Re: #466 segment compression

On 1 May 2014 15:01,  <K.Morgan@iaea.org> wrote:
> TLS is end-to-end

Your argument assumes the existence of only one pair of ends.  If you
look at the sorts of large deployments the likes of what Roberto might
have worked on in the past, there are multiple hops, but all of those
hops are encrypted.  The same is true of all the "trusted proxy"
scenarios (though I'll note that this requires a very expansive
definition of "trusted").  These concerns are very real for those
scenarios.  When looking at this holistically, there are cases where
data hits multiple TLS-protected hops.

Received on Thursday, 1 May 2014 22:40:21 UTC