Add suggestion to use Oblivious HTTP when fetching resources.

common.js

@@ -82,6 +82,13 @@ var vcwg = {
       authors: ['Daniel Buchner', 'Brent Zundel', 'Martin Riedel', 'Kim Hamilton Duffy'],
       status: 'DIF Ratified Specification',
       publisher: 'Decentralized Identity Foundation'
+    },
+    'OHTTP': {
+      title: 'Oblivious HTTP ',
+      href: 'https://datatracker.ietf.org/doc/html/draft-ietf-ohai-ohttp',
+      authors: ['Martin Thomson', 'Christopher A. Wood'],
+      status: 'Working Group Draft',
+      publisher: 'IETF Oblivious HTTP Application Intermediation'
     }
   }
 };

index.html

@@ -4385,7 +4385,7 @@ <h3>Long-Lived Identifier-Based Correlation</h3>
       </section>
 
       <section class="informative">
-        <h3>Device Fingerprinting</h3>
+        <h3>Device Tracking and Fingerprinting</h3>
 
         <p>
 There are mechanisms external to <a>verifiable credentials</a> that are used to
@@ -4406,6 +4406,18 @@ <h3>Device Fingerprinting</h3>
 In some cases, tracking technologies might need to be disabled on devices that
 transmit <a>verifiable credentials</a> on behalf of a <a>holder</a>.
         </p>
+
+        <p>
+The Oblivious HTTP protocol [[?OHTTP]] is one mechanism that implementers might
+consider using when fetching external resources that are associated with a
+<a>verifiable credential</a> or a <a>verifiable presentation</a>.
+Oblivious HTTP allows a client to make multiple requests to an origin server
+without that server being able to link those requests to that client or even to
+identify those requests as having come from a single client, while placing only
+limited trust in the nodes used to forward the messages. Hence, Oblivious HTTP
+is one privacy-preserving mechanism that can be used to reduce the possibility
+of device tracking and fingerprinting.
+        </p>
       </section>
 
       <section class="informative">