I'm really not sure which e-mail to reply, so just in case, I'll reply all.
Matthias Wessendorf wrote:
Hi,
once the app is installed on the phone (or launched in a browser),
we (as discussed in the spec/mailing list) need to upload the "device
token" (or channelID) from the actual device/channel to the Unified Push
Server.
My questions:
Is it safe, if every "Mobile Variant" has a Private/Public Key ???
Mobile Variant == An application correct? (I'm looking at
https://gist.github.com/matzew/b918eb45d3f17de09b8f)
Why do you need a public/private key model? Encrypt data exchanged
between client/server? At first glance is it really a priority? Why not
make use of WSS?
The UP server keeps the private one.
Once we register a new mobile variant (e.g. HR for Android, HR for iPad,
HR for iPhone, ...) EACH variant has ONE Private/Public key
The Public Key of this combo would be "coded" into the actual mobiel
application...
On EVERY iOS app, it would use the PubKey from the iOS Variant, on EVERY
JS-app, it would use the PubKey from the SimplePush Variant, etc
So, that means EVERY installation (on the devices) would have that
pbulci key...
Why?
Would that be (extremely) odd, if "1 Mio Russian hacker" would have that
public key, used on the device, to perform some sort of "auth" (e.g. via
HTTP BASIC (just saying.....)) against the server, in order to upload
the "device token" ??
I'm really confused about what do you want to achieve. I read the whole
spec and I'm not following.
Note: This Private/Public key would/should be EXCLUSIVE for "device
registration". And really ONLY.. :-)
So that this "Private/Public key" pair can NOT be used (==invalid) for
sending messages to the installations, or creating the Push-Applications
/ Mobile Variant Constructs.
Greetings,
Matthias
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev