What are you protecting?
So few people seem to understand how TLS (SSL now being consigned to history) works. The Cloudflare diagrams make it all look so easy but they do not highlight the fact that they are MITMing ALL the traffic - because they have to, to check if the requested content (or some of it) is already in the cache.
If you are actually tranferring data then you should not be handing all this data, in plaint text, to a 3rd party as you are breaking the implicit agreement with your users that data has remained encrypted end-to-end. Given that data transfers don’t get any benefit from a CDN, there is a fairly obvious solution but sometimes people really do need the obvious pushed in their face (some over and over).
Only vaguely off topic but anyone know why Google is going to start ranking http lower than https when broadcast-only sites, eg news, have obsolutely no need for encryption (Guardian & Telegraph redirect 443->80)? Especially now that HTTPS has been broken by the spooks and likely soon by all the other ne’er-do-wells...
