Search squid archive

Re: Questions Regarding Transparent Proxy, HTTPS, and ssl_bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 25/06/2015 4:00 a.m., Yuri Voinov wrote:
> 
> Tom,
> 
> one simple question.
> 
> Soon, all or almost all the Internet go into HTTPS. Why do you then need
> caching proxy?

Because HTTPS is more cacheable than HTTP. A lot of misguided developers
that go needlessly out of their way to prevent caching their http://
content omit the same in https:// (its end-to-end right? ;-). Which is
one of the several reasons HTTPS still works "fast" despite the extra
overheads of MITM decryption.


> The tunnel connection and process ACLs?
> 
> My second question to Amos. Amos, what the hell do we under these
> conditions caching proxy?

Even the experts in the IETF are divided over that question. The only
thing to do right now is rollout MITM across the whole Internet to match
it. The HTTPS bumpign and decryption related threads in here and
elsewhere is a good reflection of that happening as well.

Though efforts are underway to convince the browser people to fix their
lack of TLS-to-proxy for security on http:// and cacheable DRM-style
crypto for just the payload of messages, etc. Once they accept that the
bogus arguments about http:// being "insecure" disappear.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux