IETF Logo Mail Archive

Re: [Webpush] Major change to encryption

Costin Manolache <costin@gmail.com> Wed, 02 November 2016 04:43 UTC

Return-Path: <costin@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 593F3129599 for <webpush@ietfa.amsl.com>; Tue, 1 Nov 2016 21:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79GIGyYy1H0s for <webpush@ietfa.amsl.com>; Tue, 1 Nov 2016 21:43:36 -0700 (PDT)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 737A21293E8 for <webpush@ietf.org>; Tue, 1 Nov 2016 21:43:36 -0700 (PDT)
Received: by mail-it0-x22c.google.com with SMTP id e187so65528097itc.0 for <webpush@ietf.org>; Tue, 01 Nov 2016 21:43:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tgijUd2KOX5iNOoskkyi5he3GsO+lliUnj/HmUwXEiY=; b=UR3mT5gUYDzSma1x4LzY/TxQ6JXwPO08ZyPfY+e9jZCqhpQ4ZgU/Rx3/Y2o8GPCUrF /aMa7NWVnK9VHV3Gh+KTvd0bnQkE7qSJkmEcdql3wNMTcbhbSoUSBisyopF2CW2vMVUg 1kttXnsLxkcXchs8T4BtTwF6EwE0qwZ7cal+0N5EW43TWIIZdKgc4o7DJEx6FYsqDNPb 2YbIMi+rfIwpaSDRxw5zdz8K+sN/ifz4PDLNhShF0Kz9i0yMS5IRrHDvBaa/4/nMuftv sT+TKboMBywll9lIqDjIRn4DfGOw7m1OFS6h/JqE5ZuTWzl49SHa0K4endMPeGzZji8+ BBTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tgijUd2KOX5iNOoskkyi5he3GsO+lliUnj/HmUwXEiY=; b=BTBnvDPWvQ578Y+aVa+WFTc6SYhATbN4JX+qWDWpiz4q3+9zW1K8rc0ru8zvukNzqz uIMDYnUj1ykeFjR4Je2IRmGDe8Hl3W5EJGkbAhXRKWZmNenVSyXuattu+0pkvdmYiKv2 xnRTjJfS0iwGouKAjqVHaBjxAWz2Us7usc1c2YDnyCWZ/ocf4KzBIFLhlNbeTZuRoh9m KpjTP1nOFJK9XhPZIXG7TV9QPrBUOBLZePXDqjjZv/L75kGH3YuBlUL6yFhkWJEhQeUj 8ti2Yq+iTk5DdNBeuc7bbfHHHt6OgHx8vvC3s2+3p7bpjcVTOPfOg9b4stXkR3ZWq3mA 0nkg==
X-Gm-Message-State: ABUngvevvh19RwyHYTZ2miQD9cd2QMr9FAD09GMSPUnyBdJ/qnW03YRmOe4cWbv11fOlw40E7k8fUihnnQ3Q/g==
X-Received: by 10.36.101.143 with SMTP id u137mr1109894itb.66.1478061815725; Tue, 01 Nov 2016 21:43:35 -0700 (PDT)
MIME-Version: 1.0
References: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com> <da15e3e3-9d20-7e2c-eceb-d369a3529226@mozilla.com> <CABkgnnVeGAtADwvf_FWKvNDpAtKNVvWpiFAr-LPf47hgHSqiag@mail.gmail.com> <f6bb7ff3-1d6c-3b8c-b956-aaa0c046fd3a@mozilla.com> <CABkgnnUzR747r3VC1DLTqnZJwPvkAoH-SbB+y7-UY0i1Z+fX3A@mail.gmail.com> <CALt3x6nS2+LG6aZPEZL5wPA_c00pCjZ5WswcFqty35weut2rOw@mail.gmail.com> <CABkgnnUSou5xroNP5dppHJOCydErzKm4c6_Z2tw1w2hLhqb6Bg@mail.gmail.com> <CAP8-Fqn7siP7JuguZHipHHsc6Hj7dfai3u3hS8MpjLJOCWqerA@mail.gmail.com> <84f3da33-a9a4-1bbc-f290-e283cec07c22@mozilla.com> <CAP8-Fqk+suz9YpFKbdTa42nUfknWfPH-M017UjRjV2oLxUZKjQ@mail.gmail.com> <CABkgnnW3LK5Gvj=05QFrUktZhHEvwS-dkLE3BE_1iaSoMizUdg@mail.gmail.com> <CA+XEteO0DeT4VEVArWwzR_6n-e2EA5dcsjG_Sqmc2Hwgqp6y6A@mail.gmail.com>
In-Reply-To: <CA+XEteO0DeT4VEVArWwzR_6n-e2EA5dcsjG_Sqmc2Hwgqp6y6A@mail.gmail.com>
From: Costin Manolache <costin@gmail.com>
Date: Wed, 02 Nov 2016 04:43:25 +0000
Message-ID: <CAP8-FqkA1EbpxmRn_LjShep+oMtmSWszBpytcA=d4G1emrUm1g@mail.gmail.com>
To: jrconlin@mozilla.com, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a114949127b86a505404a155f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/maoywps0RC8bMYCAPkMVGbQJu-w>
Cc: "webpush@ietf.org" <webpush@ietf.org>, Peter Beverloo <beverloo@google.com>
Subject: Re: [Webpush] Major change to encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 04:43:38 -0000

