[squid-users] Alert unknown CA

Daniel Greenwald dig at digcorp.net
Wed Feb 4 19:19:20 UTC 2015 

squid beware, the pins and staples are coming....

-----------
Daniel I Greenwald



On Wed, Feb 4, 2015 at 1:03 PM, Yuri Voinov <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> 04.02.2015 21:39, Amos Jeffries пишет:
> > On 4/02/2015 7:32 p.m., Jason Haar wrote:
> >> On 04/02/15 18:47, Daniel Greenwald wrote:
> >>> And happens to be one that squid desperately needs to remain in order
> >>> to continue ssl bumping..
> >> ...and is one that diminishes in value as cert pinning becomes more
> >> popular...
> >>
> >> It's a tough life: on the one hand we want to do TLS intercept in order
> >> to do content filtering of HTTPS (because the bad guys are deliberately
> >> putting more and more malware onto HTTPS websites), and yet on the other
> >> hand we all want some things to be private.
> >>
> >> Bring back RFC3514, then all of this would be easy!!!
> >>
> >
> > While Squid is not able to be section-3 compliant due to lack of a
> > portable system API. By building with --disable-http-violations it
> > becomes mostly compliant with section-4 under its role as a network
> > protection gateway. ;-P
> >
> > Amos
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> Http violations is our all. :-P
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJU0l8MAAoJENNXIZxhPexGJW8IALZHBtjXGs6kxbRf4vKJm1nD
> q/fdYBSUQ3w5fYR6FyiTY+BseSZbVglb2wBLY7hIemJDV/V+Eb/6/uD2kCSO4E0B
> l7dpuO1Mem3ZmavkCPLmPN8QSFZ4cTrYVAhxgH9KY/2gO00iokuKdPDj1WzGRaGA
> Snd5fXctcMCqsaVK4w1kWzXCk3RJmBxFxxArMjdvEukcWrjViWwLJp5v8cC4Vl01
> eqWpw0ko+cvCf/U7pdyacSX89r8uWdjYg2H4Nl7ETRuki/XZsD+FCpRIoW/2cI3P
> DPUZ+izw/G3oiXehWu/acE6YItOdiSOp5vM35VzrukGOcmTEQCmZ/nRBnNvhbb0=
> =vffI
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150204/c6004853/attachment.html>

More information about the squid-users mailing list