

Patching the Internet - jgrahamc
http://blog.jgc.org/2012/05/patching-internet.html

======
lmm
The other side of this is that the attack surface /on CloudFlare itself/ is
absolutely enormous. Think about it: they're talking about allowing people to
write their own plugins that will have to cope with arbitrary web traffic. An
attacker trying to compromise CloudFlare could easily control both ends of the
connection going through them. And if you did "own" CloudFlare you could do
massive damage.

~~~
jgrahamc
That's not what our developer program is offering. We won't take arbitrary
code and execute it on the TCP streams that go through us. We're offering the
ability to write JavaScript apps that can be inserted into pages just as we do
today for things like web analytics with some CloudFlare specific additions.

------
sp332
I posted this to the blog comments, but it's under moderation so it might not
show up for a while:

An "Edit" button. You can change the content of a page and save your changes
for later visits. Optionally: a history of your edits to a page, or a way to
share your changes, or see that other people have edited the page, or
"subscribe" to changes from certain users. Like turning the web into your
private wiki.

------
mattmanser
Or as the privacy cynic might put it:

An American company can now snoop into https, see all the data and insert
random javascript whenever they want? And they can do it for an ever growing
segment of the web?

Great. Just great.

I loved the idea of CloudFlare, now not so much. Or am I massively
misunderstanding what they are capable of doing?

EDIT: This went further than I meant it to. I think CloudFlare is great. I'm
just not sure you should run your SSL stuff through it, this article made me
realise how they actually handle SSL.

~~~
sp332
You do realize that the site owner has to set all this up ahead of time,
right? Any caching proxy could do the same.

~~~
jgrahamc
Certainly true that any proxy at all (even the transparent ones that are often
used by ISPs, corporations and mobile providers) can inspect and modify
traffic.

In addition, if we started doing any of the nasty things the parent suggests
(inserting random JavaScript of our choosing or spying on the traffic passing
through our network) we'd be out of business. Our entire business rests on the
web site owners trusting us with their traffic. That means not doing bad
things.

As our CEO likes to say: it takes 5 minutes to sign up for CloudFlare and just
2 to leave.

~~~
mattmanser
Have I fundamentally misunderstood SSL?

How can an ISP or mobile install a new certificate onto your computer? I know
how companies do it as they send their IT bud round to do it. Or is SSL far
less secure than I thought? Totally exposed to MITM attacks?

The SSL decryption is happening all in one massive centralized place. Running
through one legal company. Completely under American jurisdiction. The server
doesn't have the SSL certificate, CloudFlare does:

[http://blog.cloudflare.com/easiest-ssl-ever-now-included-
aut...](http://blog.cloudflare.com/easiest-ssl-ever-now-included-
automatically-w)

I'm more than willing to admit being wrong. But I don't see how CloudFlare
being able to inspect all SSL traffic between two parties is anything like
ISPs and mobile providers having proxies.

And worse the consumer has no reasonable expectation that a third party is
even involved. Will all EU startups need to start putting disclaimer clauses
in?

I'm not suggest your CEO want's to become the new go to guy for FBI wire
tapping, I'm just saying he could be forced to and given the current climate
in America it's a bit worrying that everyone's going to CloudFlare if this is
the case.

It just seems, well, all a little dangerous. Imagine someone hacking
CloudFlare. Wow, they're really becoming a very high value target.

