Talk:End-to-end encryption

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Inordinate amount of page space devoted to Tetra[edit]

This article is literally mostly about Tetra. Is Tetra notable enough to get its own article so that this one can focus on its title and just reference Tetra as an example? Chris Arnesen 14:26, 25 March 2014 (UTC)

Article should describe potential vulnerability to MITM attacks, and means for mitigation[edit]

When non-certified/uncertified (is there a difference?) E2EE is used, there is potential for Man-in-the-middle attacks, especially between parties that have not previously exchanged public keys in a more secure manner. Because the article presently does not describe this potential, a reader might wrongly conclude that E2EE is by itself a complete solution to privacy and security, which would be a very dangerous misconception. The article should at least briefly describe the MITM problem, as well as means for mitigation (e.g. web of trust). While I'm very familiar with the problem, I don't have the expertise to adequately describe the possible means of mitigation, and in particular can't explain how (or even whether) those methods are used by the cited examples of E2EE protocols, software and services (e.g., ZRTP, TETRA). --Brouhaha (talk) 18:49, 14 March 2015 (UTC)