Re: [Webpush] Major change to encryption
Costin Manolache <costin@gmail.com> Mon, 31 October 2016 21:40 UTC
Return-Path: <costin@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 47952129B36
for <webpush@ietfa.amsl.com>; Mon, 31 Oct 2016 14:40:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PTbg58gkqB9G for <webpush@ietfa.amsl.com>;
Mon, 31 Oct 2016 14:40:50 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com
[IPv6:2607:f8b0:4003:c06::235])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 169991299BC
for <webpush@ietf.org>; Mon, 31 Oct 2016 14:40:50 -0700 (PDT)
Received: by mail-oi0-x235.google.com with SMTP id i127so251566288oia.2
for <webpush@ietf.org>; Mon, 31 Oct 2016 14:40:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=0JpmNHQ4vaeRy53ktMgos1Qw9wiD/YVzfe71ptroyF8=;
b=VdKVUZnhZ++4+2/QIObc3tBRkliZ3w8tZZj4UM/ipRTY+VibGIR312btc8d4msp3zv
lHtZjKrlBAUFUHw/dhkIwZzKtFBroUXiQOj4iEoatb5a63G7kJdZS/xn5+FmgoS47GWH
W/WhQYc3S1LOEznNPL8T8IDPiEFsUIKEfVArFVbQ3cAJZjhkjhIq4poKdNWwLgR2rCmg
caL9a9p/pFMLcqdpaYke5ghlsJGPTyGn2sqAiXqcN2jx3bvfqRdr8QEZeeD1fyRWheBH
CzBQpO+eVpLoyFWnZ5zG1N31ToL3+2M9msJFjQ4qTRGhsBXaFxk6exXHbML9eA0WfJJ7
qNmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=0JpmNHQ4vaeRy53ktMgos1Qw9wiD/YVzfe71ptroyF8=;
b=NK3fHNmB2CCzh9rhiS7Y5teaMtSh/ImwsoqiJ0Gj3NUQuJTGJWTl7tOxOmM9W0tajr
OxOUW6vVl9Q+fBdf5XHSg4i2rfUw9Zty/IpFLHzoSTh2+OvwIuAPQqrfPgDIPy+OHKgp
3GkaVdzeOC+/UGtmMDqrR2OxQycUCWFMQtsB324duOFguCURaZcBuvyYa0KnZgdz4baj
Bape7pbRQ55hfdaiRexyhfWO6SPaDx6xtzKUiHpYPamhJsjf3voRNZk3ymdu3dec9aVY
bpyuV8LGGTg/kCTadWkbglUoIdWek5FJp4ffjHj0cqmAxJyojnp6sCJHwf+n9sWWHvM8
a1dw==
X-Gm-Message-State: ABUngve79jso7e3y6iRQ5zeL4u1hHES+5UByAPiGl1j61pkReNfL4hWGY4u3Q1AiIaB4QMhOIXbw+XRyxSiFOA==
X-Received: by 10.107.28.136 with SMTP id c130mr21402053ioc.195.1477950047216;
Mon, 31 Oct 2016 14:40:47 -0700 (PDT)
MIME-Version: 1.0
References: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com>
In-Reply-To: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com>
From: Costin Manolache <costin@gmail.com>
Date: Mon, 31 Oct 2016 21:40:36 +0000
Message-ID: <CAP8-Fqme1Ft7nekE3=9O-7MSEO6F=nVSUf2DCVYFsMMs4TWQ0w@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>,
"webpush@ietf.org" <webpush@ietf.org>
Content-Type: multipart/alternative; boundary=001a113fdec68f69c50540300ff5
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/UKXhOEjnV25xziwOGwnFS-xy2dc>
Subject: Re: [Webpush] Major change to encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 21:40:53 -0000
I'm not suggesting removing the Crypto-Key as optimization - but for consistency. If we send the salt and the keyid in the binary payload, we should also include the dh key. In particular, it makes it much easier to send webpush binary messages with alternate transports - like Websocket or WiSH (https://tools.ietf.org/html/ draft-yoshino-wish-00 <https://tools.ietf.org/html/draft-yoshino-wish-00>) if push promises are not available. Technically having headers or binary prefix is equivalent for single message with push promises, or for the send API. But if the message has to be layered on a different transport - it gets tricky, with more complexity and chances of bugs. Costin On Mon, Oct 31, 2016 at 3:38 AM Martin Thomson <martin.thomson@gmail.com> wrote: Discussion in the HTTP working group has lead to some fairly substantial changes to the spec that we rely on. These are breaking changes. See the changes here: https://github.com/httpwg/http-extensions/pull/252 In short, several of the parameters that were in header fields are now in the body of the message and the Encryption header field is now gone. This completely messes with the use of that spec in Webpush. It's easy to detect which version is in use because the identifier has changed, and there are small gains to be had. The overall message size is now slightly smaller, and the key derivation is now slightly simpler. The specs also have fewer interdependencies as a result. I've put together a revision of the webpush-encryption draft. I've taken this opportunity to simplify things a little. You can see a preview in the editor's draft: https://webpush-wg.github.io/webpush-encryption/ I realize that this is a fairly big (and late) change. I remain optimistic that it will be the last. Feedback on the changes are positive so far [1]. I plan to submit this doc very soon, ahead of the draft submission deadline. I realize that's short notice, but I'm fully prepared to back out this change if necessary. --Martin [1] Costin suggested that we might also remove Crypto-Key. That is technically possible, though it's probably excessively kludgy, the DH key could be moved to the keyid field. I'm leery of that sort of optimization, but I'm willing to be convinced that this is a special enough case (I don't think that it is that special, but have at it). _______________________________________________ Webpush mailing list Webpush@ietf.org https://www.ietf.org/mailman/listinfo/webpush
- [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption jr conlin
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption jr conlin
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Peter Beverloo
- Re: [Webpush] Major change to encryption Peter Beverloo
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption jr conlin
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption JR Conlin
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Martin Thomson