Kuti msakatuli atsimikizire webusayiti, imadziwonetsa yokha ndi satifiketi yovomerezeka. Unyolo wamba wawonetsedwa pamwambapa, ndipo pakhoza kukhala satifiketi imodzi yapakatikati. Chiwerengero chocheperako cha satifiketi mu unyolo wovomerezeka ndi atatu.
Sitifiketi ya mizu ndiye mtima wa olamulira satifiketi. Imamangidwa mu OS kapena msakatuli wanu, imapezeka pazida zanu. Sizingasinthidwe kuchokera kumbali ya seva. Kusintha kokakamiza kwa OS kapena firmware pa chipangizocho ndikofunikira.
Katswiri wa Chitetezo Scott Helme , kuti mavuto aakulu adzabuka ndi Let's Encrypt certification authority, chifukwa lero ndi CA yotchuka kwambiri pa intaneti, ndipo chiphaso chake cha mizu chidzayamba posachedwapa. Kusintha muzu wa Let Encrypt .
Satifiketi yomaliza ndi yapakatikati ya certification authority (CA) imaperekedwa kwa kasitomala kuchokera pa seva, ndipo chiphaso cha mizu chimachokera kwa kasitomala. ali nazo kale, kotero ndi zosonkhanitsa izi munthu akhoza kupanga unyolo ndi kutsimikizira webusaiti.
Vuto ndiloti satifiketi iliyonse imakhala ndi tsiku lotha ntchito, pambuyo pake iyenera kusinthidwa. Mwachitsanzo, kuyambira Seputembara 1, 2020, akukonzekera kukhazikitsa malire pa nthawi yovomerezeka ya satifiketi ya TLS ya seva mu msakatuli wa Safari. .
Izi zikutanthauza kuti tonse tidzayenera kusintha ziphaso zathu za seva osachepera miyezi 12 iliyonse. Kuletsa uku kumangogwira pa satifiketi za seva; izo osati imagwiranso ntchito kuzitifiketi za CA.
Zikalata za CA zimayendetsedwa ndi malamulo osiyanasiyana ndipo motero zimakhala ndi malire ovomerezeka. Ndizofala kwambiri kupeza ziphaso zapakatikati zokhala ndi nthawi yovomerezeka ya zaka 5 ndi ziphaso zokhala ndi moyo wautumiki wazaka 25!
Nthawi zambiri palibe zovuta ndi ziphaso zapakatikati, chifukwa zimaperekedwa kwa kasitomala ndi seva, yomwe imasinthanso satifiketi yake nthawi zambiri, chifukwa chake imangolowa m'malo mwa wapakatikati. Ndizosavuta kuyisintha pamodzi ndi satifiketi ya seva, mosiyana ndi satifiketi ya CA.
Monga tanenera kale, muzu wa CA umamangidwa mwachindunji mu chipangizo cha kasitomala, mu OS, msakatuli kapena mapulogalamu ena. Kusintha muzu wa CA sikungathe kuwongolera tsambalo. Izi zimafuna kusinthidwa kwa kasitomala, kaya ndi OS kapena pulogalamu yamakono.
Mizu ina ya CA yakhalapo kwa nthawi yayitali kwambiri, tikukamba za zaka 20-25. Posachedwapa ma CA ena akale kwambiri a mizu adzayandikira kumapeto kwa moyo wawo wachilengedwe, nthawi yawo yatsala pang'ono kutha. Kwa ambiri a ife izi sizidzakhala vuto konse chifukwa ma CA apanga ziphaso zatsopano za mizu ndipo zagawidwa padziko lonse lapansi mu OS ndi zosintha za osatsegula kwa zaka zambiri. Koma ngati wina sanasinthe Os awo kapena osatsegula mu nthawi yaitali, ndi mtundu wa vuto.
Izi zidachitika pa Meyi 30, 2020 nthawi ya 10:48:38 GMT. Iyi ndi nthawi yeniyeni yomwe kuchokera ku Comodo certification Authority (Sectigo).
Idagwiritsidwa ntchito posayina kuti zitsimikizire kuti zikugwirizana ndi zida zomwe zilibe USERTrust root root certificate m'sitolo yawo.
Tsoka ilo, zovuta zidayamba osati msakatuli wakale, komanso kwamakasitomala omwe si osatsegula kutengera OpenSSL 1.0.x, LibreSSL ndi . Mwachitsanzo, m'mabokosi apamwamba , utumiki , mu Fortinet, Chargify applications, pa .NET Core 2.0 nsanja ya Linux ndi .
Zinkaganiziridwa kuti vutoli lidzangokhudza machitidwe a cholowa (Android 2.3, Windows XP, Mac OS X 10.11, iOS 9, etc.), popeza asakatuli amakono angagwiritse ntchito chikalata chachiwiri cha USERTRust. Koma kwenikweni, zolephera zidayamba m'mawebusayiti mazanamazana omwe amagwiritsa ntchito malaibulale aulere a OpenSSL 1.0.x ndi GnuTLS. Kulumikizana kotetezeka sikunakhazikitsidwenso ndi uthenga wolakwika wosonyeza kuti satifiketiyo ndi yakale.
Chotsatira - Tiyeni Tilembetse
Chitsanzo china chabwino chakusintha kwa mizu ya CA yomwe ikubwera ndi Ulamuliro wa satifiketi ya Let's Encrypt. Zambiri adakonza zosintha kuchoka ku Identrust chain kupita ku ISRG Root chain, koma izi .
"Chifukwa cha nkhawa zakusokonekera kwa mizu ya ISRG pazida za Android, taganiza zosuntha tsiku losinthira kuyambira pa Julayi 8, 2019 mpaka pa Julayi 8, 2020," a Let's Encrypt adatero m'mawu ake.
