IETF Logo Mail Archive

[Webpush] Major change to encryption

Martin Thomson <martin.thomson@gmail.com> Mon, 31 October 2016 10:38 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EF5B129505 for <webpush@ietfa.amsl.com>; Mon, 31 Oct 2016 03:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 42Y_Mb2pBuJq for <webpush@ietfa.amsl.com>; Mon, 31 Oct 2016 03:38:21 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5B161294D4 for <webpush@ietf.org>; Mon, 31 Oct 2016 03:38:20 -0700 (PDT)
Received: by mail-qk0-x22c.google.com with SMTP id z190so155785416qkc.2 for <webpush@ietf.org>; Mon, 31 Oct 2016 03:38:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=wSMcCo7kVt2zSyr3wPqbiNxyFkII2IYj3uyN8Qa70Sc=; b=RBlB0q+rs21NYWujrl2ibhGQvTr79uQCLkWhzjk3IDwiJLmJKW1wU+b39wjsXx+SaB YB0oLtteSK6cQfGb+K9klMLW6wH/cb1gqmbvaFr0F5L6uM8Q8+AJ+cpKPSKv/mVybuXU 3sKb6f/he0bc4Xp7zviavJEXOxGqeArRaKCr9v3pcCgt/QWQX6dFXYsuAVm8YD2mtVhb aIZshGsFOf/3LZPmvb9yYmoZ6So5zEyCQYwxwubSSy1hlL6/YPdqTGFLjDSx35rOz64e RjIjbtoiV3Qx2F2fAZrXm3WdcCMryFliI3+eg6rqmMCggIp2aAnSJCU0XclzRH6hwFBP 19fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wSMcCo7kVt2zSyr3wPqbiNxyFkII2IYj3uyN8Qa70Sc=; b=f5dTTcbvoQnk4bF0EU4RclqsMBQqERw7oGR3ZtehfDYM/G2Ubb5FF52jRAtVQ3OwGi wRHaTJRPmcvU8DbmW3hRyOcZOHHiR0nLeCEfE9nQqnYrhfawSFxhYJPyDEKHWYmawSF3 uQvxeRXGbE4NAqms85gB0H8i9rC674md1fLeUVPD3EN//LUgngXZBe05eR6gBfRqVu9D WCeukMossMBLp9BjRbRWJO6nXOz7lnfHRH/DF1WJufJVXQxBCACK9GrhwNeD2pXHoj8T FzqVk3I3GBoqZRwT2pKZzrYpAcM8hvlsQ9n07EP1C5wz6WI/rfFdbCWxhyeK7k9MZBzN nzPA==
X-Gm-Message-State: ABUngvcFYKd9R8TYxXgcms2/VHyvZzAE+bKdcRLA3EgFzqY0QuU7IhqGPITFQZdCw9G5YiS1ADj9BwuHQFLDWw==
X-Received: by 10.55.74.1 with SMTP id x1mr17919223qka.316.1477910299705; Mon, 31 Oct 2016 03:38:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Mon, 31 Oct 2016 03:38:19 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 31 Oct 2016 21:38:19 +1100
Message-ID: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com>
To: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/aLfZBx6wZRKMZ7X2AG_t1X2TlIE>
Subject: [Webpush] Major change to encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 10:38:22 -0000

Discussion in the HTTP working group has lead to some fairly
substantial changes to the spec that we rely on.  These are breaking
changes.  See the changes here:
https://github.com/httpwg/http-extensions/pull/252

In short, several of the parameters that were in header fields are now
in the body of the message and the Encryption header field is now
gone.

This completely messes with the use of that spec in Webpush.  It's
easy to detect which version is in use because the identifier has
changed, and there are small gains to be had.  The overall message
size is now slightly smaller, and the key derivation is now slightly
simpler.  The specs also have fewer interdependencies as a result.

I've put together a revision of the webpush-encryption draft.  I've
taken this opportunity to simplify things a little.  You can see a
preview in the editor's draft:

  https://webpush-wg.github.io/webpush-encryption/

I realize that this is a fairly big (and late) change.  I remain
optimistic that it will be the last. Feedback on the changes are
positive so far [1].

I plan to submit this doc very soon, ahead of the draft submission
deadline.  I realize that's short notice, but I'm fully prepared to
back out this change if necessary.

--Martin

[1] Costin suggested that we might also remove Crypto-Key.  That is
technically possible, though it's probably excessively kludgy, the DH
key could be moved to the keyid field.  I'm leery of that sort of
optimization, but I'm willing to be convinced that this is a special
enough case (I don't think that it is that special, but have at it).

v2.8.7 | Report a Bug | By Email