Unrolled
Hi Colm! I can't remember seeing—at any time in my experience of end-to-end encryption since 1991—anyone using the term do describe the "hop-at-a-time" process that you describe below.
So, in a short thread? I'll attach a few resources to help everyone.
Firstly, heres my video on the Duck Test for End-to-End Secure Messaging
Secondly, my primer on the same topic — riffing on the same draft RFC which is gradually being rewritter:
https://alecmuffett.com/alecm/e2e-primer/
Third, Privacy International's white paper on the same topic, partially influenced by my primer:
Fourth, a separate effort from a team who are attempting to build a comprehensive, top-down definition of E2EE:
https://datatracker.ietf.org/doc/draft-knodel-e2ee-definition/
It's fair to say that I don't remember the term being used as-such before ~2010; and here's an article from 2009 describing the term as being a goal of PCI, but which *MAY* not meet the definitions above:
https://www.computerworld.com/article/2527326/end-to-end-encryption–the-pci-security-holy-grail.html
My thinking is that between 1990 and 2010 we were all far too wrapped up with calling it "encryption" because that's what all the Governments were trying to prevent back then.
It's a mistake that we've now realised.
In any case, if there are examples in modern and common usage of the description you pitch above, I would be interested to see them?
Because such a definition does not meet the commonsense definition that:
"There are ends. They should be respected."
Originally tweeted by Alec Muffett (@AlecMuffett) on 2023/05/10.
Leave a Reply