Right now, the best source is the WebPush IETF discussion.
In short, folks are leaning toward AES curve25519, because it's greatly
improved security over P-256, and there are enough libraries in the wild
that it should be reasonable for App developers to use one.
Required encryption is tricky for any number of reasons. In this case,
the goal is to secure your message from the intermediary carriers.
Notably, it's a lot easier for carriers to avoid adding pen registries
or turning over data if it's just a pile of indecipherable crap. The
message is decrypted by the handling client which also generates the
public key the remote server uses and is passed as part of the remote
registration. The theory is also that if you're running on a compromised
client, you're kinda dorked. If you're THAT paranoid (and not saying
it's a bad), it's just up to you do do your own encryption as well.
On 9/1/2015 3:40 PM, Bruno Oliveira wrote:
Do you have any reference about the encryption discussion. I'd
be
interested to read more about it.
— abstractj PGP: 0x84DC9914
On Mon, Aug 31, 2015 at 7:59 PM, JR Conlin <jrconlin(a)gmail.com
<mailto:jrconlin@gmail.com>> wrote:
+4
(sorry, just had some fun with a bounding issue, and felt like
sharing.)
Just to let y'all know, we're going to be running SimplePush for a
while, mostly for older devices. One thing we discovered is that
some clients may have a LARGE number of old channels registered
and sending them as part of the Hello is a waste. (Our server
doesn't pay attention to them.) Newer clients may have an interim
fix that blanks the clientIDs:[] record.) Aside from that, we're
definitely not going to be pushing any changes that should impact
your library.
We've not stood up a production WebPush server, partly because the
data encryption portion of the standard is still under discussion.
For what it's worth, there are also a few other discussion points
that have yet to be finalized (e.g. should developers register
with servers, should clients specify channels like they did for
SimplePush, etc.) but the data bit is the biggest obstacle.
As always, thanks so much for the continuing support.
On 8/31/2015 12:45 PM, Idel Pivnitskiy wrote:
> +1
>
> Best regards,
> Idel Pivnitskiy
> --
> E-mail: Idel.Pivnitskiy(a)gmail.com <mailto:Idel.Pivnitskiy@gmail.com>
> Twitter: @idelpivnitskiy <
https://twitter.com/idelpivnitskiy>
> GitHub: @idelpivnitskiy <
https://github.com/idelpivnitskiy>
>
> On Mon, Aug 31, 2015 at 7:27 PM, Daniel Bevenius
> <daniel.bevenius(a)gmail.com <mailto:daniel.bevenius@gmail.com>>
wrote:
>
> +1
>
>
> måndag 31 augusti 2015 skrev Sebastien Blanc
> <scm.blanc(a)gmail.com>:
>
> +1
>
> On Mon, Aug 31, 2015 at 5:12 PM, Luke Holmquist
> <lholmqui(a)redhat.com> wrote:
>
> so now that WebPush is going to take over SimplePush,
> i'm thinking of closing the related JIRA's that we
> have open for simple push in the AG-JS instance.
>
>
> Not that we've really done any work on it lately,
> but it would be good to clean this up a little.
>
>
> Thoughts?
>
>
> -Luke
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> <mailto:aerogear-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev