Re: [Webpush] question on Urgency semantics in draft-ietf-webpush-protocol-04
Brian Raymor <Brian.Raymor@microsoft.com> Fri, 08 April 2016 15:32 UTC
Return-Path: <Brian.Raymor@microsoft.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0109912D8E2
for <webpush@ietfa.amsl.com>; Fri, 8 Apr 2016 08:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jI61OiRxZKtd for <webpush@ietfa.amsl.com>;
Fri, 8 Apr 2016 08:32:45 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com
(mail-eopbgr640106.outbound.protection.outlook.com [40.107.64.106])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E4CA612D949
for <webpush@ietf.org>; Fri, 8 Apr 2016 08:32:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=1Iz0S6FEUZyD17J5lmr1k+lyzF5P1WIpgxKROSR2ILU=;
b=ifhqetOq4KcKSz28HtIdUCiPbTVhYxqjpwO7oSEwa4wsObZhBi2Xh5Wr1xXVXvpz1Phv4ks2yLJizsawiZpgKlT/qMgX47VOyxSkyPl2YaiY1ACib+cKCnuWrGJMjK84/5PVfRmYIHvLMei1M4bEf6UVDwV/GtY+ly9clpiBO3Y=
Received: from DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) by
DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) with Microsoft SMTP
Server (TLS) id 15.1.447.15; Fri, 8 Apr 2016 15:32:43 +0000
Received: from DM2PR0301MB0654.namprd03.prod.outlook.com ([10.160.96.16]) by
DM2PR0301MB0654.namprd03.prod.outlook.com ([10.160.96.16]) with mapi id
15.01.0447.029; Fri, 8 Apr 2016 15:32:42 +0000
From: Brian Raymor <Brian.Raymor@microsoft.com>
To: Darshak Thakore <d.thakore@cablelabs.com>, Martin Thomson
<martin.thomson@gmail.com>
Thread-Topic: [Webpush] question on Urgency semantics in
draft-ietf-webpush-protocol-04
Thread-Index: AQHRkP8jJ2zK1ZiY0keQctVB4VCZ+J9/CoWAgAAET+A=
Date: Fri, 8 Apr 2016 15:32:42 +0000
Message-ID: <DM2PR0301MB06549E093356C56AB315A09E83910@DM2PR0301MB0654.namprd03.prod.outlook.com>
References: <D32C044E.A68E%d.thakore@cablelabs.com>
<CABkgnnXZcMu5G9pTE1oCA=m31gLFsGkebYgaAhV3rBdm3r-u7Q@mail.gmail.com>
<D32C2A23.A6C2%d.thakore@cablelabs.com>
In-Reply-To: <D32C2A23.A6C2%d.thakore@cablelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cablelabs.com; dkim=none (message not signed)
header.d=none;cablelabs.com; dmarc=none action=none
header.from=microsoft.com;
x-originating-ip: [2001:67c:370:136:e9f2:d0c9:da44:d7c8]
x-ms-office365-filtering-correlation-id: 2d8c983b-c980-412b-98c1-08d35fc306e6
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0655;
5:A0bgGu7jFblPvC0TnE42T+soBOhIz5hXCL52pBr66RBOsZP2B6l49P/BmvTl56epuaUjfn1CpA3kknDJoXPnBhKz4RBUfPe68la0AzvG+5CsRc6U5QSZp0lA0qBzRdO7wWqKKprv6ThUUMH8efxtpQ==;
24:bSyisSIYA3kffNMcdxuDUK2hCtnt07Svcz4zGjiP53tBx+k4ZHazD831fZRmeVge/0r80pilgASH1LLyiljOW+f6r8ad3Hejq+4Pp3CDXDw=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0655;
x-microsoft-antispam-prvs: <DM2PR0301MB06555871930591B8F07044EF83910@DM2PR0301MB0655.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
RULEID:(61425038)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038);
SRVR:DM2PR0301MB0655; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0655;
x-forefront-prvs: 0906E83A25
x-forefront-antispam-report: SFV:NSPM;
SFS:(10019020)(6009001)(13464003)(377454003)(53754006)(24454002)(10400500002)(77096005)(5005710100001)(10290500002)(15975445007)(92566002)(33656002)(2900100001)(2950100001)(230783001)(86362001)(5002640100001)(3660700001)(5004730100002)(164054004)(3280700002)(19580405001)(5008740100001)(19580395003)(9686002)(4326007)(81166005)(2906002)(99286002)(1220700001)(189998001)(102836003)(86612001)(6116002)(106116001)(54356999)(50986999)(76176999)(1096002)(5001770100001)(87936001)(10090500001)(5003600100002)(122556002)(74316001)(76576001)(586003)(3826002);
DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0655;
H:DM2PR0301MB0654.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="windows-1257"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2016 15:32:42.6690 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0655
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/yVBQo91E9DRjNEMw8mWMvFnTRoU>
Cc: "webpush@ietf.org" <webpush@ietf.org>
Subject: Re: [Webpush] question on Urgency semantics in
draft-ietf-webpush-protocol-04
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol
<webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>,
<mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>,
<mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 15:32:53 -0000
