Re: [squid-users] Transparent Proxy - Windows Update - 0x80072F8F

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 12 Jun 2009 04:07:54 +1200

Steven.Glogger_at_swisscom.com wrote:
> hi amos
>
>> Welcome to the world of security protection against man-in-middle
>> attacks (the correct name for 'transparent' interception proxy
>> mode).
>>
>> Windows Update requires a HTTPS authentication request to succeed
>> before it will update. The authenticator unconditionally verifies
>> the security certificates as all good browsers and web clients
>> should also be doing.
>>
>> ... catch my drift?
>
> yes, but normally some message is popping up to the customer saying:
> yeah dude, there's a certificate but it's wrong. you want me to do

Well, what would you expect a master-privilege background service with
zero user input access to do?

> something? but i see, i have to 'bypass' microsoft updates on the
> firewall instead of forwarding it the to proxy.... thats a hack, and
> i dont like hacks.. ,-(
>
> -steven

The biggest hack of all is the transparent proxy itself. :)

Followed closely by the 'okay' button which disables security in the web
browser every time the users click it and pass you their secure data.

Oh well, your choice, your problems.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Received on Thu Jun 11 2009 - 16:08:03 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 11 2009 - 12:00:03 MDT