﺑﺪﻳﻦ ﺻﻮﺭﺕ ﺗﻌﺒﻴﺮ ﺷﻮﺩ ﮐﻪ ﺩﺭ ﺻﻮﺭﺗﻲ ﮐﻪ ﺷﻤﺎ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺒﺎﺷﻴﺪ ،ﻗﺎﺩﺭ ﺑﻪ ﺭﺍﻧﻨﺪﮔﻲ ﻫﻢ ﻧﻴﺴﺘﻴﺪ! ﺍﻳﻦ ﺗﺸﺎﺑﻪ ﺍﺯ ﺟﻬﺎﺗﻲ ﺻﺤﻴﺢ ﻭ ﺍﺯ ﺟﻬﺎﺗﻲ ﻏﻠﻂ ﺍﺳﺖ .ﺷﺎﻳﺪ ﺑﺮﺩﺍﺷﺖ ﺻﺤﻴﺢ ﺗﺮ ﺑﻪ ﺍﻳﻦ ﺻﻮﺭﺕ ﺑﺎﺷﺪ ﮐﻪ ﺍﮔﺮﭼﻪ ﻗﺎﺩﺭ ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺑﺪﻭﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺭﺍﻧﻨﺪﮔﻲ ﮐﻨﻴﺪ ،ﺍﻣﺎ ﻗﺎﺩﺭ ﻫﺴﺘﻴﺪ ﮐﻪ ﺧﻮﺩ ﺑﺮﺍﻱ ﺧﻮﺩ ﻳﮏ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺻﺎﺩﺭ ﮐﺮﺩﻩ ﻭ ﺳﭙﺲ ﺑﻪ ﺭﺍﻧﻨﺪﮔﻲ ﺑﭙﺮﺩﺍﺯﻳﺪ!)ﻫﺮﭼﻨﺪ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺍﺯ ﻧﻈﺮ ﺩﻳﮕﺮﺍﻥ ﮐﺎﻣﻼ ﺑﻲ ﺍﺭﺯﺵ ﺍﺳﺖ!(. ﻃﺒﻖ ﺑﺤﺚ ﻓﻮﻕ ،ﺷﻤﺎ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺑﺪﻭﻥ ﭘﺮﺩﺍﺧﺖ ﻫﻴﭻ ﻫﺰﻳﻨﻪ ﺍﻱ ﻳﮏ ﭘﺮﻭﺗﮑﻞ SSLﺭﺍ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻱ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.ﻧﻤﻮﻧﻪ ﺑﺎﺭﺯ ﺍﻳﻦ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺷﺒﮑﻪ ﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻳﺎ Intranetﻣﻲ ﺑﺎﺷﺪ.
–٦ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺩﺭ SSLﺑﻪ ﻣﺮﺍﮐﺰﻱ ﮐﻪ ﺍﻗﺪﺍﻡ ﺑﻪ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻲ ﮐﻨﻨﺪ " ،ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ " ] [١٣ﻳﺎ ﺑﻪ ﺍﺧﺘﺼﺎﺭ CAﮔﻔﺘﻪ ﻣﻲ ﺷﻮﺩ.
ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺍﺯ ﻳﮏ ﺷﺨﺺ ﺛﺎﻟﺚ ] ) [١٤ﮐﻪ ﻫﻤﺎﻥ CAﻣﻲ ﺑﺎﺷﺪ( ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻫﻮﻳﺖ ﻃﺮﻓﻴﻦ ﻳﮏ ﺗﺮﺍﮐﻨﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﺪ .ﺩﺭ ﻭﺍﻗﻊ ﻳﮏ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻌﻴﻦ ﻣﻲ ﮐﻨﺪ ﮐﻪ ﺁﻳﺎ ﺷﺨﺼﻲ ﮐﻪ ﺩﺍﺭﻧﺪﻩ ﺁﻥ ﺍﺳﺖ ،ﻭﺍﻗﻌ ﹰﺎ ﻫﻤﺎﻧﻲ ﺍﺳﺖ ﮐﻪ ﺍﺩﻋﺎ ﻣﻲ ﮐﻨﺪ ﻳﺎ ﺧﻴﺮ؟ ﺩﺭ ﺷﮑﻞ ﺯﻳﺮ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻳﮏ ﺭﻭﻧﺪ ﺩﺭﺧﻮﺍﺳﺖ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺗﻮﺳﻂ ﻳﮏ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ) ﻗﺪﻡ ﻫﺎﻱ ٢ ، ١ﻭ (٣ﻭ ﺩﺭ ﺍﺩﺍﻣﻪ ﺁﻥ ﺩﺭﺧﻮﺍﺳﺖ ﮐﺎﺭﺑﺮ ﺑﺮﺍﻱ ﻳﮏ ﺳﺮﻭﺭ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻭ ﭼﮕﻮﻧﮕﻲ ﻣﻄﻤﺌﻦ ﺷﺪﻥ ﻭﻱ ﺍﺯ ﻣﻌﺘﺒﺮ ﺑﻮﺩﻥ ﺁﻥ ﺳﺮﻭﺭ ﺭﺍ ﺑﺒﻴﻨﻴﺪ)ﻗﺪﻡ ﻫﺎﻱ ٦ ، ٥ ، ٤ﻭ : (٧
–٧ﻣﺮﺍﺣﻞ ﮐﻠﻲ ﺑﺮﻗﺮﺍﺭﻱ ﻭ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﺩﺭ ﻭﺏ ﺑﻪ ﻃﻮﺭ ﺳﺎﺩﻩ ﻣﺮﺍﺣﻠﻲ ﮐﻪ ﺩﺭ ﺍﻳﺠﺎﺩ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ SSLﺩﺭ httpﻃﻲ ﻣﻲ ﺷﻮﺩ ،ﺑﻪ ﺻﻮﺭﺕ ﺯﻳﺮ ﻣﻲ ﺑﺎﺷﺪ : ‐١ﮐﺎﺭﺑﺮ ﺩﺭﺧﻮﺍﺳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﻭﺭﮔﺮ ﺑﻪ ﻳﮏ ﺻﻔﺤﻪ ﺍﻣﻦ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ)ﺁﺩﺭﺱ ﺍﻳﻦ ﺻﻔﺤﻪ ﻣﻌﻤﻮﻻ ﺑﺎ https://ﺷﺮﻭﻉ ﻣﻲ ﺷﻮﺩ( ‐٢ﻭﺏ ﺳﺮﻭﺭ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ] [٦ﺧﻮﺩ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺧﻮﺩ ﺑﺮﺍﻱ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ.
‐٣ﻣﺮﻭﺭﮔﺮ ﭼﮏ ﻣﻲ ﮐﻨﺪ ﮐﻪ ﺁﻳﺎ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺗﻮﺳﻂ ﻳﮏ ﻣﺮﮐﺰ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺻﺎﺩﺭ ﺷﺪﻩ ﺍﺳﺖ ﻭ ﺍﻳﻨﮑﻪ ﺁﻳﺎ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﻨﻮﺯ ﺍﻋﺘﺒﺎﺭ ﺩﺍﺭﺩ ؟ ﻭ ﻫﻤﭽﻨﻴﻦ ﺁﻳﺎ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﺮﺗﺒﻂ ﺑﺎ ﺳﺎﻳﺖ ﺩﺭﺧﻮﺍﺳﺘﻲ ﻣﻲ ﺑﺎﺷﺪ؟ ‐٤ﺳﭙﺲ ﻣﺮﻭﺭﮔﺮ ﺍﺯ ﺍﻳﻦ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ] [٦ﺩﺭﻳﺎﻓﺖ ﺷﺪﻩ ﺍﺯ ﻃﺮﻑ ﺳﺮﻭﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﺪ ﺳﭙﺲ ﻳﮏ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ
][١٤
ﺗﺼﺎﺩﻓﻲ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲ ﮐﻨﺪ ﻭ ﺗﻮﺳﻂ ﺁﻥ ﺗﻤﺎﻡ ﺩﺍﺩﻩ ﻫﺎ ﻭ URLﺭﺍ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻣﻲ ﮐﻨﺪ .ﺩﺭ ﻧﻬﺎﻳﺖ ﻫﻢ ﺩﺍﺩﻩ ﻫﺎﻱ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﺧﻮﺩ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺗﻮﻟﻴﺪﻱ ،ﻣﺠﺪﺩﺍ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮐﺮﺩﻩ ﻭ ﻧﺘﻴﺠﻪ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ. ][١٥
‐٥ﻭﺏ ﺳﺮﻭﺭ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ
ﺧﻮﺩ ،ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺳﺎﻳﺮ
ﺩﺍﺩﻩ ﻫﺎ ﻭ URLﺭﺍ ﻧﻴﺰ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲ ﻧﻤﺎﻳﺪ. ‐٦ﻭﺏ ﺳﺮﻭﺭ html ،ﺩﺭﺧﻮﺍﺳﺘﻲ ﺭﺍ ﺑﺎ ﮐﻤﮏ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻭ ﺑﻪ ﮐﺎﺭﺑﺮ ﺑﺎﺯ ﻣﻲ ﮔﺮﺩﺍﻧﺪ. ‐٧ﻣﺮﻭﺭﮔﺮ ﻧﻴﺰ ﺩﺍﺩﻩ ﻫﺎﻱ ﺩﺭﻳﺎﻓﺘﻲ ﺭﺍ ﺑﺎ ﮐﻤﮏ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺧﻮﺩ ﺑﺎﺯﮔﺸﺎﻳﻲ ﮐﺮﺩﻩ ﻭ ﺑﻪ ﮐﺎﺭﺑﺮ ﻧﻤﺎﻳﺶ ﻣﻲ ﺩﻫﺪ. ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺍﺯ ﻣﺮﺣﻠﻪ ٣ﭘﻴﺪﺍﺳﺖ ،ﺩﺭ ﺍﻳﻦ ﻣﺮﺣﻠﻪ ﺍﺳﺖ ﮐﻪ ﻣﻴﺰﺍﻥ ﺍﻋﺘﺒﺎﺭ CAﻣﺸﺨﺺ ﻣﻲ ﺷﻮﺩ .ﺩﺭ ﺻﻮﺭﺗﻲ ﮐﻪ ﺍﻳﻦ CAﺑﻪ ﻫﺮ ﺩﻟﻴﻞ ﺍﺯ ﻧﻈﺮ ﻣﺮﻭﺭﮔﺮ ﺩﺍﺭﺍﻱ ﺍﻋﺘﺒﺎﺭ ﻭ ﺷﺮﺍﻳﻂ ﺧﺎﺻﻲ ﻧﺒﺎﺷﻨﺪ ،ﻫﺸﺪﺍﺭﻱ ﻣﺒﻨﻲ ﺑﺮ ﻋﺪﻡ ﺍﻣﻦ ﺑﻮﺩﻥ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﺑﻪ ﮐﺎﺭﺑﺮ ﺍﺭﺍﻳﻪ ﻣﻲ ﺩﻫﺪ .ﺗﻮﺟﻪ ﮐﻨﻴﺪ ﮐﻪ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺗﻨﻬﺎ ﺑﻪ ﻫﺸﺪﺍﺭ ﺑﺴﻨﺪﻩ ﻣﻲ ﺷﻮﺩ ،ﺍﻃﻤﻴﻨﺎﻥ ﺑﻪ ﺁﻥ ﺑﻪ ﺷﻤﺎ ﻭ ﺷﺮﺍﻳﻂ ﺷﻤﺎ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﺿﻤﻦ ﺁﻧﮑﻪ ﺍﻳﻦ ﻫﺸﺪﺍﺭ ﻫﺮﮔﺰ ﻧﻤﻲ ﺗﻮﺍﻧﺪ ﺑﻪ ﻣﻌﻨﺎﻱ ﻗﻄﻌﻲ ﻋﺪﻡ ﻭﺟﻮﺩ ﺍﻣﻨﻴﺖ ﺑﺎﺷﺪ.ﺣﺎﻝ ﺍﮔﺮ ﺷﻤﺎ ﻳﮏ CAﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻱ ﮐﺮﺩﻳﺪ ،ﻣﺴﻠﻤﺎ ﻫﻴﭻ ﮐﺪﺍﻡ ﺍﺯ ﻣﺮﻭﺭﮔﺮ ﻫﺎ ﺷﻤﺎ ﺭﺍ ﻧﻤﻲ ﺷﻨﺎﺳﻨﺪ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﮔﻮﺍﻫﻲ ﻫﺎﻱ ﺻﺎﺩﺭ ﺷﺪﻩ ﺍﺯ ﻃﺮﻑ ﺷﻤﺎ ﺭﺍ ﻧﺎ ﺍﻣﻦ ﻣﻲ ﭘﻨﺪﺍﺭﻧﺪ.ﺍﺯ ﺁﻧﺠﺎ ﮐﻪ ﮐﺎﺭﺑﺮﺍﻥ ﻋﺎﺩﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﺍﻳﻦ ﻫﺸﺪﺍﺭ ﻫﺎ ﺭﺍ ﺟﺪﻱ ﺩﺭ ﻧﻈﺮ ﻣﻲ ﮔﻴﺮﻧﺪ ،ﺍﺯ ﺍﺩﺍﻣﻪ ﺗﺮﺍﮐﻨﺶ ﺑﺎ ﺳﺎﻳﺖ ﺷﻤﺎ ﺻﺮﻑ ﻧﻈﺮ ﺧﻮﺍﻫﻨﺪ ﮐﺮﺩ.
