[dispatch] Re: Proposal for New Work: OODA-HTTP — Adaptive Security Framework for HTTP/HTTPS
worley@ariadne.com Thu, 03 July 2025 17:36 UTC
Return-Path: <dale.worley@comcast.net>
X-Original-To: dispatch@mail2.ietf.org
Delivered-To: dispatch@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1F9B73DA11A6 for <dispatch@mail2.ietf.org>; Thu, 3 Jul 2025 10:36:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.639
X-Spam-Level:
X-Spam-Status: No, score=-1.639 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.017, PP_MIME_FAKE_ASCII_TEXT=0.242, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=comcastmailservice.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ct-cLNCvdkIc for <dispatch@mail2.ietf.org>; Thu, 3 Jul 2025 10:36:46 -0700 (PDT)
Received: from resqmta-c2p-570919.sys.comcast.net (resqmta-c2p-570919.sys.comcast.net [IPv6:2001:558:fd00:56::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BD66C3DA11A3 for <dispatch@ietf.org>; Thu, 3 Jul 2025 10:36:46 -0700 (PDT)
Received: from resomta-c2p-555694.sys.comcast.net ([96.102.18.237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 256/256 bits) (Client did not present a certificate) by resqmta-c2p-570919.sys.comcast.net with ESMTPS id XIZeuu7rhkOkSXNrauBTsu; Thu, 03 Jul 2025 17:36:46 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20211018a; t=1751564206; bh=dWIByF0y3pcAN2PEWOdMA9VVGnp/JPz4L+gkuri2mUo=; h=Received:Received:Received:Received:From:To:Subject:Date: Message-ID:Xfinity-Spam-Result; b=WzPiuJUMc+EX8F5cGoFFe5cCfIWxLbWaeCHi//8NYecpvoRtDFBU1mBsYIsEwpa/2 02iaAG22yPQhCf/kgyBWQJM400gn866I+f1PBSJq/hqh/ClxLuaPUULHejxTB5YvxI AdTQsFq2vbHmBUTybT9Fyj6NTAQ1RzvNUBDAzpoCPsp94dptOeYkh2g+ARLP4F6bcL YiZDUI7Lm4h0Enrs+hz0ImgUZFTfX63bIQ7EcBs4Z6dvp4DjG5VSlvvbz9ZdPyOGsO wmHgJiPq4ngh4xKhEU1Aujrf/wB8bL7810LG0pJfTvS788I6Ut1GSZvchtV3/XN0dz LSKZoz0SHAwVQ==
Received: from hobgoblin.ariadne.com ([IPv6:2601:192:4a00:430::db]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 256/256 bits) (Client did not present a certificate) by resomta-c2p-555694.sys.comcast.net with ESMTPSA id XNrYuuiVsvqkgXNrZuXwna; Thu, 03 Jul 2025 17:36:45 +0000
Received: from hobgoblin.ariadne.com (localhost [127.0.0.1]) by hobgoblin.ariadne.com (8.16.1/8.16.1) with ESMTPS id 563Hah2d055567 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 3 Jul 2025 13:36:43 -0400
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.16.1/8.16.1/Submit) id 563HacZh055564; Thu, 3 Jul 2025 13:36:38 -0400
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to Dale.Worley@comcast.net using -f
From: worley@ariadne.com
To: contact@secroot.io, dispatch@ietf.org
In-Reply-To: <CA+9kkMB22zbfHXrzC61GqbkrafsD8q33bxhZCL=Ba_dCnFqBQA@mail.gmail.com> (ted.ietf@gmail.com)
Sender: worley@ariadne.com
Date: Thu, 03 Jul 2025 13:36:38 -0400
Message-ID: <87h5ztdvmh.fsf@hobgoblin.ariadne.com>
X-CMAE-Envelope: MS4xfPr4W1eujOAW9IlrH8Mj0Y2AEs/x1NEZdvGT1ZGgtR+MgcHVVVPbitefq93OejGYt7cTnZc6+mfMZTM36CyfWukc9shSoyBK/wet1sWyfqPVCPFb/CiS uU6iSpJr+t3WhMrInC+b03rp4nyjC+onLrENjoJTN439hD1OB35yJbkR2U+WPM9gmsv+8WJ/ZZQEJCsepF9BlsvFUo//KXWSklTI7Es80aMSYObHASqJHVE4 OTJcCoM9ipMu9mH8UQEb1w==
Message-ID-Hash: PE7EMTMCIRYFPSA2XCP347OOE4DWDUAI
X-Message-ID-Hash: PE7EMTMCIRYFPSA2XCP347OOE4DWDUAI
X-MailFrom: dale.worley@comcast.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dispatch.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dispatch] Re: Proposal for New Work: OODA-HTTP — Adaptive Security Framework for HTTP/HTTPS
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/CghgGDmzSXxPiJ7b9lseZ7I02ks>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Owner: <mailto:dispatch-owner@ietf.org>
List-Post: <mailto:dispatch@ietf.org>
List-Subscribe: <mailto:dispatch-join@ietf.org>
List-Unsubscribe: <mailto:dispatch-leave@ietf.org>
Ted Hardie <ted.ietf@gmail.com> writes: > ... This is a BCP > recommending against the use of X- headers and similar constructs. > ... > On Thu, Jul 3, 2025 at 2:45â¯AM Rachid Bouziane <contact@secroot.io> wrote: >> ... (via the X-OODA-Action header) ... I am not an expert on security work, but I've worked with IETF protocols and their extensions for many years, including fretting about whether/when to use "X-" headers. In the OODA-HTTP context, since you want it to be WG work, and thus ultimately an RFC, any headers defined by the RFC definitely *should not* have "X-" because the headers will be standardized. After all, the only meaning of "X-" is "this is not a standard header and I want to make sure nobody mistakes it for one". Dale
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… worley
- [dispatch] Proposal for New Work: OODA-HTTP — Ada… Rachid Bouziane
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Lucas Pardue
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Rachid Bouziane
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Ted Hardie
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Mark Nottingham
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… John C Klensin