Re: Mandatory encryption

On Thu, Jul 19, 2012 at 10:17:39AM +0000, Anil Sharma wrote:
> When the request is sent in clear text, the proxy modifies it to force
> "safesearch=on" in the requests so that Google refrains from returning
> -----------------------------> Why can't TLS proxy do it ( anyways I thought
> the browser or the user decides it but even if lets its company policy and
> proxy does it for all the request)   Just trying to understand......

It would require deciphering the stream, sending a fake certificate
pretending to be the real server. Some proxies do this right now, this
is one of the ugly tricks we're seeing more and more and that a number
of people want to see disappear in favor of a user choice of letting
the proxy analyze the contents (the principle of the GET https://). Also
if you've read this thread, having a proxy tamper your request in HTTPS
without you being aware of it is quite contrary to the directions being
taken :-)


Received on Thursday, 19 July 2012 10:23:33 UTC