Baqapi ba projeke ea Chromium , e behang nako e telele ea bophelo ba litifikeiti tsa TLS ho matsatsi a 398 (likhoeli tse 13).
Boemo bona bo sebetsa ho litifikeiti tsohle tsa seva sa sechaba tse fanoeng kamora la 1 Loetse 2020. Haeba setifikeiti se sa lumellane le molao ona, sebatli se tla se hana ka hore ha se sebetse, 'me ka ho hlaka se arabe ka phoso ERR_CERT_VALIDITY_TOO_LONG.
Bakeng sa litifikeiti tse amohetsoeng pele ho la 1 Loetse 2020, tšepo e tla bolokoa le (lilemo tse 2,2), joalo ka kajeno.
Pejana, baetsi ba libatli tsa Firefox le Safari ba ile ba hlahisa lithibelo mabapi le nako e telele ea bophelo ba litifikeiti. Fetola hape .
Sena se bolela hore liwebsaete tse sebelisang li-certificate tsa SSL/TLS tsa nako e telele tse fanoeng ka mor'a hore sebaka se khaotsoe se tla lahlela liphoso tsa lekunutu ho libatli.
Apple e bile motho oa pele oa ho phatlalatsa leano le lecha kopanong ea CA/Browser forum . Ha e hlahisa molao o mocha, Apple e tšepisitse ho e sebelisa ho lisebelisoa tsohle tsa iOS le macOS. Sena se tla beha khatello ho batsamaisi ba sebaka sa marang-rang le bahlahisi ho netefatsa hore litifikeiti tsa bona lia lumellana.
Ho khutsufatsa nako ea bophelo ba setifikeiti ho 'nile ha buisanoa ka likhoeli ke Apple, Google, le litho tse ling tsa CA/Browser. Leano lena le na le melemo le mathata a lona.
Sepheo sa ts'ebetso ena ke ho ntlafatsa ts'ireletso ea sebaka sa marang-rang ka ho netefatsa hore bahlahisi ba sebelisa litifikeiti tse nang le litekanyetso tsa morao-rao tsa cryptographic, le ho fokotsa palo ea litifikeiti tsa khale, tse lebetsoeng tse ka utsuoang le ho sebelisoa hape ho phishing le litlhaselo tse lonya. Haeba bahlaseli ba ka senya li-cryptography maemong a SSL/TLS, litifikeiti tsa nakoana li tla netefatsa hore batho ba fetohela ho litifikeiti tse sireletsehileng haholoanyane nakong e ka etsang selemo.
Ho khutsufatsa nako ea ho sebetsa ha setifikeiti ho na le mefokolo e itseng. Ho hlokometsoe hore ka ho eketsa makhetlo a mangata a ho nkeloa sebaka sa setifikeiti, Apple le lik'hamphani tse ling le tsona li thatafalletsa beng ba libaka le lik'hamphani tse lokelang ho laola setifikeiti le ho latela melao.
Ka lehlakoreng le leng, Let's Encrypt le balaoli ba setifikeiti ba bang ba khothaletsa beng ba marang-rang ho kenya tšebetsong mekhoa e ikemetseng ea ho nchafatsa litifikeiti. Sena se fokotsa ts'ebetso ea batho le kotsi ea liphoso ha nako ea ho nchafatsa setifikeiti e ntse e eketseha.
Joalo ka ha u tseba, Let's Encrypt e fana ka litifikeiti tsa mahala tsa HTTPS tse felloang ke nako kamora matsatsi a 90 mme e fana ka lisebelisoa tsa ho inchafatsa. Joale litifikeiti tsena li lekana hantle le ho feta lits'ebetsong tsohle ha libatli li beha meeli e phahameng ea ho nepahala.
Phetoho ena e ile ea khethoa ke litho tsa CA/Browser Forum, empa qeto .
Liphetho
Kgetho ya Mofani wa Setifikeiti
Bakeng sa (likhetho tse 11): Amazon, Buypass, Certigna (DHIMYOTIS), certSIGN, Sectigo (eo pele e neng e le Comodo CA), eMudhra, Kamu SM, Let's Encrypt, Logius, PKIoverheid, SHECA, SSL.com
Khahlanong le (20): Camerfirma, Certum (Asseco), CFCA, Chunghwa Telecom, Comsign, D-TRUST, DarkMatter, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, Izenpe, Network Solutions, OATI, SECOM, SwissSign, TWCA, TrustCor, SecureTrust (ea pele Trustwave)
Ha ho na letho (2): HARICA, TurkTrust
Bareki ba setifikeiti ba khethang
Bakeng sa (7): Apple, Cisco, Google, Microsoft, Mozilla, Opera, 360
Khahlano le: 0
Qhanetsoe: 0
Hona joale babali ba sebelisa leano lena ntle le tumello ea balaoli ba setifikeiti.
Source: www.habr.com