todb-r7
commented
4 years ago Oh, this may ultimately be a dupe (or at least obsoleted by) #11
Closed todb-r7 closed 4 years ago
todb-r7
commented
4 years ago Oh, this may ultimately be a dupe (or at least obsoleted by) #11
AdriaanDeVos
commented
4 years ago I agree that it should be visible in the UI when sub-optimal security settings are used.
As shown by ENISA here, FIPS is widely accepted within the European Union. Section 4.2:
"Aside from the European certification framework, the American certification scheme, the Federal Information Processing Standards (FIPS) by the National Information Standardization Institute (NIST) are relatively widely used by European providers. Some European countries accept FIPS certifications for electronic signature products as equivalent to Common Criteria certified. "
As Zoom is a US company, I expect them to only look at FIPS certification because it sets high requirements and many different countries trust in these requirements.
mmou
commented
4 years ago It’s not a downgrade to plain P-384; we will always double sign/encrypt. In general, we will be introducing UI labels for different levels of E2EE security.
-- Zoom E2E Team
This line
https://github.com/zoom/zoom-e2e-whitepaper/blob/1ca74d7151a30c67ac1f50419967083076e70820/doc/p1_1.tex#L65
mentions a capability to downgrade to P-384. Will this downgrade be obvious in the meeting UI?
Also, are there other government standards in other countries that are being considered to get baked in, or is it really just going to be the just the two crypto suites?