–٨ﻧﮑﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ
•
ﺷﻤﺎ ﺩﺭ ﺻﻮﺭﺗﻲ ﺑﻪ ﻳﮏ ﺳﺎﻳﺖ ﺑﺎ ﻳﮏ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻌﻴﻦ ﺍﻋﺘﻤﺎﺩ ﻣﻲ ﮐﻨﻴﺪ ﮐﻪ ﺁﻧﺮﺍ ﻳﮏ CAﻣﻌﺘﺒﺮ )ﺣﺪﺍﻗﻞ ﻧﺰﺩ ﺷﻤﺎ( ﺍﻣﻀﺎ ﮐﺮﺩﻩ ﺑﺎﺷﺪ.ﺩﺭ ﻭﺍﻗﻊ ﺍﻳﻦ ﺍﻋﺘﻤﺎﺩ ﺷﻤﺎ ﺿﻤﻨﻲ ﺍﺳﺖ .ﺑﻪ ﺍﻳﻦ ﺭﻭﻧﺪ ،ﺩﺭﺧﺖ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ] [١٦ﻳﺎ ﻣﺴﻴﺮ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ
•
][١٧
ﮔﻔﺘﻪ ﻣﻲ ﺷﻮﺩ .ﻣﻌﻤﻮﻻ ﻣﺮﻭﺭﮔﺮﻫﺎ ﺗﻌﺪﺍﺩﻱ ﺍﺯ CAﻫﺎ ﻱ ﻣﻌﺮﻭﻑ ﺭﺍ ﺑﺮﺍﻱ ﺧﻮﺩ ﺩﺭ ﻧﻈﺮ ﻣﻲ ﮔﻴﺮﺩ.
CAﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﮐﻪ ﺷﺎﻳﺪ ﻣﺸﻬﻮﺭﺗﺮﻳﻦ ﺁﻥ verisignﺑﺎﺷﺪ.ﺑﻪ ﻫﺮ ﺣﺎﻝ ﻗﺮﺍﺭ ﻧﻴﺴﺖ ﺷﻤﺎ ﻫﻤﻴﺸﻪ ،ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺗﺮﺍﮐﻨﺶ ﺧﻮﺩ ،ﺑﻪ ﺗﻤﺎﻡ CAﻫﺎ )ﻳﺎ ﺑﻪ ﻋﺒﺎﺭﺕ ﺑﻬﺘﺮ ﺑﻪ ﺍﻧﻮﺍﻉ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺁﻧﻬﺎ( ﺍﻋﺘﻤﺎﺩ ﮐﻨﻴﺪ .ﻳﮏ ﺭﺍﻩ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻣﻴﺰﺍﻥ ﻣﺒﻠﻐﻲ ﺍﺳﺖ ﮐﻪ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻮﺭﺩ ﻧﻈﺮ ﺗﺮﺍﮐﻨﺶ ﺷﻤﺎ ﺭﺍ ﺑﻴﻤﻪ ﻣﻲ ﮐﻨﺪ.ﺑﻪ ﻃﻮﺭ ﻣﺜﺎﻝ ﺣﺪﺍﮐﺜﺮ ﻣﺒﻠﻐﻲ ﮐﻪ iranSSLﺗﺮﺍﮐﻨﺶ ﺷﻤﺎ ﺭﺍ ﺑﻴﻤﻪ ﻣﻲ ﮐﻨﺪ ١٠،٠٠٠ﺩﻻﺭ ﻣﻲ ﺑﺎﺷﺪ .ﺍﻣﺎ Verisignﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺍﻱ ﺩﺍﺭﺩ ﮐﻪ ﺗﺎ ٢٥٠،٠٠٠ﺩﻻﺭ ﺗﺮﺍﮐﻨﺶ ﺷﻤﺎ ﺭﺍ ﺑﻴﻤﻪ ﻣﻲ ﻧﻤﺎﻳﺪ).ﺑﺴﻴﺎﺭ ﻣﺸﺎﺑﻪ ﺑﺎ ﻭﺿﻌﻴﺖ ﺷﺮﮐﺖ ﻫﺎﻱ ﺑﻴﻤﻪ(
•
ﭘﺮﻭﺗﮑﻞ SSLﺑﺮ ﺍﺳﺎﺱ ﻣﻴﺰﺍﻥ ﺍﻣﻦ ﺑﻮﺩﻥ ﺩﺳﺘﻪ ﺑﻨﺪﻱ ﻣﻲ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺩﺳﺘﻪ ﺑﻨﺪﻱ ﺑﺮ ﺍﺳﺎﺱ ﻣﻘﺪﺍﺭ bitﻫﺎﻱ ﺗﻮﻟﻴﺪﻱ ﺑﻪ ﺍﺯﺍﺀ ﻫﺮ ﺑﺨﺶ ﺍﺯ ﺩﺍﺩﻩ ﺍﻱ ﺍﺳﺖ ﮐﻪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻣﻲ ﺷﻮﺩ.ﻣﺴﻠﻤﺎ ﻫﺮﭼﻪ ﺗﻌﺪﺍﺩ ﺍﻳﻦ bitﻫﺎﻱ ﺗﻮﻟﻴﺪﻱ ﺑﻴﺸﺘﺮ ﺑﺎﺷﺪ ،ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ ﺑﺪﻭﻥ ﮐﻠﻴﺪ ،ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺗﺮ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮐﻠﻴﺪ ﻧﻴﺰ ﺯﻣﺎﻥ ﺑﺮﺗﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺑﻪ
ﻋﻨﻮﺍﻥ ﻧﻤﻮﻧﻪ ﻳﮏ SSLﺑﺎ ٤٠ﻳﺎ ٥٦ﺑﻴﺖ )ﮐﻪ ﻳﮏ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺿﻌﻴﻒ ﻣﻲ ﺑﺎﺷﺪ( ﻣﻲ ﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻳﮏ ﻫﮑﺮ ﺑﺎ ﺍﺑﺰﺍﺭ ﮐﺎﻓﻲ ،ﺩﺭ ﻋﺮﺽ ﭼﻨﺪ ﺩﻗﻴﻘﻪ ﺷﮑﺴﺘﻪ ﺷﻮﺩ .ﺍﻣﺎ ﻫﻤﻴﻦ ﻫﮑﺮ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ١٢٨ SSLﺑﻴﺘﻲ ،ﻧﻴﺎﺯ ﺑﻪ ٢٨٨ﺑﺎﺭ ﺯﻣﺎﻥ ﺑﻴﺸﺘﺮ ﺩﺍﺭﺩ! ﻭ ﺍﻳﻦ ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﮐﻪ ١٢٨ SSLﺑﻴﺘﻲ ﻧﺴﺒﺖ ﺑﻪ ﺣﺎﻟﺖ ٤٠ﻳﺎ ٥٦ﺑﻴﺘﻲ ﺗﺮﻟﻴﻮﻥ ﺗﺮﻟﻴﻮﻥ ﺑﺎﺭ ﺍﻣﻦ ﺗﺮ ﻭ ﻏﻴﺮ ﻗﺎﺑﻞ ﻧﻔﻮﺫ ﺗﺮ ﺍﺳﺖ! •
ﻳﮏ ﺑﺤﺚ ﺩﻳﮕﺮ ﺍﻳﻨﺠﺎ ﻣﻄﺮﺡ ﻣﻲ ﺷﻮﺩ ﻭ ﺁﻥ ﺍﻳﻨﮑﻪ ﺍﮔﺮ ﻳﮏ ﻫﮑﺮ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺧﻮﺩ ﺭﺍ ﺟﺎﻳﮕﺰﻳﻦ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﮐﺮﺩ .ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ﻋﻤﻼ ﻫﮑﺮ ﺑﻪ ﺭﺍﺣﺘﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﮐﺎﺭﺑﺮ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺩﺭ ﻭﺍﻗﻊ ﺍﻳﻦ ﺩﻗﻴﻘﺎ ﻫﻤﺎﻥ ﺟﺎﻳﻲ ﺍﺳﺖ ﮐﻪ ﻟﺰﻭﻡ ﻭﺟﻮﺩ CAﻫﺎ ﺩﺭ ﭘﺮﻭﺗﮑﻞ SSLﻣﻄﺮﺡ ﻣﻲ ﺷﻮﺩ.ﺩﺭ ﻭﺍﻗﻊ CAﻫﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﺭﺍ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺍﻣﻀﺎ ﻣﻲ ﮐﻨﻨﺪ.ﻣﺮﻭﺭﮔﺮ ﻫﻢ CAﻫﺎﻱ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺭﺍ ﻣﻲ ﺷﻨﺎﺳﺪ)ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺁﻧﻬﺎ ﺭﺍ ﺩﺍﺭﺩ(.ﺍﻳﻦ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﮐﻪ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ CAﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ﻫﻤﺎﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻲ ﺑﺎﺷﺪ.ﺍﺯ ﺁﻧﺠﺎ ﮐﻪ ﺳﺮﻭﺭ ﻣﻲ ﺑﺎﻳﺴﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺧﻮﺩ ﺭﺍ ﺍﺭﺳﺎﻝ ﮐﻨﺪ ،ﺩﺭ ﺳﻤﺖ ﻣﺮﻭﺭﮔﺮ ﺳﻌﻲ ﻣﻲ ﺷﻮﺩ ﮐﻪ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻫﺎﻱ ﻋﻤﻮﻣﻲ CAﻫﺎﻳﻲ ﺭﺍ ﮐﻪ ﻣﻲ ﺷﻨﺎﺳﺪ ،ﺁﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺭﺍ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﮐﻨﺪ.ﺍﮔﺮ ﻣﻮﻓﻖ ﺷﺪ ﻭ ﻧﺘﻴﺠﻪ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﻳﮑﺴﺎﻥ ﺑﻮﺩ ﺩﺭ ﻭﺍﻗﻊ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ.ﺩﺭ ﺍﻳﻦ ﺻﻮﺭﺕ ﺍﻣﮑﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ).ﺩﻗﻴﻘﺎ ﻫﻤﺎﻥ ﺑﺤﺚ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ(
