A CDN could be looked at as a site's "very distributed" data center. At what point in a service's design does our traffic become clear-text and therefore vulnerable? At the CDN? Server? Process/bus? Internal network? Databases? 3rd-party outsourcing? Humans? AI?
Unless we have protocols that control all that as well, policies and intent aside, we trust the site at some point to manage the data securely -- we know that our government has been twisting the screws (the public's fault for not electing less corrupt leaders). I think John's goal was to throw HTTPS Everywhere under the bus for his own promotion. Making points at the expense of positive efforts. Pissing in the coffee. On Fri, Dec 5, 2014 at 5:44 AM, Maxim Nazarenko <[email protected]> wrote: > Hello, > > I am no security expert, but I fail to see to how encrypting traffic > between one's browser and CDN servers could possible decrease > security. >
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
