Re: RIM to give in to GAK in India

2008-06-02 Thread Allen
Victor Duchovni wrote: On Tue, May 27, 2008 at 08:08:11PM +0100, Dave Korn wrote: Well spotted. Yes, I guess that's what Jim Youll was asking. And I should have said seemingly-contradictory. This is, of course, what I meant by marketeering: when someone asks if your service is insecure

Re: RIM to give in to GAK in India

2008-05-31 Thread Arshad Noor
So, what is it on the device that is using the 3DES key to encrypt chunks to send to the RIM messaging gateway? Something on the device has to encrypt/decrypt the data sent to/from the messaging server? Doesn't that constitute a session even if the 3DES keys are rotated frequently? (And, if

Re: RIM to give in to GAK in India

2008-05-31 Thread Victor Duchovni
On Fri, May 30, 2008 at 02:58:15PM -0400, Arshad Noor wrote: So, what is it on the device that is using the 3DES key to encrypt chunks to send to the RIM messaging gateway? Not to the RIM gateway, via the RIM gateway the payload is destined for a corporate messaging server. Something on the

Re: RIM to give in to GAK in India

2008-05-30 Thread Arshad Noor
Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't RIM (their software, actually) now in a position to decrypt content sent between Blackberry users? Or, does

Re: RIM to give in to GAK in India

2008-05-30 Thread Derek Atkins
Arshad Noor [EMAIL PROTECTED] writes: Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't RIM (their software, actually) now in a position to decrypt

Re: RIM to give in to GAK in India

2008-05-30 Thread Victor Duchovni
On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote: Arshad Noor [EMAIL PROTECTED] writes: Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't

RIM to give in to GAK in India

2008-05-27 Thread Perry E. Metzger
Excerpt: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys. http://economictimes.indiatimes.com/Telecom/Govt_may_get_keys_to_your_BlackBerry_mailbox_soon/articleshow/3041313.cms

Re: RIM to give in to GAK in India

2008-05-27 Thread Derek Atkins
Quoting Perry E. Metzger [EMAIL PROTECTED]: Excerpt: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys.

RE: RIM to give in to GAK in India

2008-05-27 Thread Dave Korn
Perry E. Metzger wrote on 27 May 2008 16:14: Excerpt: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys.

Re: RIM to give in to GAK in India

2008-05-27 Thread Florian Weimer
* Dave Korn: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys. Research In Motion (RIM), the Canadian

Re: RIM to give in to GAK in India

2008-05-27 Thread Jim Youll
Isn't this just a semantic game on the part of RIM and the government? The phrase enterprise customers would seem to isolate a class of customers such that individual customers not using a corporate version of the product would see their crypto weakened... and be subject to monitoring

RE: RIM to give in to GAK in India

2008-05-27 Thread Dave Korn
Florian Weimer wrote on 27 May 2008 18:49: * Dave Korn: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over

Re: RIM to give in to GAK in India

2008-05-27 Thread Victor Duchovni
On Tue, May 27, 2008 at 08:08:11PM +0100, Dave Korn wrote: Well spotted. Yes, I guess that's what Jim Youll was asking. And I should have said seemingly-contradictory. This is, of course, what I meant by marketeering: when someone asks if your service is insecure and interceptable, you