Re: [Webpush] Polling to adopt VAPID draft
Richard Maher <maherrj@googlemail.com> Wed, 06 April 2016 00:33 UTC
Return-Path: <maherrj@googlemail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 7598612D61F
for <webpush@ietfa.amsl.com>; Tue, 5 Apr 2016 17:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=googlemail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zCuX1a-6uiwG for <webpush@ietfa.amsl.com>;
Tue, 5 Apr 2016 17:33:08 -0700 (PDT)
Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com
[IPv6:2a00:1450:4010:c04::233])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B114C12D1E9
for <webpush@ietf.org>; Tue, 5 Apr 2016 17:33:07 -0700 (PDT)
Received: by mail-lb0-x233.google.com with SMTP id vo2so19810147lbb.1
for <webpush@ietf.org>; Tue, 05 Apr 2016 17:33:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlemail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc; bh=ADColptfJH1GvmT5Yd0VDYyhaZPRER1q/FpecizSRBc=;
b=l1bjZGGU7qUH4MytlT52jG7dW0Tjcl7x5LuicC/U7ZETeRt0CrDD/51cZtpQIZzLx1
WXAtxVMvCwGGlyL3tK+XM8GyhgJ3e8yXIfYzGDELu4TSxMvDxgZwBvecp668xPQ8TZC1
uqu3fyNre+JMeQoY8BTt0iPl2mpap2z6b8E5UtGoRXqO2Zb6mnc34OPX1NcdEiZE9Pgl
kQIbkAfkOLNtccPuWM1G687ZH0B7+XDOhwuezfP85YymnTRN6OdqAafO1NzGqE7Kz6D/
FPanRh9RHifpZ84kcZCgxUn4+ALi6sqQ3YYPu+pnIfTp+L+vzy9w1GmpyoUY3HaRQlVp
92PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc;
bh=ADColptfJH1GvmT5Yd0VDYyhaZPRER1q/FpecizSRBc=;
b=g5fAx88nVH7SKguGdQXYKhhD8fISmm+6aZhN6lAdu2kMeBOULrZZl3RMGOmRhKS1Y0
jKm3B4itpc91qzGx146l2eIgwDoSqGHmKQEXfMddRBqiLXyfLKtRQBxiWSbA8Psm9vVR
OcK2BtlBOxW5ZwBjU/YwCDY5nBzf8yU7U9CNMVTEhr5BIZPkm5FCJJ+z8NWwm1NxfPg1
M4/KxPTU5t0Dxg+mKZOx253hl6aDuDjkB/OA9tvrYYJG31pgwLDe9Oic7L0+2yhI6L5r
u/Adxzvb6WxjJd8a55+2XzUPLZVjlxqhduj8NgtWRM+NRgNBVTgWPJPde7kSjIAqaDtC
MkkQ==
X-Gm-Message-State: AD7BkJIhPTVH50v+b6MdyC7XK/ChzUCLf/NUqXcNMmToCdQF8ojGG1+vnM7Ozr+0Lid0hzQlxiLWaVxKqvDNgQ==
MIME-Version: 1.0
X-Received: by 10.112.136.201 with SMTP id qc9mr526910lbb.35.1459902785842;
Tue, 05 Apr 2016 17:33:05 -0700 (PDT)
Received: by 10.114.200.208 with HTTP; Tue, 5 Apr 2016 17:33:05 -0700 (PDT)
In-Reply-To: <B1516DDA-1660-4C63-AD3C-569150849467@mozilla.com>
References: <9EDD05BA-A6D3-4F37-8E65-19D573324966@ntt-at.com>
<57031F98.3080300@mozilla.com>
<CABvL1xogUKmLdJgUtwq+-4qQhzn+2Hsq2JK3G-e5vsZKktXy6g@mail.gmail.com>
<B1516DDA-1660-4C63-AD3C-569150849467@mozilla.com>
Date: Wed, 6 Apr 2016 08:33:05 +0800
Message-ID: <CABvL1xqwqRuSGyNsFD42v_pLTstQHGLG5oTOT6GiXbEGwnBdNg@mail.gmail.com>
From: Richard Maher <maherrj@googlemail.com>
To: Kit Cambridge <kcambridge@mozilla.com>
Content-Type: multipart/alternative; boundary=089e011831acf4f2e8052fc61acc
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/Dj708Z48Fbc1cucCdT0l9nSUY90>
Cc: jr conlin <jconlin@mozilla.com>, webpush@ietf.org
Subject: Re: [Webpush] Polling to adopt VAPID draft
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 00:33:11 -0000
Hi Kit, > I don't follow this point. What do you mean by "a server subscribing a client to a TOPIC”? I may have misunderstood the documentation but WRT https://developers.google.com/cloud-messaging/topic-messaging#managing_topic_subscriptions_from_the_server and https://developers.google.com/instance-id/reference/server#create_a_relation_mapping_for_an_app_instance , in the absence of any client topic-subscription mechanism what else can we do? > How do you mean? Would you like these proposals to include examples, or links to implementations? Either/or would be good Thanks for the reply and sorry to others for going off-TOPIC :-) Cheers Richard On Tue, Apr 5, 2016 at 9:44 PM, Kit Cambridge <kcambridge@mozilla.com> wrote: > Hey Richard, > > (Responses inline). > > On Apr 5, 2016, at 5:42 AM, Richard Maher <maherrj@googlemail.com> wrote: > > > > > Hi jr, > > > > As a "service provider" what are YOU going to provide? > > Our main concern is being able to contact senders. For example, if their > server is misconfigured, or if we see unusually high traffic from a > particular sender. Without any contact info, we could only resort to > throttling or blacklisting. But this is voluntary, of course: as a sender, > you're not required to use VAPID if you don't want to. > > We'll also use this to provide a "developer dashboard," similar to GCM's > stats. If