I-Let Encrypt yembula izinhlelo zayo zango-2019

Darkcrizt

Imizuzu ye-4

i-lets-encrypt2

Isikhungo esingenzi nzuzo, esilawulwa umphakathi, Masibethele, enikezela ngezitifiketi zamahhala kubo bonke abathintekayo, efingqa imiphumela yangonyaka odlule futhi yaxoxa ngezinhlelo zalo nyaka wezi-2019.

Ku-2018, iphesenti lezicelo zekhasi ku-HTTPS lenyuke lisuka kuma-67% laya kuma-77%. Iphrojekthi ethi Masibethele ukhiphe izitifiketi eziyizigidi ezingama-87 ezibandakanya izizinda ezizungeze izigidi eziyi-150 (Ngonyaka odlule, izizinda eziyizigidi ezingama-61 zahlanganiswa futhi ukukhula kwakulindeleke ukuthi kufinyelele ezigidini eziyi-120 ngasekupheleni kuka-2018).

Ku-2019, insizakalo ihlela ukunqoba umgoqo wezitifiketi ezisebenzayo eziyizigidi eziyi-120 neziza eziyizigidi ezingama-215.

Mayelana nokubethela

Le phrojekthi ihlose ukwenza ukuxhumana okubethelwe kumaseva, ngokususa inkokhelo, ukumiswa kweseva yewebhu, ukuphathwa kwe-imeyili yokuqinisekisa nemisebenzi yokuvuselela isitifiketi, okuhloswe ngalo ukunciphisa kakhulu ubunzima bokusetha nokubethela kwe-TLS.

Kwiseva yewebhu yeLinux, ukusebenzisa imiyalo emibili kwanele ukumisa ukubethela kwe-HTTPS futhi uthenge futhi ufake izitifiketi kungakapheli imizuzwana engama-20-30.

Ngalokhu, iphakethe lesoftware lifakiwe emakhosombeni asemthethweni eDebian software. Imizamo yamanje yabathuthukisi beziphequluli ezinkulu njengeMozilla neGoogle yokunganaki i-HTTP engabhalwanga ithembela ekutholakaleni kwe-Let Encrypt.

Esibethelwa ngakho kulo nyaka

Ku-2019, kuhlelwe ukwethula uhlelo lokuqinisekisa izinto eziningi, lapho ukuqinisekiswa kwegunya lokuthola isitifiketi sesizinda kwenziwa ngokuqinisekiswa okuhlukahlukene okwenziwe kusuka kumanethiwekhi asatshalaliswa ngokwendawo axhumene nezinhlelo ezahlukahlukene ezizimele.

Lolu hlelo luzonciphisa ubungozi bokuthola izitifiketi zezizinda zabanye abantu ngokwenza ukuhlasela okuqondisiwe okuqondisa kabusha ithrafikhi ngokufaka imizila yamanga ngeBGP.

Uma usebenzisa isistimu yokuqinisekisa ye-multipoint, umhlaseli kuzofanela ngasikhathi sinye afeze ukuhlelwa kabusha kwemizila yezinhlelo eziningana zokuzimela zabahlinzeki ezinama-uplink ahlukene, okuyinkimbinkimbi kakhulu kunokuphinda umzila wendlela eyodwa.

Kwezinye izinhlelo, ukwakhiwa kwephephabhuku lomphakathi iTransparency of certificate (CT) kugqama, lapho kuzobonakala khona zonke izitifiketi ezikhishiwe.

Indawo yokubhalisa yomphakathi izonikeza ithuba lokwenza ucwaningo oluzimele lwazo zonke izinguquko nezenzo zesikhungo sokuqinisekisa.

Masibethele

Ukuvikela ukukhohlakala kwedatha ngokubheka emuva lapho kugcinwa kwirekhodi leSitifiketi Sokubonakala, kusetshenziswa isakhiwo seMerkle Tree, lapho igatsha ngalinye lihlola wonke amagatsha angaphansi nezindawo zokubonisa ukuthi i-set (tree) hashing.

Ngokuba ne-hashi yokugcina, umsebenzisi angaqinisekisa ukunemba kwawo wonke umlando wokusebenza, kanye nokunemba kwezimo ezedlule ze-database (i-hash yokuqinisekisa impande yesimo esisha se-database ibalwa kucatshangelwa okwedlule isimo).

Masibethele sifuna ukunwebisa izitifiketi zayo

Ngonyaka olandelayo, kuhlelwe futhi ukuthi kusetshenziswe izitifiketi zezimpande neziphakathi ezakhiwe nge-algorithm ye-ECDSA, esebenza kahle kuneRSA esetshenziswa njengamanje.

Lezi zinhlelo ziphinde zikhulume ngokulungiswa kwemodyuli ye-nginx ezenzakalelayo ukuthola nokugcinwa kwezitifiketi kusetshenziswa umthetho olandelwayo we-ACME. (Indawo ezenzakalelayo yokuphathwa kwesitifiketi).

Ngonyaka odlule, imodyuli efanayo yayivele ifakiwe ku-Apache httpd.

Masibethele izinqubo zengqalasizinda zamanje zeseva cishe izicelo eziyizigidigidi ezingama-5.5 ngosuku. Ku-2019, kukhuphuke u-40% wezimpahla.

Ithimba litholakala ezindaweni ezimbili zedatha. Amaseva, ukugcinwa, ama-HSM, amaswishi, nezindawo zokubasa umlilo kuhlala amayunithi angama-55 kuma-racks.

Ingqalasizinda inakekelwa yithimba lonjiniyela abayisithupha abaqashwe ngokuphelele. Ku-2019, kuhlelwe ukwethula izinhlelo zokugcina ezisheshayo zamaseva ane-DBMS.

Isabelomali esivelisiwe sango-2019 sizoba yi- $ 3.6 million, okungama- $ 600,000 ngaphezulu kwesabelomali sika-2018.

Lezi zimali zikhuliswa ikakhulukazi ngosizo lwezezimali oluvela kubaxhasi abakhulu abanjengoCisco, OVH, Mozilla, Google Chrome, i-Electronic Frontier Foundation, ne-Internet Society.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UJuan Manuel Pedro Villalba kusho
    kwenza iminyaka 5

    Othile kuzodingeka ukuthi ayikhokhe, ngokusobala kungukutshala imali lokhu.

    Phendula uJuan Manuel Pedro Villalba