Re: [Secdispatch] Requesting dispatch of Oblivious HTTP

Martin Thomson <mt@lowentropy.net> Sun, 21 February 2021 23:40 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 031083A132A for <secdispatch@ietfa.amsl.com>; Sun, 21 Feb 2021 15:40:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=NRKbrdEQ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=P5E8ETUZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOaq_ZzoAoSZ for <secdispatch@ietfa.amsl.com>; Sun, 21 Feb 2021 15:40:39 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CAA3A1329 for <secdispatch@ietf.org>; Sun, 21 Feb 2021 15:40:39 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 038845C0079 for <secdispatch@ietf.org>; Sun, 21 Feb 2021 18:40:38 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Sun, 21 Feb 2021 18:40:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=ZEb5jUV9GSF+/mYSW7D5hqDFm1eNdsa ET4FJx9ejBNw=; b=NRKbrdEQLXR+gFhI61MqeSzQiw8moqyYS0Y3QMGFonxP5U8 LVUBK37UAg6cDeYNVMA53CjmiCQBq/jZb0Zma63laL29gXWRd1t5AMN+ktNL6Jjg 9oaxA0fcuKhgVaeDs/n+leRKChOLrO8Sq+u4+RDuR8iZ/pvXIAdMhUs8OB9Vav9F TIJmbkGUTnwGznDOnFROlv8LKYDUL3/qBcRmbEyN6ONOK2l9/3NMklf109/YCKNq cHx2qqOc3nYFlOFch6nNxGe6+mD5si6OLeJ+uIBiSR0nHJaFMGoaFdulU0K8/QWe iBI8BigqZC8Z/FzImyZ4Lkl3fHAHejEvF3HwAoQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ZEb5jU V9GSF+/mYSW7D5hqDFm1eNdsaET4FJx9ejBNw=; b=P5E8ETUZd2hI1EexRxLSvx mXHeWRuxtdwssmh0QnuyVI8U/8TKsFbkE9rkynKEWl19LJhVpN5CPfxPtg+xUk0z YzfqXEZkrOE4v8dz0YhL9KkoZUFdGETEXvFUjhteIKZ6L4Ezv0XKt7CsX8Bk/EmJ he6SPSt453Qie3DiLJwhZCo7haVQycP40vsaYoGkN7hzwQd3zY7pNVAnU788184A d7vdF4Q5Qw9LVPAJ+RxidvwbZBwew9TX5guxeYIierb4+tEjqElptl/EaOC/EJ1A ei716bM9eEDtgXtVMnq8H5RAFpBNMGaqqtmbI63cS5IXZJXLwnBK4BW8vUJV9HAQ ==
X-ME-Sender: <xms:de8yYJ_4ehqfeKILQPq5B6XCg07_XixvIIdnTGfZDOfGmucoHYpo8Q> <xme:de8yYNvRRB5UwAPBSU1bHnfD6QWnvDpo65RFvoX-J-OlSHcSbkLIP1u17a1G-JfLt r_iPN3vrsTbf60ZpPo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrkedvgddufecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnheptdejfefggeeiudfgiedtgf ffvdfgudefheelhfeftdffgefhvddtudeitdeigeefnecuffhomhgrihhnpehgihhthhhu sgdrtghomhdpihgvthhfrdhorhhgpdgrtghmrdhorhhgnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgv th
X-ME-Proxy: <xmx:de8yYHB0HA82khWp0BBnB1vXoiECvK3lvgreTwA8kZ8fOvPhNy01EQ> <xmx:de8yYNef3bteAKm7VlKvJSTcPHKWB2OGUi8lTB2jsjuMJA3nwQ95UA> <xmx:de8yYOP8byNS-ZvyJBt3zErZ-9S9Eyo2GSg_9W3MDCC-eXFDO6WaBg> <xmx:du8yYEY4kAbZY3sjAQeziSomzfN2eNtEe-WyU9l3OsvDRycXB7iosw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id B897F4E0081; Sun, 21 Feb 2021 18:40:37 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-141-gf094924a34-fm-20210210.001-gf094924a
Mime-Version: 1.0
Message-Id: <cf66a1d3-e5af-4c15-9b92-ffc6c55ab032@www.fastmail.com>
In-Reply-To: <ce415fb8-f0dc-4f25-80ef-8849aaf128c0@www.fastmail.com>
References: <ce415fb8-f0dc-4f25-80ef-8849aaf128c0@www.fastmail.com>
Date: Mon, 22 Feb 2021 10:40:18 +1100
From: Martin Thomson <mt@lowentropy.net>
To: secdispatch@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/4VEDMwhz5UVfSHGuh2UbyfXzw7s>
Subject: Re: [Secdispatch] Requesting dispatch of Oblivious HTTP
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2021 23:40:41 -0000

Hey everyone,

After a good amount of discussion (on other lists), Chris and I have updated the oblivious HTTP draft.

The revision includes more text on applicability, replay attack exposure, and privacy considerations.

I was foolish enough not to update the examples, so please forgive that.  A consequence of not building that into the CI setup.  The editors copy should be updated soon.  Incidentally, if you want to try this out, there is a client and server (no proxy, sorry) at <https://github.com/martinthomson/ohttp>.

Cheers,
Martin

On Thu, Jan 28, 2021, at 12:25, Martin Thomson wrote:
> Hi,
> 
> Those familiar with oblivious DNS in its various forms [1][2] probably 
> won't really need any introduction here.
> 
> This proposes a design that uses HPKE [3] and a proxy to provide a 
> general framework for privacy for sensitive HTTP requests.  DNS is one 
> fairly obvious application of this, but there are other applications 
> that might benefit from this.  A generic framework will enable those 
> applications.
> 
> The primary draft is:
> 
> https://www.ietf.org/archive/id/draft-thomson-http-oblivious-00.html
> 
> This draft describes the framework, plus how to encapsulate requests 
> and responses using HPKE and the format of the server key configuration 
> that clients need.
> 
> A supplementary draft describes a simple binary encoding for HTTP requests:
> 
> https://www.ietf.org/archive/id/draft-thomson-http-binary-message-00.html
> 
> The request here is to discuss what to do with this work.  Assuming 
> this isn't dispatched before the next meeting, that includes a request 
> for agenda time to continue or resolve that discussion.
> 
> In doing so, we might need to consider how this interacts with existing 
> work in other groups, HTTP, ADD, and DPRIVE in particular.  I'll be 
> sending notes to a few groups shortly advising them of this discussion 
> and inviting them to offer input.
> 
> Cheers,
> Martin
> 
> 
> [1] https://dl.acm.org/doi/abs/10.1145/3340301.3341128
> [2] https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh
> [3] https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07#appendix-A.1