Thanks for the update! It's an interesting tradeoff to potentially let a third party decrypt the incoming traffic to get less to maintain yourselves, but of course much better to build your own solution and keep full control. Especially for a critical service.

It would be interesting to learn about first-party #DDoS mitigation techniques that could be used in other projects where #E2EE is essential. However, I suspect the implementation details used for Tuta can't be shared publicly.