[Webpush] Kathleen Moriarty's No Objection on draft-ietf-webpush-vapid-03: (with COMMENT)
Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> Tue, 15 August 2017 18:50 UTC
Return-Path: <Kathleen.Moriarty.ietf@gmail.com>
X-Original-To: webpush@ietf.org
Delivered-To: webpush@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 460A5132256; Tue, 15 Aug 2017 11:50:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-webpush-vapid@ietf.org, Phil Sorber <sorber@apache.org>, webpush-chairs@ietf.org, sorber@apache.org, webpush@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.58.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150282302424.20984.16954614287039839165.idtracker@ietfa.amsl.com>
Date: Tue, 15 Aug 2017 11:50:24 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/T6B6K_fcC0-Dban_8gKjfo0VcVw>
Subject: [Webpush] Kathleen Moriarty's No Objection on draft-ietf-webpush-vapid-03: (with COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 18:50:24 -0000
Kathleen Moriarty has entered the following ballot position for draft-ietf-webpush-vapid-03: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-webpush-vapid/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for your work on this draft. In section 3, it seems that you are just signing the JWK and that seems fine from the text and the purpose listed - origin server authentication. Then in section 3.2, there's a reference to I-D.ietf-webpush-encryption saying, "An application server MUST select a different private key for the key exchange". This makes me think that encryption is used as well, but I think it would be helpful to see the point made more clear here or in the security considerations section. Is confidentiality provided/required or just integrity for this draft?
- [Webpush] Kathleen Moriarty's No Objection on dra… Kathleen Moriarty
- Re: [Webpush] Kathleen Moriarty's No Objection on… Martin Thomson
- Re: [Webpush] Kathleen Moriarty's No Objection on… Kathleen Moriarty
- Re: [Webpush] Kathleen Moriarty's No Objection on… Martin Thomson