[Cryptography] "Zoom's end-to-end encryption isn't

Phillip Hallam-Baker phill at hallambaker.com
Sun Apr 5 12:07:45 EDT 2020

On Sat, Apr 4, 2020 at 9:33 PM John Levine <johnl at iecc.com> wrote:

> Zoom describes their encryption here.  tl;dr it's end to end for
> compatible clients,
> it's end to "connector" for stuff that has to be transcoded.  All of their
> own clients
> are compatible, transcoding is for H.323, phone calls, recordings, and
> such.
> https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/
> No comment on the claim that everyone uses the same key.

Looks like the system has the same problem as Signal: Yes the
communications are end-to-end but you are trusting the provider of the
client (and possibly the service) to not defect in the face of a government
warrant. If there is only one client provider, they can change the protocol
without telling anyone. Signal is particularly awful in this respect as it
seems to demand an update every ten days.

My concern about the risk of government mandated backdoors is considerably
greater with the greatly increased likelihood of an attempt to cancel the
November election in the US.

The underlying problem is that no communication infrastructure built on a
monopoly service provider can be secure against this type of attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200405/96c87262/attachment.htm>

More information about the cryptography mailing list