- From: Pascal Reintjens <notifications@github.com>
- Date: Tue, 01 Nov 2016 06:43:56 -0700
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/212/257569482@github.com>
Sorry for the late response, I was sick the last few days :( > Maybe it's also worth calling out as an example in 11.2: "For example, the push service MAY set an expiration time, or the user agent MAY rotate the push message encryption keys." Yes, that would improve the situation by at least suggesting the right action, although that still leaves it at a state where the behavior is completely optional > You're completely correct: if the keys change, the service worker and app server need to know. Otherwise, any messages sent to that subscription using the old keys will be dropped, because the browser will fail to decrypt them with the new keys. That is the point - the key changes need to be communicated so that message sending still works. Even adding keys without notifying service worker and app server has no point, since they then are still not able to use them. Because changing without notifying is not a good idea in any case, why not make the notifying a must so that the push api gets more reliable? Just to get the idea - my rough example, I'm sure you can formulate that way better than me: `If Keys named p256dh and auth of an push subscription are changed or added after the subscribe method is finished, this MUST be communicated through pushsubscriptionchange` Thanks :) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/212#issuecomment-257569482
Received on Tuesday, 1 November 2016 13:44:39 UTC