IETF Logo Mail Archive

Re: [Webpush] When UA should send an acknowledgement?

Benjamin Bangert <bbangert@mozilla.com> Wed, 08 June 2016 05:15 UTC

Return-Path: <bbangert@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4B6512D662 for <webpush@ietfa.amsl.com>; Tue, 7 Jun 2016 22:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mozilla-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0UvhPKXQI52q for <webpush@ietfa.amsl.com>; Tue, 7 Jun 2016 22:15:14 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 191E412D648 for <webpush@ietf.org>; Tue, 7 Jun 2016 22:15:13 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id o189so145189012ioe.2 for <webpush@ietf.org>; Tue, 07 Jun 2016 22:15:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=lTAgwC7vztPxlYGiXpQI0g8anro2+FOBRzu+kf4IwAk=; b=mpY5W26s4nHzgzmB8frJjLSj689BCEfsMR65tb5/KEyIm3NmpyF1PIyAjKzOuSV+UI SoEx7MxA4+DaQmNgw2w+pJ9DCQabXa3UpxpXiJUf6NHJvwjIkIBQXoeSA74uQUsw5f// Es4CireI7+UXarBjqHVXioLIeaUWgs7KlpeFkxooh5UqfTr4mtBHKDiStxuZWqeciTH/ 3IbIyaz+57NmgDRRvw7KYl/WpNwoPZHoTJubs3cNIIA86Ida+KtKJZt3lMtI1P9JBQXs eC3cMOG1ftuoq7wFfuvONwTkC7GIkp9IHTrmNqeuHBeJxSznIuy1EW2ra04+CvaaFwQP 9BrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=lTAgwC7vztPxlYGiXpQI0g8anro2+FOBRzu+kf4IwAk=; b=Vj+nYFRTvR1pNMdPt2wRR/dNMgT5ZYrT4GnUJ9eDjjQw3cionkieBGufju5BmfYJ5b rmS/LLEs7znHOpewVL5IK7yiPMAKXNWC8LFEJdywYBsiBoZKb+MWTDlADbYNZwNeoLB4 oHyCgWNb41KPXDSGb3Noq7AzHBOkDKymDA3825o3rTiV8vAGtNTJkhEvfcIBe2SM4Pen iFBi5XsN23SCfChvKNozoYuYIQt1VpFOq0DYh0ZgeUhS0Njb91ORv6H2w9WT08ZHO2kX bLDSuahhzP3oAbTN3YcELKmw+9kJ3hJQ4OTlc01nU8V5vC7cAPujaeGnSFw2mVeH1hp+ jdvg==
X-Gm-Message-State: ALyK8tJaSNxdjKQ4T+tadcg8tPIq0p1VY09zbeicZfCRH3jXBLShVXxx+E42wD3uTozKG8VOINToXdGmwbuNmhEr
MIME-Version: 1.0
X-Received: by 10.107.6.149 with SMTP id f21mr2784272ioi.14.1465362913019; Tue, 07 Jun 2016 22:15:13 -0700 (PDT)
Received: by 10.79.76.194 with HTTP; Tue, 7 Jun 2016 22:15:12 -0700 (PDT)
In-Reply-To: <CABkgnnVcyFcd2MPUFKORkkyHpMDfALjAP34ByVJpLBEMSiZ=ZA@mail.gmail.com>
References: <CAN+BUJpdSB-HvT6VQzVcAPqzwb_pn=HzLOC3r4ntSKjDh3ffLA@mail.gmail.com> <CABkgnnVSrKp8sf31qpBztp1FH=AQHFCoAH9XVQx6JyU4BoEQaQ@mail.gmail.com> <CABp8EuLYHufcLSnJjCvKGsCqgXDeAzrwn3N2XdoK4x6Px+0w5w@mail.gmail.com> <CABkgnnVcyFcd2MPUFKORkkyHpMDfALjAP34ByVJpLBEMSiZ=ZA@mail.gmail.com>
Date: Tue, 7 Jun 2016 22:15:12 -0700
Message-ID: <CABp8EuKAcA9Vx3RO997MY3-niAgaNf_MZ3xjDW+zFE=7Hb_rbQ@mail.gmail.com>
From: Benjamin Bangert <bbangert@mozilla.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/Pl_hPJSNvLDg5sztz346Tkn7uvA>
Cc: "webpush@ietf.org" <webpush@ietf.org>, Idel Pivnitskiy <idel.pivnitskiy@gmail.com>
Subject: Re: [Webpush] When UA should send an acknowledgement?
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2016 05:15:17 -0000

On Tue, Jun 7, 2016 at 9:36 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> On 8 June 2016 at 13:17, Benjamin Bangert <bbangert@mozilla.com> wrote:
>> For our implementation, we will actually never send more notifications
>> until all sent ones are ack'd. This means if a message is malformed or
>> causes a UA error in a UA that actually follows the DOM spec, it will
>> never get a notification again (except the notification it won't ack).
>
>
> This is fine, as long as you regard unacknowledged messages that you
> thought were delivered as poisonous after a certain amount of time (or
> retries, if you do that).  If you follow that advice, then progress
> will eventually be made.

This recommendation isn't in the WebPush spec. By mandating that the UA
MUST ack every message it's clear that failure to ack a message should
result in redelivery attempts.

If it's intended that a UA does not need to ack every message, the WebPush
spec should be updated to reflect that. I could see a PS reasonably
considering messages dead if other messages were ack'd or some other
command came over the connection such that the server knew that
the client is alive and likely processed it.

Automatically ack'ing a message in this manner for the PS has as many
problems if not more than requiring the UA to ack every message though.
It also introduces a lot of complexity into the PS and may result in very
long message delivery times should a UA get bogged down with many
improperly encrypted messages.

>
> I expect that Costin will agree with you, but we've discussed this in
> the past.  The problem here is that an acknowledgment from the user
> agent doesn't constitute a useful signal.  You have moved the problem
> to a second middle-man.  When the user agent acknowledges prior to
> processing the message, how will the application know that it was
> processed?  Can you guarantee that?  When the browser crashes, your
> message is still lost.

Why not change the DOM spec to indicate that if a message was
processed and failed for some reason it should still be ack'd?

If the same message consistently crashes the browser, I would expect
the browser to track that fact and avoid the message again in the future.

Clearly we have the choice of guaranteeing that a message will be
processed at-most-once, or at-least-once, since a crash immediately
after processing could stop the ack from making it back. If the desire
is at-most-once, then the UA should ack immediately upon receipt of
the message (or the PS can consider it ack'd if a PING frame is
returned after sending a message, etc.).

The Push DOM spec seems to favor the at-least-once model, in which
case it would be appropriate for the UA to always ack a message even
if it decrypts improperly, or the SW throws an exception, etc.

>
> The only way for this to be a good signal is to have the
> acknowledgment be end-to-end.
>
> (p.s., I don't know if your assertion is true or not.  I don't think
> that it matters.  I should know that code, but it's an absolute rats
> nest, despite Kit's recent efforts at cleanup.)

v2.8.7 | Report a Bug | By Email