> If E2E' permits the message broker to intercept messages, does it satisfy the conventional definition of "end to end encryption"?
By "broker" do you mean the server or are you including e.g. the company's code running on your device? "End to end" conventionally means "device to device" since few if any strong cryptosystems can be implemented by humans without mechanical assistance.
Key exchange is traditionally assumed away as outside the scope of analysis; we assume as a starting point that the users have a preshared secret key. So in theory E2E is very different from TLS. But in practice key exchange is very relevant.
There is still a very real practical distinction though: WhatsApp/Signal/... do not allow the server to passively intercept messages. There are active attacks that the server can perform against they key exchange process, but these would be very likely to be detected if performed on a large scale (even by insiders at the company).
It's also worth noting that a TLS approach leaves a much bigger attack surface for bulk attacks from outside the company: any security hole in the company's servers gives a single point at which an attacker can capture plaintext messages on a large scale (as the NSA is known to have done to GMail).
By "broker" do you mean the server or are you including e.g. the company's code running on your device? "End to end" conventionally means "device to device" since few if any strong cryptosystems can be implemented by humans without mechanical assistance.
Key exchange is traditionally assumed away as outside the scope of analysis; we assume as a starting point that the users have a preshared secret key. So in theory E2E is very different from TLS. But in practice key exchange is very relevant.
There is still a very real practical distinction though: WhatsApp/Signal/... do not allow the server to passively intercept messages. There are active attacks that the server can perform against they key exchange process, but these would be very likely to be detected if performed on a large scale (even by insiders at the company).
It's also worth noting that a TLS approach leaves a much bigger attack surface for bulk attacks from outside the company: any security hole in the company's servers gives a single point at which an attacker can capture plaintext messages on a large scale (as the NSA is known to have done to GMail).