[dispatch] Proposal for New Work: OODA-HTTP — Adaptive Security Framework for HTTP/HTTPS
Rachid Bouziane <contact@secroot.io> Wed, 02 July 2025 20:14 UTC
Return-Path: <contact@secroot.io>
X-Original-To: dispatch@mail2.ietf.org
Delivered-To: dispatch@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 488373D15C1D; Wed, 2 Jul 2025 13:14:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.868
X-Spam-Level:
X-Spam-Status: No, score=-1.868 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.232, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=secroot.io
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NgTkU4PNNoS6; Wed, 2 Jul 2025 13:14:37 -0700 (PDT)
Received: from out-02.shared.jellyfish.systems (out-02.shared.jellyfish.systems [63.250.43.109]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A25EC3D15C0F; Wed, 2 Jul 2025 13:14:37 -0700 (PDT)
Received: from prod-lbout-phx.jellyfish.systems (unknown [198.54.114.69]) by shared.jellyfish.systems (Postfix) with ESMTPA id 4bXWMc4vNRz7044; Wed, 02 Jul 2025 20:14:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=secroot.io; s=default; h=Content-Transfer-Encoding:Content-Type:Message-ID:Subject:To: From:Date:MIME-Version:Sender:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=06G2z7vCiJk2GTxtbOp3Obpvl2Iv2V0C+wZOLJZ6Ht4=; b=qnmV/0Or/N8l336g9R/3vrf2XT 883WIn3EfE+l30PdpNIL4c5kuNV4nYrsNC6/z7TESJOkLwT3s1DrjBLxDu0NNg4t6FkG4gRqn7XK1 iEXeuZFqbFwWRniw1RyylmbQl3WoCq64m3h/F3EzzE5aztvo1FuYe8sb/CX0RmmpQO1WkyF4rCNPn FIX/LljvtE4XnZQ5wfCUs0YCAuN+zrnD53VsI3hkCY1enws5pUOSMJ+eRC9pS/9p86u6Su1Othdkc sD0E5lIYwSORBp9H5VUJpjIqXwoZQ/3HFoYe3cs8h/FZQzfka4mb1YB6FE2wjIiuhLOqZWz+9WQdi dP7U1Q2g==;
Received: from [::1] (port=44844 helo=server190.web-hosting.com) by server190.web-hosting.com with esmtpa (Exim 4.98.2) (envelope-from <contact@secroot.io>) id 1uX3qm-0000000G0zU-1qNL; Wed, 02 Jul 2025 16:14:36 -0400
MIME-Version: 1.0
Date: Wed, 02 Jul 2025 16:14:36 -0400
From: Rachid Bouziane <contact@secroot.io>
To: dispatch-chairs@ietf.org, dispatch@ietf.org
User-Agent: Roundcube Webmail/1.6.11
Message-ID: <ba54fc370846e7aa024bb9990190ea56@secroot.io>
X-Sender: contact@secroot.io
Organization: SecRoot
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: CAEG572T3ESEGZROAPKSYT2DUDKGPHEG
X-Message-ID-Hash: CAEG572T3ESEGZROAPKSYT2DUDKGPHEG
X-MailFrom: contact@secroot.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dispatch.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dispatch] Proposal for New Work: OODA-HTTP — Adaptive Security Framework for HTTP/HTTPS
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/grQ9o1YHQUhZpR-aTTUXFYXK-8M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Owner: <mailto:dispatch-owner@ietf.org>
List-Post: <mailto:dispatch@ietf.org>
List-Subscribe: <mailto:dispatch-join@ietf.org>
List-Unsubscribe: <mailto:dispatch-leave@ietf.org>
Dear DISPATCH Chairs, I hope this message finds you well. Following a helpful recommendation from the IETF Secretariat, I would like to submit a new work proposal for your consideration: OODA-HTTP, an adaptive security framework that extends HTTP/HTTPS with behavioral analysis, runtime telemetry, and contextual response logic. The draft defines an experimental extension to HTTP that introduces: A new header (X-OODA-Action) for carrying threat scores and recommended actions. A semantic telemetry layer designed for dynamic mitigation (e.g., block, challenge, rotate keys). Compatibility with TLS coordination and QUIC environments. Post-quantum resilience and support for behavioral threat models. The most recent version of the draft is available here: 📄 https://datatracker.ietf.org/doc/draft-secroot-ooda-http/ It has already received constructive feedback from recognized experts including: Rich Salz (TLS/cybersecurity expert, active IETF contributor), Eric Rescorla (co-author of TLS 1.3, Security AD). Given the protocol's cross-cutting nature (application layer logic, TLS interaction, telemetry semantics), I believe the DISPATCH group is an ideal starting point to identify the appropriate venue for this work. Please let me know if additional information, a call, or a virtual presentation would help clarify the scope and goals of the proposal. Thank you very much for your time and guidance. Warm regards, Rachid Bouziane Founder — SecRoot.io 📧 contact@secroot.io 🔗 https://secroot.io/ooda-http.html
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… worley
- [dispatch] Proposal for New Work: OODA-HTTP — Ada… Rachid Bouziane
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Lucas Pardue
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Rachid Bouziane
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Ted Hardie
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… Mark Nottingham
- [dispatch] Re: Proposal for New Work: OODA-HTTP —… John C Klensin