IETF Logo Mail Archive

Re: [Webpush] Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 18 October 2016 08:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA9571299CD; Tue, 18 Oct 2016 01:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.732
X-Spam-Level:
X-Spam-Status: No, score=-4.732 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aO6eNyNhBPrD; Tue, 18 Oct 2016 01:43:48 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9538B1299C3; Tue, 18 Oct 2016 01:43:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E5EF8BE2F; Tue, 18 Oct 2016 09:43:45 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id timD8BSQ4W41; Tue, 18 Oct 2016 09:43:45 +0100 (IST)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 5BE02BE2E; Tue, 18 Oct 2016 09:43:45 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1476780225; bh=jNABrGRn3UzsU2nJoNx+HI1PTIV9Is96jnL4woLdVck=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=twyVMPh0f0P010WZTP4irglriX8QhTWtc6cUT7zjz1pNYNiEAhpHrXWFcKdKK5O7y drnJnktfVJFqeABimscSAsQsLMLlpatk36ClpMMdJdai8BaYXI4BWJcmM+QLNyGlEk /MGjkYrBiZBCZQnGuR4A3jRe8gV3ebGy/BIhxKMo=
To: Brian Raymor <Brian.Raymor@microsoft.com>, Martin Thomson <martin.thomson@gmail.com>
References: <CY1PR03MB238089D350CD6A78DB9E80BE83DF0@CY1PR03MB2380.namprd03.prod.outlook.com> <5816348f-015a-beca-a5e6-3883fff02aab@cs.tcd.ie> <CY1PR03MB2380AE2A057528E2B17FA0B083DF0@CY1PR03MB2380.namprd03.prod.outlook.com> <CY1PR03MB2380D52D2AA9CC7D60EA5FA883D00@CY1PR03MB2380.namprd03.prod.outlook.com> <77e09f1f-04de-7819-92ea-9e4609cd853d@cs.tcd.ie> <CABkgnnUXDpd_raGe1ugJEM8aeR4=oh-fqT-raWe2+6ZAMd5uVQ@mail.gmail.com> <56cca9c2-22a7-10bf-6d3a-cde3b82db9dc@cs.tcd.ie> <CY1PR03MB23804C47292E6C6D6EDF04FA83D30@CY1PR03MB2380.namprd03.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <6fdc9c7d-e517-b142-45d6-9164d4a63053@cs.tcd.ie>
Date: Tue, 18 Oct 2016 09:43:45 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CY1PR03MB23804C47292E6C6D6EDF04FA83D30@CY1PR03MB2380.namprd03.prod.outlook.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms060400070201030402090205"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/sLDbr3qtMRnD4VIm5Fu3k1KvV0E>
Cc: "draft-ietf-webpush-protocol@ietf.org" <draft-ietf-webpush-protocol@ietf.org>, Shida Schubert <shida@ntt-at.com>, "webpush-chairs@ietf.org" <webpush-chairs@ietf.org>, The IESG <iesg@ietf.org>, "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Stephen Farrell's Discuss on draft-ietf-webpush-protocol-11: (with DISCUSS and COMMENT)
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 08:43:51 -0000

Hiya,

We're nearly there...

On 18/10/16 05:14, Brian Raymor wrote:
> Hi Stephen,
> 
>> Saying that would've definitely helped me understand what's going on.
> 
> Sorry about that. It required a few iterations for us to understand, but we got there.
> 
>> Does something need to be stated in this draft? 
> 
> Martin and I have reviewed and are in agreement that
> further clarifications would not be helpful in the protocol draft.
> 
>> Or is it safe enough to assume that the
>> reader will also look at the API and encryption drafts,
>> and that people won't come up with other ways to handle
>> pushed messages that don't support good ways to
>> enforce the SOP?
> 
> Exactly. This is more relevant to the Push API / W3C which Martin
> is now tracking in https://github.com/w3c/push-api/issues/211. 
> 
> And our experience is that developers are consuming all the related
> drafts. We had some new members during WGLC who demonstrated
> this point with their contributions.

So doesn't that argue to make the relevant drafts normative
references? That's not meant to be a blocking comment btw,
I'm ok with the RFC having those as informative (modulo my
last question below) but think it'd be better if they were
normative.

> 
> This was definitely a subtle discussion. We appreciate that your review
> called this out for consideration. 

I've just one last thing to ask before we're done:

Do we envisage anyone ever using this push service mechanism
without the content of the message being as defined in the
webpush encryption draft and without following the W3C API?

If we do, and if that content ends up in a browser or other
application that needs the SOP or similar, then I'm still not
sure it's ok to say nothing in this draft.

If we do not, then it'd seem sensible to add a statement to
the effect that all these things are really a package and
it's not necessarily safe to just use this piece alone.

Cheers,
S.


> 
> ...Brian
>

v2.23.0 | Report a Bug | By Email