[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

Yuri Voinov yvoinov at gmail.com
Mon Oct 31 22:48:08 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Google and so is not too conducive to caching the end user. One problem
anymore - one less, what's the difference? When we begin to beat - start
to cry. In general, the year in IT - eternity. During this time,
everything can happen. So relax, cousin. Nothing else happened. ;)

PS. A magic bullets - does not exist. You have forgotten that some
governments are willing to carry out globally SSL Bump over its
citizens. This is a separate issue for everyone, not just for these
citizens. So quietly celebrate Halloween and do not ride the wave :)

01.11.2016 4:41, Yuri Voinov пишет:
>
> When the future comes - then we will worry. What wonder, then?
>
> October 2017 is not tomorrow.
>
>
> 01.11.2016 4:13, L. A. Walsh пишет:
> > Google is pushing this for all websites by October 2017
>
> > One issue to be "caught" are subordinated CA certs that can
> > allow one vector for generating certs accepted by browsers w/o
> > importing any new certs.
>
> > Some of the info on the cert page:
>
> >    https://www.certificate-transparency.org/what-is-ct
>
> > Seems to indicate that site-local generated and imported
> > certs may also be detected as invalid and be disallowed for
> > SSL connection approvals.  That would be a major pain given
> > google's actions that seem to be hostile to end-user (or
> > end-site) web-caching.
> > (saw this on
> http://www.theregister.co.uk/2016/10/31/google_certificate_transparency/
> > ).
>
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>

- -- 
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYF8ooAAoJENNXIZxhPexG+VAH/15vFPprneESrl94A2iOrHo4
2JoAy0Fqi7mJjuSjSNOhW3O2AutJkrPMDMTg8FEso999wI/HsuRCWqaMLpQU/7dv
hzA3BwegOrELBXb5x5YPXP8FgMkN6Wytcy9nOkU6Hn/s3u3QP8zUqLWFbLGqnMoF
PSJuCbNA3m8IOf7WP2nF3824KLM3AMkByQ2XszS7TnP4LxYIIYh+0mcJ7oSqaLxo
oMCDCknfu0FcISl1MVxQQVIpVqxfNnzBxFrBVK2ZJ5mDgeyB0+dQjULpRO0IDGDL
PRQeUAgyREEejfuJLpoE+ufwT9SkTyxm6WZUZiJgOEnueNdxc5wox0jJpOX+5bY=
=zXZ1
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161101/9944b196/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161101/9944b196/attachment.key>


More information about the squid-users mailing list