Comment by encom
1 day ago
Hyperbole is my middle name, but I just find it repulsive that CloudFlare breaks the chain of trust, and somehow everybody is just okay with that. I'm not saying it makes HTTPS pointless, but we've moved from end-to-end encryption to trust-me-bro. Is CloudFlare malicious? Probably not - at least not right now. But I think my browser should warn me that my connection is not E2E secure, because it's not.
All cloud services are in a similar position; they hold the private TLS keys and could reveal them in response to legal process, allowing active MITM (perfect forward secrecy prevents passive data theft without more intrusive realtime access to VM RAM).
Only a very specific configuration of "Confidential Computing" (based on AMD SEV or Intel TDX) where boot attestation is checked remotely before private keys are sent from an on-premise store (or a fully trusted hosted HSM) to the remote VM could prevent a cloud provider from intercepting private key material, and only then as far as boot attestation and SEV/TDX is trusted.
The one advantage for the little guy is that Cloudflare is a single surface attack vector.
If it comes to light they've been doing something actionable with your data, you have a target for revenge. (As in a lawsuit, not violence)