Re: [Webpush] Major change to encryption
Peter Beverloo <beverloo@google.com> Mon, 31 October 2016 23:31 UTC
Return-Path: <beverloo@google.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 5226D127078
for <webpush@ietfa.amsl.com>; Mon, 31 Oct 2016 16:31:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=google.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0LPmGjOOYSSD for <webpush@ietfa.amsl.com>;
Mon, 31 Oct 2016 16:31:30 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com
[IPv6:2a00:1450:400c:c09::22b])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 09511129415
for <webpush@ietf.org>; Mon, 31 Oct 2016 16:31:30 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id n67so257510223wme.1
for <webpush@ietf.org>; Mon, 31 Oct 2016 16:31:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=4OgabyoRCTvvLY24foDt/o+PFSRJ69VYkrBDuQeLISc=;
b=U5N71dKwEQDIDITeVU/fNEzoTJMOvZYLaiEUwnRBAjiBiZDGHBs5tqH50ddXvg2OwL
RLYBGEhlkBw1Mvs585tvplKrgM5/YrBK1zLHN303IZLKWqZVrLGsYh4cdeMEu+ZYGSaF
7Zr2QfTfWTjiVcn1AymbxlDH1cWoumRdNLKc+hqCosGl8unzqeuwrxFX2pypXdQRTbOW
mu//8qUneteIcDm9p6ZFXk640ugN1vFgpZz5Lv+FSvG5gWN0hzTwvmf46PRH51GgfEq+
HDnWrQM4PWIbWcBGsPIWo4L6A/ogEOgwSu7aCJVETKPk/m6LQgQVxn76sMiHB302EwWM
/JXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=4OgabyoRCTvvLY24foDt/o+PFSRJ69VYkrBDuQeLISc=;
b=A2iZMK+LJRsPjYhupdp/J+fMiRiYyOR+EpmvhULvvT4CLoG+R5oW5rhlQ4ylaCBYhX
Jvl+iSGweYTUghLbK+xLtWN8C7RHNWZ3JEppMNiwt/wpvDDUicto3Y4CW9nbDjb8wVtc
AOnnX0gBvFHu9uBJDztKuAQmRzRFAO+do8b9CQubpkSyl5muhZ7wGWCf01IWrJwsnJsI
xOo1anD0rydGUvOZpTRhJdJtyNPbsj21kfGwGN+tveB8YhMJzk5MKILJV64MMDlS56fF
D+W8EVbqh7cgvkdlYFdjZjXYxbZrbX8caJPoaDXOeFur2a3w/rqJWv9ePZobX+/ffloU
7Fdg==
X-Gm-Message-State: ABUngvdDNFFx6MxZ8D6AAwCCCuerLJWOMe7myvtKxIx83fbF7nRSx/BwLr0WpApOHHyqApbNb0zlwIrJus/QoX96
X-Received: by 10.28.158.148 with SMTP id h142mr8578420wme.59.1477956688446;
Mon, 31 Oct 2016 16:31:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.176.131 with HTTP; Mon, 31 Oct 2016 16:31:27 -0700 (PDT)
In-Reply-To: <CABkgnnUzR747r3VC1DLTqnZJwPvkAoH-SbB+y7-UY0i1Z+fX3A@mail.gmail.com>
References: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com>
<da15e3e3-9d20-7e2c-eceb-d369a3529226@mozilla.com>
<CABkgnnVeGAtADwvf_FWKvNDpAtKNVvWpiFAr-LPf47hgHSqiag@mail.gmail.com>
<f6bb7ff3-1d6c-3b8c-b956-aaa0c046fd3a@mozilla.com>
<CABkgnnUzR747r3VC1DLTqnZJwPvkAoH-SbB+y7-UY0i1Z+fX3A@mail.gmail.com>
From: Peter Beverloo <beverloo@google.com>
Date: Mon, 31 Oct 2016 23:31:27 +0000
Message-ID: <CALt3x6nS2+LG6aZPEZL5wPA_c00pCjZ5WswcFqty35weut2rOw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=001a114b360868e90f0540319b14
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/jpDQ0W-sxhwcrlA6o6GBAS-MTOE>
Cc: jr conlin <jconlin@mozilla.com>, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Major change to encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 23:31:32 -0000
Hi Martin, Thanks for the update and the proposal! I've reviewed these today, and have minor some points of feedback. I'll deliberately avoid the topics of interoperability and upgrade cost here. First of all, this indeed vastly improves layering between the drafts. I very much like how webpush-encryption is now built on top of encryption- encoding as opposed to being some sort of fork. >> A push message MUST include a zero length keyid parameter in the >> content coding header. This allows implementations to ignore the first >> 21 octets of a push message. I don't think this is right. The `salt` and the `rs` must still be known, and those are included in the header. >> A push service is not required to support more than 4096 octets of >> payload body (see Section 7.2 of [I-D.ietf-webpush-protocol]), which >> equates to at most 4059 octets of cleartext. I think this forgot about the padding -- 4096 - 16 (auth) - 2 (padding length) - 21 (header w/o keyid) = 4,057 May also want to s/cleartext/plaintext/ for consistency with encryption- encoding. >> An Application Server MUST include exactly one aes128gcm content >> coding, and at most one entry in the Crypto-Key field. This allows the >> keyid parameter to be omitted. This means the draft is incompatible with VAPID again. It must have at most one Crypto-Key entry that has a `dh` value. I haven't yet been able to validate the examples in the draft, but it sounds like you're changing these anyway per jr's feedback (+1 to that). Thanks, Peter On Mon, Oct 31, 2016 at 11:19 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 1 November 2016 at 10:07, jr conlin <jconlin@mozilla.com> wrote: > > One small comment, then? Can we change the transmitted Content-Encoding > > type to match the new Content-type of "aes128gcm" instead of the long > > abandoned "aesgcm128"? (See point #4) > > Ouch, that's going to hurt. I'll have to redo the examples :*( 40 > minutes until the deadline, go! > > _______________________________________________ > Webpush mailing list > Webpush@ietf.org > https://www.ietf.org/mailman/listinfo/webpush >
- [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption jr conlin
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption jr conlin
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Peter Beverloo
- Re: [Webpush] Major change to encryption Peter Beverloo
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption jr conlin
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption JR Conlin
- Re: [Webpush] Major change to encryption Martin Thomson
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Costin Manolache
- Re: [Webpush] Major change to encryption Martin Thomson