[Cryptography] NSA security guidelines for videoconferencing
leichter at lrw.com
Mon May 4 19:50:32 EDT 2020
> Zoom have a lot of problems but most of them are relatively easy to fix given money and the will to do so. Some are not. The reason Zoom is so easy to use is in part the almost complete lack of authentication. They just give you a meeting id and a 'password' which might as well just be part of the meeting ID given the way it is handled.
Let's separate concerns here.
Ignoring for the moment the way they choose and distribute the session key - which should change - Zoom provides the equivalent of a room in a building. The room itself is (reasonably well) constructed so that outsiders can't observe or here the meetings you hold in there. You can control who gets in the room by:
o Controlling who you tell about the room. This was their default mode of operation in the past, but it failed because everyone knew where all the rooms were and could wander the halls and peak in the rooms to find interesting meetings;
o Put someone at the door and tell all your invitees a secret word. The guy at the door only lets people who whisper the word in his ear into the room. This is what their passwords amount to. This works if you can trust that those you give the password to won't give it to people who shouldn't have it. In many situations, this is a reasonable approach.
o Make a list of people who are invited and have the guy at the door only accept *them*. This is one thing the "waiting room" feature is for - but it's hard to operationalize in an automated fashion without some pre-agreed form of identification - i.e., an on-line identity. If Microsoft were to implement a Zoom-like system, since they are already in the identity business, they would simply use their own identity system. (Hey! Guess what! They are and do.) Zoom is crippled here because there simply is no universal identity system out there they could rely on - and they're not about to go out and build one.
If you want to build a system that (a) supports authenticated control of access to meetings; (b) supports large meetings (beyond the point where a human can check everyone on entry); (c) would actually be usable by pretty much anyone in the world who has access to an Internet connection and a fairly pedestrian computer - well, I don't think the underpinnings exist today.
BTW, note that if you want a *public* meeting - where you put the time and room number on posters around town and then let anyone in - well, that makes sense sometimes - but complaints that "the wrong people" get in are a bit nonsensical.
Note that Zoom will let you (for sufficiently rich "you") run your own Zoom server. In that case, if you have an identity service, Zoom could probably add an extension easily enough so that you could control who can get into what meetings. (And in that case, only your organization, not Zoom, has access to the keys - modulo bugs, accidental or otherwise, in the server.) But all kinds of things are much easier in a closed, controlled system than in the greater Internet.
More information about the cryptography