Sorry I haven't responded earlier, let me see if I can clear up some things.
jbh001 wrote:The procedure for the packet trace was documented, but not well. For example, what version of the iPhone OS was used, was it the current version (3.1.2) or something previous? What version of iStake was tested, was it the current version (1.4.1) or an earlier version? What version of Wireshark was used? etc.
I tried to produce a screen-capture of the process of performing the packet trace but it's nearly impossible to read. Here are the details of what I set up.
The capture was done using a MacBook Pro with OS X 10.6.2 running WireShark 1.2.5. The MacBook was set up to share it's internet connection over it's wireless card. An iPod touch running OS 3.1.2 was connected to the MacBook's wireless network (to allow the packet trace) and a fresh copy of iStake version 1.41 was installed from the iTunes App Store on the iPod touch.
I then started the packet trace in WireShark. I launched the fresh install of iStake which had no stake data installed and went to the Setup screen where I entered my lds.org username and password. I then touched the "UPDATE" button in the "All Data" cell of iStake and let the packet trace run capturing all of the packets until iStake informed me it was updated. WireShare had stopped receiving packets at that point so I stopped it and verified that iStake was now populated with all of my stake data.
The packet trace starts off by showing the iPod touch making a standard address query for http://www.avikey.com
and getting back the IP address 220.127.116.11. From that point until the end of the capture there is only SSL communication between the iPod touch and 18.104.22.168 (along with some DNS, ARP, and DHCP packets to my router etc.).
There is no communication in the entire process to lds.org or secure.lds.org. I do not see how the claim that iStake talks directly to lds.org and only uses avikey.com to download parsing rules can be true. As I see it there are only two possible explanations.
1- Wireshark is somehow dropping all of the lds.org packets (highly unlikely since I did a similar trace on MyWard and was able to verify it only talked to secure.lds.org).
2- The person making the claims either does not understand the product and how it works or they have only worked with a yet to be released product which behaves differently.
The packet trace was really quite simple to set up and I've duplicated it several times to be sure.