1.1 Outline

1.1 Outline

In Section 2, we start by providing some context on the Zoom platform and discussing the goals and limitations of our approach.

Many of our most secure offerings, including end-to-end encryption (E2EE), require Zoom client devices to have cryptographic keys whose secret components are not available to Zoom servers. Section 3 describes these keys, how they are managed by Zoom clients, and how we use sighchains to bind keys from a user’s devices to that user’s account and identifiers.

In Section 4, we propose a key transparency architecture that will force Zoom servers to be consistent about each user’s identity, empowering Zoom client devices to monitor their own identities and detect any attempts at impersonation. In Section 5, we describe how users can leverage external identity providers to certify their own keys, allowing communication partners to independently verify them without relying on Zoom. Both of these mechanisms reduce the need for fingerprints and security codes to achieve authentication.

The following sections introduce the cryptographic protocols powering Zoom Mail Service (Section 6), Meetings (Section 7) and Phone (Section 8).