What's the difference between end-to-end and regular TLS encryption?

Let's define end-to-end as where the message is encrypted by the sender and decrypted by the receiver. Nobody in the middle, not even the chat provider, has the ability to decrypt it.

Compare this to a simple chat over HTTPS. The message is encrypted by the sender, just based on the fact that TLS is used. Now, while the intended recipient is another user, the TLS connection is initiated with a server (think Facebook). TLS terminates at the server, and whoever controls the server has the ability to view the messages since they are not encrypted. Then, the message may be passed on encrypted over TLS again to the recipient.

The key difference is that the provider is able to view the messages in the second case.


End-to-end encryption (think: enduser-to-enduser encryption) is a concept where communication is encrypted directly between the users of a system, whereas many systems just provide encryption between each individual user and the service provider. That is, with E2EE only the sender and receiver of a message can access the message content. Neither the service provider nor any party involved in delivering the message would see it in clear text at any time.

What's the difference between end-to-end and regular TLS encryption?

E2EE does not describe a particular technology or dictate certain protocols, it only describes the way a system is designed. TLS on the other hand is a specific cryptographic protocol that could be used for an E2EE implementation (although many E2EE chat programs use advanced algorithms that are better suited for instant messaging than TLS, such as the Signal protocol). Note that technically speaking, any secure communication tunnel provides encryption between two ends, but the term end-to-end encryption is usually applied to messaging services or, more generally, the secure communication between users of a service but not between a user and the service provider itself.

So, if you send a regular Facebook message, it's not end-to-end encrypted between you and your conversation partner because Facebook's servers store your messages in plain text. Therefore, the message content would be accessible to Facebook administrators or law enforcement upon request. However, your connection to Facebook is technically an end-to-end encrypted connection between you and Facebook because you're using HTTPS.

Tags:

Encryption