ons 2006-07-05 klockan 12:46 +0200 skrev Toni Mueller: > I see the conflict about breaking end-to-end security and invading > privacy on one side, and a requirement to keep malware out which could > sneak in via SSL transport. With SSL it's more than a conflict. SSL is explicitly designed to not allow breaking end-to-end. Meaning that breaking end-to-end is only theoretically possible if the client is configured to trust the proxy as an SSL CA. Additionally, this will cripple the SSL protocol making it impossible to use client certificate authentication and also makes it impossible for the user/browser to properly verify the requested server (it has to trust the proxy to do all verifications correctly...) With these limitations and drawbacks it is theoretically possible, but not yet implemented for Squid. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
