>> I am only looking to inspect each SSL connection
>> for the purposes of determining if the traffic
>> should be allowed, i.e. non-malicious (not chat,
>> file-transfer, etc).
> I have plans to get something very basic into
> squid-2 to support transparently proxying SSL
> connections
I think what we really need is just the much simpler
blacklist/whitelist capability. If we can
transparently intercept, and give a
thumbs-up/thumbs-down to every destination IP address
(perhaps after doing a reverse DNS lookup on it),
that's all we need.
In my experience, fingerprinting the type of traffic
turns out to not be very useful ...after all the
difficulty of implementing it. Why?
1) There's "legitimate" traffic on 443 that's not web
traffic (for example LogMeIn or SSH). Forbidding
everything that's non-web is just shooting yourself in
the foot.
2) A big problem is https: proxies, as they're real
easy to use and will completely bypass all filters.
But they _do_ look like web traffic, so they couldn't
be forbidden by reasonable fingerprinting.
-Chuck Kollars
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545433
