I would like to better understand the advantage of integrating end to end encryption using the Ziti SDK over TLS.
Conceptually I realise its better… as the data is unencrypted at a higher layer… but I am light on the details.
It would be great if you can provide a brief outline that covers the basics.
Some interesting read on ‘why’ e2ee:
Basically e2ee offers you yet another layer of security around your connection and the “keys” are per connection. You’re also getting a new, ephemeral key every connection.
IF you’re using TLS, e2ee is just one more layer on top of your encrypted data. But if you end up using an insecure protocol like http or ftp (or other) you can rest assured that you’re only ‘unencrypted’ when not on the e2ee connection.
Dunno if that helps or not, hopefully it does.
I can see how this can make a big difference.. this is clearly not possible with TLS.. as it only relies on one key pair for the server... that may not be renewed for 12 months or more
I can also see how it offers protection when say... an intermediary delivering the payload is not encrypted.. either because its internal to the network and trusted.. or the external providers have a failed certificate .. say at the DNS level