[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
MK2018
mohammed.khallaf at gmail.com
Fri Apr 13 22:53:01 UTC 2018
MK2018 wrote
> Alex Crow-2 wrote
>>> Unless the protocol design changes to expose full URLs and/or MIME
>>> types,
>>> nothing will replace Squid Bumping.
>>>
>>> That being said, we are headed to the vortex by 2018.05.01. Let's drown
>>> together, while we yell and curse at Google!
>>>
>>> MK
>>>
>>>
>>>
>>
>> Erm, can someone elucidate the issue here? Can't see anything about this
>> in the last year of mails from this list ;-)
>>
>> Alex
>>
>> -
>
>
> :D :D Sure thing, here it is:
> https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/
>
> I had to know from AWS, otherwise I would have been terrorized on May 1st
> all the sudden, just like how Google does it each time.
>
> Chrome is most probably going to spit fire at all non-CT-Logged CA
> certificate. Naturally, 99% of Squid-Bumping feature users use self-signed
> certs
> (or otherwise own all real CAs in the world and still violate CA rules),
> so
> they will end up getting into war with all Chrome users (which is
> basically like 80% of users).
>
> Hope that clears it up!
I might have overlooked this: "Certificates issued from locally-trusted or
enterprise CAs that are added by users or administrators are not subject to
this requirement."
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/wHILiYf31DE
Think there is still hope?
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list