Re: [Webpush] Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)
Brian Raymor <Brian.Raymor@microsoft.com> Fri, 14 October 2016 20:00 UTC
Return-Path: <Brian.Raymor@microsoft.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96164129499; Fri, 14 Oct 2016 13:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D_PCe32rdYyV; Fri, 14 Oct 2016 13:00:41 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0123.outbound.protection.outlook.com [104.47.32.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ACE41293DF; Fri, 14 Oct 2016 13:00:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wbAzB8BK1E6DoYIL8wBHI72mc0HdAPU0q5rMxWUI+cY=; b=oEbiUqVPI5TbzouI11DhXoRPrOyrl/1Qj7GtwWcPTifG1VTx9lUqh8Evdx0UmdLb7QLFKQlH2+YOPt6H/Jm0KhR5MMwTa3Ng10pmYHRVy5pTzaaltiALAC/3qoNGttD+82x1LMUJHUuTlQndRPX6EabJ8CDb1tGSBhRQ2x5Jey0=
Received: from CY1PR03MB2380.namprd03.prod.outlook.com (10.167.8.6) by CY1PR03MB2377.namprd03.prod.outlook.com (10.166.207.152) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.12; Fri, 14 Oct 2016 20:00:40 +0000
Received: from CY1PR03MB2380.namprd03.prod.outlook.com ([10.167.8.6]) by CY1PR03MB2380.namprd03.prod.outlook.com ([10.167.8.6]) with mapi id 15.01.0659.020; Fri, 14 Oct 2016 20:00:40 +0000
From: Brian Raymor <Brian.Raymor@microsoft.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)
Thread-Index: AQHSJiwPJMwjYoplfkyn6wgWsrTwWqCoSZig
Date: Fri, 14 Oct 2016 20:00:39 +0000
Message-ID: <CY1PR03MB2380AE2A057528E2B17FA0B083DF0@CY1PR03MB2380.namprd03.prod.outlook.com>
References: <CY1PR03MB238089D350CD6A78DB9E80BE83DF0@CY1PR03MB2380.namprd03.prod.outlook.com> <5816348f-015a-beca-a5e6-3883fff02aab@cs.tcd.ie>
In-Reply-To: <5816348f-015a-beca-a5e6-3883fff02aab@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brian.Raymor@microsoft.com;
x-originating-ip: [174.61.159.182]
x-ms-office365-filtering-correlation-id: 24d9cfc1-5b82-4b3a-c85b-08d3f46cc5c6
x-microsoft-exchange-diagnostics: 1; CY1PR03MB2377; 7:dfflr3GMiJdeDQZEoBf3rrweNDuEWtd2fqFsmYUjcped7Pc0cgeusuv8NXbsnZRifeSm0yAZq8FXgJGzwCzla4JZQBPkB5tRvceLcukRjYq1y036NYPgWGSni09C+G7PThncwPnMMrkILBW4yO9QUw2itP1e0k3pjUl/k6H8fbB1yZUP8vTjHAtxt4ZQt+JLDE/UutyMCaekYKActCUslO18hzNfHnvtxwatlIyBoj/xfuFBqGCaWqxrDsDUkfflHin0PWmrgtJmJZ/k7zkOj01AAE3ccvsAXeBFIdmEEHpOTHg/ZBbeHbnDmLZspOwQ9fvZuIanSGAK7FkJVBRl9mW38kg56Wr2Xx1xdPY3I+RILiuDgLKsddynafvEvJhR
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR03MB2377;
x-microsoft-antispam-prvs: <CY1PR03MB2377CECEB28AD4038C86B1E383DF0@CY1PR03MB2377.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(35073007944872)(788757137089);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:CY1PR03MB2377; BCL:0; PCL:0; RULEID:; SRVR:CY1PR03MB2377;
x-forefront-prvs: 0095BCF226
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(199003)(189002)(54356999)(74316002)(3660700001)(86362001)(2900100001)(2950100002)(11100500001)(101416001)(77096005)(97736004)(189998001)(5001770100001)(50986999)(76176999)(106116001)(106356001)(68736007)(76576001)(105586002)(10090500001)(10400500002)(10290500002)(99286002)(5005710100001)(8990500004)(5660300001)(15975445007)(33656002)(7696004)(66066001)(122556002)(9686002)(5002640100001)(86612001)(3280700002)(230783001)(305945005)(102836003)(92566002)(19580395003)(8936002)(2906002)(6116002)(3846002)(81166006)(7736002)(586003)(4326007)(81156014)(7846002)(8676002)(87936001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR03MB2377; H:CY1PR03MB2380.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2016 20:00:39.8483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR03MB2377
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/OypXwshRmVXCJF4uCrl738eBd84>
Cc: "draft-ietf-webpush-protocol@ietf.org" <draft-ietf-webpush-protocol@ietf.org>, Shida Schubert <shida@ntt-at.com>, "webpush-chairs@ietf.org" <webpush-chairs@ietf.org>, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 20:00:43 -0000
Hi Stephen, > So what's not clear to me is how webpush works with the SOP > and whether there's anything more that needs to be said about > that in the document. For example, you sensibly recommend > running the push service on port 1001 but none of the examples > mention that port in the Host or :authority values shown. > This may all be clear to someone who's very familiar with > alt-svc though, (but it wasn't clear to me:-), which might > be fine, but I'm not sure. As an example, is the application > that is pushing the messages required to know that the > push service is or is not using port 1001? Alternative services have not been a source of confusion in the working group. There have been no related questions on the mailing list that I can recall or find. The SOP question feels more relevant to RFC7838 than WebPush (hence our confusion yesterday). Perhaps excerpting a few references will help clarify that perception: https://tools.ietf.org/html/rfc7838 An alternative service can be used to interact with the resources on an origin server at a separate location on the network, possibly using a different protocol configuration. Alternative services are considered authoritative for an origin's resources, in the sense of [RFC7230], Section 9.1 ... Alternative services do not replace or change the origin for any given resource; in general, they are not visible to the software "above" the access mechanism. The alternative service is essentially alternative routing information that can also be used to reach the origin in the same way that DNS CNAME or SRV records define routing information at the name resolution level ... This means that clients using an alternative service can change the host, port, and protocol that they are using to fetch resources, but these changes MUST NOT be propagated to the application that is using HTTP; from that standpoint, the URI being accessed and all information derived from it (scheme, host, and port) are the same as before. Importantly, this includes its security context; in particular, when TLS [RFC5246] is used to authenticate, the alternative service will need to present a certificate for the origin's host name, not that of the alternative. Likewise, the Host header field ([RFC7230], Section 5.4) is still derived from the origin, not the alternative service (just as it would if a CNAME were being used). Also see mnot's blog for a quick introduction: https://www.mnot.net/blog/2016/03/09/alt-svc So, to use an alternative, a client needs to have what we call “reasonable assurances” that it has the authority to do so. In this specification, we define one way to do that; the alternative needs to present a TLS certificate that’s valid for the origin – not the alternative! – hostname. Hope that helps, ...Brian
- [Webpush] Stephen Farrell's Discuss on draft-ietf… Stephen Farrell
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Brian Raymor
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Brian Raymor
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Brian Raymor
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Martin Thomson
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Brian Raymor
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Brian Raymor
- Re: [Webpush] Stephen Farrell's Discuss on draft-… Stephen Farrell