[124991] in cryptography@c2.net mail archive
Re: RIM to give in to GAK in India
daemon@ATHENA.MIT.EDU (Arshad Noor)
Sat May 31 19:49:22 2008
Date: Fri, 30 May 2008 14:58:15 -0400 (EDT)
From: Arshad Noor <arshad.noor@strongauth.com>
To: Victor Duchovni <Victor.Duchovni@morganstanley.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <20080530174109.GT29326@hn305c2n2.ms.com>
So, what is it on the device that is using the 3DES key to encrypt
chunks to send to the RIM messaging gateway? Something on the
device has to encrypt/decrypt the data sent to/from the messaging
server? Doesn't that constitute a session even if the 3DES keys
are rotated frequently? (And, if they are, how are the 3DES keys
agreed upon? Doesn't that imply public/private key-pairs or a
master-key?)
Arshad Noor
StrongAuth, Inc.
----- Original Message -----
From: "Victor Duchovni" <Victor.Duchovni@morganstanley.com>
Cc: cryptography@metzdowd.com
Sent: Friday, May 30, 2008 10:41:10 AM (GMT-0800) America/Los_Angeles
Subject: Re: RIM to give in to GAK in India
On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote:
> Arshad Noor <arshad.noor@strongauth.com> writes:
>
> > Even if RIM does not have the device keys, in order to share encrypted
> > data with applications on the RIM server, the device must share a session
> > key with the server; must it not?. Isn't RIM (their software, actually)
> > now in a position to decrypt content sent between Blackberry users? Or,
> > does the Blackberry encryption protocol work like S/MIME?
>
> The enterprise solution does work something like S/MIME.
The keys are symmetric 3DES, and encrypt message chunks (IIRC either
256 or 1K bytes) sent asynchronously to the enterprise messaging gateway.
RIM does not have a secure session with the device. This is not like
S/MIME except that as with S/MIME, this is not hop-by-hop encryption.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
