Let's Encrypt has just turned on stricter validation requirements

栏目: IT技术 · 发布时间: 4年前

内容简介:I’ve updated our original API announcement to include details on how to request being added to the temporary exception list:

API Announcements

#1

On Wednesday February 19th, 2020 we’ll turn on stricter validation requirements in production. We’ll make multiple validation requests from different network perspectives. Most issuance should continue as normal; we believe that a small number of domain names may need fixing. The most common issue will be hosts that use extremely strict firewall rules to allow validation from only specified IP addresses (a practice wedo not recommend).

Previously only one validation request from one of our primary datacentres was required. After Feb 19th we will make four total validation requests (1 from a primary datacentre, and 3 from remote datacentres). The primary request and at least 2 of the 3 remote requests must receive the correct challenge response value for the domain to be considered authorized.

In the future we will continue to evaluate adding more network perspectives and may change the number and required threshold.

Testing

This is the production deployment of the change we previously announced for our staging environment.

Testing that domain validation succeeds in the staging environment is the best way to determine if your ACME integration will be affected by this change. If you are currently successfully performing issuance in the staging environment there is no need for action on your part.

Please note this change affects both the ACME V2 API, and the deprecated ACME v1 API.

Exception List

We recognize that some ACME client deployments have problems satisfying multiple challenge requests e.g. due to unsynchronized DNS zones, inappropriate firewall rules, or because challenge responses are deprovisioned after the first request counter to RFC 8555.

To aid in a gradual roll-out of the new multiple validation requirement we will be deploying a temporary exception list. ACME Account IDs and domain names on this list will only require the primary datacentre request to succeed, maintaining our pre-existing validation strategy for those entries.

We will initially populate this list with domains that we anticipate, based on our logs, will have trouble with multi-perspective validation. We will only do this in the case where the associated ACME account has specified contact information to allow communicating that they’re on the temporary exception list.

If you have tested your integration in the staging environment and have found incompatibility with multi-perspective validation you may request to be added to the temporary exception list with this Google form: https://forms.gle/9QN7dxALJVAoRjMKA

This is strictly a temporary measure and on June 1st, 2020 we will be removing the exception list entirely.

16 Likes

#2

I’ve updated our original API announcement to include details on how to request being added to the temporary exception list:

4 Likes

#3

This change is now live in the production environment. For more information about multi-perspective validation and how we use it to protect the security and integrity of Web PKI, check out our latestblog post!

8 Likes


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Scrum精髓

Scrum精髓

Kenneth Rubin / 姜信宝、米全喜、左洪斌、(审校)徐毅 / 清华大学出版社 / 2014-6-1 / CNY 79.00

短短几年时间,Scrum跃升为敏捷首选方法,在全球各地得以普遍应用。针对如何用好、用巧这个看似简单的框架,本书以通俗易懂的语言、条理清晰的脉络阐述和提炼出Scrum的精髓。全书共4部分23章,阐述了七大核心概念:Scrum框架,敏捷原则,冲刺,需求和用户故事,产品列表,估算与速率,技术债;三大角色:产品负责人,ScrumMaster,开发团队以及Scrum团队构成:Scrum规划原则及四大规划活动......一起来看看 《Scrum精髓》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

图片转BASE64编码
图片转BASE64编码

在线图片转Base64编码工具

RGB HSV 转换
RGB HSV 转换

RGB HSV 互转工具