<!--
- Copyright © 2017-2020,2022-2023 Soren Stoutner <soren@stoutner.com>.
+ Copyright 2017-2020,2022-2023 Soren Stoutner <soren@stoutner.com>.
Translation 2023 Xin. Copyright assigned to Soren Stoutner <soren@stoutner.com>.
</head>
<body>
- <h3><svg class="header"><use href="../shared_images/vpn_lock.svg#icon"/></svg> Connect with Confidence</h3>
+ <h3><svg class="header"><use href="../shared_images/vpn_lock.svg#icon"/></svg> 信任的连接</h3>
- <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
- The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
- This type of attack is known as a Man In The Middle (MITM) attack.
- SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
- Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
- It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control,
- but in practice many governments and large corporations have been able to do so.</p>
+ <p>当访问一个加密的URL(由https开始),网页使用SSL证书来加密发送到浏览器的信息和确认服务。确认服务是为了保护位于浏览器和网页提供商的的服务和翻译信息。这种攻击方式被称为MITM。
+ SSL证书由证书机构颁发,公司通过验证服务的身份并产生一个收费的证书。安卓有一个受信任的证书列表,会接收所有网页的证书。一个域只允许一个特定的证书,其他的证书无效。但实际使用中政府和大型公司能做到这一点。</p>
- <p>Pinning an SSL certificate tells the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.</p>
+ <p>固定的证书告诉浏览器一个域名只有一个SSL证书值得信任。其他的证书及时是合法的也会被拒绝。</p>
<img class="center" src="images/pinned_mismatch.png"/>
- <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
- As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
- But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.
- Privacy Browser also has the ability to pin IP addresses.</p>
+ <p>SSL证书会在一个指定的日期到期,所以即使是一个固定的SSL证书也需要合法的更新。通常,在大部分使用中不需要固定的证书,但对于那些认为会被攻击的大公司来说,固定的证书可以阻止MITM攻击。隐私浏览器也提供固定IP的功能。</p>
<img class="center" src="images/pinned_ssl_certificate.png"/>
- <p>SSL certificates can be pinned in Domain Settings.
- Besides protecting against MITM attacks,
- pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.
- Tapping on the active tab displays the current website SSL certificate.</p>
+ <p>SSL证书可以在域名设置中固定。除了防御MITM攻击,为无线路由器或接入点等设备固定自己签名的证书通常可以消除在每次加载其网站时出现的错误消息。点击活动选项卡会显示当前网站的 SSL 证书。</p>
</body>
-</html>
\ No newline at end of file
+</html>
projects / PrivacyBrowserAndroid.git / blobdiff