IETF Logo Mail Archive

Re: [E2ee] A Civil Society Glossary and Primer for End-to-End Encryption Policy in 2022

Eric Rescorla <ekr@rtfm.com> Fri, 01 July 2022 13:49 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: e2ee@ietfa.amsl.com
Delivered-To: e2ee@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FE5CC14F728 for <e2ee@ietfa.amsl.com>; Fri, 1 Jul 2022 06:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOaWeOY8ofnF for <e2ee@ietfa.amsl.com>; Fri, 1 Jul 2022 06:49:34 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0387C15948B for <e2ee@ietf.org>; Fri, 1 Jul 2022 06:49:34 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id l24so2266238ion.13 for <e2ee@ietf.org>; Fri, 01 Jul 2022 06:49:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0WOhOCnNCfQF1EpcMV6XvrHIbu3hfFxTEjQF1wfA8iI=; b=KiPCnL9v6lHMbo+z6VrVBaO3BR0vOjUNEb6Ko3EuvgTqcvDC10MG67ocv7ckPDLjGX 1lphtXsKS0jhEFJzSnzq4hOFbYXMLOVedKIeYgE2zbaIuOLm/92vl4+I2lGxuYcbNyG/ IS9BslTdL5nYGnXV1Kxk0Of7Gt+/Ji+nB43E35tT2Tt0qDEXvzcaSSDVc38F6gXDnAMR S/K8sZXYx6wz5FNPoBI5SLMkiJOgQfi+unQNXRtlKkdmsTxap73+ha8Hx3LZqkeLNKgz SIQP3W64BnCzhwFpTM3ABPIHejzzRb6MnVknrmey19s2OhqEjDHnpjGv9YRVhPScO9TG js7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0WOhOCnNCfQF1EpcMV6XvrHIbu3hfFxTEjQF1wfA8iI=; b=z7COTGoDNhea+hL/afVdSyXqpTafC1QoM4tWatsaOy+hh+ATTF5XcA7tcDOTRukRlt mwMh7v9G1wZeAGdlYgZyMz8UNtiDVHgjYfFFHGGhHshXAt5mdtAGs7fikoszBBTKfAXd uu4JGFrlaqpCXnl1K3TSR56rYW7X9Qm6hvxv+DOg358D8GxoTzI+qXrquTSfZnuHN3EA wQozYjUZ6nVkDKyW59LeXcQgc8Ao98YMIywTLiLEx6BImtzEw9qd+XGqr4iWHx2k9Ti8 zsM6E0M9TX5pc44Q8weJ49CBQyoyGRwp+rZClJF7hIcZheaHZZck1ElBESvM1b6U+Xvm 8FXg==
X-Gm-Message-State: AJIora8oY3eJjAR1jkTPT8MwekU1dYliH9okHbaj06+0AmANXF9LI66d ATJQKpxVRZ21x2WGDk2xuSInlQi6PjL9/j/kB1xXFw==
X-Google-Smtp-Source: AGRyM1tWyYAHrYBf6xMFDC26kme3/tTk4qiqQDK9zjZTp9k7IJZSfDkmsGN3zvwgoGOFxYs156EllW+UBsdzRqepliA=
X-Received: by 2002:a05:6638:1412:b0:33c:8dcd:56e6 with SMTP id k18-20020a056638141200b0033c8dcd56e6mr8642355jad.86.1656683372109; Fri, 01 Jul 2022 06:49:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAFWeb9L=5SVkh4x=pdHfrGq6OGibcQrUyCn5NfvbAX-Vxjmr7w@mail.gmail.com>
In-Reply-To: <CAFWeb9L=5SVkh4x=pdHfrGq6OGibcQrUyCn5NfvbAX-Vxjmr7w@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 01 Jul 2022 06:48:56 -0700
Message-ID: <CABcZeBNUKBehqF6b7-v6aQe2Pc7hErEob_0wMn0id9T5Y7aV2w@mail.gmail.com>
To: Alec Muffett <alec.muffett@gmail.com>
Cc: e2ee@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e6787c05e2bea721"
Archived-At: <https://mailarchive.ietf.org/arch/msg/e2ee/Nkz_pbRAG65SIQpdTLnfm9Kv928>
Subject: Re: [E2ee] A Civil Society Glossary and Primer for End-to-End Encryption Policy in 2022
X-BeenThere: e2ee@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of the definition of end-to-end encryption." <e2ee.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/e2ee>, <mailto:e2ee-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/e2ee/>
List-Post: <mailto:e2ee@ietf.org>
List-Help: <mailto:e2ee-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/e2ee>, <mailto:e2ee-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2022 13:49:38 -0000

Hi Alec,

I suppose this is a nit and I don't generally object to the use of the
term "E2E" and letting context fill in the details, but.

In the section entitled "Why everyone should stop talking about
“End-to-End Encryption”, you write:

   It is hard to conceive of an E2E solution that does not use
   encryption. Perhaps in some steampunk fantasy 47 we could imagine
   messages being passed via a series of armoured building-to-building
   pneumatic tubes 48 49 with privacy assured by gas-pressure-based
   “compromise sensors” and alarms 50 to provide assured private
   communication; but such would inevitably be limited to niche,
   privileged, likely Government use as it would simply not scale.

To my mind, the purpose of the word "encryption" is not to distinguish
encryption as a technical means of ensuring confidentiality but to
distinguish it from applications which provide some other end-to-end
property. Some examples are:

- End-to-end reliability systems, such as TCP rather than hop-by-hop
  ones such as X.25 (as in the original Saltzer, Reed, Clark paper).

- End-to-end authentication systems such as DNSSEC which do not
  provide confidentiality, but provide authentication despite the
  presence of intermediaries.

- End-to-end voting systems which do use encryption but provide
  a stronger set of guarantees than just confidentiality between
  points. In particular, they provide assurance of the correctness
  of the votes even once the encryption has been removed.

I don't think we should stop using the term "end-to-end" in these
contexts, even if today it is more often used in the context
of encrypted communications systems.

-Ekr




On Thu, Jun 30, 2022 at 7:38 AM Alec Muffett <alec.muffett@gmail.com> wrote:

> A few weeks ago it was with great delight that I accepted a request from
> Privacy International to write a report for them: to share my perspectives
> on technical aspects of end-to-end encryption, with specific focus on
> helping civil society organisations better understand these aspects when
> considering policy.
>
> We came to an agreeable arrangement where I retain copyright and am free
> to republish this report to the general public, which I do under the terms
> of the CC-BY-4.0 licence.
>
> The report is now in a state of being complete enough for publishing…
> although over time it will doubtless be updated with errata, fixes, new
> content, etc; and a list of diffs (i.e. changes) will be available for
> transparency. The URL for the report is:
>
>     https://alecmuffett.com/alecm/e2e-primer/
>
> …available in web-optimised and print-optimised HTML and Markdown.
>
> I hope that it may help at least amuse, if not inform.
>
>     - alec
>
> --
> https://alecmuffett.com/about
> --
> E2ee mailing list
> E2ee@ietf.org
> https://www.ietf.org/mailman/listinfo/e2ee
>

v2.23.0 | Report a Bug | By Email