Kuti bhurawuza rive nderechokwadi webhusaiti, rinozvipa riine cheni yezvitupa inoshanda. Cheni yakajairika inoratidzwa pamusoro, uye panogona kunge paine chitupa chimwe chepakati. Huwandu hushoma hwezvitupa mucheni inoshanda zvitatu.
Chitupa chemidzi ndiwo moyo wechiremera chechitupa. Iyo yakavakirwa chaizvo muOS yako kana browser, iripo panyama pane chako kifaa. Haikwanise kuchinjwa kubva kudivi reseva. Kugadziriswa kwekumanikidzwa kweOS kana firmware pamudziyo inodiwa.
Security Nyanzvi Scott Helme , kuti matambudziko makuru achamuka neRet Encrypt certification chiremera, nekuti nhasi ndiyo inonyanya kufarirwa CA paInternet, uye chitupa chayo chemidzi chichakurumidza kuipa. Kuchinja iyo Let's Encrypt root .
Magumo uye epakati zvitupa zve certification chiremera (CA) anounzwa kumutengi kubva kune server, uye mudzi wetiti unobva kumutengi. tatova nazvo, saka neiyi kuunganidzwa kwezvitupa munhu anogona kuvaka cheni uye simbisa webhusaiti.
Dambudziko nderekuti chitupa chimwe nechimwe chine zuva rekupera, mushure mezvo chinoda kutsiviwa. Semuenzaniso, kubva munaGunyana 1, 2020, vanoronga kuunza muganho pane iyo nguva yechokwadi ye server TLS zvitupa muSafari browser. .
Izvi zvinoreva kuti isu tese tichafanirwa kutsiva yedu server zvitupa kanenge mwedzi gumi nemaviri. Kurambidzwa uku kunongoshanda kune server zvitupa; it kwete inoshanda kumidzi CA zvitupa.
Zvitupa zveCA zvinotongwa neimwe seti yemitemo uye nekudaro zvine miganho yechokwadi yakasiyana. Zvakajairika kuwana zvitupa zvepakati zvine nguva yemakore mashanu uye zvitupa zvemidzi zvine hupenyu hwesevhisi kunyangwe makore makumi maviri nemashanu!
Iko kazhinji hakuna matambudziko nezvitupa zvepakati, nekuti zvinopihwa kune mutengi nesevha, iyo pachayo inoshandura yayo chitupa kakawanda, saka inongotsiva yepakati mukuita. Zviri nyore kuitsiva pamwe nesevha setifiketi, kusiyana nemudzi CA chitupa.
Sezvatakambotaura, mudzi CA wakavakirwa zvakananga mumutengi mudziyo pachayo, muOS, browser kana imwe software. Kuchinja mudzi CA kuri kupfuura kutonga kwewebhusaiti. Izvi zvinoda kuvandudzwa pane mutengi, ingave OS kana software yekuvandudza.
Mimwe mudzi CAs ave aripo kwenguva yakareba kwazvo, tiri kutaura nezve 20-25 makore. Nenguva isipi mamwe ekare emudzi maCA achaswedera kumagumo ehupenyu hwavo hwepanyama, nguva yavo inenge yapera. Kune vazhinji vedu izvi hazvizove dambudziko zvachose nekuti maCA akagadzira zvitupa zvitsva zvemidzi uye akagoverwa pasirese muOS uye browser zvigadziriso kwemakore mazhinji. Asi kana mumwe munhu asina kuvandudza OS yavo kana browser munguva refu kwazvo, idambudziko.
Izvi zvakaitika muna Chivabvu 30, 2020 na10:48:38 GMT. Iyi ndiyo nguva chaiyo apo kubva kuComodo certification authority (Sectigo).
Yaishandiswa kuchinjika-kusaina kuona kuenderana nemidziyo yenhaka isina iyo USERTrust midzi chitupa muchitoro chavo.
Nehurombo, matambudziko akamuka kwete mumabhurawuza enhaka chete, asiwo mune vasiri-browser vatengi zvinoenderana neOpenSSL 1.0.x, LibreSSL uye . Semuenzaniso, mumabhokisi e-set-top , sevhisi , muFortinet, Chargify applications, on the .NET Core 2.0 chikuva cheLinux uye .
Zvaifungidzirwa kuti dambudziko raizongokanganisa masisitimu enhaka (Android 2.3, Windows XP, Mac OS X 10.11, iOS 9, nezvimwewo), sezvo mabhurawuza emazuva ano anogona kushandisa yechipiri USERTRust midzi chitupa. Asi kutaura zvazviri, kukundikana kwakatanga mumazana emawebhusaiti akashandisa emahara OpenSSL 1.0.x uye GnuTLS maraibhurari. Konekisheni yakachengeteka yange isisagone kutangwa paine meseji yemhosho inoratidza kuti chitupa chava chekare.
Zvinotevera - Ngatinyorei
Mumwe muenzaniso wakanaka weiyo inouya mudzi CA shanduko ndeye Let's Encrypt chitupa chiremera. Zvimwe vakaronga kuchinja kubva kuIdentrust chain kuenda kune yavo ISRG Root cheni, asi izvi .
"Nekuda kwekunetsekana nekushaikwa kwekutorwa kweiyo ISRG mudzi pamidziyo yeAroid, tafunga kufambisa zuva rekushandura midzi kubva munaChikunguru 8, 2019 kusvika Chikunguru 8, 2020," Let's Encrypt vakadaro mukutaura.
