[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?
MK2018
mohammed.khallaf at gmail.com
Fri Apr 13 22:13:26 UTC 2018
Alex Crow-2 wrote
>> Unless the protocol design changes to expose full URLs and/or MIME types,
>> nothing will replace Squid Bumping.
>>
>> That being said, we are headed to the vortex by 2018.05.01. Let's drown
>> together, while we yell and curse at Google!
>>
>> MK
>>
>>
>>
>
> Erm, can someone elucidate the issue here? Can't see anything about this
> in the last year of mails from this list ;-)
>
> Alex
>
> -
:D :D Sure thing, here it is:
https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/
I had to know from AWS, otherwise I would have been terrorized on May 1st
all the sudden, just like how Google does each time.
Chrome is most probably going to spit fire at all non-CT-Logged CA
certificate. Naturally, 99% of Squid-Bumping feature use self-signed certs
(or otherwise own all real CAs in the world and still violate CA rules), so
they will end up getting into war with all Chrome users.
Hope that clears it up!
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list