RE: New draft: Reverse HTTP Transport from K Tirumaleswar Reddy (Nokia) on 2023-07-14 (ietf-http-wg@w3.org from July to September 2023)

From: K Tirumaleswar Reddy (Nokia) <k.tirumaleswar_reddy@nokia.com>
Date: Fri, 14 Jul 2023 07:07:36 +0000
To: Watson Ladd <watsonbladd@gmail.com>
CC: Benjamin Schwartz <ietf@bemasc.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <VI1PR07MB5854D3A29EABA9EBCD59964DAB34A@VI1PR07MB5854.eurprd07.prod.outlook.com>

The clients like browsers are pre-configured with relays that it trusts for Oblivious HTTP transactions and is a well-known configuration. Further, the relay and gateway/target are not operated by the same entity.

-Tiru

From: Watson Ladd <watsonbladd@gmail.com>
Sent: Thursday, July 13, 2023 8:51 PM
To: K Tirumaleswar Reddy (Nokia) <k.tirumaleswar_reddy@nokia.com>
Cc: Benjamin Schwartz <ietf@bemasc.net>; HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: New draft: Reverse HTTP Transport

CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.

Sorry I am still confused.

The client knows the gateway but how does the gateway know to open the TCP connection to the relay the client wants?

And if we're advertising the relay as well then what's the point of OHAI? The security properties depend on an administrative separation that means the client has to pick.

That said I can think of applications like CDN providing anti-DDOS protection where the server can be firewalled off from all but outgoing connections, so this whole conversation is irrelevant (but might inspire more paragraphs in the eventual intro)
On Thu, Jul 13, 2023, 4:27 AM K Tirumaleswar Reddy (Nokia) <k.tirumaleswar_reddy@nokia.com<mailto:k.tirumaleswar_reddy@nokia.com>> wrote:
One of the use cases is to host a DNS over Oblivious HTTP server (DoOH) without being publicly accessible but allows the clients to access the DoOH server via a trusted relay. The DoOH server and associated gateway  can be discovered by the client using https://datatracker.ietf.org/doc/draft-ietf-ohai-svcb-config/.

Cheers,
-Tiru

-----Original Message-----
From: Watson Ladd <watsonbladd@gmail.com<mailto:watsonbladd@gmail.com>>
Sent: Wednesday, July 12, 2023 4:31 AM
To: Benjamin Schwartz <ietf@bemasc.net<mailto:ietf@bemasc.net>>
Cc: ietf-http-wg@w3.org<mailto:ietf-http-wg@w3.org>
Subject: Re: New draft: Reverse HTTP Transport

CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext<http://nok.it/ext> for additional information.

Could you say more about the usecase? I looked over the doc briefly, but am still confused.

Sincerely,
Watson

--
Astra mortemque praestare gradatim

Received on Friday, 14 July 2023 07:07:46 UTC