Comment by calebio
> The 1994 paper (freely available at https://digital.library.unt.edu/ark:/67531/metadc1341727/m2/...) is actually about proper E2EE.
That paper is about PKI-based session setup for End-End which is the ancestor of SSL/TLS. It even mentions a CAE which is effectively a CA and it does a synchronous handshake to establish a symmetric key. It's very clearly about transport layer security from end to end.
It's not about User-User E2EE (akin to Signal) and shares very little other than that data is encrypted from point A to point B.
To be clear, SSL/TLS and other transport protocols can absolutely be considered end-to-end encryption, if they're established between the two real interlocutors.
Otherwise, you have two instances of encryption with decryption in the middle; that can't logically be called end-to-end encryption, I never heard it called so, and hopefully it never was.