What other CDN makes it easy to use plaintext between the CDN and origin, yet use a secure connection between the CDN and the end user, and has the nerve to market this as a feature called "Flexible SSL"?
Edit: I wasn't very clear. GP is wrong saying MITM is "wrong" for its own sake. I think Cloudflare is harmful for other reasons though.
That does seem to be an accurate name, it is a feature that's offered and up to the site operator to enable, and yes it's unfortunate that it potentially gives a false sense of security to end users. However in almost every case, it's still better than both sides of the connection being unsecured.
I'm not sure what this has to do with all CDNs being MITM operators when caching secure content.
At the very least, Cloudflare should do a better job of discouraging use of Flexible SSL. People that opt in to Flexible SSL should know what they are doing.
Yes. I should have been more clear that Flexible SSL has nothing to do with the incident, it's just another sign that Cloudflare is dangerous to the web.
"Full SSL" in this case just means that the traffic is always encrypted on the network, Cloudflare still has to decrypt it locally to do what a CDN does.
The benefit of CDNs is increasingly questionable, but you can still realize them by managing it yourself. What I'm saying is to never use a third-party network that subverts your own security. I would try harder to nail that point in, but I don't think Cloudflare's coffin has room for any more.
Questionable? There is no shortcut for the speed of light, regardless of how optimized the HTTP and TLS protocol gets. Building your own CDN is no easy feat if you want the performance, security, scale and reliability that you get from a focused vendor.
Everything on the internet is a product of thousands of vendors, hardware equipment and software components working together. There are millions of factors that can and may be compromised so the only realistic approach is risk management.
It's far better to rely on a well funded, staffed and capable vendor rather than building your own version. This is solid advice for everything outside of the expertise of your business so I'm not sure why a CDN is anything different. Assess the risk and do what works for you.
Cloudflare is not a shortcut for the speed of light in this case. You load static assets/video streams/whatever from CDNs. Things that contain sensitive content like account pages, messages, etc should go directly to the server since that is exactly what cloudflare will do as well.
CDNs still provide a better experience by having faster open connections to the origin, local TLS termination, security/DDOS/WAF protections, and more.
