What is the difference between point-to-point and end-to-end security?

Question

Although I have worked on WCF, I got a simple doubt, could some one explain me the difference between point-to-point and end-to-end security?

Thank You, Arun

Answer 1

Point to Point - One direct Connection

End to End - A Connection with something in the middle

Answer 2

Point to Point is transport layer encryption. Data is encrypted in the transport layer e.g. (Https)

End to End is Encryption you encrypt before you hit transport and decrypt after. e.g. PGP.

see https://en.wikipedia.org/wiki/Point_to_Point_Encryption and https://en.wikipedia.org/wiki/End-to-end_encryption

Wiki makes it sound like point to point is better, this is due to the work that has been put into TLS (Transport Layer Security) so that your https traffic is secure. End to End can be just as effective (e.g. PGP), but you do need to work out how to transport the key for decryption which is a possible weak link.

For the most secure you would use both:

1. Encrypt (using key)
2. Send over Https
3. Receive
4. Decrypt (using key)