Although having read some of the DANE discussions that took place ~1 year ago, being PGP illiterate, a little less about SMTP, certificates, ... i don't understand this: Cryptography (at least "in the beginning") was created for E2E communication, independently of your network's layers or the hops/people it goes through. PK allowed something Caeser (or Dönitz, or other Enigma's users, or...) hadn't: the ability to avoid the 2 E2Es having to meet in order to set new keys. I guess (maybe wrongly) certificates handle something the internet brought, formerly inexistent: the answer to "is this person that sent me her/his public key REALLY the person she/he says to be, with whom i want to talk to?" In other words, some means of trust/signature, once "we can't see" with whom we speak/write. So, can someone point me to some URL/documentation/https://mailarchive.ietf.org/arch/msg/ietf/xyz explaining the point on having keys/cryptography somewhere in between these 2 end points? (And thus i guess i'm saying i don't understand cryptography's point on scenarios other than what i think people have called on these threads "E2E".) Some time ago a friend of mine told me her company changed the old firewall/proxy into zscaler. When the browser presented her new certificates asking her trust, she asked network support why didn't they explain people the implications: often on lunch breaks people use the network for private purposes like going to the bank, f.i. Network support pointed her to corporation network support which said it was that corporation's company own decision. She asked her director, that told her "we'll talk about it in the afternoon", an afternoon ~2 years ago. This makes me wonder whether people that have to take these decisions understand the implications. Most people think "https" means they're talking directly to the other end via a secure channel, know nothing about "man in the middle" or similar concepts. Why give them false confidence on scenarios other than E2E? King Regards, Rui