On Fri, May 30, 2008 at 02:58:15PM -0400, Arshad Noor wrote: > So, what is it on the device that is using the 3DES key to encrypt > chunks to send to the RIM messaging gateway?
Not "to the RIM gateway", "via the RIM gateway" the payload is destined for a corporate messaging server. > Something on the > device has to encrypt/decrypt the data sent to/from the messaging > server? Doesn't that constitute a session even if the 3DES keys > are rotated frequently? (And, if they are, how are the 3DES keys > agreed upon? Doesn't that imply public/private key-pairs or a > master-key?) Presumably the device has a KEK, and generates a session key for each message, encrypting that under the KEK. The KEK is used for a long time (~90 days) and periodically renegotiated. I don't recall how the KEK is agreed to. Perhaps there is PKI involved in that step, or it could just negotiate the new KEK using the current KEK. There is not in practice any need for a PKI in this context, it looks rather a lot more like Kerberos than PKI. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]