Dear Mohamed, Thank you very much for your thoughtful and constructive feedback.
You're absolutely right to raise the distinction between: what OODA-HTTP is aiming to standardize, and where interoperability is expected or required. Let me clarify both aspects below. ________________________________ Scope of Standardization OODA-HTTP introduces a lightweight signaling mechanism at the HTTP layer, based on the OODA loop (Observe, Orient, Decide, Act). The elements targeted for standardization include: a semantic header (initially X-OODA-Action, to be renamed), behavioral telemetry formats (from enriched HTTP metadata), an event-loop model for adaptive enforcement at the application edge. These elements operate entirely within existing HTTP and TLS infrastructures, and do not redefine transport or encryption layers. ________________________________ Interoperability with DOTS and Beyond Interoperability is a core architectural goal. OODA-HTTP is not a replacement for existing protocols like DOTS — on the contrary, it is designed to complement them. [RFC 9244] highlights the need for behavioral telemetry and client-side mitigation hints. OODA-HTTP is positioned to generate those hints at the application level (HTTP), based on observed behaviors. To formalize this, we are drafting: draft-secroot-dots-push-to-ooda-00 This document defines how: OODA agents may push telemetry or alerts to a DOTS server when local thresholds are exceeded. DOTS servers or SIEMs/XDR may inject warnings into HTTP flows via structured headers. This creates a feedback loop between transport-level mitigation and application-level adaptation — without distorting SecOps workflows. ________________________________ Operational Alignment Rather than introducing new operational models, OODA-HTTP enhances existing SecOps practices by: providing edge-layer scoring and filtering, reporting telemetry to SIEM/XDR and DOTS-based platforms, enabling human control via CLI/API for override or supervision. This aligns with the spirit of [RFC 9244], [RFC 8612], and extends the defense surface into the application layer. ________________________________ We welcome further feedback on the interop aspects and are happy to share the early draft of draft-secroot-dots-push-to-ooda-00 once it is published. Thanks again for your valuable insight. Warm regards, Rachid Bouziane SecRoot.io – OODA-HTTP Initiative _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
