<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, May 22, 2013 at 12:11 AM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Matthias Wessendorf wrote:<br>
> Another idea....<br>
<br>
I can see a lot of good ideas here, but we have to start to file jiras.<br></blockquote><div><br></div><div style>Right, but I wanted to "validate" these ideas, instead of creating countless JIRAs, all being closed "won't fix" / "does not make sense". Main intention here is really to ask for help, in validating these thoughts</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There will be several several ways to make a system secure.<br>
<br>
IMO start simple, make it ultra secure later.<br></blockquote><div><br></div><div style>yeah, that's my take on it too</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
><br>
> We generate, for EACH variant, an "access-key" with a generated<br>
> secret(password).<br>
<br>
</div>What do you mean about secret? A shared secret? Now we have another<br>
problem, you must encrypt this shared secret.<br></blockquote><div><br></div><div style>secret == password</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
This accessKey:secret combination would be, similar to<br>
> the previous email, ONLY be able to perform updates for "device<br>
> (un)registration".<br>
><br>
> It would be NOT possible to use this combination for sending messages to<br>
> a device, (read: our HTTP send interface would not allow this<br>
> accessKey:secret combination).<br>
><br>
><br>
> Not, sure, but this is (I guess) a bit simpler, initially, instead of<br>
> using private/public key approach.<br>
><br>
<br>
</div>I'm still confuse, about what do you want to encrypt and why. Why not<br>
only create APP-KEY as a point of start, then we figure out how to<br>
authorize or not a server.<br></blockquote><div><br></div><div style>Not sure I understand what you mean, but I am not talking about "authorize an server" (e.g. for sending mails to devices). </div><div style>These mails are around: devices registers its "application installation" by submitting "token" to a mobile Variant, ("I am an instance of you,")</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Then several people, including me suggesting it will say "it's not<br>
safe". Then you reply with "fix it" and we can make it work.<br></blockquote><div><br></div><div><br></div><div style>Not sure what that means? Why would *I* just reply "fix it"? Again, this was intended for discussion, not "do this, do that".</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im HOEnZb"><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Sat, May 18, 2013 at 12:48 AM, Matthias Wessendorf <<a href="mailto:matzew@apache.org">matzew@apache.org</a><br>
</div><div class="HOEnZb"><div class="h5">> <mailto:<a href="mailto:matzew@apache.org">matzew@apache.org</a>>> wrote:<br>
><br>
> Hi,<br>
><br>
> once the app is installed on the phone (or launched in a browser),<br>
> we (as discussed in the spec/mailing list) need to upload the<br>
> "device token" (or channelID) from the actual device/channel to the<br>
> Unified Push Server.<br>
><br>
><br>
> My questions:<br>
> Is it safe, if every "Mobile Variant" has a Private/Public Key ???<br>
><br>
> The UP server keeps the private one.<br>
> Once we register a new mobile variant (e.g. HR for Android, HR for<br>
> iPad, HR for iPhone, ...) EACH variant has ONE Private/Public key<br>
><br>
><br>
> The Public Key of this combo would be "coded" into the actual mobiel<br>
> application...<br>
><br>
> On EVERY iOS app, it would use the PubKey from the iOS Variant, on<br>
> EVERY JS-app, it would use the PubKey from the SimplePush Variant, etc<br>
><br>
><br>
> So, that means EVERY installation (on the devices) would have that<br>
> pbulci key...<br>
><br>
> Would that be (extremely) odd, if "1 Mio Russian hacker" would have<br>
> that public key, used on the device, to perform some sort of "auth"<br>
> (e.g. via HTTP BASIC (just saying.....)) against the server, in<br>
> order to upload the "device token" ??<br>
><br>
><br>
> Note: This Private/Public key would/should be EXCLUSIVE for "device<br>
> registration". And really ONLY.. :-)<br>
><br>
> So that this "Private/Public key" pair can NOT be used (==invalid)<br>
> for sending messages to the installations, or creating the<br>
> Push-Applications / Mobile Variant Constructs.<br>
><br>
><br>
><br>
> Greetings,<br>
> Matthias<br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>