•
ﺷﺮﮐﺖ Verisignﻳﮏ ﺩﻭﺭﻩ ﺁﺯﻣﺎﻳﺸﻲ ﻣﺠﺎﻧﻲ ﺑﺮﺍﻱ ﮐﺎﺭ ﺑﺎ SSLﻣﻲ ﺩﻫﺪ ﮐﻪ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﻟﻴﻨﮏ ﺯﻳﺮ ﺍﺯ ﺁﻥ ﺑﻬﺮﻩ ﮔﻴﺮﻳﺪ :
http://www.verisign.com/products-services/security-services/ssl/ssl-informationcenter/ssl-features-description/index.html
–٩ﻭﺍﮊﻩ ﻧﺎﻣﻪ ]Individual Messages : [١ ]Authenticate : [٢ ]Handshaking : [٣ ]Cipher Preferences : [٤ ]Master Key : [٥ ]Public Key : [٦ ]Challenge : [٧ ]Public-Key Certificate : [٨ ]Transport Layer Security : [٩ ]Wireless TLS : [١٠ ]Wireless Application Protocol : [١١ ]Certificate : [١٢ ]Certificate Authority (CA) : [١٣ ]symmetric key : [١٤
private key : [١٥] certificate trust tree : [١٦] certificate path : [١٧] Sniffing : [١٨]
– ﻓﻬﺮﺳﺖ ﻣﻨﺎﺑﻊ١٠ ١- http://www.webopedia.com/TERM/S/SSL.html ٢- http://www.rsasecurity.com/rsalabs/node.asp?id=٢٢٩٣ ٣- http://www.webopedia.com/TERM/S/S_HTTP.htm ٤- http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x٦٤.html ٥- http://www.verisign.com/products-services/security-services/ssl/sslinformation-center/faq/index.html ﮐﺘﺎﺏ ﻣﻘﺎﻻﺕ ﭼﻬﺎﺭﻣﻴﻦ ﻫﻤﺎﻳﺶ ﻣﻠﻲ ﺩﺍﻧﺸﺠﻮﻳﻲ، ﻣﺪﻝ ﻫﺎﻱ ﺍﻋﺘﻤﺎﺩ ﺑﺮ ﺑﺴﺘﺮ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ، ‐ ﻗﺪﻳﺮ ﭘﻮﺭ ﺭﺳﺘﻢ٦ ١٣٨١ ، ﺍﻧﺠﻤﻦ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺍﻳﺮﺍﻥ
‐١ﺗﻌﺮﻳﻒ ﺑﺮﺍﻱ ﺷﺮﻭﻉ ،ﺑﺎ ﺗﻌﺮﻳﻔﻲ ﮐﻠﻲ ﺍﺯ SSLﮐﻪ ﺩﺭ ﺳﺎﻳﺖ webopediaﺁﻣﺪﻩ ﺍﺳﺖ ﻣﻄﻠﺐ ﺭﺍ ﺁﻏﺎﺯ ﻣﻲ ﮐﻨﻴﻢ :
" SSLﭘﺮﻭﺗﮑﻞ ﺍﻱ ﺍﺳﺖ ﮐﻪ ﺗﻮﺳﻂ ﺷﺮﮐﺖ Netscapeﻭ ﺑﺮﺍﻱ ﺭﺩ ﻭ ﺑﺪﻝ ﮐﺮﺩﻥ ﺳﻨﺪ ﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺘﻪ ﺍﺳﺖ SSL.ﺍﺯ ﻳﮏ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺑﻪ ﺭﻣﺰ ﺩﺭ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺗﻲ ﮐﻪ ﺑﺮ ﺭﻭﻱ ﻳﮏ ﺍﺭﺗﺒﺎﻁ SSLﻣﻨﺘﻘﻞ ﻣﻲ ﺷﻮﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻧﻤﺎﻳﺪ .ﻫﺮ ﺩﻭ ﻣﺮﻭﺭﮔﺮ Internet Explorerﻭ ] Netscape Navigatorﻭ ﺍﻣﺮﻭﺯﻩ ﺗﻤﺎﻡ ﻣﺮﻭﺭﮔﺮ ﻫﺎﻱ ﻣﺪﺭﻥ[ ﺍﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲ ﻧﻤﺎﻳﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻭﺏ ﺳﺎﻳﺖ ﻫﺎ ﺑﺮﺍﻱ ﻓﺮﺍﻫﻢ ﮐﺮﺩﻥ ﺑﺴﺘﺮﻱ ﻣﻨﺎﺳﺐ ﺟﻬﺖ ﺣﻔﻆ ﮐﺮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﮐﺎﺭﺑﺮﺍﻥ )ﻣﺎﻧﻨﺪ ﺷﻤﺎﺭﻩ ﮐﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ( ﺍﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻧﻤﺎﻳﻨﺪ .ﻃﺒﻖ ﺁﻧﭽﻪ ﺩﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺁﻣﺪﻩ ﺍﺳﺖ URL ،ﻫﺎﻳﻲ ﮐﻪ ﻧﻴﺎﺯ ﺑﻪ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﺯ ﻧﻮﻉ SSLﺩﺍﺭﻧﺪ ﺑﺎ https:ﺑﻪ ﺟﺎﻱ http:ﺷﺮﻭﻉ ﻣﻲ ﺷﻮﻧﺪ. ﭘﺮﻭﺗﮑﻞ ﺩﻳﮕﺮﻱ ﮐﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺻﻮﺭﺕ ﺍﻣﻦ ﺑﺮ ﺭﻭﻱ ﺷﺒﮑﻪ ﺟﻬﺎﻧﻲ ﻭﺏ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﭘﺮﻭﺗﮑﻞ ﺍﻱ ﺍﺳﺖ ﺑﻪ ﻧﺎﻡ Secure HTTPﻳﺎ . S-HTTPﺩﺭ ﺣﺎﻟﻴﮑﻪ SSLﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﻣﻴﺎﻥ Clientﻭ Serverﺍﻳﺠﺎﺩ ﻣﻲ ﮐﻨﺪ ﺗﺎ ﻫﺮ ﺍﻃﻼﻋﺎﺗﻲ ﮐﻪ ﺑﺮ ﺭﻭﻱ ﺁﻥ ﻣﻨﺘﻘﻞ ﻣﻲ ﺷﻮﺩ ﺍﻣﻦ ﺑﺎﺷﺪ S-HTTP ،ﺑﺮﺍﻱ ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ ﺗﺎ ﻃﺒﻖ ﺁﻥ ﭘﻴﺎﻡ ﻫﺎﻱ
ﻣﻨﻔﺮﺩ] [١ﺑﻪ ﻃﻮﺭ ﺍﻣﻦ ﻣﻨﺘﻘﻞ ﺷﻮﻧﺪ.ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻳﻦ ﺩﻭ ﺗﮑﻨﻮﻟﻮﮊﻱ ﻗﺒﻞ ﺍﺯ ﺁﻧﮑﻪ ﺩﻭ ﺗﮑﻨﻮﻟﻮﮊﻱ ﺭﻗﻴﺐ ﺑﺎﺷﻨﺪ ،ﺩﻭ ﺗﮑﻨﻮﻟﻮﮊﻱ ﻣﮑﻤﻞ ﻫﺴﺘﻨﺪ .ﻫﺮ ﺩﻭ ﻱ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻫﺎ ﺑﻪ ﻋﻨﻮﺍﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﺯ ﺳﻮﻱ IETFﭘﺬﻳﺮﻓﺘﻪ ﺷﺪﻩ ﺍﻧﺪ”. ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﮐﻪ SSLﻳﮏ ﭘﺮﻭﺗﮑﻞ ﻣﺴﺘﻘﻞ ﺍﺯ ﻻﻳﻪ ﺑﺮﻧﺎﻣﻪ ﺍﺳﺖ ). (Application Independent ﺑﻨﺎﺑﺮﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻫﺎﻳﻲ ﻣﺎﻧﻨﺪ FTP ، HTTPﻭ Telnetﻗﺎﺑﻠﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺭﺍ ﺩﺍﺭﻧﺪ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ SSLﺑﺮﻭﻱ ﭘﺮﻭﺗﮑﻞ ﻫﺎﻱ FTP ، HTTPﻭ IPSecﺑﻬﻴﻨﻪ ﺷﺪﻩ ﺍﺳﺖ.
