On 25/06/2015 4:00 a.m., Yuri Voinov wrote: > > Tom, > > one simple question. > > Soon, all or almost all the Internet go into HTTPS. Why do you then need > caching proxy? Because HTTPS is more cacheable than HTTP. A lot of misguided developers that go needlessly out of their way to prevent caching their http:// content omit the same in https:// (its end-to-end right? ;-). Which is one of the several reasons HTTPS still works "fast" despite the extra overheads of MITM decryption. > The tunnel connection and process ACLs? > > My second question to Amos. Amos, what the hell do we under these > conditions caching proxy? Even the experts in the IETF are divided over that question. The only thing to do right now is rollout MITM across the whole Internet to match it. The HTTPS bumpign and decryption related threads in here and elsewhere is a good reflection of that happening as well. Though efforts are underway to convince the browser people to fix their lack of TLS-to-proxy for security on http:// and cacheable DRM-style crypto for just the payload of messages, etc. Once they accept that the bogus arguments about http:// being "insecure" disappear. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users