Isikhungo sezitifiketi ezingenzi nzuzo , elawulwa umphakathi futhi ihlinzeka ngezitifiketi mahhala kuwo wonke umuntu, ekwethulweni kohlelo olusha lokuqinisekisa igunya lokuthola isitifiketi sesizinda. Ukuxhumana neseva esingethe uhla lwemibhalo oluthi β/.well-known/acme-challenge/β olusetshenziswe ekuhlolweni manje kuzokwenziwa kusetshenziswa izicelo ezimbalwa ze-HTTP ezithunyelwe zisuka kumakheli angu-4 ahlukene e-IP atholakala ezikhungweni zedatha ezihlukene futhi angawezinhlelo ezihlukene ezizimele. Isheke libhekwa njengeliyimpumelelo kuphela uma okungenani izicelo ezi-3 kwezi-4 ezivela kuma-IP ahlukene ziphumelele.
Ukuhlola kusuka kuma-subnet ambalwa kuzokuvumela ukuba unciphise ubungozi bokuthola izitifiketi zezizinda zakwamanye amazwe ngokwenza ukuhlasela okuqondisiwe okuqondisa kabusha ithrafikhi ngokufaka esikhundleni semizila engelona iqiniso usebenzisa i-BGP. Uma usebenzisa isistimu yokuqinisekisa yezindawo eziningi, umhlaseli uzodinga ukuzuza ngesikhathi esisodwa ukuqondisa kabusha komzila kumasistimu ambalwa azimele abahlinzeki abanama-uplink ahlukene, okunzima kakhulu kunokuqondisa kabusha umzila owodwa. Ukuthumela izicelo ezivela kuma-IP ahlukene kuzophinde kwandise ukwethembeka kwesheke uma kwenzeka ababungazi abangabodwa be-Let's Bethela bafakwe ezinhlwini ezivimbayo (isibonelo, e-Russian Federation, ama-IP athile e-letsencrypt.org avinjwe yi-Roskomnadzor).
Kuze kube uJuni 1, kuzoba nenkathi yenguquko evumela ukukhiqizwa kwezitifiketi ekuqinisekisweni okuphumelelayo okuvela esikhungweni sedatha esiyinhloko, uma umsingathi engafinyeleleki kwamanye ama-subnet (ngokwesibonelo, lokhu kungenzeka uma umlawuli womsingathi ku-firewall evumela izicelo ezivela kuphela isikhungo sedatha esithi Masibethele noma ngenxa yokuthi ukwephulwa kokuvumelanisa indawo ku-DNS). Ngokusekelwe kulogi, uhlu olumhlophe luzolungiselelwa izizinda ezinezinkinga zokuqinisekiswa okuvela ezikhungweni zedatha ezengeziwe ezingu-3. Izizinda ezinolwazi lokuxhumana olugcwalisiwe kuphela ezizofakwa ohlwini olumhlophe. Uma isizinda singafakwanga ngokuzenzakalelayo ohlwini olumhlophe, isicelo sezakhiwo singathunyelwa nge .
Njengamanje, iphrojekthi ethi Masibethele ikhiphe izitifiketi eziyizigidi eziyi-113, ezihlanganisa izizinda ezingaba yizigidi eziyi-190 (izizinda eziyizigidi eziyi-150 zahlanganiswa ngonyaka owedlule, kanye nezigidi ezingama-61 eminyakeni emibili edlule). Ngokwezibalo zesevisi yeFirefox Telemetry, isabelo somhlaba wonke sezicelo zekhasi nge-HTTPS singama-81% (onyakeni odlule 77%, eminyakeni emibili edlule 69%), nase-US - 91%.
Ukwengeza, kungaphawulwa i-apula
Yeka ukuthemba izitifiketi kusiphequluli seSafari isikhathi saso sokuphila esidlula izinsuku ezingama-398 (izinyanga eziyi-13). Umkhawulo uhlelelwe ukuthi wethulwe kuphela ezitifiketini ezikhishwe kusukela ngoSepthemba 1, 2020. Ezitifiketini ezinesikhathi eside sokuqinisekisa ezitholwe ngaphambi kukaSepthemba 1, ukwethenjwa kuzogcinwa, kodwa kukhawulelwe ezinsukwini ezingama-825 (iminyaka engu-2.2).
Ushintsho lungathinta kabi ibhizinisi lezikhungo zokunikeza izitifiketi ezithengisa izitifiketi ezishibhile ezinesikhathi eside sokuqinisekisa, esingafika eminyakeni emi-5. Ngokusho kwe-Apple, ukukhiqizwa kwezitifiketi ezinjalo kudala izinsongo ezengeziwe zokuphepha, kuphazamisa ukuqaliswa okusheshayo kwamazinga amasha e-crypto, futhi kuvumela abahlaseli ukuthi balawule ithrafikhi yesisulu isikhathi eside noma bayisebenzisele ubugebengu bokweba imininingwane ebucayi uma kwenzeka ukuvuza kwesitifiketi kunganakiwe njengoba umphumela wokugebenga.
Source: opennet.ru