You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is one of the cans of worms. If we're pushing through a third party which can theoretically see the content of the message, do we need to encrypt our payloads?
Pro of encrypting:
better security for payload, interception can't see which datatype is being changed or "rate of change of state string" if it's a counter - this is a metadata leak
more likely to be accepted by IETF security people
Con:
adds complexity of spec
adds complexity of implementation
takes more CPU on receiving device (potentially enough that you hit background processing limits?)
The text was updated successfully, but these errors were encountered:
* Add optional support for encryption, resolves#110
* Document that clients should use the ping event to help detect when buffering
proxies are interfering. Resolves#108.
The semantic changes can be summarised as:
Web Hooks
* (get|set)PushCallback have been renamed (get|set)PushSubscription, aligning
with the terminology in RFC8030 and take a PushSubscription object as an
argument/response rather than just a URL.
* The PushSubscription can have an expires time and encryption keys.
* Push callbacks no longer have `X-JMAP-EventType`/`X-JMAP-User` headers, as
they are not needed.
* Push callbacks MUST have a `TTL` header, and MAY have `Urgency` and/or
`Topic` headers, as specified in section 5 of [@!RFC8030].
EventSource
* Clients can now choose the ping time by adding a query parameter to the event
source URL.
* Clients can now add a query parameter which causes the server to close the
HTTP response after pushing a state change (long-polling mode).
This is one of the cans of worms. If we're pushing through a third party which can theoretically see the content of the message, do we need to encrypt our payloads?
Pro of encrypting:
Con:
The text was updated successfully, but these errors were encountered: