IETF Logo Mail Archive

Re: [Webpush] Major change to encryption

Martin Thomson <martin.thomson@gmail.com> Mon, 31 October 2016 23:56 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C134129C13 for <webpush@ietfa.amsl.com>; Mon, 31 Oct 2016 16:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1cabzytVAJzU for <webpush@ietfa.amsl.com>; Mon, 31 Oct 2016 16:56:54 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64B89129C14 for <webpush@ietf.org>; Mon, 31 Oct 2016 16:56:29 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id z190so180986314qkc.2 for <webpush@ietf.org>; Mon, 31 Oct 2016 16:56:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/dKi0ZKwKzKF2gQDNJcmII+b2wk4QHLKu3yTcte82/Q=; b=RgmeWLKQJTNgs+wFTH5t8u1SUWN61CH6zTdt6PiMTeKYcW01gKWpA21POB2mynMr3U MJYoohta999mAr9zzeH3sPWGjyHTYLdpFxGwrn+hjX9xgX+v9MTzrfAHNGgxqOPvUh/z xzJflaSIAgpDZy6mQQ8GIgI026ZzQFJtSxUD+Q/hJyPEn16sEa2bme1NJB7Pc9I2ChUD fqz2vUa6ki0IYI6YNZb0tN5/EOJAKtjRWgdRrrCcG1z2+/K2zaZEs+OBOKc+3IlxInmS goJUvPkntMU7JKiPRO37XES006c5/Odq61jZMHXysKqkgcr/k8RimkLmXq/HIbDaSXZd qvEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/dKi0ZKwKzKF2gQDNJcmII+b2wk4QHLKu3yTcte82/Q=; b=f9/Zrw1AWZOBcb5xs/mMo5KS3knquSV5YsBsZNfLHh9QOIZPjGdgv3NSRjEsvgzKBi VGthFHlPkKoWsjenI3R7yUfuIY3n5DePoWvKiZ1imNL8HsYeB6KnsSrrYg4sGyIJmQN4 ciZzfLQ6SC7xfftNehb0Pdg8NP7SlScEnR5qmPHW8l1ue0r2adNXYSh2MHEdgAWlNp// ToR5NAW/i/mXS4lpyolpaT3pDtq2UWFa6hHYUjHZjeSPm2PppSavOxEEksP1ZcZNln+u tOLnDXOT3NLDGN72Xo8mtFA1RMDZnBhDMGNrBmgxugO32/V1qFTo8BjBP4J+IvYVi/4d bWsw==
X-Gm-Message-State: ABUngvdLsyo4AXnQJ8p7NHNQlGYg9QLb9JyhtIeOHkbjdo0F8g000AX+2i4OEjUqFa2M5BpWnBOQ1cGH/HUQeQ==
X-Received: by 10.55.99.141 with SMTP id x135mr26168464qkb.147.1477958188496; Mon, 31 Oct 2016 16:56:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Mon, 31 Oct 2016 16:56:27 -0700 (PDT)
In-Reply-To: <CALt3x6nS2+LG6aZPEZL5wPA_c00pCjZ5WswcFqty35weut2rOw@mail.gmail.com>
References: <CABkgnnUiLBOGQ6fSTiLcxn_RKbEHFYHzCAv3OMg_btETfKjRGA@mail.gmail.com> <da15e3e3-9d20-7e2c-eceb-d369a3529226@mozilla.com> <CABkgnnVeGAtADwvf_FWKvNDpAtKNVvWpiFAr-LPf47hgHSqiag@mail.gmail.com> <f6bb7ff3-1d6c-3b8c-b956-aaa0c046fd3a@mozilla.com> <CABkgnnUzR747r3VC1DLTqnZJwPvkAoH-SbB+y7-UY0i1Z+fX3A@mail.gmail.com> <CALt3x6nS2+LG6aZPEZL5wPA_c00pCjZ5WswcFqty35weut2rOw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 1 Nov 2016 10:56:27 +1100
Message-ID: <CABkgnnUSou5xroNP5dppHJOCydErzKm4c6_Z2tw1w2hLhqb6Bg@mail.gmail.com>
To: Peter Beverloo <beverloo@google.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/r4y0l6h_YPRaqE_5gIUEynQO0jQ>
Cc: jr conlin <jconlin@mozilla.com>, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Major change to encryption
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 23:56:59 -0000

Hi Peter and JR,

Thanks both for picking up on my stupid errors.  Hasty is not always
careful enough, but I was working to a time limit.  With 5 minutes
left, I think that I managed to get all your input integrated.

And your reminder about vapid was timely.  I think that we can
dispense with any attempt to remove Crypto-Key, since we have to have
it for vapid anyway.

Now I need to think about getting the python implementation updated.

--Martin

On 1 November 2016 at 10:31, Peter Beverloo <beverloo@google.com> wrote:
> Hi Martin,
>
> Thanks for the update and the proposal!
>
> I've reviewed these today, and have minor some points of feedback. I'll
> deliberately avoid the topics of interoperability and upgrade cost here.
>
> First of all, this indeed vastly improves layering between the drafts. I
> very much like how webpush-encryption is now built on top of encryption-
> encoding as opposed to being some sort of fork.
>
>>> A push message MUST include a zero length keyid parameter in the
>>> content coding header. This allows implementations to ignore the first
>>> 21 octets of a push message.
>
> I don't think this is right. The `salt` and the `rs` must still be known,
> and those are included in the header.
>
>>> A push service is not required to support more than 4096 octets of
>>> payload body (see Section 7.2 of [I-D.ietf-webpush-protocol]), which
>>> equates to at most 4059 octets of cleartext.
>
> I think this forgot about the padding --
>
>   4096 - 16 (auth) - 2 (padding length) - 21 (header w/o keyid) = 4,057
>
> May also want to s/cleartext/plaintext/ for consistency with encryption-
> encoding.
>
>>> An Application Server MUST include exactly one aes128gcm content
>>> coding, and at most one entry in the Crypto-Key field. This allows the
>>> keyid parameter to be omitted.
>
> This means the draft is incompatible with VAPID again. It must have at
> most one Crypto-Key entry that has a `dh` value.
>
> I haven't yet been able to validate the examples in the draft, but it
> sounds like you're changing these anyway per jr's feedback (+1 to that).
>
> Thanks,
> Peter
>
>
> On Mon, Oct 31, 2016 at 11:19 PM, Martin Thomson <martin.thomson@gmail.com>
> wrote:
>>
>> On 1 November 2016 at 10:07, jr conlin <jconlin@mozilla.com> wrote:
>> > One small comment, then? Can we change the transmitted Content-Encoding
>> > type to match the new Content-type of "aes128gcm" instead of the long
>> > abandoned "aesgcm128"? (See point #4)
>>
>> Ouch, that's going to hurt.  I'll have to redo the examples :*(  40
>> minutes until the deadline, go!
>>
>> _______________________________________________
>> Webpush mailing list
>> Webpush@ietf.org
>> https://www.ietf.org/mailman/listinfo/webpush
>
>

v2.8.7 | Report a Bug | By Email