* In other words, the middlebox serves a cert to the client that is cryptographically valid for the said public name of the client facing server.
The only way that happens is if the middlebox *terminates the TLS connection* In this case it is like my client<>cdn<>origin picture. The middlebox cannot present a certificate and then hand-off a connection to the server. I must not be getting something important to you.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
