[vox-tech] Need to bypass Squid proxy
Seth Nagao
dokuja at gmail.com
Thu Jan 26 12:43:47 PST 2006
On 1/26/06, Micah J. Cowan <micah at cowan.name> wrote:
> I'm aware that squid will proxy SSL, at least on non-transparent
> connections (I do that often). I don't see how it can do that
> transparently: It doesn't know the server's private key. It could use a
> totally /separate/ key to pretend to be the server, and then pretend to
> be the client to the server, but that would be wrong, wrong, WRONG, and
> I very much doubt the developers of squid make it do that.
Interestingly enough, I went to an ISSA meeting which included a
vendor that intended to do EXACTLY that. The line of thought went
something like, "Well, we're the good guys, so it's not really a MITM
attack." I'll see if I can find the info I have on them next time I'm
in the office. I've been curious of what legal implications that such
a proxy might incur if a breach of security happened at that point,
but that might be covered in the big nasty legal documents you often
have to sign.
--Seth
More information about the vox-tech
mailing list