[guardian-dev] Fwd: PushSecure June 2015 Report

[Hans-Christoph Steiner]

-------- Forwarded Message --------
Date: Wed, 1 Jul 2015 12:00:49 -0700
From: Chris Ballinger <chris at chatsecure.org>

Hey everyone, we're very excited to finally start working on PushSecure.
For those of you unfamiliar with the current design
<https://github.com/ChatSecure/ChatSecure-Push-Server/tree/master/docs/v3>,
the basic gist is that we provide a protocol-agnostic way for users of
mobile apps from different vendors to send push notifications to each
other.

Over the last month we refined the overall architecture to simplify the API
and backend code
<https://github.com/ChatSecure/ChatSecure-Push-Server/compare/5e8ac1fe3b601982af4a4230758cd4313fa5a4c1...2f0821ec3b88cdb86aabe04fc3e5c67b7295ba91>,
and made a slight change to the token endpoint to better support multiple
devices. Whitelist tokens are now scoped to a single device to better
support eventual end-to-end content encryption, but they can still be used
to send broadcast notifications if desired.

Because client applications are responsible for maintaining the mapping
between whitelist tokens and contacts, the tokens must be locally
synchronized between a user's multiple devices in order to display a human
readable sender on the notification. Although this design increases
complexity for client apps, it greatly minimizes any identifiable metadata
the server needs to store.

We also defined the public API for the iOS / Android client libraries. We
expect these libraries to serve any application that wishes to support
PushSecure, so we ensured our design is generic and minimal.

Finally, we put finishing touches on proof of concept PushSecure Level 1
<https://chatsecure-push.herokuapp.com/api> server application and deployed
to a staging server at https://chatsecure-push.herokuapp.com/api for
initial testing.