Right now, each protocol implementation generates keys. It seems that we should lift that functionality out of the protocol. (Of course, protocols will still need to extract key information out of their transport layer and provide it to the PushService.) See https://dxr.mozilla.org/mozilla-central/source/dom/push/PushServiceHttp2.jsm#522 and https://dxr.mozilla.org/mozilla-central/source/dom/push/PushServiceWebSocket.jsm#1006

dragana: is there a reason for the current design? I think this should be an input to register, and not conditional on the protocol implementation.

The reasons are historical :) PushServiceWebSocket didn't have data delivery until a month ago or so. So only PushServerHtt2 needed and was generating key. Now there are WebSocket PushServer without data delivery turned on and they do not need keys as well. So they are probably going to disappear soon (but I am not the right person to ask for that info). In most cases we need keys and for one that we do not need keys - they are just couple of extra bytes in db.

The only reason that you wouldn't have a key for a subscription is if the subscription was created prior to the point where we had message encryption. I think that we should be creating keys always. It should simplify things greatly.