Re: [Webpush] Feedback on draft-thomson-webpush-http2-02
Martin Thomson <martin.thomson@gmail.com> Fri, 13 February 2015 07:04 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0B321A0AF1 for <webpush@ietfa.amsl.com>; Thu, 12 Feb 2015 23:04:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGAz4stArYGB for <webpush@ietfa.amsl.com>; Thu, 12 Feb 2015 23:04:05 -0800 (PST)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CD6F1A1A79 for <webpush@ietf.org>; Thu, 12 Feb 2015 23:04:05 -0800 (PST)
Received: by mail-ob0-f180.google.com with SMTP id vb8so16876357obc.11 for <webpush@ietf.org>; Thu, 12 Feb 2015 23:04:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=DBQrUWjd0J/wx7Z/jNBFgnmvwBqW90d7poUYOVpiPI4=; b=XGYbS1vN45TZpPmOr0Xde9zzmdcGsPfh9Adcp11OX8t40bHigxKi95cQ81smtbAPOe Izf1zDnEiLiTW7RsDS9RXLNbirjWBG3gkCpIqPADQsUJ1yloV9ZN/LQu11h1NLmZWB6V SABQGRDHzWxu753gLi2lXWcfKJbiFQltWhnetPu2sRJQCeXjQveKG/JsqMoMKTY+DXL5 TuFLUtaiNQtFMRQa5TswFB2/4W5jywd3bd8Wa5wBVIRYtyo3ZL0M9Or4IUrMkAPJ6qur mdFYN3v8Ino+hf3I0zJsTG4apAi940ykt/8RlWCQl0ui6YIrQl4ZjIDMcIJP/UI3BXSK Wc7w==
MIME-Version: 1.0
X-Received: by 10.202.75.8 with SMTP id y8mr5185795oia.12.1423811044821; Thu, 12 Feb 2015 23:04:04 -0800 (PST)
Received: by 10.202.225.135 with HTTP; Thu, 12 Feb 2015 23:04:04 -0800 (PST)
In-Reply-To: <BY2PR0301MB06475155A1F8C74271D4330B83230@BY2PR0301MB0647.namprd03.prod.outlook.com>
References: <BY2PR0301MB06475155A1F8C74271D4330B83230@BY2PR0301MB0647.namprd03.prod.outlook.com>
Date: Fri, 13 Feb 2015 18:04:04 +1100
Message-ID: <CABkgnnW40bvW69m_5E7bH+HjSJNy-WTVxtpu5dGQ1KrXjQjdrw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Brian Raymor (MS OPEN TECH)" <Brian.Raymor@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/vcqU6XopaRdPm2sRNznum5zdy_g>
Cc: "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] Feedback on draft-thomson-webpush-http2-02
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 07:04:11 -0000
Thanks Brian, I'll see if I can address specific cases here, though I'll break out a new thread for larger issues. On 13 February 2015 at 13:46, Brian Raymor (MS OPEN TECH) <Brian.Raymor@microsoft.com> wrote: > We plan to attend the IETF 92 meeting and to share proposals prior to the March 9th cut-off date. > > > 1.1. Conventions and Terminology > > Minor - recommend consistent use of "user agent" throughout the draft. There are also references to "client" or "device". For example: > > "the device creates a registration resource" > > "A client sends a POST" Yep, that's plain sloppy on my part. Fixed in [e74ef81] > Section 2. Overview > > The diagram illustrates "Provide Subscription" between the UA and its Application Server, but there are no further details in the draft. While the expectation is that this is left unspecified by the protocol, further details could be outlined - similar to the text for Push Server discovery and authorization? I think that's fair. Do you have text that you would like to see, or should I just throw something together and iterate? [...] > In the sample response, should the Location header and the Registration Link paths correspond: > > Link: </monitor/1G_GIPMorg_n-IrQvqZr6g>; > ... > Location: https://push.example.net/monitor/1G_GIPMorg_n-IrQvqZr6g Good catch. I think that Daniel already pointed it out, because I've already fixed it. > Section 5. Requesting Push Message Delivery > > This could be removed since it is simply implementation guidance? > > > A push service that does not store messages can stream the payload of > > push messages to the user agent. Flow control SHOULD be used to > > limit the state commitment for delivery of large messages. > > We plan to propose an optional payload to support parameters such as: > > * time-to-live > * multicast > * delivery receipt Those are definitely important features. I always imagined that the Expires header field would suffice for TTL, but after reviewing RFC 7234, I don't think that's quite right. Multicast is interesting, depending of course on what you intend to do with it (see https://tools.ietf.org/html/draft-thomson-webpush-aggregate for a potential take on the problem). I have had some ideas for how to handle delivery receipt notifications, but