- From: Peter Beverloo <notifications@github.com>
- Date: Mon, 24 Oct 2016 10:13:39 -0700
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/212/255803847@github.com>
The `getKey()` method is a required for an implementation of the Push API, so the `auth` and `p256dh` fields must be supported too. Would updating the cited sentence to the following clarify the statement? > Keys named `p256dh` and `auth` must be supported, and their values must correspond to those necessary for the user agent to decrypt received push messages in accordance with [WEBPUSH-ENCRYPTION]. In Chrome, we introduced support for encrypted payloads in version 50 by adding the `getKey()` method, updating the `PushSubscription` serializer and lazily creating keys for subscriptions created prior to that release. I guess new, partial implementations could do something similar. This would significantly impact their interoperability story, so it's undesirable at best. The keys are associated with the subscription and should not change during its lifetime. If the user agent has to update them, the `pushsubscriptionchange` event should be used to communicate this to the developer. It'll be considered an entirely new subscription at that point. I think step 15 of the subscribe() algorithm details this. It's the only place where a key pair is created. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/212#issuecomment-255803847
Received on Monday, 24 October 2016 17:14:40 UTC