[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
yvoinov at gmail.com
Tue Nov 1 21:03:28 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
02.11.2016 2:58, Alex Rousskov пишет:
> On 11/01/2016 02:47 PM, Yuri Voinov wrote:
>> if the SSL bump will be impossible to do -
>> whether it should be understood that in such a situation you close the
>> project Squid as unnecessary? :) Seriously, why does it then need to be
>> in a world without HTTP?
> Believe it or not, there are still many Squid use cases where bumping is
"Wow, Plop-Plop, what a terrible story" ;)
> unnecessary. This includes, but is not limited to, HTTPS proxying cases
> with peek/splice/terminate rules and environments where Squid possesses
Sure, I know. I meet this every day exactly. This is no problem still
remains relatively low percent.
> the certificate issued by CAs trusted by clients. There are also IETF
> attempts to standardize transmission of encrypted but proxy-cachable
Hope they not completely headless.
> I agree that Squid user base will shrink if nobody can bump 3rd party
> traffic, but that reduction alone will not kill Squid.
Hope at this. It is difficult to make long-term plans if the software
has to die soon. :)
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2437 bytes
Desc: not available
More information about the squid-users