The IESG has approved the following document: - 'Oblivious HTTP' (draft-ietf-ohai-ohttp-09.txt) as Proposed Standard
This document is the product of the Oblivious HTTP Application Intermediation Working Group. The IESG contact persons are Murray Kucherawy, Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-ohai-ohttp/ Technical Summary This document describes a system for forwarding encrypted HTTP messages. This allows a client to make multiple requests to an origin server without that server being able to link those requests to the client or to identify the requests as having come from the same client, while placing only limited trust in the nodes used to forward the messages. Working Group Summary There were a few topics that required in-depth discussion: 1. [Bad Key Configuration](https://github.com/ietf-wg-ohai/oblivious-http/issues/194): It was resolved in https://github.com/ietf-wg-ohai/oblivious-http/pull/196 2. [Asynchronous Submission Use Case](https://github.com/ietf-wg-ohai/oblivious-http/issues/179): A new draft was created to address this use-case: https://datatracker.ietf.org/doc/draft-wood-ohai-unreliable-ohttp/ 3. [Signals from server to proxy or vice versa](https://github.com/ietf-wg-ohai/oblivious-http/issues/114): being handled in a separate draft, and https://github.com/ietf-wg-ohai/oblivious-http/pull/113/files has text around proxy responsibilities Apart from GitHub, these topics were either discussed on-list or during WG session. Ultimately there was clear consensus on how to resolve these issues. The draft reached broad agreement, as ascertained through both IETF session participation and mailing list/GitHub discussion. Quite a few folks raised [issues on GitHub](https://github.com/ietf-wg-ohai/oblivious-http/issues?q=is%3Aissue+is%3Aclosed). Key decisions were surfaced on the mailing list. Document Quality There are implementations in [Rust](https://github.com/martinthomson/ohttp) and [Go](https://github.com/chris-wood/ohttp-go). Apple iOS 16 includes OHTTP. Cloudflare (https://github.com/cloudflare/app-relay) and Brave have implementations as well. This document interacts with HTTP WG and in general the SEC area. Participants from the HTTP and security communities were actively involved in the development of the document. Personnel Document Shepherd: Shivan Kaul Sahib Responsible Area Director: Francesca Palombini _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
