[Webpush] User Agents should return a list of supported encryption content types
JR Conlin <jconlin@mozilla.com> Wed, 19 April 2017 20:44 UTC
Return-Path: <jconlin@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1193C12D574 for <webpush@ietfa.amsl.com>; Wed, 19 Apr 2017 13:44:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZyXbPbF2yOb for <webpush@ietfa.amsl.com>; Wed, 19 Apr 2017 13:44:17 -0700 (PDT)
Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD9AD12E6A3 for <webpush@ietf.org>; Wed, 19 Apr 2017 13:44:16 -0700 (PDT)
Received: by mail-lf0-x230.google.com with SMTP id t144so18787647lff.1 for <webpush@ietf.org>; Wed, 19 Apr 2017 13:44:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=mime-version:reply-to:from:date:message-id:subject:to; bh=B6MPBGMIg4di2su4/S0627DZUXdFQHCx392vrsznaeA=; b=Voeb5/G22iDgqNY/Zp2YXCmUqsTLR7EEDvRdSiDd78v2TRNU+k1MsJI8iEkqynTWGQ FuVNLF+25EvLYJITXh6o9Znby2LGC6KVcdpCkIqlMWO+/iInBBzhNR2ou4kgFU/BCFb+ 5t3AL1oYwh87FZ0zZ0giwNTL6jMurRI2E9q7w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=B6MPBGMIg4di2su4/S0627DZUXdFQHCx392vrsznaeA=; b=nX/WthgVnAxk1LZe5AxGeizZv/af9TpVvh9nPsuiTvGSGzrF1KLMC1GAWda+vEZd7r swxMuuzuFX/h6LNWySASDJ31/BKOxdVJzybFxC66RcXCBX0irvEEebyCDLSrIwfqDGRx 97O6s7RrAtDVxe6pPaG2tK0Eqgr9BwqF549/fxTUtsJJvt1u4Yq2p093H8ZecwWBckRE aAcOXxUcIuQs0iDyaN9SrLpSkyjpaEa1dZk36ElJ6qoCZ8kJLJPwF9RLcVaiOIpnoRq8 3lJjlCvFCjOW4u6I5NSr6ydXCwavdx21qhn8olrGKi9kFpWzQmD78K0OFNdfZs/0bTEb 9eeQ==
X-Gm-Message-State: AN3rC/4BrHoOJDhf81J0a+pSwh8+wKXIRXVf6geoABZ9zrntcXZSTUuw FB8lpJvNuTkROexmCwjLJxEKvDVIaRjWJY0RNA==
X-Received: by 10.46.0.70 with SMTP id 67mr1617053lja.113.1492634654244; Wed, 19 Apr 2017 13:44:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.84.79 with HTTP; Wed, 19 Apr 2017 13:44:13 -0700 (PDT)
Reply-To: jrconlin@mozilla.com
From: JR Conlin <jconlin@mozilla.com>
Date: Wed, 19 Apr 2017 13:44:13 -0700
Message-ID: <CA+XEtePZfEMv2AOCsF4O0NxTedMm3cK07UxZy2bwrEQk+ME98Q@mail.gmail.com>
To: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: multipart/alternative; boundary="001a1142b53658a999054d8b165e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/uDR2PzpChfn24TwNWZBfR6fuKp0>
Subject: [Webpush] User Agents should return a list of supported encryption content types
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 20:44:19 -0000
Recently, a bug filed against a webpush subscription library highlighted a shortcoming. https://github.com/web-push-libs/web-push-php/issues/48#issuecomment-295416292 Currently, there are two in production encryption content types, "aesgcm" and "aes128gcm". The "voice of authority" about what types of accepted content types is the UA. The sorts of allowed encryption is not communicated to the subscription update provider. I would like to propose that the returned PublishSubscription object < https://developer.mozilla.org/en-US/docs/Web/API/PushSubscription> "options" object be modified to include a "contenttypes" list of allowed ECE content types. (e.g. ['aesgcm', 'aes128gcm']) This method would also allow future content types to be relayed. If no "contenttypes" field is present, then the provider must assume "aesgcm" encoding, to allow for older UAs. This field would also help indicate "updated" UAs which can take advantage of the newer draft specifications. My apologies if this is the wrong group. WebPush and ECE span several and this is a case where they overlap. I will happily repost to the appropriate group.
- Re: [Webpush] User Agents should return a list of… JR Conlin
- Re: [Webpush] User Agents should return a list of… Kit Cambridge
- [Webpush] User Agents should return a list of sup… JR Conlin
- Re: [Webpush] User Agents should return a list of… Martin Thomson
- Re: [Webpush] User Agents should return a list of… Kit Cambridge
- Re: [Webpush] User Agents should return a list of… JR Conlin
- Re: [Webpush] User Agents should return a list of… JR Conlin