Yuli 26, 2019 Google rage iyakar ingancin takaddun shaidar sabar SSL/TLS daga kwanakin 825 na yanzu zuwa kwanaki 397 (kimanin watanni 13), wato, da kusan rabin. Google ya yi imanin cewa cikakken aiki da kai kawai tare da takaddun shaida zai kawar da matsalolin tsaro na yanzu, waɗanda galibi ana danganta su da abubuwan ɗan adam. Don haka, a zahiri, yakamata mutum yayi ƙoƙari don ba da takaddun shaida na ɗan gajeren lokaci ta atomatik.
An sanya batun zuwa kuri'a a CA/Masu bincike (CABF), wanda ke tsara buƙatu don takaddun shaida na SSL/TLS, gami da matsakaicin lokacin inganci.
Sai kuma 10 ga Satumba : membobin kungiyar sun kada kuri'a da shawarwari.
Результаты
Zabe Mai Ba da Takaddun Shaida
Na ( kuri'u 11): Amazon, Buypass, Certigna (DHIMYOTIS), certSIGN, Sectigo (tsohon Comodo CA), eMudhra, Kamu SM, Bari mu Encrypt, Logius, PKIoverheid, SHECA, SSL.com
Da (20): Camerfirma, Certum (Asseco), CFCA, Chunghwa Telecom, Comsign, D-TRUST, DarkMatter, Amintaccen Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, Izenpe, Network Solutions, OATI, SECOM, SwissSign, TWCA, TrustCor, SecureTrust Trustwave)
An ƙi (2): HARICA, TurkTrust
Takaddun shaida na masu amfani da zabe
Na (7): Apple, Cisco, Google, Microsoft, Mozilla, Opera, 360
A kan: 0
An ƙi: 0
Dangane da ka'idodin Dandalin CA/Masu bincike, dole ne a amince da takardar shaida ta kashi biyu bisa uku na masu ba da takaddun shaida da 50% da kuri'a ɗaya tsakanin masu amfani.
Wakilan Digicert don tsallake kuri'ar, inda za su kada kuri'ar amincewa da rage lokacin ingancin takaddun. Sun lura cewa ga wasu abokan ciniki, ɗan gajeren lokaci na iya zama matsala, amma akwai fa'idodin tsaro na dogon lokaci.
Wata hanya ko wata, masana'antar ba ta riga ta shirya don rage lokacin ingancin takaddun shaida da canza gaba ɗaya zuwa mafita ta atomatik ba. Hukumomin takaddun shaida da kansu na iya ba da irin waɗannan ayyuka, amma abokan ciniki da yawa ba su aiwatar da na'ura mai sarrafa kansa ba tukuna. Don haka an dage rage wa’adin zuwa kwanaki 397 a yanzu. Amma tambayar ta kasance a bude.
Yanzu Google na iya ƙoƙarin aiwatar da ƙa'idar "da karfi", kamar yadda ya yi tare da yarjejeniya . Haka kuma, ana samun goyan bayan sauran masu haɓakawa: Apple, Microsoft, Mozilla da Opera.
Bari mu tuna cewa cikakken aiki da kai yana ɗaya daga cikin ka'idodin da aikin cibiyar ba da takardar shaida ba ta riba ba Bari Encrypt ya dogara. Yana ba da takaddun shaida kyauta ga kowa da kowa, amma matsakaicin tsawon rayuwar takardar shaidar yana iyakance ga kwanaki 90. Takaddun shaida suna da gajeren rayuwa :
- ƙayyadaddun lalacewa daga maɓallan da ba su dace ba da kuma ba da takaddun shaida ba daidai ba, tun da ana amfani da su a cikin ɗan gajeren lokaci;
- Takaddun shaida na ɗan gajeren lokaci suna goyan baya da ƙarfafa aiki da kai, wanda ke da cikakkiyar mahimmanci don sauƙin amfani da HTTPS. Idan za mu ƙaura gaba ɗaya Gidan Yanar Gizo na Duniya zuwa HTTPS, to ba za mu iya tsammanin mai gudanar da kowane rukunin yanar gizon da ke akwai zai sabunta takaddun shaida da hannu ba. Da zarar bayar da takaddun shaida da sabuntawa sun zama cikakke mai sarrafa kansa, gajeriyar satifiket ɗin rayuwa zai zama mafi dacewa da aiki.
ya nuna cewa 73,7% na masu amsa "mamakon goyon baya" yana rage lokacin ingancin takaddun shaida.
Amma game da ɓoye alamar EV don takaddun shaida na SSL a cikin adireshin adireshin, ƙungiyar ba ta jefa kuri'a kan wannan batu ba, saboda batun UI mai bincike gaba ɗaya yana cikin iyawar masu haɓakawa. A cikin Satumba-Oktoba, za a fitar da sabbin nau'ikan Chrome 77 da Firefox 70, wanda zai hana takaddun shaida na EV wani wuri na musamman a mashigin adireshi. Anan ga yadda canjin yayi kama ta amfani da sigar tebur ta Firefox 70 azaman misali:
Ya kasance:
so:
A cewar masanin tsaro Troy Hunt, cire bayanan EV daga mashigin adireshi na masu bincike .
source: www.habr.com