[Cryptography] "Zoom's end-to-end encryption isn't

Jon Callas jon at callas.org
Fri Apr 3 20:15:55 EDT 2020

> On Apr 2, 2020, at 9:53 PM, John Denker via cryptography <cryptography at metzdowd.com> wrote:
> How does jitsi fit into this story?
>  https://jitsi.org/

We are using Jitsi a lot at work, as well as Zoom. I find Jitsi to be perfectly acceptable. It's not as polished as Zoom, but a lot of that is because it is not regularized and is working with various devices of different kinds.

> It claims to use ZRTP.
> Phil Zimmerman says ZRTP provides end-to-end security.

As a co-author of ZRTP, yes, it does end-to-end. That still doesn't tell you anything. If you have E2EE connections into an unencrypted mixing server, then it is not really, really E2EE.

At Silent Circle, we did mixing on one device. So one participant in the meeting was the mixer and everyone did a call in to them. Thus, you wanted the mixer to have fast Internet, but everyone else only needed one stream.

> It's all open source.  Has anybody vetted it?

People have over the years, I don't know about recent things.

For what it's worth, FaceTime is also end-to-end encrypted, but you need all Apple devices, and it maxes out at 32 people.


More information about the cryptography mailing list