Iyo nyowani yekuwedzera inogona zvakare kubatsira kune masayiti anoshanda pane yakakura yakagovaniswa zvivakwa zvine huwandu hukuru hwekuremedza mitoro. Hurukuro Dzakatumirwa dzinodzivirira kuchengetedza makopi emakiyi akavanzika ezvitupa zvikuru pane imwe neimwe yemukati yekutumira node. Nemaitiro echinyakare, kurwisa kwakabudirira pane chero maseva ane chekuita nekutumira HTTPS traffic kunotungamira mukukanganisa kwese chitupa. Kana makiyi epachivande akaendeswa kunetiweki yekuendesa zvemukati, pane kutyisidzira kwekudonha kwedata semhedzisiro yekuparadza nevashandi, zviito zvevehungwaru, kana kukanganisa kweCDN.
Kana kudonhedza kwakakosha kusingaonekwe, avo vakawana makiyi vanozokwanisa kuzvipinza vasingaonekwi mune saiti traffic (MITM) kwenguva yakareba, sezvo nguva dzezvitupa dzakaverengerwa mumwedzi nemakore. Cloudflare inogona kuchengetedza makiyi etifiketi ne
Iyo yakatsanangurwa yeTLS yekuwedzera Delegated Credentials inosuma imwe yepakati yakavanzika kiyi, iyo yechokwadi inogumira kumaawa kana mazuva akati wandei (pasina kupfuura mazuva manomwe). Kiyi iyi inogadzirwa zvichibva pachitupa chakapihwa nechiremera chetifiketi uye inokutendera kuti uchengete kiyi yakavanzika yechitupa chepakutanga chakavanzika kubva kune zvemukati masevhisi, uchivapa chitupa chenguva pfupi nehupenyu hupfupi.
Kuti udzivise matambudziko ekuwana mushure mekunge kiyi yepakati yapera, tekinoroji yekuvandudza tekinoroji inopihwa iyo inoitwa padivi peiyo yekutanga TLS server. Chizvarwa hachidi mashandiro emaoko kana kumhanyisa zvinyorwa - sevha yakatenderwa inoda kiyi yakavanzika, hupenyu hwekiyi yakapfuura isati yapera, inobata sevha yekutanga yeTLS yesaiti uye inogadzira kiyi yepakati kwenguva pfupi inotevera.
Mabhurawuza anotsigira eDelegated Credentials TLS yekuwedzera anobata zvitupa zvakatorwa sekuvimbika. Semuyenzaniso, tsigiro yewedzero yakatsanangurwa yakatowedzerwa kune zvehusiku kuvaka uye beta shanduro yeFirefox uye inogona kuitwa mukati nezve:config nekushandura "security.tls.enable_delegated_credentials" marongero. Pakati paMbudzi, kuyedza kwakarongwawo kuitwa pakati peimwe muzana yevashandisi vebvunzo shanduro dzeFirefox "
Iyo Delegated Credentials specification yakaendeswa kukomiti yeIETF (Internet Engineering Task Force), iyo inoona nezvekuvandudzwa kweInternet protocol uye zvivakwa, uye iri kudare repamusoro.
Kuti ugadzire makiyi epakati, unofanirwa kuwana chitupa cheTLS chinosanganisira kuwedzera kwakakosha X.509, iyo parizvino inotsigirwa chete neDigiCert certification authority.
Source: opennet.ru