Reading and sending mail, Supported encryption algorithms, Other internet security systems – Nokia 9290 User Manual

9

(9)

Nokia 9290 Communicator

Nokia Mobile Phones

Security White Paper

Copyright



Nokia Corporation 2001-2002. All rights reserved.

5.4.2 Reading and Sending Mail

Access to remote mailboxes (IMAP and POP) and sending mail (SMTP) can also be secured using the SSL/TLS. You can
request a secure connection by ticking the appropriate box in the settings.

In order to use secure connections with electronic mail, the mail server has to support the “starttls” command (IMAP,
SMTP) or the “stls” command (POP). In this model, the client first connects to the remote mailbox over an insecure
port, and then negotiates the secure connection using the same TCP connection. This is the model that is currently
supported by the IETF.

Note that sending electronic mail over a secure connection does not encrypt the mail itself, only the connection to
the first mail server. After the mail continues to its destination from the first mail server, it is not encrypted. This
feature is most useful when accessing mail servers in a secure intranet through a public Internet service provider.

In general, all Internet mail is insecure unless the mail itself is encrypted and/or digitally signed. The TLS connection
only offers security for remote mailbox access and sending mail. Be cautious of sending confidential information in
Internet mail.

5.4.3 Supported Encryption Algorithms

The selection of algorithms depends on the protocol being used. It is advisable to avoid the use of “export-grade”
algorithms (RC4 with 40 secret bits and DES) for security reasons. The selection of the algorithms is done by the
server, and the user cannot influence this. The Nokia 9290 Communicator supports the following cryptographic
algorithms in SSL and TLS:

For server authentication and/or key exchange: RSA, DSA, and Diffie-Hellman. For data encryption: RC4



(plus the

“export” version with 40 secret bits), DES, and Triple-DES.

5.5 Other Internet Security Systems

Different applications can also be protected using passwords, e.g. after logging onto the Intranet, a password is
required in order to use e-mail, the WWW, etc. The communicator supports these security mechanisms as long as they
use the standards supported by the communicator.

6. WAP security

6.1 Dial-Up Security

When using WAP for a data call, dial-up security is the same as with Internet services. Please refer to the chapter
above.

6.2 Connection Security

WAP uses an optional security layer called WTLS. This can be turned on in the settings, or the server can mandate it.
WTLS security ends at the WAP gateway. Connections to the target server from the WAP gateway might not be
encrypted.

The WAP Forum specifies WTLS. The Nokia 9290 Communicator supports strong 128-bit encryption in WTLS, but is
able to lower the security level if required by the server. The Nokia 9290 Communicator supports server authentication
and key exchange using the RSA algorithm and data encryption using the RC5



algorithm.

Server authentication is done using a set of factory-installed certificates.