%% You should probably cite rfc8292 instead of this I-D.
@techreport{ietf-webpush-vapid-04,
    number =    {draft-ietf-webpush-vapid-04},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-webpush-vapid/04/},
    author =    {Martin Thomson and Peter Beverloo},
    title =     {{Voluntary Application Server Identification (VAPID) for Web Push}},
    pagetotal = 14,
    year =      2017,
    month =     sep,
    day =       3,
    abstract =  {An application server can use the Voluntary Application Server Identification (VAPID) method described in this document to voluntarily identify itself to a push service. The "vapid" authentication scheme allows a client to include its identity in a signed token with requests that it makes. The signature can be used by the push service to attribute requests that are made by the same application server to a single entity. The identification information can allow the operator of a push service to contact the operator of the application server. The signature can be used to restrict the use of a push message subscription to a single application server.},
}