►
From YouTube: IETF100-STIR-20171114-1330
Description
STIR meeting session at IETF100
2017/11/14 1330
https://datatracker.ietf.org/meeting/100/proceedings/
A
B
B
C
D
Hi
John
Peterson,
so
Chris
we
didn't
actually
do
anything
on
our
CD
this
time
did
we
yeah.
So
what
has
been
happening?
Whoever's
people
have
been
a
bit
concerned
about
the
situation
with
ster
certs
and
indeed
the
entire
bundle.
So
we
put
together
a
few
slides
and
talk
to
you
about
kind
of.
What's
going
on
with
that
and
I
think
so
we
may
take
our
CD
off
the
agenda
and
do
that
instead.
Well,
do
that
we'll
do
that
right
after
the
administrivia.
B
B
E
Okay,
good
afternoon
everybody,
this
is
a
update
on
the
passport
extension
for
a
resource
priority.
Header
next
slide
background
is,
you
know,
you
know
basically
we're
adding
a
passport
extension
in
order
to
sign
the
resource
priority
header,
you
know
for
various
different
priority
services
from
mission
critical
to
government
priority
services,
there's
also
an
R
pH
for
civilian
9-1-1,
and
quite
a
few
of
them
for
this
as
well.
E
The
idea
here
is
that
you
know
these
calls
are
given
priority.
Routing
priority
queuing
priority
access
for
wireless
as
an
example,
and
so
by
having
the
authentication
carrier
signed
the
rph
it
will
validate
to
a
downstream
carrier
that
they
should
offer
the
you
know
priority
processing
for
that
call
session.
Okay,
the
zeros
real
draft
was
presented
at
interim
meeting,
received
comments.
It
was
updated
for
the
last
IMT
F
and
since
then
we
received
additional
comments
and
next
slide.
E
Okay,
so
comment,
one
was
to
clarify
if
the
our
pH
attestation
requires
a
second
passport
object
with
another
signature.
In
addition
to
the
passport
object
used
for
the
calling
telephone
number
and
the
answer
to
that's.
Yes,
it's
a
it's
a
separate
extension.
This
passport
object
is
used
to
provide
attestation
of
a
calling
users
authorization
for
priority
services.
This
is
necessary
in
addition
to
the
passport
object,
that's
used
for
the
calling
user
and
telephone
number.
So
basically,
what
we're
testing
to
is
that
this
is
a
priority
user
and
the
priority
level
of
the
user.
E
Other
comment
was:
there
was
inconsistent
reference
in
Section
five,
the
document
quest
value
for
a
namespace
which
is
specified
in
this,
so
we
updated
the
reference
and
clarified
the
text.
In
paragraph
two
section,
five
anew
and
registration
has
been
defined
to
hold
the
potential
values
of
the
rph
array
c
section
6.2
definition
of
our
pH
claim
maybe
have
one
or
more
additional
information
field.
E
Details
of
such
our
pH
plane
to
encompass
other
data
elements
are
left
for
a
future
version
of
this
specification
and
then
in
62
was
revised
that
the
specification
requests
that
I
Ana
had
a
new
entry
to
the
passport
types
registry
for
the
type
our
pH,
which
specified
in
this
RC.
This
specification
also
request
the
I
Ana
create
a
new
registry
for
the
passport,
our
pH
types
registration
of
a
new
passport,
our
pH
type,
shall
be
under
the
specification
required
policy.
E
This
registry
is
to
be
initially
populated,
with
a
single
value
for
auth
next
slide,
which
is
tribute
last
one.
The
document
is
in
currently
in
working
group
last
call
so
far
in
working
group
last
call:
we've
have
gotten
support
people
reading
the
draft
there,
but
if
any
changes
do
come
up,
we
will
address
those
changes
during
working
last
call.
Thank
you.
G
H
D
D
So
a
thing
can
happen
in
the
ITF
process
and
I've
been
around
here
a
little
while
I've
seen
this
happen
from
time
to
time.
You
know
we
have
these
working
group
last
calls.
We
have
idea
last
calls.
I
can
get
this
to
actually
stick.
Maybe
not.
D
We
have
working
group
last
calls.
We
have
ITF
last
calls,
but
you
know
sometimes
enlightened
people
maybe
are
too
busy
to
read
things
during
that
time.
They
get
tea
operas,
maybe
even
after
the
is
geez
actually
proved
a
document.
In
this
case,
our
good
friend,
Martin
Thompson
you'd,
have
a
hard
time.
Finding
someone
who
understands
HTTP
better
than
him
had
some
comments
that
he
sent
to
the
list.
This
was
actually
around
the
last
ITF
meeting
and
we've
spent
a
bit
of
time
trying
to
figure
out
what
we
could
do
to
mitigate
these
concepts.
D
These
these
comments
without
having
to
basically
withdraw,
starts
from
the
RFC
editors
queue.
I
think,
unfortunately,
we're
now
persuaded
that
that
is
not
going
to
be
possible.
We
are
going
to
have
to
withdraw
zoster
certs
very
briefly,
and
you'll
see
I'm
going
to
go
through
kind
of
what
I
think
the
surgery
is.
That
needs
to
be
done.
This
is
important,
though,
because
the
working
group
needs
to
buy
off
on
the
things
we're
going
to
be
changing
in
stir
certs.
So
please
do
listen.
I'll
try
to
go
through
and
explain
what
they
are.
D
You
see
things
that
sound
like
showstoppers.
Let
me
know
next,
please,
okay,
what
is
I,
what
is
AI
a
so
unfortunately,
this
discussion
has
largely
been
between
Martin
and
Shawn
Turner
Shawn
churner
is
one
of
the
world's
leading
experts
on
x.509
I
am
NOT.
I
will
do
my
best.
Maybe
rich
can
pitch
in
for
me
if
I
get
in
trouble
here
to
explain
what
what
the
issues
are.
Aia
is
something
that's
a
field,
that's
in
x.509
that
actually
lets
you
reference
like
a
web
page
like
a
URL,
an
external
entity
through
it.
D
We
use
this
in
Stara
certs
for
one
very
interesting
property.
We
have
this
concept
of
something
called
a
TN
auth
list,
which
is
a
kind
of
list
of
things
like
OC
ends.
These
service
provider
codes
or
telephone
numbers
that
can
appear
with
any
certificate.
This
kind
of
gives
you
a
sense
of
what
kind
of
certificate
you
need
to
have
be
able
to
sign
for
a
call
to
prove
that
you're,
actually
a
authority
for
the
calling
party
number
it
publicity
could
get
really
big.
D
So
big
that
we
were
concerned,
there
should
be
a
way
to
do
it
by
reference
rather
than
just
by
value.
So
you
don't
have
this,
sir,
that
had
over
500.
That
was
in
numbers
right
in
it,
so
we
said,
let's
just
find
a
way
to
get
like
a
web
reference
for
that.
So
there's
a
couple
of
things:
we
didn't
that
that
weren't,
really
as
considered
as
they
should
have
been.
This
is
the
first
one
of
them.
We
didn't
really
say
that
this
would
be
a
constraint
on
any
delegated
cert.
D
So
in
other
words,
imagine
you
have
one.
Sir!
That's
for
$500,000
mark
five
hundred
thousand
numbers.
Martin
Dali
wants
one
surrett.
That's
are
like
all
the
numbers
that
are
AT&T,
so
millions
and
millions
of
numbers.
If
he
then
delegated
to
a
service
bureau.
Some
you
know
to
suniverse
be
able
to
do
like
the
SMS
stuff
for
some
of
those
numbers.
Are
they
constrained
by
the
set
of
numbers
that
were
in
the
AIA
of
the
original
cert
or
not?
We
just
didn't
say
so.
We
need
to
fix
that.
D
That's
an
easy
fix,
I
think
I
didn't
text
we've
got.
There
is
gonna
fix
that
pretty
much
straight
up
next
level.
This
is
another
real
kind
of
technicality
of
x.509
of
what
it
means
for
these
extensions
to
be
the
critical
path.
The
problem
is
that
AIA
is
a
non
critical
extension
and
that's
not
something
that
we're
gonna
change
for
a
variety
of
reasons,
but
what
we
can
do
instead
to
kind
of
mitigate
that
is
to
put
in
a
must
for
behavior
for
people
that
are
using
AI
I
for
a
particular
context.
D
That's
what
we're
gonna
do,
but
that
is
exactly
the
kind
of
thing
that
gets
your
document
removed
from
the
RFC
editors
queue.
If
you
add,
must
you
got
to
go
home
and
get
it
done
again?
So,
basically,
imagine
we're
doing
a
last
call
on
this.
It'll
be
an
abbreviated
one.
We're
to
do
this
as
quickly
as
we
can
to
make
sure
that
people
are
cool
with
this
language.
D
So
if
we're
reading
this
language
and
I
know,
this
is
something
that
you
know
again,
probably
only
Martin
Thompson
and
Shawn
Turner
in
this
room
other
than
Mitch
care
about,
but
like
getting
this
language
right
is
important
for
this
and
if
anybody's
looking
at
this
and
things,
we
got
a
problem
rich.
This
basically
seemed
cool
to
you
or
doing.
D
I
D
I
Bad
here,
but
can
I
ask
a
question.
The
last
slide,
just
a
clarification
cuz
that
talks
about
limits
of
set
of
tens,
but
is
this
than
a
requirement
for
a
service
provider
codes?
Let
me
use
those
so.
D
I
D
Next
slide,
so
if
you're
an
HTTP
geek,
you
know
that
just
saying
hey,
there's
some
arbitrary
data
on
the
other
end
of
this
URL
isn't
actually
immensely
useful
need
to
have
some
kind
of
a
Content
capability
negotiation.
So
we
they
say
I.
Don't
support
that
content,
some
ability
to
express
how
you
express
that
content.
It's
actually
going
to
be
encoded
unfortunate.
What
that
means
is
we
need
a
mime
type.
