Re: [Webpush] AD Review of draft-ietf-webpush-vapid

Adam Roach <adam@nostrum.com> Fri, 16 June 2017 14:36 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87ECA13182D; Fri, 16 Jun 2017 07:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TYreXBxdP0Tt; Fri, 16 Jun 2017 07:36:21 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B5A124D85; Fri, 16 Jun 2017 07:35:28 -0700 (PDT)
Received: from Orochi.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v5GEZO28041445 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 16 Jun 2017 09:35:25 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Orochi.local
To: Martin Thomson <martin.thomson@gmail.com>
Cc: draft-ietf-webpush-vapid.all@ietf.org, "webpush@ietf.org" <webpush@ietf.org>
References: <47693535-bfde-d2b3-4db5-98ffa05da2ad@nostrum.com> <CABkgnnVQOnhnt7hLFX79ViZqB0W_Kgt7CtRFsvnWFdwRi6CCYA@mail.gmail.com> <f7eca8e2-513e-b5ea-30b3-5b961491b3ee@nostrum.com> <CABkgnnWZXD30Bm72OGufmmpHbAAS84GLHN7y287PKusSPPsewA@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <939cd910-e106-30c9-8504-ed95fcee6ba1@nostrum.com>
Date: Fri, 16 Jun 2017 09:35:19 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <CABkgnnWZXD30Bm72OGufmmpHbAAS84GLHN7y287PKusSPPsewA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/eAWCW-MgE3S-rjCJbUspBhS29-w>
Subject: Re: [Webpush] AD Review of draft-ietf-webpush-vapid
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2017 14:36:23 -0000

These all look like good changes. Drop a new version of the document, 
and I'll push it forward.

Thanks!

/a


On 6/15/17 21:41, Martin Thomson wrote:
> On 15 June 2017 at 10:09, Adam Roach <adam@nostrum.com>; wrote:
>>> As you say, an application server doesn't really have any way of
>>> determining that the push service supports a given algorithm.  That
>>> means we need to be very careful about how we signal these things.
>>> Using the authentication scheme (in this document, "vapid") as the
>>> extension point means that we can use the existing mechanisms in HTTP
>>> to signal which scheme is supported if it ever comes to the point
>>> where we want to or are forced to deploy a new algorithm.
>> Sure. Can the document say this?
> https://github.com/webpush-wg/webpush-vapid/pull/35
>
>
>>> We also have the option of replicating the supportedContentEncodings
>>> parameter of PushManager in the API
>>> (https://w3c.github.io/push-api/#pushmanager-interface) so that
>>> applications might avoid that round trip.
>>
>> ...and that's much better (presuming you intend to *add* something rather
>> than shoehorning signature algorithms into a list intended for encryption
>> algorithms). Is there anything we can do now to lay the groundwork for that?
> https://github.com/w3c/push-api/pull/262
>
> That's not this document, but it closes the loop.
>
>> Is the application server identification mechanism described in this
>> document intended to *ever* be useful WITHOUT using the Subscription
>> Restriction mechanism described in section 4?
> The document addresses two use cases: subscription restriction and
> self-identification.  The former most certainly relies on the
> signature.  The latter is almost served by having the JWT payload in
> the request, but we did agree that key continuity is an part of that
> use case.  That means that the push service relies on the signature
> for establishing continuity of identity.  It's hard to build up a
> reputation as an upstanding application server when anyone can
> trivially pretend that they are you.
>
> Those two use cases are intended to be exhaustive.
>
> For the reputation part, I believe that it is acceptable for key
> rotation to result in loss of reputation, but it's probably worth
> making an explicit note of the consequences:
>
> https://github.com/webpush-wg/webpush-vapid/pull/36
>
>> I don't care about the name, and what you propose is a fine shade for this
>> shed. It would be worth noting that future documents may add more fields to
>> the schema, and that they will do so by updating this document (along with
>> the requisite "ignore fields you don't know" language).
> https://github.com/webpush-wg/webpush-vapid/pull/34