Re: [Webpush] Alexey Melnikov's Discuss on draft-ietf-webpush-vapid-03: (with DISCUSS and COMMENT)

Phil Sorber <sorber@apache.org> Mon, 14 August 2017 21:40 UTC

Return-Path: <sorber@apache.org>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B70CB132441 for <webpush@ietfa.amsl.com>; Mon, 14 Aug 2017 14:40:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.42
X-Spam-Level:
X-Spam-Status: No, score=-6.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZAvwE4eX6jI for <webpush@ietfa.amsl.com>; Mon, 14 Aug 2017 14:40:53 -0700 (PDT)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by ietfa.amsl.com (Postfix) with SMTP id A7ED813243B for <webpush@ietf.org>; Mon, 14 Aug 2017 14:40:53 -0700 (PDT)
Received: (qmail 23307 invoked by uid 99); 14 Aug 2017 21:40:53 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Aug 2017 21:40:53 +0000
Received: from mail-qk0-f173.google.com (mail-qk0-f173.google.com [209.85.220.173]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 1FA311A0019; Mon, 14 Aug 2017 21:40:53 +0000 (UTC)
Received: by mail-qk0-f173.google.com with SMTP id u139so57425476qka.1; Mon, 14 Aug 2017 14:40:53 -0700 (PDT)
X-Gm-Message-State: AHYfb5gRo52K18ItxW8F3qrtUONIOAOZj5gdhTBR52PVnTFPd6DYsJG6 0bfUOkaQ9569K7aHE/jcsfEPoxRy+A==
X-Received: by 10.233.232.72 with SMTP id a69mr31066700qkg.330.1502746851709; Mon, 14 Aug 2017 14:40:51 -0700 (PDT)
MIME-Version: 1.0
References: <150161732457.12184.5254423236791059887.idtracker@ietfa.amsl.com> <CABkgnnXNAtcJcEQ9pJx=Pi_nOBX6THFQOuoLZLJa0NmKPezk6w@mail.gmail.com>
In-Reply-To: <CABkgnnXNAtcJcEQ9pJx=Pi_nOBX6THFQOuoLZLJa0NmKPezk6w@mail.gmail.com>
From: Phil Sorber <sorber@apache.org>
Date: Mon, 14 Aug 2017 21:40:41 +0000
X-Gmail-Original-Message-ID: <CABF6JR2NqVbF=p5hbaNKfkD39diP2hQnWPrO9i2F_AbBZYHc0A@mail.gmail.com>
Message-ID: <CABF6JR2NqVbF=p5hbaNKfkD39diP2hQnWPrO9i2F_AbBZYHc0A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>, Alexey Melnikov <aamelnikov@fastmail.fm>, Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-webpush-vapid <draft-ietf-webpush-vapid@ietf.org>, webpush-chairs@ietf.org, "webpush@ietf.org" <webpush@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0353b84899a40556bd842e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/R6a_RvAKnLr6o7Iqfed8l0d52Ic>
Subject: Re: [Webpush] Alexey Melnikov's Discuss on draft-ietf-webpush-vapid-03: (with DISCUSS and COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 21:40:56 -0000

Alexey,

It appears that two of the three issues were addressed with changes to the
spec. Do you find those changes as well as Martin's explanation of the
third point satisfactory? If not, is there some more concrete changes that
you would like to see?

Thanks.

On Tue, Aug 1, 2017 at 6:14 PM Martin Thomson <martin.thomson@gmail.com>;
wrote:

> On 2 August 2017 at 05:55, Alexey Melnikov <aamelnikov@fastmail.fm>; wrote:
> > Firstly, "optjons" above should be "options". Secondly, the MIME type
> > registration of application/webpush-options+json says that the MIME type
> has no
> > parameters, yet you use charset above. So which is it?
>
> As Phil notes, the first was corrected already, the second is in
> c867529 on GitHub.  I'll push a new version at Adam's instruction.
>
> > In Section 3, 3rd para:
> >
> >    This authentication scheme does not require a challenge.  Clients are
> >    able to generate the Authorization header field without any
> >    additional information from a server.  Therefore, a challenge for
> >    this authentication scheme MUST NOT be sent in a WWW-Authenticate
> >    header field.
> >
> > Does this mean that there is no way to discover whether a particular
> server
> > supports "vapid" HTTP authentication scheme?
>
> Not directly.  There was a plan to expose this via the User Agent, but
> we didn't reach a conclusion: https://github.com/w3c/push-api/pull/262
>
> Another document could override this as well, I suppose.  The "MUST
> NOT" exists primarily because we don't define a challenge.
>