26.03.2018 07:08, Amos Jeffries пишет:
> On 26/03/18 13:44, Yuri wrote:
>>
>> 26.03.2018 06:41, Yuri пишет:
>>> 26.03.2018 06:30, Amos Jeffries пишет:
On 26/03/18 12:34, Yuri wrote:
> 26.03.2018 05:23, Amos Jeffries пишет:
>> On 26/03/18 12:07, Yuri wrote:
>>> 26.03.2018 05:05, A
On 26/03/18 13:44, Yuri wrote:
>
>
> 26.03.2018 06:41, Yuri пишет:
>>
>> 26.03.2018 06:30, Amos Jeffries пишет:
>>> On 26/03/18 12:34, Yuri wrote:
26.03.2018 05:23, Amos Jeffries пишет:
> On 26/03/18 12:07, Yuri wrote:
>> 26.03.2018 05:05, Amos Jeffries пишет:
>>> On 26/03/18 11:
26.03.2018 06:41, Yuri пишет:
>
> 26.03.2018 06:30, Amos Jeffries пишет:
>> On 26/03/18 12:34, Yuri wrote:
>>> 26.03.2018 05:23, Amos Jeffries пишет:
On 26/03/18 12:07, Yuri wrote:
> 26.03.2018 05:05, Amos Jeffries пишет:
>> On 26/03/18 11:05, Yuri wrote:
>>> And yes, HTTPS is in
26.03.2018 06:30, Amos Jeffries пишет:
> On 26/03/18 12:34, Yuri wrote:
>> 26.03.2018 05:23, Amos Jeffries пишет:
>>> On 26/03/18 12:07, Yuri wrote:
26.03.2018 05:05, Amos Jeffries пишет:
> On 26/03/18 11:05, Yuri wrote:
>> And yes, HTTPS is insecure by design and all our actions doe
On 26/03/18 12:34, Yuri wrote:
>
> 26.03.2018 05:23, Amos Jeffries пишет:
>> On 26/03/18 12:07, Yuri wrote:
>>> 26.03.2018 05:05, Amos Jeffries пишет:
On 26/03/18 11:05, Yuri wrote:
> And yes, HTTPS is insecure by design and all our actions does not it
> less insecure :-D
We are
26.03.2018 05:23, Amos Jeffries пишет:
> On 26/03/18 12:07, Yuri wrote:
>> 26.03.2018 05:05, Amos Jeffries пишет:
>>> On 26/03/18 11:05, Yuri wrote:
And yes, HTTPS is insecure by design and all our actions does not it
less insecure :-D
>>> We are not talking about HTTPS. Only about TLS.
On 26/03/18 12:07, Yuri wrote:
>
> 26.03.2018 05:05, Amos Jeffries пишет:
>> On 26/03/18 11:05, Yuri wrote:
>>> And yes, HTTPS is insecure by design and all our actions does not it
>>> less insecure :-D
>> We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
>> is what is "faili
Waa. You're right. I hurried.
Hmm.
Seems we're can't distinguish unknown server CA and unknown proxy CA.
Sadly.
26.03.2018 05:14, Amos Jeffries пишет:
> On 26/03/18 11:15, Yuri wrote:
>> I mean, for example:
>>
>> SSL_ERROR_CLIENT_DOES_NOT_KNOW_THIS_CA
>>
> Consider carefully what t
On 26/03/18 11:15, Yuri wrote:
> I mean, for example:
>
> SSL_ERROR_CLIENT_DOES_NOT_KNOW_THIS_CA
>
Consider carefully what the words "CLIENT_DOES_NOT_KNOW_THIS_CA" mean in
normal English.
Amos
___
squid-users mailing list
squid-users@lists.squid-cach
On 26/03/18 11:11, Yuri wrote:
> By the way, Amos. I have an idea spinning around. Is it possible to
> specify the SSL error of the unknown certificate issuer for the correct
> processing of the situation when the client does not have a proxy
> certificate installed? This would greatly facilitate t
26.03.2018 05:05, Amos Jeffries пишет:
> On 26/03/18 11:05, Yuri wrote:
>> And yes, HTTPS is insecure by design and all our actions does not it
>> less insecure :-D
> We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
> is what is "failing" at the time any of these details we
On 26/03/18 11:05, Yuri wrote:
> And yes, HTTPS is insecure by design and all our actions does not it
> less insecure :-D
We are not talking about HTTPS. Only about TLS. Because the TLS decrypt
is what is "failing" at the time any of these details we are discussing
are relevant.
The "page" mentio
I mean, for example:
SSL_ERROR_CLIENT_DOES_NOT_KNOW_THIS_CA
during TLS negotiation between client and proxy.
To be separated from rare cases when real world CA exists, but not yet
included to well-known CA's bundle.
Something like this. Now we're can't differentiate UNKNOWN_ISSUES error
- it is
By the way, Amos. I have an idea spinning around. Is it possible to
specify the SSL error of the unknown certificate issuer for the correct
processing of the situation when the client does not have a proxy
certificate installed? This would greatly facilitate the task that we
are discussing.
