, ΠΈ pamwe chete vakazivisa itsva TLS yekuwedzera (DC), kugadzirisa dambudziko nezvitupa paunenge uchironga kupinda kune saiti kuburikidza nekutumira zvemukati network. Zvitifiketi zvakapihwa nevakuru vezvitupa zvine nguva yakareba yechokwadi, izvo zvinogadzira matambudziko kana zvichidikanwa kuronga kupinda kune saiti kuburikidza neyechitatu-bato sevhisi, pachinzvimbo cheicho chinongedzo chakachengeteka chinofanirwa kusimbiswa, kubva pakuendesa chitupa chesaiti kune yekunze. sevhisi inogadzira kumwe kutyisidzira kwekuchengetedza.
Iyo nyowani yekuwedzera inogona zvakare kubatsira kune masayiti anoshanda pane yakakura yakagovaniswa zvivakwa zvine huwandu hukuru hwekuremedza mitoro. Hurukuro Dzakatumirwa dzinodzivirira kuchengetedza makopi emakiyi akavanzika ezvitupa zvikuru pane imwe neimwe yemukati yekutumira node. Nemaitiro echinyakare, kurwisa kwakabudirira pane chero maseva ane chekuita nekutumira HTTPS traffic kunotungamira mukukanganisa kwese chitupa. Kana makiyi epachivande akaendeswa kunetiweki yekuendesa zvemukati, pane kutyisidzira kwekudonha kwedata semhedzisiro yekuparadza nevashandi, zviito zvevehungwaru, kana kukanganisa kweCDN.
Kana kudonhedza kwakakosha kusingaonekwe, avo vakawana makiyi vanozokwanisa kuzvipinza vasingaonekwi mune saiti traffic (MITM) kwenguva yakareba, sezvo nguva dzezvitupa dzakaverengerwa mumwedzi nemakore. Cloudflare inogona kuchengetedza makiyi etifiketi ne yakakosha maseva makiyi anoshanda kudivi remuridzi wesaiti, asi kushanda mune iyi modhi kunotungamirira kunonoka kukuru mukutakura traffic, kunoderedza kuvimbika nekuda kwekuonekwa kwechimwe chinongedzo uye kunoda kuendeswa kwezvivakwa zvakaomarara.
Iyo yakatsanangurwa yeTLS yekuwedzera Delegated Credentials inosuma imwe yepakati yakavanzika kiyi, iyo yechokwadi inogumira kumaawa kana mazuva akati wandei (pasina kupfuura mazuva manomwe). Kiyi iyi inogadzirwa zvichibva pachitupa chakapihwa nechiremera chetifiketi uye inokutendera kuti uchengete kiyi yakavanzika yechitupa chepakutanga chakavanzika kubva kune zvemukati masevhisi, uchivapa chitupa chenguva pfupi nehupenyu hupfupi.
Kuti udzivise matambudziko ekuwana mushure mekunge kiyi yepakati yapera, tekinoroji yekuvandudza tekinoroji inopihwa iyo inoitwa padivi peiyo yekutanga TLS server. Chizvarwa hachidi mashandiro emaoko kana kumhanyisa zvinyorwa - sevha yakatenderwa inoda kiyi yakavanzika, hupenyu hwekiyi yakapfuura isati yapera, inobata sevha yekutanga yeTLS yesaiti uye inogadzira kiyi yepakati kwenguva pfupi inotevera.
Mabhurawuza anotsigira eDelegated Credentials TLS yekuwedzera anobata zvitupa zvakatorwa sekuvimbika. Semuyenzaniso, tsigiro yewedzero yakatsanangurwa yakatowedzerwa kune zvehusiku kuvaka uye beta shanduro yeFirefox uye inogona kuitwa mukati nezve:config nekushandura "security.tls.enable_delegated_credentials" marongero. Pakati paMbudzi, kuyedza kwakarongwawo kuitwa pakati peimwe muzana yevashandisi vebvunzo shanduro dzeFirefox "", mukati meiyo chikumbiro chekuyedza chinotumirwa kuCloudflare DC server kuti itarise kunaka kwekuitwa kweiyo TLS yekuwedzera. Tsigiro yeDzidziso Dzakatumirwa zvakare dzakatovakwa muraibhurari neTLS 1.3 kuita.
Iyo Delegated Credentials specification yakaendeswa kukomiti yeIETF (Internet Engineering Task Force), iyo inoona nezvekuvandudzwa kweInternet protocol uye zvivakwa, uye iri kudare repamusoro. , iyo inoti ndeyeInternet standard. The Delegated Credentials extension inogona kushandiswa chete neTLSv1.3.
Kuti ugadzire makiyi epakati, unofanirwa kuwana chitupa cheTLS chinosanganisira kuwedzera kwakakosha X.509, iyo parizvino inotsigirwa chete neDigiCert certification authority.
Source: opennet.ru