[Secdispatch] Requesting dispatch of Oblivious HTTP
Martin Thomson <mt@lowentropy.net> Thu, 28 January 2021 01:25 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 73F953A0FD2
for <secdispatch@ietfa.amsl.com>; Wed, 27 Jan 2021 17:25:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01,
RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=lowentropy.net header.b=a6m/8HuV;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=rbV1QBzJ
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id dy8RxpRnlRUQ for <secdispatch@ietfa.amsl.com>;
Wed, 27 Jan 2021 17:25:35 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
[66.111.4.29])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C36893A0FD1
for <secdispatch@ietf.org>; Wed, 27 Jan 2021 17:25:34 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by mailout.nyi.internal (Postfix) with ESMTP id 469615C0241
for <secdispatch@ietf.org>; Wed, 27 Jan 2021 20:25:33 -0500 (EST)
Received: from imap10 ([10.202.2.60])
by compute1.internal (MEProxy); Wed, 27 Jan 2021 20:25:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net;
h=mime-version:message-id:date:from:to:subject:content-type; s=
fm1; bh=guj7zT6tPkytdhSkLtNh+4Toypu5Fgzo7m1ircb0vNs=; b=a6m/8HuV
FnkEFzcGb5xT2A2SWtx6W3h2K0YGPBbBYvTH3hUIsMZ+sWvgqwx0e/NqMfm0oITX
niAMCJ1WARY2rnHNb6oTLTSrgU2TuR1fZHXA4+eAlMPl0b4xzUJ5PQ+xIdfrrCQp
UX/U0rzb2z4tPUt1dYhlJSt0wkksQ+nSTetg7EHHHKuh6vp+oINioBwYwMzxWPtu
GsjZAJvtB9i6Jh8qm6B5b422mq5V0SQcpwzuMtyX/SsDUTGnQLyCyqczoGQIAc9r
hfZO1gGGi0yyIzonZMwPoW1Ub0YRMBcuGAYeOMdmPlrymdLH0Q9XQCUa+APpUK2T
l9OJW6Orx0ShPA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:message-id
:mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
:x-me-sender:x-sasl-enc; s=fm1; bh=guj7zT6tPkytdhSkLtNh+4Toypu5F
gzo7m1ircb0vNs=; b=rbV1QBzJvxhWK7aPLaVVxhgl/2w77XvGF6RKZNbcs8cM5
hVsTqM7LnCjV70GKCae0w1Cb8xYKKdsu1jIDrCTBszLDZ63P+mKgHGUTOE/aNeaD
yDjLdqGJ+EL+qxnYwTFb9FfLNGJ1l7Ll/acAPaB4erb2Fvc8eywWItF5WWfdSjIH
Q3AwpVR3mIUZiwW7wIlCkiMDi2rVUHFN7oT5kk/l5Iv46DPUtvh/LFBYq/rBgMUp
idATDuvtTvZsajR7BRSbobaDCiUIoQhDfkvf6oFupGIz3bvaZ9Sm6u5s8oKDoS9R
JmkM/bNv5NR0IJTbrqefu+amC/MDzuPayDWa4FZuA==
X-ME-Sender: <xms:jBISYKlqIjeq5SVLXCnYPPcK34IxSbt1zUaW1uetu3bhrGhATEzuPw>
<xme:jBISYB1cPY-X822DFo64YOkTakmUjzxKarawFnUdCkk4ibFhtuNdwOs8JgeFYagRc
njhaiemvBNVcXVxMtk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdelgdeffecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre
ertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghn
thhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepleehuddtvddvleduueeigfeige
elkeejgefgteelieefvdfhjeejtdekkeefleefnecuffhomhgrihhnpehivghtfhdrohhr
ghdprggtmhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih
hlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:jBISYIqe_iVtjLf2GbZ8ngkPYbbhGr-dPXactUJH0DbVNbs-neyE4A>
<xmx:jBISYOno9AfrIZ0oYVrTPllr3iUGLjRG3Wi2qaNI6Z1mNAlRpM1tOQ>
<xmx:jBISYI1FmG2WPRDpxWAR9UgdcPrKct-hlDezr49H77UBGn8lVIqLFw>
<xmx:jRISYJAhbGn1yCAI47jq371VS2Dzd-SMAVg7nSjorUPLF43JrXcSog>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id 830424E0063; Wed, 27 Jan 2021 20:25:32 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-84-gfc141fe8b8-fm-20210125.001-gfc141fe8
Mime-Version: 1.0
Message-Id: <ce415fb8-f0dc-4f25-80ef-8849aaf128c0@www.fastmail.com>
Date: Thu, 28 Jan 2021 12:25:13 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: secdispatch@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/VmFQCZGKlukgfnmgPh8ufQt_5Fo>
Subject: [Secdispatch] Requesting dispatch of Oblivious HTTP
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>,
<mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>,
<mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2021 01:25:36 -0000
Hi, Those familiar with oblivious DNS in its various forms [1][2] probably won't really need any introduction here. This proposes a design that uses HPKE [3] and a proxy to provide a general framework for privacy for sensitive HTTP requests. DNS is one fairly obvious application of this, but there are other applications that might benefit from this. A generic framework will enable those applications. The primary draft is: https://www.ietf.org/archive/id/draft-thomson-http-oblivious-00.html This draft describes the framework, plus how to encapsulate requests and responses using HPKE and the format of the server key configuration that clients need. A supplementary draft describes a simple binary encoding for HTTP requests: https://www.ietf.org/archive/id/draft-thomson-http-binary-message-00.html The request here is to discuss what to do with this work. Assuming this isn't dispatched before the next meeting, that includes a request for agenda time to continue or resolve that discussion. In doing so, we might need to consider how this interacts with existing work in other groups, HTTP, ADD, and DPRIVE in particular. I'll be sending notes to a few groups shortly advising them of this discussion and inviting them to offer input. Cheers, Martin [1] https://dl.acm.org/doi/abs/10.1145/3340301.3341128 [2] https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh [3] https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07#appendix-A.1
- [Secdispatch] Requesting dispatch of Oblivious HT… Martin Thomson
- Re: [Secdispatch] Requesting dispatch of Obliviou… Martin Thomson