Oblivious HTTP
draft-ietf-ohai-ohttp-10
Approval announcement
Draft of message to be sent after approval:
Announcement
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ohai-ohttp@ietf.org, ohai-chairs@ietf.org, ohai@ietf.org, rfc-editor@rfc-editor.org, shivankaulsahib@gmail.com, superuser@gmail.com
Subject: Protocol Action: 'Oblivious HTTP' to Proposed Standard (draft-ietf-ohai-ohttp-09.txt)
The IESG has approved the following document:
- 'Oblivious HTTP'
(draft-ietf-ohai-ohttp-09.txt) as Proposed Standard
This document is the product of the Oblivious HTTP Application Intermediation
Working Group.
The IESG contact persons are Murray Kucherawy, Paul Wouters and Roman Danyliw.
A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/
Ballot Text
Technical Summary
This document describes a system for forwarding encrypted HTTP
messages. This allows a client to make multiple requests to an
origin server without that server being able to link those requests
to the client or to identify the requests as having come from the
same client, while placing only limited trust in the nodes used to
forward the messages.
Working Group Summary
There were a few topics that required in-depth discussion:
1. [Bad Key Configuration](https://github.com/ietf-wg-ohai/oblivious-http/issues/194): It
was resolved in https://github.com/ietf-wg-ohai/oblivious-http/pull/196
2. [Asynchronous Submission Use Case](https://github.com/ietf-wg-ohai/oblivious-http/issues/179): A new draft was created to address this use-case: https://datatracker.ietf.org/doc/draft-wood-ohai-unreliable-ohttp/
3. [Signals from server to proxy or vice versa](https://github.com/ietf-wg-ohai/oblivious-http/issues/114): being handled in a separate draft, and https://github.com/ietf-wg-ohai/oblivious-http/pull/113/files has text around proxy responsibilities
Apart from GitHub, these topics were either discussed on-list or during WG
session. Ultimately there was clear consensus on how to resolve these issues.
The draft reached broad agreement, as ascertained through both IETF session
participation and mailing list/GitHub discussion. Quite a few folks raised
[issues on GitHub](https://github.com/ietf-wg-ohai/oblivious-http/issues?q=is%3Aissue+is%3Aclosed).
Key decisions were surfaced on the mailing list.
Document Quality
There are implementations in [Rust](https://github.com/martinthomson/ohttp) and
[Go](https://github.com/chris-wood/ohttp-go). Apple iOS 16 includes OHTTP.
Cloudflare (https://github.com/cloudflare/app-relay) and Brave have
implementations as well.
This document interacts with HTTP WG and in general the SEC area. Participants
from the HTTP and security communities were actively involved in the
development of the document.
Personnel
Document Shepherd: Shivan Kaul Sahib
Responsible Area Director: Francesca Palombini
RFC Editor Note