|
|
|
|
|
|
by cyphar
2878 days ago
|
|
|
CloudFlare can be used purely for DNS -- in which case they are one of the better DNS services because they have an API that almost everyone supports. But you are completely correct that running a CDN (HTTP or HTTPS) requires you to MITM everything. The same complaint applies to Akamai, Level 3, or any other CDN you can name. It definitely is a problem, but not one of CloudFlare's own making. It would be a fair criticism of CloudFlare to say that they've made their defaults tend towards MITM even though it is very likely that most websites don't actually need a CDN -- meaning that they are MITM-ing more traffic than they need to. And they have had pretty bad bugs in the past that revealed large amounts of private data that was sent over TLS but was MITM'd by them[1]. I do agree that CloudFlare being so central to so many large websites is a problem though. I just don't agree that this discounts their use as a purely-DNS service. [1]: https://blog.cloudflare.com/incident-report-on-memory-leak-c... |
|
|