haven't got anything concrete. I'd be happy to see a proposal. > Section 6. Receiving Push Messages > > No error conditions/behaviors are defined for cases such as an invalid :path in the PUSH_PROMISE? Ignore or reset should work. I've noted that in [adf9374]. > > ... This request also triggers the delivery > > of all push messages that the push service has stored but not yet > > delivered. > > Could details of the response be further clarified? Sounds reasonable. This is just more server pushes. I've added something, though I note that this might change or interact with any delivery receipt feature that you might propose. [79fee57] > > A user agent can request the last push message for a "subscription" > > resource by sending GET requests to its URI. > > What is the scenario for this case? Is it related to collapsible messages? The way that this is structured, each subscription effectively has a single "collapse key". Depending on how long a server is willing to retain data, a request to the subscription URI should return the data that was pushed. > Section 7.2 Push Message expiration > > It would be useful for the Application Server to be able to send a hint to the Push Server for time-to-live. This is a common feature in existing implementations. Indeed. I've opened an issue to track this: https://github.com/martinthomson/drafts/issues/21 I'll follow up with a separate thread too. > > ... Stored push messages > > SHOULD include a Last-Modified header field (see Section 2.2 of > > [RFC7232]) indicating when delivery was requested by an application > > server. > > Why is a SHOULD preferred rather than a MUST? Because it's not clear to me that all the various push services can provide this information. If the working group thinks that a MUST is OK, then I'd certainly prefer a MUST. I'll follow up on this separately. https://github.com/martinthomson/drafts/issues/22 > Section 7.3 Registration and Subscription Expiration > > > If a user agent has an outstanding request to the > > "registration" resource (see Section 6), this can be signaled by > > returning a 400-series response code, such as 410 (Gone). A push > > service uses server push to indicate that a subscription has expired; > > a pushed 400-series status code for the subscription resource signals > > the termination of a subscription. > > What status code does an Application Server receive for expirations and terminations? That's definitely an oversight. Fixed in [223d0bb]. > If the registration is deleted, then are the related subscriptions also deleted? Yep, fixed with the above. > Section 7.4 Implications for Application reliability > > > An application developer might find it tempting to create alternative > > mechanisms for message delivery in case the push service fails to > > deliver a critical message. > > ... > > Applications are encouraged to instead provide a means to detect > > situations where push messages were not delivered and recover > > gracefully. For instance, an application server might include a > > sequence number in push messages; a gap in the sequence can then be > > used to trigger some form of state resynchronization. > > It may be difficult to maintain a per-application sequence counter at scale. This also introduces complexity into the user agent. As noted above, our preference is for the protocol to support delivery receipts. This sort of state retention wasn't particularly onerous for the applications that I've worked on, since we needed for other reasons anyway. That said, we would have definitely preferred to receive application-level acknowledgements. That is generally the best reliability mechanism. > Section 8.1 Confidentiality from Push Server Access [...] > This should include the [API] informative reference? Is the W3C consensus still pending: Yeah, well, I've pre-empted the decision there a little. I think that the main hold-up on that end is the absence of anything in the IETF that can be referenced. Bootstrapping is hard. I hope to have something to announce here soon.
- [Webpush] Feedback on draft-thomson-webpush-http2… Brian Raymor (MS OPEN TECH)
- Re: [Webpush] Feedback on draft-thomson-webpush-h… Martin Thomson