Re: [Webpush] webpush for http2 -02
Benjamin Bangert <bbangert@mozilla.com> Fri, 13 February 2015 01:23 UTC
Return-Path: <bbangert@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167A21A1A4A for <webpush@ietfa.amsl.com>; Thu, 12 Feb 2015 17:23:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvsXERuYG3vF for <webpush@ietfa.amsl.com>; Thu, 12 Feb 2015 17:23:20 -0800 (PST)
Received: from mail-wg0-f47.google.com (mail-wg0-f47.google.com [74.125.82.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B471A026C for <webpush@ietf.org>; Thu, 12 Feb 2015 17:23:09 -0800 (PST)
Received: by mail-wg0-f47.google.com with SMTP id x12so80898wgg.6 for <webpush@ietf.org>; Thu, 12 Feb 2015 17:23:08 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=m8nI0hMWw/o9j9QHReKH/0C1cYnaHkgB1c5a34UPwns=; b=EW7P/v4+p6FpFVSDP9mJwmGOilrVBJI1qaI9vSDXld1XUfZukVa4p/xNs/cGlzrJst IggcALfofi76B/LabChtfj1OJcQVpvuCdHn/GxYcW4eSliowLVu3kso9BMe4NW/xHaCf R3HOnXc4JIVYm2jj8KoVR5jzodGn2w5997QClqFa1Wt5H+sZlnBhwb1jYMVbDehhOkbW lr75DDcxQgtdxwN4ZGOfRLb9rlN+NEKpnHHHkjtUqltKNysSoaCia2OAss8qKZCUZ50P 2v/qgaQC1GDPrzPxQepbP/86X3WBWmry17ebBd4fbACHwkhpYOdInXncFQR4wJYITWfi RSlQ==
X-Gm-Message-State: ALoCoQlkzB9c+B5KdelPvJOBSoBcML/a9nf5kONcvy4iOOHDAFXBFEpnCwrt5Hj/6BA7CyTx41J2
MIME-Version: 1.0
X-Received: by 10.180.198.101 with SMTP id jb5mr11045150wic.92.1423790588043; Thu, 12 Feb 2015 17:23:08 -0800 (PST)
Received: by 10.27.131.41 with HTTP; Thu, 12 Feb 2015 17:23:08 -0800 (PST)
In-Reply-To: <CABkgnnUxA0uOCF3TqUkfv2hjJnKfyKyR+EVai8Ag060p6KBgug@mail.gmail.com>
References: <CABkgnnUxA0uOCF3TqUkfv2hjJnKfyKyR+EVai8Ag060p6KBgug@mail.gmail.com>
Date: Thu, 12 Feb 2015 17:23:08 -0800
Message-ID: <CABp8EuJqcF25JRAxyAivLm2ph4j1YVRjjZ9BnibxFu_2rgNoMw@mail.gmail.com>
From: Benjamin Bangert <bbangert@mozilla.com>
To: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b624d143c3ad7050eee142b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/-hyIEv54jx17mpbO-vYurez7UA8>
Subject: Re: [Webpush] webpush for http2 -02
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 01:23:26 -0000
A few comments: Section 2: - The diagram is good, but I think adding one variant for broadcast messages would be good. I could see a crypto secured broadcast working like so: - Broadcast Subscribe (In contrast to normal subscribe) - Browser Agent makes Provide Subscription request to Application, including request (flag) to be issued the broadcast key - Browser stores the broadcast key with the new subscription (rather than generating its own key) Section 5: - The examples show plain-text notification content while 8.1 indicates subscriptions include a crypto key, so they should be an opaque encrypted blob - The Push Server should return an appropriate Bad Auth HTTP status code when authorization is required of the Application Server. Section 6: - Should also show an encrypted blob Section 7.2: - It would be useful to have some minimum storage period Section 7.3: - It says the push service can expire it anytime, what happens if a client is disconnected during this time? Or are push services only allowed to expire subscriptions while the client is connected? Section 8.3/8.4: - It seems reasonable that Push Service providers will want to require an App-Server developer to register their app and get an Oauth token or some other scheme to indicate that they are allowed to push notifications (and for Push Service providers to restrict maximum messages/throughput on a per-app basis). Should this be mentioned here? Cheers, Ben On Fri, Dec 12, 2014 at 4:01 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > I've revised the protocol proposal for web push. > > https://datatracker.ietf.org/doc/draft-thomson-webpush-http2/ > > A more readable HTML version is here, though this will be updated as I > make changes: > > https://martinthomson.github.io/drafts/draft-thomson-webpush-http2.html > > This includes some fairly significant changes to incorporate the > feedback I've received from various corners. I haven't prepared a > change log, but I believe that this covers at least the high points of > what was discussed at the meeting: > > - names of everything have changed > - I've added examples and expanded the explanatory text throughout > - removed use of 202 due to a privacy concern (thanks to Robert > Sparks for sharing his experience with this) > - significantly expanded the operational considerations regarding > load distribution and message retention > - minimum message size of 4k added > > _______________________________________________ > Webpush mailing list > Webpush@ietf.org > https://www.ietf.org/mailman/listinfo/webpush >
- [Webpush] webpush for http2 -02 Martin Thomson
- Re: [Webpush] webpush for http2 -02 Benjamin Bangert
- Re: [Webpush] webpush for http2 -02 Benjamin Bangert