X509 certificate and trust
Folks, I have a Silverlight Phone app that talks to a WCF service. The spec says that phones must *prove* to the service that they are legitimate and trusted. I figure therefore that I will stuff something in the message headers of each call that can't be forged to prove a phone has legitimate client software ... but what? The spec is vague and does not specify any kind of login method or handshake to establish trust. To confuse matters, I've been given a pair of X509 certificates (as cer and pfx files) without any hint about what to do with them. So I've been reading about X509's for hours, but I can't figure out if they're of any help in this situation or not. All the sample code I've found using certificates is for the full CLR and not for the Silverlight CLR where many classes are smaller or missing. I can't figure out how to use X509s for solving my problem (if they are of any use). Any suggestions from crypto protocol boffins out there? *Greg K*
Re: X509 certificate and trust
Hey Greg In the past I've handed the Silverlight xap file something random (lets call it a key to get in) in the init parameters. The client then gives that back to the WCF service as proof that the Xap file was launched by a known web server. You could renew it periodically or let it run for that session and next time it runs it gets a different key. I'm sure there are other ways but this one skips the whole log in requirement. You could also use standard web authentication before they get to the Silverlight page too so the user would have to log in before getting a key/Xap. YMMV cheers Stephen p.s. you could also give back the spec (for more clarification) and tell them its too vague, but I know that that's not always an option. On Tue, Nov 25, 2014 at 8:06 PM, Greg Keogh g...@mira.net wrote: Folks, I have a Silverlight Phone app that talks to a WCF service. The spec says that phones must *prove* to the service that they are legitimate and trusted. I figure therefore that I will stuff something in the message headers of each call that can't be forged to prove a phone has legitimate client software ... but what? The spec is vague and does not specify any kind of login method or handshake to establish trust. To confuse matters, I've been given a pair of X509 certificates (as cer and pfx files) without any hint about what to do with them. So I've been reading about X509's for hours, but I can't figure out if they're of any help in this situation or not. All the sample code I've found using certificates is for the full CLR and not for the Silverlight CLR where many classes are smaller or missing. I can't figure out how to use X509s for solving my problem (if they are of any use). Any suggestions from crypto protocol boffins out there? *Greg K*
Re: X509 certificate and trust
And then I read your email a second time and notice you said Silverlight PHONE app. Perhaps you could use something similar... but as it's not hosted on a web server, but instead its on the phone that might not work. Perhaps a call to a server with a login where a key is given out for that session? Or something that is harder to fake, like a phone ID (can you set up a list of authorised devices on server or is it a public facing app where anyone could be connecting?) On Tue, Nov 25, 2014 at 8:06 PM, Greg Keogh g...@mira.net wrote: Folks, I have a Silverlight Phone app that talks to a WCF service. The spec says that phones must *prove* to the service that they are legitimate and trusted. I figure therefore that I will stuff something in the message headers of each call that can't be forged to prove a phone has legitimate client software ... but what? The spec is vague and does not specify any kind of login method or handshake to establish trust. To confuse matters, I've been given a pair of X509 certificates (as cer and pfx files) without any hint about what to do with them. So I've been reading about X509's for hours, but I can't figure out if they're of any help in this situation or not. All the sample code I've found using certificates is for the full CLR and not for the Silverlight CLR where many classes are smaller or missing. I can't figure out how to use X509s for solving my problem (if they are of any use). Any suggestions from crypto protocol boffins out there? *Greg K*
Re: X509 certificate and trust