Zuva racho raifanira kumbomiswa nekuda kwedambudziko rainzi "root propagation", kana kunyanya, kushaikwa kwemidzi yekuparadzira, apo mudzi weCA hauna kuparadzirwa zvakanyanya kune vese vatengi.
Let's Encrypt parizvino inoshandisa muchinjika-yakasainwa yepakati chitupa chakasungirirwa kuIdenTrust DST Root CA X3. Ichi chitupa chakapihwa kumashure munaGunyana 2000 uye chinopera munaGunyana 30, 2021. Kusvika panguva iyoyo, Ngati Encrypt inoronga kutamira kune yayo yega-yakasaina ISRG Root X1.
ISRG mudzi yakaburitswa muna Chikumi 4, 2015. Mushure meizvi, maitiro ekubvumidzwa kwayo sechiremera chekupa zvitupa akatanga, izvo zvakapera . Kubva panguva ino zvichienda mberi, mudzi CA waivepo kune vese vatengi kuburikidza neanoshanda sisitimu kana software yekuvandudza. Chawaifanira kuita kuisa update.
Asi ndiro dambudziko.
Kana nharembozha yako, TV kana imwe mudziyo isina kuvandudzwa kwemakore maviri, ichaziva sei nezve ISRG Root X1 midzi chitupa? Uye kana iwe ukasaiisa pane iyo sisitimu, ipapo mudziyo wako uchaita kusashanda ese Let's Encrypt server zvitupa nekukurumidza Let's Encrypt switching kune mudzi mutsva. Uye mu Android ecosystem kune akawanda echinyakare maturusi asina kuvandudzwa kwenguva yakareba.
Android ecosystem
Ichi ndicho chikonzero Ngatinyorei kunonoka kuenda kune yayo ISRG mudzi uye tichiri kushandisa yepakati inodzika kuIdenTrust mudzi. Asi shanduko ichafanirwa kuitwa chero zvakadaro. Uye zuva rekuchinja midzi rinopihwa .
Kuti utarise kuti ISRG X1 midzi yakaiswa pachishandiso chako (TV, set-yepamusoro bhokisi kana mumwe mutengi), vhura saiti yekuyedza. . Kana pasina yambiro yekuchengetedza inoonekwa, saka zvese zvinogara zvakanaka.
Let's Encrypt handiyo yega yakatarisana nedambudziko rekutamira kumudzi mutsva. Cryptography paInternet yakatanga kushandiswa achangodarika makore makumi maviri apfuura, saka ino ndiyo nguva yekuti akawanda midzi zvitupa ave kuda kupera.
Varidzi ve smart TV vasina kugadzirisa iyo Smart TV software kwemakore akawanda vanogona kusangana nedambudziko iri. Semuenzaniso, iyo itsva GlobalSign mudzi yakabudiswa muna 2012, uye mushure mokunge mamwe maTV ekare ekare haakwanisi kuvaka cheni kwairi, nokuti ivo havana mudzi uyu CA. Kunyanya, vatengi ava havana kukwanisa kumisa kubatana kwakachengeteka kune bbc.co.uk webhusaiti. Kuti vagadzirise dambudziko iri, vatariri veBBC vaifanira kushandisa zano: ivo kuburikidza nezvimwe zvitupa zvepakati, uchishandisa midzi yekare ΠΈ , izvo zvisati zvaora.
www.bbc.co.uk (Leaf) GlobalSign ECC OV SSL CA 2018 (Ipakati) GlobalSign Root CA - R5 (Intermediate) GlobalSign Root CA - R3 (Intermediate)
Iyi imhinduro yechinguvana. Dambudziko harisi kuzoenda kunze kwekunge wavandudza software yemutengi. Iyo smart TV inonyatso diki-inoshanda komputa inomhanya Linux. Uye pasina zvigadziriso, zvitupa zvayo zvemidzi zvinozoora.
Izvi zvinoshanda kune ese maturusi, kwete maTV chete. Kana iwe uine chero mudziyo wakabatana neInternet uye wakashambadzirwa se "smart" mudziyo, saka dambudziko rezvitupa zvakaora rinenge rine chekuita nazvo. Kana mudziyo ukasagadziridzwa, mudzi weCA chitoro unozove wekare nekufamba kwenguva uye pakupedzisira dambudziko rinouya. Kuti dambudziko rinoitika rinhi kunoenderana nekuti midzi chitoro chakagadziridzwa riini. Izvi zvinogona kunge zviri makore akati wandei zuva risati raburitswa rechishandiso.
Nenzira, iri ndiro dambudziko nei mamwe mapuratifomu makuru enhau asingakwanise kushandisa zviremera zvechizvino-zvino otomatiki seRet Encrypt, anonyora Scott Helme. Iwo haana kukodzera smart TVs, uye nhamba yemidzi idiki zvakanyanya kuvimbisa rutsigiro rwechitupa pamidziyo yenhaka. Zvikasadaro, TV haizokwanisi kuvhura masevhisi emazuva ano ekutepfenyura.
Chiitiko chazvino neAddTrust chakaratidza kuti kunyangwe makambani makuru eIT haana kugadzirira chokwadi chekuti chitupa chemidzi chinopera.
Pane imwe chete mhinduro kudambudziko - update. Vagadziri vezvishandiso zvakangwara vanofanirwa kupa nzira yekuvandudza software uye midzi zvitupa pamberi. Kune rumwe rutivi, hazvibatsiri kuti vagadziri vaone kushanda kwemidziyo yavo mushure mokunge nguva yewaranti yapera.
Source: www.habr.com