Re: [squid-users] Extraneous question regarding SSL interception

2016-04-21 Thread Alex Rousskov 
On 04/21/2016 03:53 PM, Antony Stone wrote:

> Any chance of getting it added to the Squid documentation for newbies, so 
> they 
> have a better concept of what these terms mean and where they apply?

Please do!

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Extraneous question regarding SSL interception

2016-04-21 Thread Antony Stone 
On Thursday 21 April 2016 at 22:53:35, Alex Rousskov wrote a good explanation 
of SSL bumping.

> On 04/21/2016 02:22 PM, Antony Stone wrote:
> > Forgive me if this is answered in the documentation somewhere (but please
> > point me at it if so, because I haven't been able to find it), but where
> > do the terms "bump", "peek", "splice" and "stare" come from?

Thank you greatly for your answer to that.

Any chance of getting it added to the Squid documentation for newbies, so they 
have a better concept of what these terms mean and where they apply?


Antony.

-- 
I conclude that there are two ways of constructing a software design: One way 
is to make it so simple that there are _obviously_ no deficiencies, and the 
other way is to make it so complicated that there are no _obvious_ 
deficiencies.

 - C A R Hoare

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Extraneous question regarding SSL interception

2016-04-21 Thread Odhiambo Washington 
Yes! That SSL _Bump_ name!

Thanks for explaining the origins.

On 23:53, Thu, Apr 21, 2016 Alex Rousskov 
wrote:

> On 04/21/2016 02:22 PM, Antony Stone wrote:
>
> > Forgive me if this is answered in the documentation somewhere (but please
> > point me at it if so, because I haven't been able to find it), but where
> do the
> > terms "bump", "peek", "splice" and "stare" come from?
>
> "splice" comes from a standard networking technique of "TCP splicing"
> which is exactly what Squid is trying to do when the "splice" action wins.
>
> "bump" comes from a more-or-less standard networking concept of "bump in
> the wire" that describes temporary elevating processing to the next
> protocol level. In Squid's case, we are temporary elevating processing
> from SSL to HTTP level.
>
> "peek" comes from the English verb "to peek" which means "look quickly"
> and has such synonyms as "take a stealthy look", which is exactly what
> Squid is trying to do when the "peek" action wins.
>
> "stare" comes from the English verb "to stare" and was chosen as a kind
> of antonym to "to peek". When Squid stares at the SSL exchanges, it may
> modify things and generally prepare connections for bumping, which is a
> much longer operation compared to peeking.
>
> There is also "terminate" which does what it says.
>
>
> In my biased opinion, the action names are actually pretty accurate and
> descriptive. My only regret is that the feature itself was called SSL
> _Bump_ and not something more action-neutral. Unfortunately, I did not
> predict the necessary for more actions when we started writing bumping
> code.
>
> Alex.
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Extraneous question regarding SSL interception

2016-04-21 Thread Alex Rousskov 
On 04/21/2016 02:22 PM, Antony Stone wrote:

> Forgive me if this is answered in the documentation somewhere (but please 
> point me at it if so, because I haven't been able to find it), but where do 
> the 
> terms "bump", "peek", "splice" and "stare" come from?

"splice" comes from a standard networking technique of "TCP splicing"
which is exactly what Squid is trying to do when the "splice" action wins.

"bump" comes from a more-or-less standard networking concept of "bump in
the wire" that describes temporary elevating processing to the next
protocol level. In Squid's case, we are temporary elevating processing
from SSL to HTTP level.

"peek" comes from the English verb "to peek" which means "look quickly"
and has such synonyms as "take a stealthy look", which is exactly what
Squid is trying to do when the "peek" action wins.

"stare" comes from the English verb "to stare" and was chosen as a kind
of antonym to "to peek". When Squid stares at the SSL exchanges, it may
modify things and generally prepare connections for bumping, which is a
much longer operation compared to peeking.

There is also "terminate" which does what it says.


In my biased opinion, the action names are actually pretty accurate and
descriptive. My only regret is that the feature itself was called SSL
_Bump_ and not something more action-neutral. Unfortunately, I did not
predict the necessary for more actions when we started writing bumping code.

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users