- From: David Schinazi <dschinazi.ietf@gmail.com>
- Date: Thu, 20 Jul 2023 14:04:15 -0700
- To: "K Tirumaleswar Reddy (Nokia)" <k.tirumaleswar_reddy@nokia.com>, Benjamin Schwartz <ietf@bemasc.net>
- Cc: Watson Ladd <watsonbladd@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAPDSy+6w0QQK=ma-gcs9stcz6KrDWwdCnwg6EHtUK7TgNngcMQ@mail.gmail.com>
Hi Ben and Tiru, I think I'm confused similarly to Watson here. If the use-case is preventing DDoS to the origin, that can be solved today by paying some money to a CDN company and having them act as a reverse proxy, then having the origin drop all IP packets that don't originate from the CDN. Why do you need reverse HTTP for this? David On Fri, Jul 14, 2023 at 12:11 AM K Tirumaleswar Reddy (Nokia) < k.tirumaleswar_reddy@nokia.com> wrote: > The clients like browsers are pre-configured with relays that it trusts > for Oblivious HTTP transactions and is a well-known configuration. Further, > the relay and gateway/target are not operated by the same entity. > > > > -Tiru > > > > *From:* Watson Ladd <watsonbladd@gmail.com> > *Sent:* Thursday, July 13, 2023 8:51 PM > *To:* K Tirumaleswar Reddy (Nokia) <k.tirumaleswar_reddy@nokia.com> > *Cc:* Benjamin Schwartz <ietf@bemasc.net>; HTTP Working Group < > ietf-http-wg@w3.org> > *Subject:* Re: New draft: Reverse HTTP Transport > > > > > > *CAUTION:* This is an external email. Please be very careful when > clicking links or opening attachments. See the URL nok.it/ext for > additional information. > > > > Sorry I am still confused. > > > > The client knows the gateway but how does the gateway know to open the TCP > connection to the relay the client wants? > > > > And if we're advertising the relay as well then what's the point of OHAI? > The security properties depend on an administrative separation that means > the client has to pick. > > > > That said I can think of applications like CDN providing anti-DDOS > protection where the server can be firewalled off from all but outgoing > connections, so this whole conversation is irrelevant (but might inspire > more paragraphs in the eventual intro) > > On Thu, Jul 13, 2023, 4:27 AM K Tirumaleswar Reddy (Nokia) < > k.tirumaleswar_reddy@nokia.com> wrote: > > One of the use cases is to host a DNS over Oblivious HTTP server (DoOH) > without being publicly accessible but allows the clients to access the DoOH > server via a trusted relay. The DoOH server and associated gateway can be > discovered by the client using > https://datatracker.ietf.org/doc/draft-ietf-ohai-svcb-config/. > > Cheers, > -Tiru > > -----Original Message----- > From: Watson Ladd <watsonbladd@gmail.com> > Sent: Wednesday, July 12, 2023 4:31 AM > To: Benjamin Schwartz <ietf@bemasc.net> > Cc: ietf-http-wg@w3.org > Subject: Re: New draft: Reverse HTTP Transport > > > CAUTION: This is an external email. Please be very careful when clicking > links or opening attachments. See the URL nok.it/ext for additional > information. > > > > Could you say more about the usecase? I looked over the doc briefly, but > am still confused. > > Sincerely, > Watson > > -- > Astra mortemque praestare gradatim > >
Received on Thursday, 20 July 2023 21:04:33 UTC