1426618 - Add an option to block corporated MiTM attack such as Cloudflare

Status: RESOLVED WONTFIX

(Core :: Security: PSM, enhancement)

Description

[u608644]

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20171206182557

Steps to reproduce:

Open any HTTPS website which use Cloudflare


Actual results:

The green padlock appear on the location bar. It shows "Secure connection".


Expected results:

The browser must warn the user because of MiTM attack.
"Technical Details"(click padlock > ">" > "More information") is showing below message, but it's hardly correct.

"It is therefore unlikely that anyone read this page"

There's a discussion on Firefox Klar github.
https://github.com/mozilla-mobile/focus-android/issues/1743
And
https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler]]

This wouldn't be appropriate for the general population of Firefox users. Those who wish to block cloudflare can use the add-on.

Comment 2

[u608644]

(In reply to David Keeler [:keeler] (use needinfo) from comment #1)
> This wouldn't be appropriate for the general population of Firefox users.

Are you saying detecting and notifying MITM attack is not browser's responsibility?
If you don't care about connection security, why did you decided to mark HTTP:// as insecure in FF 59?

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Cloudflare is essentially a cdn. Characterizing it as a MITM is disingenuous.

Comment 4

[temtem]

(In reply to David Keeler [:keeler] (use needinfo) from comment #3)
> Cloudflare is essentially a cdn. Characterizing it as a MITM is disingenuous.

From your comment, you obviously don't know what Cloudflare really does. Read https://trac.torproject.org/projects/tor/ticket/24351. And reopen this bug. Yes, this is a demand, because it is your responsibility to protect your users from security threats like this. It seems like being nice and using "please" doesn't work for Mozilla anymore.

Comment 5

[u608644]

(In reply to David Keeler [:keeler] (use needinfo) from comment #3)
> Cloudflare is essentially a cdn. Characterizing it as a MITM is disingenuous.

I assume you didn't all information I provided on this issue. This makes me sad.

Would you kindly explain to me, all, in detail,

1) Why do you think "This wouldn't be appropriate for the general population of Firefox users".

2) And why do you think your decision, just closing this ticket, is an appropriate answer for this issue.

3) What do you think about Mozilla Manifesto #4("Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.").

4) And why do you think NOT detecting MITM attack is a good thing for individual's security and privacy.

5) Why do you think Cloudflare is not a MITM point, in technical way.

6) Why do you think Cloudflare is a 100% CDN and not a reverse cache proxy.

7) Why do you still think this ticket is inappropriate for bugzilla.

8) What do you think about MITM attack in Firefox.


I would like to read how you respond to all of these questions.

If it's enough argument to convince me or other security researcher that CF is _absolutely_
not MITM point, then you can close this ticket. If not, I think you should do - reopen.

Comment 6

[u608644]

Hey David Keeler, why did you hide my comment? You still didn't answer my questions.

Comment 7

[Mike Hoye [:mhoye]]

An endpoint-sanctioned CDN cannot reasonably be considered a MITM attack, condescension towards our engineers and their decision-making process is not an acceptable use of Bugzilla, and this bug will stay closed as is.

If you disagree with this decision feel free to email me directly. 

Thank you.