Oblivious HTTP
draft-ietf-ohai-ohttp-10

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ohai-ohttp@ietf.org, ohai-chairs@ietf.org, ohai@ietf.org, rfc-editor@rfc-editor.org, shivankaulsahib@gmail.com, superuser@gmail.com
Subject: Protocol Action: 'Oblivious HTTP' to Proposed Standard (draft-ietf-ohai-ohttp-09.txt)

The IESG has approved the following document:
- 'Oblivious HTTP'
  (draft-ietf-ohai-ohttp-09.txt) as Proposed Standard

This document is the product of the Oblivious HTTP Application Intermediation
Working Group.

The IESG contact persons are Murray Kucherawy, Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/

Ballot Text

Technical Summary

   This document describes a system for forwarding encrypted HTTP
   messages.  This allows a client to make multiple requests to an
   origin server without that server being able to link those requests
   to the client or to identify the requests as having come from the
   same client, while placing only limited trust in the nodes used to
   forward the messages.

Working Group Summary

There were a few topics that required in-depth discussion:

1. [Bad Key Configuration](https://github.com/ietf-wg-ohai/oblivious-http/issues/194): It
was resolved in https://github.com/ietf-wg-ohai/oblivious-http/pull/196
2. [Asynchronous Submission Use Case](https://github.com/ietf-wg-ohai/oblivious-http/issues/179): A new draft was created to address this use-case: https://datatracker.ietf.org/doc/draft-wood-ohai-unreliable-ohttp/
3. [Signals from server to proxy or vice versa](https://github.com/ietf-wg-ohai/oblivious-http/issues/114): being handled in a separate draft, and https://github.com/ietf-wg-ohai/oblivious-http/pull/113/files has text around proxy responsibilities

Apart from GitHub, these topics were either discussed on-list or during WG
session. Ultimately there was clear consensus on how to resolve these issues.

The draft reached broad agreement, as ascertained through both IETF session
participation and mailing list/GitHub discussion. Quite a few folks raised
[issues on GitHub](https://github.com/ietf-wg-ohai/oblivious-http/issues?q=is%3Aissue+is%3Aclosed).
Key decisions were surfaced on the mailing list.

Document Quality

There are implementations in [Rust](https://github.com/martinthomson/ohttp) and
[Go](https://github.com/chris-wood/ohttp-go). Apple iOS 16 includes OHTTP.
Cloudflare (https://github.com/cloudflare/app-relay) and Brave have
implementations as well.

This document interacts with HTTP WG and in general the SEC area. Participants
from the HTTP and security communities were actively involved in the
development of the document.

Personnel

   Document Shepherd: Shivan Kaul Sahib
   Responsible Area Director: Francesca Palombini

RFC Editor Note