[Secdispatch] Requesting dispatch of Oblivious HTTP
Martin Thomson <mt@lowentropy.net> Thu, 28 January 2021 01:25 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73F953A0FD2 for <secdispatch@ietfa.amsl.com>; Wed, 27 Jan 2021 17:25:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=a6m/8HuV; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=rbV1QBzJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dy8RxpRnlRUQ for <secdispatch@ietfa.amsl.com>; Wed, 27 Jan 2021 17:25:35 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C36893A0FD1 for <secdispatch@ietf.org>; Wed, 27 Jan 2021 17:25:34 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 469615C0241 for <secdispatch@ietf.org>; Wed, 27 Jan 2021 20:25:33 -0500 (EST)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Wed, 27 Jan 2021 20:25:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=guj7zT6tPkytdhSkLtNh+4Toypu5Fgzo7m1ircb0vNs=; b=a6m/8HuV FnkEFzcGb5xT2A2SWtx6W3h2K0YGPBbBYvTH3hUIsMZ+sWvgqwx0e/NqMfm0oITX niAMCJ1WARY2rnHNb6oTLTSrgU2TuR1fZHXA4+eAlMPl0b4xzUJ5PQ+xIdfrrCQp UX/U0rzb2z4tPUt1dYhlJSt0wkksQ+nSTetg7EHHHKuh6vp+oINioBwYwMzxWPtu GsjZAJvtB9i6Jh8qm6B5b422mq5V0SQcpwzuMtyX/SsDUTGnQLyCyqczoGQIAc9r hfZO1gGGi0yyIzonZMwPoW1Ub0YRMBcuGAYeOMdmPlrymdLH0Q9XQCUa+APpUK2T l9OJW6Orx0ShPA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=guj7zT6tPkytdhSkLtNh+4Toypu5F gzo7m1ircb0vNs=; b=rbV1QBzJvxhWK7aPLaVVxhgl/2w77XvGF6RKZNbcs8cM5 hVsTqM7LnCjV70GKCae0w1Cb8xYKKdsu1jIDrCTBszLDZ63P+mKgHGUTOE/aNeaD yDjLdqGJ+EL+qxnYwTFb9FfLNGJ1l7Ll/acAPaB4erb2Fvc8eywWItF5WWfdSjIH Q3AwpVR3mIUZiwW7wIlCkiMDi2rVUHFN7oT5kk/l5Iv46DPUtvh/LFBYq/rBgMUp idATDuvtTvZsajR7BRSbobaDCiUIoQhDfkvf6oFupGIz3bvaZ9Sm6u5s8oKDoS9R JmkM/bNv5NR0IJTbrqefu+amC/MDzuPayDWa4FZuA==
X-ME-Sender: <xms:jBISYKlqIjeq5SVLXCnYPPcK34IxSbt1zUaW1uetu3bhrGhATEzuPw> <xme:jBISYB1cPY-X822DFo64YOkTakmUjzxKarawFnUdCkk4ibFhtuNdwOs8JgeFYagRc njhaiemvBNVcXVxMtk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdelgdeffecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghn thhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepleehuddtvddvleduueeigfeige elkeejgefgteelieefvdfhjeejtdekkeefleefnecuffhomhgrihhnpehivghtfhdrohhr ghdprggtmhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:jBISYIqe_iVtjLf2GbZ8ngkPYbbhGr-dPXactUJH0DbVNbs-neyE4A> <xmx:jBISYOno9AfrIZ0oYVrTPllr3iUGLjRG3Wi2qaNI6Z1mNAlRpM1tOQ> <xmx:jBISYI1FmG2WPRDpxWAR9UgdcPrKct-hlDezr49H77UBGn8lVIqLFw> <xmx:jRISYJAhbGn1yCAI47jq371VS2Dzd-SMAVg7nSjorUPLF43JrXcSog>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 830424E0063; Wed, 27 Jan 2021 20:25:32 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-84-gfc141fe8b8-fm-20210125.001-gfc141fe8
Mime-Version: 1.0
Message-Id: <ce415fb8-f0dc-4f25-80ef-8849aaf128c0@www.fastmail.com>
Date: Thu, 28 Jan 2021 12:25:13 +1100
From: Martin Thomson <mt@lowentropy.net>
To: secdispatch@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/VmFQCZGKlukgfnmgPh8ufQt_5Fo>
Subject: [Secdispatch] Requesting dispatch of Oblivious HTTP
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2021 01:25:36 -0000
Hi, Those familiar with oblivious DNS in its various forms [1][2] probably won't really need any introduction here. This proposes a design that uses HPKE [3] and a proxy to provide a general framework for privacy for sensitive HTTP requests. DNS is one fairly obvious application of this, but there are other applications that might benefit from this. A generic framework will enable those applications. The primary draft is: https://www.ietf.org/archive/id/draft-thomson-http-oblivious-00.html This draft describes the framework, plus how to encapsulate requests and responses using HPKE and the format of the server key configuration that clients need. A supplementary draft describes a simple binary encoding for HTTP requests: https://www.ietf.org/archive/id/draft-thomson-http-binary-message-00.html The request here is to discuss what to do with this work. Assuming this isn't dispatched before the next meeting, that includes a request for agenda time to continue or resolve that discussion. In doing so, we might need to consider how this interacts with existing work in other groups, HTTP, ADD, and DPRIVE in particular. I'll be sending notes to a few groups shortly advising them of this discussion and inviting them to offer input. Cheers, Martin [1] https://dl.acm.org/doi/abs/10.1145/3340301.3341128 [2] https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh [3] https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07#appendix-A.1
- [Secdispatch] Requesting dispatch of Oblivious HT… Martin Thomson
- Re: [Secdispatch] Requesting dispatch of Obliviou… Martin Thomson