The 1994 paper (freely available at https://digital.library.unt.edu/ark:/67531/metadc1341727/m2/...) is actually about proper E2EE.

I addressed the other two at https://news.ycombinator.com/item?id=46132220 .

You did show that the term was already used, but in the current meaning

> The 1994 paper (freely available at https://digital.library.unt.edu/ark:/67531/metadc1341727/m2/...) is actually about proper E2EE.

That paper is about PKI-based session setup for End-End which is the ancestor of SSL/TLS. It even mentions a CAE which is effectively a CA and it does a synchronous handshake to establish a symmetric key. It's very clearly about transport layer security from end to end.

It's not about User-User E2EE (akin to Signal) and shares very little other than that data is encrypted from point A to point B.

To be clear, SSL/TLS and other transport protocols can absolutely be considered end-to-end encryption, if they're established between the two real interlocutors.

Otherwise, you have two instances of encryption with decryption in the middle; that can't logically be called end-to-end encryption, I never heard it called so, and hopefully it never was.

> "Some homemade encryption" is not what I was suggesting at all. E.g. encrypted-at-the-source (client side) AWS files are still sent over TLS as an encrypted blob within an encrypted blob but remain encrypted past the TLS boundary.

They need to analyse the data; adding layers of encryption, thus, could only improve security if the keys for the inner encryptions are better protected than the server's TLS private key.

Which would honestly, actually, likely to be the case, but it would probably be a modest improvement