[Ohai] AD Review of draft-ietf-ohai-ohttp-05

Francesca Palombini <francesca.palombini@ericsson.com> Thu, 24 November 2022 16:59 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: ohai@ietfa.amsl.com
Delivered-To: ohai@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B025FC14F728; Thu, 24 Nov 2022 08:59:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwul7kFTDOtW; Thu, 24 Nov 2022 08:59:38 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20611.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::611]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6C44C14F748; Thu, 24 Nov 2022 08:59:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bKcPXmTIVVbZIUduitR+PA0KirvfSQTgtN8Jhmt1l9slk3nyA/hLlzlJNXTN9ZJRR97dJ8RXoOtjFXoQumyWHFzyH+vqE/c70gKhZaJQuM7dh4b3Gt7bXb4dKM6ETY83t5P98bZVkabysaWlIFVAW/KNXhn2qLXO/BTgL9Isl3TfCqFSxMOwC9uaGe2UmK+SQ62TVTojPf+0dRoHOZCzJpzucXAIrCNYT8N7gYjjGcHXItceUhGExy+rcnCIEBYw5ayj6RZVdgjKWkEN42ID5DEgOSsUXxdtm4VR/zgjH/vk4swVHmmV7jmNDuv3rr6OCRrfYA6X9dlUDCxOmVh9EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gyvVNYhz60FdNLcz2z3lmJZlfhEFkZ3L49fstXVEuro=; b=J1YMO0Qgkmdp8nHMNr1ux3wDbCvCsQT4YaJQ7UWkvvaf8mslVYaL5Rn0ZykQA39byzd4+5uu7Iy7TTOqIye6Vv2oWN4A7GxyuAOXq/Pqzhei6qqS4ajIYRKYzX9RnN85Vw9ZJ1JJOHJoDeykFTnvERSJx8ClD1zL9LWXvOzoS8bZ1M69B6O/rgIRp8q8Ys1YEIas+rCeOiJ9YOZSWlsJLtyoTkorm+1MNM2c0R3N9RiTYyW6vWiATvMtUg9j4CmzPycBPBggR72VRNf+Ipp5lx2oR7D+VRRQ190+gHri3uWJdTnHDEJr2gUDI0U8qHM+y8PLYjUQOjE7oTIlQyJ1RQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gyvVNYhz60FdNLcz2z3lmJZlfhEFkZ3L49fstXVEuro=; b=k/cvTVc7bLHQ+OT2sPO/uytVU8Z0srRSryp6c4D09dup6SQvMxkz9O8VC0uY3mvwC3vqXG+NfGpr22xXBSR8YYWrhgKTooRLMCIp3Zg4SBx7OHfyWEHr5x84SRTkdh94N5fE+O6UhCCoZaODBWnvh4ZIM8NxBRBhiaJLuWMX1t4=
Received: from AS1PR07MB8616.eurprd07.prod.outlook.com (2603:10a6:20b:474::16) by AS8PR07MB8119.eurprd07.prod.outlook.com (2603:10a6:20b:372::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.9; Thu, 24 Nov 2022 16:59:31 +0000
Received: from AS1PR07MB8616.eurprd07.prod.outlook.com ([fe80::9d4b:5e21:617c:e7ec]) by AS1PR07MB8616.eurprd07.prod.outlook.com ([fe80::9d4b:5e21:617c:e7ec%8]) with mapi id 15.20.5857.017; Thu, 24 Nov 2022 16:59:31 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: "draft-ietf-ohai-ohttp@ietf.org" <draft-ietf-ohai-ohttp@ietf.org>
CC: "ohai@ietf.org" <ohai@ietf.org>, "ohai-chairs@ietf.org" <ohai-chairs@ietf.org>
