8.1.1 Join/Leave Protocol

E2EE Zoom Phone calls leverage the key management system from Sections 3.4 and 3.7, and the same cryptographic primitives as Zoom Meetings (described in Section 7.5). Zoom Phone calls are identified with CallSessionID instead of meetingID and meetingUUID. To join an E2E call, participants ask for signed statements from the Zoom server over their ID and long-term key, just as in Zoom meetings (described in Section 7.6.1). They also generate per-call ephemeral DH keys (pki , ski), sign them with their device keys (similar to Section 7.6.2), and send the key and signature to the other participant. The call is encrypted with a shared meeting key obtained from the DH key exchange of the clients’ ephemeral keys (using the participants’ UIDs and the CallSessionID as context). Since the set of participants is fixed, the key does not rotate and does not have a sequence number, and there is also no Leader Participant List, heartbeats, or any analogue of the “locked meeting” feature. Participants still fetch each other’s long-term public keys from the key server. Instead of the bulletin board, the server simply offers an interface for the two callers to message each other. At the moment, the only way to have an E2EE Zoom Phone call is to upgrade an in-progress call to use E2EE. When upgrading to E2EE, each client first sends its own signed ephemeral key, and when it receives the other party’s key material, it responds with an explicit acknowledgement message. Once it receives the other party’s acknowledgement, the client can start encrypting its own call stream.