[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
Yuri Voinov
yvoinov at gmail.com
Mon Oct 31 22:41:35 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
When the future comes - then we will worry. What wonder, then?
October 2017 is not tomorrow.
01.11.2016 4:13, L. A. Walsh пишет:
> Google is pushing this for all websites by October 2017
>
> One issue to be "caught" are subordinated CA certs that can
> allow one vector for generating certs accepted by browsers w/o
> importing any new certs.
>
> Some of the info on the cert page:
>
> https://www.certificate-transparency.org/what-is-ct
>
> Seems to indicate that site-local generated and imported
> certs may also be detected as invalid and be disallowed for
> SSL connection approvals. That would be a major pain given
> google's actions that seem to be hostile to end-user (or
> end-site) web-caching.
> (saw this on
http://www.theregister.co.uk/2016/10/31/google_certificate_transparency/
> ).
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
- --
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYF8ieAAoJENNXIZxhPexGVrMIAIXr9n92Ven5E7vmtgtxsRtq
Knf2sv/qz1jyl6P836FjSSd+GJuKe0hNxUsuina/MiBlRcbH2hUTuEAJzdbLxebH
2qvN/RxulejKOQFLFaZvrOSBh3b809m+dBlEtIQ8IeWfWpCF02fddU+X7cT9o+8p
hHZW2mgZLq2mJH8u2iIpPzv1uQx4uJdxg22by9YE2bYo2TOpN4b/6vnDEfF8Ggnt
1S2Z4nvak1d+GfX+b9Temlf7LSOuzeWW8gtgj4WPjNUMOnToRo+RGm0Z0by61x3z
frDreEtHuTXVh5ppVIpQdP9VZDsIbTnYt9JmU6c0CigW11sQCU7Z3rQZPG1xp7o=
=2BL1
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161101/7c20f4d2/attachment.key>
More information about the squid-users
mailing list