OpenZiti vs BoringProxy has some similarities for sure. The simplest OpenZiti deployment is similar to a boring proxy deployment. The main differences will be that the listening ports "on the network" are going to be from the OpenZiti edge-router which will authenticate before allowing any connection using a strong x509 identity (not a token) and then after that the same identity can be authorized to access one or more services. That's one killer difference to me. There are lots of other things OpenZiti is doing that boringproxy isn't trying to as well. I filed an issue to do a comparison to that some day https://github.com/openziti/ziti-doc/issues/176 thanks for the idea! :)

Boringproxy doesn't seem to me to purport to be a mesh network. OpenZiti is a mesh network (a zero trust mesh network). That means that all the components use mutual TLS (mTLS) to connect to one another. Each node has its own identity as well. We'll write it up soon, hopefully.

Thanks for the interest, I was terse here but I'd be happy to answer other questions if you have any.

-- EDIT: -- I totally forgot that OpenZiti is very different insofar as it's trying to get those zero trust principles into applications themselves. That means there's a bunch of SDKs you can use to embed into "your own" applications. I can't leave that out of any comparison - even if the comparison is terse!!! :)