Re: [Webpush] AD Evaluation: draft-ietf-webpush-encryption

Martin Thomson <> Tue, 11 July 2017 00:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6D7E8127867; Mon, 10 Jul 2017 17:48:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wL4jJmby01gi; Mon, 10 Jul 2017 17:48:04 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8DCB91241FC; Mon, 10 Jul 2017 17:48:04 -0700 (PDT)
Received: by with SMTP id k192so4319975ith.1; Mon, 10 Jul 2017 17:48:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1SFDNONk0ZeXfZkLUJdFZ2IjZcSULhU17AGnRaZMxfw=; b=MnvgvSM4bgLA2ahorcWK5dOcy4x/AZQ1HRCV6Q+4VIZCoXuxT4k9AsbtAtTihVjD1f xVYMbjP56fkEm/KHr3uJTQ1nnMoo2/tVJXziBWwHQhr+ipqc1WOe8uN7WUGRqBf7LDrg vQ47TlarNN1OY5wBRZITR7VYmxW+udYEXhKNpInBbHeUiC1eV3iwnY+Y9iigoCNdOSG7 pqpWfKIMTz1rh7a4IvCL2DaDtAqapIqGmuiiPpbyOf57cWzkgxK0ePN+Wx/zO85eVsAl 4UZ8+UiObezSC9ojf3njIxkIdr4mzIp2n6VmNn5mUWqH1wmYy2D4UNwHp3cBMO610qKE 7v9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1SFDNONk0ZeXfZkLUJdFZ2IjZcSULhU17AGnRaZMxfw=; b=QeJ1C+qK9P3BmIvUt8rvnAaw0AxtxLd4UN3EbZJIRpTREEL58PhcJneX1V7e6LyWc+ cO8BrHanvkuz7JSFpYV30rDHgYcRIN8+ntnZrRmhCc/fydokEsF1u5sBVAzIe7/yDjt6 qebIVftgQqKI4kPTIP0iK7LpzRaCznm7TgWCxL0i+yhKu4yYeJCdowr1BXWO0in6olkz OK9bqixZVfbJWXXxNFOPwHmOFmb2dUUc3XYoEYQ/aYB1KxbznOjAA0VClV51iKWKg1p1 GYMrzhaMu32gdHt32Xd6rs4l8OTW30u3WHB/+rQ21YTwGHaaKvzQ8VNceHnTdzCXrycx 2dvA==
X-Gm-Message-State: AIVw1105tEd8cQ3wJobK0x5bGfMYUcO48Sxb5k/DVEqcQOfdaY2g1pFH UU1evJvhHqdK8t27xgIjL8cvU08bRAyN74o=
X-Received: by with SMTP id n196mr5867184ion.37.1499734083864; Mon, 10 Jul 2017 17:48:03 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Mon, 10 Jul 2017 17:48:03 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Martin Thomson <>
Date: Tue, 11 Jul 2017 10:48:03 +1000
Message-ID: <>
To: Adam Roach <>
Cc: "" <>,
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [Webpush] AD Evaluation: draft-ietf-webpush-encryption
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Jul 2017 00:48:06 -0000

Thanks Adam,

Should you care:

I can generate a new version and submit it at a time of your choosing
if these changes are acceptable.

On 11 July 2017 at 09:04, Adam Roach <> wrote:
> The final paragraph of section 2.1 uses the word "any" in a rather sweeping
> fashion, implying that the algorithms, key sizes, and consequent strengths
> for providing authentication, integrity, and confidentiality are immaterial.
> I would suggest qualifying this more carefully.

I've changed this to "An authenticated communication mechanism that
provides adequate confidentiality and integrity protection, such as
HTTPS [...]"

> The summary in section 3.4 is greatly appreciated. I'm a bit confused about
> the "salt = random(16)"

That's an error.  I have moved this to the right place.

> Section 4: s/the some of the length/the sum of the length/

Not in my copy; I think that Matt fixed this for me already.

> Section 5: "base64url" needs a definition -- I would suggest citing RFC
> 4648, section 5.

How did I miss that...

> The final ciphertext in the appendix appears to contain a spurious space.

I broke these into 32 character chunks so that line wrapping wouldn't
hurt too much, that's all.  I'll explain that better.