- From: rachid bouziane <exelogphp@gmail.com>
- Date: Sat, 20 Sep 2025 21:26:07 +0100
- To: ietf-http-wg@w3.org
Dear HTTPBIS Working Group, Apologies — my earlier message was mistakenly sent to the HTTPAPI list. This is the correct venue for HTTP protocol discussion. I’d like to share a recent IETF draft that I believe aligns with HTTPBIS scope: 🔗 https://datatracker.ietf.org/doc/draft-secroot-ooda-http/ The OODA-HTTP protocol introduces a behavioral extension to HTTP/1.1, HTTP/2, and HTTP/3, applying the Observe–Orient–Decide–Act loop at the application layer. Each HTTP request becomes both a telemetry point and a decision vector, enabling adaptive response to real-time threats — including quantum-capable and AI-driven attacks. **Highlights:** - A new semantic header: `OODA-Action` (formerly `X-OODA-Action`, now aligned with RFC 6648) - Runtime coordination with TLS (e.g., KeyUpdate triggers) - A lightweight “semantic vector engine” to contextualize traffic and issue decisions - Use cases: bot detection, session scoring, adaptive defense Following guidance from TLS WG (including Eric Rescorla and Rich Salz), it appears that HTTPBIS is the most appropriate venue, given the changes to HTTP semantics and headers. I would greatly appreciate feedback on: - The appropriateness of this proposal within HTTPBIS scope - Best practices to align the semantic vector model with HTTP design principles - Whether a terminology contribution (behavioral scoring, vector fields) would be welcomed Thank you for your time and consideration. Best regards, Rachid Bouziane SecRoot.io – OODA-HTTP Protocol Initiative 📧 exelogphp@gmail.com
Received on Saturday, 20 September 2025 20:26:22 UTC