IETF Logo Mail Archive

Re: [Webpush] Polling to adopt VAPID draft

Kit Cambridge <kcambridge@mozilla.com> Tue, 05 April 2016 13:44 UTC

Return-Path: <kcambridge@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB3812D966 for <webpush@ietfa.amsl.com>; Tue, 5 Apr 2016 06:44:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mozilla-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qukivDfwKns9 for <webpush@ietfa.amsl.com>; Tue, 5 Apr 2016 06:44:46 -0700 (PDT)
Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2541E12D1DF for <webpush@ietf.org>; Tue, 5 Apr 2016 06:44:46 -0700 (PDT)
Received: by mail-pa0-x229.google.com with SMTP id zm5so11109312pac.0 for <webpush@ietf.org>; Tue, 05 Apr 2016 06:44:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kq2D7Nwmx5UryNom4S8ocEhfYvdsnCChLuwzXg4Ez7w=; b=E57+hNThLxnq+Lvfcib4BklgJAwMS6B1XbwmOvoNOnbvsSAqyUgbgUj6MRF3PwISMx kT9OEGIr89YmO9+vXaeQ6Gdz3BbqgHlgVryWsQSZW+dMgXnsZpVHJfPy9wAT7jGLZHkG wAgFtfk201/G3GxtQSf+pjcYTiVaoQy4cveMc/KW2JcuSif+gTU9BUkIwroNDcsOqQzA HqOC8PuFJBG1A/UK7uvKYeuHU43VISmCT8Ix+zGJGeO6dNbWyYHFZEGZ+BPUzlpsThWP Mz6tH7YWaZuPRf/8tZrUn0TYuz6gPwtgVn3NBzgmvngurCOCfzxtffHSl+Ns8aM/5P43 DmUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kq2D7Nwmx5UryNom4S8ocEhfYvdsnCChLuwzXg4Ez7w=; b=UDbLua8DJcUgj63viuNec2sfxMyd6jeXOee/+JfqU+Ww0EiVOD1IUxAfY0nq8mi4Kk e1zBNRKUQzSfvKAjopJ3DBWr4VRFgT6gjy7poeFbcVYOUJimgcqOERl4FVIj+wbR0cJZ cVNRXdgUqDuArUAQaCNDWYn4dfWjU3Uzr3W7JmpPztzCSpotF+YFLwo+DLDFdcLo6Hy3 kyV37szVjQCJnoIJWVkKrM8VtNQ/eJSvLvLZfzgHLQterzeAtDLyjca8B15SlNJ5yKml qb6g/fEZhxzh903tbV9vzaPBUw8f8PuJhASAB6yF6c+rIzG/udsLLHDPsYAQlro0XCoh d/Wg==
X-Gm-Message-State: AD7BkJJwVykb61+lx9knimxXEk1sKn7jVDhc1J9Ljrm+kWEndrleNmQEoJegMr2Cv+OF8qQV
X-Received: by 10.66.55.39 with SMTP id o7mr61471277pap.13.1459863885659; Tue, 05 Apr 2016 06:44:45 -0700 (PDT)
Received: from [172.20.10.2] ([172.56.39.144]) by smtp.gmail.com with ESMTPSA id w27sm47178895pfa.67.2016.04.05.06.44.44 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 05 Apr 2016 06:44:45 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Kit Cambridge <kcambridge@mozilla.com>
In-Reply-To: <CABvL1xogUKmLdJgUtwq+-4qQhzn+2Hsq2JK3G-e5vsZKktXy6g@mail.gmail.com>
Date: Tue, 5 Apr 2016 06:44:41 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1516DDA-1660-4C63-AD3C-569150849467@mozilla.com>
References: <9EDD05BA-A6D3-4F37-8E65-19D573324966@ntt-at.com> <57031F98.3080300@mozilla.com> <CABvL1xogUKmLdJgUtwq+-4qQhzn+2Hsq2JK3G-e5vsZKktXy6g@mail.gmail.com>
To: Richard Maher <maherrj@googlemail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/_pfjwR0dtHvCpCHVdTgQTu7PHhQ>
Cc: jr conlin <jconlin@mozilla.com>, webpush@ietf.org
Subject: Re: [Webpush] Polling to adopt VAPID draft
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2016 13:44:50 -0000

Hey Richard,

(Responses inline).

