[dispatch] Re: Proposal for New Work: OODA-HTTP — Adaptive Security Framework for HTTP/HTTPS
Lucas Pardue <lucas@lucaspardue.com> Wed, 02 July 2025 20:25 UTC
Return-Path: <lucas@lucaspardue.com>
X-Original-To: dispatch@mail2.ietf.org
Delivered-To: dispatch@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9D7E83D16C81; Wed, 2 Jul 2025 13:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.567
X-Spam-Level:
X-Spam-Status: No, score=-2.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.232, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=lucaspardue.com header.b="kxiruNIY"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="JAC7f/Gs"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4icKn3bKKyFm; Wed, 2 Jul 2025 13:25:00 -0700 (PDT)
Received: from fhigh-a4-smtp.messagingengine.com (fhigh-a4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CE8FE3D16C78; Wed, 2 Jul 2025 13:25:00 -0700 (PDT)
Received: from phl-compute-08.internal (phl-compute-08.phl.internal [10.202.2.48]) by mailfhigh.phl.internal (Postfix) with ESMTP id 89F9A1400247; Wed, 2 Jul 2025 16:25:00 -0400 (EDT)
Received: from phl-imap-09 ([10.202.2.99]) by phl-compute-08.internal (MEProxy); Wed, 02 Jul 2025 16:25:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lucaspardue.com; h=cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1751487900; x=1751574300; bh=5VXBmxsCCE R3XmjzibyLCcbtxZFMSA3hU1nXpqEhOao=; b=kxiruNIYtHARPhGRFk/1GhV8E6 wEwBiZGWf3kmyAVCAAxqVMjSH75lG5fjr0HuBCLfd9mefVk3fvZChtLytve2Wgy5 CQFDZ6vLcSrfqN7jSBOulbo90ufrT/YO3JohutCme69GxFCYujwqu0DyRRXNOLkU EV2GzAf4xaWN9DNoAycNJAUAnHnF27VtkHK+pUOp1QJASBvvK6vYO5SeOOpYrXzG CyLW4TLBn7/KmqzLtBNhlWzNx/f7AxNfLwGRMhDNfpTkYxxkLzSF2PQt+fL66KCm g2cTnT5ttQ7jEUy0ToILk7d1XUvQuFZ4+cne8urqCNU2kW0WgYYbgAIvZlMw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1751487900; x=1751574300; bh=5VXBmxsCCER3XmjzibyLCcbtxZFMSA3hU1n XpqEhOao=; b=JAC7f/GsVV6U/IfACvR+QCFPd5Mb6i1knfFMDMo8/Ya1tbPyNaP FhtaFMJZIlqQS+Oypn1FY3mew9cyWZt8ZyDn9wdZLkxsUJxCDO7V7wRUjreg/wzo 0djB0MU6+IAM1IY2PyDU3PoNoYXeVvMVVexMZF+G8/D0l0xWysnbiGloASlsuCvS Cw0cIs8BUtj1LNvaO5v+yB30+5yLeBCsZ61Mhml5DVexqXfCDuVeaRHThHvYJn61 FHTXn11Xav07t77jO1lydU8kl8NuVzkubu38lfTWn77evi4/4IgxHB/wFD3SIQtZ k0NW+rtBOacow19PHEr28kQ++pz/WdMGfag==
X-ME-Sender: <xms:nJVlaBpGI9ORfjP5PARE-PLE-xKMd7uCC6k2i--UytnQ5tkHFux65Q> <xme:nJVlaDpR7grhsjI5frYS56UB8YvykiuU2tSXH4M9Cb9JSTAzf2_k4tgrnbF4UQvIc fHgvqi4774DBNQva7I>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgddukeefhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecunecujfgurhepofggfffhvffkjghfufgtsegrtderreertd ejnecuhfhrohhmpedfnfhutggrshcurfgrrhguuhgvfdcuoehluhgtrghssehluhgtrghs phgrrhguuhgvrdgtohhmqeenucggtffrrghtthgvrhhnpedvudfgfeetveefjefghfdvhf ehuedtieeutddvffdvvefgtedtheejtdeujefhueenucffohhmrghinhepihgvthhfrdho rhhgpdhsvggtrhhoohhtrdhiohenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehluhgtrghssehluhgtrghsphgrrhguuhgvrdgtohhmpdhnsggp rhgtphhtthhopeefpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeguihhsphgrth gthhdqtghhrghirhhssehivghtfhdrohhrghdprhgtphhtthhopeguihhsphgrthgthhes ihgvthhfrdhorhhgpdhrtghpthhtoheptghonhhtrggtthesshgvtghrohhothdrihho
X-ME-Proxy: <xmx:nJVlaOMJS-ls8SGG9xWouNPwqyi17WNLvoI-CyjLdvuG4P1uAwf71Q> <xmx:nJVlaM6T_PsSNnphr6xYvf7sHE84UzVb8JToDVYWxe17oC2DtafzcA> <xmx:nJVlaA7HgVlFrMiEr9pkVy2-W_gIlA_YLxrMRLGMqsU2Udoubv8RHg> <xmx:nJVlaEjx5tos04Iuv5qxbL_aqbUg4bbZJMfNVjirDJp3VJQAqioVUA> <xmx:nJVlaPQNYH3K3hGUtR5pb9y2iAxihzevflrATH-uDYHGQIcJOTU8xnDS>
Feedback-ID: i23b94938:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id 3CAFB3020073; Wed, 2 Jul 2025 16:25:00 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: Te882872c469cad55
Date: Wed, 02 Jul 2025 21:24:36 +0100
From: Lucas Pardue <lucas@lucaspardue.com>
To: Rachid Bouziane <contact@secroot.io>, dispatch-chairs@ietf.org, dispatch@ietf.org
Message-Id: <e943fd8a-b2c0-4305-925f-b1e7c26f3002@app.fastmail.com>
In-Reply-To: <ba54fc370846e7aa024bb9990190ea56@secroot.io>
References: <ba54fc370846e7aa024bb9990190ea56@secroot.io>
Content-Type: multipart/alternative; boundary="f49d119b23d241a093d222547b46eacf"
Message-ID-Hash: NKOV2KWHBQLL3YIMPDAV6NJ7YLEVFW3R
X-Message-ID-Hash: NKOV2KWHBQLL3YIMPDAV6NJ7YLEVFW3R
X-MailFrom: lucas@lucaspardue.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dispatch.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dispatch] Re: Proposal for New Work: OODA-HTTP — Adaptive Security Framework for HTTP/HTTPS
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/RHzIGZ83NjzV7v5C7flDAlP4lD4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Owner: <mailto:dispatch-owner@ietf.org>
List-Post: <mailto:dispatch@ietf.org>
List-Subscribe: <mailto:dispatch-join@ietf.org>
List-Unsubscribe: <mailto:dispatch-leave@ietf.org>
Hi, I'm not an expert on the dots work [1], but how does this compare to it? Cheers Lucas [1] https://datatracker.ietf.org/wg/dots/about/ On Wed, Jul 2, 2025, at 21:14, Rachid Bouziane wrote: > Dear DISPATCH Chairs, > > I hope this message finds you well. > > Following a helpful recommendation from the IETF Secretariat, I would > like to submit a new work proposal for your consideration: OODA-HTTP, an > adaptive security framework that extends HTTP/HTTPS with behavioral > analysis, runtime telemetry, and contextual response logic. > > The draft defines an experimental extension to HTTP that introduces: > > A new header (X-OODA-Action) for carrying threat scores and recommended > actions. > > A semantic telemetry layer designed for dynamic mitigation (e.g., block, > challenge, rotate keys). > > Compatibility with TLS coordination and QUIC environments. > > Post-quantum resilience and support for behavioral threat models. > > The most recent version of the draft is available here: > 📄 https://datatracker.ietf.org/doc/draft-secroot-ooda-http/ > > It has already received constructive feedback from recognized experts > including: > > Rich Salz (TLS/cybersecurity expert, active IETF contributor), > > Eric Rescorla (co-author of TLS 1.3, Security AD). > > Given the protocol's cross-cutting nature (application layer logic, TLS > interaction, telemetry semantics), I believe the DISPATCH group is an > ideal starting point to identify the appropriate venue for this work. > > Please let me know if additional information, a call, or a virtual > presentation would help clarify the scope and goals of the proposal. > > Thank you very much for your time and guidance. > > Warm regards, > Rachid Bouziane > Founder — SecRoot.io > 📧 contact@secroot.io > 🔗 https://secroot.io/ooda-http.html > > _______________________________________________ > dispatch mailing list -- dispatch@ietf.org > To unsubscribe send an email to dispatch-leave@ietf.org >
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… worley
- [dispatch] Proposal for New Work: OODA-HTTP — Ada… Rachid Bouziane
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Lucas Pardue
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Rachid Bouziane
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Ted Hardie
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Mark Nottingham
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… John C Klensin