It would be nice to have a test asserting that a proxy with identity enabled will refuse inbound connections when its identity has yet to be certified.
We can probably accomplish this pretty easily with the identity test infrastructure added in linkerd/linkerd2-proxy#227