On Apr 5, 2016, at 5:42 AM, Richard Maher <maherrj@googlemail.com> wrote:

> 
> Hi jr,
> 
> As a "service provider" what are YOU going to provide?

Our main concern is being able to contact senders. For example, if their server is misconfigured, or if we see unusually high traffic from a particular sender. Without any contact info, we could only resort to throttling or blacklisting. But this is voluntary, of course: as a sender, you're not required to use VAPID if you don't want to.

We'll also use this to provide a "developer dashboard," similar to GCM's stats. If you opt in, you'll be able to see how many messages were delivered, whether the recipient was online or offline, and whether there were delivery errors: bad crypto and uncaught exceptions in service workers, for example.

> So subscription.getKey() is now a mandatory method?

`subscription.getKey()` is only for encrypting push messages. Encryption has always been mandatory in Web Push, unless you'd like to send a data-free "ping" and have your app fetch the data it needs from your server.

VAPID is totally voluntary. The sender generates an ECDSA key pair and uses the private key to sign JWT tokens.

> Does Mozilla need to implement "xxx_sender_id" in the manifest?

I don't think so. The other part of VAPID is creating a "restricted subscription," which binds a subscription endpoint to your key. That way, if the endpoint is leaked, you’ll still need the key pair to send messages to it. You can see how the DOM API will work here: https://github.com/w3c/push-api/pull/187

Again, that's voluntary; you don't need to restrict subscriptions to use VAPID. You can still include a JWT token and only have your server identify. Or, you can not identify at all.

> Why is there no talk of TOPIC subscriptions? A server subscribing a client to a TOPIC is surely bullshit?

I don't follow this point. What do you mean by "a server subscribing a client to a TOPIC”?

Web Push uses "topic" to refer to collapsing multiple messages, like GCM's `collapse_key`...but there's no way for a server to make a client subscribe. Could you please elaborate?

> Can't these standards proposals ever talk about implementations? Who wins? Google, Mozilla, Someone else?

How do you mean? Would you like these proposals to include examples, or links to implementations?

Cheers,
- kit

> 
> Cheers Richard Maher (I liked Dallas)
> 
> 
> ---------- Forwarded message ----------
> From: jr conlin <jconlin@mozilla.com>
> Date: Tue, Apr 5, 2016 at 10:14 AM
> Subject: Re: [Webpush] Polling to adopt VAPID draft
> To: webpush@ietf.org
> 
> 
> As a service provider, I express my strong support for the VAPID specification. 
> 
> On 04/04/2016 03:18 PM, Shida Schubert wrote:
>> 
>> All;
>> 
>> As I mentioned at the meeting today, I am polling the list for adopting VAPID draft as a WG item for a milestone “voluntary application identification mechanism for web push draft to IESG as Proposed Standard”. 
>> 
>> https://tools.ietf.org/id/draft-thomson-webpush-vapid-02.txt
>> 
>> If you have concern or objections with this, please express your opinion(s) by responding to this e-mail. 
>> 
>> If you like the draft, see value and you like to see it adopted, please express that as well by responding to this e-mail.
>> *Even if you have expressed your interest previously in the room or on the list, please express your support again. 
>> 
>> If you are confused with this e-mail, please let me know :)  
>> 
>> Thanks! 
>> Shida as co-chair
>> 
>> 
>> 
>> _______________________________________________
>> Webpush mailing list
>> 
>> Webpush@ietf.org
>> https://www.ietf.org/mailman/listinfo/webpush
> 
> 
> _______________________________________________
> Webpush mailing list
> Webpush@ietf.org
> https://www.ietf.org/mailman/listinfo/webpush
> 
> 
> _______________________________________________
> Webpush mailing list
> Webpush@ietf.org
> https://www.ietf.org/mailman/listinfo/webpush

v2.8.7 | Report a Bug | By Email