Comment by calebio

Comment by calebio 7 hours ago

4 replies

View on Hacker News

> No, before that it was simply not a term, except in some obscure radio protocol

> no one really used the E2EE term before it got the current meaning

It most certainly was a term and no it wasn't simply limited to "some obscure radio protocol".

1994: https://ieeexplore.ieee.org/abstract/document/363791

1984: https://dl.acm.org/doi/pdf/10.1145/357401.357402

1978: https://apps.dtic.mil/sti/tr/pdf/ADA059221.pdf

> Some homemade encryption added on top of TLS is very unlikely to increase the security of the system

"Some homemade encryption" is not what I was suggesting at all. E.g. encrypted-at-the-source (client side) AWS files are still sent over TLS as an encrypted blob within an encrypted blob but remain encrypted past the TLS boundary.

g-b-r 3 hours ago

> "Some homemade encryption" is not what I was suggesting at all. E.g. encrypted-at-the-source (client side) AWS files are still sent over TLS as an encrypted blob within an encrypted blob but remain encrypted past the TLS boundary.

They need to analyse the data; adding layers of encryption, thus, could only improve security if the keys for the inner encryptions are better protected than the server's TLS private key.

Which would honestly, actually, likely to be the case, but it would probably be a modest improvement

Reply View 0 replies
g-b-r 3 hours ago

The 1994 paper (freely available at https://digital.library.unt.edu/ark:/67531/metadc1341727/m2/...) is actually about proper E2EE.

I addressed the other two at https://news.ycombinator.com/item?id=46132220 .

You did show that the term was already used, but in the current meaning

Reply View 2 replies
  • calebio 2 hours ago

    > The 1994 paper (freely available at https://digital.library.unt.edu/ark:/67531/metadc1341727/m2/...) is actually about proper E2EE.

    That paper is about PKI-based session setup for End-End which is the ancestor of SSL/TLS. It even mentions a CAE which is effectively a CA and it does a synchronous handshake to establish a symmetric key. It's very clearly about transport layer security from end to end.

    It's not about User-User E2EE (akin to Signal) and shares very little other than that data is encrypted from point A to point B.

    Reply View 1 reply
    • g-b-r an hour ago

      To be clear, SSL/TLS and other transport protocols can absolutely be considered end-to-end encryption, if they're established between the two real interlocutors.

      Otherwise, you have two instances of encryption with decryption in the middle; that can't logically be called end-to-end encryption, I never heard it called so, and hopefully it never was.

      Reply View 0 replies