Re: [Webpush] User Agents should return a list of supported encryption content types

Kit Cambridge <> Wed, 19 April 2017 20:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA31112EA64 for <>; Wed, 19 Apr 2017 13:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GOsHuAWx2Q1G for <>; Wed, 19 Apr 2017 13:56:32 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C3B6D12E05D for <>; Wed, 19 Apr 2017 13:56:32 -0700 (PDT)
Received: by with SMTP id d131so30926820qkc.3 for <>; Wed, 19 Apr 2017 13:56:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tFapyMY15W4hZfUr7p7xUt0XV1zP/XHTm7DIoKPSTVk=; b=JwsIHnxszZK33ZRd6IGWCMg+tCEyImDq2DdKh/5FJBRNyYhbQ0njZH2XQBRmV/Zmzy 9/8DBvtD5U95LXX/MrYHZI/aEHsBZbvvqHPC8UyYzS8ZGOD4NKlcM8xxKFskIHC79xK+ S9pdBHOha1S0oyupYJd4wsbOf0QdiMJPJbkkc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tFapyMY15W4hZfUr7p7xUt0XV1zP/XHTm7DIoKPSTVk=; b=rxkZ7BNLp09z96ogIW7FuJy3RHZyCtn7mg4s4f2RipRHiT9l4WARGLCYvsAGH3G/jU AzUF60YCmfcEorpRACgOyMp9wSvdNIkP0l8P73EBHrwqXPJjwlHb0aD00xYE+M/rhH5e 9GlCKnOAmu2DocqJ0GwW1X8EYq40yWa9lsAjicnpx4N2HkCj0NkCndGYJWftKgyIJC1u p3HDCn0y0p7/mkP/IpXNneTb+QHXJ+2z6qhUaO+HoBiUCmcTzDdo0x1h4TYRv1CyZz8R Yu8FjR/WoOe9M0c24DcME3xFxBMG6RuIkZThksQtEX4MlPSmNiEWeFo1LuLR8YUWlEQg x+TA==
X-Gm-Message-State: AN3rC/5j0y5CqHQCBONzfmyhKf7TEae7QUzYyvvOF2Fv5HrQBk05gu2h wyigJOs6Rk+oB2zOZA7FbR1lunzr8PeFcS2XGQ==
X-Received: by with SMTP id a203mr4433375qkg.53.1492635391887; Wed, 19 Apr 2017 13:56:31 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 19 Apr 2017 13:55:51 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Kit Cambridge <>
Date: Wed, 19 Apr 2017 13:55:51 -0700
Message-ID: <>
To: "Conlin, JR" <>
Cc: "" <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Subject: Re: [Webpush] User Agents should return a list of supported encryption content types
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Apr 2017 20:56:35 -0000

This could be handled transparently by the push server, too. A client
registering with the push server would indicate which schemes it
supports. When the app server tries to send a message, the push server
can check if the "Content-Encoding" is supported for that client, and
immediately reject the message with a 400 if not.


- kit

On Wed, Apr 19, 2017 at 1:44 PM, JR Conlin <> wrote:
> Recently, a bug filed against a webpush subscription library highlighted a
> shortcoming.
> Currently, there are two in production encryption content types, "aesgcm"
> and "aes128gcm". The "voice of authority" about what types of accepted
> content types is the UA. The sorts of allowed encryption is not communicated
> to the subscription update provider.
> I would like to propose that the returned PublishSubscription object
> <>
> "options" object be modified to include a "contenttypes" list of allowed ECE
> content types. (e.g. ['aesgcm', 'aes128gcm']) This method would also allow
> future content types to be relayed. If no "contenttypes" field is present,
> then the provider must assume "aesgcm" encoding, to allow for older UAs.
> This field would also help indicate "updated" UAs which can take advantage
> of the newer draft specifications.
> My apologies if this is the wrong group. WebPush and ECE span several and
> this is a case where they overlap. I will happily repost to the appropriate
> group.
> _______________________________________________
> Webpush mailing list