fair point about the term CDN, some cdn’s serve off of their own domain, like the ones that common web scripting libraries use or many webfonts use. some serve your content off of a subdomain of your domain to eliminate connection blocking under http 1 and 1.1 Indeed neither of those need to perform mitm ssl “situations”.
with the rise of https prevalence, came http 2.0 which doesn’t have connection blocking. at this same time the most popular CDNs for sites all became “seamless” automatic style cdn’s where they sit in front of your site and server and pull and cache all resources that aren’t dynamic across geographic distributions, as well as provide other things like web application firewalls and ddos prevention, etc. these beasts, of which cloudflare is one, are the mitm cdns that break a good portions of the internet’s ssl in principle, in order for them to work.
are they good or are they bad? both.
