End-to-End Encryption|Public-Key Encryption

End-to-End Encryption

Many communications applications are based on the model of encryption from each end-user to the central server. For example, Alice and Bob might both use https (based on TLS, 29.5.2 TLS) to encrypt their interactions with their email provider. This means Alice and Bob are now trusting that provider, who decrypts messages from Alice, stores them, and re-encrypts them when delivering them to Bob.

An Introduction to Computer Networks, Release 2.0.4

This model does protect Alice and Bob from Internet eavesdroppers who have not breached the security of the email provider. However, it also allows government authorities to order the email provider to turn over Alice and Bob’s correspondence.

If Alice and Bob do not wish to trust an intermediary, or their (or someone else’s) government, they need to implement end-to-end encryption. That is, Alice and Bob must negotiate a key, use that key to encrypt messages between them, and not divulge the key to anyone else. This is quite a bit more work for Alice and Bob, and even more complicated if Alice wishes to use end-to-end encryption with a large number of correspondents.

Of course, even with end-to-end encryption Alice may still be compelled by subpoena to turn over her correspondence with Bob, but that is a different matter. Alice’s private key may also be seized under a search warrant. It is common (though not universal) to protect private keys with a password; this is good practice, but protecting a key having an effective length of 256 bits with a password having an effective length of 32 bits leaves something to be desired. The mechanisms of 28.6.2 Password Hashes provide only limited relief. The mechanism of 29.2 Forward Secrecy may be more useful here, assuming Alice can communicate to Bob that her previous key is now compromised; see also Certificate revocation.

Frequently Asked Questions

Ans: Trust and the Man in the Middle|Public-Key Encryption view more..
Ans: Forward Secrecy|Public-Key Encryption view more..
Ans: End-to-End Encryption|Public-Key Encryption view more..
Ans: SSH and TLS|Public-Key Encryption view more..
Ans: IPsec |Public-Key Encryption view more..

Rating - 3/5