Service API: TLS related issues

	A	B	C	D	E	F	G
1	Issue #			Description		References	Comments

2	49		Better modeling of a "virtual host" kind/feature	structure of API resources
3	95		TLS: Align APIs with Personas #95	structure of API resources
4	103		Allow creation of domain names and TLS information without interacting with cluster operator #103	structure of API resources
5	102		Allow delegation of parts of a HTTP domain name's request space #102	structure of API resources	Delegation/Inclusion
6			TLS: expose an application over HTTPS	feature; must be able to specify HTTPS application	self-service for TLS for developer
7	90		Address SNI binding and bypass for TLS listeners kind/feature	feature; pin certificates to SNI name
8
9			Insecure Connection Policy kind/feature kind/user-story	feature; upstream connection TLS
10	124		TLS: Add Support for Gateway Reencryption #124	feature; upstream connection TLS		dupe of 52
11	52		TLS Termination Policy #52	feature; termination and upstream
12	91		TLS: require client certificate verification for an application #91	client certification validation (mTLS)
13	92		TLS: require specific TLS version or other configuration for an application #92	TLS protocol properties	TLS version, ciphersuite
14
15	94	x	TLS: accept a TLS session and forward to a TCP endpoint #94	TLS proxy	duplicate?	see #96, #123
16
17			Spec requirements on certificate secrets kind/feature	feature; properties of secrets
18	105	x	TLS: Store TLS cert-key secrets in a dedicated namespaces #105	Protecting secrets via namespaces
19
20			TLS: enforce validation policy for an application kind/feature kind/user-story	Policy over specifics of TLS configuration; valid TLS configuration		see #92	maybe out of scope; use OPA gateway?
21
22	114		Pluggable access control #114	Enable plugging of custom access control to termination	This might be just for custom extension for now