[Cryptography] "Zoom's end-to-end encryption isn't
peter at tsto.co.uk
Sat Apr 4 08:52:09 EDT 2020
On 04/04/2020 01:29, John Levine wrote:
> In article <c3a39de0-e62a-0bde-5f0c-8eafb968cef4 at tsto.co.uk> you write:
>> To begin: You don't use, or need, a central server.
> That seems awfully optimistic.
It is not optimism, grasshopper, it is formulated as a requirement. :)
How are the people supposed to find each other?
I have never used Zoom, so I am at a disadvantage insofar as knowing the
expected user interaction and features, and I cannot recommend anything,
see 8th law. However I will make some brainstorming type suggestions.
How do people find each other with Zoom? I'd guess through email or
> Also, in the absence of a central server every participant needs to
> send N streams to the N other participants
Only streams between the conference host and the participants are required.
> which is going to be a challenge on the cable and DSL connections most people have that have
> limited upstream bandwidth. With a central server, even if it can't
> decode the streams,it can switch and multiplex them so each client has
> one stream to the central server and one multiplexed one back.
So you are saying that only streams between the server aka the
conference host and the participants are required.
Perhaps the host receives low-def streams from the participants and
multicasts a single high-def stream back to them. Perhaps the host can
ask a participant for high-def when focus is put on them.
These are just top-of-my-head brainstorming type suggestions. I can even
envisage situations where a central server may be more secure, though I
am much happier when key agreement is done directly between host and
As an aside, the main raison d'etre for central servers is often more
related to income streams than to functionality or security.
8th law: A system which is hard to use will be abused or unused
More information about the cryptography