- From: Roland Zink <roland@zinks.de>
- Date: Tue, 1 Dec 2015 17:51:03 +0100
- To: Kyle Rose <krose@krose.org>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Amos Jeffries <squid3@treenet.co.nz>
Am 01.12.2015 um 17:33 schrieb Kyle Rose: >>> TLS is also end-to-end >>> >> That is a false statement. >> >> TLS is point-to-point. There is no requirement in TLS that point-B on >> the conection be the origin server. > Perhaps the confusion lies in the fact that end-to-end vs. > point-to-point, taken literally, depends on how you're defining your > endpoints? TLS is end-to-end if you consider the endpoints of the TCP > connection to be the two ends. But I'd argue that this interpretation > renders the two concepts meaningless. E2E vs. P2P in a security > context imply things other than what the phrases literally mean. > > One of the distinguishing characteristics of end-to-end encryption in > my experience is that the payload/data stream can be time-shifted > without affecting the ability for authorized users to decrypt the > data: TLS, with forward secrecy, clearly does not have this > characteristic. Another characteristic is that the payload is > encrypted and decrypted offline, i.e., without any online handshake > between the sender and the recipient: again, TLS is explicitly > designed in a way that this is not possible. End-to-end also implies > the ability for (though not the necessity of) many recipients, rather > than one-to-one communication: TLS also fails this test. > > Frankly, in myriad discussions over many years with lots of different > people, this is the first time I've encountered confusion about the > two concepts. It's almost hard to believe we're arguing about this. > > Kyle One reason is a mistyping. Actually it should be HTTPS instead of TLS. HTTPS can establish an end-to-end TLS connection through proxies using CONNECT requests over several TCP connections. In your definition this doesn't make a difference I guess.
Received on Tuesday, 1 December 2015 16:51:31 UTC