Sikhuluma ngokuthi buyini ubuchwepheshe be-DANE bokuqinisekisa amagama wesizinda usebenzisa i-DNS nokuthi kungani bungasetshenziswa kakhulu kuziphequluli.
/Vula/
Yini i-DANE
Iziphathimandla Zokugunyazwa (ama-CA) yizinhlangano ezithi
Ukuze ugweme izimo ezinjalo, eminyakeni embalwa edlule i-IETF
I-DANE (Ukuqinisekiswa Okususelwe ku-DNS Kwamabhizinisi Aqanjwe Ngamagama) isethi yezicaciso ezikuvumela ukuthi usebenzise i-DNSSEC (Izandiso Zokuvikela Zegama Lesistimu) ukuze ulawule ukufaneleka kwezitifiketi ze-SSL. I-DNSSEC iyisandiso Sohlelo Lwegama Lesizinda esinciphisa ukuhlaselwa kokukhwabanisa kwamakheli. Ngokusebenzisa lobu buchwepheshe obubili, umphathi wewebhu noma iklayenti angathinta omunye wabaqhubi bezoni ye-DNS futhi aqinisekise ukufaneleka kwesitifiketi esisetshenziswayo.
Empeleni, i-DANE isebenza njengesitifiketi esizisayinele wena (isiqiniseko sokuthembeka kwaso yi-DNSSEC) futhi siphelelisa imisebenzi ye-CA.
Kanjani lo msebenzi
Ukucaciswa kwe-DANE kuchazwe ku
Iklayenti lixhuma kusayithi eku-inthanethi futhi liqhathanise isitifiketi salo “nekhophi” elitholwe ku-opharetha we-DNS. Uma zifana, khona-ke insiza ibhekwa njengethembekile.
Ikhasi le-DANE wiki linikeza isibonelo esilandelayo sesicelo se-DNS ku-example.org ku-TCP port 443:
IN TLSA _443._tcp.example.org
Impendulo ibukeka kanje:
_443._tcp.example.com. IN TLSA (
3 0 0 30820307308201efa003020102020... )
I-DANE inezandiso ezimbalwa ezisebenza namarekhodi e-DNS ngaphandle kwe-TLSA. Elokuqala irekhodi le-SSHFP DNS lokuqinisekisa okhiye ekuxhumekeni kwe-SSH. Ichazwa ku
Yini inkinga nge-DANE
Maphakathi noMeyi, ingqungquthela ye-DNS-OARC yabanjwa (lena yinhlangano engenzi nzuzo ebhekene nokuphepha, ukuzinza nokuthuthukiswa kwesistimu yegama lesizinda). Ochwepheshe kwelinye lamaphaneli
Iziphequluli ezidumile azikusekeli ukuqinisekiswa kwesitifiketi kusetshenziswa i-DANE. Emakethe
kukhona ama-plugin akhethekile , eveza ukusebenza kwamarekhodi e-TLSA, kodwa nokusekela kwawokancane kancane ayeke .
Izinkinga ngokusabalalisa kwe-DANE kuziphequluli zihlotshaniswa nobude benqubo yokuqinisekisa ye-DNSSEC. Isistimu iphoqeleka ukuthi yenze izibalo ze-cryptographic ukuze iqinisekise ubuqiniso besitifiketi se-SSL futhi idlule kulo lonke uchungechunge lwamaseva e-DNS (kusuka endaweni yempande kuya esizindeni somsingathi) lapho ixhunywa okokuqala kusisetshenziswa.
/Vula/
IMozilla izamile ukuqeda le nkinga isebenzisa umshini
Esinye isizathu sokuduma okuphansi kwe-DANE ukusabalala okuphansi kwe-DNSSEC emhlabeni -
Ngokunokwenzeka, imboni izothuthuka ngendlela ehlukile. Esikhundleni sokusebenzisa i-DNS ukuze uqinisekise izitifiketi ze-SSL/TLS, abadlali bemakethe bazothuthukisa i-DNS-over-TLS (DoT) kanye nephrothokholi ye-DNS-over-HTTPS (DoH). Sishilo lokhu kokugcina kwenye yethu
Yini enye esingayifunda ngokuqhubekayo:
Ukwenziwa kanjani ngokuzenzakalelayo ukuphathwa kwengqalasizinda ye-IT - kudingidwa izindlela ezintathu
I-JMAP - umthetho olandelwayo ovulekile ozongena esikhundleni se-IMAP lapho ushintsha ama-imeyili
Uyonga Kanjani Nge-Application Programming Interface
I-DevOps kusevisi yefu isebenzisa isibonelo se-1cloud.ru
Ukuvela kwe-cloud architecture 1cloud
Ngabe i-1cloud technical support isebenza kanjani?
Izinganekwane mayelana nobuchwepheshe bamafu
Source: www.habr.com