RIM to give in to GAK in India

Victor Duchovni Victor.Duchovni at morganstanley.com
Fri May 30 15:22:10 EDT 2008

On Fri, May 30, 2008 at 02:58:15PM -0400, Arshad Noor wrote:

> So, what is it on the device that is using the 3DES key to encrypt
> chunks to send to the RIM messaging gateway? 

Not "to the RIM gateway", "via the RIM gateway" the payload is destined
for a corporate messaging server.

> Something on the 
> device has to encrypt/decrypt the data sent to/from the messaging
> server?  Doesn't that constitute a session even if the 3DES keys
> are rotated frequently?  (And, if they are, how are the 3DES keys
> agreed upon?  Doesn't that imply public/private key-pairs or a
> master-key?)

Presumably the device has a KEK, and generates a session key for each
message, encrypting that under the KEK. The KEK is used for a long time
(~90 days) and periodically renegotiated. I don't recall how the KEK is
agreed to. Perhaps there is PKI involved in that step, or it could just
negotiate the new KEK using the current KEK. There is not in practice
any need for a PKI in this context, it looks rather a lot more like
Kerberos than PKI.


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list