Okay, so either we verify the symmetric key (identical on both phones), or we verify the public key (I should be able to display mine on my phone, and my friend will call up what their phone thinks my public key is, and that should match). How does this work with Keybase? Their documentation explains parts of it:Īlice and Bob share a symmetric encryption key, which they pass through the server by encrypting it to each of their devices' public encryption keys. #IN ZOOM KEYBASE APP CHAT IMAGES CODE#If they match, you know (based on the open client code and the cryptography it uses) that there is no (wo)man in the middle. In Signal you check the safety number, in Wire you check the device fingerprints, and in Telegram you check the encryption key. #IN ZOOM KEYBASE APP CHAT IMAGES SOFTWARE#It's pretty standard for E2EE software that the (client) code is open, the server sends you the encryption key, and you can check the encryption keys out of band. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend. But after loading the code onto your phone - installing the Keybase app - and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. You've read all the code in the client, or someone you trust has done so for you. #IN ZOOM KEYBASE APP CHAT IMAGES INSTALL#Oh, and make sure to install ZoomBot, which lets you start a Zoom meeting from your Keybase chat, if you're a Keybase user.The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. There's a pending release with much improved team management in it, which we'd been holding off on while distracted with this deal. Yeah, we'll be in touch if anything changes with Keybase. We can't be more specific than that, because we're just diving in.įAQ How in the world did you do an M&A deal during a pandemic? So, our shortest-term directive is to significantly improve our security effectiveness, by working on a product that's that much bigger than Keybase. Of course, if anything changes about Keybase’s availability, our users will get plenty of notice. Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us. There are no specific plans for the Keybase app yet. Initially, our single top priority is helping to make Zoom even more secure. How do all these accommodations fit into the security story? This is what we're excited to work on. These features are critical to connect the world in such a dangerous time. This is great for classrooms and town halls. They must continue to work.Īlso, Zoom calls can optionally be recorded and distributed by the host afterwards. All of these cases work, and they work well. You can also use their website, and in that case, you might be password-authenticated or even a guest. You can use the Zoom app on just about any platform, but you can also dial in over a plain old copper phone line. In our estimation, Zoom owes much of its success to its flexibility. Sound familiar? This is what we've been working on. Often, the right answers bubble up into user experience.īeneath the surface, the correct solution usually requires auditable chains of signatures, likely dangling off a merkle tree.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |