Re: [Webpush] Some comments on webpush server responses
Ben Last <benlast@mobify.com> Tue, 16 August 2016 16:21 UTC
Return-Path: <benlast@mobify.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 76BDA12D8CB
for <webpush@ietfa.amsl.com>; Tue, 16 Aug 2016 09:21:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.247
X-Spam-Level:
X-Spam-Status: No, score=-3.247 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.247,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=mobify.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id vqWugLgaC4KL for <webpush@ietfa.amsl.com>;
Tue, 16 Aug 2016 09:21:09 -0700 (PDT)
Received: from smtp.mobify.com (smtp.mobify.com [162.222.122.205])
(using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C33B512D8C6
for <webpush@ietf.org>; Tue, 16 Aug 2016 09:21:09 -0700 (PDT)
Received: from mail-it0-f69.google.com (mail-it0-f69.google.com
[209.85.214.69])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.mobify.com (Postfix) with ESMTPS id 5BBEC30005D
for <webpush@ietf.org>; Tue, 16 Aug 2016 09:21:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mobify.com; s=smtp;
t=1471364469; bh=bQ6cZjy5FAmEeEcQ0zx5QcJEzWrs7HurMUJ/qMn408g=;
h=In-Reply-To:References:From:Date:Subject:To;
b=CE8Bwi9nFUJtejU43IBPlU/02PYZCqQjfFOJYC6fFs01jY+33NYxE2aXnTZZChzZj
68cpKMTOLZkO1WElOmxpbenqTM8Aaul+f+Fv3kojr5utoQMgGQoBe0oJo7PaEKG4EK
Dq5eFpUsox+nLrK4RVpBYDfXm3/FYKxm8+Bh2kVU=
Received: by mail-it0-f69.google.com with SMTP id n128so119514552ith.3
for <webpush@ietf.org>; Tue, 16 Aug 2016 09:21:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to;
bh=+tg4pwuJh5/Mb82Fha0lNnj1nPQ+RW6lz7YQEV1XWZg=;
b=LLwZjANmnBXOyvxfUgKie+jZ/bOpR+ZG3TnDWENvShrDZqT5eEPoZBSagAv2X9pxtb
/5WcrYPb+C09ybiCRvTpP9xkVBVWH5EJ9jYNMhTwDN7XuzR0dgv/ukRyuvlsvX/O+C7r
oHzzYLh/5KHkilPwI5tyqucEKSGfIiRMrnr2af75X3PjPV9QTHDnfLFGXorhjjtyIaJ1
wZyWHa9f933PlQUsIxO6CPQsiRA1MzcRqmbnZ4u1FzKV4KHnV8L4Pg5/qXXZVj49hc5I
aOpB5gOq/AxLxbSipt8Phk5GeszMo5F+ThBd3/s6rNzyGFKOC75X2Jdo7ozQUhJ9y16n
9+Sw==
X-Gm-Message-State: AEkooutcPFGRs13AaSCbcTB5bkfkP4wtek0tNO+R8ZhXrkCVcaMIukvmJJpZ+t1OgDyhk5GeSKJbxKOHSUlD1W+FWNrAq27gZu7w8ARNA3u0l9NEAcLDoz0VrTmEi/U2hT5rF0Hi12L28cCSRcYrBTeg
X-Received: by 10.107.133.93 with SMTP id h90mr41292313iod.16.1471364468753;
Tue, 16 Aug 2016 09:21:08 -0700 (PDT)
X-Received: by 10.107.133.93 with SMTP id h90mr41292283iod.16.1471364468509;
Tue, 16 Aug 2016 09:21:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.166.134 with HTTP; Tue, 16 Aug 2016 09:21:08 -0700 (PDT)
In-Reply-To: <CABkgnnV5xu1ChQ70X9sxbjiGi45WjsB5sfVYyKN1ucAAzYiQSw@mail.gmail.com>
References: <CAM5PDDwdPnM1U-dx6Caqf-Uv3yfTu+QxkKWkA90eCO+Mu_=sgQ@mail.gmail.com>
<CABkgnnV5xu1ChQ70X9sxbjiGi45WjsB5sfVYyKN1ucAAzYiQSw@mail.gmail.com>
From: Ben Last <benlast@mobify.com>
Date: Tue, 16 Aug 2016 09:21:08 -0700
Message-ID: <CAM5PDDw6vpXmV41EwN=1Gnc-cVui2QaeThZEJjyUu_g5GabLWQ@mail.gmail.com>
To: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: multipart/alternative; boundary=001a113f0c147b1701053a32bc43
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/syzExgA-Rbr6aaHEwj9oCenf3IY>
Subject: Re: [Webpush] Some comments on webpush server responses
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 16:21:11 -0000
Hi Martin As you point out, distinguishing between 2 & 3 requires running code on the browser. But if the end-user does not return to the website, we can't run code and therefore can't make that distinction. We may send many messages between visits. We can't run code in the service worker because there's no event that can be relied on to fire (since no service workers support periodic sync, and background sync doesn't allow for repeated events). As for why we might have an invalid subscription: data may be corrupted, we may be subject to attacks that send us random subscription data, and we do see subscriptions sent from compromised versions of Chromium that may or may not be actually valid. Also, it's probably good design to allow for this case. b — Ben Last, Senior Full Stack Engineer [image: Mobify] Mobile Customer Engagement mobify.com <http://www.mobify.com/?utm_source=Email&utm_medium=Email&utm_campaign=email-signature> | M 1.604.358.0155 | @benlast <https://twitter.com/@benlast> Mobify is ranked as a leader in mobile customer engagement. View the Report! <http://resources.mobify.com/forrester-wave-report-2016.html?utm_source=Email&utm_medium=Email&utm_campaign=email-signature> On 15 August 2016 at 18:45, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 16 August 2016 at 02:50, Ben Last <benlast@mobify.com> wrote: > >> It's important for us to be able to distinguish because in case 1 we >> should remove the subscription, in case 2 we should mark it as blocked (so >> that website code does not invite the user to resubscribe) and in case 3 we >> should mark the subscription so that a service worker or website code >> resubscribes. > > > Doesn't the permissions API allow you to distinguish between 2 and 3? For > both those cases, you need to run code in the browser before the > distinction is relevant. > > As for 1, why would you ever have an invalid subscription in your database? >
- Re: [Webpush] Some comments on webpush server res… Martin Thomson
- Re: [Webpush] Some comments on webpush server res… Ben Last
- Re: [Webpush] Some comments on webpush server res… Martin Thomson
- [Webpush] Some comments on webpush server respons… Ben Last