[Pkg-chromium-maint] Bug#885989: Downgrade the severity of this bug, or close it
jeremy.laine at m4x.org
Sat Jan 6 13:27:01 UTC 2018
TLS guarantees you have established a secure connection to the host name
you requested, nothing else. If a host name resolves to cloudflare's
servers, that's the domain owner's decision. Almost every production
deployment involves reverse proxies at one point or another (terminating
TLS in the application server is exceedingly rare), so "end to end
encryption" is definitely not the promise.
Suggested that detecting certain headers to flag "man in the middle
attacks" is not a serious claim either.
This bug report should be closed as wontfix, and should not hold up a
transition from unstable to testing.
More information about the Pkg-chromium-maint