I understand that in a system with clients and servers having encrypted communications between the server and the clients is not enough to have end-to-end encryption.
Even then I find it strange to cobsider TLS not end-to-end, the whole gist of TLS is enabling confidential communications between 2 network nodes without any of the intermediate nodes participating in the communication being able to decrypt the data.
Yeah it’s confusing. The implicit assumption in E2EE is that it is taking place on the application layer, while transport encryption happens on the, well, transport layer, or somewhere in between. I think the authors in the linked document mentioned chat communications between users which is definitely application layer.
Yeah, who needs TLS anyways?
TLS is not typically considered end-to-end encryption. It’s transport encryption.
I understand that in a system with clients and servers having encrypted communications between the server and the clients is not enough to have end-to-end encryption.
Even then I find it strange to cobsider TLS not end-to-end, the whole gist of TLS is enabling confidential communications between 2 network nodes without any of the intermediate nodes participating in the communication being able to decrypt the data.
Yeah it’s confusing. The implicit assumption in E2EE is that it is taking place on the application layer, while transport encryption happens on the, well, transport layer, or somewhere in between. I think the authors in the linked document mentioned chat communications between users which is definitely application layer.