[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
yvoinov at gmail.com
Tue Nov 1 20:47:41 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
02.11.2016 2:03, Alex Rousskov пишет:
> On 10/31/2016 04:13 PM, L. A. Walsh wrote:
>> Google is pushing this for all websites by October 2017
> Just Extended Validation (EV) sites, to be exact AFAICT. All other sites
> will be forced into the new scheme sometime later. Naturally, this may
> result in requests to downgrade mimicked server certificates to remove
> the EV extension (assuming we mimic it today).
>> Seems to indicate that site-local generated and imported
>> certs may also be detected as invalid and be disallowed for
>> SSL connection approvals. That would be a major pain
> The question is whether the affected browsers will have knobs to disable
> CT checks or perhaps to configure custom Certificate Log addresses. If
> everything is hard-coded, then bumping is doomed. Otherwise, expect more
Alex, you can at this point a little more? Since all Internet smoothly
passes under HTTPS, and if the SSL bump will be impossible to do -
whether it should be understood that in such a situation you close the
project Squid as unnecessary? :) Seriously, why does it then need to be
in a world without HTTP?
> sysadmin pains. You can probably answer that question now by studying
System administrators should always suffer. :) You'd think they now have
a little pain with the installation of the proxy certificates to mobile
devices. :) By the way, these crutches in HTTPS have no sense if they
can be in some way disabled. It is my deep personal conviction. :)
> Chrome configuration.
> squid-users mailing list
> squid-users at lists.squid-cache.org
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2437 bytes
Desc: not available
More information about the squid-users