7.6.6 Key Rotation

At any point later in the meeting, the leader can generate a new 32-byte value MK0 . The leader performs steps 10-11 of “Participant Join (Leader)” for all participants, with the updated MK0 value. All participants see the rekey signal on their signaling channel, and perform step 12 of “Participant Join (Non-Leader).” Each participant ensures mkSeqNum in the ciphertext sent by the leader is greater than the previously known mkSeqNum; otherwise the key rotation is ignored. Participants do not immediately encrypt using the new meeting key; they wait about 2 seconds to ensure all participants smoothly transition over. Additionally, as specified in Section 7.6.7, they wait for a signature from the leader certifying the list of users the key has been shared with. This ensures that users always know for whom they are encrypting. All encrypted UDP packets are prefaced with the 4-byte mkSeqNum, so participants know which version to use for decryption. The leader should trigger a rekey whenever a participant enters or leaves the meeting. However, if multiple users join in short succession, the leader may choose to wait for a short amount of time and add all the newly-joined users at once. On the other hand, rekeys when users leave meetings might be delayed for up to 10 seconds, which ensures that leaving users can at most only decrypt meeting content sent shortly thereafter (or up to a couple of minutes if the server is suppressing messages to prevent the leader from rotating the key). Until a user begins to encrypt using a new key unknown to the leaving participant, the leaving participant will continue to be displayed as participating in the user interface (detailed in Section 7.6.7). As a final security measure, leaders rotate the meeting key every five minutes even if there have not been any participant changes, which provides certain liveness properties detailed in Section 7.6.8. We stress that each MK is independently generated, so knowing the previous MK provides no information about the subsequent MK0 . Note: Before Zoom client version 5.12, newly joined users might have received keys up to 15 seconds old. Additionally, participants did not wait for the corresponding leader-signed participant list to start encrypting with a new meeting key