26.03.2018 07:08, Amos Jeffries пишет:
> On 26/03/18 13:44, Yuri wrote:
>>
>> 26.03.2018 06:41, Yuri пишет:
>>> 26.03.2018 06:30, Amos Jeffries пишет:
On 26/03/18 12:34, Yuri wrote:
> 26.03.2018 05:23, Amos Jeffries пишет:
>> On 26/03/18 12:07, Yuri wrote:
>>> 26.03.2018 05:05,
On 26/03/18 13:44, Yuri wrote:
>
>
> 26.03.2018 06:41, Yuri пишет:
>>
>> 26.03.2018 06:30, Amos Jeffries пишет:
>>> On 26/03/18 12:34, Yuri wrote:
26.03.2018 05:23, Amos Jeffries пишет:
> On 26/03/18 12:07, Yuri wrote:
>> 26.03.2018 05:05, Amos Jeffries пишет:
>>> On 26/03/18
26.03.2018 06:41, Yuri пишет:
>
> 26.03.2018 06:30, Amos Jeffries пишет:
>> On 26/03/18 12:34, Yuri wrote:
>>> 26.03.2018 05:23, Amos Jeffries пишет:
On 26/03/18 12:07, Yuri wrote:
> 26.03.2018 05:05, Amos Jeffries пишет:
>> On 26/03/18 11:05, Yuri wrote:
>>> And yes, HTTPS is
26.03.2018 06:30, Amos Jeffries пишет:
> On 26/03/18 12:34, Yuri wrote:
>> 26.03.2018 05:23, Amos Jeffries пишет:
>>> On 26/03/18 12:07, Yuri wrote:
26.03.2018 05:05, Amos Jeffries пишет:
> On 26/03/18 11:05, Yuri wrote:
>> And yes, HTTPS is insecure by design and all our actions
On 26/03/18 12:34, Yuri wrote:
>
> 26.03.2018 05:23, Amos Jeffries пишет:
>> On 26/03/18 12:07, Yuri wrote:
>>> 26.03.2018 05:05, Amos Jeffries пишет:
On 26/03/18 11:05, Yuri wrote:
> And yes, HTTPS is insecure by design and all our actions does not it
> less insecure :-D
We are
26.03.2018 05:23, Amos Jeffries пишет:
> On 26/03/18 12:07, Yuri wrote:
>> 26.03.2018 05:05, Amos Jeffries пишет:
>>> On 26/03/18 11:05, Yuri wrote:
And yes, HTTPS is insecure by design and all our actions does not it
less insecure :-D
>>> We are not talking about HTTPS. Only about
Waa. You're right. I hurried.
Hmm.
Seems we're can't distinguish unknown server CA and unknown proxy CA.
Sadly.
26.03.2018 05:14, Amos Jeffries пишет:
> On 26/03/18 11:15, Yuri wrote:
>> I mean, for example:
>>
>> SSL_ERROR_CLIENT_DOES_NOT_KNOW_THIS_CA
>>
> Consider carefully what
On 26/03/18 11:15, Yuri wrote:
> I mean, for example:
>
> SSL_ERROR_CLIENT_DOES_NOT_KNOW_THIS_CA
>
Consider carefully what the words "CLIENT_DOES_NOT_KNOW_THIS_CA" mean in
normal English.
Amos
___
squid-users mailing list
On 26/03/18 11:11, Yuri wrote:
> By the way, Amos. I have an idea spinning around. Is it possible to
> specify the SSL error of the unknown certificate issuer for the correct
> processing of the situation when the client does not have a proxy
> certificate installed? This would greatly facilitate
26.03.2018 05:05, Amos Jeffries пишет:
> On 26/03/18 11:05, Yuri wrote:
>> And yes, HTTPS is insecure by design and all our actions does not it
>> less insecure :-D
> We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
> is what is "failing" at the time any of these details
On 26/03/18 11:05, Yuri wrote:
> And yes, HTTPS is insecure by design and all our actions does not it
> less insecure :-D
We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
is what is "failing" at the time any of these details we are discussing
are relevant.
The "page"
I mean, for example:
SSL_ERROR_CLIENT_DOES_NOT_KNOW_THIS_CA
during TLS negotiation between client and proxy.
To be separated from rare cases when real world CA exists, but not yet
included to well-known CA's bundle.
Something like this. Now we're can't differentiate UNKNOWN_ISSUES error
- it
By the way, Amos. I have an idea spinning around. Is it possible to
specify the SSL error of the unknown certificate issuer for the correct
processing of the situation when the client does not have a proxy
certificate installed? This would greatly facilitate the task that we
are discussing.
