[Cryptography] "Zoom's end-to-end encryption isn't

Peter Fairbrother peter at tsto.co.uk
Fri Apr 3 09:21:41 EDT 2020

On 03/04/2020 04:07, Henry Baker wrote:

> So I was thinking, how secure/private could a multiple-party
> Zoom conference possibly be?
> So let's do end2end encryption on every video/audio feed.

> So let's assume that the server only sees encrypted audio & video
> feeds.
> The server still knows who each of the participants is: it knows
> their IP addresses & verified email addresses.

> Are there any better ways to hold a group conference?

To begin: You don't use, or need, a central server.

Sixth law : Only those you trust can betray you.

Peter Fairbrother


The first 10 laws of secure information systems design - there are more 
laws, plus some principles, but they are still a work in progress:

0 It's all about who is in control

1 Someone else is after your stuff

2 Stuff you don't have can't be stolen from you

3 Attack methods are many, varied, ever-changing and eternal

4 Everywhere is subject to attack

5 Complex systems provide more places to attack

6 Only those you trust can betray you

7 Holes for good guys are holes for bad guys too

8 A system which is hard to use will be abused or unused

9 Security is a Boolean

More information about the cryptography mailing list