Comment by g-b-r

Comment by g-b-r 2 hours ago

0 replies

View on Hacker News

> I'll take the hit on the loose phrasing regarding the SSL paper "outlining plans". That was a poor description of mine of an analysis paper and wasn't a good example of the point I was trying to make

I don't understand why you cited it at all; I didn't read it carefully, but I didn't find anything relevant to the discussion.

---

RFC4949 might indeed support your point; it says intended final destination, though: while SSL is listed among the examples, does that include the "SSL-server-SSL" of a non-E2EE messaging system?

I think there's a good chance that it doesn't, in the intentions of the RFC's authors.

---

> This is the exact crux of the disagreement. In classic Client-Server architecture, the Server was the "final destination"

The disagreement is on whether in a user-server-user system, encrypting the two user-server sides was ever considered sufficient to call it an end-to-end encrypted system.

I think it wasn't, and to my recollection, luckily, no one ever tried to call it that.

Keep in mind that it used to be rare both to use any kind of encryption, and to go through an intermediary server for real-time, one-to-one communication.

It's only when centralized messaging systems begun to use SSL that the possibility of confusion arose.

They should just never have called themselves encrypted, in my opinion; encrypting the traffic was sure a big improvement, but I'd only call a messaging system encrypted if no decryption occurs before reaching the recipient

---

> The definition of "End" has simply shifted from the Machine to the User.

The ends are actually machines in the current definition too, it's not like people decrypt stuff by hand ;)

---

You sure proved that E2EE was a term already in use, anyhow (although I don't think too widely)