IETF Logo Mail Archive

Re: [Webpush] Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 20 October 2016 11:54 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D9271298CC; Thu, 20 Oct 2016 04:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.732
X-Spam-Level:
X-Spam-Status: No, score=-4.732 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4kcKkrR4ZdYi; Thu, 20 Oct 2016 04:54:07 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89527127ABE; Thu, 20 Oct 2016 04:54:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 00227BE56; Thu, 20 Oct 2016 12:54:04 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mj594XiXcV81; Thu, 20 Oct 2016 12:54:03 +0100 (IST)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 00C48BE51; Thu, 20 Oct 2016 12:54:02 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1476964443; bh=g3sZ6YK4sHQggnEV7rARsJxVksQZIKnavsAMRyp0gNE=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=S9JJJENiHn7BECkjYlx4RNib0wchZZe0MECCsi+Inh1Yc8f/si0z4A3zcJlvNmRsz WgzfVs9WIS2I1lfiKhirCUqFj49Q9Rq1eZI7RwBMZN1NCaqzsNlPfEJN6Di+sffAo5 7M9QDrzXkxS5X6zl2Euo4PtED+PdTx5c04jGLzRQ=
To: Brian Raymor <Brian.Raymor@microsoft.com>, Martin Thomson <martin.thomson@gmail.com>
References: <CY1PR03MB238089D350CD6A78DB9E80BE83DF0@CY1PR03MB2380.namprd03.prod.outlook.com> <5816348f-015a-beca-a5e6-3883fff02aab@cs.tcd.ie> <CY1PR03MB2380AE2A057528E2B17FA0B083DF0@CY1PR03MB2380.namprd03.prod.outlook.com> <CY1PR03MB2380D52D2AA9CC7D60EA5FA883D00@CY1PR03MB2380.namprd03.prod.outlook.com> <77e09f1f-04de-7819-92ea-9e4609cd853d@cs.tcd.ie> <CABkgnnUXDpd_raGe1ugJEM8aeR4=oh-fqT-raWe2+6ZAMd5uVQ@mail.gmail.com> <56cca9c2-22a7-10bf-6d3a-cde3b82db9dc@cs.tcd.ie> <CY1PR03MB23804C47292E6C6D6EDF04FA83D30@CY1PR03MB2380.namprd03.prod.outlook.com> <6fdc9c7d-e517-b142-45d6-9164d4a63053@cs.tcd.ie> <CY1PR03MB2380E5EFE3B1E2581AA1930483D30@CY1PR03MB2380.namprd03.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <821c63dd-e8cf-b6d5-8d4a-dfa2f4428aee@cs.tcd.ie>
Date: Thu, 20 Oct 2016 12:54:03 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CY1PR03MB2380E5EFE3B1E2581AA1930483D30@CY1PR03MB2380.namprd03.prod.outlook.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010809020603050306000506"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/bYlg19BNvjxdVnfxZu1fzsXtAKs>
Cc: "draft-ietf-webpush-protocol@ietf.org" <draft-ietf-webpush-protocol@ietf.org>, Shida Schubert <shida@ntt-at.com>, "webpush-chairs@ietf.org" <webpush-chairs@ietf.org>, The IESG <iesg@ietf.org>, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2016 11:54:09 -0000

Hiya,

On 19/10/16 00:21, Brian Raymor wrote:
>  SOP is very browser-specific and
> there’s already a solution in this case. 

That's a fair point.

While I don't agree that being silent here is right,
that's not a good enough reason to continue to block
this. (*)

So I'll clear now.

Thanks for the discussion,
Cheers,
S.

(*) I assume you do not want to add something, but
if you did, then my suggestion would be along the
lines of "Applications using this push mechanism
are likely to need additional security mechanisms
to produce an overall useful system, e.g. when the
UA is a browser, then the SOP needs to be enforced,
which can be achieved via [refs]. Other applications
using this mechanism may require similar kinds of
higher level security mechanism over and above
what is defined here."

v2.23.0 | Report a Bug | By Email