MK2018 wrote > Alex Crow-2 wrote >>> Unless the protocol design changes to expose full URLs and/or MIME >>> types, >>> nothing will replace Squid Bumping. >>> >>> That being said, we are headed to the vortex by 2018.05.01. Let's drown >>> together, while we yell and curse at Google! >>> >>> MK >>> >>> >>> >> >> Erm, can someone elucidate the issue here? Can't see anything about this >> in the last year of mails from this list ;-) >> >> Alex >> >> - > > > :D :D Sure thing, here it is: > https://aws.amazon.com/blogs/security/how-to-get-ready-for-certificate-transparency/ > > I had to know from AWS, otherwise I would have been terrorized on May 1st > all the sudden, just like how Google does it each time. > > Chrome is most probably going to spit fire at all non-CT-Logged CA > certificate. Naturally, 99% of Squid-Bumping feature users use self-signed > certs > (or otherwise own all real CAs in the world and still violate CA rules), > so > they will end up getting into war with all Chrome users (which is > basically like 80% of users). > > Hope that clears it up! I might have overlooked this: "Certificates issued from locally-trusted or enterprise CAs that are added by users or administrators are not subject to this requirement." https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/wHILiYf31DE Think there is still hope? -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
