Black Berry and encryption

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Sun Aug 15 15:33:08 UTC 2010


| From: James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org>

| "What about at either end of the encryption process? E-mails sent encrypted
| from a BlackBerry handset at some point have to be decrypted and sent to the
| recipient's e-mail server. That is done either by the "enterprise" server, for
| those large BlackBerry users that have them, or in RIM's own servers in the
| case of people who have their BlackBerry contract with a local telecoms firm."
| 
| Doesn't RIM use public/private key encryption?  If so, then the message can
| only be decrypted by the recipient and not at any server along the way.  Many
| companies have their own key servers to generate the key pairs, so RIM would
| have no access to those messages.

As users of email, we would want end-to-end encryption.  Unfortunately
no random pair of users seems to have a prior agreement about how to
do encryption or authentication so we use the greatest common divisor,
plain text.

Note: encryption is easy.  Authentication is hard.  Without
authentication, encryption is not that useful.  For one thing, it is
subject to Man-in-the-middle attacks.

PGP was an attempt to grow a system for encrypting mail from the
bottom up.  It was not a complete failure, but it sure wasn't a
success.

The same applies to VoIP.  Skype is encrypted because it is a
proprietary system from one supplier.  SIP can be encrypted but, as
far as I know, it is useless because there is no agreed-upon way of
authenticating.

BTW, RIM bought Certicom for what seemed like a pretty good price last
year.  Certicom has important patents for Eliptic Curve Cryptography
(ECC) -- they were founded by University of Waterloo folks who did
some of the foundational work.  ECC is a public key system that takes
a lot fewer bits than RSA.

BTW2, I used the phrase "greatest common divisor" instead of the
conventional "lowest common denominator" since the latter makes no
sense to me.  The real notion is the meet or join operation on some
lattice, but try to say that in a normal conversation.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list