View Single Post
Old 02-08-2011, 11:35 AM   #151 (permalink)
Talking BlackBerry Encyclopedia
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
Carrier: Rogers
Posts: 205
Post Thanks: 6
Thanked 7 Times in 5 Posts
Default Re: BIS - No Better Security than Web Based Mail

Originally Posted by The Sand View Post
Yes, it does matter. The part of the email transaction that is most vulnerable to sniffers is from device to server... making SSL very important. After server to its destination, YES it can go from to server to server with SSL intact as long as the server supports SSL/TLS. As technology makes progress in this area we will only see more and more support. Try reading the headers of a sent message using SSL/TLS... do your own research on this. Step one to take advantage of all this is to enable SSL.
You are missing my point. For it to be secure, this would have to be the case on BOTH ENDS. If the mail message you are sending from your handheld is being delivered to a PC, who is more likely to have their mail sniffed? The person using the device that doesn't actually have an IP address and is having their connection proxied through RIM's server, or the person sitting at home connected to a cable modem?

And yes, you are correct on the philosophy about SSL adoption on mail servers making this less and less of an issue at the end-user level, but it is still an issue as it stands now.

Originally Posted by The Sand View Post
Of course, keep in mind it's an encrypted "tunnel"... it does not encrypt the body of the message itself. For that you need PGP/SMIME or WinZip with encryption. But it does enough that it is now standard practice on smartphones.
Yes, smartphones that actually talk to the mail servers themselves. That is not the case with a Blackberry. The Blackberry talks to the BIS server. The BIS servers talks to your mail servers. This appears to be where the confusion lies.

A Blackberry requires a certificate to talk to the BIS server. That is why the device has to be REGISTERED with the BIS.

Originally Posted by The Sand View Post
And I use SMIME with "free email services" in this thread. I encrypt Yahoo and Hotmail everyday from Outlook to the people I have set this up with - and you can get certificates for free... so POP3 and IMAP have the capability as well as exchange.
Yes, from Outlook... a paid piece of software. My reference was to web-based mail services used in that manner.

But then again, you are talking about POP and IMAP. Neither of which are used by your Blackberry to talk to the BIS server. You are talking about traditional mail transport mechanisms. Those are not what are in play here.

Originally Posted by The Sand View Post
RIM stated to me that the connection from their server to my provider (Yahoo/Gmail/Hotmail) was not encrypted. They also stated they push the email to the device with nothing. Which is why I did two things... switched to BES and put Yahoo/Hotmail through another smartphone with SSL. Now all my accounts are going from device to/from server protected.

Well, the RIM FAQ clearly states that the link between their server and the mail provider CAN be encrypted. I would take that as "the word" on this topic. It would of course be up to that provider to support an encrypted relationship with RIM's servers or not however. Which, from your own experience, seems to vary.

And yes, the mail is being pushed to the device unencrypted. But it also isn't being delivered via a conventional mail transport mechanism. You need to take that into consideration. This isn't a device polling a mail server using POP or IMAP, not sending mail out using SMTP. This is a client/server relationship between the handheld and the BIS server.

BTW, I'm not arguing against your point that encryption is better. Of course it is!

Here is some more reading for you:

BIS Connections - BlackBerry Support Community Forums

Gives a good run-down on how BIS communication is tunneled from the handheld through RIM's servers.
BES Admin
Network Engineer
Blackberry user since 2001.
Offline   Reply With Quote