–٢ﻣﻔﺎﻫﻴﻢ ﺭﻣﺰ ﻧﮕﺎﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻭ ﻧﺎ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺎﺱ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻫﺎ ﻭﺟﻮﺩ ﮐﻠﻴﺪ ﻫﺎ ﻣﻲ ﺑﺎﺷﻨﺪ.ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺷﻤﺎ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﻧﻈﺮ ﺧﻮﺩ ﺭﺍ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻗﻔﻞ ﻣﻲ ﮐﻨﻴﺪ ﻭ ﺳﭙﺲ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ ﻣﺠﺪﺩﺍ ﺍﺯ ﮐﻠﻴﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﻴﺪ .ﺩﺭ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﺑﺎ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ،ﻫﺮ ﺩﻭ ﮐﻠﻴﺪﻱ ﮐﻪ ﺑﺮﺍﻱ ﻗﻔﻞ ﻭ ﺑﺎﺯ ﮐﺮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ ﻳﮑﺴﺎﻥ ﻣﻲ ﺑﺎﺷﺪ .ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﻫﺮ ﺩﻭ ﻃﺮﻑ ﺍﺯ ﻳﮏ ﮐﻠﻴﺪ ﻳﮑﺴﺎﻥ ﺑﻬﺮﻩ ﻣﻲ ﺑﺮﻧﺪ ﮐﻪ ﺑﺎﻳﺪ ﻧﺰﺩ ﺧﻮﺩﺷﺎﻥ ﺍﻣﻦ ﺑﺎﺷﺪ. ﺗﻮﺟﻪ ﮐﻨﻴﺪ ﮐﻪ ﻣﻔﻬﻮﻡ ﮐﻠﻴﺪ ﺩﺭ ﻣﺒﺎﺣﺚ ﻣﺮﺗﺒﻂ ،ﻋﻤﻮﻣﺎ ﻳﮏ ﺁﺭﺍﻳﻪ ﺍﺯ ﺑﺎﻳﺖ ﻫﺎ ﻣﻲ ﺑﺎﺷﺪ ﮐﻪ ﺑﺮ ﺍﺳﺎﺱ ﻧﻮﻉ ﺍﻣﻨﻴﺖ ﻃﻮﻝ ﻣﺘﻔﺎﻭﺗﻲ ﺩﺍﺭﺩ.ﻣﺜﻼ ٠١١٠١١٠٠١١٠٠١٠١١١٠٠١ﻣﻲ ﺗﻮﺍﻧﺪ ﻳﮏ ﮐﻠﻴﺪ ﺑﺎﺷﺪ.ﺍﻟﺒﺘﻪ ﻋﻤﻮﻣﺎ ﮐﻠﻴﺪ ﻫﺎ ﺩﺭ ﻣﺒﻨﺎﻱ ١٦ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﻣﻲ ﺷﻮﻧﺪ .ﺑﻪ ﻫﺮ ﺣﺎﻝ ﻭﻇﻴﻔﻪ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﮐﻠﻴﺪ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﻧﺪﻩ ﺁﻥ ﺍﺳﺖ! ﺩﺭ ﺷﮑﻞ ﺯﻳﺮ ﻧﺤﻮﻩ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ:
ﺍﻣﺎ ﻧﻮﻋﻲ ﺩﻳﮕﺮ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﮐﻪ ﺍﺳﺎﺱ SSLﻧﻴﺰ ﻣﻲ ﺑﺎﺷﺪ.ﺩﺭ ﺍﻳﻦ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮐﻪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻧﺎ ﻣﺘﻘﺎﺭﻥ ﻳﺎ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻧﺎﻣﻴﺪﻩ ﻣﻲ ﺷﻮﺩ ،ﺩﻭ ﻧﻮﻉ ﮐﻠﻴﺪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ : •
ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ
•
ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ
][٦ ][١٥
ﺩﺭ ﺍﻳﻦ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮔﻔﺘﻪ ﻣﻲ ﺷﻮﺩ ﮐﻪ ﺍﮔﺮ ﺩﺍﺩﻩ ﺍﻱ ﺑﺎ ﻳﮏ ﮐﻠﻴﺪ ﻗﻔﻞ ﺷﺪ ،ﺑﺎ ﻫﻤﺎﻥ ﮐﻠﻴﺪ ﺑﺎﺯ ﻧﻤﻲ ﺷﻮﺩ ﻭ ﻓﻘﻂ ﺍﻣﮑﺎﻥ ﺑﺎﺯ ﺷﺪﻥ ﺁﻥ ﺑﺎ ﮐﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻳﻦ ﮐﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ ﻧﺰﺩ ﻃﺮﻑ ﻣﻘﺎﺑﻞ ﺍﺳﺖ ﻭ ﺍﻣﮑﺎﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺁﻥ ﺍﺯ ﮐﻠﻴﺪ ﺩﻳﮕﺮ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺳﺎﺩﻩ ﺗﺮ ﺍﮔﺮ ﺷﻤﺎ ﺩﺭ ﺧﺎﻧﻪ ﺗﺎﻥ ﺭﺍ ﺑﺎ ﮐﻠﻴﺪ Aﻗﻔﻞ ﻧﻤﻮﺩﻳﺪ ،ﺗﻨﻬﺎ ﺍﻣﮑﺎﻥ ﺑﺎﺯ ﺷﺪﻥ ﺁﻥ ﺑﺎ ﮐﻠﻴﺪ ﻣﺘﻨﺎﻇﺮ Bﻭﺟﻮﺩ
ﺩﺍﺭﺩ ﻭ ﺍﻳﻦ ﺩﺭ ﺣﺎﻟﻴﺴﺖ ﮐﻪ ﺍﻣﮑﺎﻥ ﻓﻬﻤﻴﺪﻥ ﺁﻧﮑﻪ ﮐﻠﻴﺪ Bﭼﮕﻮﻧﻪ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ ﺑﺮﺍﻱ ﺷﻤﺎ ﻧﻴﺰ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺣﺎﻝ ﺍﮔﺮ ﮐﻠﻴﺪ ﺧﻮﺩ ﺭﺍ ﺩﺭﻭﻥ ﺩﺭ ﻧﻴﺰ ﺟﺎ ﺑﮕﺬﺍﺭﻳﺪ ،ﻣﺴﺎﻟﻪ ﺍﻱ ﻧﻴﺴﺖ! ﺣﺎﻝ ﺑﻪ ﺑﺤﺚ ﺑﺎﺯ ﻣﻲ ﮔﺮﺩﻳﻢ :ﺷﻤﺎ ﺩﺭﺧﻮﺍﺳﺖ ﺩﺍﺩﻩ ﺍﻱ ﺭﺍ ﺍﺯ ﻳﮏ ﺳﺮﻭﺭ ﺍﻣﻦ ﻣﻲ ﮐﻨﻴﺪ ،ﺳﺮﻭﺭ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ .ﺷﻤﺎ ﺩﺍﺩﻩ ﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺍﻳﻦ ﮐﻠﻴﺪ ﻗﻔﻞ ﻣﻲ ﮐﻨﻴﺪ ﻭ ﺑﺮﺍﻱ ﺳﺮﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﻴﺪ .ﺣﺎﻝ ﺍﮔﺮ ﺍﻳﻦ ﻭﺳﻂ ﮐﺴﻲ ﺧﻮﺍﺳﺖ ﺩﺍﺩﻩ ﻫﺎ ﺭﺍ ﺑﺒﻴﻨﺪ] ، [١٨ﻧﻤﻲ ﺗﻮﺍﻧﺪ ،ﭼﺮﺍﮐﻪ ﺍﻳﻦ ﺩﺍﺩﻩ ﻫﺎ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺎﺯ ﻧﻤﻲ ﺷﻮﻧﺪ! .ﺩﺭ ﻃﺮﻑ ﻣﻘﺎﺑﻞ ﺳﺮﻭﺭ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺹ ﺧﻮﺩ ﺩﺍﺩﻩ ﻫﺎ ﺭﺍ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﻣﻲ ﮐﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﺪ. ﺷﮑﻞ ﺯﻳﺮ ﺭﻭﻧﺪ ﺫﮐﺮ ﺷﺪﻩ ﺭﺍ ﻣﻲ ﺭﺳﺎﻧﺪ :
ﺗﻮﺟﻪ :ﺩﺭ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺭﻭﻧﺪ ﺑﺮﻋﮑﺲ ﺍﺳﺖ).ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﭼﻴﺰﻱ ﺟﺰ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺩﺍﺩﻩ ﻫﺎ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻓﺮﺳﺘﻨﺪﻩ ﻧﻴﺴﺖ( .ﻣﺎ ﺩﺭ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲ ﺧﻮﺍﻫﻴﻢ ﺑﺒﻴﻨﻴﻢ ﮐﻪ ﺁﻳﺎ ﺩﺍﺩﻩ ﻫﺎﻱ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﻭﺍﻗﻌ ﹰﺎ ﺍﺯ ﻃﺮﻑ ﺷﺨﺼﻲ ﺍﺳﺖ ﮐﻪ ﺍﺩﻋﺎ ﻣﻲ ﮐﻨﺪ ﻳﺎ ﺧﻴﺮ؟ ﺑﻪ ﻃﻮﺭ ﺳﺎﺩﻩ ﮐﺎﺭﺑﺮ ﻧﺎﻡ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻣﻲ ﮐﻨﺪ .ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ﻫﻤﻪ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻭﻱ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻧﺎﻡ ﻭﻱ ﺭﺍ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﮐﻨﻨﺪ ﻭ ﺍﻳﻦ ﺻﺤﻴﺢ ﺍﺳﺖ! ﭼﺮﺍﮐﻪ ﻫﻴﭻ ﮐﺲ ﺩﻳﮕﺮ ﻗﺎﺩﺭ ﻧﻴﺴﺖ ﺩﺍﺩﻩ ﺍﻱ ﺗﻮﻟﻴﺪ ﮐﻨﺪ ﮐﻪ ﻧﺘﻴﺠﻪ ﺑﺎﺯ ﺷﺪﻥ ﺁﻥ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺷﺨﺺ ﺍﻣﻀﺎ ﮐﻨﻨﺪﻩ ﺑﺮﺍﺑﺮ ﺑﺎﺷﺪ!. ﺍﻟﺒﺘﻪ ﺩﺭ ﻋﻤﻞ ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﺯ ﺗﻮﺍﺑﻊ Hashﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ .ﭼﺮﺍﮐﻪ ﺩﺭ ﺣﺎﻟﺖ ﻓﻮﻕ ،ﺍﻭﻻ ﻧﺎﻡ ﮐﺎﺭﺑﺮ ﺭﺍ ﺑﺎﻳﺪ ﻓﻘﻂ ﮐﺎﺭﺑﺮ ﻭ ﺳﺮﻭﺭ ﺑﺪﺍﻧﻨﺪ ﻭ ﺩﻳﮕﺮ ﺁﻧﮑﻪ ﺍﺯ ﮐﺠﺎ ﻣﻌﻠﻮﻡ ﮐﻪ ﺩﺍﺩﻩ ﺍﺭﺳﺎﻟﻲ ﻫﻤﺎﻧﻲ ﺍﺳﺖ ﮐﻪ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﮐﺎﺭﺑﺮ ﺑﺎ ﺁﻥ ﺑﻮﺩﻩ ﺍﺳﺖ)ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺷﺎﻳﺪ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﻣﺘﻦ ﺍﻃﻼﻋﺎﺕ ﺗﻐﻴﻴﺮ ﮐﺮﺩ( ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺫﮐﺮ ﺷﺪ ،ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺍﺯ ﺗﻮﺍﺑﻊ Hashﮐﻪ ﻳﮏ ﻃﺮﻓﻪ ﻫﺴﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ.ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺍﮔﺮ ﺩﺍﺩﻩ ﺍﻱ hashﺷﺪ ،ﺩﻳﮕﺮ ﺑﻪ ﻫﻴﭻ ﻋﻨﻮﺍﻥ )ﻭ ﺗﻮﺳﻂ ﻫﻴﭻ ﮐﻠﻴﺪﻱ( ﻗﺎﺑﻞ ﺑﺮﮔﺸﺖ ﻧﻴﺴﺖ. ﺑﺪﻳﻦ ﻣﻨﻈﻮﺭ ﻣﺘﻦ ﻧﺎﻣﻪ ﺍﺑﺘﺪﺍ hashﻣﻲ ﮔﺮﺩﺩ ﻭ ﺳﭙﺲ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺍﻣﻀﺎ ﻣﻲ ﺷﻮﺩ.
