On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote:
> Arshad Noor <[EMAIL PROTECTED]> writes:
>
> > Even if RIM does not have the device keys, in order to share encrypted
> > data with applications on the RIM server, the device must share a session
> > key with the server; must it not?. Isn't RIM (their software, actually)
> > now in a position to decrypt content sent between Blackberry users? Or,
> > does the Blackberry encryption protocol work like S/MIME?
>
> The enterprise solution does work something like S/MIME.
The keys are symmetric 3DES, and encrypt message chunks (IIRC either
256 or 1K bytes) sent asynchronously to the enterprise messaging gateway.
RIM does not have a secure session with the device. This is not like
S/MIME except that as with S/MIME, this is not hop-by-hop encryption.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
