- From: Peter Beverloo <notifications@github.com>
- Date: Tue, 07 Jul 2015 08:37:29 -0700
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/pull/130/r34054211@github.com>
> @@ -820,10 +841,24 @@ > <li>Let <var>scope</var> be the <code>ServiceWorkerGlobalScope</code> of the <a>Service > Worker</a> associated with the <a>webapp</a>. > </li> > + <li>Let <var>subscription</var> be the active <a>push subscription</a> for the <a>Service > + Worker</a>. > + </li> > + <li>Decrypt the <a>push message</a> using the private key from the key pair associated > + with <var>subscription</var> and the process described in <a href= > + "https://tools.ietf.org/html/draft-thomson-webpush-encryption">TODO: cite</a>. This > + produces the plain text of the message. > + </li> > + <li>If the <a>push message</a> could not be decrypted for any reason, or if it is not > + encrypted, discard the message and terminate this process. A <code>push</code> event MUST > + NOT be fired for a <a>push message</a> that was not successfully decrypted using the key > + pair associated with the <a>push subscription</a>. > + </li> > + <li>Let <var>pushdata</var> be the decrypted plain text of the <a>push message</a>. Using the term "plain text" makes sense from a cryptographic point of view, but it could confuse Web developers to whom the definition of "plain text" is analogous to `Content-Type: text/plain`. I'm not proposing a change, but do want to raise this as a possible pitfall. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/pull/130/files#r34054211
Received on Tuesday, 7 July 2015 15:38:06 UTC