<span id="mailbox-conversation">Nailed it, you understanding is correct</span><div class="mailbox_signature">—<br>abstractj</div>
<br><br><div class="gmail_quote"><p>On Thu, Mar 13, 2014 at 11:53 AM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br></p><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr">
<br><div class="gmail_extra">
<br><br><div class="gmail_quote">On Thu, Mar 13, 2014 at 3:18 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">nswers inline.<br><br>
-- <br>
abstractj<br><br>
On March 13, 2014 at 10:29:48 AM, Matthias Wessendorf (<a href="mailto:matzew@apache.org">matzew@apache.org</a>) wrote:<br><div class="">> On Thu, Mar 13, 2014 at 2:16 PM, Bruno Oliveira wrote:<br>
> <br>
> > Ahoy, regarding the HTTP header we can move it to the body. What would you<br>
> > suggest?<br>
> ><br>
> <br>
> No, I'd like to avoid that protected header/body at all :-)<br>
> <br>
> But... if the server really can not figure out if cert. and its passphrase<br>
> are encrypted, I guess I can live w/ it - for now.<br>
> Ideally the SEND API stays unchanged<br><br></div>
<div class="">We can if we add one step further. Let me put the new idea in a gist (<a href="https://gist.github.com/abstractj/55905ed53fce2ca22388">https://gist.github.com/abstractj/55905ed53fce2ca22388</a>). <br><br>
If developer requested a key pair, we create a new one for that PushApplicationID and check it on Sender if exists a key pair for that application. Into this way we make encryption totally optional.<br><br>
Does it make sense?<br></div>
</blockquote>
<div><br></div>
<div>Not sure I fully understand - let's see :) </div>
<div><br></div>
<div>Steps (the encryption case):</div>
<div>1) create/register Push Application</div>
<div>
2) request the optional publicKey</div>
<div>3) use the public key (w/ some tool) to encrtypt the certificate together with its passphrase</div>
<div>4) on iOS variant, I provide the encrypted certificate and the encrypted passphrase</div>
<div>5) For sending: use the same CURL as today - internally it checks: Does pushApp contain publicKey - if YES, do the decryption dance;</div>
<div><br></div>
<div><br></div>
<div>So that basically means: if I execute 2) (request the publicKey), submitting encrypted certificate/passphrase is now required</div>
<div><br></div>
<div>So, yeah that sounds good to me <br></div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">
<br>
> > ><br></div>
<div class="">> > > encrptyed w/ the help of the public-key ?<br>
> ><br>
> > Totally correct<br>
> ><br>
> <br>
> Ok, good. Oh, question: do we provide a tool for the encryption?<br><br></div>
<div class="">Sure thing, I’m all for make it easy.<br></div>
</blockquote>
<div><br></div>
<div><br></div>
<div><br></div>
<div>yay!</div>
<div><br></div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">
<br></div>
<div class="">> > Correct. But with we agree on the flag, might be necessary to include<br>
> > something like "protected: true" as optional argument. Or any other thing<br>
> > to let the server know.<br>
> ><br>
> <br>
> yeah, I see. Hrm - not sure I like the flag :-)<br>
> Perhaps there is a way (at least for the "long run") that the server gets:<br>
> Ah, it is encrypted (or not).<br>
> <br>
> As said the flag is not the end of the world - I just try to make the<br>
> "SEND" as simple as possible :)<br><br></div>
<div class="">If we agree on that gist, we don’t need this flag anymore.<br><br></div>Let me know what do you guys think about the idea.<br></blockquote>
<div><br></div>
<div>I *think* it sounds good ;-)</div>
<div> </div>
</div>-Matthias<br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf">http://twitter.com/mwessendorf</a>
</div>
</div></blockquote></div><br>