Thread-Topic: AD Review of draft-ietf-ohai-ohttp-05
Thread-Index: AQHZACWvRQ5duk0oIE6wLZqLhBWUKQ==
Date: Thu, 24 Nov 2022 16:58:49 +0000
Message-ID: <AS1PR07MB8616F964E8B5790FF8BB6E18980F9@AS1PR07MB8616.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8616:EE_|AS8PR07MB8119:EE_
x-ms-office365-filtering-correlation-id: 2fdab718-8bec-4e70-b3f1-08dace3d4171
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CE6TOPa4IMKYD6h4t63lO7I0gQP5DtcCRzwkrGcpuT7anLpR3eZ0F0HaGLwMRDz8omu0kfML7PLOKSI5yopeqBoDVhbk1bijzxw+ULYqGzoLf5W2OYwj6PDmto+6Jxcr+XCCtkio3GzBZD8/CZACFojjVycIWD81XXiMwNjR+SChv5J7kHNbZjnhGNyBI8WfZ9YpOmfWi7LmDZAIeAHFvZDG+Gpua7/pK+9SCYxAqprsyLEq/+1O1A3DUIdv2/WcVLsVKyT30JR82XjtwN8I0Pgsee9Zzb36Jq9e2IBLAeW+/EIN+jVLp1jf2Ciumj7D2RFvSbBMCn8Lj4acuJ1yLEdyxhuxgHx3xn6leDVPYZBn0DMEsZc5sIrERhXJQxx45EceM9sLxVqNP5QUkBcR4Gub4Dgml4Yp4aACJRswT6Yo4Pb0oa41h9gK1AMRdumf+9yRjw615xTqZxGfNnp8OCOgpxH9+24sefFUcvz3PZqnZIJgNyZ9OGKOq6wDM2w5P7oNspjXgeCMkkOnmHAJ5Gi98aqCHZkIenRT110xdM1MrvOfp0JUTk8ZZGP+sFmpRkmIFY2obqdUsUsT+bwP57tsVan2eNATd51tujFPBLgARJrp1/x7iJQ9mmBkmSKH90S9IbTFAeALdWBTRorCwrPxj4TOcsbhgjh1abgf8vI2s/pWo8U4rO5AvnnadgC5o8UQIj+dBvsUGNMQB7bnCUc2poiRu3VQZPartKHPFlYuud00fGGUgjTJqHWIeyvb5BXSWhRdfwBts2ntGmUaTA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS1PR07MB8616.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(376002)(396003)(346002)(366004)(136003)(451199015)(6666004)(71200400001)(66946007)(478600001)(6506007)(9686003)(7696005)(91956017)(316002)(450100002)(33656002)(6916009)(966005)(54906003)(76116006)(44832011)(166002)(64756008)(41300700001)(66476007)(5660300002)(186003)(8936002)(8676002)(4326008)(66556008)(83380400001)(55016003)(86362001)(52536014)(122000001)(38070700005)(66446008)(2906002)(38100700002)(82960400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: v9YI1/+W9e0WLRPGREIhNf/Ze83uJX6nCoAByrMc/6ZN3AWlvzTL+VjrhkDpUITcItNpRVke/vCvIL6WR4IxN8lVdux/UEpV0TQeS8Joyoio11mSIfIYK1nuA1Qb5/uR2RvmIBOBoQ94kZgp+F8s8ZftiBcCEOpJ9SlE9wY0fQVApAUd1p/tSzdEg6iIGtstAXkgOQw1zuY3Wh1O1vBkOasWC7zm8K16284+pr3R+f6Lkj+/lu+vDUXJ2li3ibBIO9CzQt0wbtcgDfBHpQtJksWF0S6oqT42FdzGCmmh6pDaIJ8lh6k3cr74JiAVAGuiWHgBi+PvOG+OyMQ3UJZxsgSXuaKOSNnmocS2x3wiaN4BhE/iR+T8hSikYevEi7ZBnmTkYW6be7bSg2JTJ6LOODiN7FoAzcmZB2tbZrLKi2WycfXv1ZNiTNkPQcrM1BxIFgWSPeKMt70/vha6Cwt7aoHJUi1knCsy6lIi75BaDs1cPQ/BCHyQHi3beti9SU+dMPZDsJVVC7b/