Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Recommended Software for Encrypted Blackberry Voice Calls

Chris Palmer chris at eff.org
Tue Jan 25 14:11:07 PST 2011


On Jan 25, 2011, at 1:31 PM, Frank Rieger wrote:

> Regarding the overall security of BlackBerry, you totally need to trust RIM. See last years incidence where Etisalat in the UAE installed government trojans onto all BlackBerrys and it got only noticed way after the fact by accident.

Isn't Etisalat the threat actor in that case, moreso than RIM?

Granted, RIM gave Etisalat a code-signing cert. But then, Mozilla gives Etisalat (and CNNIC, and...) CA certs for web sites. And as the EFF SSL Observatory has shown, bad actors like Etisalat had intermediary signing certs for web sites even before they got root CA certs in Mozilla. And DHS has an intermediary cert, too.

This is one reason why I prefer Android's CA-less signing model. It uses signatures to identify and quarantine sources of code, not as a basis for giving code a high level of trust based on who the code's author could trick into signing the code.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation




More information about the liberationtech mailing list