logoalt Hacker News

indigo945yesterday at 3:50 PM2 repliesview on HN

    > It'll still terminate TLS at the servers, though. It's not mTLS all the way 
    > through to the endpoint.
That was the entire point, though. If NetFoundry Frontdoor can see the traffic (because it gets terminated on their servers, mTLS or not), then it's not end-to-end encrypted as the parent commenter claimed.

Replies

gormamiyesterday at 8:24 PM

I think the issue is zrok vs. NetFoundry/OpenZiti. Zrok is the easy button to project a public endpoint from inside a network. It is not encrypted all the way through, as it is a proxy solution. NetFoundry/OpenZiti provides methods to provide tunnels all the way through. NetFoundry is a company, OpenZiti is a FOSS project/technology sponsored by NetFoundry, and zrok is a product of NetFoundry built on OpenZiti tech, so it is easy to cross things up. I think the comment was in regard to NetFoundry/OpenZiti, while your response referenced zrok. The list above has both.

gz5yesterday at 8:11 PM

i should have been more clear - you have the option:

+ e2ee via netfoundry's zero trust products

+ non-e2ee via netfoundry frontdoor