Re: [Ohai] The OHAI WG has placed draft-ohai-chunked-ohttp in state "Call For Adoption By WG Issued"

David Schinazi <dschinazi.ietf@gmail.com> Thu, 25 January 2024 02:00 UTC

Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: ohai@ietfa.amsl.com
Delivered-To: ohai@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9AEDC151075 for <ohai@ietfa.amsl.com>; Wed, 24 Jan 2024 18:00:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FozRC89MLjGD for <ohai@ietfa.amsl.com>; Wed, 24 Jan 2024 18:00:40 -0800 (PST)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4134BC14CEF9 for <ohai@ietf.org>; Wed, 24 Jan 2024 18:00:40 -0800 (PST)
Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-a30b3a9e9c6so315553366b.2 for <ohai@ietf.org>; Wed, 24 Jan 2024 18:00:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706148038; x=1706752838; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=cgGPO3uirwV7K5ZMIUWrMjoRICn5shT/9rYv7X3rKPU=; b=CxWXEmn4/tsjyqt30QFVU1znf9S8JL/AmODP2G6Z+dAjab6cIe0hSevtAc98hygZEe j4Nor/5LCkcGyx3m/LpN8lJ0tN96zP6MUUnly0qXhHcLD4qUMV67iMGXtXjbju8t1Q2L MruPXuKEbTx4HzKYPCBNDj/sovnXlvwQl0SWkbX5il4YXfhmBiwwnGljZrZpouy163Ng PQasM25CCGyB28cXSpipiycPKcruwH7zHH4xONwL+d907/AxPbpRFRzqcZ/rjFs9fFwC 9WczNwHDKYs3NOdpjWA17xJgfvCX1MEchdehKM1FmQgx9//Vj1ExeHqmw21SAcT1APwf NlOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706148038; x=1706752838; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cgGPO3uirwV7K5ZMIUWrMjoRICn5shT/9rYv7X3rKPU=; b=pQiZgSecfKJ8dR65thP6N55fhUmGkswA/5sl5lxc6zTXrrVbKbtDyPQ+ExGrPlCfIX 46TW3Cb/XJCeI+Yf108jyw4TGnWRaFdB3TEFhejCnlPBmaOaN/gvgwqQ9xp3eGg2xphF if4TeBZGRefrYcJkdkl5ACTM4SFKvOGOr/S3JCf2qcXPmwIh8uDyueuTSZ7+5S81612J 2/uH40YnEvR+HgRbmPQfQJVmC7p+ccBuQSxmKkd1YfLOrCy04CfrLntwJCxwVfZ1S7r/ eFUE64bOOAIuES2e5gEz6sh+og7PVo9iKZo5vadt+hdWfcdGK7jp/Wnu2wKK6/8lGEEE JmAQ==
X-Gm-Message-State: AOJu0YyYXUP/lu7qaP/pNmyccmu967bZItMO+v6m/K4Cms3cBVIvCn67 hBT7B0/ss5TSxPtxp2csZjeOsz/4MZwIdcAHozVaVBq7w8Zt20GHZOFHcQmqGjXJYnquUJQqcsS D9/Lntj1jZsDQUUXaIZDiVa1cjjAQ/dvYpHY=
X-Google-Smtp-Source: AGHT+IHgewnUjfuERgisDcvqULGiiK2+nClQMEOGlNg7/FmYYmy1VJoSHge4XopchsvVBCuYSfBzpRbRhAxwAW3S5xc=
X-Received: by 2002:a17:906:c9d7:b0:a2f:1546:aab9 with SMTP id hk23-20020a170906c9d700b00a2f1546aab9mr73952ejb.43.1706148037587; Wed, 24 Jan 2024 18:00:37 -0800 (PST)
MIME-Version: 1.0
References: <170605229077.32114.14133160573475368161@ietfa.amsl.com> <CAG3f7MgroSwXa=QpTU-vxx4fXRs3+-PyUxMtEsJXwncoD3v7pQ@mail.gmail.com> <2534E21A-7B9A-46E0-AE88-D1F6BD70F2C2@mnot.net>
In-Reply-To: <2534E21A-7B9A-46E0-AE88-D1F6BD70F2C2@mnot.net>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 24 Jan 2024 18:00:25 -0800
Message-ID: <CAPDSy+5T6shZm9B0BC6gEB6uAckJHEGD8veeOyrFka3O3f366Q@mail.gmail.com>
To: ohai@ietf.org, Shivan Kaul Sahib <shivankaulsahib@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000b6f6a7060fbb8bfe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohai/C5AFOkHWBj9nDkELlFZaFez3Q_4>
Subject: Re: [Ohai] The OHAI WG has placed draft-ohai-chunked-ohttp in state "Call For Adoption By WG Issued"
X-BeenThere: ohai@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Oblivious HTTP Application Intermediation <ohai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohai>, <mailto:ohai-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohai/>
List-Post: <mailto:ohai@ietf.org>
List-Help: <mailto:ohai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohai>, <mailto:ohai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2024 02:00:44 -0000

I'm opposed to adoption.

This mechanism appears to be geared at use cases that would be better
served by single-HTTP-request-over-TLS-over-CONNECT (which I'll
conveniently abbreviate to SHROTOC for the rest of this email). The reason
that OHTTP itself exists is that it provides better performance than
SHROTOC for small requests and responses, because the TLS handshake
overhead is quite noticeable when the application data is small. This
performance win justified the weaker security that OHTTP provides compared
to SHROTOC. In particular, OHTTP lacks perfect forward secrecy and is
vulnerable to replay attacks. Extending OHTTP to large messages creates
something that has performance similar to SHROTOC but with much weaker
security. If early data is considered useful, SHROTOC can leverage TLS
0-RTT with much better security properties: only the early data lacks PFS
and replay-protection, any data exchanged after the client first's flights
gets those protections. I'm opposed to creating a new mechanism when there
is already an available solution with better security.

Apologies if this was covered in yesterday's meeting, I was unable to
attend and did not find minutes or recordings for it.

Thanks,
David

On Wed, Jan 24, 2024 at 2:10 PM Mark Nottingham <mnot=
40mnot.net@dmarc.ietf.org> wrote:

> I support adoption.
>
> > On 24 Jan 2024, at 10:27 am, Shivan Kaul Sahib <
> shivankaulsahib@gmail.com> wrote:
> >
> > ohai all,
> >
> > Thanks to folks who attended the interim today to discuss
> https://www.ietf.org/archive/id/draft-ohai-chunked-ohttp-01.html.
> Overall, there was interest in adopting and working on the document.
> >
> > This email starts a 2 week call for adoption for
> https://datatracker.ietf.org/doc/draft-ohai-chunked-ohttp/. Please let us
> know what you think about OHAI adopting this document by February 6.
> >
> > Thanks,
> > Shivan & Richard
> >
> > On Tue, 23 Jan 2024 at 15:24, IETF Secretariat <
> ietf-secretariat-reply@ietf.org> wrote:
> >
> > The OHAI WG has placed draft-ohai-chunked-ohttp in state
> > Call For Adoption By WG Issued (entered by Shivan Sahib)
> >
> > The document is available at
> > https://datatracker.ietf.org/doc/draft-ohai-chunked-ohttp/
> >
> >
> > --
> > Ohai mailing list
> > Ohai@ietf.org
> > https://www.ietf.org/mailman/listinfo/ohai
>
> --
> Mark Nottingham   https://www.mnot.net/
>
> --
> Ohai mailing list
> Ohai@ietf.org
> https://www.ietf.org/mailman/listinfo/ohai
>