View Single Post
Old 02-03-2011, 02:56 PM   #149 (permalink)
Talking BlackBerry Encyclopedia
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
Carrier: Rogers
Posts: 205
Post Thanks: 6
Thanked 7 Times in 5 Posts
Default Re: BIS - No Better Security than Web Based Mail

The point that has been mentioned (but not really hashed out here) is that SMTP isn't secure anyways.

You can encrypt the living hell out of your connection between the handheld and the provider. Be it Yahoo, Microsoft, Google.... Whomever. But the instant that mail message leaves their server for its destination... It is in clear text. Bouncing from router to router until it gets to the destination SMTP server for the domain the e-mail was intended for.

The only way to guarantee security here is with the (cumbersome) method of using PGP or S/MIME. Neither of which you can do with any of the free mail services being discussed in this thread; obsessed upon actually.

Does it REALLY matter if your connection from your handheld, over your providers network, to RIM is encrypted or not, if the connection from your Hotmail account to wherever your outgoing mail is destined for is not?

No, it doesn't. If anything, it instills a false sense of security; makes people think their mail is "protected". Same goes for receiving mail. When the mail is pushed from RIM's server to your handheld, even if the last link between your provider and your handheld (lets say Rogers and my Blackberry if I were using BIS) was unencrypted, if the e-mail message came from a domain other than the one I'm sending through, how many networks has it passed through in clear text already?

I think the other point here (and what Penguin appeared to be getting at) is that RIM isn't using HTTP, HTTPS or SMTP on the bloody handheld anyway. You aren't configuring your DEVICE to use the providers mail servers. You are configuring a system on RIM's servers to USE those credentials to login to your providers servers. And RIM clearly states that the connection between their server and your provider is encrypted! So what is the issue? The mail isn't being delivered to your handheld through POP, HTTP or any conventional mechanism. So the point about HTTPS/SSL here is irrelevant. The mail is being PUSHED to your handheld using proprietary RIM technology, from THEIR server; the server which your account is configured on. And when mail is SENT from the handheld, it is handled the same way.

The only way HTTP or HTTPS are relevant are if we are discussing accessing your mail through a web browser, and not RIM's BIS "client". Which is just an interface to make configuration changes at THEIR end.

I think there is a severe fundamental misunderstanding of the underlying technology here; somebody knows just enough to be dangerous.

I give Penguin props for trying to explain this earlier in the thread. Though it appears to have fallen on deaf ears. I think the rep from RIM did a poor job explaining the technology to Sandy. And that is likely why this thread ended up the way it did.
BES Admin
Network Engineer
Blackberry user since 2001.

Last edited by OVERKILL : 02-03-2011 at 02:57 PM.
Offline   Reply With Quote