[CanuckBB]

Nokia does not have servers contacting mail servers. That makes a difference.

You're right, we don't know. But given the fact that the BIS servers do us SSL, I'd speculate that there is a reason for not using it for certain providers.

[SteveO86]

Quote:

Originally Posted by The Sand

As for encrypted BB email... it's not "ease of use" of my part - it was other people who had the difficulty. As I said, it didn't go over well with "them." And right now I am talking about using programs that encrypt BB mail - not what can be done on a computer.

Sandy

S/MIME and PGP can both be deployed, for an email to be truly secure it will need to be encrypted end to end until it reaches its desired recipient with the decryption key.

As I also mentioned, no matter how secure something is the weakest link will be the end users (ie your friends, who get annoyed by encryption). But surely not every email you send must be encrypted (right?). If an email has confidential information in it then yes I would encrypt it and tell them to deal with it.

And when we look at the what the threats are, RIM's connection to Gmail or the end user PC, the end user PC is where everything should be protected. If RIM's connection is compromised you see RIM fall off the face of the earth the very next day. (maybe not but let's say yes for the sake of this thread).

Note: The reason I keep referring to end user PC is because when you someone they will most likely read it from PC where the threat list is long.

(Another note, I have been merely trying make you feel a little bit better stating that an SSL should be there but if it isn't it really isn't anything to fret about too much.)

[The Sand]

Quote:

Originally Posted by CanuckBB

Nokia does not have servers contacting mail servers. That makes a difference.

You're right, we don't know. But given the fact that the BIS servers do us SSL, I'd speculate that there is a reason for not using it for certain providers.

I agree it’s all about the servers and they advantage or disadvantage they afford the user….

Clearly there is an advantage for BES users .. for BIS users it appears it has actually hurt the process. RIM probably set this up years ago – when incoming/outgoing offered – nothing. When you couldn’t even put web based mail through Outlook on SSL enabled ports. But email has changed and offered more options through email clients as well as SSL for sign in and an https lock for Gmail while on the web… and it looks like RIM can’t change with it because we are on the “server.”

After further thought I don’t see them being able to change it without a lot of effort. It’s like they built this massive structure – and the structure is what is holding them back from moving forward in consumer email – keep in mind I am talking about the BIS.

But they better do something because really… does RIM want to be the last guy at the table offering “dated” options for consumer email...


Sandy

[The Sand]

Quote:

Originally Posted by SteveO86

S/MIME and PGP can both be deployed, for an email to be truly secure it will need to be encrypted end to end until it reaches its desired recipient with the decryption key.

As I also mentioned, no matter how secure something is the weakest link will be the end users (ie your friends, who get annoyed by encryption). But surely not every email you send must be encrypted (right?). If an email has confidential information in it then yes I would encrypt it and tell them to deal with it.

And when we look at the what the threats are, RIM's connection to Gmail or the end user PC, the end user PC is where everything should be protected. If RIM's connection is compromised you see RIM fall off the face of the earth the very next day. (maybe not but let's say yes for the sake of this thread).

Note: The reason I keep referring to end user PC is because when you someone they will most likely read it from PC where the threat list is long.

(Another note, I have been merely trying make you feel a little bit better stating that an SSL should be there but if it isn't it really isn't anything to fret about too much.)

Thanks for trying to make me feel better... after the shock wore off I do

Sandy

[pinhead]

I really appreciate this thread. I have learned quite a few things reading through all of these posts. I understand that much of this may be old news to some of you, and it isn't all new to me either, but some questions I had have now been cleared up.

It is odd that I have posted questions about some of what has been brought up here in the past and those posts went largely unanswered. Here I inadvertently find some of those answers.

Thanks!

[SteveO86]

Feel free to ask any further BlackBerry security questions in this forum.

(If not related to this thread, start up another)

[CanuckBB]

Quote:

Originally Posted by The Sand

I agree it’s all about the servers and they advantage or disadvantage they afford the user….

Clearly there is an advantage for BES users .. for BIS users it appears it has actually hurt the process. RIM probably set this up years ago – when incoming/outgoing offered – nothing. When you couldn’t even put web based mail through Outlook on SSL enabled ports. But email has changed and offered more options through email clients as well as SSL for sign in and an https lock for Gmail while on the web… and it looks like RIM can’t change with it because we are on the “server.”

After further thought I don’t see them being able to change it without a lot of effort. It’s like they built this massive structure – and the structure is what is holding them back from moving forward in consumer email – keep in mind I am talking about the BIS.

But they better do something because really… does RIM want to be the last guy at the table offering “dated” options for consumer email...


Sandy

And I'm saying that BIS CAN do SSL. The fact that they don't for certain providers may have more to do with the provider.

For me, the gain in battery life afforded by the BIS push as opposed to my phone waking up regularly to check on mail far outweighs the pretty much non-existant risk of a man-in-the-middle attack between RIM and the providers.

