Ngomhla wama-27 kuFebruwari, 2020 Masifihle iGunya leSiqinisekiso saMahla .
Kwingxelo yeendaba ebhiyozelayo, abameli beprojekthi bakhumbula ukuba isikhumbuzo sangaphambili se-100 yezigidi zezatifikethi ezikhutshiweyo zabhiyozelwa. . Emva koko isabelo se-HTTPS ye-traffic kwi-Intanethi yayingu-58% (e-US - 64%). Kwiminyaka emibini enesiqingatha, amanani akhule kakhulu: “Namhlanje, i-81% yamaphepha alayishiweyo ehlabathini lonke asebenzisa iHTTPS, kwaye eUnited States sikwi-91%! - abafana beprojekthi bayavuya. - Impumelelo engakholelekiyo. Eli linqanaba eliphezulu kakhulu lobumfihlo kunye nokhuseleko kuye wonke umntu. ”
Masibhale ngokuntsonkothileyo indima ebaluleke kakhulu ekwenzeni izatifikethi ze-HTTPS zibe ngumgangatho oluncedo, kunye nofihlo oluluqilima lwetrafikhi lube yinto eqhelekileyo kwi-Intanethi.
Uvavanyo lwe-Beta lwegunya lesatifikethi esivelisa into entsha elithi MasiShinyele luqale ngoDisemba ka-2015. Uphawu olulodwa lweziko elitsha yayikukuba inkqubo yokukhupha izatifikethi ekuqaleni yayizisebenzela ngokupheleleyo.
Uqwalaselo oluzenzekelayo lwe-HTTPS kumncedisi lwenzeka kwizigaba ezibini. Kwisinyathelo sokuqala, i-arhente yazisa i-CA yamalungelo omlawuli womncedisi kwigama lesizinda. Umzekelo, ukuqinisekiswa kunokubandakanya ukudala isizinda esithile, okanye ukufaka i-HTTP resource ene-URI ethile ngaphakathi kwendawo.
Masi Fihla ichonga iseva yewebhu eqhuba iarhente ngesitshixo sayo sikawonke-wonke. Izitshixo zikawonke-wonke kunye nezabucala ziveliswa yi-arhente phambi koqhagamshelo lokuqala kwi-CA. Ngexesha lokuqinisekisa ngokuzenzekelayo, i-arhente yenza inani leemvavanyo: umzekelo, isayinela i-password yexesha elinye efunyenweyo kunye nesitshixo sikawonke-wonke kwaye ibonise i-HTTP resource nge-URI ethile. Ukuba isignesha yedijithali ichanekile kwaye zonke iimvavanyo zigqithisiwe, i-arhente inikwe amalungelo okulawula izatifikethi zesizinda.
Kwinqanaba lesibini, i-arhente inokucela, ihlaziye, kwaye irhoxise izatifikethi. Ukukhupha isatifikethi ngokuzenzekelayo, impendulo yomngeni (umngeni-impendulo, umngeni-impendulo) iprotocol yokuqinisekisa iklasi ebizwa ngokuba yi-Automated Certificate Management Environment (ACME) isetyenziswa. Konke ukukhohlisa ngesatifikethi kwenziwa ngaphandle kokumisa umncedisi wewebhu usebenzisa umxhasi we-ACME . Kulula ukuyisebenzisa, isebenza kwiinkqubo ezininzi zokusebenza, kwaye ibhalwe kakuhle. Kukho imo yengcali eneseti eyandisiweyo yesethingi. Ukongeza kwiCertbot, kukho .
Ukubaluleka kweMasi Fihla
ILet Encrypt iguqule imarike ebikade ilawulwa ziiCAs zorhwebo. Ngoku sele bephantse baphuma kwishishini lezatifikethi ze-DV (Domain Validation), nangona beqhubeka nokuthengisa iziqinisekiso zoQinisekiso lwe-Organization (OV) kunye nezatifikethi zoQinisekiso oloNgezelelweyo (EV) ezingayikhuphiyo iLet Encryption. Nangona kunjalo, le yimveliso ye-niche, kwaye izatifikethi zasimahla Masibhale ngokufihlakeleyo zilawula kakhulu kwintengiso enkulu.
I-Let Encrypting iyenze umgangatho wokukhupha izatifikethi kwakhona ngokuzenzekelayo. Nangona ubomi babo bufutshane (iintsuku ezingama-90), inkqubo ezenzekelayo isusa "into yomntu" emele umngcipheko omkhulu wokhuseleko. Abalawuli besizinda bahlala belibala ngokulula ukuhlaziya izatifikethi, nto leyo ebangela ukuba iinkonzo zisilele. Isehlo sokugqibela esinje senzeka ngamaqela eMicrosoft. Nge-3 kaFebruwari 2020, le nkonzo yentsebenziswano ayizange isebenze .
Ukutshintshwa ngokuzenzekelayo kwezatifikethi usebenzisa i-ACME protocol kuphelisa ukuba nokwenzeka kweziganeko ezinjalo.
Nangona iprojekthi iLet Encrypt isebenzela isiqingatha se-Intanethi, kwihlabathi elibonakalayo ngumbutho omncinci ongenzi nzuzo: “Kule minyaka mibini inesiqingatha, umbutho wethu ukhule, kodwa hayi kakhulu! bayabhala. NgoJuni 2017, siye sabamba malunga ne-46 yezigidi zewebhusayithi kunye nabasebenzi bexesha elizeleyo abali-11 kunye nohlahlo lwabiwo-mali lonyaka lwe-2,61 yezigidi zeedola. sisebenzela indawo ephindwe kane kunabasebenzi ababini abongezelelweyo kunye nokwanda kwe-192 pesenti kuhlahlo lwabiwo-mali.
Iprojekthi ixhaswa nge и .
Ukuza kuthi ga ngoku, i-HTTPS iye yaba ngumgangatho we-de facto kwi-intanethi. Ukusukela kulo nyaka uphelileyo, iiphequluli eziphambili ziye zalumkisa abasebenzisi malunga nobungozi bokunxibelelana neziza ezingafihli itrafikhi kwi-HTTPS. Masibethele kubangwe ngotshintsho olunjalo kumhlaba wokhuseleko.
Ngaphezulu koko, Masibhale ngokufihlakeleyo ngokwenyani . Ngoku i-Jabber isebenza ngoguqulelo oluluqilima kwi-server-server kunye namanqanaba omncedisi womncedisi, kwaye uninzi lwezatifikethi zikhutshwe nguLet Encrypt.
“Njengoluntu, senze izinto ezimangalisayo ukukhusela abantu kwi-Intanethi,” ifundeka ngolu hlobo . “Ukukhutshwa kwesatifikethi sebhiliyoni bubungqina bayo yonke inkqubela esiyenzileyo siluluntu.”
umthombo: www.habr.com