[Cryptography] "Zoom's end-to-end encryption isn't

[Peter Fairbrother]

On 04/04/2020 01:29, John Levine wrote:
> In article <c3a39de0-e62a-0bde-5f0c-8eafb968cef4 at tsto.co.uk> you write:
>> To begin: You don't use, or need, a central server.
> 
> That seems awfully optimistic.  

It is not optimism, grasshopper, it is formulated as a requirement.  :)

How are the people supposed to find each other?

I have never used Zoom, so I am at a disadvantage insofar as knowing the 
expected user interaction and features, and I cannot recommend anything, 
see 8th law. However I will make some brainstorming type suggestions.

How do people find each other with Zoom? I'd guess through email or 
mobile numbers.


> Also, in the absence of a central server every participant needs to
> send N streams to the N other participants 

Only streams between the conference host and the participants are required.

> which is going to be a challenge on the cable and DSL connections most people have that have
> limited upstream bandwidth.  With a central server, even if it can't
> decode the streams,it can switch and multiplex them so each client has
> one stream to the central server and one multiplexed one back.

So you are saying that only streams between the server aka the 
conference host and the participants are required.

Perhaps the host receives low-def streams from the participants and 
multicasts a single high-def stream back to them. Perhaps the host can 
ask a participant for high-def when focus is put on them.


These are just top-of-my-head brainstorming type suggestions. I can even 
envisage situations where a central server may be more secure, though I 
am much happier when key agreement is done directly between host and 
participant(s).


As an aside, the main raison d'etre for central servers is often more 
related to income streams than to functionality or security.


Peter Fairbrother
-- 

8th law: A system which is hard to use will be abused or unused