[squid-users] How to configure a "proxy home" page ?
Amos Jeffries
squid3 at treenet.co.nz
Sun Mar 25 23:23:04 UTC 2018
On 26/03/18 12:07, Yuri wrote:
>
> 26.03.2018 05:05, Amos Jeffries пишет:
>> On 26/03/18 11:05, Yuri wrote:
>>> And yes, HTTPS is insecure by design and all our actions does not it
>>> less insecure :-D
>> We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
>> is what is "failing" at the time any of these details we are discussing
>> are relevant.
>>
>> The "page" mentioned is HTML created by the _client_ as its way to show
>> the user things. Still no HTTP(S) involvement. Squid has zero
>> involvement with that so cannot make it do anything active (like install
>> CA certs).
> Exactly. Users do. And we're almost have all required tools to implement
> user'driven helper ;)
Yet again you are circled back to involving the user. Remember the
original point was trying to do things *without any user* knowing or
being involved.
This is what I mean by "TLS used properly" - proper is when it always
circles back to user deciding who they trust. No matter how indirectly,
the user installs a (root) CA causing trust or allowed someone else to
do so.
Amos
More information about the squid-users
mailing list