On 05/30/2017 10:58 PM, Amos Jeffries wrote: > On 26/05/17 22:08, Christos Tsantilas wrote: >> --consensus allows matching a part of the conglomerate when the part's >> subject name is included in certificates used by many other >> conglomerate parts (e.g., matching Google but not Youtube).
> So this ACL option somehow makes Squid aware of corporate ownership and > political structures and human-world business operations? er, no. Actually, the answer to your rhetorical question is "yes", provided those real-world things are expressed in certificate properties, as the proposed description states. This brief high-level description helps admins (with poor TLS knowledge) identify a relevant-to-them feature that they can then study in detail by reading squid.conf.documented and other sources. In general, I am against using real company names in documentation. In this particular case, foo.example.com names cannot quickly illustrate the problem solved by the new --consensus option because the reader would not be able to grasp the complex relationship between conglomerate parts unless they already know about those relationships, identified in reader's mind by familiar company names. @Christos, I recommend replacing the above paragraph with the following text which uses more "technical" words to say the same thing: --consensus identifies transactions with a particular server when server's subject name is also present in certificates used by many other servers (e.g., matching transactions with a particular Google server but not with all Youtube servers). If Amos disagrees, then I would just drop those brief descriptions from the commit message -- their value quickly diminishes with every minute we waste on arguing about them. HTH, Alex. _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
