* Simon Josefsson <simon@josefsson.org> [2024-01-11 13:10]:
>I believe tls-server-end-point is generally best left unimplemented to
>guide efforts towards supporting the stronger tls-exporter.
One use case I see for tls-server-end-point is that it allows for
supporting channel binding by setups where TLS is terminated by some
reverse proxy, thereby protecting against _some_ but not all attack
vectors that tls-exporter protects against.
I'm pretty sure this was a key reason we picked the approach. If TLS is terminated before the server ever sees it, the server can still be configured to handle tls-server-end-point.
It's not, of course, really channel binding - it's not binding to the channel itself at all - but it does give some of the protection real channel binding would.
Dave.