zlacker

[parent] [thread] 8 comments
1. EGreg+(OP)[view] [source] 2023-04-21 18:16:31
The “end” in end-to-end encryption for regular users is never a server.

Servers are online 24/7 listening and can be found and raided and/or hacked by various forces.

Clients are harder to locate. Especially if all you need to authenticate is a public/private keypair you generated.

That is why governments are so frustrated with crypto.

replies(1): >>Karell+h1
2. Karell+h1[view] [source] 2023-04-21 18:22:38
>>EGreg+(OP)
> The “end” in end-to-end encryption for regular users is never a server.

Why not? Are servers not communication endpoints?

replies(3): >>EGreg+E1 >>wrs+G2 >>nomel+dd
◧◩
3. EGreg+E1[view] [source] [discussion] 2023-04-21 18:24:31
>>Karell+h1
For the reason I just told you — they can be compromised much more easily, and are typically run by a party which isn’t fully aligned with your interests and those of the other participants in your conversation.
replies(1): >>boombo+Q3
◧◩
4. wrs+G2[view] [source] [discussion] 2023-04-21 18:30:05
>>Karell+h1
With that definition of “end”, “end-to-end encryption” isn’t different from just plain “encryption”. The significance of the phrase is that you don’t leak anything outside the ultimate ends of the communication, including to servers in the middle.
replies(1): >>JohnFe+xc
◧◩◪
5. boombo+Q3[view] [source] [discussion] 2023-04-21 18:36:00
>>EGreg+E1
So what if I run my own server with a private guestbook. Is https not end to end encryption in that scenario?

I realize your point, that in most circumstances https is not being used as end to end encryption. But it can be, so wouldn't it also be attacked in this war?

replies(1): >>EGreg+Q7
◧◩◪◨
6. EGreg+Q7[view] [source] [discussion] 2023-04-21 18:53:47
>>boombo+Q3
Well, HTTPS with certificate chains without backdoors by a government is already technically illegal in some parts of the world.

But as I said, our definitions need to be useful. If the goal is for individuals to safeguard their conversations from prying eyes, then HTTPS is not the way to do it. Hence the government is likely to start with end to end encryption of the sort I have been emphasizing. With servers, they already have the tools… they can even IMPERSONATE YOU in Australia now and post as you.

◧◩◪
7. JohnFe+xc[view] [source] [discussion] 2023-04-21 19:13:41
>>wrs+G2
> The significance of the phrase is that you don’t leak anything outside the ultimate ends of the communication, including to servers in the middle.

Correct, but when you're viewing a web page (as opposed to using the web for peer-to-peer communications), that webserver is the ultimate end of the communication.

◧◩
8. nomel+dd[view] [source] [discussion] 2023-04-21 19:17:54
>>Karell+h1
I've found our problem. It appears the meaning has (apparently?) changed around 2014. Many search results you can find, including from IBM, and EFF, use the "old" (our) definition.

See: https://en.wikipedia.org/wiki/End-to-end_encryption#Etymolog...

> The term "end-to-end encryption" originally only meant that the communication is never decrypted during its transport from the sender to the receiver.

> ...

> Later, around 2014, the meaning of "end-to-end encryption" started to evolve when WhatsApp encrypted a portion of its network. ...

But, I don't have confidence that the policy makers will make this distinction.

replies(1): >>yarg+hb1
◧◩◪
9. yarg+hb1[view] [source] [discussion] 2023-04-22 01:20:08
>>nomel+dd
So we're expected to use the layman's definition just because the technology became popular?
[go to top]