daniel@gultsch.de

ART jmap This document defines a method for JSON Meta Application Protocol (JMAP) servers to advertise their capability to authenticate Web Push notifications using the Voluntary Application Server Identification (VAPID) protocol.

Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .

Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

Table of Contents

• .  Introduction
• .  Conventions Used in This Document
• .  Discovering Support for VAPID
• .  Issuing Push Notifications
• .  Key Rotation
• .  Security Considerations
• .  IANA Considerations
  • .  Registration of the JMAP Capability for VAPID
• .  References
  • .  Normative References
  • .  Informative References
• Author's Address

Introduction JMAP specifies how clients can subscribe to events using a protocol that is compatible with Web Push . Some push services require that the application server authenticate all push messages using the VAPID protocol . To facilitate that, the client (or user agent in Web Push terminology) needs the VAPID public key of the application server to pass along to the push service when retrieving a new endpoint.

Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Discovering Support for VAPID The JMAP capabilities object is returned as part of the standard JMAP session object (see ). Servers supporting this specification MUST add a property called urn:ietf:params:jmap:webpush-vapid to the capabilities object. The value of this property is an object that MUST contain the following information:

applicationServerKey: "String"

The Elliptic Curve Digital Signature Algorithm (ECDSA) public key that the push service will use to authenticate the application server, in its uncompressed form (as described in Section 2.3.3 of ) and encoded using base64url encoding . Current systems use the P-256 curve .

Issuing Push Notifications Every time the server sends a push message to a PushSubscription URL, it MUST authenticate the POST request using the protocol outlined in . This includes both StateChange events and PushVerification notifications. To authenticate the request, the server MUST use a JSON Web Token (JWT) signed by the private key corresponding to the application server key. This application server key MUST be the one that was advertised in the capabilities object at the time the PushSubscription was created.

Key Rotation When a server needs to replace its VAPID key, it MUST update the sessionState per . The client MUST monitor the JMAP session object for changes to the VAPID key and MUST recreate its push subscription when it detects such a change. After key rotation, the server MAY continue to send push notifications for existing push subscriptions using the old application server key for a transitional period. This allows clients time to recreate their respective push subscriptions. At the end of the transitional period (or immediately for implementations that do not have one), the server MUST destroy push subscriptions that use the old key. When destroying push subscriptions that include the data type PushSubscription, the server MAY issue one final StateChange push notification using the old URL and application server key to notify the client of changes to the PushSubscription data type. This prompts the client to make a PushSubscription/changes method call. The response to this call will contain an updated sessionState, which refers to a session object that contains the new VAPID key. A race condition can occur when the server updates its VAPID key after the client has refreshed the session object but before calling the PushSubscription/set method. This situation causes the server to send a PushVerification object to a push resource URL that is now associated with an outdated VAPID key. Consequently, the push service will reject the PushVerification with a 403 (Forbidden) status code, as specified in . To alleviate this problem, the client MUST check if the sessionState in the response from the PushSubscription/set method points to a session object with an applicationServerKey that matches their expectations. If there is a mismatch, the client MAY retry creating the PushSubscription. Additionally, the client MAY destroy the PushSubscription from the earlier, failed attempt.

Security Considerations During the key rotation process, synchronization issues between the client and server may arise. Specifically, a client might restrict a push subscription with the push service to an outdated key, while the server sends the PushVerification object authenticated with the newly rotated key. This mismatch leads to the push service rejecting the PushVerification request with a 403 (Forbidden) status code, as specified in . Per the requirements of , the server MUST NOT retry the rejected PushVerification request. Consequently, the PushVerification object will not be delivered to the client. To mitigate such issues, the client is responsible for detecting and resolving any synchronization discrepancies, as outlined in of this document. The inclusion of the urn:ietf:params:jmap:webpush-vapid property in the JMAP capabilities object is limited to providing information about the server's support for VAPID. This property does not reveal sensitive information, nor does it introduce new security or privacy risks beyond those inherent to JMAP and Web Push. The security considerations for JMAP (especially Sections and ), Web Push , and VAPID apply to this document.

IANA Considerations

Registration of the JMAP Capability for VAPID IANA has registered the following new capability in the "JMAP Capabilities" registry:

Capability Name:

urn:ietf:params:jmap:webpush-vapid

Intended Use:

common

Change Controller:

IETF

Security and Privacy Considerations:

RFC 9749,

Reference:

RFC 9749

References Normative References NIST Standards for Efficient Cryptography Group Version 2.0 This document specifies a protocol for clients to efficiently query, fetch, and modify JSON-based data objects, with support for push notification of changes and fast resynchronisation and for out-of- band binary data upload/download. This document describes a simple protocol for the delivery of real- time events to user agents. This scheme uses HTTP/2 server push. An application server can use the Voluntary Application Server Identification (VAPID) method described in this document to voluntarily identify itself to a push service. The "vapid" authentication scheme allows a client to include its identity in a signed token with requests that it makes. The signature can be used by the push service to attribute requests that are made by the same application server to a single entity. The identification information can allow the operator of a push service to contact the operator of the application server. The signature can be used to restrict the use of a push message subscription to a single application server. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) specification and an IANA registry defined by that specification. Related encryption capabilities are described in the separate JSON Web Encryption (JWE) specification. Informative References W3C Working Draft

Author's Address

daniel@gultsch.de