Re: [Ohai] WG Action: Formed Oblivious HTTP Application Intermediation (ohai)
Francesca Palombini <francesca.palombini@ericsson.com> Thu, 07 October 2021 19:38 UTC
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ohai@ietfa.amsl.com
Delivered-To: ohai@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BB223A0DF7; Thu, 7 Oct 2021 12:38:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NonsRs4NYXPd; Thu, 7 Oct 2021 12:38:37 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0610.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::610]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A82533A0DD1; Thu, 7 Oct 2021 12:38:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mevmeuDzwkTCS8Thej5J5td+xf8sV+3v4CZ0cCBoB99ZicNCqpHzH70Qtv99n3xARMuIhYCyYcn1DgHtzCrFvYMmRF2ahJO1BWeHrOKWZfx0iob4FfPzwpHUVtL0DJod4P3E05DSNs3egX6gxnaDJOCiIeFg7DHgjRozPELKU4Uu1GOux1E6fJHHPXjk6Lbv4tfr8F9EswQcPiWswPWOhO8ZHANzPU6LiEOD8a3k9omVEdiaQRuxigr33VhVhth4naSOOniJVdDKRWCslBekpmbCFB5g95vgPnphsJnibpC5Dx1ClzjXc+6QETxt1Jiv/wtgH62q1D5/0zNFYyVLcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OTAm1l3U3vFQFxZD6jXdzuuCSWgsrU9uEyK8mMgVXHw=; b=mh9bD/jbBJWmu3INy6TI0QtAplqrPDpp9jHP8yhMct0McCTaWZi9reHHhgan84ql+zqMxYTlfJmQt4EgEcXKFeZnXGsKBEY7tEaXiqAW1OhLlvnGSC31U5mG/LR+5fCgFaMBuwws6XfftgqDySXUrQ2DT7mVVmlkGQdlTXXGHTpVFk+hvfrrgt7oRScaYp6ZNfSm9MEpcNfze8xubL3qzJfLzb0gUrS1Oyf5EepkC8Tli/cegpQCkOZ5ow7NFdr3LYAzK/IDljwEwqPvJTS/SJ/23sHocDw2FgENeKUdKihvlKZQG+Ja2v/O+zzrGZTRrMwIOTqOpkX3yGJVd16oZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OTAm1l3U3vFQFxZD6jXdzuuCSWgsrU9uEyK8mMgVXHw=; b=oNNXdf4xykUpU/EuH2t60l4k4OKuxUN6zHYc62YvV0ZYTQYdHwgy9M6htQ6/6FJdc/gjPrBguTD1xkcJepdb66qI9z/tLFEScEq7LkwdAhGAtOHHuxsNcDGUalxxFxv3VtBn9m+op0VJvzTu/AumNlqp3nAoFjWMTBfgphDSYfE=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR07MB3483.eurprd07.prod.outlook.com (2603:10a6:7:2b::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.11; Thu, 7 Oct 2021 19:38:29 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::94b7:db6b:3aa3:8875]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::94b7:db6b:3aa3:8875%5]) with mapi id 15.20.4587.016; Thu, 7 Oct 2021 19:38:29 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: "ohai@ietf.org" <ohai@ietf.org>
CC: "ohai-chairs@ietf.org" <ohai-chairs@ietf.org>, Alexey Melnikov <alexey.melnikov@isode.com>
Thread-Topic: WG Action: Formed Oblivious HTTP Application Intermediation (ohai)
Thread-Index: AQHXu6qLKJFbZ+8ymkSXANgP4bbUzqvH7cHU
Date: Thu, 07 Oct 2021 19:38:29 +0000
Message-ID: <HE1PR07MB4217480640C9074D2E9C704298B19@HE1PR07MB4217.eurprd07.prod.outlook.com>
References: <163363189853.29174.5171926856077333101@ietfa.amsl.com>
In-Reply-To: <163363189853.29174.5171926856077333101@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 535a8847-702c-4b40-8ba1-08d989ca0a4d
x-ms-traffictypediagnostic: HE1PR07MB3483:
x-microsoft-antispam-prvs: <HE1PR07MB3483640A3688078CC6355A8698B19@HE1PR07MB3483.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fnFqsouci71+9LVUsPv1DIBBdjlAGJdkVY4fIzzTV06n652+GAw1XZsrCvdHEsgKwrJ1vtS/WnT7yN1FyYvwa7Yvk/FLxyJZtJZAQoHJKuGFjg0TPsXl9GnyhdwmabV0IhErLN8v6xSoJVikBz4OptkQSUz0vea7pEO4Dpp1t/8KSfbrzz37QT7X+eoWTkk9uA8BB5e+GPB91v6sZkPOsOeuQystWRtqCcLGYSmEszU15LRHCGpeBWDjkFGtKcGfu9KQ9m80yPvdPWJDDAA2JN4bsjJVZOFbwf1FJ6HdjtZPWL1PIwEDJXCEXcSXIhitHvCO3vGeGnGcM/m6rGlC2EGvx0W5yGjnnaMRy2Wf9+kYgP/T0RE+dOsm+hz0H1Vww0UdCx/Av35PkBAMJDJ6zo9qaI1Ojku+0+JPtGfUteUddqhIK3rD8EfKo4g5a9wKRt8Cprh9qrX4B1EsAVEeNQOQFAIdNN3kiUmgVh3GNAIJ42X8L3OEw69FZFjoFzPFfjJSfQBN1X73RL0Mu8fcUCjXcrGygbJdLoqrDHUBX4RXmoRCG4JMaKy9+L55Si9GTvIqeMs+yodisltWsz08S9VdE5zTpjYNP3XIX8ovLUp7Yr19E6yrD8yItttw6pDWyBYf6uUbWGUMljDg8YMcvlbC3s6OpkHJ1b+P4mXQfXE10mmV5xzVJrlVlUIuqWLQuAyeFVISXZt5bPUKKbh1DwCMB5ra+6ryhUM3ndHEUYNnREIe772f/Mg1d3s1YA9CPK8GgogZkoodVwyVpcm28YyMC8j2iFptQpuu9NsRZdxNldlRn0/45sx+XS+OLZxRUEkuta4l3lAnPiGkKPf72Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(7696005)(166002)(8676002)(52536014)(86362001)(83380400001)(4326008)(55016002