Re: [Webpush] AD Review of draft-ietf-webpush-vapid

Adam Roach <> Fri, 16 June 2017 14:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 87ECA13182D; Fri, 16 Jun 2017 07:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TYreXBxdP0Tt; Fri, 16 Jun 2017 07:36:21 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 33B5A124D85; Fri, 16 Jun 2017 07:35:28 -0700 (PDT)
Received: from Orochi.local ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id v5GEZO28041445 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 16 Jun 2017 09:35:25 -0500 (CDT) (envelope-from
X-Authentication-Warning: Host [] claimed to be Orochi.local
To: Martin Thomson <>
Cc:, "" <>
References: <> <> <> <>
From: Adam Roach <>
Message-ID: <>
Date: Fri, 16 Jun 2017 09:35:19 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [Webpush] AD Review of draft-ietf-webpush-vapid
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 16 Jun 2017 14:36:23 -0000

These all look like good changes. Drop a new version of the document, 
and I'll push it forward.



On 6/15/17 21:41, Martin Thomson wrote:
> On 15 June 2017 at 10:09, Adam Roach <> wrote:
>>> As you say, an application server doesn't really have any way of
>>> determining that the push service supports a given algorithm.  That
>>> means we need to be very careful about how we signal these things.
>>> Using the authentication scheme (in this document, "vapid") as the
>>> extension point means that we can use the existing mechanisms in HTTP
>>> to signal which scheme is supported if it ever comes to the point
>>> where we want to or are forced to deploy a new algorithm.
>> Sure. Can the document say this?
>>> We also have the option of replicating the supportedContentEncodings
>>> parameter of PushManager in the API
>>> ( so that
>>> applications might avoid that round trip.
>> ...and that's much better (presuming you intend to *add* something rather
>> than shoehorning signature algorithms into a list intended for encryption
>> algorithms). Is there anything we can do now to lay the groundwork for that?
> That's not this document, but it closes the loop.
>> Is the application server identification mechanism described in this
>> document intended to *ever* be useful WITHOUT using the Subscription
>> Restriction mechanism described in section 4?
> The document addresses two use cases: subscription restriction and
> self-identification.  The former most certainly relies on the
> signature.  The latter is almost served by having the JWT payload in
> the request, but we did agree that key continuity is an part of that
> use case.  That means that the push service relies on the signature
> for establishing continuity of identity.  It's hard to build up a
> reputation as an upstanding application server when anyone can
> trivially pretend that they are you.
> Those two use cases are intended to be exhaustive.
> For the reputation part, I believe that it is acceptable for key
> rotation to result in loss of reputation, but it's probably worth
> making an explicit note of the consequences:
>> I don't care about the name, and what you propose is a fine shade for this
>> shed. It would be worth noting that future documents may add more fields to
>> the schema, and that they will do so by updating this document (along with
>> the requisite "ignore fields you don't know" language).