Hi all,
Working on an HTTP 2.0 implementation here, so I have indeed read the whole spec (and I hate the header compression protocol, even if I agree it is needed...).
The Trusted Proxy is designed for insecure networks where the user tries to use HTTP2.0 in clear text, there is no mechanism whatsoever to fake end to end encryption with the trusted mechanism.
Of course, the real user facing decision is not really at the spec level, but at the browser UI level, a browser SHOULD NOT ever show a "secure" icon when using a trusted proxy to encrypt the HTTP 2.0 Session, trusted proxies are from the point of view of security an effort to provide "wired equivalent privacy" at the protocol level on highly untrusted networks (public wifi mostly).
I am pretty sure that nobody in his right mind will implement clear text HTTP 2.0 on public networks and I do not expect this Trusted Proxy to not be really used.
To be honest, the people the most enclined to push this spec and implement Trusted Proxies are mobile ISP and corporate networks (the whole "proxy everything" mentality is about corporate networks security and bandwidth optimisations), and for most people, mobile ISP and corporate networks can allready inject their own Certificate Root Authority in bundled handsets and do the full MITM attack without ever touching HTTP 2.0...
You should talk to browser vendors about what they expect to implement for user facing GUI when there is a "Trusted Proxy" in the loop, my expectations are "nothing, for us it is clear text".