[145638] in North American Network Operators' Group
Re: [outages] News item: Blackberry services down worldwide
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Thu Oct 13 15:31:50 2011
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <b273f3d8-4b8e-4f62-b77b-98f336c3338d@blur>
Date: Thu, 13 Oct 2011 15:30:49 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 13, 2011, at 3:21 PM, McCall, Gabriel wrote:
> ActiveSync on Android allows corporate to force compliance with =
security policy and allow remote wipe. User cannot complete the exchange =
account setup without permitting the controls. If the user doesn't agree =
their sync isn't enabled. Moreover, if corporate requirements change =
sync is disabled until you approve again. That seems like it covers all =
the bases to me.
Same on iThings, plus SSL, wipe if 10 incorrect pass codes entered, =
enforcement of more than a 4-digit PIN pass code, auto-lock timeout, =
etc., etc. Any device that doesn't do this is likely old and / or going =
out of biz.
I like Jared's attempt to bring this back on topic, though. :) So going =
down that path, exactly why is iMessage any different from Skype, AIM, =
Jabber, etc.? I mean other than likely being part of the OS / =
seamlessly integrated. (I haven't tried it yet, so I am just assuming =
Apple has done their standard UI magic on this.)
In fact, Skype, just as a for instance, is worse on hotel wifi as =
launching the app on a laptop makes you a middle node for some =
conversations. Does Skype on $HANDHELD have the same property?
--=20
TTFN,
patrick
> -----Original message-----
> From: Andrea Gozzi <mls@vp44.net>
> To: Jamie Bowden <jamie@photon.com>, Christopher Morrow =
<morrowc.lists@gmail.com>, Jay Ashworth <jra@baylink.com>
> Cc: NANOG <nanog@nanog.org>
> Sent: Thu, Oct 13, 2011 17:02:53 GMT+00:00
> Subject: Re: NANOG:RE: [outages] News item: Blackberry services down =
worldwide
>=20
> Can't but agree with Jamie.
> The ability to centralize management for all Blackberry users and =
_force_
> them to comply with company policy (it's an investment bank) saved us =
lot
> of hassle when, and it happens regularly, people lose their handsets.
> Otherwise, it would be all unencrypted, unmonitored and unprotected =
access
> points to customer's private data.
> Some of our representatives recently switched to iphones, but nobody =
from
> management will ever be allowed anything than a Blackberry.
>=20
> Andrea
>=20
>=20
> On 10/13/11 5:55 PM, "Jamie Bowden" wrote:
>=20
>>=20
>>=20
>>> -----Original Message-----
>>> From: Christopher Morrow [mailto:morrowc.lists@gmail.com]
>>> Sent: Thursday, October 13, 2011 11:36 AM
>>> To: Jay Ashworth
>>> Cc: NANOG
>>> Subject: Re: [outages] News item: Blackberry services down worldwide
>>>=20
>>> On Thu, Oct 13, 2011 at 11:13 AM, Jay Ashworth
>> wrote:
>>>> ----- Original Message -----
>>>>> From: "Jamie Bowden"
>>>>=20
>>>>> Someday either Google or Apple will get
>>>>> off their rear ends and roll out an end to end encrypted service
>>> that
>>>>> plugs into corporate email/calendar/workgroup services and we can
>>> all
>>>>> gladly toss these horrid little devices in the recycle bins where
>>> they
>>>>> belong.
>>>>=20
>>>> I'm fairly sure K-9 does GPG, at least for the email
>>>=20
>>> plus normal mail + k9 will do TLS on SMTP and IMAP... or they both =
do
>>> with my mail server just fine. (idevices seeem to also do this well
>>> enough)
>>>=20
>>> It's possible that the 'encryption' comment from Jamie is really =
about
>>> encrypting the actual device... which I believe Android[0] will do, =
I
>>> don't know if idevices do though.
>>=20
>> As of 2.3[.x?] (can't remember if it's a sub release that intro'd =
this),
>> Android devices can be wholly encrypted, though I don't know if they =
are
>> by default. All these kludges are great on a small scale, but the BES
>> does end to end encryption for transmission, plugs into Exchange, =
Lotus,
>> Sametime, proxies internal http[s], and lets us manage policies and =
push
>> out software updates from a central management point. When it works,
>> it's also scalable, which matters when you have thousands of devices =
to
>> manage.
>>=20
>> Jamie
>>=20
>>=20
>>=20
>=20
>=20
>=20
>=20
