WingNews logo WingNews
top | item 46129999

(no title)

calebio | 3 months ago

It was pretty common to call client-side encryption/SSL "end to end encryption" among network engineers who were analyzing data flowing through their networks[0] as well as those who were implementing SSL/TLS into their applications[1]. The ends were the client and the server and the data was encrypted "end to end". The goal at that time was to prevent MITM snooping/attacks which were highly prevalent at the time.

Papers in academia and the greater industry[2] also referred to it in this way at the time.

Stack Overflow has plenty of examples of folks calling it "end to end encryption" and you can start to see the time period after the Signal protocol and WhatsApp implemented it that the term started to take on a much wider meaning[4]

This also came up a lot in the context of games that rolled out client side encryption for packets on the way to the server. Folks would run MITM applications on their computer to intercept game packets coming out of the client and back from the server. Clever mechanisms were setup for key management and key exchange[3].

[0] as SSL became more common lots of tooling broke at the network level around packet inspection, routing, caching, etc. As well as engineers "having fun" on Friday nights looking at what folks were looking at.

[1] Stack Overflow's security section has references from that era

[2] "Encrypting the internet" (2010) - https://dl.acm.org/doi/10.1145/1851275.1851200

[3] Habbo Hotel's prime and generator being hidden in one of the dynamic images fetched from the server as well as their DH mechanism comes to mind.

[4] Jabber/XMPP however used E2EE in the more modern sense around that time as they were exploring going beyond TLS and having true E2EE.

discuss

order

Sophira|3 months ago

At least in some circles, the real meaning of "end-to-end encryption" was being addressed. For example, in the field of credit card processing, here's an article from 2009 which talks about how people back then were misusing the term: https://web.archive.org/web/20090927092231/http://informatio...

Granted, it's a marketing piece trying to sell a product, but still.

g-b-r|3 months ago

I wasn't a network engineer, but to my recollection "end-to-end encryption" was only used occasionally, probably by people not too knowledgeable in cryptography

calebio|3 months ago

Well respectfully your recollection is missing lots of references by people that were "knowledgeable in cryptography".

You can easily find these references in the literature, often comparing link encryption with end-to-end encryption. Some of the earliest papers outlining the plans for SSL in the 90s (Analysis of the SSL 3.0 Protocol) are based on this exact foundation from the 80s (End-To-End Arguments in System Design).

Hell, you can even go back to 1978 and see MITRE discussing this exact thing in "Limitations of end-to-end encryption in secure computer networks".