We have existing language for DoS that could be adapted: A malicious application with a valid push URI could use the greater resources of a push service to mount a denial of service attack on a user agent. Push services SHOULD limit the rate at which push messages are sent to individual user agents. A push service or user agent MAY terminate subscriptions (Section 8.3) that receive too many push messages. However - for the issue of excessive high-urgency messages, I'm wondering whether the end user would make that decision. If an application server is burning the battery with messages that are either not really high-urgency or excessive in number, then the user would probably identify and remove the offending client application or reconfigure its settings. Does Mozilla or Google have any experiences to share for this scenario? Thanks, ...Brian -----Original Message----- From: Webpush [mailto:webpush-bounces@ietf.org] On Behalf Of Darshak Thakore Sent: Thursday, April 7, 2016 6:42 PM To: Martin Thomson <martin.thomson@gmail.com> Cc: webpush@ietf.org Subject: Re: [Webpush] question on Urgency semantics in draft-ietf-webpush-protocol-04 Thanks, PR 82 addresses my question around Urgency header usage. Regarding point #2 below, would it make sense to provide some text that declares this as ³fair-warning² and that PS¹s should address this (maybe in the security considerations section) Darshak On 4/7/16, 12:55 PM, "Martin Thomson" <martin.thomson@gmail.com> wrote: >A timely question, or set thereof. > >I was most of the way through >https://github.com/webpush-wg/webpush-protocol/pull/82 > >1. The UA should be able to filter out messages of lower urgency, the >above PR clarifies that point. >2. We can't stop an AS from gaming the system, but we could treat too >many high-urgency messages as a DoS attack (more on this later) >3. There are cases where accepting messages entails more work than >would be ideal. There are some messaging channels where the delivery >of a certain amount of data causes a dramatic increase in cost. For >example, the paging channel in a cellular network. > > >On 7 April 2016 at 15:34, Darshak Thakore <d.thakore@cablelabs.com> wrote: >> Hi all, >> >> In reviewing the 04 version, I was hoping for some >>comment/clarification on >> the Urgency semanics: >> >> Section 6.3 - Urgency header >> >> The last paragraph - ³An absent Urgency header field indicates that the >> request is to be forwarded at ³normal² urgencyŠ" >> >> I¹m assuming this statement applies to the ³Urgency² header only when >>it is >> used by the AS to send the message to the PS. Correct? An absent >>³Urgency² >> header field in the request from the UA to PS should result in all >>messages >> being retrieved. Am i interpreting it correctly ? >> >> Also in general, i¹m trying to understand how the ³Urgency² header >>actually >> works here. Once a radio is up for communication, you typically want to >> complete as much of data communication as possible so that you can go >>back >> to sleep for an extended period. If we had the following scenario; >> >> Three applications have subscribed with the PS so we have a >>subscription set >> consisting of these three. Now the following messages are sent >> >> AS1 -> PS : Sends 5 messages without the Urgency header so all 5 are >> ³normal" >> AS2 -> PS : Sends 2 messages with ³high², 5 with ³low² and 5 with >>³very-low" >> AS3 -> PS : Games the system and sends 5 messages with ³high² >> >> Now before AS2 sends any messages, if the UA polls the PS with the >>Urgency >> set to ³high², it doesn¹t get any pushes. If the UA polls the PS >> subsequently after AS3 sends the messages again with Urgency set to >>³high", >> it will receive 7 messages (2 from AS2 and 5 from AS3). The other 15 >> messages (from AS1 and AS2) remain outstanding. >> >> In the above scenario, the pending 15 messages may expire before getting >> delivered and requiring the PS and AS# to maintain state, deliver back >> ³expiration² receipts and retry delivery (this cycle may happen a >>couple of >> times). Is all this complexity only to allow the device¹s radio to be in >> full-power communication mode for the duration of the 7 messages >>instead of >> (7+15) messages or is there any other benefit i¹m missing ? Given that >>the >> radio was in full power mode along with a ³fully-primed² TCP connection >>from >> the UA to the PS, are we really saving any significant energy by not >>sending >> those 15 messages ? Also there does not seem to be anything that stops a >> particular AS from gaming the system and sending all its messages with >> ³high² urgency. >> >> My main goal here is to understand what precise benefit we are providing >> with the Urgency header. >> >> >> Regards, >> Darshak >> >> _______________________________________________ >> Webpush mailing list >> Webpush@ietf.org >> https://www.ietf.org/mailman/listinfo/webpush >> _______________________________________________ Webpush mailing list Webpush@ietf.org https://www.ietf.org/mailman/listinfo/webpush
- [Webpush] question on Urgency semantics in draft-… Darshak Thakore
- Re: [Webpush] question on Urgency semantics in dr… Martin Thomson
- Re: [Webpush] question on Urgency semantics in dr… Darshak Thakore
- Re: [Webpush] question on Urgency semantics in dr… Brian Raymor
- Re: [Webpush] question on Urgency semantics in dr… Martin Thomson