I-ProHoster > Блог > izindaba ze-inthanethi > E-Kazakhstan, abahlinzeki abaningi abakhulu basebenzise ukuvinjwa kwethrafikhi ye-HTTPS

E-Kazakhstan, abahlinzeki abaningi abakhulu basebenzise ukuvinjwa kwethrafikhi ye-HTTPS

Ngokuhambisana nalezo ezisebenza eKazakhstan kusukela ngo-2016 izichibiyelo Emthethweni "Ezokuxhumana", abahlinzeki abaningi baseKazakh, kuhlanganise kcell,
I-Beeline, I-Tele2 и I-Altel, kusukela namuhla ifakwe ekusebenzeni amasistimu okuvimbela ithrafikhi ye-HTTPS yeklayenti esikhundleni sesitifiketi esisetshenziswe ekuqaleni. Ekuqaleni, uhlelo lokungenelela lwaluhlelelwe ukuthi luqale ukusebenza ngo-2016, kodwa lo msebenzi wawulokhu uhlehliswa futhi umthetho waqala ukubonwa njengosemthethweni. Ukunqamula kuyenziwa ngaphansi kwesithunzi ukukhathazeka ngokuphepha kwabasebenzisi kanye nesifiso sokubavikela kokuqukethwe okubeka engcupheni.

Ukukhubaza izexwayiso kuziphequluli mayelana nokusetshenziswa kwesitifiketi esingalungile kubasebenzisi ebekiwe faka kumasistimu akho"isitifiketi sokuphepha sikazwelonke“, esetshenziswa uma kusakazwa ithrafikhi evikelekile kumasayithi angaphandle (isibonelo, ukushintshwa kwethrafikhi ku-Facebook sekutholakele).

Lapho kumiswa uxhumano lwe-TLS, isitifiketi sangempela sesayithi okuhlosiwe sithathelwa indawo isitifiketi esisha esikhiqizwe ngokushesha, esizomakwa isiphequluli njengesithembekile uma “isitifiketi sokuvikela sikazwelonke” sengezwe ngumsebenzisi kusitifiketi sempande. isitolo, njengoba isitifiketi esiyimbumbulu sixhunywe uchungechunge lokwethembeka “nesitifiketi sokuvikela sikazwelonke” .

Eqinisweni, e-Kazakhstan, ukuvikelwa okuhlinzekwa yi-protocol ye-HTTPS kuphazamiseka ngokuphelele, futhi zonke izicelo ze-HTTPS azihlukile kakhulu ku-HTTP ngokombono wokukwazi ukulandelela kanye nokushintshwa kwethrafikhi ngama-ejensi wezobunhloli. Akwenzeki ukulawula ukuhlukumeza ohlelweni olunjalo, okuhlanganisa uma okhiye bokubethela abahlobene "nesitifiketi sokuvikela sikazwelonke" bewela kwezinye izandla ngenxa yokuvuza.

Onjiniyela besiphequluli bayacabangela isiphakamiso engeza isitifiketi sempande esisetshenziswe ekuvimbeni ohlwini lokuhoxiswa kwesitifiketi (i-OneCRL), njengoba kamuva nje ku-Mozilla wangena ngezitifiketi ezivela kwabasemagunyeni bezitifiketi ze-DarkMatter. Kodwa incazelo yomsebenzi onjalo ayicacile ngokuphelele (ezingxoxweni ezidlule bekubhekwa njengento engenamsebenzi), njengoba esimweni "sesitifiketi sokuvikela sikazwelonke" lesi sitifiketi ekuqaleni asimbozwa ngamaketanga okuthembana futhi ngaphandle kokuthi umsebenzisi afake isitifiketi, iziphequluli zizovele zibonise isexwayiso. Ngakolunye uhlangothi, ukuntuleka kwempendulo evela kubakhiqizi beziphequluli kungase kukhuthaze ukwethulwa kwezinhlelo ezifanayo kwamanye amazwe. Njengenketho, kuphinde kuphakanyiswe ukuthi kusetshenziswe inkomba entsha yezitifiketi ezifakwe endaweni ezibanjwe ekuhlaselweni kwe-MITM.

Source: opennet.ru

Engeza amazwana