Re: [push-api] Expose options (#187) from Peter Beverloo on 2016-03-16 (public-webapps-github@w3.org from March 2016)

From: Peter Beverloo <notifications@github.com>
Date: Wed, 16 Mar 2016 13:45:36 -0700
To: w3c/push-api <push-api@noreply.github.com>
Message-ID: <w3c/push-api/pull/187/r56411375@github.com>

>            displaying a Web Notification. [[NOTIFICATIONS]]
>          </p>
> +        <p>
> +          The <code><dfn id=
> +          "widl-PushSubscriptionOptionsDict-applicationServerKey">applicationServerKey</dfn></code>
> +          option includes an elliptic curve public key for an application server. This is the key
> +          that the application server will use to authenticate itself when sending push messages to
> +          this subscription as defined in [[!WEBPUSH-VAPID]]; the push service will reject any push
> +          message unless the corresponding private key is used to generate an authentication token.
> +        </p>
> +        <p>
> +          If present, the value of <code><a>applicationServerKey</a></code> MUST include a point on
> +          the P-256 elliptic curve [[!FIPS-186-3]], encoded in the uncompressed form described in
> +          [[!X9.62]] Annex A (that is, 65 octets, starting with an 0x04 octet). A different key to
> +          the one used for message encryption [[WEBPUSH-ENCRYPTION]] is strongly recommended.

This MUST be a different key than the one used for message encryption [[WEBPUSH-ENCRYPTION]].

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/pull/187/files/673588caf8d3c05baf2b20e5ae94aa8b07af19d8#r56411375

Received on Wednesday, 16 March 2016 20:46:54 UTC