Re: [Webpush] Opsdir last call review of draft-ietf-webpush-vapid-03

Adam Roach <adam@nostrum.com> Mon, 03 July 2017 17:31 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF9DF129B77; Mon, 3 Jul 2017 10:31:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_XdMFONWs4P; Mon, 3 Jul 2017 10:31:41 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D2CA1316EA; Mon, 3 Jul 2017 10:31:23 -0700 (PDT)
Received: from Orochi.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v63HVKjS097633 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 3 Jul 2017 12:31:21 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Orochi.local
To: Stefan Winter <stefan.winter@restena.lu>, ops-dir@ietf.org
Cc: webpush@ietf.org, ietf@ietf.org, draft-ietf-webpush-vapid.all@ietf.org
References: <149909744835.22804.5791695515985213782@ietfa.amsl.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <bb3631d2-f5b5-d6b0-958f-ac9c10aaddec@nostrum.com>
Date: Mon, 3 Jul 2017 12:31:15 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <149909744835.22804.5791695515985213782@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/YHyuw4oHaJYmkX3yFRYxMb3ip24>
Subject: Re: [Webpush] Opsdir last call review of draft-ietf-webpush-vapid-03
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 17:31:47 -0000

On 7/3/17 10:57, Stefan Winter wrote:
> The example in 2.4 does not appear to be correct. I cannot decode "t":
>
>> base64 --decode
> eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL3B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1haWx0bzpwdXNoQGV4YW1wbGUuY29tIn0.i3CYb7t4xfxCDquptFOepC9GAu_HLGkMlMuCGSK2rpiUfnK9ojFwDXb1JrErtmysazNjjvW2L9OkSSHzvoD1oA
> {"typ":"JWT","alg":"ES256"}base64: ungültige Eingabe
>
>

I'll let the authors respond to your other points; but, as this is 
simply a mechanical issue, I'll try to clarify the intended syntax (NOTE 
TO AUTHORS: THERE IS STILL AN ERROR THAT NEEDS FIXING).

"t" contains a JWT, which consists of three separate base64 encoded 
fields, delimited by a "." character: a header, a body, and a signature. 
The signature, naturally, does not render as something readable when 
decoded. Thus:

# echo eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9 | base64 --decode

{"typ":"JWT","alg":"ES256"}


# echo 
eyJhdWQiOiJodHRwczovL3B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1haWx0bzpwdXNoQGV4YW1wbGUuY29tIn0 
| base64 --decode

{"aud":"https://push.example.net","exp":1453523768,"sub":"mailto:push@example.com


# echo 
i3CYb7t4xfxCDquptFOepC9GAu_HLGkMlMuCGSK2rpiUfnK9ojFwDXb1JrErtmysazNjjvW2L9OkSSHzvoD1oA 
| base64 --decode | od -tx1

0000000    8b  70  98  6f  bb  78  c5  fc  42  0e  ab  a9  b4 53  9e  a4
0000020    2f  46  02  ef  c7  2c  69  0c  94  cb  82  19  22  b6 ae  98
0000040    94  7e  72  bd  a2  31  70  0d  76  f5  26  b1  2b  b6 6c  ac
0000060    6b  33  63  8e  f5  b6  2f  d3  a4  49  21  f3  be  80 f5
0000077

So, there is an error, inasmuch as the body is missing a closing 
quotation mark and a closing brace; but the base64 encoding is otherwise 
okay.

/a