On Thu, 11 Jan 2024 at 12:39, Holger Weiß <holger@zedat.fu-berlin.de> wrote:
* Simon Josefsson <simon@josefsson.org> [2024-01-11 13:10]:
>I believe tls-server-end-point is generally best left unimplemented to
>guide efforts towards supporting the stronger tls-exporter.

One use case I see for tls-server-end-point is that it allows for
supporting channel binding by setups where TLS is terminated by some
reverse proxy, thereby protecting against _some_ but not all attack
vectors that tls-exporter protects against.

I'm pretty sure this was a key reason we picked the approach. If TLS is terminated before the server ever sees it, the server can still be configured to handle tls-server-end-point. 

It's not, of course, really channel binding - it's not binding to the channel itself at all - but it does give some of the protection real channel binding would.

Dave.