[squid-dev] [RFC] Dynamic Hostnames and urls and StoreID, what do you think?
Eliezer Croitoru
eliezer at ngtech.co.il
Sun Mar 20 00:12:26 UTC 2016
Currently the Internet is in a more of a "static" state and there are
couple moving parts in this whole big system.
Most of it is "binded" by the ipv4 and the domain name system.
With the developments of encryption including Diffie–Hellman and couple
other ideas I have seen that it is possible that in the future(distance
or not.) there is a possibility for a change in how things works.
Currently Google implements couple "moving" targets in their systems
that gives them the option to redirect from one point to another in
couple layers\levels and it's nice but it means that StoreID now is
built based on the assumption or the idea of semi-static targets.
From the admin point of view or the script, the target needs to be
known in advance to the actual fetch. In the not so long past
Google\YouTube "cachers" used a nice trick that was described by Amos as
"redirection attack" in order to prepare for an attack. Sometimes it was
on specific hosts and in others it was on specific urls\objects.
I tried to track this issue for a very long time and it seems that these
attacks was mitigated by Google\YouTube by adding the HTTPS level.
Now that we have ssl-bump in a very good shape I was wondering to
myself, what would be the next move of Google\YouTube service?
Moving targets around the globe 24/7?
What or Why actually Google\YouTube care about when some local ISP or an
internal proxy caches their content services?
I am looking for couple new angles to look at the subject, please share
your opinion about the subject and also if you think I have a wrong one
please add comments.
Eliezer
* Saying to someone as a joke in the middle of the work "Somebody from
Google was just looking for you." was one of the devious things I have
heard in my life!!!
More information about the squid-dev
mailing list