Suggested that detecting certain headers to flag "man in the middle attacks" is not a serious claim either.
This bug report should be closed as wontfix, and should not hold up a transition from unstable to testing.
Jeremy
TLS guarantees you have established a secure connection to the host name
you requested, nothing else. If a host name resolves to cloudflare's
servers, that's the domain owner's decision. Almost every production
deployment involves reverse proxies at one point or another (terminating
TLS in the application server is exceedingly rare), so "end to end
encryption" is definitely not the promise.
- Bug#885989: chromium: MitM-ed TLS sites are bei... TemTem
- Bug#885989: chromium: MitM-ed TLS sites ar... TemTem
- Bug#885989: Downgrade the severity of this... Jeremy Lainé
- Bug#885989: chromium: MitM-ed TLS sites ar... Bob Proulx
- Processed: Re: Bug#885989: chromium: M... Debian Bug Tracking System
