On 4/02/2015 7:32 p.m., Jason Haar wrote: > On 04/02/15 18:47, Daniel Greenwald wrote: >> And happens to be one that squid desperately needs to remain in order >> to continue ssl bumping.. > ...and is one that diminishes in value as cert pinning becomes more > popular... > > It's a tough life: on the one hand we want to do TLS intercept in order > to do content filtering of HTTPS (because the bad guys are deliberately > putting more and more malware onto HTTPS websites), and yet on the other > hand we all want some things to be private. > > Bring back RFC3514, then all of this would be easy!!! > While Squid is not able to be section-3 compliant due to lack of a portable system API. By building with --disable-http-violations it becomes mostly compliant with section-4 under its role as a network protection gateway. ;-P Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
