Re: [Webpush] Ben Campbell's Yes on draft-ietf-webpush-protocol-11: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Thu, 13 October 2016 00:21 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D9ED1295B7; Wed, 12 Oct 2016 17:21:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.896
X-Spam-Level:
X-Spam-Status: No, score=-4.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UhzjrYdbc1zW; Wed, 12 Oct 2016 17:21:10 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DC6A1295AE; Wed, 12 Oct 2016 17:21:10 -0700 (PDT)
Received: from [10.0.1.21] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u9D0L4jA072658 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 12 Oct 2016 19:21:05 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.21]
From: Ben Campbell <ben@nostrum.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 12 Oct 2016 19:21:04 -0500
Message-ID: <ADBF3344-5318-4E8D-8A17-1A6941AA86AC@nostrum.com>
In-Reply-To: <CAKKJt-fKL-p_Jh-wE8LdYM3RyxBFH1fXtdN8sKoMsuK8XLNnNw@mail.gmail.com>
References: <147630754676.6419.3793529940535426058.idtracker@ietfa.amsl.com> <CABkgnnW9yP8NHC7xJwN-qt_0Oc=WrxRhWcMO3=YY_8qFvAyzhA@mail.gmail.com> <CAKKJt-fKL-p_Jh-wE8LdYM3RyxBFH1fXtdN8sKoMsuK8XLNnNw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/AUkzhcOE1na_E-EvIwyFZdIzgNk>
Cc: Brian Raymor <Brian.Raymor@microsoft.com>, Martin Thomson <martin.thomson@gmail.com>, Shida Schubert <shida@ntt-at.com>, iesg@ietf.org, draft-ietf-webpush-protocol@ietf.org, webpush-chairs@ietf.org, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Ben Campbell's Yes on draft-ietf-webpush-protocol-11: (with COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 00:21:11 -0000
On 12 Oct 2016, at 19:13, Spencer Dawkins at IETF wrote: > Hi, Martin, > > On Oct 12, 2016 19:10, "Martin Thomson" <martin.thomson@gmail.com> > wrote: >> >> On 13 October 2016 at 08:25, Ben Campbell <ben@nostrum.com> wrote: >>> In section 8, 2nd paragraph: "Applications using this protocol MUST >>> use >>> mechanisms that provide >>> confidentiality, integrity and data origin authentication." >>> >>> What must it use those mechanisms for? Are we talking about > communication >>> between the UA and app servers? Are we just talking about data in > motion? >>> As much as I like to see such requirements in general, is it >>> reasonable >>> for webpush to state requirements on the internal operation of the >>> application? >> >> This specifically refers to the work in >> draft-ietf-webpush-encryption, >> which covers these things. We should add a f'rexample there. Brian, >> does that sound right? >> >> (Yes, TLS is mandatory, but hop-by-hop mechanisms don't cover all the > bases.) >> > > Make Ben happy, because it's his comment, but that would have > significantly > helped me understand! Who said I wasn't happy? :-) But I think I now understand this to mean e2e protection, at least with respect to the push service. Some clarification would help. Also, that seems conceptually bound more to section 8.1 than 8. (Or was 8.1 intended to expand on the mention in 8?) Ben.
- [Webpush] Ben Campbell's Yes on draft-ietf-webpus… Ben Campbell
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Spencer Dawkins at IETF
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Ben Campbell
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Spencer Dawkins at IETF
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Martin Thomson
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Spencer Dawkins at IETF
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Ben Campbell
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Martin Thomson
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Ben Campbell
- Re: [Webpush] Ben Campbell's Yes on draft-ietf-we… Spencer Dawkins at IETF