I’ve been reading this about Cloudflare and realized they require any site using their services to install their certificate to then proceed to fully sniff and analyze, and sometimes even modify https traffic. This is something I didn’t realize before. Here are the relevant screenshots:
IMO it is. Is it not a solution which prevents everybody but the client’s browser and the web-server from taking part in the communication? Why?
On top of HTTP? Nice. Is there a RFC or a framework which implements such a solution?