CloudFlare has released a new feature - Universal DNSSEC. For those unaware DNSSEC is an attempt to add a layer of trust to the Domain Name System, or DNS, by creating a chain of trust between the root domain and the TLD (Top Level Domain). This comes a few weeks removed from the open beta in which they claimed to have protected 150 million people and 21 billion web requests. How does the community feel about such an aggressive push for DNSSEC?
(Score: 0) by Anonymous Coward on Sunday November 15 2015, @06:12AM
I don't trust cloudflare because they now apparently hijack HTTPS and DNSSEC.
Ostensibly they have permisssion, but how am I as the average visitor supposed to know that?
(Score: 1, Insightful) by Anonymous Coward on Sunday November 15 2015, @06:42AM
What the hell are you talking about?
(Score: 0) by Anonymous Coward on Sunday November 15 2015, @06:54AM
Cloudflare works by doing a classic MITM attack on the "protected" website. The averge visitor has no way of knowing if cloudflare is really authorized to intercept the connection.
Amoung other things, the website stops working if you have JS disabled.
(Score: 1, Informative) by Anonymous Coward on Sunday November 15 2015, @07:00AM
OK, finally read TFA.
I looks like the DNSSEC initiative actually addresses my concerns by going through a third party (the registrar).
Sorry for assuming silly things.
(Score: 0) by Anonymous Coward on Monday November 16 2015, @04:51AM
Among other things, the "protected" web site and the Clownflare site stop working if you have referer blocked. Because only an EEeeeevil hacker would not want to be tracked by random third parties.