(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


A Short Thread on peoples’ understanding of “End-to-End Encryption”

2023-05-10 05:31:12+00:00

Hi Colm! I can't remember seeing—at any time in my experience of end-to-end encryption since 1991—anyone using the term do describe the "hop-at-a-time" process that you describe below.



So, in a short thread? I'll attach a few resources to help everyone.https://t.co/d95lVa0LXq — Alec Muffett (@AlecMuffett) May 10, 2023

Unrolled

Hi Colm! I can't remember seeing—at any time in my experience of end-to-end encryption since 1991—anyone using the term do describe the "hop-at-a-time" process that you describe below.

So, in a short thread? I'll attach a few resources to help everyone.

The phrase "end to end encryption" has come to be used in two exactly opposite and contradictory ways! Sometimes people mean "Every hop in this system is encrypted, end to end" and sometimes it's "The hops don't matter, security is between the two outermost endpoints". — Colm MacCárthaigh (@colmmacc) May 9, 2023

Firstly, heres my video on the Duck Test for End-to-End Secure Messaging

Secondly, my primer on the same topic — riffing on the same draft RFC which is gradually being rewritter:

https://alecmuffett.com/alecm/e2e-primer/

Third, Privacy International's white paper on the same topic, partially influenced by my primer:

Fourth, a separate effort from a team who are attempting to build a comprehensive, top-down definition of E2EE:

https://datatracker.ietf.org/doc/draft-knodel-e2ee-definition/

It's fair to say that I don't remember the term being used as-such before ~2010; and here's an article from 2009 describing the term as being a goal of PCI, but which *MAY* not meet the definitions above:

https://www.computerworld.com/article/2527326/end-to-end-encryption–the-pci-security-holy-grail.html

My thinking is that between 1990 and 2010 we were all far too wrapped up with calling it "encryption" because that's what all the Governments were trying to prevent back then.

It's a mistake that we've now realised.

https://alecmuffett.com/alecm/e2e-primer/e2e-primer-print.html#why-everyone-should-stop-talking-about-end-to-end-encryption

In any case, if there are examples in modern and common usage of the description you pitch above, I would be interested to see them?

Because such a definition does not meet the commonsense definition that:

"There are ends. They should be respected."

Originally tweeted by Alec Muffett (@AlecMuffett) on 2023/05/10.
[END]

[1] URL: https://alecmuffett.com/article/64397
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.