The session key, which is given *carte blanche* by the TLS cert to sign whatever... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

icebraining on July 4, 2020 | parent | context | favorite | on: Where Am I? NYTimes or Google?

The session key, which is given carte blanche by the TLS cert to sign whatever it wants under the domain, is still controlled by Cloudflare.

To put it simply, Cloudflare still controls the content. The proposal here would avoid that, by allowing Cloudflare to transmit only pre-signed content.

Spivak on July 4, 2020 [–]

Your browser would have a secure tunnel to CloudFlare which is encrypted with their key. But then that tunnel would deliver a bundle of resources verified your browser differently that CF doesn’t have the key for.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact