Great work Christopher. I enjoyed reading it.

Wouldn't it be the case that in some scenarios, you would terminate the TLS at the customer-facing load balancer, and then use another set of certificates to encrypt the traffic from the load balancer to your app? I guess in that scenario you would have encryption end to end, and you will be safe if there was going to be internal hiccups.