[Harry_III_UK]

I've read a lot about how BB offers a more secure mail transport system than those available from other handset providers.

Does this make any difference for the average user though? For example:

I believe that you can have the BB use encryption for your e-mail in a corporate environment.

So, someone can send you an e-mail encrypted with your public key which they can get from a key server either from your corporate network (say attached to your contact entry in a global address book) or from another key server on the internet, or handed over face to face at a meeting.

The sender can encrypt the e-mail with your key using their desktop computer and send it over the internet, encrypted. Even a mail client like Outlook has the options to use keys to do this.

Your corporate (say) Exchange server will pick up the encrypted e-mail and pass it to the BES without performing any decrypting. The BES will send the e�mail still in its encrypted form to your handheld and then the handheld BB will decrypt the message on the handheld so you can read it locally because your secret key is on the handheld and invoked automatically when you open the e-mail application. So, the only place that the message is ever in plaintext is on your BB handheld device and the sender's computer unless they also encrypt to themselves and save the sent item in encrypted format.

So, while this only works if the sender encrypts their e-mail to you first, it provides end to end encryption as an option and is thus more secure than any system sending e-mails as simple unencrypted plaintext.

I believe it is also possible to protect the content of your BB handheld with local content protection � so that when the handheld is locked by the user, the data in the background is encrypted. However, I believe the level of encryption here is just what is on the BB OS and does not use any form of public key cryptography, and is quite separate from the corporate key server. Is that correct?

Although it is still possible to see that Alice sent an encrypted e-mail to Bob, Eve will not know what the contents of that e-mail were because Eve does not have Bob's secret key needed to decrypt the e-mail (or Alice's secret key if Alice also encrypted the e-mail to herself).

When Bob replies to Alice on his BB handheld, his BB handheld can use Alice's public key to encrypt the reply.

Firstly, are my assumptions above correct?

If not, please tell me where the assumptions are flawed!

If my assumptions are correct:

When Alice sends her e-mail to Bob, how does Alice know that the algorithm she is using to encrypt the e-mail she is sending to Bob is something that Bob's BB will be able to decipher? Are there common encryption plug ins for mail clients that are widely available and are compatible with BB's system? If so, what type of encryption is this? Is it something like PGP or GPG � and do you have a choice of which algorithm is used and how many bits the keys have?

When Bob replies to Alice via his BB, how does Bob's BB get hold of Alice's public key if she doesn't work for the same company with access to the same key server?

I was wondering, would any of the BB options other than local content protection make any difference to a non corporate user?

As a non corporate, I don't have access to a key server etc � so is there anything that the BB can offer a non corporate in the way of security options that makes it more secure than any other smartphone out there?

Or, are BB's security advantages moot for a non corporate user?

Thanks,

Harry

[cgk]

Does this make any difference for the average user though?

A security concious individual - no.