We're
And yes, HTTPS is insecure by design and all our actions does not it
less insecure :-D
26.03.2018 04:03, Yuri пишет:
>
> 26.03.2018 03:55, Amos Jeffries пишет:
>> On 26/03/18 10:16, Yuri wrote:
>>> 26.03.2018 03:02, Amos Jeffries пишет:
On 26/03/18 09:49, Yuri wrote:
> 26.03.2018 02:45,
26.03.2018 03:55, Amos Jeffries пишет:
> On 26/03/18 10:16, Yuri wrote:
>>
>> 26.03.2018 03:02, Amos Jeffries пишет:
>>> On 26/03/18 09:49, Yuri wrote:
26.03.2018 02:45, Amos Jeffries пишет:
> On 26/03/18 04:41, Yuri wrote:
>> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
On 26/03/18 10:16, Yuri wrote:
>
>
> 26.03.2018 03:02, Amos Jeffries пишет:
>> On 26/03/18 09:49, Yuri wrote:
>>>
>>> 26.03.2018 02:45, Amos Jeffries пишет:
On 26/03/18 04:41, Yuri wrote:
> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
> Le 25/03/2018 à 13:08, Yuri a écrit :
26.03.2018 03:02, Amos Jeffries пишет:
> On 26/03/18 09:49, Yuri wrote:
>>
>> 26.03.2018 02:45, Amos Jeffries пишет:
>>> On 26/03/18 04:41, Yuri wrote:
25.03.2018 20:32, Matus UHLAR - fantomas пишет:
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy
On 26/03/18 09:49, Yuri wrote:
>
>
> 26.03.2018 02:45, Amos Jeffries пишет:
>> On 26/03/18 04:41, Yuri wrote:
>>>
>>> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
>>> Le 25/03/2018 à 13:08, Yuri a écrit :
The problem is not install proxy CA. The problem is identify client
26.03.2018 02:45, Amos Jeffries пишет:
> On 26/03/18 04:41, Yuri wrote:
>>
>> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
>> Le 25/03/2018 à 13:08, Yuri a écrit :
>>> The problem is not install proxy CA. The problem is identify client
>>> has no proxy CA and redirect, and do it
On 26/03/18 04:41, Yuri wrote:
>
>
> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
> Le 25/03/2018 à 13:08, Yuri a écrit :
>> The problem is not install proxy CA. The problem is identify client
>> has no proxy CA and redirect, and do it only one time.
On 25.03.18 13:46,
Therefore, please, PLEASE, never mention SSL Bump and security/privacy
in one letter.O:-)
These are mutually exclusive concepts.
Just like HTTPS and security.
25.03.2018 22:00, Yuri пишет:
>
> In principle, I do not consider as secure the technology that allows
> MiTM (even in theory) - anyway,
In principle, I do not consider as secure the technology that allows
MiTM (even in theory) - anyway, for what purpose.
Since this is so - HTTPS is nothing more than a security theater with a
green lock for calming users.
This does not mean that I do not care about the security and privacy of
25.03.2018 20:32, Matus UHLAR - fantomas пишет:
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy CA. The problem is identify client
> has no proxy CA and redirect, and do it only one time.
>>>
>>> On 25.03.18 13:46, Nicolas Kovacs wrote:
That is exactly
Le 25/03/2018 à 13:08, Yuri a écrit :
The problem is not install proxy CA. The problem is identify client
has no proxy CA and redirect, and do it only one time.
On 25.03.18 13:46, Nicolas Kovacs wrote:
That is exactly the problem. And I have yet to find a solution for that.
Current method is
25.03.2018 18:42, Matus UHLAR - fantomas пишет:
>> Le 25/03/2018 à 13:08, Yuri a écrit :
>>> The problem is not install proxy CA. The problem is identify client
>>> has no proxy CA and redirect, and do it only one time.
>
> On 25.03.18 13:46, Nicolas Kovacs wrote:
>> That is exactly the problem.
25.03.2018 17:46, Nicolas Kovacs пишет:
> Le 25/03/2018 à 13:08, Yuri a écrit :
>> The problem is not install proxy CA. The problem is identify client
>> has no proxy CA and redirect, and do it only one time.
> That is exactly the problem. And I have yet to find a solution for that.
>
> Current
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy CA. The problem is identify client
> has no proxy CA and redirect, and do it only one time.
That is exactly the problem. And I have yet to find a solution for that.
Current method is instruct everyone - with a printed paper
Hey Eliezer,
PC browsers non-required automated installers for CA. In it all simple
do by JS directly from page.
Can you do automated installer for mobile clients? iPhones, Android? For
both - mobile browsers and apps as well?
The problem is not install proxy CA. The problem is identify client
Hey Nicolas,
You can use a "splash page" concept which will contain a test page that will
try to verify if the client has the root ca certificate installed.
I have created and published an example at:
https://github.com/elico/ca-cert-test-page
And a real usage at:
https://cert.rimon.net.il/
If
29 matches
Mail list logo