ﺳﭙﺲ ﺍﻣﻀﺎ ﻭ ﻣﺘﻦ ﻧﺎﻣﻪ ﺍﺭﺳﺎﻝ ﻣﻲ ﺷﻮﺩ .ﺩﺭ ﻃﺮﻑ ﺳﺮﻭﺭ ﻫﻢ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺩﺍﺩﻩ hashﺷﺪﻩ ﺑﺪﺳﺖ ﻣﻲ ﺁﻳﺪ .ﻣﺘﻦ ﺍﺭﺳﺎﻟﻲ ﻫﻢ hashﻣﻲ ﺷﻮﺩ .ﺣﺎﻝ ﺍﮔﺮ ﺍﻳﻦ ﺩﻭ ﻧﺘﻴﺠﻪ ﻳﮑﺴﺎﻥ ﺑﻮﺩ ،ﺩﺍﺩﻩ ﻫﺎ ﻭﺍﻗﻌ ﹰﺎ ﺍﺯ ﻃﺮﻑ ﮐﺴﻲ ﮐﻪ ﻣﺪﻋﻲ ﺁﻥ ﺍﺳﺖ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ .ﭼﺮﺍ ﮐﻪ ﺍﮔﺮ ﻣﺘﻦ ﻧﺎﻣﻪ ﻋﻮﺽ ﺷﻮﺩ ،ﻧﺘﻴﺠﻪ hashﺁﻥ ﻫﻢ ﻣﺘﻔﺎﻭﺕ ﻭ ﻣﻘﺎﻳﺴﻪ ﻧﺘﻴﺠﻪ ﻳﮑﺴﺎﻧﻲ ﺭﺍ ﺑﺮ ﻧﻤﻲ ﮔﺮﺩﺍﻧﺪ. ﺩﺭ ﻧﻤﻮﺩﺍﺭ ﺯﻳﺮ ،ﺭﻭﻧﺪ ﮐﺎﺭ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻣﻲ ﮐﻨﻴﺪ )ﻗﻄﻌﻪ ﻫﺎﻱ ﺧﺎﮐﺴﺘﺮﻱ ﺭﻧﮓ ﻧﺸﺎﻥ ﺩﻫﻨﺪﻩ Hashﺷﺪﻥ ﻣﺘﻦ ﻧﺎﻣﻪ ﻣﻲ ﺑﺎﺷﻨﺪ(
– ٣ﺳﺎﺧﺘﺎﺭ ﻭ ﺭﻭﻧﺪ ﺁﻏﺎﺯﻳﻦ ﭘﺎﻳﻪ ﮔﺬﺍﺭﻱ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﺩﺭ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﻗﺒﻞ ﺍﺯ ﺁﻧﮑﻪ ﺍﻃﻼﻋﺎﺗﻲ ﻣﺎﺑﻴﻦ ﺩﺭﺧﻮﺍﺳﺖ ﺩﻫﻨﺪﻩ ﻭ ﺳﺮﻭﺭ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﻮﺩ ،ﻣﻲ ﺑﺎﻳﺴﺖ ﺍﺑﺘﺪﺍ ﺳﺮﻭﺭ ﺗﺼﺪﻳﻖ ﮔﺮﺩﺩ]. [٢ ﺑﻪ ﻃﻮﺭ ﮐﻠﻲ ﻣﺮﺣﻠﻪ ﺁﻏﺎﺯﻳﻦ ﺷﺮﻭﻉ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ] [٣ﺍﺯ ﺩﻭ ﻓﺎﺯ ﺗﺸﮑﻴﻞ ﺷﺪﻩ ﺍﺳﺖ :ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﺭ ﻭ ﻣﺮﺣﻠﻪ ﺍﺧﺘﻴﺎﺭﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺸﺘﺮﻱ .ﺩﺭ ﻓﺎﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﺭ ،ﺳﺮﻭﺭ ﺩﺭ ﺟﻮﺍﺏ ﺩﺭﺧﻮﺍﺳﺖ ﻣﺸﺘﺮﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺧﻮﺩ ﻭ ﻓﺮﻣﻮﻝ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺧﻮﺩ] [٤ﺭﺍ ﺑﺮﺍﻱ ﻣﺸﺘﺮﻱ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ .ﺳﭙﺲ ﻣﺸﺘﺮﻱ ﻳﮏ ﮐﻠﻴﺪ ﺍﺻﻠﻲ] [٥ﮐﻪ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ] [٦ﺳﺮﻭﺭ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲ ﮐﻨﺪ ﻭ ﺳﭙﺲ ﺍﻳﻦ ﮐﻠﻴﺪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ .ﺳﺮﻭﺭ ﮐﻠﻴﺪ ﺍﺻﻠﻲ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻣﻲ ﮐﻨﺪ ﻭ ﺧﻮﺩﺵ ﺭﺍ ﺑﺎ ﻓﺮﺳﺘﺎﺩﻥ ﭘﻴﻐﺎﻣﻲ ﺑﻪ ﻣﺸﺘﺮﻱ ﺗﺼﺪﻳﻖ ﻣﻲ ﻧﻤﺎﻳﺪ .ﺩﺭﺧﻮﺍﺳﺖ ﻫﺎﻱ ﺑﻌﺪﻱ ﺑﺎ ﮐﻠﻴﺪ ﻫﺎﻳﻲ ﮐﻪ ﺍﺯ ﮐﻠﻴﺪ ﺍﺻﻠﻲ ﻣﺸﺘﻖ ﺷﺪﻩ ﺍﻧﺪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻭ ﺗﺼﺪﻳﻖ ﻣﻲ ﺷﻮﻧﺪ. ﺩﺭ ﻓﺎﺯ ﺩﻭﻡ ﮐﻪ ﺍﺧﺘﻴﺎﺭﻱ ﺑﻮﺩ ،ﺳﺮﻭﺭ ﻳﮏ ﭼﺎﻟﺶ] [٧ﺭﺍ ﺑﺮﺍﻱ ﻣﺸﺘﺮﻱ ﺍﻳﺠﺎﺩ ﻣﻲ ﮐﻨﺪ ]ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ[ .ﻣﺸﺘﺮﻱ ﻧﻴﺰ ﺧﻮﺩﺵ ﺭﺍ ﺑﺮﺍﻱ ﺳﺮﻭﺭ ﺑﺎ ﺍﺭﺳﺎﻝ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺧﻮﺩ ] [٨ﻧﺴﺒﺖ ﺑﻪ ﺗﺼﺪﻳﻖ ﺧﻮﺩ ﺍﻗﺪﺍﻡ ﻣﻲ ﻧﻤﺎﻳﺪ.