We're
And yes, HTTPS is insecure by design and all our actions does not it
less insecure :-D
26.03.2018 04:03, Yuri пишет:
>
> 26.03.2018 03:55, Amos Jeffries пишет:
>> On 26/03/18 10:16, Yuri wrote:
>>> 26.03.2018 03:02, Amos Jeffries пишет:
On 26/03/18 09:49, Yuri wrote:
> 26.03.2018 02:45,
26.03.2018 03:55, Amos Jeffries пишет:
> On 26/03/18 10:16, Yuri wrote:
>>
>> 26.03.2018 03:02, Amos Jeffries пишет:
>>> On 26/03/18 09:49, Yuri wrote:
26.03.2018 02:45, Amos Jeffries пишет:
> On 26/03/18 04:41, Yuri wrote:
>> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
>
On 26/03/18 10:16, Yuri wrote:
>
>
> 26.03.2018 03:02, Amos Jeffries пишет:
>> On 26/03/18 09:49, Yuri wrote:
>>>
>>> 26.03.2018 02:45, Amos Jeffries пишет:
On 26/03/18 04:41, Yuri wrote:
> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
> Le 25/03/2018 à 13:08, Yuri a écrit :
>>
26.03.2018 03:02, Amos Jeffries пишет:
> On 26/03/18 09:49, Yuri wrote:
>>
>> 26.03.2018 02:45, Amos Jeffries пишет:
>>> On 26/03/18 04:41, Yuri wrote:
25.03.2018 20:32, Matus UHLAR - fantomas пишет:
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy CA
On 26/03/18 09:49, Yuri wrote:
>
>
> 26.03.2018 02:45, Amos Jeffries пишет:
>> On 26/03/18 04:41, Yuri wrote:
>>>
>>> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
>>> Le 25/03/2018 à 13:08, Yuri a écrit :
The problem is not install proxy CA. The problem is identify client
>>>
26.03.2018 02:45, Amos Jeffries пишет:
> On 26/03/18 04:41, Yuri wrote:
>>
>> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
>> Le 25/03/2018 à 13:08, Yuri a écrit :
>>> The problem is not install proxy CA. The problem is identify client
>>> has no proxy CA and redirect, and do it on
On 26/03/18 04:41, Yuri wrote:
>
>
> 25.03.2018 20:32, Matus UHLAR - fantomas пишет:
> Le 25/03/2018 à 13:08, Yuri a écrit :
>> The problem is not install proxy CA. The problem is identify client
>> has no proxy CA and redirect, and do it only one time.
On 25.03.18 13:46, Ni
Therefore, please, PLEASE, never mention SSL Bump and security/privacy
in one letter.O:-)
These are mutually exclusive concepts.
Just like HTTPS and security.
25.03.2018 22:00, Yuri пишет:
>
> In principle, I do not consider as secure the technology that allows
> MiTM (even in theory) - anyway,
In principle, I do not consider as secure the technology that allows
MiTM (even in theory) - anyway, for what purpose.
Since this is so - HTTPS is nothing more than a security theater with a
green lock for calming users.
This does not mean that I do not care about the security and privacy of
user
25.03.2018 20:32, Matus UHLAR - fantomas пишет:
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy CA. The problem is identify client
> has no proxy CA and redirect, and do it only one time.
>>>
>>> On 25.03.18 13:46, Nicolas Kovacs wrote:
That is exactly t
Le 25/03/2018 à 13:08, Yuri a écrit :
The problem is not install proxy CA. The problem is identify client
has no proxy CA and redirect, and do it only one time.
On 25.03.18 13:46, Nicolas Kovacs wrote:
That is exactly the problem. And I have yet to find a solution for that.
Current method is
25.03.2018 18:42, Matus UHLAR - fantomas пишет:
>> Le 25/03/2018 à 13:08, Yuri a écrit :
>>> The problem is not install proxy CA. The problem is identify client
>>> has no proxy CA and redirect, and do it only one time.
>
> On 25.03.18 13:46, Nicolas Kovacs wrote:
>> That is exactly the problem.
Le 25/03/2018 à 13:08, Yuri a écrit :
The problem is not install proxy CA. The problem is identify client
has no proxy CA and redirect, and do it only one time.
On 25.03.18 13:46, Nicolas Kovacs wrote:
That is exactly the problem. And I have yet to find a solution for that.
Current method is
25.03.2018 17:46, Nicolas Kovacs пишет:
> Le 25/03/2018 à 13:08, Yuri a écrit :
>> The problem is not install proxy CA. The problem is identify client
>> has no proxy CA and redirect, and do it only one time.
> That is exactly the problem. And I have yet to find a solution for that.
>
> Current m
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy CA. The problem is identify client
> has no proxy CA and redirect, and do it only one time.
That is exactly the problem. And I have yet to find a solution for that.
Current method is instruct everyone - with a printed paper
Hey Eliezer,
PC browsers non-required automated installers for CA. In it all simple
do by JS directly from page.
Can you do automated installer for mobile clients? iPhones, Android? For
both - mobile browsers and apps as well?
The problem is not install proxy CA. The problem is identify client h
Hey Nicolas,
You can use a "splash page" concept which will contain a test page that will
try to verify if the client has the root ca certificate installed.
I have created and published an example at:
https://github.com/elico/ca-cert-test-page
And a real usage at:
https://cert.rimon.net.il/
If
31 matches
Mail list logo