Howdy, I've been thinking about this overnight and have had no Eureka! moment. I do have the factory ID of the phone, but I think registering the IDs on the server would be a bother (in any case, a fake client could send any ID it wanted to fool the server). The client and server both have the same confidential company certificate, but I don't know how I can leverage this. The client could send the server some secret data out of the cert, but it's just a number, any magic/secret number could be shared, which is childish. So I remain puzzled about how an arbitrary phone can prove to the service that it's calling via trusted client software without human entry of a PIN or password. The phone does have a config screen, so perhaps the human operator could be instructed to put in a 4 digit hash of the phone ID, which can only be computed and verified on the server. This would require a one-time setup process, but it might be acceptable in the form of a registration screen on the phone. *Greg K* On 25 November 2014 at 23:55, Stephen Price step...@perthprojects.com wrote: And then I read your email a second time and notice you said Silverlight PHONE app. Perhaps you could use something similar... but as it's not hosted on a web server, but instead its on the phone that might not work. Perhaps a call to a server with a login where a key is given out for that session? Or something that is harder to fake, like a phone ID (can you set up a list of authorised devices on server or is it a public facing app where anyone could be connecting?) On Tue, Nov 25, 2014 at 8:06 PM, Greg Keogh g...@mira.net wrote: Folks, I have a Silverlight Phone app that talks to a WCF service. The spec says that phones must *prove* to the service that they are legitimate and trusted. I figure therefore that I will stuff something in the message headers of each call that can't be forged to prove a phone has legitimate client software ... but what? The spec is vague and does not specify any kind of login method or handshake to establish trust. To confuse matters, I've been given a pair of X509 certificates (as cer and pfx files) without any hint about what to do with them. So I've been reading about X509's for hours, but I can't figure out if they're of any help in this situation or not. All the sample code I've found using certificates is for the full CLR and not for the Silverlight CLR where many classes are smaller or missing. I can't figure out how to use X509s for solving my problem (if they are of any use). Any suggestions from crypto protocol boffins out there? *Greg K*
[OT] Ultrabook for noob
Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
Re: [OT] Ultrabook for noob
Welcome Tom! (OMG where did we get a new poster from?) Having more than a few laptops (both past and present) I feel slightly qualified to reply. I've found Dell pretty good, but always get the longest warranty you can get your hands on. It's happened a couple of times where a laptop has needed parts/repairs and its been out of warranty. When that happens its usually better to upgrade than spend money on it. I'm currently running a Mac book Pro 13 (for iOS dev cross platform stuff with Xamarin), a Surface Pro 3 (for most dev) and an Asus gaming laptop (amazing machine but a bit too heavy to lug about. Awesome for gaming at a mates place, or when others bring their laptops and you want to be sociable in the same room). The only thing that stops me from saying get a surface pro 3, is the RAM limit of 8Gb. If it could have 16Gb it would be the way to go, hands down. The other two laptops both have 16Gb and its really the only thing that lets the Surface Pro 3 down (spec wise). That said its the most portable, and most adaptable (laptop or tablet mode) and even wins on battery life by a huge margin. That said, the real answer is it depends. You need to look at what you want it for and makes sure whatever you get fits that first. Oh, I had a Samsung Ultrabook (the QuadHD touch screen one) and was disappointed with the high DPI experience of Windows 8. Passed it to my daughter for Uni laptop and she loves it. I almost got the Dell XPS 15 (with the QuadHD touchscreen) but got the surface pro 3 instead. So far not regretted that decision but I daresay the Dell would have also been a good buy (without the tablet form tho) HTH On Wed, Nov 26, 2014 at 12:55 PM, Tom P tompbi...@gmail.com wrote: Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
Re: [OT] Ultrabook for noob
Hi Stephen Thanks for the quick response. Actually a coworker suggested this list a while ago but I forgot all about it. Surface Pro 3 did have me interested at first but it is too small in my opinion and I prefer to just use the laptop and not have to hook up to an external monitor and keyboard and so on. Even a 13 has me concerned. I may go with 15. I've heard great things about the Macbook but the keyboard didn't feel right to me for Windows. I'll check out the XPS 15. Wow, 16Gb RAM? I didn't realise that was such an issue. 8Gb would be plenty for me I think but I guess going forward that will matter. How often do people change laptops? Is 3-4 years a stretch? Thanks Tom On 26 November 2014 at 17:02, Stephen Price step...@perthprojects.com wrote: Welcome Tom! (OMG where did we get a new poster from?) Having more than a few laptops (both past and present) I feel slightly qualified to reply. I've found Dell pretty good, but always get the longest warranty you can get your hands on. It's happened a couple of times where a laptop has needed parts/repairs and its been out of warranty. When that happens its usually better to upgrade than spend money on it. I'm currently running a Mac book Pro 13 (for iOS dev cross platform stuff with Xamarin), a Surface Pro 3 (for most dev) and an Asus gaming laptop (amazing machine but a bit too heavy to lug about. Awesome for gaming at a mates place, or when others bring their laptops and you want to be sociable in the same room). The only thing that stops me from saying get a surface pro 3, is the RAM limit of 8Gb. If it could have 16Gb it would be the way to go, hands down. The other two laptops both have 16Gb and its really the only thing that lets the Surface Pro 3 down (spec wise). That said its the most portable, and most adaptable (laptop or tablet mode) and even wins on battery life by a huge margin. That said, the real answer is it depends. You need to look at what you want it for and makes sure whatever you get fits that first. Oh, I had a Samsung Ultrabook (the QuadHD touch screen one) and was disappointed with the high DPI experience of Windows 8. Passed it to my daughter for Uni laptop and she loves it. I almost got the Dell XPS 15 (with the QuadHD touchscreen) but got the surface pro 3 instead. So far not regretted that decision but I daresay the Dell would have also been a good buy (without the tablet form tho) HTH On Wed, Nov 26, 2014 at 12:55 PM, Tom P tompbi...@gmail.com wrote: Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
Re: [OT] Ultrabook for noob
Lenovo yoga 2 pro are awesome. Well worth checking out. On 26 Nov 2014 19:50, Tom P tompbi...@gmail.com wrote: Hi Stephen Thanks for the quick response. Actually a coworker suggested this list a while ago but I forgot all about it. Surface Pro 3 did have me interested at first but it is too small in my opinion and I prefer to just use the laptop and not have to hook up to an external monitor and keyboard and so on. Even a 13 has me concerned. I may go with 15. I've heard great things about the Macbook but the keyboard didn't feel right to me for Windows. I'll check out the XPS 15. Wow, 16Gb RAM? I didn't realise that was such an issue. 8Gb would be plenty for me I think but I guess going forward that will matter. How often do people change laptops? Is 3-4 years a stretch? Thanks Tom On 26 November 2014 at 17:02, Stephen Price step...@perthprojects.com wrote: Welcome Tom! (OMG where did we get a new poster from?) Having more than a few laptops (both past and present) I feel slightly qualified to reply. I've found Dell pretty good, but always get the longest warranty you can get your hands on. It's happened a couple of times where a laptop has needed parts/repairs and its been out of warranty. When that happens its usually better to upgrade than spend money on it. I'm currently running a Mac book Pro 13 (for iOS dev cross platform stuff with Xamarin), a Surface Pro 3 (for most dev) and an Asus gaming laptop (amazing machine but a bit too heavy to lug about. Awesome for gaming at a mates place, or when others bring their laptops and you want to be sociable in the same room). The only thing that stops me from saying get a surface pro 3, is the RAM limit of 8Gb. If it could have 16Gb it would be the way to go, hands down. The other two laptops both have 16Gb and its really the only thing that lets the Surface Pro 3 down (spec wise). That said its the most portable, and most adaptable (laptop or tablet mode) and even wins on battery life by a huge margin. That said, the real answer is it depends. You need to look at what you want it for and makes sure whatever you get fits that first. Oh, I had a Samsung Ultrabook (the QuadHD touch screen one) and was disappointed with the high DPI experience of Windows 8. Passed it to my daughter for Uni laptop and she loves it. I almost got the Dell XPS 15 (with the QuadHD touchscreen) but got the surface pro 3 instead. So far not regretted that decision but I daresay the Dell would have also been a good buy (without the tablet form tho) HTH On Wed, Nov 26, 2014 at 12:55 PM, Tom P tompbi...@gmail.com wrote: Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
RE: [OT] Ultrabook for noob