ﺍﻟﮕﻮﺭﻳﺘﻢ ﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺟﻬﺖ ﭘﻨﻬﺎﻥ ﺳﺎﺯﻱ ﺩﺭ SSLﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﻧﺪ .ﺩﺭ ﻣﺮﺣﻠﻪ ﺁﻏﺎﺯﻳﻦ ﺷﺮﻭﻉ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻢ RSA public-key cryptosystemﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ .ﺑﻌﺪ ﺍﺯ ﺭﺩ ﻭ ﺑﺪﻝ ﺷﺪﻥ ﮐﻠﻴﺪ ﻫﺎ ﻧﻴﺰ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﻧﺪ .ﺍﺯ ﺟﻤﻠﻪ triple-DES ، DES ، IDEA ، RC٤ ، RC٢ :ﻭ . MD٥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎﻱ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻫﻢ ﺍﺯ ﻗﻮﺍﻧﻴﻦ X.٥٠٩ﭘﻴﺮﻭﻱ ﻣﻲ ﮐﻨﻨﺪ).ﺳﺎﺧﺘﺎﺭ ﺩﺭﺧﺘﻲ CAﻫﺎ ﻭ ﺍﻣﻀﺎﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ ﮐﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺫﮐﺮ ﺧﻮﺍﻫﺪ ﺷﺪ ،ﻫﻤﮕﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﺳﺖ(
–٤ﭘﺮﻭﺗﮑﻞ ﻫﺎﻱ ﻣﺸﺎﺑﻪ ] TLS[٩ﻫﻢ ﭘﺮﻭﺗﮑﻞ ﺍﻱ ﺍﺳﺖ ﮐﻪ ﺑﺴﻴﺎﺭ ﻣﺸﺎﺑﻪ SSL ٣,٠ﻣﻲ ﺑﺎﺷﺪ. ﻫﻤﭽﻨﻴﻦ ﭘﺮﻭﺗﮑﻞ ] WTLS[١٠ﮐﻪ ﻣﺨﺼﻮﺹ ﺷﺒﮑﻪ ﻫﺎﻱ ﺑﻴﺴﻴﻢ ﺍﺳﺖ ﻭ ﺩﺭ ] WAP [١١ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮔﺮﺩﺩ.
–٥ﻣﻔﻬﻮﻡ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺩﺭ ﭘﺮﻭﺗﮑﻞ SSL ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺎﺯ ﺍﺳﺖ ﮐﻪ ﻳﮏ ﺑﺤﺚ ﮐﻠﻲ ﺩﺭ ﻣﻮﺭﺩ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ] [١٢ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺻﻮﺭﺕ ﮔﻴﺮﺩ.ﺑﻪ ﻃﻮﺭ ﻋﻤﻮﻡ )ﻏﻴﺮ ﺍﺯ ﺑﺤﺚ (SSLﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ ﺟﻨﺒﻪ ﺍﻋﺘﺒﺎﺭ ﺳﻨﺠﻲ ﺩﺍﺭﻧﺪ .ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺍﮔﺮ ﺷﻤﺎ ﺩﺭ ﻳﮏ ﺑﺤﺚ ﺧﺎﺹ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺑﺎﺷﻴﺪ ،ﺑﻪ ﺷﻤﺎ ﺍﻋﺘﻤﺎﺩ ﺑﻴﺸﺘﺮﻱ ﻣﻲ ﮐﻨﻨﺪ.ﺍﻣﺎ ﻣﻤﮑﻦ ﺍﺳﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭﻟﻲ ﮐﺎﺭ ﺧﻮﺩ ﺭﺍ ﻫﻢ ﺑﻪ ﻧﺤﻮ ﺍﺣﺴﻨﺖ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ.ﺑﻪ ﻃﻮﺭ ﻣﺜﺎﻝ ﺷﻤﺎ ﻗﻬﺮﻣﺎﻥ ﻣﺴﺎﺑﻘﺎﺕ ﻓﺮﻣﻮﻝ ١ﺟﻬﺎﻥ ﻫﺴﺘﻴﺪ ،ﺍﻣﺎ ﺩﺭ ﺻﻮﺭﺗﻲ ﮐﻪ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﻫﺮﮔﺰ ﺍﺟﺎﺯﻩ ﻧﺨﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ ﮐﻪ ﺩﺭ ﺷﻬﺮ ﺗﺮﺩﺩ ﮐﻨﻴﺪ! ﺩﺭ ﻣﻮﺭﺩ SSLﻫﻢ ﺗﻘﺮﻳﺒﺎ ﺑﺤﺚ ﺑﻪ ﻫﻤﻴﻦ ﮔﻮﻧﻪ ﺍﺳﺖ ﺑﺎ ﺍﻳﻦ ﺗﻔﺎﻭﺕ ﮐﻪ ﺫﺍﺕ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺑﺤﺚ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺍﮔﺮ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺒﺎﺷﻴﺪ ،ﻗﺎﺩﺭ ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ ﮐﻪ ﻳﮏ ﭘﻴﺎﺩﻩ ﺳﺎﺯﻱ ﺍﺯ ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.ﺷﺎﻳﺪ ﺩﺭ ﻋﺎﻟﻢ ﺭﺍﻧﺪﻥ ﺍﺗﻮﻣﺒﻴﻞ ﺑﺪﻳﻦ ﺻﻮﺭﺕ ﺗﻌﺒﻴﺮ ﺷﻮﺩ ﮐﻪ ﺩﺭ ﺻﻮﺭﺗﻲ ﮐﻪ ﺷﻤﺎ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻧﺒﺎﺷﻴﺪ ،ﻗﺎﺩﺭ ﺑﻪ ﺭﺍﻧﻨﺪﮔﻲ ﻫﻢ ﻧﻴﺴﺘﻴﺪ! ﺍﻳﻦ ﺗﺸﺎﺑﻪ ﺍﺯ ﺟﻬﺎﺗﻲ ﺻﺤﻴﺢ ﻭ ﺍﺯ ﺟﻬﺎﺗﻲ ﻏﻠﻂ ﺍﺳﺖ .ﺷﺎﻳﺪ ﺑﺮﺩﺍﺷﺖ ﺻﺤﻴﺢ ﺗﺮ ﺑﻪ ﺍﻳﻦ ﺻﻮﺭﺕ ﺑﺎﺷﺪ ﮐﻪ ﺍﮔﺮﭼﻪ ﻗﺎﺩﺭ ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺑﺪﻭﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺭﺍﻧﻨﺪﮔﻲ ﮐﻨﻴﺪ ،ﺍﻣﺎ ﻗﺎﺩﺭ ﻫﺴﺘﻴﺪ ﮐﻪ ﺧﻮﺩ ﺑﺮﺍﻱ ﺧﻮﺩ ﻳﮏ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺻﺎﺩﺭ ﮐﺮﺩﻩ ﻭ ﺳﭙﺲ ﺑﻪ ﺭﺍﻧﻨﺪﮔﻲ ﺑﭙﺮﺩﺍﺯﻳﺪ!)ﻫﺮﭼﻨﺪ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺍﺯ ﻧﻈﺮ ﺩﻳﮕﺮﺍﻥ ﮐﺎﻣﻼ ﺑﻲ ﺍﺭﺯﺵ ﺍﺳﺖ!(. ﻃﺒﻖ ﺑﺤﺚ ﻓﻮﻕ ،ﺷﻤﺎ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺑﺪﻭﻥ ﭘﺮﺩﺍﺧﺖ ﻫﻴﭻ ﻫﺰﻳﻨﻪ ﺍﻱ ﻳﮏ ﭘﺮﻭﺗﮑﻞ SSLﺭﺍ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻱ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.ﻧﻤﻮﻧﻪ ﺑﺎﺭﺯ ﺍﻳﻦ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺷﺒﮑﻪ ﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻳﺎ Intranetﻣﻲ ﺑﺎﺷﺪ.
–٦ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺩﺭ SSLﺑﻪ ﻣﺮﺍﮐﺰﻱ ﮐﻪ ﺍﻗﺪﺍﻡ ﺑﻪ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻲ ﮐﻨﻨﺪ " ،ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ " ] [١٣ﻳﺎ ﺑﻪ ﺍﺧﺘﺼﺎﺭ CAﮔﻔﺘﻪ ﻣﻲ ﺷﻮﺩ.
ﺍﻳﻦ ﭘﺮﻭﺗﮑﻞ ﺍﺯ ﻳﮏ ﺷﺨﺺ ﺛﺎﻟﺚ ] ) [١٤ﮐﻪ ﻫﻤﺎﻥ CAﻣﻲ ﺑﺎﺷﺪ( ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻫﻮﻳﺖ ﻃﺮﻓﻴﻦ ﻳﮏ ﺗﺮﺍﮐﻨﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﺪ .ﺩﺭ ﻭﺍﻗﻊ ﻳﮏ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻌﻴﻦ ﻣﻲ ﮐﻨﺪ ﮐﻪ ﺁﻳﺎ ﺷﺨﺼﻲ ﮐﻪ ﺩﺍﺭﻧﺪﻩ ﺁﻥ ﺍﺳﺖ ،ﻭﺍﻗﻌ ﹰﺎ ﻫﻤﺎﻧﻲ ﺍﺳﺖ ﮐﻪ ﺍﺩﻋﺎ ﻣﻲ ﮐﻨﺪ ﻳﺎ ﺧﻴﺮ؟ ﺩﺭ ﺷﮑﻞ ﺯﻳﺮ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻳﮏ ﺭﻭﻧﺪ ﺩﺭﺧﻮﺍﺳﺖ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺗﻮﺳﻂ ﻳﮏ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ) ﻗﺪﻡ ﻫﺎﻱ ٢ ، ١ﻭ (٣ﻭ ﺩﺭ ﺍﺩﺍﻣﻪ ﺁﻥ ﺩﺭﺧﻮﺍﺳﺖ ﮐﺎﺭﺑﺮ ﺑﺮﺍﻱ ﻳﮏ ﺳﺮﻭﺭ ﺩﺍﺭﺍﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻭ ﭼﮕﻮﻧﮕﻲ ﻣﻄﻤﺌﻦ ﺷﺪﻥ ﻭﻱ ﺍﺯ ﻣﻌﺘﺒﺮ ﺑﻮﺩﻥ ﺁﻥ ﺳﺮﻭﺭ ﺭﺍ ﺑﺒﻴﻨﻴﺪ)ﻗﺪﻡ ﻫﺎﻱ ٦ ، ٥ ، ٤ﻭ : (٧
–٧ﻣﺮﺍﺣﻞ ﮐﻠﻲ ﺑﺮﻗﺮﺍﺭﻱ ﻭ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ ﺩﺭ ﻭﺏ ﺑﻪ ﻃﻮﺭ ﺳﺎﺩﻩ ﻣﺮﺍﺣﻠﻲ ﮐﻪ ﺩﺭ ﺍﻳﺠﺎﺩ ﻳﮏ ﺍﺭﺗﺒﺎﻁ ﺍﻣﻦ SSLﺩﺭ httpﻃﻲ ﻣﻲ ﺷﻮﺩ ،ﺑﻪ ﺻﻮﺭﺕ ﺯﻳﺮ ﻣﻲ ﺑﺎﺷﺪ : ‐١ﮐﺎﺭﺑﺮ ﺩﺭﺧﻮﺍﺳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﻭﺭﮔﺮ ﺑﻪ ﻳﮏ ﺻﻔﺤﻪ ﺍﻣﻦ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ)ﺁﺩﺭﺱ ﺍﻳﻦ ﺻﻔﺤﻪ ﻣﻌﻤﻮﻻ ﺑﺎ https://ﺷﺮﻭﻉ ﻣﻲ ﺷﻮﺩ( ‐٢ﻭﺏ ﺳﺮﻭﺭ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ] [٦ﺧﻮﺩ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺧﻮﺩ ﺑﺮﺍﻱ ﮐﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ.
