**Session Date/Time:** 26 Jul 2024 01:30 # ohai ## Summary This meeting of the OHAI working group covered deployment experience with Oblivious HTTP (OHDP) and discussed the chunked OHDP draft. The discussion focused on the incremental forwarding issues, potential solutions, and privacy implications. ## Key Discussion Points * **Deployment Experience with OHDP:** Tommy Pauly shared experiences using OHDP for safe browsing, data metrics uploads, and model inference. He highlighted the configuration management approach using a fetched configuration bag, including relay and gateway information, target support, chunking preference, and transparency log integration. * **Chunked OHDP Draft:** The discussion centered on the challenges related to incremental forwarding and buffering by CDNs when using chunked OHDP. Options discussed included: * Fixing intermediary servers to avoid buffering. * Switching to extended CONNECT instead of POST (considered a large change). * Implementing a negotiation mechanism to signal streaming preference. * **Negotiation Fix:** Kazuho's proposal for a new header field ("request streaming") to indicate a client's preference for streaming was discussed. Piotr Cicora raised concerns about this defeating DDoS protection mechanisms. The group considered whether this should be a more generic HTTP extension to avoid protocol-specific tuning. * **Bi-directional Streaming:** Jonathan Hoyland Clappler raised the question of the interleaving of request and response data and whether this is allowed as it could weaken the privacy guarantees. There was a discussion on the security and privacy implications of allowing clients to send further request chunks after receiving response chunks. * **Configuration and Discovery:** Tibbo raised a question about a standardized endpoint for retrieving configuration of OHDP. * **Perfect Forward Secrecy:** David Schinazi opened an issue to talk about the perfect forward secrecy of chunked OHDP. * **Multi-Relay:** Peter Shikora opened a discussion about multi-relay chunked OHDP in terms of privacy and implementation. ## Decisions and Action Items * **Action Item:** Tommy to add a link to the OHDP repository in the Chunked OHDP draft. * **Decision:** The working group agrees to go forward with the negotiation fix. * **Decision:** The working group agrees to propose this fix as a generic HTTP extension. * **Action Item:** Someone (likely Kazuho) will create a draft for the HTTP extension in the HTTP BIS working group to support signalling a preference for streaming. * **Action Item:** Update security consideration to reflect the privacy implication of interleaving of request and response data and the different properties of using single chunk and multiple chunks and complete recommendation of configuration discovery mechanism. * **Action Item:** Tommy to update draft based on open issues and feedback. ## Next Steps * Create a new draft for the HTTP extension for signalling a preference for streaming in HTTP BIS. * Continue working on the chunked OHDP draft, incorporating feedback from the meeting. * Encourage interrupt testing of chunked OHDP implementations.