Re: [Webpush] Comments on draft-thomson-webpush-encryption
Martin Thomson <martin.thomson@gmail.com> Fri, 16 October 2015 18:36 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB2D1AC444 for <webpush@ietfa.amsl.com>; Fri, 16 Oct 2015 11:36:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxN54XSdlwSw for <webpush@ietfa.amsl.com>; Fri, 16 Oct 2015 11:36:26 -0700 (PDT)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39E841AC44A for <webpush@ietf.org>; Fri, 16 Oct 2015 11:36:25 -0700 (PDT)
Received: by ykfy204 with SMTP id y204so93119716ykf.1 for <webpush@ietf.org>; Fri, 16 Oct 2015 11:36:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xPqWVXFPDD2dEIdQbLlYAuHj1wOchHwFUBq4aF4AwDA=; b=MzhNRNd9YyeBwOxIK5eZrBlF5QS6tPVf9ebE26mMMOLEmgWyjAmR7PwdKDIbyUUCjx +N3MABVT07tlb0/0pLgidQjUfHh6Dwp9xqxCbzz+MycVdEy6hnpgIGmo+WpuwCx8YLea 4QjYEeKjccFBqmgwS5zd/UJOCjAkhyMoGxm3vbPipfjeyZfRYRv/G23buNT+j8WPOjoY /CI/KPzFfu3rDDLyDfJdk4V2IcBAox/f2L0Asd4GAh23Wh1TaabFLWzaBZzHJOs6PdAI 6+LGj9Etxekjy8wsoQq3gjHH9fdmm835pdY3yUAKJCOBq5k4N8WKC2I1SjvfPpPAb42W m97A==
MIME-Version: 1.0
X-Received: by 10.129.132.80 with SMTP id u77mr11346935ywf.187.1445020584434; Fri, 16 Oct 2015 11:36:24 -0700 (PDT)
Received: by 10.13.230.78 with HTTP; Fri, 16 Oct 2015 11:36:24 -0700 (PDT)
In-Reply-To: <CALt3x6mvOu_B8AS4LnjDkSEsiKzLuiMbdr_jhesF7kdUqYnbvA@mail.gmail.com>
References: <CALt3x6mvOu_B8AS4LnjDkSEsiKzLuiMbdr_jhesF7kdUqYnbvA@mail.gmail.com>
Date: Fri, 16 Oct 2015 11:36:24 -0700
Message-ID: <CABkgnnWUQUOMe7SXoAiZaRwtntcGCrG-TmZqpMQ_jQr_AThC+A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Peter Beverloo <beverloo@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/YA6awM3MJlNFhaIw58Q-pIOFiHU>
Cc: "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Comments on draft-thomson-webpush-encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 18:36:28 -0000
Thanks for the feedback Peter, I think that I agree with most of this, though we should discuss the header split thing a little more. More inline. On 16 October 2015 at 07:35, Peter Beverloo <beverloo@google.com> wrote: > Would it be reasonable to require a single value of "aes128gcm"? I will make that stipulation. (I believe that we assume the value to be set to exactly this, rather than checking that it is, which is probably non-compliant, but it might allow a push service to save some space...) > (2) Separation of the Encryption and Encryption-Key headers. > > Given that thomson-webpush-encryption mandates use of a single encryption > record, an implementation only _needs_ the "salt" parameter from the > Encryption header, and the "dh" parameter from the Encryption-Key header. > The "rs" header can be implied, but could still be used to validate the > single-record requirement. Yeah, this comes down to the generality problem. I think that the split is still useful unfortunately, which isn't ideal (but HTTP/2 allows us to avoid the cost). I've got more on this below, I think that there's a tweak that can eliminate the worst of the cost. > (2a) Ambiguity about the meaning of the "keyid" parameter. > > Under what circumstances would the subscription id for which a message is > received not be sufficient for selecting the keys, i.e. when would there > be multiple key pairs per subscription? > > Is this an artifact of having the required data spread over two headers > that both allow comma-separated lists, to match a "salt" with a "dh"? In this context, it's used to correlate entries between Encryption and Encryption-Key. That's not great. Here's what I propose adding: An application server MUST include exactly one entry in each of the Encryption and Encryption-Key header fields. This allows the `keyid` parameter to be omitted from both header fields. > (2b) Disallowing use of explicit keys (for now). Yup, definitely (probably don't want to ever support that...)
- [Webpush] Comments on draft-thomson-webpush-encry… Peter Beverloo
- Re: [Webpush] Comments on draft-thomson-webpush-e… Martin Thomson
- Re: [Webpush] Comments on draft-thomson-webpush-e… Peter Beverloo
- Re: [Webpush] Comments on draft-thomson-webpush-e… Martin Thomson