Comment by gruez
8 months ago
>And then I realized that I had to hand them over my DNS? Uhh, no. It could have been "set nameserver to ours in your DNS console".
>And also there was the recent SSL spoofing they're doing even with DNS with no hosted websites. And they charge money to send a revocation.
What's your threat model here? That cloudflare will go rogue and... MITM your users? Can't they do that even if they're not in charge of your DNS? Even if you point an A record to them, that's enough to get a certificate via an ACME http-01 challenge[1].
[1] https://letsencrypt.org/docs/challenge-types/#http-01-challe...
No comments yet
Contribute on Hacker News ↗