Hey Alexey, Thanks for reviewing. I'll respond inline and link some pull requests as appropriate. Some of the changes were already made in response to other reviews, which I think is a good sign that some changes are needed. On Fri, Dec 9, 2022, at 01:02, Alexey Melnikov wrote: > It looks that the term "server" sometimes means the target server and > sometimes the Oblivious Gateway. I think this creates a bit of confusion > when reading the document. Kyle Rose also noted similar concerns: https://github.com/ietf-wg-ohai/oblivious-http/pull/225 There are good reasons for the condensing of the gateway and target resources into "server" for the security analysis. But I've put in more effort here to correct the terminology usage. > |4.4. Encapsulation of Responses > | > | Given an HPKE context context, a request message request, and a > > I wish the document used a convention for variables/fields to make > reading of paragraphs like this a bit easier. Maybe put them in quotes? Ah, you are reading the text version, which lacks the markings of the HTML version. I agree. We have already made some changes in this regard, using commas to separate where the definition appears. (I think that Sean Turner suggested the requisite changes.) The example you quoted now appears as: > Given an HPKE context, context; a request message, request; and a response, response, servers generate an Encapsulated Response, enc_response, as follows: > > 1. Export a secret, secret, from context, using the string "message/bhttp response" as the exporter_context parameter to context.Export; see Section 5.3 of [HPKE]. The length of this secret is max(Nn, Nk), where Nn and Nk are the length of AEAD key and nonce associated with context. Note: Section 4.6 discusses how alternative message formats might use a different context value. The changes are in our editor's copy, but the changeset was https://github.com/ietf-wg-ohai/oblivious-http/pull/221 Open to suggestions for improvement. The first sentence you quote is still a little janky. > The following comment is with my Media Type reviewer hat on and it > applies to all 3 section 9.1, 9.2 and 9.3. Using section 9.3 as an example: Thanks for that. Fixed in: https://github.com/ietf-wg-ohai/oblivious-http/pull/230 (I hope) -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