By far you greatest risk is the cellular communication. That, I'll agree with you, should be encrypted more than just the cell network encryption.

[The Sand]

It’s weird because they can do SSL (based on what they have disclosed) but when the email is theirs (blackberry.net) they chose 110 and 25 no SSL. They did not want to tell me that…

As far as push/pull – i.e. can I pull it faster than you can push it and will it kill my battery… depends on the device and if it has battery “issues” and the pull time v. the push time.

if you ask me it appears you get that faster instantaneous push if you are on port 143 no SSL and when you aren’t, like Hotmail which is SSL through BIS you lose it, as we all know Hotmail is checked every 15 minutes (which is not a fast push time.) When RIM is pulling the mail on that port (143 no SSL) it gives you the turnaround speed – but you lose the security. I don’t know this for sure… but it makes sense.

Keep in mind the BB messenger is secure which is good to know – and you aren’t limited to 140 characters which is always a plus. I am convinced pretty soon we will just be doing emoticons – a smiling stick figure holding a brown paper bag in front of a building spitting out cash from a slit in the front will mean, “Hi honey, I have gone to the bank ATM and will go to the grocery store.” That he smiling will mean the account isn’t “overdrawn.”

It started out that way - figures carved into the wall… could end up the same way just “digital.”

Sandy

[CanuckBB]

Quote:

Originally Posted by The Sand

Itxxx8217;s weird because they can do SSL (based on what they have disclosed) but when the email is theirs (blackberry.net) they chose 110 and 25 no SSL. They did not want to tell me thatxxx8230;

Not sure what you mean here. blackberry.net servers interact with the device through the cell network and the world through port 25. Like every other email server out there.

Quote:

As far as push/pull xxx8211; i.e. can I pull it faster than you can push it and will it kill my batteryxxx8230; depends on the device and if it has battery xxx8220;issuesxxx8221; and the pull time v. the push time.

Time aside, it is less of a burden on the batery if the device does not have to initiate a data stream unless there is actual data to fetch

Quote:

if you ask me it appears you get that faster instantaneous push if you are on port 143 no SSL and when you arenxxx8217;t, like Hotmail which is SSL through BIS you lose it, as we all know Hotmail is checked every 15 minutes (which is not a fast push time.) When RIM is pulling the mail on that port (143 no SSL) it gives you the turnaround speed xxx8211; but you lose the security. I donxxx8217;t know this for surexxx8230; but it makes sense.

That is design negotiated between RIM and hotmail. I'm not sure why it's done that way, but as RIM does have the ability to do SSL and doesn't, I'm no so quick to blame them solely.

BIS server pull faster than 15 minutes if it's an active account. It will check for mail every 15 minutes, if mail is found it goes on a 2 minute polling cycle until no mail arrives and returns to 15 minutes.

Quote:

Keep in mind the BB messenger is secure which is good to know xxx8211; and you arenxxx8217;t limited to 140 characters which is always a plus. I am convinced pretty soon we will just be doing emoticons xxx8211; a smiling stick figure holding a brown paper bag in front of a building spitting out cash from a slit in the front will mean, xxx8220;Hi honey, I have gone to the bank ATM and will go to the grocery store.xxx8221; That he smiling will mean the account isnxxx8217;t xxx8220;overdrawn.xxx8221; It started out that way - figures carved into the wallxxx8230; could end up the same way just xxx8220;digital.xxx8221;

Sandy

lol

[The Sand]

Quote:

Originally Posted by CanuckBB

That is design negotiated between RIM and hotmail. I'm not sure why it's done that way, but as RIM does have the ability to do SSL and doesn't, I'm no so quick to blame them solely.

BIS server pull faster than 15 minutes if it's an active account. It will check for mail every 15 minutes, if mail is found it goes on a 2 minute polling cycle until no mail arrives and returns to 15 minutes.

Yahoo and Gmail on 143 are instant even if the connection is not active. The mail hits Yahoo on the web and instantly it's on the BB. Add in SSL like Hotmail does and you start rolling like you mentioned above - every 15 minutes if it goes idle.

As for 110/25 I would expect better than that for a Blackberry.net address. I would expect what the others offer in regard to SSL.

In the end... the company that delivers the "instant push" - even if the connection has gone inactive - with SSL enablement is the winner. I hope RIM delivers this first...

Sandy

[penguin3107]

Quote:

Originally Posted by The Sand

Yahoo and Gmail on 143 are instant even if the connection is not active. The mail hits Yahoo on the web and instantly it's on the BB. Add in SSL like Hotmail does and you start rolling like you mentioned above - every 15 minutes if it goes idle.

As for 110/25 I would expect better than that for a Blackberry.net address. I would expect what the others offer in regard to SSL.

In the end... the company that delivers the "instant push" - even if the connection has gone inactive - with SSL enablement is the winner. I hope RIM delivers this first...

