Contact email
Spec
The already implemented PushMessageData interface:
Summary
Addition of the "curve25519dh" attribute on the PushSubscription interface, and the PushMessageData interface exposed off PushEvent providing access to the (decrypted) payload.
Motivation
The Push API implementation can currently be used to deliver "tickles" - notifications that something has happened, without indicating what happened. This requires developers to check with their application servers over the network to find out what the update is.
With the PushMessageData interface, developers can include some amount of data with their message. While the exact limit is implementation-defined, the Web Push protocol
requires this limit to be at least 4 KB. Our push service, Google Cloud Messages, matches this.
Payloads must be encrypted because Web Push is, inherently, an intermediated protocol. The identify of these intermediaries is not always known, nor are they necessarily trusted.
Compatibility Risk
Medium. The current IETF draft and Martin Thomson's pull request propose using P-256 as the ECDH curve, whereas we prefer using Curve25519 instead. This is being discussed at the IETF:
(note that not all replies seem to be showing up.)
Ongoing technical constraints
Client-side JavaScript code has to share the public key (curve25519dh) and the other subscription information with their server upon subscribing for Push. The PushEvent will only receive decrypted payloads.
When sending messages on the server-side, the encryption part of draft-thomson-webpush-encryption-01 has to be implemented. This is hard. We anticipate libraries to provide all functionality, and are looking into expediting the overall availability.
OWP launch tracking bug
Link to entry on the feature dashboard
Requesting approval to ship?
No