[Jmap] Re: Working group last call draft-ietf-jmap-webpush-vapid
Phillip Tao <ptao@apple.com> Fri, 26 July 2024 15:31 UTC
Return-Path: <ptao@apple.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E2CC1D6FCC for <jmap@ietfa.amsl.com>; Fri, 26 Jul 2024 08:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.253
X-Spam-Level:
X-Spam-Status: No, score=-7.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xNqAcvJ7DTNC for <jmap@ietfa.amsl.com>; Fri, 26 Jul 2024 08:31:18 -0700 (PDT)
Received: from ma-mailsvcp-mx-lapp02.apple.com (ma-mailsvcp-mx-lapp02.apple.com [17.32.222.23]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24453C1D876E for <jmap@ietf.org>; Fri, 26 Jul 2024 08:31:18 -0700 (PDT)
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma-mailsvcp-mx-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0SH800MKMLS3E030@ma-mailsvcp-mx-lapp02.apple.com> for jmap@ietf.org; Fri, 26 Jul 2024 08:31:17 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-26_12,2024-07-26_01,2024-05-17_01
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=cc : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=20180706; bh=PO+xlybI6LB6zk2Mx/gA7lEw2XEUQkV4h8frXCBN/gk=; b=beCXlDgGtwILZN+zDYWwK4HM0XAWsWErI8bIwQeDg9gBHDgeavVvBYRJHeKt1xF2YhtV cF2n4RIihbtuqKsv+jm4/36NBJjvw9YPs3hHihd0j9Tn/lqVSy3wFGmx+PQI4uXlpEM5 RBOaJQgkYEV5gpmEB6l7Tls3SWryffZOdOHWrVVYsto5XO+XDUadktyYRA5rzThObfY/ 1t4P7UGC0QSP9CCJbf7FYII6XMDPf4IryYH/YJorq+cDy6Y2ePTCesxQ2MQ2Iu5wob+M m9rjXlLeKqg/mPqalrWjR7SgsAY0xoqjnI4IF9yPNzNnqbOH/RKeuPXn9r8VKiWz9Q7Y zA==
Received: from rn-mailsvcp-mmp-lapp04.rno.apple.com (rn-mailsvcp-mmp-lapp04.rno.apple.com [17.179.253.17]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0SH800BZ0LS27Q10@rn-mailsvcp-mta-lapp04.rno.apple.com>; Fri, 26 Jul 2024 08:31:14 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp04.rno.apple.com by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0SH800Q00LJJCI00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 26 Jul 2024 08:31:14 -0700 (PDT)
X-Va-A:
X-Va-T-CD: e86c8765869d527fcaa13c2690103df3
X-Va-E-CD: 2b62727f37d022ef1b8e83014f487017
X-Va-R-CD: a4989e8565d886b050c733a5054e52c2
X-Va-ID: 902465d9-8541-4bc0-b9b4-e781a7c0f7a4
X-Va-CD: 0
X-V-A:
X-V-T-CD: e86c8765869d527fcaa13c2690103df3
X-V-E-CD: 2b62727f37d022ef1b8e83014f487017
X-V-R-CD: a4989e8565d886b050c733a5054e52c2
X-V-ID: 09b59085-b42a-4bf1-812d-ac973b9518e8
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-26_12,2024-07-26_01,2024-05-17_01
Received: from smtpclient.apple (unknown [17.11.210.6]) by rn-mailsvcp-mmp-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0SH800R6LLS0IV00@rn-mailsvcp-mmp-lapp04.rno.apple.com>; Fri, 26 Jul 2024 08:31:14 -0700 (PDT)
From: Phillip Tao <ptao@apple.com>
Message-id: <533AB12E-F2C1-4F27-8106-AB33721804F7@apple.com>
Content-type: multipart/signed; boundary="Apple-Mail=_690FF443-5DB6-4665-A6C2-269308B4CDBA"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Date: Fri, 26 Jul 2024 08:31:12 -0700
In-reply-to: <58ddcbd1-b0cc-4638-ad45-8e2d0a755897@dogfoodapp.fastmail.com>
To: Neil Jenkins <neilj=40fastmailteam.com@dmarc.ietf.org>
References: <fb1b10ae-ea36-4ee4-b84f-b62f036cfaf5@app.fastmail.com> <4b201702-ad4a-4b0e-86da-fac9f07d265e@app.fastmail.com> <7fb768b0-3c97-4668-8616-b300b03aeb1a@app.fastmail.com> <6F9D4D61-0FFC-4798-8001-73D230328EF0@apple.com> <f3c75b7b-86c6-4255-a5a4-0e5a975c556e@app.fastmail.com> <74D126D4-5BDE-44F8-8887-2B93D58DD7C6@apple.com> <58ddcbd1-b0cc-4638-ad45-8e2d0a755897@dogfoodapp.fastmail.com>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: LSVRWWL6Q4VHF2O2LIQ5C6Y36TPRF5QJ
X-Message-ID-Hash: LSVRWWL6Q4VHF2O2LIQ5C6Y36TPRF5QJ
X-MailFrom: ptao@apple.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jmap.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bron Gondwana <brong@fastmailteam.com>, Daniel Gultsch <daniel@gultsch.de>, IETF JMAP Mailing List <jmap@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Jmap] Re: Working group last call draft-ietf-jmap-webpush-vapid
List-Id: JSON Message Access Protocol <jmap.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/vniyyGemTtrwQKLNr3nyRha80QI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Owner: <mailto:jmap-owner@ietf.org>
List-Post: <mailto:jmap@ietf.org>
List-Subscribe: <mailto:jmap-join@ietf.org>
List-Unsubscribe: <mailto:jmap-leave@ietf.org>
My slight concern with 3(b) is that one reason you may want to rotate your key is that it was compromised. Knowingly continuing to use a key that's compromised seems a little odd, and it generally seems more prudent to immediately notify the user agent that they need to recreate their push subscriptions, so they don't receive fraudulent/dangerous push notifications. I wonder if this is why RFC 8292 chose to recommend that the application server prompt the client to create a new subscription. Of course, key compromise is probably less likely for a JMAP server than a random website, and given that pushes right now just deliver state strings, the potential for abuse from a compromised key seems negligible. Still, in the future, is it imaginable that pushes may be extended to deliver carry more "abusable" data? If "push notification requires user-visible notification" becomes a de-facto standard behavior among platforms, it seems plausible that there may be an extension in the future that allows the server to specify what to display (maybe even directly providing text)? On the concern with the user-visible notification, I wonder if platforms may require such user-visible notifications for web applications, but not necessarily for other application servers. Currently, because W3C's Push API is the largest actual use case of Web Push, I suspect that those two are conflated in many cases. For example, Apple has historically not required a user-visible notification for email push. Finally, even if one or other platforms have this user-visible notification restriction, I still wonder if an immediate "renew your push subscription" push should still be an option. Perhaps some email providers will decide that's too annoying for users, but others may decide that a "Push notifications disabled, please open the app to re-enable" is perfectly acceptable. Or maybe a server wants to use a 3(b) approach for a day or so, but if the client still hasn't renewed after a day (perhaps the user never opened the app in that day, and so there were no API calls) then it really wants to let them know. So, should the draft define a mechanism for this to occur if the server chooses to, but as a MAY rather than a SHOULD/MUST? - Phillip > On Jul 25, 2024, at 10:12 PM, Neil Jenkins <neilj=40fastmailteam.com@dmarc.ietf.org> wrote: > > On Fri, 26 Jul 2024, at 14:31, Phillip Tao wrote: >> The only other thing I wonder about is that RFC 8292 Section 4.2 seems to say that the application server should proactively notify the user agent when rotating keys, "requesting the creation of a new subscription". That seems like a good idea? Rather than waiting for the client to suddenly and unknowingly stop receiving pushes until the next time it happens to issue some API request. >> >> It seems like the JMAP server could push one last message with the old key that's like, "hey the VAPID key changed, please refetch the session and create a new push subscription", right before destroying that push subscription. > > The trouble with this is Apple requires any push notification to show a user-visible notification <https://developer.apple.com/videos/play/wwdc2022/10098/?time=438> with web push (and other vendors may be similar). You could show something like "Push notifications disabled, please open the app to re-enable" but it's not the best experience! I think the best way to handle this is as I put in 3(b) in my previous email, so the server gives time for the client to re-register. They should in theory detect pretty quickly, given they'll find the sessionState change on their next API request. > > Cheers, > Neil.
- [Jmap] Working group last call draft-ietf-jmap-we… Bron Gondwana
- Re: [Jmap] Working group last call draft-ietf-jma… Bron Gondwana
- Re: [Jmap] Working group last call draft-ietf-jma… Bron Gondwana
- [Jmap] Re: Working group last call draft-ietf-jma… Phillip Tao
- [Jmap] Re: Working group last call draft-ietf-jma… Bron Gondwana
- [Jmap] Re: Working group last call draft-ietf-jma… Neil Jenkins
- [Jmap] Re: Working group last call draft-ietf-jma… Phillip Tao
- [Jmap] Re: Working group last call draft-ietf-jma… Neil Jenkins
- [Jmap] Re: Working group last call draft-ietf-jma… Phillip Tao
- [Jmap] Re: Working group last call draft-ietf-jma… Daniel Gultsch
- [Jmap] Re: Working group last call draft-ietf-jma… Phillip Tao