[Webpush] Restricting subscriptions to vapid public keys
Martin Thomson <martin.thomson@gmail.com> Sun, 27 November 2016 23:15 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1997112958B for <webpush@ietfa.amsl.com>; Sun, 27 Nov 2016 15:15:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id snkQmY16UZvr for <webpush@ietfa.amsl.com>; Sun, 27 Nov 2016 15:15:57 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8235C12957A for <webpush@ietf.org>; Sun, 27 Nov 2016 15:15:57 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id n21so124000534qka.3 for <webpush@ietf.org>; Sun, 27 Nov 2016 15:15:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=6wgteQ4BVCY2Ah+G+iyCnLbYuN+IA2Cnv0MySIKx08k=; b=XBGjWoFKSGLl+r3qcrDc5uv2N14nhHbPGNxsAfFfMT/awPnnBy/TriJZCSDFqsed8v P6YJiWujZb9mjwqd9x4I2rnHeFvhF9iw0djXRpPUYQ5EJXB/aIwbVqhMHCFs0E/QiIwp t4Hy1E2ITRWSC/LRlpfMKp6zuGqBYhZt3iog28bMh4oBBq9AoAx745GrOdEh9Hse5cig BMEUgwLTKOxtOst5Y2UkwYcDemiPkgq4/vrPqzadGqJGcSjAB465HmDqc3UwJdr9uVU9 +rGry9Ni6V8/tWpKy3N8f3V7md/4Xh5queT3/YsAtG0zHpR5xSAhClcuvWY1twe79GGo aORA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6wgteQ4BVCY2Ah+G+iyCnLbYuN+IA2Cnv0MySIKx08k=; b=fIWYHLPnHv3sFM99mTfZAaDvSp80HBJapL7V4KPAxgKBpunXJaT8XVTnvfCM5noM2u RW3B2E/BhDPKies776UAMu9yo7AlnUufOzD8auWSMeZAaXtuzKderqTS+gNJgbTItzZy /ds3pakSQaUcdoD+2EKmSiNmBL27+ry99CRRypl0aeO9nJVlA/6k4W/ql3Ld6K3SBSLE 7fE5GQ0DnpQ3n+5beI4+gFARVB90nqxhFrQ1VwyzKQ4ys7tN3x9ZEp9upZB1VGHzlcB8 1ij8f7Y1oxhjRuHTdVU4atQNl6+QMfJyWC322Y52xpXa6GjeWGYFGk8T10MfM6U7wHvs /GAA==
X-Gm-Message-State: AKaTC01cH/iRQbRCq81t1PFIgTHJks2X8OMmZYKwupEdNfcRCkUh0Tf/dXBl9Wxp2n/6VSZkQPeh6oKb98PmfQ==
X-Received: by 10.55.158.199 with SMTP id h190mr17854698qke.202.1480288556502; Sun, 27 Nov 2016 15:15:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.85.101 with HTTP; Sun, 27 Nov 2016 15:15:56 -0800 (PST)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 28 Nov 2016 10:15:56 +1100
Message-ID: <CABkgnnU+6qtMVTC3662RBCkBqyr_UgNXeFCXkTBN09Ra+MY2hQ@mail.gmail.com>
To: "webpush@ietf.org" <webpush@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/webpush/viUW6kTRNPByXnHZ-CZMzzSGNgg>
Subject: [Webpush] Restricting subscriptions to vapid public keys
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Nov 2016 23:15:59 -0000
I've opened a PR that removes the final use of the Crypto-Key header field. A restricted subscription is created by adding a JSON body to the subscription request: https://github.com/webpush-wg/webpush-vapid/pull/31 This is the final change that I'm aware we need for dealing with the changes on the HTTP side of things. I'll be submitting updates to all the drafts soon, but I'd appreciate some feedback before I do that.
- [Webpush] Restricting subscriptions to vapid publ… Martin Thomson