Daniel,
While reviewing this document during AUTH48, please resolve (as necessary) the
following questions, which are also in the XML file.
1) <!-- [rfced] Please note that the title of the document has been updated as
follows. Abbreviations have been expanded per Section 3.6 of RFC 7322 ("RFC
Style Guide"). Please review.
Original:
Use of VAPID in JMAP WebPush
Current:
Use of Voluntary Application Server Identification (VAPID) in JSON Meta
Application Protocol (JMAP) WebPush
-->
2) <!-- [rfced] Please insert any keywords (beyond those that appear in
the title) for use on https://www.rfc-editor.org/search. -->
3) <!-- [rfced] Will readers understand what "it" refers to here?
Original:
To facilitate that, the
client (or user agent in WebPush terminology) needs the VAPID public
key of the application server to pass it along to the push service
when retrieving a new endpoint.
Perhaps (remove "it"):
To facilitate that, the
client (or user agent in WebPush terminology) needs the VAPID public
key of the application server to pass along to the push service
when retrieving a new endpoint.
Or (recast sentence):
To facilitate that, the
client (or user agent in WebPush terminology) needs to pass along
the VAPID public key of the application server to the push service
when retrieving a new endpoint.
-->
4) <!-- [rfced] FYI - We updated these sentences as follows (pointed to Section
4.2 of [RFC8292] in both and updated phrasing relating to the status code
to be consistent). Let us know any concerns.
Original:
Consequently, the push
service will reject the PushVerification with a 403 (Forbidden)
status code, as specified in [RFC8292].
...
This mismatch leads to the push service rejecting the
PushVerification request with HTTP status code 403, as specified in
[RFC8292], Section 4.2.
Updated:
Consequently, the push
service will reject the PushVerification with a 403 (Forbidden)
status code, as specified in Section 4.2 of [RFC8292].
...
This mismatch leads to the push service rejecting the
PushVerification request with a 403 (Forbidden) status code, as specified in
Section 4.2 of [RFC8292].
-->
5) <!-- [rfced] Would you like the references to be alphabetized or left in
their
current order?
-->
6) <!-- [rfced] The following reference has been withdrawn. See
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf. Would you
like to cite the latest version (i.e., FIPS 186-5)?
Original:
[FIPS186] National Institute of Standards and Technology (NIST),
"Digital Signature Standard (DSS)", FIPS 186-4, July 2013,
<https://doi.org/10.6028/NIST.FIPS.186-4>.
Perhaps:
[FIPS186] NIST, "Digital Signature Standard (DSS)", NIST FIPS 186-5,
February 2023, <https://doi.org/10.6028/NIST.FIPS.186-5>.
-->
7) <!-- [rfced] The following reference has been replaced by ANSI X9.142 (and
X9.62
seems to no longer be available on the ANSI webstore).
See:
https://x9.org/asc-x9-issues-new-standard-for-public-key-cryptography-ecdsa/
https://webstore.ansi.org/standards/ascx9/ansix91422020
Would you like to cite X9.142-2020 in this document?
Original:
[X9.62] American National Standards Institute, "Public Key
Cryptography for the Financial Services Industry: The
Elliptic Curve Digital Signature Algorithm (ECDSA)",
ANSI X9.62-2005, November 2005.
Perhaps:
[X9.142] American National Standards Institute, "Financial services -
Public
Key Cryptography for the Financial Services Industry - The
Elliptic
Curve Digital Signature Algorithm - ECDSA", ANSI X9.142-2020,
September 2020.
If this change is made, please confirm that Annex A appears in X9.142-2020
with the information in the following sentence. We are unable to access the
full document to verify (it is behind a paywall).
Original:
The ECDSA public key that the push service will use to
authenticate the application server, in its uncompressed form (as
described in [X9.62] Annex A) and encoded using base64url encoding
[RFC7515].
-->
8) <!-- [rfced] Should the following be tagged as <dl> rather than
<ul> with a single bullet? To see what <dl> looks like, please see Section 3
in these test files:
https://www.rfc-editor.org/authors/rfc9749-TEST.txt
https://www.rfc-editor.org/authors/rfc9749-TEST.html
Original:
* applicationServerKey: "String"
The ECDSA public key that the push service will use to
authenticate the application server, in its uncompressed form (as
described in [X9.62] Annex A) and encoded using base64url encoding
[RFC7515]. Current systems use the P-256 curve [FIPS186].
-->
9) <!-- [rfced] Should the Informative Note in Section 3 be in the <aside>
element? The aside element is defined as "a container for content that is
semantically less important or tangential to the content that surrounds
it" (https://authors.ietf.org/en/rfcxml-vocabulary#aside).
-->
10) <!-- [rfced] We see inconsistent use of <tt> in this document. Please review
the notes below and let us know how to update for consistency. In the
html and pdf outputs, the text enclosed in <tt> is output in fixed-width
font; in the txt output, there are no changes to the font.
a) This term appears with twice with <tt> and once with quotation marks:
<tt>urn:ietf:params:jmap:webpush-vapid</tt>
"urn:ietf:params:jmap:webpush-vapid"
b) This term appears once with <tt> and six times without <tt>:
<tt>PushSubscription</tt>
PushSubscription
Also, consider if the following should be handled in the same way as
PushSubscription; currently, these do not have <tt>.
PushVerification
StateChange
sessionState
applicationServerKey
c) These terms have a similar structure, but one appears with <tt> and one
without (one instance of each). We recommend consistent handling.
<tt>PushSubscription/changes</tt>
PushSubscription/set
-->
11) <!-- [rfced] This document consistently uses "WebPush" (single word with no
space). We see use of both "WebPush" (single word) and "Web Push" (two
words) in past RFCs. See the notes below and let us know if you would
like to leave the single-word form in this document or make a change.
