IMozilla, Cloudflare kunye neFacebook zibhengeziwe ngokudibeneyo ulwandiso lweziqinisekiso zeTLS ezinikezelweyo, que isombulula ingxaki ngezatifikethi ngokulungiselela ukufikelela kwisiza kusetyenziswa uthungelwano lokuhambisa umxholo. Izatifikethi ezikhutshwe ngabasemagunyeni beziqinisekiso zinexesha elide lokusebenza, elenza kube nzima ukuhlela ukufikelela kwisiza ngenkonzo yomntu wesithathu, egameni lakhe unxibelelwano olukhuselekileyo kufuneka lusekwe, ukusukela oko ukuhanjiswa kwesatifikethi kwindawo kwinkonzo yangaphandle kudala umngcipheko okhuselekileyo wokhuselo.
Ulwandiso olutsha nalo inokuba luncedo kwiziza ezinomsebenzi wazo unikezelwa sisiseko esikhulu esasasaziweyo ngenani elikhulu lezilinganisi zomthwalo. Iziqinisekiso ezithunyelweyo ziya kunceda ukunqanda ukugcina iikopi zezitshixo zabucala zezatifikethi zaseprayimari kwindawo nganye yokulayisha umxholo.
Ngendlela yeklasikhi, uhlaselo oluyimpumelelo nakweyiphi na iiseva ezibandakanyekayo ekuhambiseni i-HTTPS traffic ziya kukhokelela kwisivumelwano sesiqinisekiso sonke. Kwimeko yokutshintshelwa kwezitshixo zabucala kuthungelwano lokuhambisa umxholo, kukho izoyikiso zokulahleka kwedatha ngenxa yokonakaliswa ngabasebenzi, isenzo seenkonzo ezizodwa okanye ukuyekisa iziseko zophuhliso zeCDN.
Ukuba ilahleko ephambili ayifumaneki, abangena kwizitshixo baya kuba nakho ukungena bethule isayithi (MITM) ixesha elide, njengoko ixesha lokuqinisekiswa kwezatifikethi libalwa ngeenyanga kunye neminyaka.
I-Cloudflare inokusebenzisa iiserver ezikhethekileyo abasebenza kwicala lomnini ndawo Ukukhusela izitshixo zesatifikethi, kodwa sebenza kule ndlela ivelisa ukulibaziseka okubonakalayo ekuhanjisweni kwetrafikhi, kunciphisa ukuthembeka ngenxa yokuvela kwekhonkco elongezelelekileyo kwaye ifuna ukuthunyelwa kwezixhobo ezintsonkothileyo.
Ulwandiso lwe-TLS olucetywayo lwazisa ngesitshixo sangasese sabucala esongezelelweyo, cUkusebenza kwayo kunqunyelwe kwiiyure okanye kwiintsuku ezininzi (hayi ngaphezulu kweentsuku ezisi-7). Eli qhosha senziwe ngesiseko sesiqinisekiso esikhutshwe liziko lokuqinisekiswa kwaye ikuvumela ukuba ugcine isitshixo sangasese sesatifikethi sokuqala kwiimfihlo zokuhanjiswa kweenkonzo ngokubonelela ngesatifikethi sethutyana esinexesha elifutshane.
Ukuthintela imiba yokufikelela emva kokuba isitshixo esiphakathi sifikelele esiphelweni sobomi bayo obuluncedo, iteknoloji yokuhlaziya ngokuzenzekelayo iyenziwa kwicala lomthombo we-TLS.
Ukuvelisa, awudingi ukwenza imisebenzi yesandla okanye usebenze iskripthi: iseva enegunya efuna isitshixo sangasese, ngaphambi kokuphela kobomi obuluncedo besitshixo esidala, ukufikelela kumthombo wesiza seseva ye-TLS kwaye kuvelise isitshixo esiphakathi esifutshane esilandelayo ixesha elibekiwe.
Izikhangeli ezixhasa iziqinisekiso yolwandiso lwe-TLS baya kubona iziqinisekiso ezivela kwezinye ezinokuthenjwa.
Umzekelo, inkxaso yolwandiso oluchaziweyo sele yongezwa kulwakhiwo lwasebusuku kunye neenguqulelo ze-beta zeFirefox kwaye inokusebenza ngaphakathi malunga: Lungiselela ukutshintsha useto Msgstr "Ukhuseleko.tls.nikwa_iizithuba_ezikhethiweyo".
Phakathi ku-Novemba, phakathi kwepesenti ethile yabasebenzisi besilingo seFirefox, Uvavanyo lucwangcisiwe "Uvavanyo lwe-TLS olunikezelweyo", apho isicelo sovavanyo siya kuthunyelwa kumncedisi we-Cloudflare DC ukuvavanya umgangatho wokwandiswa kwe-TLS.
IziQinisekiso eziGunyazisiweyo ze-TLS zikwakhiwe kwilayibrari yeFizz ngokumiliselwa kwe-TLS 1.3.
Inkcazo ye-TLS eyabelwe iziQinisekiso zithunyelwe kwikomiti ye-IETF (Internet Engineering Task Force), ephuhlisa iinkqubo kunye noyilo lwe-Intanethi, kwaye ikwinqanaba lokuyilwa, libanga ukuba ngumgangatho we-Intanethi. Ulwandiso lunokusetyenziswa kuphela nge-TLS v1.3. Ukuvelisa amaqhosha aphakathi, kufuneka kufumaneke isatifikethi se-TLS, esibandakanya ulwandiso olukhethekileyo lwe-X.509, olo kude kube ngoku luxhaswa kuphela ligunya lesatifikethi seDigiCert.
Si ufuna ukwazi ngakumbi ngayo, unokubonisana eli khonkco lilandelayo.