what’s the difference between client-client encryption and client-server/server-client encryption?


How secure is client-server/server-client encryption?

In: 0

Most of it depends on what you’re protecting and from whom. The actual encryption technologies are basically the same, so if an external attacker with no privileged access is trying to attack it, it really doesn’t matter. Client to client (generally referred to as e2ee, end to end encryption) means the two end users generate keys and exchange them without the server getting a copy. This is useful when you don’t want the server to be and to access the data, eg highly sensitive content or where there might be a legal obligation for the service provider to disclose the content. It limits certain features though, like recoverability, search/indexing, etc. So for example if you lose your device, you lose access to all of the old content because you no longer have the keys to decrypt anything.

“Client” and “server” are just an abstraction, the names of roles given to parties in an exchange, and they’re totally relative: the client is typically the one initiating the exchange, and the server the receiver / responser.

Another way to put it is the server provides an API, and the client consumes it or calls it.

A given party can play the role of client in one case or serve the request (and play the role of server) in another, as servers are frequently clients of other services.

Most communications are secured using TLS, a transport-level protocol for authenticating a server to a client and encrypting communications between them. Occasionally parties make use of mutual TLS (mTLS), where both parties authenticate each other.

Client-client would imply point-to-point communication, like a peer-to-peer protocol, which is very rare.

Even end-to-end encryption between peers is often federated and relayed between some central, authoritative service. The Signal protocol is an example of a non-federated protocol, and yet in practice it still requires a centralized service through which clients who are peers route their communications and which authenticates clients, although it doesn’t know what the clients are telling each other.