I-IETF ivunyiwe
/Flickr/
Kwakutheni ukuze kufuneke umlinganiselo?
Umndilili ngokwesetingi
Inkqubo yokuqinisekiswa kwesizinda segunya ngalinye lesatifikethi inokwahluka. Ukunqongophala komgangatho ngamanye amaxesha kukhokelela kwiingxaki zokhuseleko. Eyaziwayo
IETF yamkelwe iprotocol ye-ACME (inkcazo
Umgangatho uvulekile kwaye nabani na unokufaka isandla ekuphuhlisweni kwawo. IN
ntoni lo msebenzi
Izicelo zitshintshwa kwi-ACME nge-HTTPS kusetyenziswa imiyalezo ye-JSON. Ukusebenza kunye neprotocol, kufuneka ufake umxhasi we-ACME kwindawo ekujoliswe kuyo; ivelisa isibini esibalulekileyo esikhethekileyo okokuqala ufikelela kwi-CA. Emva koko, ziya kusetyenziswa ukusayina yonke imiyalezo evela kumxhasi kunye nomncedisi.
Umyalezo wokuqala uqulethe ulwazi loqhagamshelwano malunga nomnini wesizinda. Isayinwe ngeqhosha labucala kwaye ithunyelwe kumncedisi kunye nesitshixo sikawonke-wonke. Iqinisekisa ubunyani bomsayino kwaye, ukuba yonke into ilungile, iqala inkqubo yokukhupha isatifikethi se-SSL.
Ukufumana isatifikethi, umxhasi kufuneka angqine kumncedisi ukuba ungumnikazi wendawo. Ukwenza oku, wenza izenzo ezithile ezifumaneka kumnini kuphela. Ngokomzekelo, ugunyaziwe wesatifikethi unokuvelisa uphawu olulodwa kwaye ucele umxhasi ukuba alubeke kwindawo. Okulandelayo, i-CA ikhupha iwebhu okanye umbuzo we-DNS ukubuyisela isitshixo kulo mqondiso.
Ngokomzekelo, kwimeko ye-HTTP, isitshixo esivela kwithokheni kufuneka sifakwe kwifayile eya kuhanjiswa ngumncedisi wewebhu. Ngexesha lokuqinisekiswa kwe-DNS, igunya lokuqinisekisa liya kukhangela isitshixo esikhethekileyo kuxwebhu olubhaliweyo lwerekhodi ye-DNS. Ukuba yonke into ilungile, umncedisi uqinisekisa ukuba umxhasi uqinisekisiwe kwaye i-CA ikhupha isatifikethi.
/Flickr/
Iingcamango
Ngu
Phakathi kweenzuzo zomgangatho, iingcali zikwaphawula ezininzi
Izisombululo ezifanayo
Iiprothokholi zikwasetyenziselwa ukufumana izatifikethi
Eyokuqala yaphuhliswa eCisco Systems. Injongo yayo yayikukwenza lula inkqubo yokukhupha izatifikethi zedijithali ze-X.509 kwaye yenze ukuba ihlaziywe kangangoko. Phambi kwe-SCEP, le nkqubo yayifuna intatho-nxaxheba esebenzayo yabalawuli benkqubo kwaye ayizange ikhule kakuhle. Namhlanje le protocol yenye yezona zixhaphakileyo.
Ngokuphathelele i-EST, ivumela abathengi be-PKI ukuba bafumane izatifikethi kumajelo akhuselekileyo. Isebenzisa i-TLS yokudlulisa umyalezo kunye nokukhutshwa kwe-SSL, kunye nokubopha i-CSR kumthumeli. Ukongeza, i-EST ixhasa iindlela ze-elliptic cryptography, eyenza umaleko owongezelelweyo wokhuseleko.
Ngu
Izithuba ezongezelelweyo ezivela kwiblogi yethu yoshishino:
Ukhetho lweziseko ze-IT zombutho Ukugcina iifayile: indlela yokuzikhusela kwilahleko yedatha Uqeqesho lumele abalawuli: ukuba ilifu linokunceda njani I-Evolution ye-1cloud cloud architecture
umthombo: www.habr.com