On Mon, Sep 12, 2016 at 6:42 AM, Peter Kurrasch <fhw...@gmail.com> wrote: > I was thinking of more the server (cloud) side of things. I'm not familiar > enough with Cloudflare's service, but I imagine that if I have a server set > up I will also have access to my private key. If so, I now have access to the > private key of the other domains. Perhaps there are protections set up?
CloudFlare doesn't offer server hosting. They are a content delivery service which basically is a massive reverse proxy. The private key is never exposed to the customer. The TLS connection is from client to proxy and then a separate connection is made from proxy to backend/origin. So the key listed here, while for a number of different customers, really represents a group of hosts behind a shared reverse proxy. Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
