User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20171206182557 Steps to reproduce: Open any HTTPS website which use Cloudflare Actual results: The green padlock appear on the location bar. It shows "Secure connection". Expected results: The browser must warn the user because of MiTM attack. "Technical Details"(click padlock > ">" > "More information") is showing below message, but it's hardly correct. "It is therefore unlikely that anyone read this page" There's a discussion on Firefox Klar github. https://github.com/mozilla-mobile/focus-android/issues/1743 And https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/
Severity: normal → enhancement
Component: Untriaged → Security: PSM
Product: Firefox → Core
This wouldn't be appropriate for the general population of Firefox users. Those who wish to block cloudflare can use the add-on.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
(In reply to David Keeler [:keeler] (use needinfo) from comment #1) > This wouldn't be appropriate for the general population of Firefox users. Are you saying detecting and notifying MITM attack is not browser's responsibility? If you don't care about connection security, why did you decided to mark HTTP:// as insecure in FF 59?
Cloudflare is essentially a cdn. Characterizing it as a MITM is disingenuous.
Hey David Keeler, why did you hide my comment? You still didn't answer my questions.
An endpoint-sanctioned CDN cannot reasonably be considered a MITM attack, condescension towards our engineers and their decision-making process is not an acceptable use of Bugzilla, and this bug will stay closed as is. If you disagree with this decision feel free to email me directly. Thank you.
You need to log in before you can comment on or make changes to this bug.