I-IETF igunyaziwe
/flickr/
Kungani kwakudingeka indinganiso?
Isilinganiso ngesilungiselelo ngasinye
Inqubo yokuqinisekisa isizinda ingase yehluke kusiphathimandla ngasinye sokunikeza izitifiketi. Ukushoda kokulinganisa kwesinye isikhathi kuholela ezinkingeni zokuphepha. Edumile
Iphrothokholi ye-ACME evunyelwe yi-IETF (incazelo
Izinga livuliwe futhi noma ubani angaba neqhaza ekuthuthukisweni kwalo. IN
Kanjani lo msebenzi
Izicelo ku-ACME zishintshaniswa nge-HTTPS kusetshenziswa imilayezo ye-JSON. Ukuze usebenze nephrothokholi, udinga ukufaka iklayenti le-ACME endaweni eqondiwe; ikhiqiza ipheya yokhiye eyingqayizivele ngesikhathi sokuqala ifinyelela i-CA. Ngokulandelayo, zizosetshenziselwa ukusayina yonke imilayezo yeklayenti neseva.
Umlayezo wokuqala uqukethe imininingwane yokuxhumana mayelana nomnikazi wesizinda. Isayinwe ngokhiye oyimfihlo futhi ithunyelwe kuseva kanye nokhiye osesidlangalaleni. Ihlola ubuqiniso besiginesha futhi, uma yonke into ihlelekile, iqala inqubo yokukhipha isitifiketi se-SSL.
Ukuze uthole isitifiketi, iklayenti kufanele lifakazele kuseva ukuthi liphethe isizinda. Ukuze enze lokhu, wenza izenzo ezithile ezitholakala kumnikazi kuphela. Isibonelo, isiphathimandla sesitifiketi singakha ithokheni ehlukile futhi icele iklayenti ukuthi ilibeke kusayithi. Okulandelayo, i-CA ikhipha umbuzo wewebhu noma we-DNS ukuze ikhiphe ukhiye kule tokheni.
Isibonelo, esimweni se-HTTP, ukhiye ovela kuthokheni kufanele ubekwe efayeleni elizonikezwa iseva yewebhu. Ngesikhathi sokuqinisekiswa kwe-DNS, isiphathimandla sokunikeza izitifiketi sizobheka ukhiye oyingqayizivele kudokhumenti yombhalo werekhodi le-DNS. Uma konke kuhamba ngohlelo, iseva iqinisekisa ukuthi iklayenti liqinisekisiwe futhi i-CA ikhipha isitifiketi.
/flickr/
Okuthunyelwe
Ngu
Phakathi kwezinzuzo zezinga, ochwepheshe babuye baqaphele eziningana
Izixazululo ezifanayo
Amaphrothokholi nawo asetshenziswa ukuthola izitifiketi.
Eyokuqala yasungulwa ngabakwaCisco Systems. Umgomo wayo bekuwukwenza kube lula inqubo yokukhishwa kwezitifiketi zedijithali ze-X.509 futhi ikwenze kube lula ngangokunokwenzeka. Ngaphambi kokufika kwe-SCEP, le nqubo yayidinga ukubamba iqhaza okusebenzayo kwabaphathi bohlelo futhi ayizange ikhule kahle. Namuhla, le protocol ingenye evame kakhulu.
Ngokuqondene ne-EST, ivumela amaklayenti e-PKI ukuthi athole izitifiketi eziteshini ezivikelekile. Isebenzisa i-TLS ukuthumela imiyalezo nokukhipha i-SSL, kanye nokubophezela i-CSR kumthumeli. Ngaphezu kwalokho, i-EST isekela izindlela ze-elliptic cryptography, ezidala isendlalelo esengeziwe sokuvikela.
Ngu
Okuthunyelwe okwengeziwe okuvela kubhulogi yethu yebhizinisi:
Izinketho zengqalasizinda ye-IT yenhlangano Ikhophi yasenqolobaneni yefayela: ungenza kanjani umshwalense ekulahlekeni kwedatha Ukuqeqeshwa kumela abaphathi: ukuthi ifu lingasiza kanjani Ukuvela kwe-cloud architecture 1cloud
Source: www.habr.com