Sithetha malunga nokuba yeyiphi iteknoloji ye-DANE yokuqinisekisa amagama esizinda usebenzisa i-DNS kwaye kutheni ingasetyenziswanga ngokubanzi kwiziphequluli.
/unsplash/
Yintoni iDANE
IziGunyaziso zeZiqinisekiso (CAs) yimibutho ethi
Ukuphepha iimeko ezinjalo, kwiminyaka emininzi eyadlulayo i-IETF
I-DANE (i-DNS-based Authentication of Named Entities) yiseti yeenkcukacha ezikuvumela ukuba usebenzise i-DNSSEC (Izandiso zeNkqubo yoKhuseleko yeGama) ukulawula ukunyaniseka kwezatifikethi ze-SSL. I-DNSSEC lulwandiso lweNkqubo yeGama leDomain enciphisa uhlaselo lwe-spoofing yeedilesi. Ukusebenzisa ezi teknoloji zimbini, umphathi wewebhu okanye umxhasi unokuqhagamshelana nomnye wabaqhubi bezowuni ye-DNS kwaye aqinisekise ukunyaniseka kwesatifikethi esisetyenziswayo.
Ngokusisiseko, i-DANE isebenza njengesatifikethi esizisayinileyo (umqinisekisi wokuthembeka kwayo yi-DNSSEC) kwaye izalisekisa imisebenzi ye-CA.
ntoni lo msebenzi
Iinkcukacha ze-DANE zichazwe kwi
Umxhasi uqhagamshela kwisayithi kwi-Intanethi kwaye uthelekisa isatifikethi sayo kunye "nekopi" efunyenwe kumqhubi we-DNS. Ukuba ziyahambelana, ngoko ke isibonelelo sithathwa njengethembekile.
Iphepha le-DANE wiki libonelela ngomzekelo olandelayo wesicelo se-DNS kumzekelo.org kwizibuko le-TCP 443:
IN TLSA _443._tcp.example.org
Impendulo ibonakala ngolu hlobo:
_443._tcp.example.com. IN TLSA (
3 0 0 30820307308201efa003020102020... )
I-DANE inezandiso ezininzi ezisebenza ngeerekhodi ze-DNS ngaphandle kwe-TLSA. Eyokuqala yi SSHFP DNS irekhodi yokuqinisekisa izitshixo kuqhagamshelo lwe-SSH. Ichazwe kwi
Yintoni ingxaki nge DANE
Phakathi koMeyi, inkomfa ye-DNS-OARC yabanjwa (le yintlangano engenzi nzuzo ejongene nokhuseleko, ukuzinza kunye nophuhliso lwenkqubo yegama lesizinda). Iingcali kwenye yeepaneli
Iibhrawuza ezidumileyo azixhasi uqinisekiso lwesatifikethi kusetyenziswa i-DANE. Kwimarike
kukho iiplagi ezikhethekileyo , ebonisa ukusebenza kweerekhodi ze-TLSA, kodwa kunye nenkxaso yazongokuthe ngcembe uyeke .
Iingxaki ngokusasazwa kwe-DANE kwizikhangeli zinxulunyaniswa nobude benkqubo yokuqinisekisa ye-DNSSEC. Inkqubo inyanzelekile ukuba yenze izibalo ze-cryptographic ukuqinisekisa ubunyani besatifikethi se-SSL kwaye idlule kwikhonkco lonke leeseva ze-DNS (ukusuka kwindawo yengcambu ukuya kwi-domain host) xa uqala ukuxhuma kwi-resource.
/unsplash/
IMozilla izamile ukuphelisa le ngxaki isebenzisa indlela
Esinye isizathu sokuthandwa okuphantsi kwe-DANE kukuxhaphaka okuphantsi kwe-DNSSEC kwihlabathi-
Okunokwenzeka, ishishini liya kuphuhlisa kwicala elahlukileyo. Esikhundleni sokusebenzisa i-DNS ukuqinisekisa izatifikethi ze-SSL/TLS, abadlali beemarike baya kukhuthaza i-DNS-over-TLS (DoT) kunye ne-DNS-over-HTTPS (DoH) protocol. Sayikhankanya le yokugqibela kwenye yethu
Yintoni enye esinayo ukuze sifunde ngakumbi:
Indlela yokwenza ngokuzenzekelayo ulawulo lweziseko zophuhliso lwe-IT - ukuxoxa ngeendlela ezintathu
JMAP - iprotocol evulekileyo eya kuthatha indawo ye-IMAP xa utshintshisa ngee-imeyile
UGcina Njani ngeNkqubo yeSijongano seNkqubo
I-DevOps kwinkonzo yefu isebenzisa umzekelo we-1cloud.ru
I-Evolution ye-1cloud cloud architecture
Isebenza njani inkxaso ye-1cloud yobugcisa?
Iintsomi malunga nobuchwepheshe bamafu
umthombo: www.habr.com