)(122000001)(38100700002)(966005)(508600001)(71200400001)(316002)(64756008)(8936002)(54906003)(76116006)(66556008)(38070700005)(6916009)(33656002)(2906002)(5660300002)(9686003)(66946007)(66446008)(186003)(53546011)(6506007)(44832011)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lhR8PxbTTCSYM1yAwnA2wi8SLBCeil9yxoJlVdRfOisTsAYvhnxArcCvXELSkZsgM2SUNH+0X8jEL09hl+wFtpptrQcb6L8tnEKRTWw2/2UuhBxyg98hkJEho2t1SVprRm99LH7AYAYfN3aLJXERI7yJxi0TzX+UfxsXYZMs8O/aL4QnLAbjylNizJY3kOcqCCKFMXqUFHPPJtrSxqO3YklPkhC7ya8M3Gpuc3oX0Bai2ID3plm9OSaYSh8TpuwmEGrdF7IByuCsXk4Q5UGinUbj2gwci2DRR9EQ6uOqMkMvf8jWCoLX5WyFvu9qWQoQG2eVjPCUwY9dbxXpP/I5/lLvUl6g02QrxtnKkps0CVQNK96ZCQ1BL6rjSqGWO2KdPlm0+Fg0TfOw8e6W5BWS47ESNBfvKPGkmS9oNhQ9Z0eomvHL8OAmkIyH1wkfXCvmSBl5WBWErRJisoUiG3/AlKdOuqmRIFqmQ0O2LIK7jPxGN6VADYHJkPOyXDsgRDXOzhNZZ7u9httvPGOPxK/CjSH//IfqVnI48hiI0FqDT+wkWSfJAHIGDIkvypsgxAWmbzPHKDdRDnXm/9hcavuMOQPpQIIUHP9eRbyYakQtMLIqCtwAJuHcmil5sUGlJRZlBG4N9Hfx5tinRi3VcQWemlcMnG7qmzKrnLMwrIS0EXNoBVSgsdR1S/bz77BORUz/lX2Vuw6oa4RZ6c3kT9weN71pRdv3XeIylmk6oRVuU1Q7wMxmR+AfmQCPo1IryuPsU0Xb0y64R+evuWJvIXAN37lwFVZKeOws/gaPqp3jKgEib0oUNuMq0pHoYW/9gx/L1u0CEJgY3E5wv3zqD62GyYnvoZUFpzn24aVahNzHOfHqB/nfsJxdaYPnl96kHAGciKRznOTPfx0/wp6cpK+G4m/Bq9NkY4lurqQg3R5Igj6VnRdsL/Xas/enu52Zkz0/v3eBq0KF+q4sWDK8No1mkQSZzLTMJX7qScMiKIsch0Bh0/kUNmxNHS93vpCBQI+H2m0meqDfMvv7gin+8b6uuT00tG46HbHY+WjfXkqmr3z3EFSgEpEypDZt4C17wYCy/llY8aBU3yR3J2xdRg7auP0O3xtKeujdm+dyGihlY9Ek1vZ4JQ8JU/IvY6viPW98oK36ek9BVwHkfPJr7FH5lZK71AIqGrR/UXlT7LhfVSySbJadu41+8dzeAA3twLJ4ByYaajc6LSTELmoBqN+N+WS+sKM3bisRcfZPUOrthFvJZasgp+Y8OEA9te/MEoxIKH4KfyZJxTC6Z5uo0YEKCOQXGwxlcsoANiZlpG5LUwvSn2JwDlD691NBG7exLnx5JJFqQg+rOGXOMNOzvuOpIVlcLgZ0j+FNVPH2j14aO/OWLhVlQICSI3sUiT/P9Whu/jq8ogRKXFiVKCiR8RwijQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB4217480640C9074D2E9C704298B19HE1PR07MB4217eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 535a8847-702c-4b40-8ba1-08d989ca0a4d
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2021 19:38:29.7989 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: P/QZwCDOGxz6ovoLO+V7mMnsMUegfvss1IqtA9oE3DdHQ1cBl9+SLv0Ds8TU44WY55Rbizvh82oJVxDZZ8fR7EwGBv4HBriaR4JNs5cjYjPeV5SMjDhfHjrAS5Jo394f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3483
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohai/NWpGNCYhLkt--jxfuzAu5iaWIvM>
Subject: Re: [Ohai] WG Action: Formed Oblivious HTTP Application Intermediation (ohai)
X-BeenThere: ohai@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP Application Intermediation <ohai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohai>, <mailto:ohai-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohai/>
List-Post: <mailto:ohai@ietf.org>
List-Help: <mailto:ohai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohai>, <mailto:ohai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2021 19:38:43 -0000
Hi all, The working group is now officially created. Many thanks to Alexey Melnikov and Richard Barnes for chairing the OHTTP BoF at IETF 111, having them at the lead allowed to have a very productive meeting and progressed the effort that lead to OHAI being formed. Thanks to Richard and Shivan Kaul Sahib for accepting to take on the chair role: the wg is in good hands, and I am looking forward to working with you. The OHAI wg will meet at IETF112, I hope to see you there. Francesca From: iesg <iesg-bounces@ietf.org> on behalf of The IESG <iesg-secretary@ietf.org> Date: Thursday, 7 October 2021 at 20:38 To: IETF-Announce <ietf-announce@ietf.org> Cc: ohai-chairs@ietf.org <ohai-chairs@ietf.org>, ohai@ietf.org <ohai@ietf.org>, The IESG <iesg@ietf.org> Subject: WG Action: Formed Oblivious HTTP Application Intermediation (ohai) A new IETF WG has been formed in the Security Area. The initial chartering process was started under the name OHTTP, and subsequently the OHTTP BOF was held at IETF 111. The external review was under the name OARH. For additional information, please contact the Area Directors or the WG