Violation between webpush-encryption and webpush-vapid

[beverloo]

draft-ietf-webpush-encryption-02 defines:

An application server MUST include exactly one entry in each of the Encryption and Crypto-Key header fields.

This removes a number of edge-cases and simplifies implementations. However, draft-ietf-webpush-vapid-00 defines:

Note that with push message encryption I-D.ietf-webpush-encryption, this results in two values in the Crypto-Key header field, one with the a "p256dh" key and another with a "p256ecdsa" key.

Which is a violation of the former.

Semantically it makes most sense for these to be distinct values since they're intended for different audiences. I'll propose a PR limiting webpush-encryption to one Crypto-Key entry having a dh value instead.

[jrconlin]

Because life is complicated, there are some libraries that are using ";" and creating a single parameter set containing both ECE and VAPID parameters, e.g.

dh=abc123...;p256ecdsa=efg876...;keyid=label

Because of "quirks" in both the mozilla and FCM handlers, this works.

It may be beneficial if legacy push servers continue to support this behavior while libraries and applications that depend on them transition to any new division format.