Hi Eric, Thank you for clarifying. I agree with your assessment: the OODA-Action header is carried in HTTP and does not require changes to TLS itself. My intent in referencing TLS was to highlight deployment contexts (e.g., entropy awareness, runtime coordination), not to suggest that OODA-HTTP modifies the TLS protocol.
I’ll adjust the draft to make this clearer: The protocol element is strictly an HTTP header extension. References to TLS will be framed as non-normative context (e.g., how OODA-HTTP can observe or react to TLS session properties) rather than as protocol dependencies. And yes, I agree that if the work progresses, it would be appropriate to have the TLS WG review the draft at WGLC for correctness, but not to treat this as a joint TLS item. Thanks again for confirming the scope — I’ll reflect this in the next revision. Best regards, Rachid Le dim. 21 sept. 2025 à 17:30, Eric Rescorla <[email protected]> a écrit : > > Hi Rachid, > > I reviewed this draft on the SECDISPATCH list [0]. > > I actually don't think that this is particularly relevant to TLS. As you > note, the header is just carried in > HTTP headers and while some of the properties it talks about might apply to > TLS, we don't usually > think that those kinds of references require tight collaboration with the WG > in charge of the subject > protocol. For example, if you have some YANG model that involves managing TLS > keying material, > we don't make it a joint TLS WG item. > > If this is eventually adopted, I think it would be fine to have the WGLC CCed > to the TLS > mailing list for review of correctness and usefulness. > > -Ekr > > [0] > https://mailarchive.ietf.org/arch/msg/secdispatch/zFZgwErhLvlWc9WFEz1EatSdazY/ > > > > On Sat, Sep 20, 2025 at 10:35 AM rachid bouziane <[email protected]> wrote: >> >> Dear TLS WG, >> >> A new revision of my draft has been posted: >> >> OODA-HTTP: Adaptive Security Framework for HTTP Communications >> >> Draft: https://www.ietf.org/archive/id/draft-secroot-ooda-http-02.txt >> >> Diff: https://author-tools.ietf.org/iddiff?url2=draft-secroot-ooda-http-02 >> >> Highlights in -02: >> >> Cleaned and updated references (including QUIC-LB -21, DOTS). >> >> Clarified Security Considerations. >> >> Introduced a unified OODA-Action registry (Appendix B). >> >> Editorial cleanup of boilerplate and authorship metadata. >> >> OODA-HTTP coordinates with TLS/HTTPS/QUIC but does not modify TLS itself. >> The role of TLS WG is essential to ensure alignment and avoid >> conflicts, and I welcome feedback on scope and interoperability. >> >> Best regards, >> Rachid Bouziane >> SecRoot.io >> 📧 [email protected] _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
