IETF Logo Mail Archive

Re: [Webpush] Kathleen Moriarty's No Objection on draft-ietf-webpush-protocol-11: (with COMMENT)

kathleen.moriarty.ietf@gmail.com Thu, 13 October 2016 01:51 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C1712940D; Wed, 12 Oct 2016 18:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IH_yzi307qle; Wed, 12 Oct 2016 18:51:36 -0700 (PDT)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99E00129405; Wed, 12 Oct 2016 18:51:36 -0700 (PDT)
Received: by mail-qt0-x233.google.com with SMTP id f6so31573315qtd.2; Wed, 12 Oct 2016 18:51:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/CdFwSnXbG+svn+6m2arCAI/ptmFp7PyxR/oNsHf3xE=; b=Or6wNW/m+u9Ol37Cwcp6hqQyxFa2uFaWmtZpYfklFR0eisP+xFnpt2cMOJwxK/SFLe us9zYZgc9x/ti489p5XVY2VrFwvNZDgrueRVf7lGskkkM/Zza2koPlzvtdpsHX40uh43 UGKibtIlDECUCNhi38cTwscpenckgYMd/34VJ73Wp1I70HUS52dzyJvgHRFZkBqgNuXi Y1NVzuu96Y6Q76woZAYqsYFDhj9mDsl6dXqtZZ4zzEBRucjaMWJ2VNNTDccBl37MQ5xw UhV1BxWgDRFEBeMDs43yy9Ny8kegch8ycIqY61numBrkQWMgl7U3lUuvowLll85SN/TE j0UA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/CdFwSnXbG+svn+6m2arCAI/ptmFp7PyxR/oNsHf3xE=; b=OZhmxGgTxgkxc2XRt6KSynZfjx8h2FD01Hyd9OPDxOH0egM1v7dqmHVc6Nfc3gIyUD 9zATDLcaKk0OREKtFnpqae+yX/Do2tU+87d4PQz4xVsm6AhQPxTJ/zM812wwdMvioR6E 67m+H6ml056AnjvSsSsTYVy6s84CXPziQYlyT0oTidIETaxYp90Jh4W8cCNLc7C3Oe3v j3Nq5jsZu6GJqp9b8n1EbARX83/8USrZFMsSoVdu+2P2B5boM5e1/4BXj3B+GWgmeUGb nwmZaDQ0G9tMN+xmIHxLr+5fvXw+WII6WtuAu+fRRJpZD/Zq/+Bzb1P3k7yADQk4ljjf kukA==
X-Gm-Message-State: AA6/9RkYFKF0GetbJ2u4LuLxDb4cs/adNE8jtCalpN36obRIQxiWbAZG4KCiJo+oHn3bjw==
X-Received: by 10.200.45.124 with SMTP id o57mr4306548qta.90.1476323495812; Wed, 12 Oct 2016 18:51:35 -0700 (PDT)
Received: from [192.168.1.4] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id u4sm3799093qka.9.2016.10.12.18.51.34 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 12 Oct 2016 18:51:34 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (13G36)
In-Reply-To: <CY1PR03MB23809509AFCB9DBB5B66900083DC0@CY1PR03MB2380.namprd03.prod.outlook.com>
Date: Wed, 12 Oct 2016 21:51:34 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <EB148FDB-4AB6-41D1-B2B2-2E6E8632EAE2@gmail.com>
References: <147629678445.6285.5038003546245862234.idtracker@ietfa.amsl.com> <CY1PR03MB23809509AFCB9DBB5B66900083DC0@CY1PR03MB2380.namprd03.prod.outlook.com>
To: Brian Raymor <Brian.Raymor@microsoft.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/0KU17UBYUYFSPXnGmwsLSzGc_cU>
Cc: "draft-ietf-webpush-protocol@ietf.org" <draft-ietf-webpush-protocol@ietf.org>, Shida Schubert <shida@ntt-at.com>, "webpush-chairs@ietf.org" <webpush-chairs@ietf.org>, The IESG <iesg@ietf.org>, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Kathleen Moriarty's No Objection on draft-ietf-webpush-protocol-11: (with COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 01:51:39 -0000


Please excuse typos, sent from handheld device 

> On Oct 12, 2016, at 9:09 PM, Brian Raymor <Brian.Raymor@microsoft.com> wrote:
> 
> 
>> The only thing I might add is a note on the varying levels of security
>> offered by the HTTP authentication methods, which are documented in their
>> RFCs.  Adding just that point to the following (phrased however you'd
>> like) would be helpful:
>>    A push service MAY
>>   choose to authorize requests based on any HTTP-compatible
>>   authorization method available, of which there are numerous options.
> 
>> The somewhat recent updates to Basic & Digest do a really great job at
>> saying how awful they are and there are some experimental options that
>> offer some promise now.
> 
> Proposed text - https://github.com/webpush-wg/webpush-protocol/pull/139/files

Thanks for the quick update.  I would just say 'with varying levels of security.'  The security considerations sections for each of the methods available for HTTP are included in the RFCs for each.

Thank you,
Kathleen 
> 
> 
>

v2.8.7 | Report a Bug | By Email