Why doesn't TLS provide end-to-end encryption?
This question is somewhat related to this, this and this. If you want to talk to someone, say, through facebook, the TLS connection ends in the facebook server and they may be able to read it, before re-encrypting and sending it to the intended recipient. This seems a little off to me. Assuming the only thing facebook needs to forward the message is the metada which is not encrypted anyway, why TLS enables them to decrypt the message?
TLS encrypts a channel, and that channel is between your browser or app and the Facebook server. You do not have a TLS connection to the friend you are sending a message to. There are messaging protocols that do support end-to-end encryption, but Facebook's is not one of them and TLS doesn't really ccome into it.
External links referenced by this document:
Local articles referenced by this article: