<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Right now, the best source is the
WebPush IETF discussion.<br>
<a class="moz-txt-link-freetext" href="https://mailarchive.ietf.org/arch/search/?email_list=webpush&q=encryption">https://mailarchive.ietf.org/arch/search/?email_list=webpush&q=encryption</a><br>
<br>
In short, folks are leaning toward AES curve25519, because it's
greatly improved security over P-256, and there are enough
libraries in the wild that it should be reasonable for App
developers to use one. <br>
<br>
Required encryption is tricky for any number of reasons. In this
case, the goal is to secure your message from the intermediary
carriers. Notably, it's a lot easier for carriers to avoid adding
pen registries or turning over data if it's just a pile of
indecipherable crap. The message is decrypted by the handling
client which also generates the public key the remote server uses
and is passed as part of the remote registration. The theory is
also that if you're running on a compromised client, you're kinda
dorked. If you're THAT paranoid (and not saying it's a bad), it's
just up to you do do your own encryption as well. <br>
<br>
On 9/1/2015 3:40 PM, Bruno Oliveira wrote:<br>
</div>
<blockquote cite="mid:1441147226792.c06b7218@Nodemailer" type="cite">
<div>Do you have any reference about the encryption discussion.
I'd be interested to read more about it.</div>
<div class="mailbox_signature">
<br>
—
abstractj PGP: 0x84DC9914 </div>
<br>
<br>
<div class="gmail_quote">
<p>On Mon, Aug 31, 2015 at 7:59 PM, JR Conlin <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:jrconlin@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jrconlin@gmail.com">jrconlin@gmail.com</a></a>></span> wrote:<br>
</p>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>
<div class="moz-cite-prefix">+4<br>
<br>
(sorry, just had some fun with a bounding issue, and felt
like sharing.)<br>
<br>
Just to let y'all know, we're going to be running
SimplePush for a while, mostly for older devices. One
thing we discovered is that some clients may have a LARGE
number of old channels registered and sending them as part
of the Hello is a waste. (Our server doesn't pay attention
to them.) Newer clients may have an interim fix that
blanks the clientIDs:[] record.) Aside from that, we're
definitely not going to be pushing any changes that should
impact your library.<br>
<br>
We've not stood up a production WebPush server, partly
because the data encryption portion of the standard is
still under discussion. For what it's worth, there are
also a few other discussion points that have yet to be
finalized (e.g. should developers register with servers,
should clients specify channels like they did for
SimplePush, etc.) but the data bit is the biggest
obstacle.<br>
<br>
As always, thanks so much for the continuing support. <br>
<br>
<br>
On 8/31/2015 12:45 PM, Idel Pivnitskiy wrote:<br>
</div>
<blockquote
cite="mid:CAN+BUJpgd8PJjRbZV5ozWM0yzfUJh2ywRbMAoz4gmohxybtQRw@mail.gmail.com"
type="cite">
<div dir="ltr">+1</div>
<div class="gmail_extra">
<br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Best regards,
<div>Idel Pivnitskiy</div>
<div>--<br>
<div>E-mail: <a moz-do-not-send="true"
href="mailto:Idel.Pivnitskiy@gmail.com">Idel.Pivnitskiy@gmail.com</a>
</div>
</div>
<div>Twitter: <a moz-do-not-send="true"
href="https://twitter.com/idelpivnitskiy">@idelpivnitskiy</a>
</div>
<div>GitHub: <a moz-do-not-send="true"
href="https://github.com/idelpivnitskiy">@idelpivnitskiy</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Mon, Aug 31, 2015 at 7:27
PM, Daniel Bevenius <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:daniel.bevenius@gmail.com"><a class="moz-txt-link-abbreviated" href="mailto:daniel.bevenius@gmail.com">daniel.bevenius@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">+1
<div class="HOEnZb">
<div class="h5">
<br>
<br>
måndag 31 augusti 2015 skrev Sebastien Blanc
<<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:scm.blanc@gmail.com">scm.blanc@gmail.com</a>>:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">+1</div>
<div class="gmail_extra">
<br>
<div class="gmail_quote">On Mon, Aug 31,
2015 at 5:12 PM, Luke Holmquist <span
dir="ltr"><<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:lholmqui@redhat.com">lholmqui@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div dir="ltr">so now that WebPush is
going to take over SimplePush, i'm
thinking of closing the related JIRA's
that we have open for simple push in
the AG-JS instance.
<div><br>
</div>
<div><br>
</div>
<div>Not that we've really done any
work on it lately, but it would be
good to clean this up a little.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thoughts?</div>
<span><font color="#888888">
<div><br>
</div>
<div><br>
</div>
<div>-Luke</div>
</font></span>
</div>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev"
rel="noreferrer">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
</div>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/aerogear-dev"
rel="noreferrer">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
aerogear-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
</blockquote>
<br>
</body>
</html>