Use of VAPID in JMAP WebPush
draft-ietf-jmap-webpush-vapid-10
Yes
Murray Kucherawy
No Objection
Gunter Van de Velde
Jim Guichard
John Scudder
Mahesh Jethanandani
Warren Kumari
Zaheduzzaman Sarker
No Record
Francesca Palombini
Note: This ballot was opened for revision 05 and is now closed.
Murray Kucherawy
Yes
Deb Cooley
(was Discuss)
No Objection
Comment
(2025-01-05 for -06)
Sent
Thank you to Daniel for addressing my original comments. I'm changing my ballot to 'no objection'. I have one comment remaining: In Section 3, the parenthetical (65 octets specifically) won't be true with a larger ECDSA public key. I had merely eliminated the parenthetical in my suggested text. The public key will always start with a 0x04 octet, but it won't be 65 octets in length. ------------------------------------------- Below are my original comments (just for the record). --------------------------- Thank you for a well written, clear draft. These should be easy to resolve. Section 3: While RFC8292 specifies ECDSA directly, it only mentions P-256. This draft should aim to allow algorithm agility in terms of ECDSA key size as VAPID and JWT allow. How about: "The ECDSA public key (current systems use the P-256 curve) [FIPS186], in uncompressed form described in [X9.62] Annex A that is encoded using base64url encoding [RFC7515], that the push service will use to authenticate the application server." Section 6: Since none of the referenced RFCs has Key Rotation as a topic, please add a couple of sentences on key rotation here. [note: some of what you have in the key rotation section can easily be used.] -----------------------
Erik Kline
No Objection
Comment
(2024-12-28 for -05)
Sent
# Internet AD comments for draft-ietf-jmap-webpush-vapid-05 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S2 * "MUST contain the following ... The ECDSA public key" I'm a little surprised by what, to me, looks like a lack of algorithm agility. I don't know enough about VAPID to know if algorithm agility is feasible, but ... it seems like something IETF protocols should generally be aiming towards. ### S5 * "If there is a mismatch, the client MAY retry creating the PushSubscription" Why MAY and not SHOULD? I assumed this would be the logical desired behavior.
Gunter Van de Velde
No Objection
Jim Guichard
No Objection
John Scudder
No Objection
Mahesh Jethanandani
No Objection
Orie Steele
No Objection
Comment
(2025-01-07 for -08)
Sent
# Orie Steele, ART AD, comments for draft-ietf-jmap-webpush-vapid-08 CC @OR13 * line numbers: - https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-jmap-webpush-vapid-08.txt&submitcheck=True * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ Thanks to Thomas Fossati for the ART ART Review. ### What does use mean? ``` 101 PushVerification notifications. The server MUST use the application 102 server key that was advertised in the capabilities object at the time 103 the PushSubscription was created. ``` I think this means: verify a digital signature using the applicationServerKey as described in https://datatracker.ietf.org/doc/html/rfc8292#section-4.2 ? This must seems underspecified, or to assume more JMAP knowledge than I have. The word "sign" only appears in the security considerations, a brief description of how this "signing" key is used before then would be helpful, even if its just calling out to sections in other specs. ### new public key format for jmap (sigh) ``` 90 * applicationServerKey: "String" 91 The ECDSA public key (current systems use the P-256 curve) 92 [FIPS186], in its uncompressed form as described in [X9.62] Annex 93 A and encoded using base64url encoding [RFC7515], that the push 94 service will use to authenticate the application server. ``` I see that this came up in the ART ART review: https://mailarchive.ietf.org/arch/msg/art/7hYM8qI5Seg9C75sy5atqRLolPA/ Following through the W3C references, we land on: https://www.rfc-editor.org/rfc/rfc8292#section-3.2 Specifically: https://www.rfc-editor.org/rfc/rfc8292#section-2.4 ``` Note: X9.62 encoding is used over JWK [RFC7517] for two reasons. A JWK does not have a canonical form, so X9.62 encoding makes it easier for the push service to handle comparison of keys from different sources. Secondarily, the X9.62 encoding is also considerably smaller. ``` I suggest adding a direct reference to this. And also a comment like you have on the list "this is to enable copy pasting of the existing text encoded keys".
Paul Wouters
No Objection
Comment
(2025-01-06 for -08)
Sent
applicationServerKey: "String" The ECDSA public key (current systems use the P-256 curve) [FIPS186], in its uncompressed form as described in [X9.62] Annex A and encoded using base64url encoding [RFC7515], that the push service will use to authenticate the application server. It seems one should either use a representation that includes the cryptographic specifiers (eg SubjectPublicKeyInfo) or one should have a field with the key type, eg applicationServerKeyType: "ECDSA". This might be the case for [X9.62], but I cannot tell as the resource does not seem to be publicly available. I guess since this format is also used in RFC8292, it is too late to raise a DISCUSS on this to fix, unfortunately. The first part of the Security Considerations seems to deal with regular protocol operational edge cases and not security considerations. Consider moving these to a more appropriate place (maybe its own new Section)
Roman Danyliw
No Objection
Comment
(2025-01-07 for -09)
Not sent
Thank you to Paul Kyzivat for the GENART review.
Warren Kumari
No Objection
Zaheduzzaman Sarker
No Objection
Éric Vyncke
No Objection
Comment
(2025-01-02 for -05)
Not sent
I am supporting Deb's and Erik's ballots about lack of agility.
Francesca Palombini
No Record