>(and is what most people have in mind when they say "MITM" anyway)
Forward proxying isn't what I have in mind when I think MITM. Forward proxying means changing your browser settings to format the request in a new way and intentionally send it to a proxy which will then forward it to the destination. MITM means the browser attempts to send it to the destination without any formatting change, but a MITM inserts itself in the middle through some mechanism (modifying DNS, modifying IP routing).
The context is TLS decryption in enterprise network security. People using MITM here are talking about proxying in a broad sense (the sense tialaramex used), not browser settings. "Forward proxy" is just the name of the setting in the firewall I linked.
I think what I said also holds generally, though, e.g. "MITM" is a standard way of describing tools like mitmproxy and Fiddler. These tools of course proxy connections, which is how they're able to work with forward secrecy.
Anyway, the actual point of my reply was the "Inbound inspection"[1] decryption option. This option is classic MITM and relevant specifically for the internal traffic use cases mcny linked to. There's still proxying for TLS 1.3, but the client can't tell.
Huh, interesting, I hadn't heard the term forward proxy used to refer to that before. I think that's kind of confusing to reuse forward proxy to mean something different. There's already a term for what the document is doing: MITM. I don't see why they need to additionally use the term forward proxy to describe it when forward proxy is also used to describe something else.
Yeah, you're right about mitmproxy and Fiddler. They MITM the inner connection, while also acting as a proxy. The browser thinks it's simply proxying its connection to the destination through Fiddler, and doesn't realize that in addition to acting as a proxy, Fiddler is also acting as a MITM. So Fiddler is a proxy at the outer layer and a MITM of the inner layer.
Interesting, Palo Alto networks has 3 features:
1. Forward proxy
2. Inbound inspection without PFS algorithms
3. Inbound inspection with PFS algorithms
The way I would describe those is
1. Active MITM that generates new server HTTPS certs+keys from a trusted root
2. Passive MTIM that uses the genuine server HTTPS private key
3. Active MITM that uses the genuine server HTTPS private key
All 3 of those cases are both a network MITM and a TLS MITM. As opposed to Fiddler which is a TLS MITM but not a network MITM (the browser intentionally sent traffic to Fiddler).
Forward proxying isn't what I have in mind when I think MITM. Forward proxying means changing your browser settings to format the request in a new way and intentionally send it to a proxy which will then forward it to the destination. MITM means the browser attempts to send it to the destination without any formatting change, but a MITM inserts itself in the middle through some mechanism (modifying DNS, modifying IP routing).