>I would say rather that those analyses consider them as protocol endpoints and >address the two individual connections terminated by the proxy and have >nothing to say about the composition of those two connections.
I think that some of those opposed are conflating the general “end to end” argument with what the TLS protocol RFC says, as ekr is saying. Conformance isn’t the issue, really, it’s ickiness. It’s one thing if an enterprise install intermediaries to monitor the outbound traffic on its machines, it’s another if a national-scale attacker does surreptitiously, and it’s various other things along those spectrums. We’d all like a clear bright line to say YES here, NO there, and WELL MAYBE IF YOU MUST over there, but that’s not possible.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
