Isticmaalayaasha shabakada adeegyada dadweynaha ee Ruushka (gosuslugi.ru) waxay heleen ogeysiis ku saabsan abuuritaanka hay'ad shahaado dawladeed oo leh shahaadada xididka TLS, taas oo aan lagu darin kaydinta shahaadooyinka xididka nidaamyada hawlgalka iyo daalacashada ugu weyn. Shahaadooyinka waxaa lagu bixiyaa si ikhtiyaari ah hay'adaha sharciga ah waxaana loogu talagalay in loo isticmaalo xaaladaha shahaadooyinka TLS lagala noqday ama la joojiyay natiijada cunaqabataynta. Tusaale ahaan, CA-yada fadhigoodu yahay Maraykanka, sida DigiCert, waxay joojiyeen bixinta shahaadooyinka shabakadaha ururada ee liiska cunaqabataynta.
Waqtigan xaadirka ah, shahaadada xididka gobolka waxaa lagu dhex daray oo kaliya Yandex.Browser iyo alaabada Atom. Si loo hubiyo in goobaha isticmaala shahaadooyinka CA dadweynaha lagu kalsoon yahay daalacashada kale, waa in aad gacanta ku darto shahaadada xididka nidaamka ama dukaanka shahaado browser.
Waxaa ka mid ah goobaha horey u helay shahaadooyinka TLS ee gobolka waxaa ka mid ah bangiyada kala duwan (Sberbank, VTB, Bankiga Dhexe) iyo ururrada iyo mashaariicda ku xiran hay'adaha dawladda. Isla mar ahaantaana, wakhtiga qorista, shabakadaha waaweyn ee Sber iyo VTB waxay sii wadaan isticmaalka shahaadooyinka TLS ee dhaqameed ee lagu taageeray dhammaan daalacashada, laakiin qaar ka mid ah subdomains (tusaale, online-alpha.vtb.ru) ayaa mar hore loo wareejiyay shahaado cusub.
Haddii ay dhacdo in CA cusub lagu soo rogo ama la ogaado xadgudubyada sida weerarrada MITM, waxay u badan tahay in Firefox, Chrome, Edge, iyo soosaarayaasha browserka Safari ay qaadi doonaan tallaabo ay ku daraan shahaadada xididka dhibka leh ee liisaska ka noqoshada shahaadada, sidii horeba. lagu sameeyay shahaado , la hirgaliyay si looga hortago taraafikada HTTPS ee Kazakhstan.
Source: opennet.ru