<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Mar 13, 2014 at 2:16 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Ahoy, regarding the HTTP header we can move it to the body. What would you suggest?<br>
</blockquote><div><br></div><div><div style="font-family:arial,sans-serif;font-size:13px">No, I'd like to avoid that protected header/body at all :-) </div><div style="font-family:arial,sans-serif;font-size:13px"><br>
</div><div style="font-family:arial,sans-serif;font-size:13px">But... if the server really can not figure out if cert. and its passphrase are encrypted, I guess I can live w/ it - for now.</div><div style="font-family:arial,sans-serif;font-size:13px">
Ideally the SEND API stays unchanged </div></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Other answers inline.<br>
<br>
--<br>
abstractj<br>
<br>
On March 13, 2014 at 10:02:04 AM, Matthias Wessendorf (<a href="mailto:matzew@apache.org">matzew@apache.org</a>) wrote:<br>
<div class="">> On Thu, Mar 13, 2014 at 12:59 PM, Bruno Oliveira wrote:<br>
> > iOS Variant:<br>
> ><br>
> > - HTTP request<br>
> ><br>
> > Remain unchanged, but now certificate and passphrase can be send<br>
> > encrypted and the server will store it.<br>
> ><br>
><br>
><br>
> encrptyed w/ the help of the public-key ?<br>
<br>
</div>Totally correct<br></blockquote><div><br></div><div><br></div><div><span style="font-family:arial,sans-serif;font-size:13px">Ok, good. Oh, question: do we provide a tool for the encryption? </span><br></div><div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><br>
><br>
><br>
><br>
><br>
> ><br>
> > - HTTP response<br>
> ><br>
> > Remain unchaged<br>
> ><br>
> > Sender:<br>
> ><br>
> > - HTTP request<br>
> ><br>
> > Remain unchanged,<br>
><br>
><br>
><br>
> w/ "unchanged" you basically mean the payload of the "Send request" is the<br>
> same as it is today, right ?<br>
<br>
</div>Correct. But with we agree on the flag, might be necessary to include something like “protected: true” as optional argument. Or any other thing to let the server know.<br></blockquote><div><br></div><div><br></div>
<div><div style="font-family:arial,sans-serif;font-size:13px">yeah, I see. Hrm - not sure I like the flag :-) </div><div style="font-family:arial,sans-serif;font-size:13px">Perhaps there is a way (at least for the "long run") that the server gets: Ah, it is encrypted (or not).</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">As said the flag is not the end of the world - I just try to make the "SEND" as simple as possible :)</div>
<div class="im" style="font-family:arial,sans-serif;font-size:13px"></div></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><br>
><br>
><br>
><br>
> > but now the server will search for the application ID and retrieve the<br>
> > public key to decrypt application's passphrase<br>
> ><br>
><br>
><br>
> Ok, that's internal details. So the server basically deprcypts both: cert<br>
> and its passphrase, in order to establish the connection to APNs<br>
<br>
</div>Correct<br></blockquote><div><br></div><div>cool</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><br>
> ><br>
> ><br>
> > AeroGear Clients<br>
> ><br>
> > - cURL<br>
> ><br>
> > Yesterday I had the amusing experience of dig into the sources of OpenSSL<br>
> > and their documentation, to see how people could encrypt it from the<br>
> > command line. If I recommend that people would remember my name for the<br>
> > eternity in a bad way. Another insane idea was to provide encoders for GPG.<br>
> > The simplest idea, I think, would be provide code for people encrypt their<br>
> > passphrase and certificate, instead of trust in some software.<br>
> ><br>
><br>
> but that's really just for the "registration part", right ? I don't care<br>
> that much about a cumbersome API there :-) Because in 99% of all cases the<br>
> actual registration (and cert/passphrase upload) is done via the sexy Admin<br>
> UI.<br>
><br>
><br>
> The CURL for the send stays the same as it is today, right ?<br>
<br>
</div>Correct. The sexy admin UI is not really a concern to me, but the clients external to it.</blockquote><div><br></div><div><span style="font-family:arial,sans-serif;font-size:13px">and external clients are in 99% of the cases just using SEND - not the Registration bits</span><br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> The goal is mostly provide options for people encrypt their thing.<br>
</blockquote><div><br></div><div><div style="font-family:arial,sans-serif;font-size:13px">yep!! And that is great!<br></div><div class="im" style="font-family:arial,sans-serif;font-size:13px"></div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im"><br>
> ><br>
><br>
><br>
> It looks like it goes towards the right direction!<br>
><br>
> Thanks for looking into it<br>
><br>
><br>
> --<br>
</div><div class="im">> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
</div><div class=""><div class="h5">> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>