I mentioned at the tail of another email, I'd like to see a better out-of-band authentication protocol than ident. Such a protocol would have: . a single connection from squid over which all identification requests travel. Not one connection per request as with ident. . two way authentication (psk or certificate) . encryption (tls) . full connection description (src ip, src port, dst ip, dst port) so that interception proxy works (ident only exchanges port numbers) . optional reverse connection (client connects to squid rather than squid connecting to client - only useful for a single proxy server but means no firewall exceptions on the client) . probably still use port 113 (not that it really matters...) Does such a thing exist already? I can easily write a server for Windows, and probably for Linux, and the client side in squid wouldn't be too hard from what I can see. Thanks James
