IETF Logo Mail Archive

Re: [Webpush] Voluntary Application Server Identification -02

jr conlin <jconlin@mozilla.com> Thu, 11 February 2016 16:52 UTC

Return-Path: <jconlin@mozilla.com>
X-Original-To: webpush@ietfa.amsl.com
Delivered-To: webpush@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2B321B3465 for <webpush@ietfa.amsl.com>; Thu, 11 Feb 2016 08:52:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBDhnNgQKm3c for <webpush@ietfa.amsl.com>; Thu, 11 Feb 2016 08:52:32 -0800 (PST)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B9F81B34A9 for <webpush@ietf.org>; Thu, 11 Feb 2016 08:52:25 -0800 (PST)
Received: by mail-pf0-x230.google.com with SMTP id x65so32102904pfb.1 for <webpush@ietf.org>; Thu, 11 Feb 2016 08:52:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=LvSB3bU2mVA+6KwhMANjFOycKc2SuriaKLwMX3yJOds=; b=Dzd1x7LaIO7nGBOf9TPebwl6KUHreCv8SPc+gczfdrnCL1zLiMVwGJFoJpoRcu5GZH OJZBFG728ttcTOfYa62/Y17V8ok7/b5odp6KhRcL5x09PT8qh0AWRcmuo2TheJHZoWvB BbXZ1CwFdk1gyyCtuDrg7RsRn0ISxsiMtEsALoxdHwfwuViW2rWHDKIf/vgdfW+oh3uu Zknz+u9ggZsX8KpPVsWCUwsHO13wBKQeC/U7H8E4pePHRlolAFouh6vs2TneXTmqWBKC AgbQL5+AL23KPIZtNVAFTCwDo4AKW4KyJkoHSsQajAhIHbawlQKA7Nh5+KaAiNfXhUsf B2Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=LvSB3bU2mVA+6KwhMANjFOycKc2SuriaKLwMX3yJOds=; b=bQZlfXb1xqag1FQ2nfABy1GXpzGx+TBhOB+H1WRt7MTyNwkNczm1DMfMmlfIrJ/JpM whkcJ/jARRL6YK6cKLUYIowMVNSL1+1roCJAw1WySf6yQFyH+HEwoolAKjlMSX4/hZYS PmvpH/737VQy4OhKBL9NZIg3VMRjF99dBVv1TvxLngJ8paTBtzxrZdVNzXjLT0Y+52f+ IT7o9fi5Q+TRgIQsh/3t60uKYi3KrPRzcMZqJo2oeQVGQQ2ztJKYX65xFMHnhvFGr7Kq h+GARBnc0MOlbJR63f4ojwIsaWZP7R0nGTnnJu6R9ZDUnG0GjMR1jsn2yYmKbZlI69kN t+CQ==
X-Gm-Message-State: AG10YORKwXrr3BqmfW0PHD7EdGuPlGWhW4LKM05g7uZqQsBGzi3VigcR9RNBwWgFDdPuPhBa
X-Received: by 10.98.16.12 with SMTP id y12mr68218765pfi.6.1455209544803; Thu, 11 Feb 2016 08:52:24 -0800 (PST)
Received: from ?IPv6:2620:101:80fc:224:851d:643f:3f18:9573? ([2620:101:80fc:224:851d:643f:3f18:9573]) by smtp.gmail.com with ESMTPSA id 195sm13545921pfa.5.2016.02.11.08.52.23 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 11 Feb 2016 08:52:23 -0800 (PST)
To: Martin Thomson <martin.thomson@gmail.com>, Costin Manolache <costin@gmail.com>
References: <CABkgnnXMA1do2jLoNuALz5V+416RELu=FWyEj8nExC+xn3vnpw@mail.gmail.com> <CALt3x6=T7+PDBRYfBeSNuCABi824Vpno9N+2Y7Jg=5pYUxBvCw@mail.gmail.com> <CAP8-FqkTteuTU8JpqWCr-7LB9niM4ng26U8gomWrc=zvp4xJ5w@mail.gmail.com> <7f44560b-5b3e-fa6c-47de-b10fd6265379@mozilla.com> <CAP8-Fq=cENBD-qP0xGV789S0rWmUKZ0pkyenQbbts3t4nKfooA@mail.gmail.com> <CABkgnnXbSaGjPm1NPccnZ+vTRzbYR7Y59N4DRMUuF9xA2_vsmA@mail.gmail.com>
From: jr conlin <jconlin@mozilla.com>
Message-ID: <d7a566d1-ea31-6c93-b90d-822489195f1b@mozilla.com>
Date: Thu, 11 Feb 2016 08:52:23 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Thunderbird/46.0a2
MIME-Version: 1.0
In-Reply-To: <CABkgnnXbSaGjPm1NPccnZ+vTRzbYR7Y59N4DRMUuF9xA2_vsmA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/webpush/ycDHX7iPrDFjyQiMZPMOhJwsE0c>
Cc: "webpush@ietf.org" <webpush@ietf.org>, Peter Beverloo <beverloo@google.com>
Subject: Re: [Webpush] Voluntary Application Server Identification -02
X-BeenThere: webpush@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of potential IETF work on a web push protocol <webpush.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webpush>, <mailto:webpush-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webpush/>
List-Post: <mailto:webpush@ietf.org>
List-Help: <mailto:webpush-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webpush>, <mailto:webpush-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 16:52:36 -0000

On 2/11/2016 2:41 AM, Martin Thomson wrote:
> On 11 February 2016 at 17:25, Costin Manolache <costin@gmail.com> wrote:
>> The key used in register() needs to be included in the push request -
>> technically we can work around this, by having the
>> push service store the key - but by having it in the push header it can
>> reduce the storage ( the push service can
>> only store a hash of the key, or can include a hash of the key in the
>> registration token, so no storage - assuming the registration is
>> encrypted/signed).
> Like Costin, I'm confused about the need to restate the first point.
> The whole purpose of including a key in the subscription is to limit
> pushes to application servers that have the corresponding private key.
> See https://martinthomson.github.io/webpush-vapid/#using-restricted-subscriptions
> and https://github.com/w3c/push-api/pull/182

I tend to prefer limiting the amount of data exchange required. Since
the Crypto-Key component would match the previously provided register()
key, it seemed redundant to provided it on every subsequent call. Having
discussed things with Ben and Kit offline, I'm fine with the public key
being included in both, in order to make things easier for the
Application server creators.

v2.8.7 | Report a Bug | By Email