We’ve had a really good run with Dell E7440’s. We get them with quad core i7’s. Buy them with small memory and drive, and fit Crucial 16GB memory and 1TB SSDs. Been an awesome set of machines. Didn’t think I’d get used to the 14” screen after having a 17” but I’m surprisingly ok with it. I did have to kill off screen scaling in Win 8.X though, as I couldn’t live with it. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.comhttp://www.sqldownunder.com/ From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Tom P Sent: Wednesday, 26 November 2014 2:51 PM To: ozDotNet Subject: Re: [OT] Ultrabook for noob Hi Stephen Thanks for the quick response. Actually a coworker suggested this list a while ago but I forgot all about it. Surface Pro 3 did have me interested at first but it is too small in my opinion and I prefer to just use the laptop and not have to hook up to an external monitor and keyboard and so on. Even a 13 has me concerned. I may go with 15. I've heard great things about the Macbook but the keyboard didn't feel right to me for Windows. I'll check out the XPS 15. Wow, 16Gb RAM? I didn't realise that was such an issue. 8Gb would be plenty for me I think but I guess going forward that will matter. How often do people change laptops? Is 3-4 years a stretch? Thanks Tom On 26 November 2014 at 17:02, Stephen Price step...@perthprojects.commailto:step...@perthprojects.com wrote: Welcome Tom! (OMG where did we get a new poster from?) Having more than a few laptops (both past and present) I feel slightly qualified to reply. I've found Dell pretty good, but always get the longest warranty you can get your hands on. It's happened a couple of times where a laptop has needed parts/repairs and its been out of warranty. When that happens its usually better to upgrade than spend money on it. I'm currently running a Mac book Pro 13 (for iOS dev cross platform stuff with Xamarin), a Surface Pro 3 (for most dev) and an Asus gaming laptop (amazing machine but a bit too heavy to lug about. Awesome for gaming at a mates place, or when others bring their laptops and you want to be sociable in the same room). The only thing that stops me from saying get a surface pro 3, is the RAM limit of 8Gb. If it could have 16Gb it would be the way to go, hands down. The other two laptops both have 16Gb and its really the only thing that lets the Surface Pro 3 down (spec wise). That said its the most portable, and most adaptable (laptop or tablet mode) and even wins on battery life by a huge margin. That said, the real answer is it depends. You need to look at what you want it for and makes sure whatever you get fits that first. Oh, I had a Samsung Ultrabook (the QuadHD touch screen one) and was disappointed with the high DPI experience of Windows 8. Passed it to my daughter for Uni laptop and she loves it. I almost got the Dell XPS 15 (with the QuadHD touchscreen) but got the surface pro 3 instead. So far not regretted that decision but I daresay the Dell would have also been a good buy (without the tablet form tho) HTH On Wed, Nov 26, 2014 at 12:55 PM, Tom P tompbi...@gmail.commailto:tompbi...@gmail.com wrote: Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
Re: [OT] Ultrabook for noob
Hi Dave Thanks I will check it out. I see there's a Yoga 3 also. Thanks Tom On 26 November 2014 at 18:14, Dave Walker rangitat...@gmail.com wrote: Lenovo yoga 2 pro are awesome. Well worth checking out. On 26 Nov 2014 19:50, Tom P tompbi...@gmail.com wrote: Hi Stephen Thanks for the quick response. Actually a coworker suggested this list a while ago but I forgot all about it. Surface Pro 3 did have me interested at first but it is too small in my opinion and I prefer to just use the laptop and not have to hook up to an external monitor and keyboard and so on. Even a 13 has me concerned. I may go with 15. I've heard great things about the Macbook but the keyboard didn't feel right to me for Windows. I'll check out the XPS 15. Wow, 16Gb RAM? I didn't realise that was such an issue. 8Gb would be plenty for me I think but I guess going forward that will matter. How often do people change laptops? Is 3-4 years a stretch? Thanks Tom On 26 November 2014 at 17:02, Stephen Price step...