Sorry I am still confused.
The client knows the gateway but how does the gateway know to open the TCP
connection to the relay the client wants?
And if we're advertising the relay as well then what's the point of OHAI?
The security properties depend on an administrative separation that means
the client has to pick.
That said I can think of applications like CDN providing anti-DDOS
protection where the server can be firewalled off from all but outgoing
connections, so this whole conversation is irrelevant (but might inspire
more paragraphs in the eventual intro)
On Thu, Jul 13, 2023, 4:27 AM K Tirumaleswar Reddy (Nokia) <
k.tirumaleswar_reddy@nokia.com> wrote:
> One of the use cases is to host a DNS over Oblivious HTTP server (DoOH)
> without being publicly accessible but allows the clients to access the DoOH
> server via a trusted relay. The DoOH server and associated gateway can be
> discovered by the client using
> https://datatracker.ietf.org/doc/draft-ietf-ohai-svcb-config/.
>
> Cheers,
> -Tiru
>
> -----Original Message-----
> From: Watson Ladd <watsonbladd@gmail.com>
> Sent: Wednesday, July 12, 2023 4:31 AM
> To: Benjamin Schwartz <ietf@bemasc.net>
> Cc: ietf-http-wg@w3.org
> Subject: Re: New draft: Reverse HTTP Transport
>
>
> CAUTION: This is an external email. Please be very careful when clicking
> links or opening attachments. See the URL nok.it/ext for additional
> information.
>
>
>
> Could you say more about the usecase? I looked over the doc briefly, but
> am still confused.
>
> Sincerely,
> Watson
>
> --
> Astra mortemque praestare gradatim
>
>