Isandiso esisha singase futhi sibe usizo kumasayithi asebenza kwingqalasizinda enkulu esabalalisiwe enenani elikhulu labalinganisi bomthwalo. Ukuqinisekisa Okuthunyelwe kuzogwema ukugcina amakhophi okhiye abayimfihlo bezitifiketi eziyinhloko endaweni ngayinye yokulethwa kokuqukethwe. Ngendlela yakudala, ukuhlasela okuyimpumelelo kunoma yimaphi amaseva abandakanyekayo ekuthumeleni ithrafikhi ye-HTTPS kuzoholela ekulimaleni kuso sonke isitifiketi. Uma okhiye abayimfihlo bedluliselwa kumanethiwekhi okulethwa kokuqukethwe, kuba khona izinsongo zokuvuza kwedatha ngenxa yokucekelwa phansi ngabasebenzi, izenzo zama-ejensi wezobunhloli, noma ukonakala nengqalasizinda ye-CDN.
Uma ukuvuza okubalulekile kunganakwa, labo abafinyelele okhiye bazokwazi ukuzihlanganisa ngokungabonakali kuthrafikhi yesayithi (MITM) isikhathi eside, njengoba izikhathi ezisemthethweni zezitifiketi zibalwa ngezinyanga neminyaka. I-Cloudflare ingavikela okhiye besitifiketi nge
Isandiso esihlongozwayo se-TLS Ukuqinisekisa Okuthunyelwe sethula ukhiye oyimfihlo omaphakathi owengeziwe, ukuqinisekiswa kwawo okukhawulelwe emahoreni noma izinsuku ezimbalwa (ezingekho ngaphezu kwezinsuku eziyi-7). Lo khiye ukhiqizwa ngokusekelwe kusitifiketi esikhishwe yiziphathimandla zokunikeza isitifiketi futhi ikuvumela ukuthi ugcine ukhiye oyimfihlo wesitifiketi sokuqala uyimfihlo kusukela kumasevisi okulethwa kokuqukethwe, ubanikeze isitifiketi sesikhashana esinesikhathi esifushane sokuphila.
Ukuze ugweme izinkinga zokufinyelela ngemva kokuphelelwa yisikhathi kokhiye omaphakathi, ubuchwepheshe bokubuyekeza okuzenzakalelayo bunikezwa okwenziwa ngasohlangothini lweseva ye-TLS yasekuqaleni. Isizukulwane asidingi ukusebenza mathupha noma ukusebenzisa imibhalo - iseva egunyaziwe edinga ukhiye oyimfihlo, ngaphambi kokuphelelwa isikhathi sokuphila kokhiye wangaphambilini, ithinta iseva yoqobo ye-TLS yesayithi futhi ikhiqiza ukhiye omaphakathi wesikhathi esifushane esilandelayo.
Iziphequluli ezisekela isandiso Seziqinisekiso Ezithunyelwe ze-TLS zizophatha izitifiketi ezinjalo njengezithembekile. Isibonelo, usekelo lwesandiso esishiwo seluvele lwengeziwe ekwakhiweni kwasebusuku kanye nezinguqulo ze-beta zeFirefox futhi singenziwa kusebenze kokuthi:config ngokushintsha isilungiselelo esithi βsecurity.tls.enable_delegated_credentialsβ. Maphakathi noNovemba, ukuhlolwa kuhlelwe futhi ukuthi kwenziwe phakathi kwephesenti elithile labasebenzisi bezinguqulo zokuhlola zeFirefox β
Ukucaciswa Kwemininingwane Ethunyelwe kuhanjiswe ekomitini le-IETF (Internet Engineering Task Force), elibhekele ukuthuthukiswa kwezivumelwano ze-inthanethi kanye nezakhiwo, futhi lisesikhundleni.
Ukuze ukhiqize okhiye abamaphakathi, udinga ukuthola isitifiketi se-TLS esifaka isandiso esikhethekile se-X.509, okwamanje esisekelwa kuphela isiphathimandla sesitifiketi se-DigiCert.
Source: opennet.ru