IETF Logo Mail Archive

Re: [Webpush] Vapid public key

Costin Manolache <costin@gmail.com> Sat, 19 November 2016 15:53 UTC

Return-Path: <costin@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E8212955C for <webpush@ietfa.amsl.com>; Sat, 19 Nov 2016 07:53:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dh1D5VcrlCoL for <webpush@ietfa.amsl.com>; Sat, 19 Nov 2016 07:53:32 -0800 (PST)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C350129465 for <webpush@ietf.org>; Sat, 19 Nov 2016 07:53:32 -0800 (PST)
Received: by mail-it0-x22e.google.com with SMTP id y23so72009120itc.0 for <webpush@ietf.org>; Sat, 19 Nov 2016 07:53:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/1msPGcfirqqCb38zFdBcc1uLpQsDeRcp9JGWPkkk94=; b=QT6Z60sfbk6XV1RLeA1dIvRm0VME1gQvNIbc8G+v0iPThD76N8Rks4ZqE8elYjW49N XC5f+h2VBu7RTywvm0VzbpoMcEemg5raLupnif5nKePnjKdyNRIIL3VZYvtN8NZaW0VC 64hC7AODEwCnp6582HaHjbUE11hUsb3hvTAB5gjaLbbsg9uEgRDSa1RGGn+chvqI4ZPN D3w0GVClVAMZutO9cEMoEVJU3EqNrxkMgtYd/V4U+8a0zDx9v8KaEENHHspeTP/Ykt25 mUhZoWdeeJwmcIFomvXJgcSxoIN91mscbNw2NmBxEKP88ON7eqBuOqzM77S1sCpIza2B rVTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/1msPGcfirqqCb38zFdBcc1uLpQsDeRcp9JGWPkkk94=; b=B25v9Cd113ACjbFRLY+kqU95nuTtsRkTtXuciY9182jvCCLHI+ECbIObAin8t0p+Qj zhJXh1qUzcqijVAr672nm6eAjzrI6StseC4c2/aJ5j683VFF/QJ3GacVzAzRQME3MJFF vivWEC5kNeYJSyUkINF9UIaEvDWcESQ47MB8kakbDiSSmCCNBVLcbTI64xS0RjpeZ1Pi ZwFTqTFG0wXBCuC/tQYguC1V9f72wydFxoZfG+SXR/nVw+FqT4K85LVc55ZmB6Ac4XYz 6d+7DbvM86+echW9U13A6FJnCCWSniykfdeRQOXBT6VaX6b9MWjZdCZeaSOQodlI7LTP LL9g==
X-Gm-Message-State: AKaTC018hTYrmgt0TyaAJYsvvCV6Lkw7ShDlAukuyRCpJbjsgbjcrQ+RE0Jh1gfWqvpmzwgHa0Vwlf+4GnFkxQ==
X-Received: by 10.36.37.199 with SMTP id g190mr3077369itg.66.1479570811636; Sat, 19 Nov 2016 07:53:31 -0800 (PST)
MIME-Version: 1.0
References: <CABkgnnVKd+kAZPD5KirF7NaGMDBSpaO6FR3yE8d+c3ge3-He3w@mail.gmail.com> <CAP8-FqmBUHd5up7Jfo+veFWvL22XiPwGGXNnOW6rm7nxeESU_g@mail.gmail.com> <CABkgnnX4aAjnZyu3morJOLatuuj9k4NSoTpoNtF7YjtRUFQOnQ@mail.gmail.com> <CAP8-Fq=Zd66ZhWm+gYesOpc2NZ-YBpy2+bHdr6O+h1KG2s16uw@mail.gmail.com> <CABkgnnX8bmzsmx0EGJ8h5R4k4i=3KBaLXucekyv98PTz01f9fw@mail.gmail.com> <CABkgnnVvVHMFrbJYgF9GZEumDhvM_kHBf30TdHWxzSzpX1_CTw@mail.gmail.com>
In-Reply-To: <CABkgnnVvVHMFrbJYgF9GZEumDhvM_kHBf30TdHWxzSzpX1_CTw@mail.gmail.com>
From: Costin Manolache <costin@gmail.com>
Date: Sat, 19 Nov 2016 15:53:21 +0000
Message-ID: <CAP8-Fqn3ji66Ox3dEj_SifEpxgmYZrLWoyYy36PUS0o6eTLZrw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a11450caaa5f9000541a96cb3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/9WymHgKKWSALV5zPlbtaKseI5Ek>
Cc: jr conlin <jconlin@mozilla.com>, "webpush@ietf.org" <webpush@ietf.org>, Peter Beverloo <beverloo@google.com>
Subject: Re: [Webpush] Vapid public key
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2016 15:53:34 -0000

One more small suggestion: one of the pain points ( for me ) is the W3C
subscribe taking the
vapid pubkey as bytes instead of a string, and having to include the key in
.js files as a constant.

Would it be possible to define a .well-known/vapid/... file where the
public key can be saved ?
This may simplify tools, testing ( test env may use test sender keys), etc.
One problem is that
.well-known is at root - so either have
/.well-known/vapid/ENCODED_SW_URL.pub or
have a less standard .well-known/ in the same directory with the SW.

This would be optional - if the key is not included in the register call
explicitly.

GCM has a similar mechanism.

Costin



On Thu, Nov 3, 2016 at 8:09 PM Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 3 November 2016 at 11:56, Martin Thomson <martin.thomson@gmail.com>
> wrote:
> > I could live with either.  The second form is recommended by RFC 7235,
> > so we should probably pick that one.  That said, it makes sniffing
> > marginally harder because the double-quotes are optional and '=' is
> > valid in either form.  You have to look for a comma.
>
> Here's the proposed changes:
>
> https://github.com/webpush-wg/webpush-vapid/pull/29
>

v2.23.0 | Report a Bug | By Email