Oblivious HTTP

Oblivious HTTP (OHTTP) is an IETF network protocol intended to allow anonymous HTTP transactions over the Internet without revealing source IP addresses.[1] OHTTP is documented in RFC 9458, published in January 2024. The working group describes it within the standard itself as "a simpler and less costly" alternative to the "more robust systems" like Prio[2] or Tor. The standard sees itself in comparison also as inferior at "providing a stronger guarantee of anonymity". Furthermore the standard for the discovery mechanism of the mandatory connection configuration information (RFC 9540) also outlines that a client should use an anonymizing proxy while fetching them. Thereby it makes OHTTP entirely redundant.

Mechanism

OHTTP uses a combination of message encryption and a double-proxy-relay setup, where the first proxy relay can see the source, but cannot see the destination of the encrypted message, and the second proxy can decrypt the message to forward it on to the destination, but cannot see the original source. All traffic between the source, destination and both proxies is carried over the HTTPS protocol to prevent third parties from analysing or intercepting the message contents.[3]

Since neither relay, nor any third party, simultaneously knows both the source and destination address for a transaction, it would thus require the operators of both relays to collude in order to cross-correlate messages and recover the source address; if either one of the relay operators is trustworthy, privacy is preserved. However, if both relay operators collude, the security of OHTTP is compromised.[4]

The Oblivious DNS over HTTPS (ODoH) protocol uses OHTTP to carry DNS over HTTPS (DoH) traffic.[3]

However a client first needs to fetch the gateway configuration file from a well-known Path /.well-known/ohttp-gateway which is "available on the same host as the Target Resource". Rendering all of the additional security guarantees of OHTTP useless as it exposes the same information to the same potential groups of attackers as unencrypted SNI-Headers in any typical TLS connections would. This is even already pointed out by one of the standards for discovery of these mandatory configuration parameters (RFC 9540) itself: "When clients fetch a gateway's configuration, they can expose their identity in the form of an IP address". Ironically the stated solution to this problem is the same as has already been commonly used before OHTTP standardization as well "connect via a proxy or some other IP-hiding mechanism".

Deployment

Google contracted with Fastly in 2023 to provide Google with an OHTTP relay to implement its experimental anonymous advertising technology.[5] Cloudflare's Privacy Gateway is an OHTTP service.[6] Apple states that its Enhanced Visual Search uses OHTTP as part of its anonymization strategy.[7]

References

  1. ^ "Oblivious HTTP (ohttp)". datatracker.ietf.org. Retrieved 2025-03-04.
  2. ^ Corrigan-Gibbs, Henry; Boneh, Dan (2017-03-14). "Prio: Private, Robust, and Scalable Computation of Aggregate Statistics" (PDF). 14th USENIX symposium on networked systems design and implementation (NSDI 17) (eBook). online: USENIX Association (published 2017-03-27): 259–282. ISBN 978-1-931971-37-9. OCLC 1419202156. OL 59121964M. Archived (PDF) from the original on 2025-04-18.
  3. ^ a b "Oblivious HTTP (OHTTP) explained". support.mozilla.org. January 2025.
  4. ^ Wood, Christopher; Hoyland, Jonathan (2022-10-27). "Stronger than a promise: proving Oblivious HTTP privacy properties". Cloudflare.
  5. ^ "Fastly wins major Google deal ahead of cookie death". The Stack. 2023-03-15. Retrieved 2025-03-04.
  6. ^ "Stronger than a promise: proving Oblivious HTTP privacy properties". The Cloudflare Blog. Archived from the original on 2025-01-30. Retrieved 2025-03-04.
  7. ^ "About Enhanced Visual Search in Photos - Apple Support (JO)". Apple Support. Retrieved 2025-03-04.


Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.

Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi

Kembali kehalaman sebelumnya