jrconlin
commented
3 years ago Sigh. aesgcm is from the draft standard, and there are a LOT of reasons that it should stop being supported. It kind of sounds like KaiOS hasn't updated their UA libraries to use the Android Components work, which is a bit sad, but understandable, but does mean that there's a lot of non-spec stuff in there.
For a lot of those reasons, I think it's better to require explicit declaration if you need to use the old specifications. Otherwise, it's too easy to screw up and potentially expose data.
I can see creating something like a --kaios flag as a convenience flag, maybe.
mthu
farooqkz
We are playing with KaiOS push notifications. Their notification service only seems to accept
Content-Encoding: aesgcm. They also seem to refuse to accept Vapid02 keys (vapidAuthorization scheme). Based on this code in JS library, it seems that it's a good idea to coupleaesgcmencryption with WebPush (Vapid01) authorization scheme. Mozilla service happily accepts both Vapid01 and Vapid02 keys but KaiOS service does not.It would be great if the Python lib also coupled
aesgcmencoding with Vapid01 keys. Now Vapid02 is selected by default (if not provided directly as an object). This would help newcomers looking at error 400 without any message provided by the KaiOS service. On the other hand, I have not found any relation between Content-Encoding and Authorization schema in the docs.