Black Berry and encryption
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Sun Aug 15 15:59:01 UTC 2010
D. Hugh Redelmeier wrote:
> As users of email, we would want end-to-end encryption. Unfortunately
> no random pair of users seems to have a prior agreement about how to
> do encryption or authentication so we use the greatest common divisor,
> plain text.
>
What about X.509 certificates? Those are commonly used. I had one from
Thawte, from before they were bought by Verisign. With those
certificates, encryption is end to end, including through any mail
servers. Corporate mail systems would often have their own certificate
server, which would generate the necessary keys and make them available
as part of the directory services. We certainly had that with Lotus
Notes, when I was at IBM several years ago. I believe Exchange does
that too. If a 3rd party certificate server is used there's no way any
ISP would have access. Also, with X.509, you could send someone the
encryption (public) key, simply by sending them a signed email. I'd be
very surprised if RIM didn't use a public/private key system, as the old
symmetrical keys had a lot of problems, particularly with key distribution.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list