IETF Logo Mail Archive

Re: [Webpush] Major change to encryption

Martin Thomson <martin.thomson@gmail.com> Wed, 02 November 2016 03:50 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B21661294D5 for <webpush@ietfa.amsl.com>; Tue, 1 Nov 2016 20:50:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfj4ZNA25CA8 for <webpush@ietfa.amsl.com>; Tue, 1 Nov 2016 20:50:10 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 904AE129404 for <webpush@ietf.org>; Tue, 1 Nov 2016 20:50:10 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id o68so4317440qkf.3 for <webpush@ietf.org>; Tue, 01 Nov 2016 20:50:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XVo2tP4p3t6Bjo771IcH5NzzMaktmMzqyM2i4jc4k+0=; b=d8MIMIYKLHc1Bcx+8JYHKafMVOlZ1qHDYGrhACkRMCTt1+7W9yAAa2p5C8QhRPkOPi alHXdkl0Bc+nbQxbCHtXhmUG7jcpORbOCCUf2klVm8S8hfwzvoRZPlQVK1dpvDmbqke5 A7TcUk0NYoWi1AoCkUSNxw8eNp5o4yndOkOEdP+3TR+Aeku9cuR/gfcaG5x8rOwbs0cz GEMrQjwazc1sI+HpKmdb8R/wxl6dTf4rlRfxXdPsDHHmNf10THKNHCykXdljvmzXtBSL u9cGDTeLf/u+uWSK1C7/fQ5o5NrMGKnzeN3TUaEaGe/z+cdlZq2xtsNIX3RDeTta6hdP bFVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XVo2tP4p3t6Bjo771IcH5NzzMaktmMzqyM2i4jc4k+0=; b=FinR25BikNRT3x4AYx4rQec+rXQd2MK+pP69e7pe2P7O2GnbhHQ5Ia/M9Wn1kc+fBp XLDI9K4Mp37EcQxUxiqICQryyo4s62XFC11astLM3s53r1WTRJUCPkDjzUshEfKwlVu8 apQKJDFbeBvFfkO92vikFS44+WKNo3P6SV/VLVfkcUQLuMVeWF2DMZztRXGFmTj0PCqw YbOLhuH87SRtxTtcJSKI0kNkNf6H60KqqRevUo5T6ISfobD4YfbT221LJ7Z6XETmdbrY oyH7ezb1Mzzq4YMGbGBvkKlRlbzh3tGc5BVWXAk7m1QhwIxThrg0QuPmYm5rW9Vwm70F bL0w==
X-Gm-Message-State: ABUngvf7Ob3kwJZHbJ1XxIeuwaXEEDtWnpKKEH611ETaqxaqkk8W2e84Zu3/2Q7xeJCzWG6hOb2xITPwXKhH3g==
X-Received: by 10.55.155.151 with SMTP id d145mr1249847qke.115.1478058609791; Tue, 01 Nov 2016 20:50:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Tue, 1 Nov 2016 20:50:09 -0700 (PDT)
In-Reply-To: <CAP8-Fqk+suz9YpFKbdTa42nUfknWfPH-M017UjRjV2oLxUZKjQ@mail.gmail.com>
References: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com> <da15e3e3-9d20-7e2c-eceb-d369a3529226@mozilla.com> <CABkgnnVeGAtADwvf_FWKvNDpAtKNVvWpiFAr-LPf47hgHSqiag@mail.gmail.com> <f6bb7ff3-1d6c-3b8c-b956-aaa0c046fd3a@mozilla.com> <CABkgnnUzR747r3VC1DLTqnZJwPvkAoH-SbB+y7-UY0i1Z+fX3A@mail.gmail.com> <CALt3x6nS2+LG6aZPEZL5wPA_c00pCjZ5WswcFqty35weut2rOw@mail.gmail.com> <CABkgnnUSou5xroNP5dppHJOCydErzKm4c6_Z2tw1w2hLhqb6Bg@mail.gmail.com> <CAP8-Fqn7siP7JuguZHipHHsc6Hj7dfai3u3hS8MpjLJOCWqerA@mail.gmail.com> <84f3da33-a9a4-1bbc-f290-e283cec07c22@mozilla.com> <CAP8-Fqk+suz9YpFKbdTa42nUfknWfPH-M017UjRjV2oLxUZKjQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 02 Nov 2016 14:50:09 +1100
Message-ID: <CABkgnnW3LK5Gvj=05QFrUktZhHEvwS-dkLE3BE_1iaSoMizUdg@mail.gmail.com>
To: Costin Manolache <costin@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/Dh5-MEL3bnZiptCDPftixw8ZsRQ>
Cc: jr conlin <jconlin@mozilla.com>, "webpush@ietf.org" <webpush@ietf.org>, Peter Beverloo <beverloo@google.com>
Subject: Re: [Webpush] Major change to encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 03:50:12 -0000

On 2 November 2016 at 12:00, Costin Manolache <costin@gmail.com> wrote:
> Yes, when sending over GCM it's better to have the 65bytes of the key in the
> binary prefix of the
> "raw_data" byte[] instead of having to add another key/value pair, with the
> b64 encoding and proto
> overhead. But it's an optimization - not the main reason :-). A nice extra
> benefit is that browsers on android
> could dispatch the message based on the raw_data only, since the EC public
> key can identify the app/SW.

As I said, I'm not opposed to this, it just seems wrong.

Moving the public key into the body will cut into message budgets.
We'll be at 3994 octets of plaintext maximum if we do that.  One of
the nice things with the header field is that users don't pay for it.
The bad thing is that the server needs to find a way to move it.

If we are going to make this change, we need to be very crisp about it.

v2.23.0 | Report a Bug | By Email