Merge pull request #224 from beverloo/enc-details

Clarify encryption key lifetime and intention
w3c · Nov 18, 2016 · b94894e · b94894e
2 parents d202f5a + 4bf28c4
commit b94894e
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/index.html b/index.html
@@ -354,6 +354,12 @@ <h2>
           with a <a>service worker registration</a> and a <a>service worker registration</a> has at
           most one <a>push subscription</a>.
         </p>
+        <p>
+          A <a>push subscription</a> has internal slots for a P-256 <a>ECDH</a> key pair and an
+          authentication secret in accordance with [[!WEBPUSH-ENCRYPTION]]. These slots MUST be
+          populated when creating the <a>push subscription</a>, and MUST remain constant for its
+          lifetime.
+        </p>
         <p>
           When a <a>push subscription</a> is <dfn data-lt=
           "deactivated|deactivate">deactivated</dfn>, both the <a>user agent</a> and the <a>push
@@ -850,7 +856,9 @@ <h2>
         </li>
       </ol>
       <p>
-        Keys named <code><a>p256dh</a></code> and <code><a>auth</a></code> MUST be supported.
+        Keys named <code><a>p256dh</a></code> and <code><a>auth</a></code> MUST be supported, and
+        their values MUST correspond to those necessary for the user agent to decrypt received push
+        messages in accordance with [[!WEBPUSH-ENCRYPTION]].
       </p>
       <p>
         The <code><dfn id=