@perthprojects.com wrote: Welcome Tom! (OMG where did we get a new poster from?) Having more than a few laptops (both past and present) I feel slightly qualified to reply. I've found Dell pretty good, but always get the longest warranty you can get your hands on. It's happened a couple of times where a laptop has needed parts/repairs and its been out of warranty. When that happens its usually better to upgrade than spend money on it. I'm currently running a Mac book Pro 13 (for iOS dev cross platform stuff with Xamarin), a Surface Pro 3 (for most dev) and an Asus gaming laptop (amazing machine but a bit too heavy to lug about. Awesome for gaming at a mates place, or when others bring their laptops and you want to be sociable in the same room). The only thing that stops me from saying get a surface pro 3, is the RAM limit of 8Gb. If it could have 16Gb it would be the way to go, hands down. The other two laptops both have 16Gb and its really the only thing that lets the Surface Pro 3 down (spec wise). That said its the most portable, and most adaptable (laptop or tablet mode) and even wins on battery life by a huge margin. That said, the real answer is it depends. You need to look at what you want it for and makes sure whatever you get fits that first. Oh, I had a Samsung Ultrabook (the QuadHD touch screen one) and was disappointed with the high DPI experience of Windows 8. Passed it to my daughter for Uni laptop and she loves it. I almost got the Dell XPS 15 (with the QuadHD touchscreen) but got the surface pro 3 instead. So far not regretted that decision but I daresay the Dell would have also been a good buy (without the tablet form tho) HTH On Wed, Nov 26, 2014 at 12:55 PM, Tom P tompbi...@gmail.com wrote: Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
Re: [OT] Ultrabook for noob
In Australia not in NZ so didn't see it. Read reviews and it's even better. The ability to turn it into a tablet and the screen resolution are phenomenal. On 26 Nov 2014 20:27, Tom P tompbi...@gmail.com wrote: Hi Dave Thanks I will check it out. I see there's a Yoga 3 also. Thanks Tom On 26 November 2014 at 18:14, Dave Walker rangitat...@gmail.com wrote: Lenovo yoga 2 pro are awesome. Well worth checking out. On 26 Nov 2014 19:50, Tom P tompbi...@gmail.com wrote: Hi Stephen Thanks for the quick response. Actually a coworker suggested this list a while ago but I forgot all about it. Surface Pro 3 did have me interested at first but it is too small in my opinion and I prefer to just use the laptop and not have to hook up to an external monitor and keyboard and so on. Even a 13 has me concerned. I may go with 15. I've heard great things about the Macbook but the keyboard didn't feel right to me for Windows. I'll check out the XPS 15. Wow, 16Gb RAM? I didn't realise that was such an issue. 8Gb would be plenty for me I think but I guess going forward that will matter. How often do people change laptops? Is 3-4 years a stretch? Thanks Tom On 26 November 2014 at 17:02, Stephen Price step...@perthprojects.com wrote: Welcome Tom! (OMG where did we get a new poster from?) Having more than a few laptops (both past and present) I feel slightly qualified to reply. I've found Dell pretty good, but always get the longest warranty you can get your hands on. It's happened a couple of times where a laptop has needed parts/repairs and its been out of warranty. When that happens its usually better to upgrade than spend money on it. I'm currently running a Mac book Pro 13 (for iOS dev cross platform stuff with Xamarin), a Surface Pro 3 (for most dev) and an Asus gaming laptop (amazing machine but a bit too heavy to lug about. Awesome for gaming at a mates place, or when others bring their laptops and you want to be sociable in the same room). The only thing that stops me from saying get a surface pro 3, is the RAM limit of 8Gb. If it could have 16Gb it would be the way to go, hands down. The other two laptops both have 16Gb and its really the only thing that lets the Surface Pro 3 down (spec wise). That said its the most portable, and most adaptable (laptop or tablet mode) and even wins on battery life by a huge margin. That said, the real answer is it depends. You need to look at what you want it for and makes sure whatever you get fits that first. Oh, I had a Samsung Ultrabook (the QuadHD touch screen one) and was disappointed with the high DPI experience of Windows 8. Passed it to my daughter for Uni laptop and she loves it. I almost got the Dell XPS 15 (with the QuadHD touchscreen) but got the surface pro 3 instead. So far not regretted that decision but I daresay the Dell would have also been a good buy (without the tablet form tho) HTH On Wed, Nov 26, 2014 at 12:55 PM, Tom P tompbi...@gmail.com wrote: Hi First time poster here so please take it easy on me. I've only ever had a desktop but looking to purchase my first laptop, ultrabook preferred. I've been looking at the Dells for warranty and support feedback I've received, XPS 13 sounds mainly. I wish to use it for development mainly with some minor travel. Can some of the wiser more experienced developers here share their thoughts and recommendations? Thanks Tom