aZGGKkBLd9tzg7vBPr1j39Vmib7Op1ryBmrp3Bs3p7deqSy0NArdSIYWS5emEGuJ9gstZSbAQ8YttvVFhhP8Xav9pIcNt6CoGsTydBhDeQeMMTt9mxpe6w7AzPYAlcc/QdkUt3n4z/oVtRXlTZGgNz1mYPviZuR1Cj37uMyocdwDDHHz6yEOHCrCbT2zpSUqFI2uRipMQnaL0WFFulY0YPliHWBBUza0pq8xHYu8/xg0N+pTbqJsaJGF4322Km6SX8Vw+wrczbe0byujRhS5kcHJ7e0te9T4eV4c62JIkU1pWFJb4SjGsyTDcfQGX9npE1/ChJo0yxqyhWzHD4OJd20GFUgs1Yo0IfFWToKp9pN2lMvdHX7HgG2upx/OybARzM0zOOYw5GUhsZGDLUQTgk1g7msy5rZ8CgZFmPl56CDSEsLfLmwDTY4jHN/wPSx0mJFDcDcd3CRhRsRhFU+ug0o7IX50FhkpacFZVxQBuWtJwMSwzjxcYWxyaQepnac4r8RxQDc6FmGQElzOGWLe9TrGqbS/jxzgKkuVeh6v/ing7OWRpSahkkT2SQFb+KvsLs4rQnTR2sFyYIHJnzVc5FOzmQGV8UqzEQNSXnlF9sPYbpMjtD+IT1+RBKjHVGppC5RyFM3jYjBFK97zpfToICKQAyH0llbYjVFOvwbqhb6xuQE4YWDM0lapu3NsxuMmsr8bXs00TLrPfZ6oVvof2N6h+kbVCI/V8fyC1rjP2EpuhCr8zDjPJMeFumKoldhrkr5/aE99jaZQxatT+cFUkyDGgyWgZjabHDRIlininl2QFLbkq3PKHr/HIvjMSW1B33+t7CvDwk9Z3XPCqAdLcH2AerlfkgWWV4HgTcIy47XLIYMSProz9zchQ0Z9t5PbIv6/ZYicbYxWdPw3P7hlZg5HpRRCvf1ERegI4dMZ0YABmJEaXCXD4/FpuCbIkTvdCF2/PrUidxleOSmyZF+cBRg4CPSpzW69J8Tn8t2XlZs31RqC+VFWKPkr+I35GtIXfIhZYL2eni37grah2WsbL+82EE/JNgpW5lLilVQUcvooY827EVd1rXb0aBDCprGErriaf+27LVb96iMFCM+N7vK7sF8+tyUz/NJj/yxP1D17sOO8QWSCEdD5FJzJirdklU8uwrefQeiYjvBxLVD7Wx3Svd6xJUU=
Content-Type: multipart/alternative; boundary="_000_AS1PR07MB8616F964E8B5790FF8BB6E18980F9AS1PR07MB8616eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8616.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2fdab718-8bec-4e70-b3f1-08dace3d4171
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2022 16:59:31.2175 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rXHnIqwKKybwzJT5k9zzrl27/vWThiyrcDpJO8zwui5eRjVOokXkSgxajQ1DMdXU1DbMyJB89k56Dyk5Mj7Y+Sc4oAS15Dc35pCbiLl4WN+PO0as9zZPAHTD99WlaLqf
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB8119
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohai/cOGHWNUqAVLyeATJly7bdiEyIWU>
Subject: [Ohai] AD Review of draft-ietf-ohai-ohttp-05
X-BeenThere: ohai@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Oblivious HTTP Application Intermediation <ohai.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohai>, <mailto:ohai-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohai/>
List-Post: <mailto:ohai@ietf.org>
List-Help: <mailto:ohai-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohai>, <mailto:ohai-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 16:59:42 -0000

