[Sandbox-mailoutput] [Django development] Internal WG Review: Oblivious HTTP (ohttp)
IETF Secretariat <ietf-secretariat-reply@ietf.org> Wed, 18 August 2021 21:00 UTC
Return-Path: <ietf-secretariat-reply@ietf.org>
X-Original-To: sandbox-mailoutput@ietfa.amsl.com
Delivered-To: sandbox-mailoutput@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92EF03A1D8F for <sandbox-mailoutput@ietfa.amsl.com>; Wed, 18 Aug 2021 14:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mNwYgVno0vw for <sandbox-mailoutput@ietfa.amsl.com>; Wed, 18 Aug 2021 14:00:34 -0700 (PDT)
Received: from sandbox.amsl.com (sandbox.amsl.com [4.31.198.43]) by ietfa.amsl.com (Postfix) with ESMTP id 9E9733A1D8D for <sandbox-mailoutput@ietf.org>; Wed, 18 Aug 2021 14:00:34 -0700 (PDT)
Received: from sandbox.amsl.com (localhost [IPv6:::1]) by sandbox.amsl.com (Postfix) with ESMTP id B75DC10070649 for <sandbox-mailoutput@ietf.org>; Wed, 18 Aug 2021 14:00:33 -0700 (PDT)
Content-Type: multipart/mixed; boundary="===============6720227019044440438=="
MIME-Version: 1.0
From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
To: sandbox-mailoutput@ietf.org
Message-ID: <162932043374.23607.1947785749249960640@sandbox.amsl.com>
Date: Wed, 18 Aug 2021 14:00:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sandbox-mailoutput/K4V0WYHZhiqz76UenFVeUPrwCgY>
Subject: [Sandbox-mailoutput] [Django development] Internal WG Review: Oblivious HTTP (ohttp)
X-BeenThere: sandbox-mailoutput@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sandbox-mailoutput.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sandbox-mailoutput>, <mailto:sandbox-mailoutput-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sandbox-mailoutput/>
List-Post: <mailto:sandbox-mailoutput@ietf.org>
List-Help: <mailto:sandbox-mailoutput-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sandbox-mailoutput>, <mailto:sandbox-mailoutput-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 21:00:41 -0000
The attached message would have been sent, but the tracker is in development mode. It was not sent to anybody.
--- Begin Message ---A new charter for the Oblivious HTTP (ohttp) WG in the Security Area of the IETF is being considered. The draft charter for this WG is provided below for your review and comment. Review time is one week. The IETF Secretariat Oblivious HTTP (ohttp) ----------------------------------------------------------------------- Current status: BOF WG Chairs: Alexey Melnikov <alexey.melnikov@isode.com> Richard Barnes <rlb@ipv.sx> Assigned Area Director: Francesca Palombini <francesca.palombini@ericsson.com> Security Area Directors: Benjamin Kaduk <kaduk@mit.edu> Roman Danyliw <rdd@cert.org> Mailing list: Address: ohttp@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/ohttp Archive: https://mailarchive.ietf.org/arch/browse/ohttp/ Charter: https://datatracker.ietf.org/doc/charter-ietf-ohttp/ In a number of different settings, interactions between clients and servers involve information that could be sensitive when associated with client identity. Client-server protocols like HTTP reveal aspects of client identity to servers through these interactions, especially source addresses. Even without client identity, a server might be able to build a profile of client activity by correlating requests from the same client over time. In a setting where the information included in requests does not need to be correlated, the Oblivious HTTP protocol allows a server to accept requests via a proxy. The proxy ensures that the server cannot see source addressing information for clients, which prevents servers linking requests to the same client. Encryption ensures that the proxy is unable to read requests or responses. The OHTTP working group will define the Oblivious HTTP protocol, a method of encapsulating HTTP requests and responses that provides protected, low-latency exchanges. The working group will define any encryption scheme necessary and supporting data formats for carrying encapsulated requests and responses, plus any key configuration that might be needed to use the protocol. The OHTTP working group will include an applicability statement that documents the limitations of this design and any usage constraints that are necessary to ensure that the protocol is secure. The working group will consider the operational impact as part of the protocol design and document operational considerations. The working group will prioritize work on the core protocol elements as identified. In addition, the working group may work on other use cases and deployment models, including those that involve discovery of OHTTP proxies or servers. The OHTTP working group will work closely with other groups that develop the tools that Oblivious HTTP depends on (HTTPbis for HTTP, CFRG for HPKE) or that might use Oblivious HTTP (DPRIVE for DNS over HTTPS). The working group will use draft-thomson-http-oblivious as input. Milestones: Jul 2022 - Submit the Oblivious HTTP Protocol draft to the IESG for publication--- End Message ---
- [Sandbox-mailoutput] [Django development] Interna… IETF Secretariat