[vox-tech] Need to bypass Squid proxy

[Seth Nagao]

On 1/26/06, Micah J. Cowan <micah at cowan.name> wrote:
> I'm aware that squid will proxy SSL, at least on non-transparent
> connections (I do that often). I don't see how it can do that
> transparently: It doesn't know the server's private key. It could use a
> totally /separate/ key to pretend to be the server, and then pretend to
> be the client to the server, but that would be wrong, wrong, WRONG, and
> I very much doubt the developers of squid make it do that.

Interestingly enough, I went to an ISSA meeting which included a
vendor that intended to do EXACTLY that.  The line of thought went
something like, "Well, we're the good guys, so it's not really a MITM
attack."  I'll see if I can find the info I have on them next time I'm
in the office.  I've been curious of what legal implications that such
a proxy might incur if a breach of security happened at that point,
but that might be covered in the big nasty legal documents you often
have to sign.

--Seth