10

Could some one explain me the difference between point-to-point and end-to-end security?

TylerH
  • 20,799
  • 66
  • 75
  • 101
Arun
  • 365
  • 1
  • 5
  • 15
  • 1
    @PravinPawar Given the question and the answers here are rather generic, I don't think this should be closed as a dupe of a WCF-specific question. This can serve as a good canonical for other questions about end-to-end or point-to-point encryption. – TylerH Jun 13 '23 at 18:25

2 Answers2

21

Point to Point - One direct Connection

enter image description here

End to End - A Connection with something in the middle

enter image description here

RaphaelH
  • 2,144
  • 2
  • 30
  • 43
10

Point to Point is transport layer encryption. Data is encrypted in the transport layer e.g. (Https)

End to End is Encryption you encrypt before you hit transport and decrypt after. e.g. PGP.

see https://en.wikipedia.org/wiki/Point_to_Point_Encryption and https://en.wikipedia.org/wiki/End-to-end_encryption

Wiki makes it sound like point to point is better, this is due to the work that has been put into TLS (Transport Layer Security) so that your https traffic is secure. End to End can be just as effective (e.g. PGP), but you do need to work out how to transport the key for decryption which is a possible weak link.

For the most secure you would use both:

  1. Encrypt (using key)
  2. Send over Https
  3. Receive
  4. Decrypt (using key)
HSG
  • 334
  • 2
  • 8