Intent to Implement and Ship: PushManager.supportedContentEncodings

35 views
Skip to first unread message

Peter Beverloo

unread,
May 5, 2017, 9:11:04 AM5/5/17
to blink-dev
Contact emails

Spec

A TAG review for the entire Push API has been requested here:


Summary
Introduction of PushManager.supportedContentEncodings, a static attribute on the PushManager interface that tells developers which content codings (specifically, encryption formats) are supported when sending push messages.

We’re still implementing support for the latest draft (ietf-webpush-encryption-08). Until that is ready, we’ll return an array having a single value: “aesgcm”.

In addition, the PushManager, PushSubscription and PushSubscriptionOptions interfaces are being exposed to workers. They were already usable there, it was an oversight that the interfaces themselves were not exposed. This matches the specification.

Motivation
The encryption format has been finalized with some differences compared to what current implementations support. This will tell developers about when they can switch to the latest format, and, in the future, which other versions are supported too.

Interoperability and Compatibility Risk
Very low. Discussion happened on GitHub: https://github.com/w3c/push-api/issues/251

Edge: Public support
Firefox: Public support
Safari: No signals
Web developers: Positive

Ongoing technical constraints
None.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
All but Android WebView, where the Push API is not supported.

OWP launch tracking bug

Link to entry on the feature dashboard

Requesting approval to ship?
Yes

PhistucK

unread,
May 6, 2017, 3:04:06 AM5/6/17
to Peter Beverloo, blink-dev

On Fri, May 5, 2017 at 4:10 PM, Peter Beverloo <pe...@chromium.org> wrote:
they can switch to the latest format, and, in the future, which other versions are supported too.

​Sounds a bit like a hasFeature​ type of thing... Which is discouraged because of lies.



PhistucK

Peter Beverloo

unread,
May 8, 2017, 8:05:35 AM5/8/17
to PhistucK, blink-dev
Developers must encrypt the payload of a push message when they choose to include one. As browsers are transitioning to a new format, we need to give developers a way to know which formats are available for a particular user. The alternative is asking them to do user agent sniffing, which is made complicated by browsers derived from larger ones.

While we're reasonably confident that draft-ietf-webpush-encryption-08 is semantically complete, there's nothing that stops further changes from happening in the future.

Thanks,
Peter

PhistucK

unread,
May 8, 2017, 8:10:44 AM5/8/17
to Peter Beverloo, blink-dev
Sounds like something that servers should negotiate among themselves rather than the browser telling the server. Or is the browser alone decrypting the payload?


PhistucK

Peter Beverloo

unread,
May 8, 2017, 10:40:00 AM5/8/17
to PhistucK, blink-dev
On Mon, May 8, 2017 at 1:10 PM, PhistucK <phis...@gmail.com> wrote:
Sounds like something that servers should negotiate among themselves rather than the browser telling the server. Or is the browser alone decrypting the payload?

The browser decrypts the payload.

Thanks,
Peter

Chris Harrelson

unread,
May 8, 2017, 1:47:00 PM5/8/17
to Peter Beverloo, PhistucK, blink-dev
LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Jochen Eisinger

unread,
May 9, 2017, 12:36:28 PM5/9/17
to Chris Harrelson, Peter Beverloo, PhistucK, blink-dev
lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Jochen Eisinger

unread,
May 9, 2017, 12:38:26 PM5/9/17
to Chris Harrelson, Peter Beverloo, PhistucK, blink-dev
Peter, can you please point me at the security review of the encryption defined here: https://tools.ietf.org/html/draft-ietf-webpush-encryption-08

Peter Beverloo

unread,
May 10, 2017, 9:50:10 AM5/10/17
to Jochen Eisinger, Chris Harrelson, PhistucK, blink-dev
agl@, davidben@ and rsleevi@ reviewed our current implementation and the -03 draft. The -08 draft is an iteration considering the semantics and same attack vectors. eroman@ has kindly agreed to review the implementation.

The -08 draft imposes restrictions on top of ietf-httpbis-encryption-encoding, which has passed IETF review including one by SECDIR:


Note that this intent is about the `supportedContentEncodings` property. I've sent another intent to cover implementation of the -08 draft.


Thanks,
Peter

lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Jochen Eisinger

unread,
May 10, 2017, 12:04:03 PM5/10/17
to Peter Beverloo, Chris Harrelson, PhistucK, blink-dev

Cool, thanks!


lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Rick Byers

unread,
May 11, 2017, 12:54:42 PM5/11/17
to Jochen Eisinger, Peter Beverloo, Chris Harrelson, PhistucK, blink-dev
lgtm3

Cool, thanks!


lgtm2

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.


Rick Byers

unread,
May 11, 2017, 12:57:55 PM5/11/17
to Jochen Eisinger, Peter Beverloo, Chris Harrelson, PhistucK, blink-dev
Forgot to ask: what's the status of interop testing?  The current template has this section:

Is this feature fully tested by web-platform-tests?

Please link to the test suite. If any part of the feature is not tested by web-platform-tests, please include links to issues, e.g.:

  • A web-platform-tests issue with the "infra" label explaining why a certain thing cannot be tested. (example)

  • A spec issue for some change that would make it possible to test. (example)

  • A Chromium issue to upstream some existing tests. (example)

An Intent to Ship requires either a web platform test suite or such issues to be filed explaining why such a test suite is currently impossible or in the progress of being upstreamed.

Peter Beverloo

unread,
May 11, 2017, 3:03:46 PM5/11/17
to Rick Byers, Jochen Eisinger, Chris Harrelson, PhistucK, blink-dev
Thank you Rick. Same answer once more: https://github.com/w3c/web-platform-tests/issues/5630

Thanks,
Peter

Rick Byers

unread,
May 18, 2017, 5:24:34 PM5/18/17
to Peter Beverloo, Jochen Eisinger, Chris Harrelson, PhistucK, blink-dev
Thanks Peter!  In case it wasn't obvious, my LGTM still stands so you're good to go (hope you weren't waiting for me...).
Reply all
Reply to author
Forward
0 new messages