IETF Logo Mail Archive

Re: [Webpush] Vapid public key

Martin Thomson <martin.thomson@gmail.com> Thu, 03 November 2016 00:56 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFA3612973A for <webpush@ietfa.amsl.com>; Wed, 2 Nov 2016 17:56:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k4JkLxpuqdyW for <webpush@ietfa.amsl.com>; Wed, 2 Nov 2016 17:56:28 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 708721295AB for <webpush@ietf.org>; Wed, 2 Nov 2016 17:56:28 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id c47so19514375qtc.2 for <webpush@ietf.org>; Wed, 02 Nov 2016 17:56:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pCnHjGShLVCTgG1B54bgSmrT5U1ZENUSwWnkA3d9hz0=; b=cZIbsDzSy8NHqbpY4Slczu9ycOrCZwwqAgWSEj/EKVYuDLDW7/EIZHwPtRxbvNOtNf x5qfB/0/V00srMsAFPg6QuO1EVZb7cHm2fGsfJ/99pL7pm8+2A91BY8qBqbWW5aOIRwi crvYXYqi2DphVw15CHpsF4G6+m2rshZvB8v0AvGuLjXpvY1FHbKUnRj9o7YbD3Rqo0t/ FHX5+nmlXH8EvKRfXLxvz5fIBF2Bb2pm+XmikbSDvhkkOvDGLKDBb4pXR7BRFFx1xW3u F/nRRsnx2xUj/nN13KsR2FMMcu2qqhgsx9Ns+pvDephWANJ2Wu2k3SdjSM0pgX32nakF SyBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pCnHjGShLVCTgG1B54bgSmrT5U1ZENUSwWnkA3d9hz0=; b=VucMEmGMqUPxB0AwRGnpbOHARh1jHLH4bZB0Fe99kEOY7FtWw6bhm9shaGW9ZgrtW8 Vr7iHEI2cbE8+rKUegMm6Aywwwn7SQhUXlufu1VMIJq77/Iq9JoUCi9rpy0LElxM5Ii0 Fu8EPXal9DANdoZKrIESFFTKTmhrFrRkeepXJyyDtNvJD2PGzdKsQrycdbeBsQoyrtkW D9FwjoEAk1QJzrJJfeFrRk0T0Djf5aYJ4uhdLP1MWiCoQpZEGTUO4ClG2CimwlE1WT6b xOV1N3E1lmEck++HBT1cI+4sU3B4Xs0/L7yvvkM6LWPP/84jxlcSXWkRH70CbeXvygQR vNMw==
X-Gm-Message-State: ABUngvddHsiK9cc1sKvWbzXLD0Ugj1+LM3iWy2fquCbTo8IAXEiJh/wE0LZzT2vtSgxavuhizB9B4hUjVyrJ1w==
X-Received: by 10.200.36.125 with SMTP id d58mr5300728qtd.126.1478134587629; Wed, 02 Nov 2016 17:56:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Wed, 2 Nov 2016 17:56:27 -0700 (PDT)
In-Reply-To: <CAP8-Fq=Zd66ZhWm+gYesOpc2NZ-YBpy2+bHdr6O+h1KG2s16uw@mail.gmail.com>
References: <CABkgnnVKd+kAZPD5KirF7NaGMDBSpaO6FR3yE8d+c3ge3-He3w@mail.gmail.com> <CAP8-FqmBUHd5up7Jfo+veFWvL22XiPwGGXNnOW6rm7nxeESU_g@mail.gmail.com> <CABkgnnX4aAjnZyu3morJOLatuuj9k4NSoTpoNtF7YjtRUFQOnQ@mail.gmail.com> <CAP8-Fq=Zd66ZhWm+gYesOpc2NZ-YBpy2+bHdr6O+h1KG2s16uw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 3 Nov 2016 11:56:27 +1100
Message-ID: <CABkgnnX8bmzsmx0EGJ8h5R4k4i=3KBaLXucekyv98PTz01f9fw@mail.gmail.com>
To: Costin Manolache <costin@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/PNX2WQuCRNJP8oCrL5SJEdVA3dc>
Cc: jr conlin <jconlin@mozilla.com>, "webpush@ietf.org" <webpush@ietf.org>, Peter Beverloo <beverloo@google.com>
Subject: Re: [Webpush] Vapid public key
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 00:56:30 -0000

On 3 November 2016 at 05:11, Costin Manolache <costin@gmail.com> wrote:
> Any problem with using auth-param:
>
> Authorization: webpush JWTTOKEN, id=PUBKEY

Yeah, authparam requires that everything have a key-value pair.  We
could do it though.  It's a toss-up:

Authorization: webpush JWTTOKEN.blah.blah_/AApubkey-___

Authorization: webpush token="JWTTOKEN.blah.blah",k="AApubkey-___"

I could live with either.  The second form is recommended by RFC 7235,
so we should probably pick that one.  That said, it makes sniffing
marginally harder because the double-quotes are optional and '=' is
valid in either form.  You have to look for a comma.

v2.8.7 | Report a Bug | By Email