On Tue, May 21, 2013 at 6:19 PM, Douglas Campos <qmx@qmx.me> wrote:

On Tue, May 21, 2013 at 06:05:00PM +0200, Matthias Wessendorf wrote:
> I think I mean more the Unified Push server has the "private key", while
> the device uses the public key,
> to perform the "auth" against the server-side variant (e.g. PhoneABC
> registers itself with the Android variant)

Unless you have two key pairs, this adds zero security to the mix.

Not sure I follow, but if _every_ mobile application (MobileVariantInstance) needs to perform auth against the server to register itself with the MobileVariant (e.g. the logical construct of an Android variant), how or why are two key pairs needed.

The public/private key I had in mind is just for the MobileVariant, so that _every_ devices that know the public key, can perform auth against it.

As said before this key pair is ONLY for working on the data of the MobileVariantInstance(s). Not more (no sending, no PushApp/MobileVariant registration; as said before).

Not sure I understand the two key pairs here (e.g. why two)

amirite, abstractj?

--
qmx
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf