I recommended to the authors to have a picture with (composite) endpoints,
a network with observer/attackers in between and a key management system and
then to say that any use of end-to-end encryption must define well what is
included in the endpoints.
To pick up on your example:
IMHO web-mail can only provide end-to-end encryption if the web-server is part of
one end-point. Meaning that any of these web-forms where a user communicates
with participants of that end-point (company) can be end-to-end. And if that
end chooses to outsource the web-server to some cloud service, it is still
end-to-end encryption because we have just created a very large and insecure
endpoint, and a quite uninteresting network piece.
Ultimately, in the same way as one can not simply say "foo is trusted" without being
more specific, it is equally useless to say "foo provides end-to-end-security".
The minimun useful statement about end-to-end-security seems to be
"foo provides end-to-end-security between <endpoint1> and <endpoint2>", with sufficiently
good description of the two endpoints or use of well enough established terms for either.
Cheers
Toerless
On Wed, Oct 12, 2022 at 05:58:25PM -0400, John Levine wrote:
> [[ sigh, unhelpful text editor ]]
>
> It appears that John Levine <johnl@xxxxxxxxx> said:
> >It appears that Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> said:
> >>Hi,
> >>
> >>I assume this draft has been discussed widely in the Security Area, to
> >>have reached last call, but I don't follow discussions there, so I'm
> >>sorry if my comments are repetitive.
> >>
> >>> These dimensions taken as a whole comprise a generally comprehensible picture of consensus at the IETF as to what is end-to-end encryption,
> >>
> >>I'm not sure that we have any real consensus about this. I guess this
> >>last call will tell us.
> >
> >I read the draft in detail and I have no idea whether webmail could be considered E2E encrypted.
>
> I'm not looking for the answers to these questions, but for guidelines that would let us
> come up with consistent answers.
>
> Imagine we have webmail, encrypted connection between server and browser, mail encrypted with PGP or S/MIME.
>
> If the mail is encrypted and decrypted on the server, so the server is part of the endpoint, is that E2E?
>
> I have a mail account on a server on which I personally control the hardware and software, one at Protonmail,
> one at Gmail. Are the answers the same?
>
> Or assume the encryption is in the browser or phone app. Does the key management matter for E2E?
> How about if the key is stored on the server, but the server promises not to use it, only to
> provide it to the user's browser? (You can check their 150,000 lines of code on Github to see
> whether they actually do this.)
>
> I realize this may seem somewhat nitpicky but if we're going to say end to end, we really need
> a clear understanding of what "end" implies or requires.
>
> R's,
> John
>
>
> --
> last-call mailing list
> last-call@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/last-call
--
---
tte@xxxxxxxxx
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