you opt in, you'll be able to see how many messages were > delivered, whether the recipient was online or offline, and whether there > were delivery errors: bad crypto and uncaught exceptions in service > workers, for example. > > > So subscription.getKey() is now a mandatory method? > > `subscription.getKey()` is only for encrypting push messages. Encryption > has always been mandatory in Web Push, unless you'd like to send a > data-free "ping" and have your app fetch the data it needs from your server. > > VAPID is totally voluntary. The sender generates an ECDSA key pair and > uses the private key to sign JWT tokens. > > > Does Mozilla need to implement "xxx_sender_id" in the manifest? > > I don't think so. The other part of VAPID is creating a "restricted > subscription," which binds a subscription endpoint to your key. That way, > if the endpoint is leaked, you’ll still need the key pair to send messages > to it. You can see how the DOM API will work here: > https://github.com/w3c/push-api/pull/187 > > Again, that's voluntary; you don't need to restrict subscriptions to use > VAPID. You can still include a JWT token and only have your server > identify. Or, you can not identify at all. > > > Why is there no talk of TOPIC subscriptions? A server subscribing a > client to a TOPIC is surely bullshit? > > I don't follow this point. What do you mean by "a server subscribing a > client to a TOPIC”? > > Web Push uses "topic" to refer to collapsing multiple messages, like GCM's > `collapse_key`...but there's no way for a server to make a client > subscribe. Could you please elaborate? > > > Can't these standards proposals ever talk about implementations? Who > wins? Google, Mozilla, Someone else? > > How do you mean? Would you like these proposals to include examples, or > links to implementations? > > Cheers, > - kit > > > > > Cheers Richard Maher (I liked Dallas) > > > > > > ---------- Forwarded message ---------- > > From: jr conlin <jconlin@mozilla.com> > > Date: Tue, Apr 5, 2016 at 10:14 AM > > Subject: Re: [Webpush] Polling to adopt VAPID draft > > To: webpush@ietf.org > > > > > > As a service provider, I express my strong support for the VAPID > specification. > > > > On 04/04/2016 03:18 PM, Shida Schubert wrote: > >> > >> All; > >> > >> As I mentioned at the meeting today, I am polling the list for adopting > VAPID draft as a WG item for a milestone “voluntary application > identification mechanism for web push draft to IESG as Proposed Standard”. > >> > >> https://tools.ietf.org/id/draft-thomson-webpush-vapid-02.txt > >> > >> If you have concern or objections with this, please express your > opinion(s) by responding to this e-mail. > >> > >> If you like the draft, see value and you like to see it adopted, please > express that as well by responding to this e-mail. > >> *Even if you have expressed your interest previously in the room or on > the list, please express your support again. > >> > >> If you are confused with this e-mail, please let me know :) > >> > >> Thanks! > >> Shida as co-chair > >> > >> > >> > >> _______________________________________________ > >> Webpush mailing list > >> > >> Webpush@ietf.org > >> https://www.ietf.org/mailman/listinfo/webpush > > > > > > _______________________________________________ > > Webpush mailing list > > Webpush@ietf.org > > https://www.ietf.org/mailman/listinfo/webpush > > > > > > _______________________________________________ > > Webpush mailing list > > Webpush@ietf.org > > https://www.ietf.org/mailman/listinfo/webpush > >
- [Webpush] Polling to adopt VAPID draft Shida Schubert
- Re: [Webpush] Polling to adopt VAPID draft jr conlin
- Re: [Webpush] Polling to adopt VAPID draft Darshak Thakore
- Re: [Webpush] Polling to adopt VAPID draft Richard Maher
- Re: [Webpush] Polling to adopt VAPID draft Kit Cambridge
- Re: [Webpush] Polling to adopt VAPID draft Costin Manolache
- Re: [Webpush] Polling to adopt VAPID draft Richard Maher
- Re: [Webpush] Polling to adopt VAPID draft Benjamin Bangert
- Re: [Webpush] Polling to adopt VAPID draft Richard Maher
- Re: [Webpush] Polling to adopt VAPID draft Benjamin Bangert
- Re: [Webpush] Polling to adopt VAPID draft Richard Maher
- Re: [Webpush] Polling to adopt VAPID draft Shida Schubert