<div dir="ltr"><div>Hi,</div><div><br></div><div>once the app is installed on the phone (or launched in a browser),</div><div>we (as discussed in the spec/mailing list) need to upload the "device token" (or channelID) from the actual device/channel to the Unified Push Server.</div>
<div><br></div><div><br></div><div>My questions:</div><div>Is it safe, if every "Mobile Variant" has a Private/Public Key ???</div><div><br></div><div>The UP server keeps the private one.</div><div>Once we register a new mobile variant (e.g. HR for Android, HR for iPad, HR for iPhone, ...) EACH variant has ONE Private/Public key</div>
<div><br></div><div><br></div><div>The Public Key of this combo would be "coded" into the actual mobiel application...</div><div><br></div><div>On EVERY iOS app, it would use the PubKey from the iOS Variant, on EVERY JS-app, it would use the PubKey from the SimplePush Variant, etc</div>
<div><br></div><div><br></div><div>So, that means EVERY installation (on the devices) would have that pbulci key...</div><div><br></div><div>Would that be (extremely) odd, if "1 Mio Russian hacker" would have that public key, used on the device, to perform some sort of "auth" (e.g. via HTTP BASIC (just saying.....)) against the server, in order to upload the "device token" ??</div>
<div><br></div><div><br></div><div>Note: This Private/Public key would/should be EXCLUSIVE for "device registration". And really ONLY.. :-)</div><div><br></div><div>So that this "Private/Public key" pair can NOT be used (==invalid) for sending messages to the installations, or creating the Push-Applications / Mobile Variant Constructs.</div>
<div><br></div><div><br></div><div><br></div><div>Greetings,</div><div>Matthias</div><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>