RFC 8030 - uses two-word form in title of "Web Push Identifiers" registry, but
also uses one-word form in a couple of instances (i.e., "WebPush scenarios"
and "WebPush Architecture").
RFC 8291 - uses both forms (seems the two-word form is used in prose and the
one-word form is used in code).
RFC 8292 - uses the two-word form in document title and in the context of "Web
Push protocol".
The only RFCs with this term in the document title are RFCs 8291 and 8292, and
both use "Web Push" (two words). See https://www.rfc-editor.org/rfc-index.txt.
-->
12) <!-- [rfced] FYI - We have added expansions for the following abbreviations
per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review each
expansion in the document carefully to ensure correctness.
Voluntary Application Server Identification (VAPID)
JSON Meta Application Protocol (JMAP)
JSON Web Token (JWT)
Elliptic Curve Digital Signature Algorithm (ECDSA)
-->
13) <!-- [rfced] Please review the "Inclusive Language" portion of the online
Style Guide
<https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let
us know if any changes are needed. Updates of this nature typically
result in more precise language, which is helpful for readers.
Note that our script did not flag any words in particular, but this should
still be reviewed as a best practice.
-->
Thank you.
RFC Editor/rv
On Mar 5, 2025, at 5:17 PM, rfc-edi...@rfc-editor.org wrote:
*****IMPORTANT*****
Updated 2025/03/05
RFC Author(s):
--------------
Instructions for Completing AUTH48
Your document has now entered AUTH48. Once it has been reviewed and
approved by you and all coauthors, it will be published as an RFC.
If an author is no longer available, there are several remedies
available as listed in the FAQ (https://www.rfc-editor.org/faq/).
You and you coauthors are responsible for engaging other parties
(e.g., Contributors or Working Group) as necessary before providing
your approval.
Planning your review
---------------------
Please review the following aspects of your document:
* RFC Editor questions
Please review and resolve any questions raised by the RFC Editor
that have been included in the XML file as comments marked as
follows:
<!-- [rfced] ... -->
These questions will also be sent in a subsequent email.
* Changes submitted by coauthors
Please ensure that you review any changes submitted by your
coauthors. We assume that if you do not speak up that you
agree to changes submitted by your coauthors.
* Content
Please review the full content of the document, as this cannot
change once the RFC is published. Please pay particular attention to:
- IANA considerations updates (if applicable)
- contact information
- references
* Copyright notices and legends
Please review the copyright notice and legends as defined in
RFC 5378 and the Trust Legal Provisions
(TLP – https://trustee.ietf.org/license-info).
* Semantic markup
Please review the markup in the XML file to ensure that elements of
content are correctly tagged. For example, ensure that <sourcecode>
and <artwork> are set correctly. See details at
<https://authors.ietf.org/rfcxml-vocabulary>.
* Formatted output
Please review the PDF, HTML, and TXT files to ensure that the
formatted output, as generated from the markup in the XML file, is
reasonable. Please note that the TXT will have formatting
limitations compared to the PDF and HTML.
Submitting changes
------------------
To submit changes, please reply to this email using ‘REPLY ALL’ as all
the parties CCed on this message need to see your changes. The parties
include:
* your coauthors
* rfc-edi...@rfc-editor.org (the RPC team)
* other document participants, depending on the stream (e.g.,
IETF Stream participants are your working group chairs, the
responsible ADs, and the document shepherd).
* auth48archive@rfc-editor.org, which is a new archival mailing list
to preserve AUTH48 conversations; it is not an active discussion
list:
* More info:
https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc
* The archive itself:
https://mailarchive.ietf.org/arch/browse/auth48archive/
* Note: If only absolutely necessary, you may temporarily opt out
of the archiving of messages (e.g., to discuss a sensitive matter).
If needed, please add a note at the top of the message that you
have dropped the address. When the discussion is concluded,
auth48archive@rfc-editor.org will be re-added to the CC list and
its addition will be noted at the top of the message.
You may submit your changes in one of two ways:
An update to the provided XML file
— OR —
An explicit list of changes in this format
Section # (or indicate Global)
OLD:
old text
NEW:
new text
You do not need to reply with both an updated XML file and an explicit
list of changes, as either form is sufficient.
We will ask a stream manager to review and approve any changes that seem
beyond editorial in nature, e.g., addition of new text, deletion of text,
and technical changes. Information about stream managers can be found in
the FAQ. Editorial changes do not require approval from a stream manager.
Approving for publication
--------------------------
To approve your RFC for publication, please reply to this email stating
that you approve this RFC for publication. Please use ‘REPLY ALL’,
as all the parties CCed on this message need to see your approval.
Files
-----
The files are available here:
https://www.rfc-editor.org/authors/rfc9749.xml
https://www.rfc-editor.org/authors/rfc9749.html
https://www.rfc-editor.org/authors/rfc9749.pdf
https://www.rfc-editor.org/authors/rfc9749.txt
Diff files of the text:
https://www.rfc-editor.org/authors/rfc9749-diff.html
https://www.rfc-editor.org/authors/rfc9749-rfcdiff.html (side by side)
Diff of the XML:
https://www.rfc-editor.org/authors/rfc9749-xmldiff1.html
Tracking progress
-----------------
The details of the AUTH48 status of your document are here:
https://www.rfc-editor.org/auth48/rfc9749
Please let us know if you have any questions.
Thank you for your cooperation,
RFC Editor
--------------------------------------
RFC9749 (draft-ietf-jmap-webpush-vapid-10)
Title : Use of VAPID in JMAP WebPush
Author(s) : D. Gultsch
WG Chair(s) : Bron Gondwana, Jim Fenton
Area Director(s) : Murray Kucherawy, Orie Steele
--
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org