Chairs. Oblivious HTTP Application Intermediation (ohai) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: Richard Barnes <rlb@ipv.sx> Shivan Sahib <shivankaulsahib@gmail.com> Assigned Area Director: Francesca Palombini <francesca.palombini@ericsson.com> Security Area Directors: Benjamin Kaduk <kaduk@mit.edu> Roman Danyliw <rdd@cert.org> Mailing list: Address: ohai@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/ohai Archive: https://mailarchive.ietf.org/arch/browse/ohai/ Group page: https://datatracker.ietf.org/group/ohai/ Charter: https://datatracker.ietf.org/doc/charter-ietf-ohai/ In a number of different settings, interactions between clients and servers involve information that could be sensitive when associated with client identity. Client-server applications built on HTTP reveal aspects of client identity to servers through these interactions, especially source addresses. Even without client identity, a server might be able to build a profile of client activity by correlating requests from the same client over time. In HTTP-based applications where the information included in requests does not need to be correlated, the protocol this working group defines will allow a supporting server to accept requests via a proxy. The proxy ensures that the server cannot see source addressing information for clients, which prevents servers linking multiple requests from the same client. Encryption ensures that the proxy is unable to read requests or responses. However, if the proxy and server collude, then neither of these privacy properties hold. Applications and use cases best suited for this protocol are those that have discrete, transactional queries that might reveal small amounts of information that accumulate over time. Examples include DNS queries, telemetry submission, and certificate revocation checking. In some of these application deployments, the relationship between client, server, and cooperating proxy might be configured out-of-band. General purpose HTTP applications such as web browsing are not in scope for the protocol that is to be defined. Broad applicability is limited by multiple factors, including the need for explicit server support of the protocol. In contrast, transport-level proxies such as HTTP CONNECT or MASQUE are a more appropriate mechanism for those use cases, as they allow connecting to unmodified servers. The OHAI working group will define a protocol for anonymization of HTTP requests using a partly-trusted intermediary, a method of encapsulating HTTP requests and responses that provides protected, low-latency exchanges. This protocol will use existing cryptographic primitives to meet these goals. The working group will define any data formats necessary to carry encapsulated requests and responses, plus formats for supplementary material, such as server keying material, that might be needed to use the protocol. The OHAI working group will include an applicability statement that documents the limitations of this design and any usage constraints that are necessary to ensure that the protocol is secure. The working group will consider the operational impact as part of the protocol design and document operational considerations. The working group will prioritize work on the core protocol elements as identified. In addition, the working group may work on other use cases and deployment models, including those that involve discovery of proxies or servers and their key configurations. The OHAI working group will work closely with other groups that develop the tools that the protocol depends on (HTTPbis for HTTP, CFRG for HPKE) or that might use the protocol (DPRIVE and ADD for DNS over HTTPS). The working group will use draft-thomson-http-oblivious as input. Milestones: Jul 2022 - Submit the protocol draft to the IESG for publication
- [Ohai] WG Action: Formed Oblivious HTTP Applicatiā¦ The IESG
- Re: [Ohai] WG Action: Formed Oblivious HTTP Appliā¦ Francesca Palombini