Re: [Push API] How to detect acceptable Content-Encoding for each UA

2016-03-04 Thread Tomoyuki SHIMIZU 
Hi Martin,

Thanks so much for your comment. I understand that there will be no problem
when any UA will accept "aesgcm".

> Firefox will support aesgcm128 for several releases once "aesgcm" is
> done (something I expect to happen in 48).

Good. I'm looking forward to seeing it will happen.


On Fri, Mar 4, 2016 at 5:55 PM Martin Thomson 
wrote:

> On 4 March 2016 at 18:07, Tomoyuki SHIMIZU 
> wrote:
> > On the other hand, it could be renamed according to encryption spec
> update
> > (e.g. changing from "aesgcm128" to "aesgcm"[2][3]). It might suggest
> each UA
> > might support different types or versions of Content-Encoding in the
> future.
>
> Firefox will support aesgcm128 for several releases once "aesgcm" is
> done (something I expect to happen in 48).  By the time that Chrome
> supports the standard protocol (I think that's 51), both browsers will
> accept "aesgcm" as described in the pull request.
>
> Right now, it's more than just Content-Encoding people have to worry
> about, because Chrome supplies an endpoint that only talks the GCM
> protocol.  I think that we can chalk that up to early adopter pains
> and rather begrudgingly suggest looking at the UA string.
>

Re: [Push API] How to detect acceptable Content-Encoding for each UA

2016-03-04 Thread Martin Thomson 
On 4 March 2016 at 18:07, Tomoyuki SHIMIZU  wrote:
> On the other hand, it could be renamed according to encryption spec update
> (e.g. changing from "aesgcm128" to "aesgcm"[2][3]). It might suggest each UA
> might support different types or versions of Content-Encoding in the future.

Firefox will support aesgcm128 for several releases once "aesgcm" is
done (something I expect to happen in 48).  By the time that Chrome
supports the standard protocol (I think that's 51), both browsers will
accept "aesgcm" as described in the pull request.

Right now, it's more than just Content-Encoding people have to worry
about, because Chrome supplies an endpoint that only talks the GCM
protocol.  I think that we can chalk that up to early adopter pains
and rather begrudgingly suggest looking at the UA string.

[Push API] How to detect acceptable Content-Encoding for each UA

2016-03-03 Thread Tomoyuki SHIMIZU 
Hi,

I would like to make a comment on a concern about using Push API with Web
Push Encryption.

Web Push Encryption spec[1] says an application server must indicate
Content-Encoding so that a UA can correctly process received push messages.
Currently there are browsers which supports "aesgcm128" Content-Encoding
(e.g. Chrome 49, Firefox 44+).

On the other hand, it could be renamed according to encryption spec update
(e.g. changing from "aesgcm128" to "aesgcm"[2][3]). It might suggest each
UA might support different types or versions of Content-Encoding in the
future.

If I understand correctly, there might be no manner to notify the
application server of Content-Encoding which the UA could accept, without
checking UA's name or version. IMHO, if Push API would provide any method
or attribute to indicate acceptable Content-Encoding, it would be helpful
for the application server. WDYT?

Best regards,
Tomoyuki Shimizu

[1] https://tools.ietf.org/html/draft-ietf-webpush-encryption-01
[2] https://lists.w3.org/Archives/Public/ietf-http-wg/2016JanMar/0180.html
[3] https://github.com/httpwg/http-extensions/pull/137