Re: [squid-users] Extraneous question regarding SSL interception
On 04/21/2016 03:53 PM, Antony Stone wrote: > Any chance of getting it added to the Squid documentation for newbies, so > they > have a better concept of what these terms mean and where they apply? Please do! Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Extraneous question regarding SSL interception
On Thursday 21 April 2016 at 22:53:35, Alex Rousskov wrote a good explanation of SSL bumping. > On 04/21/2016 02:22 PM, Antony Stone wrote: > > Forgive me if this is answered in the documentation somewhere (but please > > point me at it if so, because I haven't been able to find it), but where > > do the terms "bump", "peek", "splice" and "stare" come from? Thank you greatly for your answer to that. Any chance of getting it added to the Squid documentation for newbies, so they have a better concept of what these terms mean and where they apply? Antony. -- I conclude that there are two ways of constructing a software design: One way is to make it so simple that there are _obviously_ no deficiencies, and the other way is to make it so complicated that there are no _obvious_ deficiencies. - C A R Hoare Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Extraneous question regarding SSL interception
Yes! That SSL _Bump_ name! Thanks for explaining the origins. On 23:53, Thu, Apr 21, 2016 Alex Rousskovwrote: > On 04/21/2016 02:22 PM, Antony Stone wrote: > > > Forgive me if this is answered in the documentation somewhere (but please > > point me at it if so, because I haven't been able to find it), but where > do the > > terms "bump", "peek", "splice" and "stare" come from? > > "splice" comes from a standard networking technique of "TCP splicing" > which is exactly what Squid is trying to do when the "splice" action wins. > > "bump" comes from a more-or-less standard networking concept of "bump in > the wire" that describes temporary elevating processing to the next > protocol level. In Squid's case, we are temporary elevating processing > from SSL to HTTP level. > > "peek" comes from the English verb "to peek" which means "look quickly" > and has such synonyms as "take a stealthy look", which is exactly what > Squid is trying to do when the "peek" action wins. > > "stare" comes from the English verb "to stare" and was chosen as a kind > of antonym to "to peek". When Squid stares at the SSL exchanges, it may > modify things and generally prepare connections for bumping, which is a > much longer operation compared to peeking. > > There is also "terminate" which does what it says. > > > In my biased opinion, the action names are actually pretty accurate and > descriptive. My only regret is that the feature itself was called SSL > _Bump_ and not something more action-neutral. Unfortunately, I did not > predict the necessary for more actions when we started writing bumping > code. > > Alex. > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Extraneous question regarding SSL interception
On 04/21/2016 02:22 PM, Antony Stone wrote: > Forgive me if this is answered in the documentation somewhere (but please > point me at it if so, because I haven't been able to find it), but where do > the > terms "bump", "peek", "splice" and "stare" come from? "splice" comes from a standard networking technique of "TCP splicing" which is exactly what Squid is trying to do when the "splice" action wins. "bump" comes from a more-or-less standard networking concept of "bump in the wire" that describes temporary elevating processing to the next protocol level. In Squid's case, we are temporary elevating processing from SSL to HTTP level. "peek" comes from the English verb "to peek" which means "look quickly" and has such synonyms as "take a stealthy look", which is exactly what Squid is trying to do when the "peek" action wins. "stare" comes from the English verb "to stare" and was chosen as a kind of antonym to "to peek". When Squid stares at the SSL exchanges, it may modify things and generally prepare connections for bumping, which is a much longer operation compared to peeking. There is also "terminate" which does what it says. In my biased opinion, the action names are actually pretty accurate and descriptive. My only regret is that the feature itself was called SSL _Bump_ and not something more action-neutral. Unfortunately, I did not predict the necessary for more actions when we started writing bumping code. Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users