[Ohttp] Scenario/use-case description ?

Toerless Eckert <tte@cs.fau.de> Mon, 02 August 2021 14:31 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ohttp@ietfa.amsl.com
Delivered-To: ohttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62C673A20F5 for <ohttp@ietfa.amsl.com>; Mon, 2 Aug 2021 07:31:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W9iL96tta5au for <ohttp@ietfa.amsl.com>; Mon, 2 Aug 2021 07:31:28 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AFED3A20F4 for <ohttp@ietf.org>; Mon, 2 Aug 2021 07:31:28 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id B8296548049 for <ohttp@ietf.org>; Mon, 2 Aug 2021 16:31:23 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id B18634E7C03; Mon, 2 Aug 2021 16:31:23 +0200 (CEST)
Date: Mon, 02 Aug 2021 16:31:23 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: ohttp@ietf.org
Message-ID: <20210802143123.GA19609@faui48e.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ohttp/-2nGaY7zLcVcw9VSHPw9WLg3jVg>
Subject: [Ohttp] Scenario/use-case description ?
X-BeenThere: ohttp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Oblivious HTTP <ohttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ohttp>, <mailto:ohttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ohttp/>
List-Post: <mailto:ohttp@ietf.org>
List-Help: <mailto:ohttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ohttp>, <mailto:ohttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 14:31:31 -0000

Will the authors of the proposed ohttp documents and/or the proposed WG
produce some comprehensive example scenario description in which ohttp
is embedded ?

In the absence of such scenario description, i have a hard time vetting
if or how well the proposed solutions will work to achieve anything.

E.g.: Starting with some user writing herself a browser and ultimately
wanting to use ohttp for privacy to access random (or selected) resources
across the Internet. What type of discovery/lookup would the browser need to
incooperate to learn all the required parameters to use ohttp and no
divulge the target resource information in the process already.

The BoF sounded to me as if the knowledge of how this was supposed to work
was in many participants heads, yet it is uclear from the discussion if they
all thought about the same scenario and if they all assumed he same
functionality. Without any written down agreement against such a comprehensive
reference scenario, i can not see how we could honestly vet the proposed
technology against the overall goals. Whether those goals are just
privacy and/or maybe more (user-choice, non-collusion, etc. pp) is
a secondary step. Aka: not much use discussing them without scenarios
being documented.

Cheers
    Toerless