Re: [Webpush] Opsdir last call review of draft-ietf-webpush-vapid-03

Carsten Bormann <cabo@tzi.org> Tue, 04 July 2017 00:20 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8320612F28E; Mon, 3 Jul 2017 17:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqMgph1vKhhs; Mon, 3 Jul 2017 17:20:30 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACFE1317AE; Mon, 3 Jul 2017 17:20:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id v640KPVk002870; Tue, 4 Jul 2017 02:20:25 +0200 (CEST)
Received: from [192.168.217.124] (p5DC7F3A7.dip0.t-ipconnect.de [93.199.243.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3x1l5P1TRGz3ZH7; Tue, 4 Jul 2017 02:20:25 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CABkgnnUXMiMYYvmT2tV3=V_J3JGc2Cqvyo0R30nY27vL52t7eA@mail.gmail.com>
Date: Tue, 4 Jul 2017 02:20:23 +0200
Cc: Adam Roach <adam@nostrum.com>, Stefan Winter <stefan.winter@restena.lu>, "ops-dir@ietf.org" <ops-dir@ietf.org>, draft-ietf-webpush-vapid.all@ietf.org, "ietf@ietf.org" <ietf@ietf.org>, "webpush@ietf.org" <webpush@ietf.org>
X-Mao-Original-Outgoing-Id: 520820422.828225-aaad11f0fde59b23389472456d56b79e
Content-Transfer-Encoding: quoted-printable
Message-Id: <93C3F14F-A6B9-4682-9173-7BE10D1A8EA2@tzi.org>
References: <149909744835.22804.5791695515985213782@ietfa.amsl.com> <bb3631d2-f5b5-d6b0-958f-ac9c10aaddec@nostrum.com> <CABkgnnUXMiMYYvmT2tV3=V_J3JGc2Cqvyo0R30nY27vL52t7eA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/RF3PVSilfZVUoUXnXvtGAsgBRRo>
Subject: Re: [Webpush] Opsdir last call review of draft-ietf-webpush-vapid-03
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 00:20:35 -0000

base64 classic seems to need padding and reacts differently on different versions when that is missing.

(I’d like to meet someone who can explain what they were thinking when they invented padding.)

Grüße, Carsten


> On Jul 4, 2017, at 02:14, Martin Thomson <martin.thomson@gmail.com>; wrote:
> 
> On 4 July 2017 at 03:31, Adam Roach <adam@nostrum.com>; wrote:
>> # echo
>> eyJhdWQiOiJodHRwczovL3B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1haWx0bzpwdXNoQGV4YW1wbGUuY29tIn0
>> | base64 --decode
>> 
>> {"aud":"https://push.example.net","exp":1453523768,"sub":"mailto:push@example.com
> 
> I get this:
> 
> $ echo eyJhdWQiOiJodHRwczovL3B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1haWx0bzpwdXNoQGV4YW1wbGUuY29tIn0
> | base64 --decode
> {"aud":"https://push.example.net","exp":1453523768,"sub":"mailto:push@example.com"}base64:
> invalid input
> 
> Which fills me with confidence in the base64 tool.  You'll note that
> the trailing quote and curly brace are present here, but there is an
> inexplicable error that adding the -i option doesn't remove.
> 
> I built this using my own implementation and verified it, but you will
> see that this works too:
> 
> $ npm install base64url;node -e
> 'console.log(require("base64url").decode("eyJhdWQiOiJodHRwczovL3B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1haWx0bzpwdXNoQGV4YW1wbGUuY29tIn0"))'
> {"aud":"https://push.example.net","exp":1453523768,"sub":"mailto:push@example.com"}
> 
> (note that running this leaves a node_modules lying around).
> 
> https://www.base64decode.org/ also agrees.
> 
>