- From: Alastair Coote <notifications@github.com>
- Date: Mon, 20 Dec 2021 10:25:22 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 20 December 2021 18:25:34 UTC
@collimarco in a true P2P scenario there would be no central VAPID keys. Any given client would generate keys then share them with the clients it wishes to exchange messages with, creating a kind of private group. How you'd transfer those keys securely is an open question but I can see WebRTC or in-person QR code scanning being two possibilities. (that said, even if you *did* make the VAPID private key public you'd still need the endpoint, p256 and auth keys for any client so it's not like you'd be giving over a skeleton key.) In any case I understand that P2P isn't a core aim of Web Push but it *is* possible with this relatively small tweak on the part of push providers. FWIW after I left my previous comment I put together a module that lets you use WebPush entirely via WebCrypto APIs: https://github.com/alastaircoote/webpush-webcrypto -- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/303#issuecomment-998168286 You are receiving this because you are subscribed to this thread. Message ID: <w3c/push-api/issues/303/998168286@github.com>
Received on Monday, 20 December 2021 18:25:34 UTC