[aerogear-dev] Security for "Device Registration"

Bruno Oliveira bruno at abstractj.org
Tue May 21 18:20:54 EDT 2013 

Basically a malicious third party, can replace your server. And how do 
you check the authenticity of that public key? Once I already was mean 
and redirected all the traffic to my evil-server?

What's necessary to us, calls PKI. But this is not something easy to 
raise from scratch, so, let's move forward and improve during our 
development.

Matthias Wessendorf wrote:
>
>
>
> On Tue, May 21, 2013 at 5:58 PM, Douglas Campos <qmx at qmx.me
> <mailto:qmx at qmx.me>> wrote:
>
>     On Sat, May 18, 2013 at 12:48:31AM +0200, Matthias Wessendorf wrote:
>      > Hi,
>      >
>      > once the app is installed on the phone (or launched in a browser),
>      > we (as discussed in the spec/mailing list) need to upload the "device
>      > token" (or channelID) from the actual device/channel to the
>     Unified Push
>      > Server.
>      >
>      >
>      > My questions:
>      > Is it safe, if every "Mobile Variant" has a Private/Public Key ???
>      >
>      > The UP server keeps the private one.
>      > Once we register a new mobile variant (e.g. HR for Android, HR
>     for iPad, HR
>      > for iPhone, ...) EACH variant has ONE Private/Public key
>     When you say private/public key pair, you mean two pairs right? one for
>     the device, other for the server variant?
>
>     Let's clarify this then we can move the discussion further.
>
>
> I think I mean more the Unified Push server has the "private key", while
> the device uses the public key,
> to perform the "auth" against the server-side variant (e.g. PhoneABC
> registers itself with the Android variant)
>
> -M
>
>
>     --
>     qmx
>     _______________________________________________
>     aerogear-dev mailing list
>     aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list