[Webpush] Last-minute Review of Webpush Encryption

"Matthew A. Miller" <linuxwolf+ietf@outer-planes.net> Mon, 03 July 2017 16:23 UTC

Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40110129ADA for <webpush@ietfa.amsl.com>; Mon, 3 Jul 2017 09:23:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NeFBOJgeI_oC for <webpush@ietfa.amsl.com>; Mon, 3 Jul 2017 09:23:23 -0700 (PDT)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A219E129482 for <webpush@ietf.org>; Mon, 3 Jul 2017 09:23:23 -0700 (PDT)
Received: by mail-yb0-x22c.google.com with SMTP id v197so31055382ybv.3 for <webpush@ietf.org>; Mon, 03 Jul 2017 09:23:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=sender:to:from:subject:message-id:date:user-agent:mime-version; bh=k/Pp3ob4geyjENktyuovr7N+LQVeQ5Qt1gpc36fTA3Y=; b=b+I7ffzJ8Q0TU9Psm3eTqiAbtLQoM63RAbP43GYxJuMkGAImllVZuz38Skx5SxoQ4j 30NpFdFv4PTudcHhKK9drt+r6rfHJE3EhdLM3kspZ5FfrLzGC3/OtISczYaPo9FWYCKz t1NEtPkfig2k8xSfchpsHiodBKLZa8BSrW6hUdYI6ZC8J1EyFxVZBVHH/G25m4NzXb4L SEp7D7B/b7XAXDBWl8h7GPDd1GaOQpFC++CA8Re1nVkFZJH9Ev7kCnprlYldpL8zlXBk 3CsklwFIvB2Ftksut8GlXkDbvLG2XfYZBrDGiVnefBJkjXoyVrZQTPPbRe9q7CUu+RN5 Y57A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:to:from:subject:message-id:date :user-agent:mime-version; bh=k/Pp3ob4geyjENktyuovr7N+LQVeQ5Qt1gpc36fTA3Y=; b=YfM8eQjY6A0kbVc8gyXwNK85fo2JfB5dLiRbHzx1bGgwaGZFB9tiP3ZUpeuC06JKPU 24aJv+HvGVB1jx61W0QapyytCtKtor4Nh1bulMH37DzUB58GX6UnvcgUpRxTcKsFyDDx 7QNa8TUYZEQhEsFnO0/XH8UnSXTGyCefdvNVRBRsMFIiDyGJ7K8Petq3x0auSL2MYuAn nVJKQSBpSsHpZCLnyLoqMXsRoxJDtVR1S+VjqCHnLjqjPWdvm1rdU/COXKzMIRaiUcBl xXxJWsCS+jXFikhUP93Swq9bAgiptZy2Pgkj+gQzIkBQt/X70kMBFiukoLdG3ivyN0nr GR9w==
X-Gm-Message-State: AKS2vOxUjNnVILqfqQXTaskuAlt2qsusUNSVZxfbpS0Mm1SJFAYD2Vpq Es6skCF6xYbaLbUuDQntNA==
X-Received: by 10.37.125.133 with SMTP id y127mr29067019ybc.238.1499099002747; Mon, 03 Jul 2017 09:23:22 -0700 (PDT)
Received: from [10.6.23.170] ([128.177.113.102]) by smtp.gmail.com with ESMTPSA id o145sm7145410ywo.39.2017.07.03.09.23.21 for <webpush@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Jul 2017 09:23:22 -0700 (PDT)
Sender: Matthew Miller <linuxwolf@outer-planes.net>
To: webpush@ietf.org
From: "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Message-ID: <00c1c3f6-7492-aca6-ee24-54041e35ccc7@outer-planes.net>
Date: Mon, 03 Jul 2017 09:23:20 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Thunderbird/54.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="6xDrdHKs3d4nWwhFCTVDdGagvfT4ehsTO"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/lX1C11NM4zS_HnWKmDOvJgVwSgY>
Subject: [Webpush] Last-minute Review of Webpush Encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 16:23:25 -0000

 I was asked to review draft-ietf-webpush-encryption.

Overall I think this document is ready; I'd lightly recommend one
editorial change and have a callout that borders the line on editorial.

In Section 3.4 "Encryption Summary", I think it adds clarity to
explicitly stating the "L" inputs for the two final HKDFs.  I've
submitted PR #12 to that effect.

More concerning is that "keyid" is expected to be the "raw" ECDH public
key, which is almost certainly not a UTF-8 encoded string; this bends
the SHOULD in draft-ietf-httpbis-encryption-encoding.  It needs to be
called out more explicitly than I see so far, but I don't have any
specific text to start with.


-- 
- m&m

Matthew A. Miller