Sandy

Sandy, you're so very wrong about this.
For starters, there is absolutely no correlation between encryption and polling interval.

Secondly, GMail doesn't even offer any connection on port 143, which is the standard IMAP port. GMail uses port 993 and requires SSL, but that's irrelevant to BIS anyway.
BIS does not connect to GMail (or Yahoo) via POP or IMAP.
Both providers have specialized integration with BIS over a secure connection. In fact, BIS was integrating with GMail before GMail even had POP/IMAP connectivity.

Regarding the blackberry.net mailbox. BIS isn't polling that mailbox at all because the mailbox and messaging server is on the same network as BIS. It's immediately pushed and the messages aren't stored anywhere. They're already protected because they're on the same internal network, owned and operated by RIM. Makes no difference is there's SSL or not.

This thread has become so convoluted with misinformation and FUD that it's nearly impossible to follow at this point.
Hopefully this discussion comes to a close soon.

[The Sand]

Quote:

Originally Posted by penguin3107

Sandy, you're so very wrong about this.
For starters, there is absolutely no correlation between encryption and polling interval.

Secondly, GMail doesn't even offer any connection on port 143, which is the standard IMAP port. GMail uses port 993 and requires SSL, but that's irrelevant to BIS anyway.
BIS does not connect to GMail (or Yahoo) via POP or IMAP.
Both providers have specialized integration with BIS over a secure connection. In fact, BIS was integrating with GMail before GMail even had POP/IMAP connectivity.

Regarding the blackberry.net mailbox. BIS isn't polling that mailbox at all because the mailbox and messaging server is on the same network as BIS. It's immediately pushed and the messages aren't stored anywhere. They're already protected because they're on the same internal network, owned and operated by RIM. Makes no difference is there's SSL or not.

This thread has become so convoluted with misinformation and FUD that it's nearly impossible to follow at this point.
Hopefully this discussion comes to a close soon.

Yes there is NO 143 for Gmail or Yahoo...it's what RIM uses - it's internal. But since you are on the BIS NOT the BES you are not protected even though it's happening internally. The BIS users are not afforded that protection even though it's "internal." That was the point... ALL of this would be totally doable - with NO SSL, if you were protected on RIM's server...

And I agree I am sick of talking about it...

Sandy

[penguin3107]

Quote:

Originally Posted by The Sand

But since you are on the BIS NOT the BES you are not protected even though it's happening internally.

Wrong... you still don't seem to get it.
It is secured, and that's what most people here are trying to tell you.
RIM's BIS integration to Yahoo and GMail is secured. Understand?

[jsconyers]

Sandy, did you see the link in post 92?

[devnull]

Tried to get her to read the same / similar link way back in post #12 as well. Guess she chooses not to.

[The Sand]

Quote:

Originally Posted by devnull

Tried to get her to read the same / similar link way back in post #12 as well. Guess she chooses not to.

Yes I read it... And the documentation from RIM. I discussed this with them and really... I want to base my decisions for BB email on what I learned directly from RIM.

In addition we are talking about "incoming" right" now - the outgoing has nothing unless its Gmail - no smtp SSL.

Incoming/outgoing are 2 sides of the same coin - both have to be protected.

But each user can make up their own mind here on what has been presented.
Sandy
Posted via BlackBerryForums.com Mobile

[penguin3107]

Quote:

Originally Posted by The Sand

Incoming/outgoing are 2 sides of the same coin - both have to be protected.

OH, FOR THE LOVE OF GOD, THEY ARE PROTECTED!

I quit.

[jsconyers]

Sandy,


Email messages and instant messages
Email messages and instant messages that are sent between the BlackBerry® Internet Service and your BlackBerry device use the security
features of the wireless network. Messages that are sent between your messaging server and the BlackBerry Internet Service are automatically
encrypted if the server supports SSL encryption.

[The Sand]

Quote:

Originally Posted by penguin3107

OH, FOR THE LOVE OF GOD, THEY ARE PROTECTED!

I quit.

That's interesting... because when I asked about it that is not what they said. You are saying both incoming/outgoing is protected/secure. RIM did not say that. And they were very careful in their response because they don't want to get sued. I spoke to them verbally and emailed back and forth... they are very prompt in responding back to you when you pay. To make sure I understood everything I wrote a "conclusion" email stating what I had learned. They did not respond to tell me I was wrong like you are...

And I am not going to go back wards and readdress issues we have already covered.

People can pay, call and ask. Because I would LOVE for all of this not to be true. Right now both BB's have no "relevant" email and everything is going through my other smartphone with SSL enabled for ALL accounts both incoming/outgoing.

To each his own here... do what is best for "you."

Sandy

[SteveO86]

It is possible the level 1 help desk personnel you spoke with was wrong. Given the choice between a printed official document from RIM or the word of an employee. I would have to go with the documentation.

People make mistakes.