Tsikuli liyenera kuimitsidwa chifukwa cha vuto lotchedwa "root propagation", kapena ndendende, kusowa kwa mizu yofalitsa, pamene muzu wa CA sunagawidwe kwambiri kwa makasitomala onse.
Let's Encrypt pakadali pano imagwiritsa ntchito satifiketi yapakatikati yosainidwa ndi IdenTrust DST Root CA X3. Satifiketi iyi idatulutsidwanso mu Seputembara 2000 ndipo imatha pa Seputembara 30, 2021. Mpaka nthawi imeneyo, Tiyeni Tilembetse mapulani osamukira ku ISRG Root X1 yodzilemba yokha.
ISRG mizu idatulutsidwa pa June 4, 2015. Zitatha izi, njira yovomerezera ngati woyang'anira certification idayamba, yomwe idatha . Kuyambira pamenepo, muzu wa CA udapezeka kwa makasitomala onse kudzera munjira yogwiritsira ntchito kapena kusinthidwa kwa mapulogalamu. Zomwe mumayenera kuchita ndikuyika zosintha.
Koma ndiye vuto.
Ngati foni yanu yam'manja, TV kapena chipangizo china sichinasinthidwe kwa zaka ziwiri, chidzadziwa bwanji za chiphaso chatsopano cha ISRG Root X1? Ndipo ngati simuyiyika pamakina, ndiye kuti chipangizo chanu chidzasokoneza ma satifiketi onse a Let's Encrypt server akangosintha Tiyeni Tilembetse muzu watsopano. Ndipo mu Android ecosystem pali zida zambiri zakale zomwe sizinasinthidwe kwanthawi yayitali.
Android Ecosystem
Ichi ndichifukwa chake Tiyeni Encrypt tichedwe kusunthira ku mizu yake ya ISRG ndipo timagwiritsabe ntchito yapakatikati yomwe imatsikira ku mizu ya IdenTrust. Koma kusintha kuyenera kupangidwa mulimonse. Ndipo tsiku la kusintha kwa mizu limaperekedwa .
Kuti muwone ngati muzu wa ISRG X1 wayikidwa pa chipangizo chanu (TV, bokosi lapamwamba kapena kasitomala wina), tsegulani tsamba loyesa. . Ngati palibe chenjezo lachitetezo likuwonekera, ndiye kuti zonse zimakhala bwino.
Let Encrypt sindiye yekhayo amene akukumana ndi vuto losamukira ku mizu yatsopano. Cryptography pa intaneti idayamba kugwiritsidwa ntchito zaka zopitilira 20 zapitazo, ndiye ino ndi nthawi yomwe ziphaso zambiri zatsala pang'ono kutha.
Eni ake a ma TV anzeru omwe sanasinthe pulogalamu ya Smart TV kwa zaka zambiri angakumane ndi vutoli. Mwachitsanzo, muzu watsopano wa GlobalSign idatulutsidwa mu 2012, ndipo ma TV ena akale a Smart sangathe kumanga unyolo, chifukwa alibe muzu wa CA. Makamaka, makasitomalawa sanathe kukhazikitsa kulumikizana kotetezeka patsamba la bbc.co.uk. Kuti athetse vutoli, olamulira a BBC adachita chinyengo: iwo kudzera mu ziphaso zina zapakatikati, pogwiritsa ntchito mizu yakale ΠΈ , amene sanavutebe.
www.bbc.co.uk (Leaf) GlobalSign ECC OV SSL CA 2018 (Yapakatikati) GlobalSign Root CA - R5 (Yapakatikati) GlobalSign Root CA - R3 (Yapakatikati)
Ili ndi yankho kwakanthawi. Vuto silidzatha pokhapokha mutasintha pulogalamu ya kasitomala. Smart TV kwenikweni ndi kompyuta yocheperako yomwe ikuyenda ndi Linux. Ndipo popanda zosintha, ziphaso zake za mizu zimakhala zowola.
Izi zimagwira ntchito pazida zonse, osati ma TV okha. Ngati muli ndi chipangizo chilichonse cholumikizidwa ndi intaneti ndipo chidalengezedwa ngati chida "chanzeru", ndiye kuti vuto la ziphaso zowola limakhudzanso. Ngati chipangizocho sichinasinthidwe, sitolo ya CA idzakhala yachikale pakapita nthawi ndipo pamapeto pake vutoli lidzawonekera. Nthawi yomwe vutoli limachitika posachedwa zimatengera nthawi yomwe sitolo ya mizu idasinthidwa komaliza. Izi zitha kukhala zaka zingapo tsiku lotulutsa chida chisanachitike.
Mwa njira, ili ndiye vuto chifukwa mapulatifomu ena akuluakulu sangathe kugwiritsa ntchito ma satifiketi amakono monga Let's Encrypt, alemba Scott Helme. Sali oyenera ma TV anzeru, ndipo chiwerengero cha mizu ndi chochepa kwambiri kuti chitsimikizire chithandizo cha satifiketi pazida zakale. Kupanda kutero, TV sichitha kuyambitsa ntchito zamakono zotsatsira.
Zomwe zachitika posachedwa ndi AddTrust zidawonetsa kuti ngakhale makampani akuluakulu a IT sanakonzekere kuti chiphaso cha mizu chimatha.
Pali njira imodzi yokha yothetsera vutoli - kusintha. Opanga zida zanzeru ayenera kupereka njira yosinthira mapulogalamu ndi ziphaso za mizu pasadakhale. Kumbali inayi, sizopindulitsa kwa opanga kuonetsetsa kuti zipangizo zawo zikugwiritsidwa ntchito pambuyo pa nthawi ya chitsimikizo.
Source: www.habr.com