Comment by paxys
1 day ago
"trusted execution environment" != end-to-end encryption
The entire point of E2EE is that both "ends" need to be fully under your control.
1 day ago
"trusted execution environment" != end-to-end encryption
The entire point of E2EE is that both "ends" need to be fully under your control.
The point of E2EE is that only the people/systems that need access to the data are able to do so. If the message is encrypted on the user's device and then is only decrypted in the TEE where the data is needed in order to process the request, and only lives there ephemerally, then in what way is it not end-to-end encrypted?
Because anyone with access to the TEE also has access to the data. The owners can say they won't tamper with it, but those are promises, not guarantees.
That is where the attestation comes in to show that the environment is only running cryptographically verified versions of open source software that does not have the mechanisms to allow tampering.
2 replies →
This is false.
From Wikipedia: "End-to-end encryption (E2EE) is a method of implementing a secure communication system where only the sender and intended recipient can read the messages."
Both ends do not need to be under your control for E2EE.
They do if you're both the sender and intended recipient
because ... ?