Design Decision: End-to-end encryption¶
1. No end-to-end encryption¶
- Least effort
- Easier to fault find and manage
- With no placeholder, it is very hard to add support later and maintain wire stability.
- May not get past security reviews of Float.
2. Placeholder only¶
- Allows wire stability when we have agreed an encrypted approach
- Shows that we are serious about security, even if this isn’t available yet.
- Allows later encrypted version to be an enterprise feature that can interoperate with OS versions.
- Doesn’t actually provide E2E, or define what an encrypted payload looks like.
- Doesn’t address any crypto features that target protecting the AMQP headers.
Recommendation and justification¶
Proceed with Option 2: Placeholder
Proceed with Option 2 - Add placeholder, subject to more detailed design proposal (RGB, JC, MH agreed)