The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
MobileMe Lacks SSL E-mail Encryption - Only Half the Story

MobileMe Lacks SSL E-mail Encryption - Only Half the Story

by , 1:00 PM EDT, August 21st, 2008

Apple's MobileME service lacks Secure Sockets Layer (SSL) encryption for e-mail, and that could allow others to see the data that a MobileMe user sends, according to Computerworld on Wednesday. While true, that's only part of the story, and a calmer, more technical viewpoint has been provided by Tidbits.

Nancy Gohring at Computerworld cited a source at Macrumors who stated that the lack of SSL encryption is a deal breaker. The author went on to site several others who had an opinion about the issue:

"MobileMe is suppose to be Microsoft Exchange for the rest of us. But Microsoft Exchange does things in a secure manner," said another blogger writing under the name of James Katt. "As it is, if you run a business using your Mac, then you cannot use MobileMe because it transmits data insecurely."

Digger deeper into such issues, however, is always a good practice, and Rich Mogull at Tidbits on Wednesday provided deeper background and an enlightening technical perspective.

First, Mr. Mogul addressed the AppleInsider statement that SSL is unnecessary "based upon authenticated handling of JSON data exchanges between the self contained JavaScript client apps and Apple's cloud, rather than the SSL web page encryption used by HTTPS."

Mr. Mogull called that Star Trek technobabble and pointed out that that just means that there is authentication, and the password itself is encrypted.

The Tidbits article also pointed out that most e-mail is sent in the clear anyway, and MobileMe is no different. In addition, the other services are encrypted. [Getting into even deeper detail, the Tidbit's author found that there is a very subtle flaw in Apple's handling of certificates, due a domain name change. However, it would be hard to exploit.]

"When you set up your MobileMe email account, it defaults to a secure connection, and in testing iCal, I found both the push and manual synchronization process appears to use SSL." Mr. Mogull wrote. "Using a sniffer on my own system, I was unable to access the contents of any synchronizing calendar entries or email. iChat authentication is also secure, and MobileMe installs digital certificates to enable secure chats with other iChat users - unlike AOL Instant Messenger ..."

The author did contend that there would, in fact, be very little overhead if Apple were to more broadly utilize SSL, and he would prefer that, especially since users pay US$99/yr for the service. In the meantime, those who want to learn more about their MobileMe operations will find the Tidbits article much deeper and more informative than the less technical approach at other sites.

Recent TMO Headlines - Updated June 25th

Fri, 5:06 PM
’Obi-Wan Kenobi’ Star Moses Ingram to Join Cast of Apple TV+ Series ‘Lady in the Lake’
Fri, 4:31 PM
Chris Evans Stuns the Internet By Upgrading His iPhone 6
Fri, 4:12 PM
Leaks Suggest Next AirPods Pro to Upgraded H1 Chip, Find My, Heart Rate Detection, USB-C and More
Fri, 3:06 PM
Rumors Suggest Apple to Announce 'Game-Changer' AR/MR Headset January 2023
Fri, 3:05 PM
Apple’s Back to School Promo Could Score You a $150 Gift Card
Fri, 2:21 PM
Apple-1 'Byte Shop' Model Goes for $375,000 at Thursday Auction
Fri, 1:22 PM
Code in iOS 16 Betas Hint at New Siri Remote for Apple TV
Fri, 8:32 AM
Apple’s Long Game in Mobile and Portable Computing; Choice and Versatility
Fri, 7:32 AM
Apple Music Student Plan Gets a Price Increase in US, UK and Canada
Fri, 7:03 AM
Google Chrome on iOS Gets Five New Features
Thu, 5:40 PM
Using Measurement Conversions in iOS 16
Thu, 4:37 PM
Apple TV+ Series 'Trying' Reveals Season 3 Trailer Before July Premiere
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Daily Observations
  • TMO on Twitter!