Note I reviewed the -05 version and the editor’s diff to their working draft.

Thanks for the well written doc.  I really have only two questions and some nits:

1. Is “intercept” the right word in the following text from s3:

  In order to ensure that Clients do not encapsulate
  messages that other entities can intercept, the key configuration
  MUST be authenticated and have integrity protection.

I do not usually think of authentication and integrity as a mitigation against interception. Maybe it’s that it just can’t be encrypted it must use AEAD? Or, maybe I missed something.

2. The text in s6.5 about the Client and Oblivious Relay not automatically attempting a retry makes me wonder if this protocol is applicable only to HTTP/2 and HTTP/3, but I know that’s not intended (see HTTP/1.1 examples)? How is a pre-HTTP/2 client supposed to know no processing occurred?

Nits follow, but are in a
PR (https://github.com/ietf-wg-ohai/oblivious-http/pull/221):
s2: s/A Oblivious/An Oblivious
s4.3: s/request request/request, request,
s4.4:s/response response/response, response,
s4.4, step 1: s/secret secret/secret, secret,
s4.4, step 3: s/response_nonce/response_nonce.
s4.4, step 5: s/nonce nonce/nonce, nonce,
s5: s/For the request the/For the request, the
s6.2: s/HTTP, a Oblivious/HTTP, an Oblivious
s6.2:s/though it assumed to/though it is assumed
s6.3: s:/ such those/such as those
s7: s/critical prevent/critical to prevent

Hobby Horse:
When are HTTP examples going to switch to H2 or H3?