On Tue, Jan 10, 2012 at 6:59 PM, Carl Minden <[email protected]> wrote: > There certainly were no exceptions. I guess I might have missed a > warning but I don't think so. >
Looking at the code, there don't seem to be any warning either. However, the ICS code is actually checking the certificate signature algorithm, while the GB, etc. code is not. If there was no signature to begin with, maybe that is the reason the key was skipped. > as far as trusting the certificate we have an out of band method for > verifying the certificate when you first create the keypair, then > after that the server can check if the cert is the one it expects for > that user. We do not care about any information contained in the cert > just that we are talking to the same phone (keypair) Thanks for the info, makes much more sense now. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
