Re: [HTTPBIS] New Revision: draft-secroot-ooda-http-02 – OODA-Action Header and Behavioral Extension from Mark Nottingham on 2025-09-20 (ietf-http-wg@w3.org from July to September 2025)

From: Mark Nottingham <mnot@mnot.net>
Date: Sun, 21 Sep 2025 09:27:17 +1000
To: rachid bouziane <exelogphp@gmail.com>
Cc: ietf-http-wg@w3.org
Message-Id: <63997BF0-6ACE-417E-A656-4781E6660B19@mnot.net>

Hi Rachid,

My initial sense is that this group isn't the right place to evaluate proposals like this -- while HTTPBIS would have a role in standardising such a protocol since it uses HTTP, the focus here is on the protocol itself, not in creating security frameworks on top of it.

I'd suggest taking it to SECDISPATCH, which is set up to evaluate and find the appropriate home for security-related proposals in the IETF:
  https://wiki.ietf.org/group/secdispatch

If they move forward, I'm sure they'll loop in the HTTP community as necessary.

Cheers,


> On 21 Sep 2025, at 6:26 am, rachid bouziane <exelogphp@gmail.com> wrote:
> 
> Dear HTTPBIS Working Group,
> 
> Apologies — my earlier message was mistakenly sent to the HTTPAPI list.
> This is the correct venue for HTTP protocol discussion.
> 
> I’d like to share a recent IETF draft that I believe aligns with HTTPBIS scope:
> 
> 🔗 https://datatracker.ietf.org/doc/draft-secroot-ooda-http/
> 
> The OODA-HTTP protocol introduces a behavioral extension to HTTP/1.1, HTTP/2,
> and HTTP/3, applying the Observe–Orient–Decide–Act loop at the
> application layer.
> Each HTTP request becomes both a telemetry point and a decision vector, enabling
> adaptive response to real-time threats — including quantum-capable and
> AI-driven attacks.
> 
> **Highlights:**
> - A new semantic header: `OODA-Action` (formerly `X-OODA-Action`, now
> aligned with RFC 6648)
> - Runtime coordination with TLS (e.g., KeyUpdate triggers)
> - A lightweight “semantic vector engine” to contextualize traffic and
> issue decisions
> - Use cases: bot detection, session scoring, adaptive defense
> 
> Following guidance from TLS WG (including Eric Rescorla and Rich Salz),
> it appears that HTTPBIS is the most appropriate venue, given the changes
> to HTTP semantics and headers.
> 
> I would greatly appreciate feedback on:
> - The appropriateness of this proposal within HTTPBIS scope
> - Best practices to align the semantic vector model with HTTP design principles
> - Whether a terminology contribution (behavioral scoring, vector
> fields) would be welcomed
> 
> Thank you for your time and consideration.
> 
> Best regards,
> Rachid Bouziane
> SecRoot.io – OODA-HTTP Protocol Initiative
> 📧 exelogphp@gmail.com
> 

--
Mark Nottingham   https://www.mnot.net/

Received on Saturday, 20 September 2025 23:27:26 UTC