7.3.1 Security Goals

Zoom Meetings shares the goals, threat model, and limitations of Section 2 with the other products outlined in this document. Specific to Zoom Meetings, we additionally deem inmeeting impersonation attacks to be out of scope: a malicious but otherwise authorized meeting participant colluding with a malicious server can masquerade as another authorized meeting participant. There are also several legacy standards and platforms that E2E encryption for Zoom Meetings is not compatible with. For example, dial-in phones or SIP/H.323 devices can be used to join Zoom Meetings, but these devices cannot be modified to support end-to-end encryption and require meeting content to be decrypted and re-encoded in an “end” in Zoom’s data center. The E2E security guarantees described in this section do not apply to meetings that support such features.