- From: Peter Beverloo <notifications@github.com>
- Date: Wed, 09 Dec 2015 06:37:00 -0800
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Wednesday, 9 December 2015 14:37:28 UTC
The W3C Push API has been updated by @martinthomson to allow developers to include a payload with the push messages they send. Such a payload must be encrypted, because the push service effectively is an untrusted intermediary. The W3C bits are defined in https://w3c.github.io/push-api/ ``` PushSubscription.getKey(type); // "p256dh" or "auth", returning an ArrayBuffer PushSubscription serializer; // includes the keys, base64url encoded, in the JSON PushMessageData PushEvent.data ``` The client-side JavaScript will normally not be exposed to the encryption requirement - this is done by the application server. The data available in `PushEvent.data` will have been **decrypted** already. The encryption routines themselves are defined in the following two IETF drafts: - https://tools.ietf.org/html/draft-ietf-webpush-encryption - https://tools.ietf.org/html/draft-thomson-http-encryption Chrome and Firefox are both eager to ship. /cc @mvano --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/issues/98
Received on Wednesday, 9 December 2015 14:37:28 UTC