- From: rachid bouziane <exelogphp@gmail.com>
- Date: Wed, 2 Jul 2025 19:28:13 +0100
- To: ietf-http-wg@w3.org
Dear HTTPBIS Working Group, I’m reaching out to share a recent IETF draft that may align with your scope: 🔗 https://datatracker.ietf.org/doc/draft-secroot-ooda-http/ The OODA-HTTP protocol introduces a behavioral extension to HTTP (1.1, 2, and 3), applying the Observe–Orient–Decide–Act loop at the application layer. Each HTTP request becomes both a telemetry point and a decision vector, enabling adaptive response to real-time threats — including quantum-capable and AI-driven attacks. Highlights: - A new semantic header: `X-OODA-Action` - Runtime coordination with TLS (e.g., KeyUpdate triggers) - A lightweight “semantic vector engine” to contextualize traffic and issue decisions - Use cases include bot detection, session scoring, and adaptive defense Following guidance from TLS WG (notably Eric Rescorla and Rich Salz), it appears that HTTPBIS is a more suitable venue for this initiative, especially given the modifications to HTTP semantics and headers. I would deeply appreciate your feedback regarding: - The appropriateness of this proposal within HTTPBIS - Best practices to align the semantic vector model with HTTP design principles - Whether a terminology contribution (e.g., for the behavioral scoring and vector fields) would be welcomed Many thanks in advance for your time and consideration. Best regards, Rachid Bouziane SecRoot.io – OODA-HTTP Protocol Initiative 📧 exelogphp@gmail.com
Received on Friday, 18 July 2025 14:47:46 UTC