I mentioned at the tail of another email, I'd like to see a better out-of-band authentication protocol than ident. Such a protocol would have:
. a single connection from squid over which all identification requests travel. Not one connection per request as with ident.
. two way authentication (psk or certificate)
. encryption (tls)
. full connection description (src ip, src port, dst ip, dst port) so that interception proxy works (ident only exchanges port numbers)
. optional reverse connection (client connects to squid rather than squid connecting to client - only useful for a single proxy server but means no firewall exceptions on the client)
. probably still use port 113 (not that it really matters...)
Does such a thing exist already?
I can easily write a server for Windows, and probably for Linux, and the client side in squid wouldn't be too hard from what I can see.
Thanks
James
Received on Tue Sep 02 2014 - 10:03:02 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 02 2014 - 12:00:04 MDT