Kamfanin Mozilla
Tabbatar da takaddun shaida ta amfani da sabis na waje dangane da ƙa'idar da har yanzu ake amfani da ita
Don toshe takaddun shaida waɗanda hukumomin ba da takaddun shaida suka lalata kuma suka soke, Firefox ta yi amfani da jerin baƙar fata tun 2015.
Ta hanyar tsoho, idan ba zai yiwu a iya tabbatarwa ta hanyar OCSP ba, mai binciken yana ɗaukar takaddun shaida yana aiki. Sabis ɗin na iya zama babu shi saboda matsalolin cibiyar sadarwa da ƙuntatawa kan cibiyoyin sadarwa na ciki, ko kuma masu kai hari sun toshe shi - don ketare rajistan OCSP yayin harin MITM, kawai toshe damar zuwa sabis ɗin rajistan. A wani ɓangare don hana irin waɗannan hare-haren, an aiwatar da wata dabara
CRLite yana ba ku damar haɗa cikakkun bayanai game da duk takaddun shaida da aka soke zuwa tsarin sabuntawa cikin sauƙi, girman 1 MB kawai, wanda ke ba da damar adana cikakken bayanan CRL a gefen abokin ciniki.
Mai lilo zai iya daidaita kwafin bayanansa game da takaddun shedar da aka soke kowace rana, kuma wannan ma'aunin bayanai zai kasance a ƙarƙashin kowane yanayi.
CRLite yana haɗa bayanai daga
Don kawar da halayen karya, CRLite ta gabatar da ƙarin matakan tacewa. Bayan samar da tsarin, ana bincika duk bayanan tushen kuma an gano duk wani tabbataccen gaskiya. Dangane da sakamakon wannan cak, an ƙirƙiri ƙarin tsari, wanda aka jera akan na farko kuma yana gyara sakamakon karya. Ana maimaita aikin har sai an kawar da bayanan karya yayin duban sarrafawa gaba daya. Yawanci, ƙirƙirar yadudduka 7-10 ya wadatar don rufe dukkan bayanai gaba ɗaya. Tunda yanayin ma'ajin bayanai, saboda aiki tare na lokaci-lokaci, yana ɗan ɗan baya bayan yanayin CRL na yanzu, duba sabbin takaddun shaida da aka bayar bayan sabuntawar ƙarshe na bayanan CRLite ana aiwatar da shi ta amfani da ka'idar OCSP, gami da amfani da
Yin amfani da matatun Bloom, yanki na Disamba na bayanai daga WebPKI, wanda ke rufe takaddun aiki miliyan 100 da takaddun shaida dubu 750 da aka soke, an sami damar tattarawa cikin tsari mai girman 1.3 MB. Tsarin samar da tsarin yana da matukar amfani da albarkatu, amma ana yin shi akan sabar Mozilla kuma ana ba mai amfani sabuntawar shirye-shiryen. Misali, a cikin nau'i na binary, bayanan tushen da aka yi amfani da su yayin tsarawa yana buƙatar kusan 16 GB na ƙwaƙwalwar ajiya lokacin da aka adana su a cikin Redis DBMS, kuma a cikin sigar hexadecimal, jujjuya duk jerin lambobin takaddun shaida yana ɗaukar kusan 6.7 GB. Tsarin tattara duk takaddun shedar da aka soke da aiki yana ɗaukar kusan mintuna 40, kuma tsarin samar da tsarin da aka tattara akan na'urar tace Bloom yana ɗaukar ƙarin mintuna 20.
Mozilla a halin yanzu tana tabbatar da cewa an sabunta bayanan CRLite sau hudu a rana (ba duk sabuntawa ana isar da su ga abokan ciniki ba). Har yanzu ba a aiwatar da haɓakar sabuntar delta ba - amfani da bsdiff4, wanda aka yi amfani da shi don ƙirƙirar ɗaukakawar delta don sakewa, baya samar da ingantaccen inganci ga CRLite kuma sabuntawar sun yi girma mara hankali. Don kawar da wannan koma baya, an shirya sake yin aiki da tsarin tsarin ajiya don kawar da sake ginawa da kuma sharewar da ba dole ba.
A halin yanzu CRLite yana aiki a Firefox a cikin yanayin da ba a so kuma ana amfani dashi a layi daya tare da OCSP don tara ƙididdiga game da ingantaccen aiki. Ana iya canza CRLite zuwa babban yanayin dubawa; don yin wannan, kuna buƙatar saita siginar tsaro.pki.crlite_mode = 2 a cikin game da: config.
source: budenet.ru