Re: [Webpush] User Agents should return a list of supported encryption content types

Kit Cambridge <kit@mozilla.com> Wed, 19 April 2017 20:56 UTC

Return-Path: <kcambridge@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA31112EA64 for <webpush@ietfa.amsl.com>; Wed, 19 Apr 2017 13:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GOsHuAWx2Q1G for <webpush@ietfa.amsl.com>; Wed, 19 Apr 2017 13:56:32 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3B6D12E05D for <webpush@ietf.org>; Wed, 19 Apr 2017 13:56:32 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id d131so30926820qkc.3 for <webpush@ietf.org>; Wed, 19 Apr 2017 13:56:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tFapyMY15W4hZfUr7p7xUt0XV1zP/XHTm7DIoKPSTVk=; b=JwsIHnxszZK33ZRd6IGWCMg+tCEyImDq2DdKh/5FJBRNyYhbQ0njZH2XQBRmV/Zmzy 9/8DBvtD5U95LXX/MrYHZI/aEHsBZbvvqHPC8UyYzS8ZGOD4NKlcM8xxKFskIHC79xK+ S9pdBHOha1S0oyupYJd4wsbOf0QdiMJPJbkkc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tFapyMY15W4hZfUr7p7xUt0XV1zP/XHTm7DIoKPSTVk=; b=rxkZ7BNLp09z96ogIW7FuJy3RHZyCtn7mg4s4f2RipRHiT9l4WARGLCYvsAGH3G/jU AzUF60YCmfcEorpRACgOyMp9wSvdNIkP0l8P73EBHrwqXPJjwlHb0aD00xYE+M/rhH5e 9GlCKnOAmu2DocqJ0GwW1X8EYq40yWa9lsAjicnpx4N2HkCj0NkCndGYJWftKgyIJC1u p3HDCn0y0p7/mkP/IpXNneTb+QHXJ+2z6qhUaO+HoBiUCmcTzDdo0x1h4TYRv1CyZz8R Yu8FjR/WoOe9M0c24DcME3xFxBMG6RuIkZThksQtEX4MlPSmNiEWeFo1LuLR8YUWlEQg x+TA==
X-Gm-Message-State: AN3rC/5j0y5CqHQCBONzfmyhKf7TEae7QUzYyvvOF2Fv5HrQBk05gu2h wyigJOs6Rk+oB2zOZA7FbR1lunzr8PeFcS2XGQ==
X-Received: by 10.233.232.212 with SMTP id a203mr4433375qkg.53.1492635391887; Wed, 19 Apr 2017 13:56:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.44.116 with HTTP; Wed, 19 Apr 2017 13:55:51 -0700 (PDT)
In-Reply-To: <CA+XEtePZfEMv2AOCsF4O0NxTedMm3cK07UxZy2bwrEQk+ME98Q@mail.gmail.com>
References: <CA+XEtePZfEMv2AOCsF4O0NxTedMm3cK07UxZy2bwrEQk+ME98Q@mail.gmail.com>
From: Kit Cambridge <kit@mozilla.com>
Date: Wed, 19 Apr 2017 13:55:51 -0700
Message-ID: <CAEeQnY+8DWASaPMC=mkMv-HJ6Xbw4xUXY+=50kqijfDPg+-dpA@mail.gmail.com>
To: "Conlin, JR" <jrconlin@mozilla.com>
Cc: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/g1prqPX6w5uGotSOU5AAWllZLvc>
Subject: Re: [Webpush] User Agents should return a list of supported encryption content types
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 20:56:35 -0000

This could be handled transparently by the push server, too. A client
registering with the push server would indicate which schemes it
supports. When the app server tries to send a message, the push server
can check if the "Content-Encoding" is supported for that client, and
immediately reject the message with a 400 if not.

WDYT?

Cheers,
- kit

On Wed, Apr 19, 2017 at 1:44 PM, JR Conlin <jconlin@mozilla.com> wrote:
> Recently, a bug filed against a webpush subscription library highlighted a
> shortcoming.
>
> https://github.com/web-push-libs/web-push-php/issues/48#issuecomment-295416292
>
> Currently, there are two in production encryption content types, "aesgcm"
> and "aes128gcm". The "voice of authority" about what types of accepted
> content types is the UA. The sorts of allowed encryption is not communicated
> to the subscription update provider.
>
> I would like to propose that the returned PublishSubscription object
> <https://developer.mozilla.org/en-US/docs/Web/API/PushSubscription>
> "options" object be modified to include a "contenttypes" list of allowed ECE
> content types. (e.g. ['aesgcm', 'aes128gcm']) This method would also allow
> future content types to be relayed. If no "contenttypes" field is present,
> then the provider must assume "aesgcm" encoding, to allow for older UAs.
>
> This field would also help indicate "updated" UAs which can take advantage
> of the newer draft specifications.
>
> My apologies if this is the wrong group. WebPush and ECE span several and
> this is a case where they overlap. I will happily repost to the appropriate
> group.
>
> _______________________________________________
> Webpush mailing list
> Webpush@ietf.org
> https://www.ietf.org/mailman/listinfo/webpush
>