All of this is aimed at building extremely good end-to-end protections for Zoom meetings while remaining easy to use and to deploy. Key management is hard. This is one of the biggest lessons I learned when I started building crypto in practice rather than only in theory.
and... what will the user be auditing for? That there are no backdoors, but might still be bugdoors? Is that really useful?
-
-
Considering the discussion was about web-vs-native, and this could make them equivalent in auditability, yes? I’m not arguing it gets you away from “trust the provider”, but it certainly gets you away from, say, having to trust me to police CAs in order to protect your updaters
-
Which specific characteristic is desirable, that we can check we got the same binary? I mean, I suppose that does mean less reliance on CA, it's far more common to have malicious or compromised provider?
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
