| withmilestones-00-00.txt | withmilestones-00-01.txt | |||
|---|---|---|---|---|
| In a number of different settings, interactions between clients and servers | In a number of different settings, interactions between clients and servers | |||
| involve information that could be sensitive when associated with client | involve information that could be sensitive when associated with client | |||
| identity. | identity. | |||
| Client-server protocols like HTTP reveal aspects of client identity to servers | Client-server protocols like HTTP reveal aspects of client identity to servers | |||
| through these interactions, especially source addresses. Even without client | through these interactions, especially source addresses. Even without client | |||
| identity, a server might be able to build a profile of client activity by | identity, a server might be able to build a profile of client activity by | |||
| correlating requests from the same client over time. | correlating requests from the same client over time. | |||
| In a setting where the information included in requests does not need to be | In a setting where the information included in requests does not need to be | |||
| correlated, the Oblivious HTTP protocol allows a server to accept requests via | correlated, the Oblivious HTTP protocol allows a server to accept requests via | |||
| a proxy. The proxy ensures that the server cannot see source addressing | a proxy. The proxy ensures that the server cannot see source addressing | |||
| information for clients, which prevents servers linking requests to the same | information for clients, which prevents servers linking requests to the same | |||
| client. Encryption ensures that the proxy is unable to read requests or | client. Encryption ensures that the proxy is unable to read requests or | |||
| responses. | responses. | |||
| The OHTTP working group will define the Oblivious HTTP protocol, a method of | The OHTTP working group will define the Oblivious HTTP protocol, a method of | |||
| encapsulating HTTP requests and responses that provides protected, low-latency | encapsulating HTTP requests and responses that provides protected, low-latency | |||
| exchanges. The working group will define any encryption scheme necessary and | exchanges. The working group will define any encryption scheme necessary and | |||
| supporting data formats for carrying encapsulated requests and responses, plus | supporting data formats for carrying encapsulated requests and responses, plus | |||
| any key configuration that might be needed to use the protocol. | any key configuration that might be needed to use the protocol. | |||
| The OHTTP working group will include an applicability statement that documents | The OHTTP working group will include an applicability statement that documents | |||
| the limitations of this design and any usage constraints that are necessary to | the limitations of this design and any usage constraints that are necessary to | |||
| ensure that the protocol is secure. | ensure that the protocol is secure. The working group will consider the | |||
| operational impact as part of the protocol design and document operational | ||||
| considerations. | ||||
| The working group will define a format for any encryption keys that are needed. | The working group will prioritize work on the core protocol elements as | |||
| The working group will not describe how encryption keys are obtained. The | identified. In addition, the working group may work on other use cases and | |||
| working group will not define any methods for discovering proxy or server | deployment models, including those that involve discovery of OHTTP proxies or | |||
| endpoints; specific uses of the protocol will need to describe discovery | servers. | |||
| methods or rely on configuration. | ||||
| The OHTTP working group will work closely with other groups that develop the | The OHTTP working group will work closely with other groups that develop the | |||
| tools that OHTTP depends on (HTTPbis for HTTP, CFRG for HPKE) or that might use | tools that Oblivious HTTP depends on (HTTPbis for HTTP, CFRG for HPKE) or that | |||
| Oblivious HTTP (DPRIVE for DNS over HTTPS). | might use Oblivious HTTP (DPRIVE for DNS over HTTPS). | |||
| The working group will use draft-thomson-http-oblivious as input. | The working group will use draft-thomson-http-oblivious as input. | |||
| Milestones | Milestones | |||
| Jul 2022 - Submit the Oblivious HTTP Protocol draft to the IESG for publication | Jul 2022 - Submit the Oblivious HTTP Protocol draft to the IESG for publication | |||
| End of changes. 7 change blocks. | ||||
| 12 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||