[Cryptography] "Zoom's end-to-end encryption isn't

Peter Fairbrother peter at tsto.co.uk
Tue Apr 7 19:59:15 EDT 2020

On 05/04/2020 18:14, Benjamin Kreuter wrote:
> On Sat, 2020-04-04 at 13:52 +0100, Peter Fairbrother wrote:

>>>> To begin: You don't use, or need, a central server.

>> How do people find each other with Zoom? I'd guess through email or
>> mobile numbers.
> What are the participants going to receive by email?  

"There will be a staff meeting at 3pm, details here"?

"Click the link at ten am Sunday to join our video church meeting"?

>> Only streams between the conference host and the participants are
>> required.
> Which would be great if the conference host has a reliable and high-
> throughput connection.  Unfortunately that is not always true, and
> becomes more and more difficult as the number of participants grows.
> In some cases it would become hard even with fiber optic service; for
> example, if a single person is presenting to 1000+ participants (i.e. a
> broadcast scenario).

That isn't really a teleconference, more a broadcast, as I am assuming 
the host only has a single multi-/broad-cast output stream, not 1,000 
input streams. What would he do with them? A conference with 1,000 
always-on active participants - I shudder.

A _secure_ conference with 1,000 always-on active participants? Won't 
touch that with yours.

Point is, the participants are downloading one hidef stream, and 
uploading one usually lowdef stream. The host is only watching one hidef 
screen, therefore only downloading enough low-def streams to fill that 
one hidef stream .

The host can't watch more, as his monitor won't allow it - there is no 
point in using more bandwidth. Everyone should be able to manage that, 
if they can't then a central server isn't going to help.

If you want to use a million monitors, fine, but expect to use more 
bandwidth :) Central servers are not going to help here either.

The only remaining problem is that the host is outputting one multicast 
hidef stream, and the internet does not do multicasting on a 1 -> 2 or 
say 1 -> 10 person basis well. However it is possible, eg something like 
BitTorrent but real-time, with the participants participating.

Maybe you might want to use a central server or service for multicasting 
and broadcasting.

But if you start from the idea that you don't need a central server, you 
will usually find that you don't.

Peter Fairbrother

More information about the cryptography mailing list