# AD Review of draft-ietf-ohai-ohttp-05

cc @fpalombini

Thank you for this well written document, and apologies for the delay with this review.

I only have a couple of questions, requests for minor clarifications and some nits, which you can address together with any other IETF Last Call comments (which I will initiate soon). Feel free to take or leave, however answers are appreciated.

I also have one question (that doesn't need to become a github issue) I'll report here:

Section 3.2:
>   Evolution of the key configuration format is supported through the
>   definition of new formats that are identified by new media types.

Do you expect more formats to be needed?

## Comments

### Reference to HPKE

>   The Nenc parameter corresponding to the KEM used in HPKE can be found
>   in Section 7.1 of [HPKE].  Nenc refers to the size of the

Can we (additionally or in replacement) point to the "HPKE KEM Identifiers" IANA registry created from this table instead?

>   The Nn and Nk values correspond to parameters of the AEAD used in
>   HPKE, which is defined in Section 7.3 of [HPKE].  Nn and Nk refer to

Same for this and "HPKE AEAD Identifiers" registry.

### the server returns an error

Section 5.3:
>   Errors in the encapsulation of requests mean that responses cannot be
>   encapsulated.  This includes cases where the key configuration is
>   incorrect or outdated.  The Oblivious Gateway Resource can generate
>   and send a response with an error status to the Oblivious Relay
>   Resource.

Should there be any indication that such errors in processing should be considered as bad requests (and hence return an appropriate error status code) or is this obvious?

### Export a secret from context

>   1.  Export a secret secret from context, using the string "message/
>       bhttp response" as context.  The length of this secret is max(Nn,

Please add a reference to section 5.3 of \[HPKE\]; it could be confusing at a first glance to have both the context from the exporter function in 5.3 of \[HPKE\] and the HPKE context here named "context".

### OHTTP

>   The encrypted payload of an OHTTP request and response is a binary

Interesting that this is the first time OHTTP appear in the text, excluding pseudocode and mediatype - please expand (or define somewhere else, for example in terminology).

### MUST or MAY?

>   the content of a POST request to the Oblivious Relay Resource.  This
>   request MUST only contain those fields necessary to carry the
>   Encapsulated Request: a method of POST, a target URI of the Oblivious
>   Relay Resource, a header field containing the content type (see
>   (Section 9.2), and the Encapsulated Request as the request content.
>   In the request to the Oblivious Relay Resource, Clients MAY include
>   additional fields.  However, those fields MUST be independent of the

It seems to me these two sentences contraddict each other: MUST only contain these fields, and MAY include additional fields. Do I read this wrong? (and same for the response later in the section)

### SHOULD

   Oblivious Gateway Resources SHOULD allow for the time it takes
   requests to arrive from the Client, with a time window that is large
   enough to allow for differences in clocks.

I understand the goal of the sentence above, but I am not sure the SHOULD is appropriate here - in particular if I think about the above as an interoperability requirement, I don't think it gives enough information to the implementer of what is recommended here. If this was to give for example a default time window, it would be a different story. Can we rephrase? (You can also leave as is, but I think it will come up again in IESG review with no change)

## Nits

### KeyConfig

>   Oblivious Gateway key configuration (KeyConfig), and Oblivious

First and only time KeyConfig appear in the text.

### Editorial nits

Section 6.7:
>   A Client only needs to retain keying material that might be used
>   compromise the confidentiality and integrity of a response until that

Missing "to" after "used"

Section 6.7:
>   The total number of affected messages affected by server key
>   compromise can be limited by regular rotation of server keys.

Remove the first "affected"

Section 7:
>   other Clients.  It is critical prevent the use of unique Client
>   configurations, which might be used to track of individual Clients,

Missing "to" before prevent, remove "of"

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues.

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments