Cibiyar ba da shaida ta sa-kai , da al'umma ke sarrafawa da kuma ba da takaddun shaida kyauta ga kowa da kowa, akan gabatar da sabon tsari don tabbatar da ikon samun takardar shedar yanki. Tuntuɓar uwar garken da ke ɗaukar kundin adireshi "/ .well-sanann/acme-challenge/" da aka yi amfani da shi a cikin gwajin za a yi amfani da shi ta amfani da buƙatun HTTP da yawa da aka aika daga adiresoshin IP daban-daban guda 4 waɗanda ke cikin cibiyoyin bayanai daban-daban kuma na cikin tsarin masu cin gashin kansu daban-daban. Ana ganin cak ɗin ya yi nasara ne kawai idan aƙalla 3 cikin 4 buƙatun IPs daban-daban sun yi nasara.
Dubawa daga rukunin gidajen yanar gizo da yawa zai ba ku damar rage haɗarin samun takaddun shaida na yanki na ƙasashen waje ta hanyar kai hare-hare masu niyya waɗanda ke karkatar da zirga-zirga ta hanyar musanya hanyoyin ƙage ta amfani da BGP. Lokacin amfani da tsarin tabbatarwa mai matsayi da yawa, maharin zai buƙaci a lokaci guda ya cimma hanyar karkatar da hanya don tsarin masu zaman kansu da yawa na masu samarwa tare da haɓakawa daban-daban, wanda ya fi wahala fiye da tura hanya ɗaya. Aika buƙatun daga nau'ikan IP daban-daban kuma zai ƙara amincin rajistan idan an haɗa ƙungiyoyin Bari mu Encrypt guda ɗaya a cikin jerin toshewa (misali, a cikin Tarayyar Rasha, wasu letsencrypt.org IPs Roskomnadzor ya toshe su).
Har zuwa Yuni 1, za a sami lokacin mika mulki wanda zai ba da damar samar da takaddun shaida akan nasarar tabbatarwa daga cibiyar bayanan farko, idan ba a iya samun rundunar daga sauran rukunin yanar gizo (alal misali, wannan na iya faruwa idan mai kula da gidan wuta a kan tacewar zaɓi ya ba da izinin buƙatun kawai daga Babban Bari Mu Encrypt cibiyar bayanai ko saboda keta aiki tare yankin a cikin DNS). Dangane da rajistan ayyukan, za a shirya jerin fari don yankunan da ke da matsala tare da tabbatarwa daga ƙarin cibiyoyin bayanai 3. Yankunan da aka kammala bayanin tuntuɓar kawai za a haɗa su cikin farar jeri. Idan ba a haɗa yankin ta atomatik a cikin jerin fari ba, ana iya aika aikace-aikacen wuraren zama ta hanyar .
A halin yanzu, aikin Let's Encrypt ya ba da takaddun shaida miliyan 113, wanda ya ƙunshi yanki kusan miliyan 190 (an rufe yanki miliyan 150 shekara ɗaya da ta gabata, kuma miliyan 61 shekaru biyu da suka gabata). Dangane da kididdiga daga sabis na Telemetry na Firefox, rabon buƙatun shafi na duniya ta hanyar HTTPS shine 81% (shekara ɗaya da ta gabata 77%, shekaru biyu da suka gabata 69%), kuma a cikin Amurka - 91%.
Bugu da ƙari, ana iya lura da shi Apple
Dakatar da amincewa da takaddun shaida a cikin mai binciken Safari wanda tsawon rayuwarsa ya wuce kwanaki 398 (watanni 13). An shirya ƙaddamar da ƙuntatawa kawai don takaddun shaida da aka bayar daga Satumba 1, 2020. Don takaddun shaida tare da dogon lokacin inganci da aka karɓa kafin Satumba 1, za a riƙe amana, amma iyakance ga kwanaki 825 (shekaru 2.2).
Canjin na iya yin mummunan tasiri ga kasuwancin cibiyoyin takaddun shaida waɗanda ke siyar da takaddun shaida mai arha tare da dogon lokacin inganci, har zuwa shekaru 5. A cewar Apple, ƙarni na irin waɗannan takaddun shaida yana haifar da ƙarin barazanar tsaro, yana tsoma baki tare da saurin aiwatar da sabbin ka'idodin crypto kuma yana ba da damar maharan su sarrafa zirga-zirgar wanda aka azabtar na dogon lokaci ko amfani da shi don yin phishing a yayin da takardar shaidar da ba a lura da ita ba ta ɓarke a matsayin. sakamakon hacking.
source: budenet.ru