‐٣ﻣﺮﻭﺭﮔﺮ ﭼﮏ ﻣﻲ ﮐﻨﺪ ﮐﻪ ﺁﻳﺎ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺗﻮﺳﻂ ﻳﮏ ﻣﺮﮐﺰ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺻﺎﺩﺭ ﺷﺪﻩ ﺍﺳﺖ ﻭ ﺍﻳﻨﮑﻪ ﺁﻳﺎ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﻨﻮﺯ ﺍﻋﺘﺒﺎﺭ ﺩﺍﺭﺩ ؟ ﻭ ﻫﻤﭽﻨﻴﻦ ﺁﻳﺎ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﺮﺗﺒﻂ ﺑﺎ ﺳﺎﻳﺖ ﺩﺭﺧﻮﺍﺳﺘﻲ ﻣﻲ ﺑﺎﺷﺪ؟ ‐٤ﺳﭙﺲ ﻣﺮﻭﺭﮔﺮ ﺍﺯ ﺍﻳﻦ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ] [٦ﺩﺭﻳﺎﻓﺖ ﺷﺪﻩ ﺍﺯ ﻃﺮﻑ ﺳﺮﻭﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﮐﻨﺪ ﺳﭙﺲ ﻳﮏ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ
][١٤
ﺗﺼﺎﺩﻓﻲ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲ ﮐﻨﺪ ﻭ ﺗﻮﺳﻂ ﺁﻥ ﺗﻤﺎﻡ ﺩﺍﺩﻩ ﻫﺎ ﻭ URLﺭﺍ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻣﻲ ﮐﻨﺪ .ﺩﺭ ﻧﻬﺎﻳﺖ ﻫﻢ ﺩﺍﺩﻩ ﻫﺎﻱ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﺧﻮﺩ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺗﻮﻟﻴﺪﻱ ،ﻣﺠﺪﺩﺍ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﮐﺮﺩﻩ ﻭ ﻧﺘﻴﺠﻪ ﺭﺍ ﺑﻪ ﺳﺮﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲ ﮐﻨﺪ. ][١٥
‐٥ﻭﺏ ﺳﺮﻭﺭ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ
ﺧﻮﺩ ،ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺳﺎﻳﺮ
ﺩﺍﺩﻩ ﻫﺎ ﻭ URLﺭﺍ ﻧﻴﺰ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲ ﻧﻤﺎﻳﺪ. ‐٦ﻭﺏ ﺳﺮﻭﺭ html ،ﺩﺭﺧﻮﺍﺳﺘﻲ ﺭﺍ ﺑﺎ ﮐﻤﮏ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻭ ﺑﻪ ﮐﺎﺭﺑﺮ ﺑﺎﺯ ﻣﻲ ﮔﺮﺩﺍﻧﺪ. ‐٧ﻣﺮﻭﺭﮔﺮ ﻧﻴﺰ ﺩﺍﺩﻩ ﻫﺎﻱ ﺩﺭﻳﺎﻓﺘﻲ ﺭﺍ ﺑﺎ ﮐﻤﮏ ﮐﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ ﺧﻮﺩ ﺑﺎﺯﮔﺸﺎﻳﻲ ﮐﺮﺩﻩ ﻭ ﺑﻪ ﮐﺎﺭﺑﺮ ﻧﻤﺎﻳﺶ ﻣﻲ ﺩﻫﺪ. ﻫﻤﺎﻧﻄﻮﺭ ﮐﻪ ﺍﺯ ﻣﺮﺣﻠﻪ ٣ﭘﻴﺪﺍﺳﺖ ،ﺩﺭ ﺍﻳﻦ ﻣﺮﺣﻠﻪ ﺍﺳﺖ ﮐﻪ ﻣﻴﺰﺍﻥ ﺍﻋﺘﺒﺎﺭ CAﻣﺸﺨﺺ ﻣﻲ ﺷﻮﺩ .ﺩﺭ ﺻﻮﺭﺗﻲ ﮐﻪ ﺍﻳﻦ CAﺑﻪ ﻫﺮ ﺩﻟﻴﻞ ﺍﺯ ﻧﻈﺮ ﻣﺮﻭﺭﮔﺮ ﺩﺍﺭﺍﻱ ﺍﻋﺘﺒﺎﺭ ﻭ ﺷﺮﺍﻳﻂ ﺧﺎﺻﻲ ﻧﺒﺎﺷﻨﺪ ،ﻫﺸﺪﺍﺭﻱ ﻣﺒﻨﻲ ﺑﺮ ﻋﺪﻡ ﺍﻣﻦ ﺑﻮﺩﻥ ﺳﺎﻳﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﺑﻪ ﮐﺎﺭﺑﺮ ﺍﺭﺍﻳﻪ ﻣﻲ ﺩﻫﺪ .ﺗﻮﺟﻪ ﮐﻨﻴﺪ ﮐﻪ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺗﻨﻬﺎ ﺑﻪ ﻫﺸﺪﺍﺭ ﺑﺴﻨﺪﻩ ﻣﻲ ﺷﻮﺩ ،ﺍﻃﻤﻴﻨﺎﻥ ﺑﻪ ﺁﻥ ﺑﻪ ﺷﻤﺎ ﻭ ﺷﺮﺍﻳﻂ ﺷﻤﺎ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﺿﻤﻦ ﺁﻧﮑﻪ ﺍﻳﻦ ﻫﺸﺪﺍﺭ ﻫﺮﮔﺰ ﻧﻤﻲ ﺗﻮﺍﻧﺪ ﺑﻪ ﻣﻌﻨﺎﻱ ﻗﻄﻌﻲ ﻋﺪﻡ ﻭﺟﻮﺩ ﺍﻣﻨﻴﺖ ﺑﺎﺷﺪ.ﺣﺎﻝ ﺍﮔﺮ ﺷﻤﺎ ﻳﮏ CAﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻱ ﮐﺮﺩﻳﺪ ،ﻣﺴﻠﻤﺎ ﻫﻴﭻ ﮐﺪﺍﻡ ﺍﺯ ﻣﺮﻭﺭﮔﺮ ﻫﺎ ﺷﻤﺎ ﺭﺍ ﻧﻤﻲ ﺷﻨﺎﺳﻨﺪ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﮔﻮﺍﻫﻲ ﻫﺎﻱ ﺻﺎﺩﺭ ﺷﺪﻩ ﺍﺯ ﻃﺮﻑ ﺷﻤﺎ ﺭﺍ ﻧﺎ ﺍﻣﻦ ﻣﻲ ﭘﻨﺪﺍﺭﻧﺪ.ﺍﺯ ﺁﻧﺠﺎ ﮐﻪ ﮐﺎﺭﺑﺮﺍﻥ ﻋﺎﺩﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﺍﻳﻦ ﻫﺸﺪﺍﺭ ﻫﺎ ﺭﺍ ﺟﺪﻱ ﺩﺭ ﻧﻈﺮ ﻣﻲ ﮔﻴﺮﻧﺪ ،ﺍﺯ ﺍﺩﺍﻣﻪ ﺗﺮﺍﮐﻨﺶ ﺑﺎ ﺳﺎﻳﺖ ﺷﻤﺎ ﺻﺮﻑ ﻧﻈﺮ ﺧﻮﺍﻫﻨﺪ ﮐﺮﺩ.
–٨ﻧﮑﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﺎ
•
ﺷﻤﺎ ﺩﺭ ﺻﻮﺭﺗﻲ ﺑﻪ ﻳﮏ ﺳﺎﻳﺖ ﺑﺎ ﻳﮏ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻌﻴﻦ ﺍﻋﺘﻤﺎﺩ ﻣﻲ ﮐﻨﻴﺪ ﮐﻪ ﺁﻧﺮﺍ ﻳﮏ CAﻣﻌﺘﺒﺮ )ﺣﺪﺍﻗﻞ ﻧﺰﺩ ﺷﻤﺎ( ﺍﻣﻀﺎ ﮐﺮﺩﻩ ﺑﺎﺷﺪ.ﺩﺭ ﻭﺍﻗﻊ ﺍﻳﻦ ﺍﻋﺘﻤﺎﺩ ﺷﻤﺎ ﺿﻤﻨﻲ ﺍﺳﺖ .ﺑﻪ ﺍﻳﻦ ﺭﻭﻧﺪ ،ﺩﺭﺧﺖ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ] [١٦ﻳﺎ ﻣﺴﻴﺮ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ
•
][١٧
ﮔﻔﺘﻪ ﻣﻲ ﺷﻮﺩ .ﻣﻌﻤﻮﻻ ﻣﺮﻭﺭﮔﺮﻫﺎ ﺗﻌﺪﺍﺩﻱ ﺍﺯ CAﻫﺎ ﻱ ﻣﻌﺮﻭﻑ ﺭﺍ ﺑﺮﺍﻱ ﺧﻮﺩ ﺩﺭ ﻧﻈﺮ ﻣﻲ ﮔﻴﺮﺩ.
CAﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﮐﻪ ﺷﺎﻳﺪ ﻣﺸﻬﻮﺭﺗﺮﻳﻦ ﺁﻥ verisignﺑﺎﺷﺪ.ﺑﻪ ﻫﺮ ﺣﺎﻝ ﻗﺮﺍﺭ ﻧﻴﺴﺖ ﺷﻤﺎ ﻫﻤﻴﺸﻪ ،ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺗﺮﺍﮐﻨﺶ ﺧﻮﺩ ،ﺑﻪ ﺗﻤﺎﻡ CAﻫﺎ )ﻳﺎ ﺑﻪ ﻋﺒﺎﺭﺕ ﺑﻬﺘﺮ ﺑﻪ ﺍﻧﻮﺍﻉ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺁﻧﻬﺎ( ﺍﻋﺘﻤﺎﺩ ﮐﻨﻴﺪ .ﻳﮏ ﺭﺍﻩ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻣﻴﺰﺍﻥ ﻣﺒﻠﻐﻲ ﺍﺳﺖ ﮐﻪ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻮﺭﺩ ﻧﻈﺮ ﺗﺮﺍﮐﻨﺶ ﺷﻤﺎ ﺭﺍ ﺑﻴﻤﻪ ﻣﻲ ﮐﻨﺪ.ﺑﻪ ﻃﻮﺭ ﻣﺜﺎﻝ ﺣﺪﺍﮐﺜﺮ ﻣﺒﻠﻐﻲ ﮐﻪ iranSSLﺗﺮﺍﮐﻨﺶ ﺷﻤﺎ ﺭﺍ ﺑﻴﻤﻪ ﻣﻲ ﮐﻨﺪ ١٠،٠٠٠ﺩﻻﺭ ﻣﻲ ﺑﺎﺷﺪ .ﺍﻣﺎ Verisignﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺍﻱ ﺩﺍﺭﺩ ﮐﻪ ﺗﺎ ٢٥٠،٠٠٠ﺩﻻﺭ ﺗﺮﺍﮐﻨﺶ ﺷﻤﺎ ﺭﺍ ﺑﻴﻤﻪ ﻣﻲ ﻧﻤﺎﻳﺪ).ﺑﺴﻴﺎﺭ ﻣﺸﺎﺑﻪ ﺑﺎ ﻭﺿﻌﻴﺖ ﺷﺮﮐﺖ ﻫﺎﻱ ﺑﻴﻤﻪ(
•
ﭘﺮﻭﺗﮑﻞ SSLﺑﺮ ﺍﺳﺎﺱ ﻣﻴﺰﺍﻥ ﺍﻣﻦ ﺑﻮﺩﻥ ﺩﺳﺘﻪ ﺑﻨﺪﻱ ﻣﻲ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺩﺳﺘﻪ ﺑﻨﺪﻱ ﺑﺮ ﺍﺳﺎﺱ ﻣﻘﺪﺍﺭ bitﻫﺎﻱ ﺗﻮﻟﻴﺪﻱ ﺑﻪ ﺍﺯﺍﺀ ﻫﺮ ﺑﺨﺶ ﺍﺯ ﺩﺍﺩﻩ ﺍﻱ ﺍﺳﺖ ﮐﻪ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﻣﻲ ﺷﻮﺩ.ﻣﺴﻠﻤﺎ ﻫﺮﭼﻪ ﺗﻌﺪﺍﺩ ﺍﻳﻦ bitﻫﺎﻱ ﺗﻮﻟﻴﺪﻱ ﺑﻴﺸﺘﺮ ﺑﺎﺷﺪ ،ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ ﺑﺪﻭﻥ ﮐﻠﻴﺪ ،ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺗﺮ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮐﻠﻴﺪ ﻧﻴﺰ ﺯﻣﺎﻥ ﺑﺮﺗﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺑﻪ
ﻋﻨﻮﺍﻥ ﻧﻤﻮﻧﻪ ﻳﮏ SSLﺑﺎ ٤٠ﻳﺎ ٥٦ﺑﻴﺖ )ﮐﻪ ﻳﮏ ﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺿﻌﻴﻒ ﻣﻲ ﺑﺎﺷﺪ( ﻣﻲ ﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻳﮏ ﻫﮑﺮ ﺑﺎ ﺍﺑﺰﺍﺭ ﮐﺎﻓﻲ ،ﺩﺭ ﻋﺮﺽ ﭼﻨﺪ ﺩﻗﻴﻘﻪ ﺷﮑﺴﺘﻪ ﺷﻮﺩ .ﺍﻣﺎ ﻫﻤﻴﻦ ﻫﮑﺮ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ١٢٨ SSLﺑﻴﺘﻲ ،ﻧﻴﺎﺯ ﺑﻪ ٢٨٨ﺑﺎﺭ ﺯﻣﺎﻥ ﺑﻴﺸﺘﺮ ﺩﺍﺭﺩ! ﻭ ﺍﻳﻦ ﺑﺪﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﮐﻪ ١٢٨ SSLﺑﻴﺘﻲ ﻧﺴﺒﺖ ﺑﻪ ﺣﺎﻟﺖ ٤٠ﻳﺎ ٥٦ﺑﻴﺘﻲ ﺗﺮﻟﻴﻮﻥ ﺗﺮﻟﻴﻮﻥ ﺑﺎﺭ ﺍﻣﻦ ﺗﺮ ﻭ ﻏﻴﺮ ﻗﺎﺑﻞ ﻧﻔﻮﺫ ﺗﺮ ﺍﺳﺖ! •
ﻳﮏ ﺑﺤﺚ ﺩﻳﮕﺮ ﺍﻳﻨﺠﺎ ﻣﻄﺮﺡ ﻣﻲ ﺷﻮﺩ ﻭ ﺁﻥ ﺍﻳﻨﮑﻪ ﺍﮔﺮ ﻳﮏ ﻫﮑﺮ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺧﻮﺩ ﺭﺍ ﺟﺎﻳﮕﺰﻳﻦ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﮐﺮﺩ .ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ﻋﻤﻼ ﻫﮑﺮ ﺑﻪ ﺭﺍﺣﺘﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﮐﺎﺭﺑﺮ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺩﺭ ﻭﺍﻗﻊ ﺍﻳﻦ ﺩﻗﻴﻘﺎ ﻫﻤﺎﻥ ﺟﺎﻳﻲ ﺍﺳﺖ ﮐﻪ ﻟﺰﻭﻡ ﻭﺟﻮﺩ CAﻫﺎ ﺩﺭ ﭘﺮﻭﺗﮑﻞ SSLﻣﻄﺮﺡ ﻣﻲ ﺷﻮﺩ.ﺩﺭ ﻭﺍﻗﻊ CAﻫﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﺭﺍ ﺑﺎ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺍﻣﻀﺎ ﻣﻲ ﮐﻨﻨﺪ.ﻣﺮﻭﺭﮔﺮ ﻫﻢ CAﻫﺎﻱ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺭﺍ ﻣﻲ ﺷﻨﺎﺳﺪ)ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺁﻧﻬﺎ ﺭﺍ ﺩﺍﺭﺩ(.ﺍﻳﻦ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﮐﻪ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﺧﺼﻮﺻﻲ CAﺭﻣﺰ ﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ﻫﻤﺎﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻣﻲ ﺑﺎﺷﺪ.ﺍﺯ ﺁﻧﺠﺎ ﮐﻪ ﺳﺮﻭﺭ ﻣﻲ ﺑﺎﻳﺴﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺧﻮﺩ ﺭﺍ ﺍﺭﺳﺎﻝ ﮐﻨﺪ ،ﺩﺭ ﺳﻤﺖ ﻣﺮﻭﺭﮔﺮ ﺳﻌﻲ ﻣﻲ ﺷﻮﺩ ﮐﻪ ﺗﻮﺳﻂ ﮐﻠﻴﺪ ﻫﺎﻱ ﻋﻤﻮﻣﻲ CAﻫﺎﻳﻲ ﺭﺍ ﮐﻪ ﻣﻲ ﺷﻨﺎﺳﺪ ،ﺁﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺭﺍ ﺭﻣﺰ ﮔﺸﺎﻳﻲ ﮐﻨﺪ.ﺍﮔﺮ ﻣﻮﻓﻖ ﺷﺪ ﻭ ﻧﺘﻴﺠﻪ ﺑﺎ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﺭ ﻳﮑﺴﺎﻥ ﺑﻮﺩ ﺩﺭ ﻭﺍﻗﻊ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ.ﺩﺭ ﺍﻳﻦ ﺻﻮﺭﺕ ﺍﻣﮑﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ).ﺩﻗﻴﻘﺎ ﻫﻤﺎﻥ ﺑﺤﺚ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ(
•
ﺷﺮﮐﺖ Verisignﻳﮏ ﺩﻭﺭﻩ ﺁﺯﻣﺎﻳﺸﻲ ﻣﺠﺎﻧﻲ ﺑﺮﺍﻱ ﮐﺎﺭ ﺑﺎ SSLﻣﻲ ﺩﻫﺪ ﮐﻪ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﻟﻴﻨﮏ ﺯﻳﺮ ﺍﺯ ﺁﻥ ﺑﻬﺮﻩ ﮔﻴﺮﻳﺪ :
http://www.verisign.com/products-services/security-services/ssl/ssl-informationcenter/ssl-features-description/index.html
–٩ﻭﺍﮊﻩ ﻧﺎﻣﻪ ]Individual Messages : [١ ]Authenticate : [٢ ]Handshaking : [٣ ]Cipher Preferences : [٤ ]Master Key : [٥ ]Public Key : [٦ ]Challenge : [٧ ]Public-Key Certificate : [٨ ]Transport Layer Security : [٩ ]Wireless TLS : [١٠ ]Wireless Application Protocol : [١١ ]Certificate : [١٢ ]Certificate Authority (CA) : [١٣ ]symmetric key : [١٤
private key : [١٥] certificate trust tree : [١٦] certificate path : [١٧] Sniffing : [١٨]
– ﻓﻬﺮﺳﺖ ﻣﻨﺎﺑﻊ١٠ ١- http://www.webopedia.com/TERM/S/SSL.html ٢- http://www.rsasecurity.com/rsalabs/node.asp?id=٢٢٩٣ ٣- http://www.webopedia.com/TERM/S/S_HTTP.htm ٤- http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x٦٤.html ٥- http://www.verisign.com/products-services/security-services/ssl/sslinformation-center/faq/index.html ﮐﺘﺎﺏ ﻣﻘﺎﻻﺕ ﭼﻬﺎﺭﻣﻴﻦ ﻫﻤﺎﻳﺶ ﻣﻠﻲ ﺩﺍﻧﺸﺠﻮﻳﻲ، ﻣﺪﻝ ﻫﺎﻱ ﺍﻋﺘﻤﺎﺩ ﺑﺮ ﺑﺴﺘﺮ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ، ‐ ﻗﺪﻳﺮ ﭘﻮﺭ ﺭﺳﺘﻢ٦ ١٣٨١ ، ﺍﻧﺠﻤﻦ ﮐﺎﻣﭙﻴﻮﺗﺮ ﺍﻳﺮﺍﻥ
