Comment Let's generalize that. (Score 1) 238
More generally, CDNs aren't "in-network services" in the same sense as middleboxes and thus aren't hampered by TLS. When properly deployed they don't sit between the page server and the browser, but rather the page server links to CDN URLs for images, scripts, and other referenced content. From that standpoint they are essentially just another farm of web servers specialized for static content.
The "in-network services" TFA talks about can only work because they can freely inspect, collect copies of, transform, redirect, and generally tamper with the data streams without the end user explicitly opting into them. Most of these I have encountered primarily add value for the network owner, and more often than not actually subtract value for the individual user forced to go through them.