[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

Yuri Voinov yvoinov at gmail.com
Tue Nov 1 20:47:41 UTC 2016

Hash: SHA256

02.11.2016 2:03, Alex Rousskov пишет:
> On 10/31/2016 04:13 PM, L. A. Walsh wrote:
>> Google is pushing this for all websites by October 2017
> Just Extended Validation (EV) sites, to be exact AFAICT. All other sites
> will be forced into the new scheme sometime later. Naturally, this may
> result in requests to downgrade mimicked server certificates to remove
> the EV extension (assuming we mimic it today).
>>    https://www.certificate-transparency.org/what-is-ct
>> Seems to indicate that site-local generated and imported
>> certs may also be detected as invalid and be disallowed for
>> SSL connection approvals.  That would be a major pain
> The question is whether the affected browsers will have knobs to disable
> CT checks or perhaps to configure custom Certificate Log addresses. If
> everything is hard-coded, then bumping is doomed. Otherwise, expect more

Alex, you can at this point a little more? Since all Internet smoothly
passes under HTTPS, and if  the SSL bump will be impossible to do -
whether it should be understood that in such a situation you close the
project Squid as unnecessary? :) Seriously, why does it then need to be
in a world without HTTP?

> sysadmin pains. You can probably answer that question now by studying
System administrators should always suffer. :) You'd think they now have
a little pain with the installation of the proxy certificates to mobile
devices. :) By the way, these crutches in HTTPS have no sense if they
can be in some way disabled. It is my deep personal conviction. :)
> Chrome configuration.
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
Version: GnuPG v2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161102/2b8b9de4/attachment.key>

More information about the squid-users mailing list