AFAIK the "DH" public key must be sent to the device no matter what.

Right now for GCM, if you use the webpush endpoint the headers end up in
the key/value pairs, as base64, while the binary data goes in the raw_data.
I have no problem if the spec defines that the binary header should be
excluded - and
 push services support 4k of real data ( i.e. continue to exclude the
header overhead).

If transmitting over other transports - somehow we need to send the dh
public key and
the body - if it doesn't fit a tickle+poll or segmentation need to be used.
The fact the
 public key was received in a header or was part of the body doesn't change
this.

Costin

On Tue, Nov 1, 2016 at 9:02 PM JR Conlin <jconlin@mozilla.com> wrote:

> ​On Tue, Nov 1, 2016 at 8:50 PM, Martin Thomson <martin.thomson@gmail.com>
> wrote:
>
> Moving the public key into the body will cut into message budgets.
> We'll be at 3994 octets of plaintext maximum if we do that.
>
> ​​
>
> ​I'm a bit confused about that. For "native" networks, push servers have
> pretty wide tolerances for how much data that they can send over their
> pipes. Going between services, I can definitely understand, since you're
> held to the limits of the provider system. (APNs limits to about 2K, so
> users are kinda screwed worse.) Of course, with "bridged" systems like
> those, you still have to deal with the host system, so "headers" aren't
> free. You still have to encode the data into the body of the message in
> some fashion, which eats into the available amount.
>
> Worst of all, is that those bridged systems are also unreliable for hosts
> of reasons and then you're re-implementing TCP with one hand tied behind
> your back.​
>
> Granted, I've got a pretty limited viewpoint, so I'm sure I'm missing
> something obvious.
>
> On Tue, Nov 1, 2016 at 8:50 PM, Martin Thomson <martin.thomson@gmail.com>
> wrote:
>
> On 2 November 2016 at 12:00, Costin Manolache <costin@gmail.com> wrote:
> > Yes, when sending over GCM it's better to have the 65bytes of the key in
> the
> > binary prefix of the
> > "raw_data" byte[] instead of having to add another key/value pair, with
> the
> > b64 encoding and proto
> > overhead. But it's an optimization - not the main reason :-). A nice
> extra
> > benefit is that browsers on android
> > could dispatch the message based on the raw_data only, since the EC
> public
> > key can identify the app/SW.
>
> As I said, I'm not opposed to this, it just seems wrong.
>
> Moving the public key into the body will cut into message budgets.
> We'll be at 3994 octets of plaintext maximum if we do that.  One of
> the nice things with the header field is that users don't pay for it.
> The bad thing is that the server needs to find a way to move it.
>
> If we are going to make this change, we need to be very crisp about it.
>
>
>

v2.23.0 | Report a Bug | By Email