内容简介:Non-profit certificate authority Let's Encrypt, which provides X.509 certificates for TLS encryption at no charge, has announced it willTheThree million certificates are just a small portion of the nearly 120M certificates currently served by Let's Encrypt
Non-profit certificate authority Let's Encrypt, which provides X.509 certificates for TLS encryption at no charge, has announced it will revoke customer certificates today due to a bug in their Boulder CA software .
The bug caused slightly more that 3 million certificates to bypass proper multi-domain validation under specific circumstances, with one third of them being duplicated certificates. To make a long story short, when you create an X.509 certificate, you go through two steps: validating your domain name, then issuing the required certificate for that domain. Issuing a certificate also requires making sure the CA is authorized to issue certificate for the given domain, which is accomplished by checking a CAA record. Let's Encrypt considers domain validations valid for up to 30 days, but according to current rules for CAA record validation , it needs to be checked again if you attempt to issue a certificate 8 hours past the initial validation. At this point is where the bug strikes:
When a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let’s Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let’s Encrypt.
Three million certificates are just a small portion of the nearly 120M certificates currently served by Let's Encrypt. Still, this will be a major nuisance to many customers, who will need to renew their certificates before revocation starts on 2020-03-04 3pm US EST if they want their systems to keep working as expected.
Let's Encrypt set up a test page for all customers to check the validity of their certificates , and whether they are affected by the bug, on a domain-by-domain basis. Or you could check out the full list of affected certificate serial numbers .
Let's Encrypt launched on April 12, 2016 and somehow transformed the Internet by making a costly and lengthy process, such as using HTTPS through an X.509 certificate, into a straightforward, free, widely available service. Recently, the organization announced it has issued one billion certificates overall since its foundation and it is estimated that Let's Encrypt doubled the Internet's percentage of secure websites .
以上所述就是小编给大家介绍的《Let's Encrypt Is Revoking Three Millions Certificates On March 4》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
正当法律程序简史
(美)约翰·V.奥尔特 / 杨明成、陈霜玲 / 商务印书馆 / 2006-8 / 14.00元
本书的主题——正当法律程序,是英美法的核心概念,它使诸如法治、经济自由、个人自治以及免于政府专断行为的侵害等价值观念具体化,因而是法学领域一个永恒的主题,数百年以来一直是法学家、法官及律师关注的重点。本书以极为简洁、精确的语言总结了五百年法律发展的恢弘历史,为人们描述了正当法律程序观念发展演变的清晰轨迹。而沿着这条轨迹,人们可以准确地了解正当法律程序这一重要概念所包含的广泛的问题。 作为一本......一起来看看 《正当法律程序简史》 这本书的介绍吧!
