Re: [Secdispatch] Oblivious HTTP charter draft
Benjamin Kaduk <kaduk@mit.edu> Sat, 20 March 2021 22:35 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 790B33A0AB6 for <secdispatch@ietfa.amsl.com>; Sat, 20 Mar 2021 15:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.219
X-Spam-Level:
X-Spam-Status: No, score=-4.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eld9Vz69FSkD for <secdispatch@ietfa.amsl.com>; Sat, 20 Mar 2021 15:35:51 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682033A0AB5 for <secdispatch@ietf.org>; Sat, 20 Mar 2021 15:35:50 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 12KMZijd017464 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 20 Mar 2021 18:35:48 -0400
Date: Sat, 20 Mar 2021 15:35:43 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Martin Thomson <mt@lowentropy.net>
Cc: secdispatch@ietf.org
Message-ID: <20210320223543.GJ79563@kduck.mit.edu>
References: <8e53426d-857e-4dd9-a9d0-b907c415abec@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8e53426d-857e-4dd9-a9d0-b907c415abec@www.fastmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/_aHS8dqMfx0JaSrGGBGAosMU5JA>
Subject: Re: [Secdispatch] Oblivious HTTP charter draft
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2021 22:35:54 -0000
On Thu, Mar 18, 2021 at 12:24:33PM +1100, Martin Thomson wrote: [...] > The OHTTP working group will define the Oblivious HTTP protocol, a method of encapsulating HTTP requests and responses that provides protected, low-latency exchanges. The working group will define any encryption scheme necessary and supporting data formats for carrying encapsulated requests and responses, plus any key configuration that might be needed to use the protocol. What does it mean to "define an[y] encryption scheme"? > The OHTTP working group will include an applicability statement that documents the limitations of this design and any usage constraints that are necessary to ensure that the protocol is secure. Is this intended to be an Applicability Statement as defined in RFC 2026? > The working group will define a format for any encryption keys that are needed. The working group will not describe how encryption keys are obtained. The working group will not define any methods for discovering proxy or server endpoints; specific uses of the protocol will need to describe discovery methods or rely on configuration. Why do we need new formats for encryption keys? Don't we already have a bunch of those? Defining how to obtain keys is necessary, of course. Thanks, Ben > The OHTTP working group will work closely with other groups that develop the tools that OHTTP depends on (HTTPbis for HTTP, CFRG for HPKE) or that might use Oblivious HTTP (DPRIVE for DNS over HTTPS). > > The working group will use draft-thomson-http-oblivious as input. > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch
- [Secdispatch] Oblivious HTTP charter draft Martin Thomson
- Re: [Secdispatch] Oblivious HTTP charter draft Michael Richardson
- Re: [Secdispatch] Oblivious HTTP charter draft Martin Thomson
- Re: [Secdispatch] Oblivious HTTP charter draft Benjamin Kaduk
- Re: [Secdispatch] Oblivious HTTP charter draft Eric Rescorla
- Re: [Secdispatch] Oblivious HTTP charter draft Martin Thomson
- Re: [Secdispatch] Oblivious HTTP charter draft David Schinazi
- Re: [Secdispatch] Oblivious HTTP charter draft Eric Rescorla
- Re: [Secdispatch] Oblivious HTTP charter draft Christopher Wood