Building E2EE and User Identity

In a remote-first world, end-to-end encrypted (E2EE) communications will become more common. The Zoom team published in May 2020 an incrementally deployable proposal for E2EE in their video conferencing product that describes not only moving user key generation to clients but also building a strongly-trusted and user-friendly concept of long-term identity. After all, E2EE is only as secure as the ends: if Alice thinks she is talking to her coworkers, but instead her competitors are participating in the meeting, encryption is not sufficient to protect her. This talk will go over and highlight some of the objectives and challenges of our multi-phased, multi-pronged approach to E2EE that has strong identity confirmation protocols, and minimal server-trust.

Integrating an E2EE implementation into an existing system like Zoom, which supports hundreds of millions of meeting participants every day, has required particular consideration of existing architectural constraints, existing user trust models, and user expectations in the UI/UX. Designing with these priorities becomes even more significant in subsequent phases of the E2EE plan, where we aim to establish a consistent and auditable identity designed to tie each user to their Zoom account/organization and their many devices' long-term keys. These user identities will be enforced by several mechanisms to minimize the reliance on server-side security, with the eventual goal of making server compromise of user identities detectable by external auditors. With each phase, we improve the properties of a user's displayed identity in a meeting and aim to make verifying the security of a Zoom meeting as intuitive for the user as possible.