Do you like end-to-end encryption? Do you want your videoconferencing which scales to 1000 participants to have E2EE?

Here's the design and roadmap for adding end-to-end encryption to Zoom meetings. For your delectation and public comment:
https://github.com/zoom/zoom-e2e-whitepaper

🧵🧵🧵
zoom/zoom-e2e-whitepaper

End-to-End Encryption for Zoom Meetings. Contribute to zoom/zoom-e2e-whitepaper development by creating an account on GitHub.

https://github.com/zoom/zoom-e2e-whitepaper
Here’s the basic outline:
1. In Phase 1 we have secret keys only on the clients, with meeting participants comparing words generated from the participants keys to ensure key correctness. Think of this as the level of security for most E2EE platforms today (e.g. FaceTime).
2. In Phase 2, we move on to having identity providers able to vouch for their users. Most enterprises have some kind of SSO setup; we add some cryptographic fun so that people can prove that identity to others in an E2E-secure way.
3. Phase 3 is where transparency trees come in. Everyone loves transparency trees! They help us make sure that the server is following the protocol for every participant in a way that is basically invisible for the users. Best kind of security: the kind that works invisibly.
4. In Phase 4 we get into better authentication for multiple devices in various ways: IT admins, SSO, cross-signing.
All of this is aimed at building extremely good end-to-end protections for Zoom meetings while remaining easy to use and to deploy. Key management is hard. This is one of the biggest lessons I learned when I started building crypto in practice rather than only in theory.
We had a *huge* advantage when designing this: Zoom already has the meeting contents traverse the servers encrypted. So what you’ll see in this paper is changing how Zoom does key management rather than a full-on design for a videoconferencing system.
Like I said when Zoom acquired Keybase: crypto is better with friends. The Keybase folks are amazing, as are @alexstamos and @matthew_d_green.
Also: please put your comments in the github because if we tried to use Twitter and HN as a project management tool it’s going to be excessively exciting.
@alexstamos has a better list of Twitter handles (and thanks to all of the other folks who were involved, including the external counsel who suggested we use the phrase "as contemplated herein" multiple times and I almost did it) https://twitter.com/alexstamos/status/1263896949712814080
You can follow @LeaKissner.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more