W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Call for Adoption: Encrypted Content Encoding

From: Roland Zink <roland@zinks.de>
Date: Tue, 1 Dec 2015 17:51:03 +0100
To: Kyle Rose <krose@krose.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Amos Jeffries <squid3@treenet.co.nz>
Message-ID: <565DCFF7.3060000@zinks.de>
Am 01.12.2015 um 17:33 schrieb Kyle Rose:
>>> TLS is also end-to-end
>>>
>> That is a false statement.
>>
>> TLS is point-to-point. There is no requirement in TLS that point-B on
>> the conection be the origin server.
> Perhaps the confusion lies in the fact that end-to-end vs.
> point-to-point, taken literally, depends on how you're defining your
> endpoints? TLS is end-to-end if you consider the endpoints of the TCP
> connection to be the two ends. But I'd argue that this interpretation
> renders the two concepts meaningless. E2E vs. P2P in a security
> context imply things other than what the phrases literally mean.
>
> One of the distinguishing characteristics of end-to-end encryption in
> my experience is that the payload/data stream can be time-shifted
> without affecting the ability for authorized users to decrypt the
> data: TLS, with forward secrecy, clearly does not have this
> characteristic. Another characteristic is that the payload is
> encrypted and decrypted offline, i.e., without any online handshake
> between the sender and the recipient: again, TLS is explicitly
> designed in a way that this is not possible. End-to-end also implies
> the ability for (though not the necessity of) many recipients, rather
> than one-to-one communication: TLS also fails this test.
>
> Frankly, in myriad discussions over many years with lots of different
> people, this is the first time I've encountered confusion about the
> two concepts. It's almost hard to believe we're arguing about this.
>
> Kyle
One reason is a mistyping. Actually it should be HTTPS instead of TLS. 
HTTPS can establish an end-to-end TLS connection through proxies using 
CONNECT requests over several TCP connections. In your definition this 
doesn't make a difference I guess.
Received on Tuesday, 1 December 2015 16:51:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC