►
From YouTube: IETF100-SIDROPS-20171115-1330
Description
SIDROPS meeting session at IETF100
2017/11/15 1330
https://datatracker.ietf.org/meeting/100/proceedings/
A
B
A
A
C
A
Mike
at
the
end,
we'll
do
anything
else
up
somebody
from
net
mod
Oh
before
we
go
to
the
slide
for
the
status,
actually
a
status
Jim.
So
we
have
a
bunch
of
draft,
so
seven
drops
one
in
more
group
last
call
just
recently.
Lti
use
cases
would
be
great
if
people
read
it
made.
Some
comments
thought
through
it
again:
origin
validation,
clarify
the
author
came
to
say
something
as
well
about
that.
E
F
A
A
A
A
A
Oops
this
one
sorry,
she
had
some
questions
about
router
keying.
Thus
these
slides
are
updated
on
there
they're
published.
So
we
can
talk.
You
can
read
them
later
and
talk
about
this
amongst
yourselves.
But
the
point
is:
there's
a
set
of
questions
and
comments
about
the
draft.
Somebody
else
should
read
them,
make
sure
that
they're
saying
and
then
the
author's
in
Sandy
and
you
can
can
make
some
agreement
about
what
to
do
from
here
again.
I'm,
not
gonna,
read
through
all
the
slides.
A
The
the
biggest
point
is
that
there's
a
set
of
outstanding
comments
before
it
can
move
forward.
So
let's
have
a
little
bit
of
read
and
do
that
we'll
go
back
to
the
slides,
okay
draft
status,
okay,
other
presenters.
That
means
the
first
person
up
is
Erica.
Oh
I
should
have
also
said
if
you're
presenting
you
have
to
stay
in
the
pink
box,
so
the
people
on
the
video
can
see
you
please
talk
into
the
mic.
Unlike
me,
if
you
feel
like
you
want
to
take
the
mic
out
of
the
holder
feel
free
to
do
that.
I
I
want
to
explain
what
Renata
Renata
is
the
the
network,
education
or
not
all
the
national
research
of
education
in
Colombia,
disconnect
and
articulate
they
all
the
factors
of
the
national
systems
of
the
science
technology
of
innovation
in
Colombia
through
the
connection
with
Clara
networks.
Clara
is
the
network
an
academic
connects
between
them,
the
network
of
the
region
and
Latin,
America,
and
them
between
them
and
with
the
world
through
international
links,
giant
and
Internet.
I
This
is
the
infrastructure
of
Granada
a
I.
Can
you
can
you
see
the
22
notes
and
the
2
notes
in
the
interconnection
points
next
list
and
2
interconnection
and
the
2
interconnection
points
with
the
links
and
the
connections
with
red,
Clara
and
connections
with
Knapp
Columbia
and
our
service
Internet
service
provider?
I
I
Next,
please,
and
in
this
activity,
were
validated.
This
number
two
prefixes
and
these
are
the
results,
but
two
valid
on
invalid
are
not
found
for
these
prefixes
in
the
implementation
in
the
environment,
production
productions,
the
following
platforms
were
our
install
it
rip
and
CC
rpki
validator
2.33,
2023,
Esplin
enterprise,
PHP
myadmin
and
the
in
the
next.
In
the
next
slide,
you
can
see
the
topology
of
the
problem,
the
topology
of
the
production.
I
In
in
this
activity,
we
we
have
done
important
issue
because
by
internal
policies
in
the
configuration
of
BGP
of
the
network,
we
don't
have
the
we
don't
have
the
roots
in
global
mode
instead
in
global
mode
VDP.
Instead,
we
have
them
into
BRF
and
these
because
internal
policies
in
Renata
and
next,
please-
and
in
this
in
this
slide-
are
they
to
be
ref
a
1000,
a
100,000,
BRF
and
100,000
to-
and
this
is
the
number
of
the
prefix
in
english
next
piece.
I
I
Because
this,
the
region
validation,
was
active,
activate
in
twenty
four
nodes
and
it
was
necessary
to
generate
a
little
patch
of
our
ions
in
the
equipment's
of
the
MPLS
science.
The
information
in
the
media,
P
Road,
is
not
in
the
VDP
global
mouth,
but
inside
the
BRF
into
the
other
family.
So
it
was
possible
to
activate
the
validation
in
the
artist
family
in
order
to
validate
the
no
roads
contain
in,
in
turn,
in
the
bf
in
the
following
form.
I
I
100,000
bf,
the
summary
of
results
in
this.
These
face
is
100,000
once
1,100
seen,
15
sign,
perfect,
set
size,
the
first
training,
three
thousand
twenty
twenty
twenty
hundred,
twenty
eight
professional
strain
it
and
the
most
important
date
is
is
in
this
moment
the
patch
we
was
applied
into
equipments
Nokia
is
in
development,
but
the
iOS
demos
for
the
equipment,
certainty,
7750,
Nokia,.
I
These
are
the
report.
We
arrived
100,000
report
and
you
can
see
they
not
found
valid
and
invalid
rule
a
prefixes
in
in
a
roots
from
the
nap
Colombia
and
intern
and
commercial
internet,
and
this
Andes,
the
report,
one
hundred
thousand
to
the
graphics,
has
not
found
valid
invalid
in
these
prefixes.
These
prefixes
are
read
Clara
and
the
number
of
day
a
a.
I
E
E
Me
I'ma
Randy,
Bush,
irj,
nice
work,
Thanks.
C
E
You
analyzed
the
invalids,
in
other
words,
those
that
small
percentage
that's
invalid.
Are
they
due
to
a
s,
violations
or
oops?
Sorry.
Are
they
due
to
a
s
violations?
Are
they
due
to
be
the
classic
aggregation
Diego?
You
know
wrong
prefix
length,
do
you
know,
have
you
looked
at
them
and
by
the
way,
congratulations
to
America
latina
to
be
no
lead
on
this
period.
I
think
it's
really
cool,
but
have
you
looked
at
the
invalids
to
see
why
they're
invalid
I.
I
L
I
G
So,
yes,
all
right
on
the
right
and
to
see
RPI
validator
that
you
using
and
slurm
it
doesn't
support
the
current
slurm
document,
but
it
has
the
same
functionality
in
it
in
a
different
format.
So,
at
least
with
regards
to
row
house,
which
is
what
you're
interested
in
so
you
can
do
the
same
things
as
you
can
do
its
norm
in
that
validator,
using
a
slightly
different
format
so
for
your
experiment,
I
think
it
should
not
matter.
In
short,
thanks.
K
Just
to
clarify
these
are
planned
things
right,
so
there's
no
experimentation
going
on
yet,
but
there's
some
interest
because
there's
some
of
the
resources
that
ran
out
the
has
that
they
need
to
advertise
internally
and
to
other
people.
So
they
want
to
experiment
with
that,
I'm
sure
that
they
will
be
in
touch
with
you
guys
exactly
how
to
get
that
done.
Eventually.
Yes,.
G
On
that
subject,
I
don't
want
to
steal
too
much
my
time,
but
we're
also
working
on
a
new
version
of
the
RPI
validator.
So
at
some
point,
when
that
is
ready
for
first
use,
I
would
be
very
interested
to
talk
to
you
and
anybody
else
who
wants
to
try
it
out
and
give
us
feedback
on
how
it's
working
and
features
etc.
L
M
M
Actually
this
was
kicked
off
by
Andy
as
well
just
to
make
this
clear
I'm
not
talking
about
any
research
I'm
more
talking
about
stuff
that
I
collected
and
which
is
publicly
available
anyway.
So
so,
what
is
the
knife
speed
just
to
remind
us
and
XP?
