[squid-users] Alert unknown CA

Yuri Voinov yvoinov at gmail.com
Wed Feb 4 18:03:56 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 

04.02.2015 21:39, Amos Jeffries пишет:
> On 4/02/2015 7:32 p.m., Jason Haar wrote:
>> On 04/02/15 18:47, Daniel Greenwald wrote:
>>> And happens to be one that squid desperately needs to remain in order
>>> to continue ssl bumping..
>> ...and is one that diminishes in value as cert pinning becomes more
>> popular...
>>
>> It's a tough life: on the one hand we want to do TLS intercept in order
>> to do content filtering of HTTPS (because the bad guys are deliberately
>> putting more and more malware onto HTTPS websites), and yet on the other
>> hand we all want some things to be private.
>>
>> Bring back RFC3514, then all of this would be easy!!!
>>
>
> While Squid is not able to be section-3 compliant due to lack of a
> portable system API. By building with --disable-http-violations it
> becomes mostly compliant with section-4 under its role as a network
> protection gateway. ;-P
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
Http violations is our all. :-P

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJU0l8MAAoJENNXIZxhPexGJW8IALZHBtjXGs6kxbRf4vKJm1nD
q/fdYBSUQ3w5fYR6FyiTY+BseSZbVglb2wBLY7hIemJDV/V+Eb/6/uD2kCSO4E0B
l7dpuO1Mem3ZmavkCPLmPN8QSFZ4cTrYVAhxgH9KY/2gO00iokuKdPDj1WzGRaGA
Snd5fXctcMCqsaVK4w1kWzXCk3RJmBxFxxArMjdvEukcWrjViWwLJp5v8cC4Vl01
eqWpw0ko+cvCf/U7pdyacSX89r8uWdjYg2H4Nl7ETRuki/XZsD+FCpRIoW/2cI3P
DPUZ+izw/G3oiXehWu/acE6YItOdiSOp5vM35VzrukGOcmTEQCmZ/nRBnNvhbb0=
=vffI
-----END PGP SIGNATURE-----



More information about the squid-users mailing list