Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday June 07, @04:05PM   Printer-friendly
from the so-they-say dept.

Microsoft Teams calls are getting end-to-end encryption in July:

Microsoft Teams is getting better security and privacy next month with the addition of end-to-end encrypted 1:1 voice calls.

While Microsoft Teams already encrypts data at rest and in transit, it allows administrators to configure automatic recording and transcription of voice calls.

Due to this, Microsoft Teams calls are not suitable for sharing very sensitive information that should remain private between two individuals.

Starting in July, Microsoft Teams is getting end-to-end encryption for 1:1 VoIP calls so that their discussions remain entirely private.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday June 07, @09:37PM (2 children)

    by Anonymous Coward on Monday June 07, @09:37PM (#1142915)

    Proper DH key exchange allows for safe creation of a mutual shared key even if you don't know the other client's secret key but does not support authentication. That would require an account with some company you trust to vouch for the other client or some sort of prior public announcement (on a blockchain?) of the other client's credentials. You could also use public/private keys.

  • (Score: 0) by Anonymous Coward on Tuesday June 08, @12:32PM (1 child)

    by Anonymous Coward on Tuesday June 08, @12:32PM (#1143104)

    Proper DH key exchange .... You could also use public/private keys.

    Yeah, thanks for confusing the two.

    DH key exchange happens with help of public/private keys. The key is signed by the private key and verified by the public. Without this step, the entire DH exchange is totally vulnerable to MITM.

    Client #1 MITM Client #2

    If DH is via MITM, then MITM can just be between the two clients and see everything, modify, etc and just re-encrypt and forward. This is the only reason to have the CA system. The only reason why one needs to verify the keys if you don't trust the root or share the root.

    So yes, DH is used to exchange ephemeral keys, but you still need to verify them and this is where the public cryptography comes in.

    • (Score: 0) by Anonymous Coward on Wednesday June 09, @02:42AM

      by Anonymous Coward on Wednesday June 09, @02:42AM (#1143401)

      No confusion at all except at your end. You do need some sort of authentication when using DH to avoid mitm. The authentication could be via a trusted cental site using proprietary methods, or by public/private keys with all the CA infrastructure, or by using a distributed public announcement of appropriate info. Any secure authentication method can be used and should be used with DH.