From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Fwd: Update-Accelerator 3.0 Date: Wed, 06 Mar 2013 23:03:40 +0100 Message-ID: <1362607420.1828.3.camel@hughes.tremer.info> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6636345079469009963==" List-Id: --===============6636345079469009963== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, 2013-03-06 at 21:02 +0100, Jan Behrens wrote: > okay dynamic is not always really dynamic. Youtube-Videos are also > dynamic content to squid. > So is everything with ? in the URL threaded as dynamic in squid. That's a bad decision if that is true, because having a query term does not necessarily make content dynamic. There are things like the Expires: and Pragma: headers in HTTP to control what has to be cached and for how long. > well it would be possible to cache HTTPS - Content with > "Man-in-the-Middle" Squid. > The client will make a HTTPS-connection to squid and squid will make > it's connection to the original destination server. At this point > squid can serve and save content. Not with me. This heavily violates the concept of secure communication. In my opinion, I cannot trust the proxy to correctly verify the server's certificate for example. This is only one among a whole bunch of security issues. -Michael --===============6636345079469009963==--