As Private Relay appears to be a series of Proxies, how does it handle requests with Client Certificates? It seems the TLS/SSL handshake is made by the egress relay which wouldn't have access to the user certificate. Will users be required to turn Private Relay off, or is it smart enough to just not use it when the server challenges for a client cert or a client cert is presented? Curious what the user experience will be for this situation. Thanks!
As Private Relay appears to be a series of Proxies, how does it handle requests with Client Certificates? It seems the TLS/SSL handshake is made by the egress relay which wouldn't have access to the user certificate.
Client authentication via 2-way TLS will still happen as usual, on the client app, with an identity. There will not be a change there and you should not need to turn off Private Relay off to perform authentication.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com