Onjiniyela bephrojekthi ye-Chromium , ebeka isikhathi sokuphila esiphezulu sezitifiketi ze-TLS zibe yizinsuku ezingama-398 (izinyanga eziyi-13).
Umbandela usebenza kuzo zonke izitifiketi zeseva yomphakathi ezikhishwe ngemva komhla ka-Septhemba 1, 2020. Uma isitifiketi singafani nalo mthetho, isiphequluli sizosenqaba njengesingalungile futhi siphendule ngokuqondile ngephutha ERR_CERT_VALIDITY_TOO_LONG.
Ezitifiketini ezitholwe ngaphambi kukaSepthemba 1, 2020, ukwethenjwa kuzogcinwa futhi (iminyaka engu-2,2), njenganamuhla.
Phambilini, abathuthukisi beziphequluli zeFirefox neSafari bethula imikhawulo kubude besikhathi sokuphila esiphezulu sezitifiketi. Shintsha futhi .
Lokhu kusho ukuthi amawebhusayithi asebenzisa izitifiketi ze-SSL/TLS zempilo ende ezikhishwe ngemuva kwephoyinti lokunqamula azophonsa amaphutha obumfihlo kuziphequluli.
U-Apple ube ngowokuqala ukumemezela inqubomgomo entsha emhlanganweni weforamu ye-CA/Isiphequluli . Lapho yethula umthetho omusha, u-Apple wathembisa ukuwusebenzisa kuwo wonke amadivayisi we-iOS nama-macOS. Lokhu kuzofaka ingcindezi kubaphathi bewebhusayithi nabathuthukisi ukuze baqinisekise ukuthi izitifiketi zabo ziyahambisana.
Ukunciphisa isikhathi sokuphila kwezitifiketi kuxoxwe ngazo izinyanga yi-Apple, Google, namanye amalungu e-CA/Isiphequluli. Le nqubomgomo inezinzuzo zayo kanye nokubi.
Umgomo walesi sinyathelo ukuthuthukisa ukuvikeleka kwewebhusayithi ngokuqinisekisa ukuthi onjiniyela basebenzisa izitifiketi ezinamazinga akamuva e-cryptographic, kanye nokunciphisa inani lezitifiketi ezindala, ezikhohliwe ezingase zebiwe futhi ziphinde zisetshenziswe ebugebengwini nasekuhlaseleni okunonya kokushayela. Uma abahlaseli bengakwazi ukwephula i-cryptography ngezinga le-SSL/TLS, izitifiketi zesikhashana zizoqinisekisa ukuthi abantu bashintshela kuzitifiketi ezivikeleke kakhulu esikhathini esingangonyaka.
Ukunciphisa isikhathi sokufaneleka kwezitifiketi kunobubi obuthile. Kuye kwaphawulwa ukuthi ngokwandisa imvamisa yokushintshwa kwezitifiketi, i-Apple nezinye izinkampani nazo zenza impilo ibe nzima kubanikazi besizinda kanye nezinkampani okufanele zilawule izitifiketi nokuthobela.
Ngakolunye uhlangothi, Masibhale Ngemfihlo nezinye iziphathimandla zesitifiketi zikhuthaza abaphathi bewebhu ukuthi basebenzise izinqubo ezizenzakalelayo zokubuyekeza izitifiketi. Lokhu kunciphisa i-overhead yomuntu kanye nengozi yamaphutha njengoba imvamisa yokushintshwa kwesitifiketi ikhula.
Njengoba wazi, i-Let's Encrypt ikhipha izitifiketi zamahhala ze-HTTPS eziphelelwa yisikhathi ngemva kwezinsuku ezingu-90 futhi inikeza ngamathuluzi okuvuselela ngokuzenzakalelayo. Ngakho-ke manje lezi zitifiketi zingena kangcono kwingqalasizinda iyonke njengoba iziphequluli zibeka imikhawulo ephezulu yokuqinisekisa.
Lolu shintsho luvotelwe amalungu e-CA/Browser Forum, kodwa isinqumo .
Imiphumela
Ukuvota Kokhipha Isitifiketi
Okwa (11 amavoti): Amazon, Buypass, Certigna (DHIMYOTIS), certSIGN, Sectigo (owayekade eyiComodo CA), eMudhra, Kamu SM, Let's Encrypt, Logius, PKIoverheid, SHECA, SSL.com
ngokumelene (20): Camerfirma, Certum (Asseco), CFCA, Chunghwa Telecom, Comsign, D-TRUST, DarkMatter, Entrust Datacard, Firmaprofesional, GDCA, GlobalSign, GoDaddy, Izenpe, Network Solutions, OATI, SECOM, SwissSign, TWCA, TrustCor, SecureTrust (yangaphambili Trustwave)
Akulaleki (2): HARICA, TurkTrust
Abathengi besitifiketi bayavota
Okwaba (7): Apple, Cisco, Google, Microsoft, Mozilla, Opera, 360
Ngokumelene: 0
Wagodla: 0
Iziphequluli manje zisebenzisa le nqubomgomo ngaphandle kwemvume yabaphathi besitifiketi.
Source: www.habr.com