Is
a
company
or
an
Europe,
more
an
association
where
that
interconnects
people
and
autonomous
systems-
and
this
is
also
difference
between
how
an
XPS
operated
in
the
u.s.
M
compared
to
Europe
and
Europe,
the
mostly
associations
and
this
piece
do
a
lot
of
community
building
organized
technical
meetings
to
provide
as
a
members
with
new
updates,
and
our
experience
was
actually
is
that
this
helps
also
with
deploying
a
PKI.
We
had
several
times
the
case
that,
after
after
meetings
where
we
talked
about
epic,
a
is
that
the
members
started
to
create
the
words
and
actually
also
think
about
seriously
to
implement
filtering
on
the
about
us
on
the
technical
side.
M
M
Okay,
it's
low,
but
this
what
this
is
I
whatever
doing
and
I
means
I
experiment
must
do
not
usually
appear
directly
with
each
other,
but
peers
without
servants
are
out
server
then
distributed
BGP
applet
messages
to
these
members.
Obviously
not
all
XP
members
do
this
public
viewing
without
service,
but
most
of
them
and
yeah,
and
then
you
can
also
think
about
how
to
leverage
this
word
server
to
improve
security,
which,
in
this
context
means
that
our
Java
is
doing
the
origin
validation
instead
of
the
PS
itself,
and
some
people
argue.
M
That
is
not
a
good
idea
to
outer
security.
But
if
you
think
about
this
more
carefully,
then
you
have
two
options:
I
mean
either.
You
do
not
trust
the
route
server.
Then
you
have
to
deploy
actually
the
origin
validation
on
your
own
routers
or
you
trust
about
server,
and
then
you
can
also
benefit
from
these
functions
or
tautomerization
under
what
server
itself
next
slide
and
yeah.
Now,
what
are
the
options?
How
an
IXP
gets
involved
into
a
Epica
are
not
involved,
I
mean
they
can
do
nothing.
M
Ok,
that's
a
boring
thing,
and
but
there
are
also
three
other
options.
One
is
to
just
provide
a
application
server
for
their
members
to
ease
the
start
of
the
deployment
and
they
can
also
do
the
origin,
validation
on
the
route
server
and
then
take
the
BGP
updates.
I
mean
in
general.
Remote
server
should
act
transparently,
but
in
this
case
it
also
would
at
a
specific
community
that
Express
the
validation
state
of
savate,
there's
also
a
draft
on
this
topic
in
this
working
groups.
M
It's
a
lots
of
our
applique
light
draft
and
finally,
the
route
server
can
also
actively
filter
the
updates
based
on
the
validation
outcome.
So
this
is
a
three
major
options
that
an
XP
can
do
to
get
involved
into
Africa.
Now
the
question
is
which
I
experienced?
What
next
slide?
Please?
So
one
of
the
first
I
explained
that
not
only
provided
a
cache,
server
and
validation
taking
but
also
active
filtering
was
a
ixp
in
VO.
So
I
started
this
in
2013,
it's
a
little
bit.
Actually,
if
this
is
an
opt-out
service,
but
they
do
filtering
more.
M
So
the
members
also
voted
for
default
filtering
of
invalid
prefixes.
So
since
October
2017
at
this
October
2017
and
this
legacy
route,
server
filters
per
default
or
invalid
prefixes
based
on
the
applique
I
and
only
very
few
members
actually
opted
out
of
this
option.
Yeah
there's
also
the
Fanta
X
and
that
provides
cursor
validation,
taking
since
quite
a
while
and
announced
that
I
will
introduce
filtering
per
default
until
end
of
this
year,
which
is
also
pretty
cool,
I
would
say
next
slide.
M
There
are
few
other
ixps,
particularly
in
the
Latin
American
region,
that
provide
validation
and
tagging
next
slide
and
a
few
more
I
experiment
or
in
South
Africa.
Also
colombia,
colombian
and
japan
said,
provide
public
caches
and,
as
I
have
few
other
explanation,
the
London
internet
exchange
Minh
said
it's
a
moment:
do
not
provide
actively
infrastructure
for
applique
I,
but
do
some
testing
and
considering
to
deploy
some
kind
of
epic
I
support,
most
likely
tagging
in
the
near
future.
M
So,
to
conclude,
thanks
to
those
guys
who
picked
this
off
and
answered
my
question
and
this,
the
current
I
would
say:
epic
I
in
the
domain
of
internet
exchange,
but
it's
quite
good.
I
mean
quite
diverse,
set
of
ixps
support.
A
PKI
and
one
of
the
largest
actually
filters
invalid
prefixes,
based
on
a
PKI
by
default.
So
surprisingly,
but
quite
cool
for
my
I
mean
I
was
quite
happy
to
see
this,
that's
more
or
less
it
last
slide.
M
This
is
unrelated
to
the
ISPs,
but
since
beginning
of
this
year
week,
there's
also
an
additional,
a
PKI
implementation
available
that
supports
prefix,
ultra
validation
on
November
14.
An
extension
was
merged
into
the
new
free
range
routing
implementation,
which
is
a
fork
of
krogger
BGP
demon.
So
this
is
also
not
a
bit
I
would
say
so.
Yeah
I
mean
really
crew
from
the
XP
site,
a
particular
time.
Six
community
set
filters
invalid
spur
default,
hopefully
as
a
follow.
Yes,
it.
D
M
E
H
M
I
mean
as
far
as
I
know
nothing
fancy
I
mean
dropping
invalids
without
deep
offense
I
mean
dropping
or
not.
That's
it.
No
special
policies,
I
mean
what
you,
what
you
can
the
I
mean.
Usually
the
I-x
premium
in
particular
was
m6,
has
an
option
to
say:
okay,
we
do
the
hot
service
should
do
the
fitting
or
should
not
do
the
filtering
or
just
taking
suits
it.
I.
H
M
Event
I
mean
what
you
see
with
an
m6
example
that
obviously
the
members
I
mean
they
are
fine,
that
embeds
are
dropped
done
right.
They
explicitly
voted
for
this
option
and
nothing
more
I
mean
no
special
configuration
or
power
corner
configuration
or
something
like
this
they're
completely
fine,
just
pops
in
minutes.
D
D
M
M
Undulant
just
also
a
society
mark
I
mean
there
was
not
significant
traffic
loss
because
of
filtering
the
invalids.
It
Sam
sticks
at
least,
and
those
of
you
who
are
more
interested
in
this
avoids
a
lightning
talk
at
the
last
web
meeting
on
this.
If
you
google
for
wiped
75
and
a
PKI
I'm
six,
we
will
find
this
lighting
and
also
some
statistics.
How
many
prefixes
are
invalid,
valid,
not
found
and
how
many
members
opt
out
offices
option
I.
M
As
I
said,
I
mean
the
actual
numbers
and
the
static,
at
least
for
the
m6.
There
are
roughly
10%
of
the
prefixes
are
valid
and
only
very
few
are
invalid.
I
mean
I
think
it
was
less
1,
1
%
very
few,
but
the
actual
numbers
adds
a
slight
x-type
75
4
times
6,
and
so
it's
not
as
bad
as
people
actually
might
sing,
and
it's
also
probably
do
because
I
mean
some
years
passed
already
and
we
a
lot
of
operators
learn
from
this
warm.
M
A
N
N
N
N
So,
according
our
coroner
states,
statist
data
in
the
waters
they
are
on.
The
total
number
always
is
around
seven
thousand
hallways,
but
there
are
so
number
of
hours
with
a
single
prefix
is
around
three
thousand
on
the
number
of
hours
with
the
multiple
IP
address.
Prefix
is
or
a
know,
four
thousand.
So
so
that
means
there
are
four
four
four
four
thousand
now
eight
objects.
There
will
have
a
runner.
N
So,
for
example,
we
if
we
add
a
new
recorder,
for
example,
2
2
0,
3,
total
0,
1
1
3,
taught
us
0,
1
2,
8
r,
/
28,
since
a
new
added
new
ideas
recorder.
But
I
mean
it's
a
is
PMA
misconfigure
oak,
miss
typo,
2,
0,
4,
2,
0,
0,
3,
2,
0
4,
so
so
some
by
mistake
or
by
miss
typo.
So
there
will
cause
some
problems,
so
our
objective
was
revoked
hit
by,
because
is
peace
missile
configuration.
So
this
is
a
reverse.
N
So
the
update
of
the
re
contain
multiple
IP
address.
Prefix
we
only
to
a
redundant
the
transformation
between
IP
and
PGP
erodes
so
freeing.
The
updates
of
those
RS
will
increase
the
conventions.
Time
of
a
PDP
routers
and
reduce
their
performance,
obviously
so
our
suggestions,
the
considerations
also
so
my
idea
is
we
we
suggest
that
convert
the
number
of
ours
came
out
here.
Ip
address
should
I
be
limited
to
limited
tools
or
some
fixed
number,
so
this
is
SOI,
so
these
jobs,
our
main
idea,
comments
our
come.
N
If
you
any
questions
that
may
better
who
send
it
to
SoCo,
salsa
and
also
many
nice,
because
I'm,
no,
not
her
the
cause
of
this
draft,
oh
I
I
can
collect
comments
or
questions,
but
I
cannot
answer
help
answer.
Thank
you.
E
Randy
Pausch
I
oj
I,
think
this
dress
has
much
improved.
I
have
read
the
current
status
essentially
says
one
prefix
one
row
is
my
reading,
which
agrees
I.
Think
with
what
we
said
last
time,
I'd
like
to
ask
the
CAS
at
the
RI
ours,
George,
Carlos,
etc.
G
Yeah
we
spoke
about
this
in
the
past
and
I
agreed
that
that
should
be
the
direction
in
the
past.
The
thought
was,
let's
limit
the
amount
of
row
objects,
which
is
why
we
went
for
faith
sharing
and
we
have
code
in
place
that
safeguards
that
whenever
there's
a
change
in
resources,
we
reissue
row
as
so
I'm,
quite
confident
that
we
won't
end
up
in
a
nasty
situation.
G
C
O
E
O
But
what
normally
happens
is
that
algorithm
implementers
might
be
a
little
lazy
and
then
they
say:
ok
I
make
my
use
cases,
I
use
ID
to
ID,
3,
ID
485
and
then
in
two
or
three
or
four
years.
If
you
have
another
algorithm
that
has
in
the
ID
2,
then
I
have
to
change
my
my
use
cases
or
so
forth.
Well,
I
want
to
write
a
best
practice,
RC
or
some
documentation
and
I
make
experiments
in
there.
O
Where
maybe
I
have
a
bad
algorithm
or
something
like
this,
and
if
I
would
now
say,
the
bad
algorithm
is
ID
2
and
then
ID
2
gets
assigned
to
another
algorithm
I
think
that
would
not
be
such
a
great
idea.
So
the
idea
what
I
have
is
two:
you
see
upper
range
of
algorithms,
IDs
like
from
254.
No,
let
me
go
one
back
to
50
1
to
254
and
just
reserves
them
to
private
use.
O
What
also
has
Uniting
that
in
case
I
have
some
experiments
and
it
would
leak
out
what
normally
I
can't
see,
but
maybe
it
does,
then
these
augers
and
blocks
could
be
ignored
completely.
So
I
have
a
little
X
example.
What
I
want
to
show
here
so,
for
example,
I,
have
four
outers
and
they
have
router
a
has
algorithm
ID
250
251,
router,
B,
251,
252,
router,
C,
252,
253
and
router
D
is
the
same
like
router,
B
and
the
ID
is
down.
There
are
basically
the
IDS
of
algorithms
what's
a
support.
O
So
if
I
now
look
into
the
RC
8205,
we
have
the
signature
blocks
and
in
theory,
I
can
have
an
infinite
number
of
signature
blocks
in
the
code.
But
the
RFC
says:
I'm
only
allowed
to
have
two.
So
now,
if
I'm
at
router
be
in
router,
B
definitely
does
not
provide
C
signature
block
the
CIT
250
from
router
a
then
add
router
D
I
do
not
want
to
see
the
signature
block,
so
I
can
create
tests
where
I
can
really
test
my
implementation
see.
O
Does
it
perform
the
way
the
RFC
expects
it
to
perform
or
not,
and
so
that
allows
me
then
to
create
test
vectors
that
I
can
put
on
github
or
something
else
and
other
implementers
can
use
the
same.
It's
the
same
things.
So
that's
basically
let
me
see
yeah,
so
the
next
step
from
here
would
be
basically
to
request
these
four
numbers.
I
was
talking
a
little
bit
this
key.
You
are
before
and
others
so
they're,
basically
multiple
options.
O
E
E
O
You
want
to
go
so.
Basically
what
I
would
say
is
that
every
every
system
and
normal
operation
mode
should
or
must
ignore
that
now
I'm,
an
implementer
I
can
go
into
code
Nick
and
hard
code.
Okay,
no
algorithm!
One
I,
give
you
no
IT.
This
and
I
give
you
I
do
that
and
it's
more
really
for
the
implementer
for
the
vendor,
it's
not
for
for
the
user
of
the
of
the
of
the
router.
So
it's
really
something
that
allows
me
to
to
create
test
vectors
for
implementers
and.
E
G
G
It
currently
covers
a
definition
of
an
RBI
society
object
that
contains
a
tell
that
is
then
used
as
a
mechanism
to
signal
a
change
in
where
a
anchor
certificate
may
be
retrieved
or
the
other
use
case
defined.
There
is
that
it
can
be
used
to
signal
a
changing
key
with
pre-staging
setting
everything
up
then
signalling
publishing
an
object
so
that
it
can
be
found
by
relying
parties
and
ultimately
withdrawing
the
old
key
leaving
a
pointer
to
the
new
location.
G
But
this
document
can
use
feedback.
It's
why
I,
don't
think
it's
nearly
finished,
so
I
would
really
welcome
feedback
on
it.
Other
things
may
also
be
discussed
like
maybe
we
should
actually
look
at
pre
provisioning,
a
new
key
in
case
the
current
key
is
lost,
and
if
and
when
we
do
that,
based
on
that
outcome,
we
may
want
to
look
apply
similar
mechanism
again
to
plant
key
roles.
G
D
D
D
Which,
obviously,
which
obviously
did
not
attack
the
content
and
I,
did
not
note
significant
communication
when
the
change
was
put
into
effect
late
at
the
end
of
the
previous
quarter,
I
think
I
think
that
stuff
were.
We
really
should
have
more
reporting
and
likely
more
discussion
in
Versailles
drops,
since
this
is
stuff
I'm,
pretty
sure
that
is
relevant
for
people
operating
in
the
area
or
considering
and
evaluating
the
value
of
moving
into
operating,
rpki,
stuff
and
I
would
be
slightly
surprised
if
no
one
is
in
the
room
who
share,
who.
E
A
A
I,
don't
want
to
drill
down
to
that
I
I
understand
there
are
some
politics.
That's
not
super
critical
to
me
right
now,
so
this
has
happened
now
there
are
ARS,
publish
a
zero
size
zero'
for
purposes
of
transfer.
Let's
say
of
resources
between
regions
between
our
ers.
So
now
we're
in
a
situation
where
my
resources
could
be
signed
in
more
than
one
RIR
and
from
the
other
side
of
the
world.
It
may
be
unclear
whether
I'm
transferring
or
somebody
made
a
mistake.
A
E
A
E
A
M
H
A
H
Could
be
black
helicopters,
it
could
be
local
law
enforcement
in
countries
around
the
world
if
I'm,
let's
say
a
government
agency
and
somewhere
around
the
world,
someone
could
exert
pressure
to
allow
a
different
or
I
are
to
sign
Aurora
for
a
longer
prefix.
For
my
routes,
I
would
be
concerned.
Thank
you.
D
D
Reinforcing
Randi
first
first
step
I'm
talking
I'm
asking
about
well:
okay:
are
we
actually
getting
sufficient
communication
and
information
without
with
with
more
and
better
information,
we
might
actually
find
ways
to
find
things
agreeable
that
are
not
that
clear
at
the
moment
for
institutions
thinking
about
well,
okay,
how
much
can
we
trust
all
of
this?
One
even
might
go
to
the
legalistic
view
of
looking
at
the
CP
of
the
whole
system
and
at
the
CPS
of
some
of
ECAs
and
question
whether
the
text
that's
there
is
actually
subverted
by
what
is
happening.
E
G
Yeah
Tim
Wise
right
MCC
I
cannot
speak
for
anybody
else.
So
yes,
unfortunately,
there
are
politics
here
and
constraints.
I
can't
solve
them.
I
doubt
that
anybody
in
this
room
consultant,
but
on
the
communication
proms,
we
did
not
sense
the
update
that
we
did
to
side.
Our
ops
I
can
make
sure
that
that
happens.
We
did
send
it
out
on
other
channels.
We
do
explain
how
a
structure
works.
In
effect,
we
had
a
zero
zero
at
the
roots
that
is
offline.
G
Then
we
have
an
online
component
beyond
that
that
we
can
operate
in
production
from
that
we
got
a
third
level
certificate.
That
also
reflects
the
resources
that
we
publish
in
other
sources,
such
as
among
our
stats
and
from
that
we
issued
to
members'.
So
even
though
we
over
claimed
at
the
top,
you
can
verify
that
it's
consistently
what
we
see
in
other
places.
We
also
publish
transfers
that
are
complete.
So
that's
one
other
source
of
data.
You
can
look
at.
P
P
Well,
what
we're
doing
deal
I
don't
want
to
get
into
the
politics,
because
that's
kind
of
futile
the
thing
is
there
have
been
cases
in
the
past
where
some
large
monopolies
that
had
a
control
point
has
done
something
that
was
technically
stupid
and
some
portion
of
the
IGF
has
called
them
on
it
and
sometimes
they
back
down.
You
may
recall
a
thing
called
site:
finder.
Okay,
maybe
it
would
work
if
we
actually
wrote
up
all
the
things
that
are
horribly
wrong
with
this,
maybe
it
wouldn't,
but
it
might
be
worth
a
try.
A
Chris
tomorrow,
Google
so
Rob,
that's,
that's
sort
of
where
I
was
trying
to
get
to
is.
We
might
need
some
monitoring
and
management
stuff,
but
we
maybe
also
should
write
something
down
about.
Is
this
a
good
idea
or
not?
Oh
sorry,
I'm
not
eating
the
mic
enough
says
Randy
again,
we
may
need
some
monitoring
and
management
work
done
for
operating
the
network
stuff
that
we
have,
but
maybe
we
should
also
take
the
time,
as
Rob
said,
to
write
down
what
this
is
good
or
bad
for.
D
What
we
have
seen
recently
kind
of
fits
into
a
pattern
that
does
not
look
very
nice,
but
yes,
it
need,
we
need,
we
need
documentation
and
for
while
oke
referring
referring
to
Tim's
comments.
Yes,
Tim
did
show
me
a
web
page
that
explains
the
hierarchy
that
variety
she
is
using.
