Open Aeva opened 10 years ago
Currently the server sends the client's device_id in messages to the client. The client probably does this as well.
Maybe instead, we should only send a checksum, and maybe the checksum should be salted on a per session basis?
I'm not really sure if this is necessary, but I guess it would make things a little more resilient to impersonation if ssl is broken again.
Ideally, the entire message should probably have a checksum?
Currently the server sends the client's device_id in messages to the client. The client probably does this as well.
Maybe instead, we should only send a checksum, and maybe the checksum should be salted on a per session basis?
I'm not really sure if this is necessary, but I guess it would make things a little more resilient to impersonation if ssl is broken again.