Re: [w3c/push-api] Some questions about VAPID and encrypted messages (#278)

The Push API does say that `applicationServerKey` has to be a valid P-256 point, so the while the user agent may do some verification, the push service may not.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/issues/278#issuecomment-315739792

Received on Monday, 17 July 2017 12:19:23 UTC