I
didn't
see
something
like
that
from
the
NRO
and
sorry
I,
I'm
too
lazy
to
go
out
and
investigate
every
every
other
root
CA,
whether
they
and
were
they
actually
published.
E
D
E
A
E
A
Okay,
so
so
that
mean
that
means
we're
kind
of
back
to
shouting
into
the
wind
and
writing.
Something
perhaps
brief
to
send
to
the
IAB
and
say
hey:
this
thing
happened.
Maybe
we
should
think
about
the
impact
of
that.
That
seems
fine.
The
other
thing
is
perhaps
I,
don't
know
and
I'm
not
going
to
try
and
get
into
the
I.
Try
avoid
the
politics
here.
I,
don't
know
that
the
re
ours
have
a
responsibility
to
the
IETF
proper.
They
have
the
responsibility
to
the
Internet
and
to
their
particular
community.
D
Q
Carlos
lacnic
going
to
your
point
crease.
Yes,
indeed,
they
are
IRS
feel
that
they
have
a
responsibility
towards
their
communities,
I'm,
not
exactly
sure
what
they
feel
about
the
responsibility
towards
the
ATF
I'm,
not
saying
there
is
none,
but
it's
probably
not
as
strong
as
the
responsibility
they
feel
towards
their
communities.
There
was
communication
going
on
to
our
community.
There
was
an
open
call
for
comments
on
the
movement
to
0/0
and
we
got
exactly
zero
comments
earlier
I
know
you
were
aware
of
the
public
consultation.
Did
you
submit
something.
D
The
community
no
I'm,
not
aware
of
anything
and
anyway
anyway,
the
anello
statement
by
John
went
out
something
like
a
week
before
the
park.
The
park,
ietf
and
unfortunately,
I
was
in
personal
circumstance
that
disabled
me
and
I
should
not
have
when
a
gun
to
Prague,
for
that
and
I
probably
would
have
made
made
noise
in
Prague
if
I
was
not
somewhat
handicapped
but
anyway,
one
one.
One
comment
on
the
responsibility.
D
The
the
Internet
at
the
the
number
distribution
is
for
running
the
Internet
and
it
does
not
work
if
any
of
regions
works
on
some
localized
special
interest.
That
would
yeah.
If,
if,
if
we
are
IRS
decided
to
go
that
way,
I
think
they
should
grab
up
a
penis
should
grab
a
hundred
no
up
20
20
20
elsewhere
used
Class,
A's
and
distributed
to
China
and
India.
R
Yeah
Danny
McPherson
I
just
wanted
to
observe
that
the
IB
did
comment
on
this
in
2010
and
I.
Don't
think
they
said
anything
else,
so
someone
may
want
to
ask
them
to
clarify
their
comments.
It
was
specifically
on
this
issue
if
I
recall
correctly,
and
it
hasn't
changed,
and
it's
one
of
the
reasons
why
I
think
a
lot
of
the
people
have
some
concerns
with
rpki
and
I.
R
Think
if
I
had
an
issue
with
what
recently
occurred,
then
I
proud
if
I
cared
I
would
probably
use
my
RA
our
membership
I'm,
not
sure
that
this
is
the
right
place,
but
I
think
that
anybody
that
swats
could
probably
suspect
that
the
RER
is
where
they
said.
This
is
an
artifact
of
the
architecture
and
the
implications
on
re
ours,
not
just
about
the
RRS
wanting
to
do
things
to
protect
themselves.
E
Right,
Randy,
Bush
IJ,
the
2010
thing
with
the
single
root,
not
the
process
of
how
CA
structures
changes
being
discussed
with
the
community
before
being
executed.
Ruettiger
Doug.
Do
we
want
to
work
on
a
skeleton
of
a
document
to
carry
to
the
IAB
to
say,
there's
concern
about
this?
Could
I
mean
we
can
forever
it's
it's
nice
to
have
a
change
from
Bishan
about
I
can.
But
you
know.