Search squid archive

Re: How to configure a "proxy home" page ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26/03/18 12:07, Yuri wrote:
> 
> 26.03.2018 05:05, Amos Jeffries пишет:
>> On 26/03/18 11:05, Yuri wrote:
>>> And yes, HTTPS is insecure by design and all our actions does not it
>>> less insecure :-D
>> We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
>> is what is "failing" at the time any of these details we are discussing
>> are relevant.
>>
>> The "page" mentioned is HTML created by the _client_ as its way to show
>> the user things. Still no HTTP(S) involvement. Squid has zero
>> involvement with that so cannot make it do anything active (like install
>> CA certs).
> Exactly. Users do. And we're almost have all required tools to implement
> user'driven helper ;)

Yet again you are circled back to involving the user. Remember the
original point was trying to do things *without any user* knowing or
being involved.


This is what I mean by "TLS used properly" - proper is when it always
circles back to user deciding who they trust. No matter how indirectly,
the user installs a (root) CA causing trust or allowed someone else to
do so.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux