On 26/03/18 12:07, Yuri wrote: > > 26.03.2018 05:05, Amos Jeffries пишет: >> On 26/03/18 11:05, Yuri wrote: >>> And yes, HTTPS is insecure by design and all our actions does not it >>> less insecure :-D >> We are not talking about HTTPS. Only about TLS. Because the TLS decrypt >> is what is "failing" at the time any of these details we are discussing >> are relevant. >> >> The "page" mentioned is HTML created by the _client_ as its way to show >> the user things. Still no HTTP(S) involvement. Squid has zero >> involvement with that so cannot make it do anything active (like install >> CA certs). > Exactly. Users do. And we're almost have all required tools to implement > user'driven helper ;) Yet again you are circled back to involving the user. Remember the original point was trying to do things *without any user* knowing or being involved. This is what I mean by "TLS used properly" - proper is when it always circles back to user deciding who they trust. No matter how indirectly, the user installs a (root) CA causing trust or allowed someone else to do so. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
