Re: [Webpush] Use Case related to subscription sets

Martin Thomson <> Mon, 23 November 2015 18:16 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8D4971ACCF4 for <>; Mon, 23 Nov 2015 10:16:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id B5uRn5kDu6AA for <>; Mon, 23 Nov 2015 10:16:45 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 863ED1ACCF0 for <>; Mon, 23 Nov 2015 10:16:45 -0800 (PST)
Received: by igbxm8 with SMTP id xm8so63077945igb.1 for <>; Mon, 23 Nov 2015 10:16:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Gnp9Alo+G77FP7Sckk15SCErohKEWER9eJcPBtSase8=; b=Cs7H0o0duJ3YTiwEW5oFNbrzPcXq2EojUmAWPFoKx9Wmrfa0tx1kyAVGG9wIhAV6K3 eUc97C9s6zFDfE1jYOvfd/EC13Gr3CBXktu8dii0B6BSSDe4d77RRvVZF+Fqg2+Bx2c6 pKWH4Nwr2FhhH8aUfP7u1+eRJHXeBs+ZwOLKw/D8o10eyaImO+0++H6zU1gwdAnNk13a 5sag+3pQ7bMrtFBDVGgDIgVEIr2c1aJoAYYxwFRLpektoXvDijOOCj56aHpzhcbfMULb Djo5XMVF9bazKy1GTpiAP3nZiiLOP1DIcZqqqTqp+bYAPtnLlOsjlygweZlPiIuheLaS DxAg==
MIME-Version: 1.0
X-Received: by with SMTP id ei11mr16097338igc.94.1448302604933; Mon, 23 Nov 2015 10:16:44 -0800 (PST)
Received: by with HTTP; Mon, 23 Nov 2015 10:16:44 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <>
Date: Mon, 23 Nov 2015 10:16:44 -0800
Message-ID: <>
From: Martin Thomson <>
To: Benjamin Bangert <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: Brian Raymor <>, "" <>, =?UTF-8?Q?Herv=C3=A9_Ruellan?= <>
Subject: Re: [Webpush] Use Case related to subscription sets
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Nov 2015 18:16:47 -0000

As Ben says here, I think that the question of limits is something
that is specific to a service.  The concurrent stream limit is a valid
way of limiting load, certainly.

However, I don't think that it makes the problem go away.  It's a
second order solution in the sense that it attempts to address the
consequences of bad behaviour.  I would rather have a service reject
attempts to create unlinked subscriptions.

An explicit link between subscriptions isn't that hard to do.  I've
created a pull request that illustrates how simple it would be to
accommodate Hervé's request.

On 23 November 2015 at 09:31, Benjamin Bangert <> wrote:
> On Mon, Nov 23, 2015 at 1:56 AM, Hervé Ruellan <>
> wrote:
>> On 20/11/15 18:49, Brian Raymor wrote:
>>> On Fri, Nov 20, 2015 at 8:43 AM, Benjamin Bangert
>>> <> wrote:
>>> > Since most push servers, as far as I know, will be using SSL, I
>>> don't know how a proxy could even function
>>> > since it would need to MITM the secured connection which is
>>> obviously not good.
>>> The mobile phone ("proxy") acts as the user agent in this case with a
>>> HTTPS connection to the push service. A different protocol than HTTP
>>> may be required between phone and the camera. Sounds similar to a
>>> field gateway scenario?
>> Yes, the HTTPS connection is between the mobile phone and the push server.
>> And another protocol is used between the camera and the phone.
>>> > Either way, this situation and use-case seems accounted for by the
>>> spec as it is, since those wishing to handle
>>> > this scenario may run their own Push Server without a low concurrent
>>> stream max, and unsecured so that a
>>> > proxy may function.
>>> Regarding "unsecured", Section 9 requires HTTPS - This protocol MUST
>>> use HTTP over TLS [RFC2818].
>> For our scenario, we would like to be able to use a generic push server. I
>> agree that the spec supports the use-case, but we would also like the
>> implementations to support the use-case.
>> A short mention of the use-case in the spec would be really helpful. The
>> consequences for an implementation would be to allow a user agent to create
>> a *few* subscription sets, and not limit it to *1*, and also to allow a user
>> agent to open a *few* streams to subscription resources.
> Implementation-wise, the only reason a client using our service is
> restricted to one active subscription set at a time is due to the concurrent
> stream limit setting. It is however, just that, a setting.
> Someone could use our eventual implementation and set the stream limit
> setting to whatever they want to support at scale. Our specific deployment
> will restrict our clients to 2 concurrent streams via this setting.
> I'm assuming there will be multiple implementations out there to choose from
> if you don't want to implement your own, and many/most of them will likely
> implement the ability to restrict subscription sets in a similar manner...
> merely by setting a config flag.
> Cheers,
> Ben
> _______________________________________________
> Webpush mailing list