D
So
there
are
a
couple
ways
to
skin
this
cat,
but
this
is
actually
when
you're
asking
how
long
this
is
going
to
take
how
long
we're
gonna
have
to
spend
outside
the
arcs.
The
editor
skew
it's
those
30
days,
basically
that
that
is
the
minimum
time
we're
gonna
spend
because
there
are
these
mime
doctors,
mime,
doctors,
I'm,
sorry,
yes,
Maxum
Tiger,
not
some
time
or
space.
It
could
be
it'll,
be
like
two
weeks
and
that'd
be
great.
D
So,
yes,
we're
gonna,
take
a
hit
from
how
the
mine
doctors
actually
operate
and
this,
but
what
this
will
allow
you
to
do
is
feel
assay.
Okay,
there's
now
a
new
mime
type.
What
this
mine
pipe
tells
you
is
their
mind
of
data.
You're
gonna
get
when
you
do
you
reference
the
URL.
That's
in
that
AIA
is
going
to
be
I.
Think
the
proposal
is
application.
D
Next
slide,
actually
think
it's
the
next
slide
to
do
like
application,
TN
auth
list
we
may
do
application
T,
not
list
plus
de
are
like
because
we
might
have
other
encoding
says
that
you
think
that's
a
stupid
idea.
It's
just
because
we
might
actually
I
could
imagine
doing
the
Tia
Nelis
encoding
and
something
doesn't
actually
just
look
like
the
ER.
So.
J
B
J
D
Works
for
me,
that's
what
we
have
here
so
yeah.
So
that's
our
thinking,
we'll
do
this
and
Martin
will
then
be
happy
and
he's
right,
he's
right
in
a
sense
of
especially
for
Ford
compatibility
reasons.
I
could
imagine
a
lot
of
different
ways.
We
won't
want
to
try
to
do
this
in
the
future.
We
should
have
media
types
that
you
can
negotiate
for
this
next
up
yeah.
So
this
is
one.
D
This
is
more
on
me
probably
than
anybody
else
so
like
I
can't
really
make
up
my
mind
whether
I
think
doing
ranges
with
count
with
prefixes
is
better
and
we
kind
of
have
done
this
in
a
scattershot
way
throughout
ster.
We
talk
about
ways
to
handle
this
and
in
modern.
The
spills
over
into
modern
modern
actually
is
much
more
prefix,
based
than
it
is
count
based
though
I
think
like
in
this
instance,
we
left
open
and
access
to
the
extensibility
in
case
you
want
to
do
count.
D
Problems
like
count
really
doesn't
work
rationally
for
large
number
blocks,
the
way
that
our
numbering
plans
are
organized,
and
this
class
example
of
this
is,
if
you
have
the
TN,
you
know,
equals
one
two,
three,
the
count
is
plus
1000.
What
do
you
think
happens?
What
happens
to
all
these
boundary
areas?
You
know
it's
also
number
count
with
a
you
know.
If
you
have
a
TN
that
ends
in
ten,
you
say
the
count
from
this
is
like
91.
Well,
what
does
that
actually
mean
right?
D
How
does
it
spill
over
and
how
do
you
do
it
and
well,
you
know
one
of
the
points
he
made
as
well
is
we
did
for
various
forward
compatibility
reasons,
put
star
and
pound
into
the
valid
syntax.
For
that
number,
what
does
count
mean
or
star
balanced?
No,
this
is
actually
a
non-issue.
You
know
for
reasons
we
can
get
into
that
have
to
do
with
how
divert
works.
D
The
only
reason
we
have
this
in
at
all
is
to
make
divert
work
and
I'll
be
talking
about
divert
again,
if
you
forget
what
that
is,
and
I
can
refresh
this.
If
anyone
really
cares
enough
to
talk
about
it,
but
point
being
we're
gonna
fix
this,
we're
gonna
say
you
don't
use
count
if
there's
star
pound
we're
gonna
open
it
up.
So
there's
a
possibility
of
doing
an
extension
for
prefix
based
number
ranges,
and
this
so
Shawn
knows
the
right
place
in
the
sn1
to
add
a
dot
dot.
D
That'll
make
it
so
we
could,
in
the
future,
put
something
that
we
don't
have
today
right
now
we
produce
only
have
couch
so
yeah
we're
doing
that
and
that's
this
is
a
non-trivial
fix
again.
This
is
all
it's
a
bit
technical,
a
bit
in
the
weeds
of
how
a
send
off
one
works,
which
is
why
Shawn
should
be
here
doing
something
at
me,
but
there's
a
thing
called
quick
and
if
you
guys
have
heard
of
this,
apparently
like
all
the
cool
kids
like
do
quick
these
days.
D
Oh
that's
why
it's
just
us
in
here,
but
yeah
I,
think
we
got
this
if
if
these
kinds
of
things
seem
confusing
or
scary
or
reading
this,
you
do
have
a
better
idea.
Please
let
us
know
because,
like
I
said,
we're
gonna
whip
this
to
a
new
working
group.
Last
call
and
IGF
last
ball
very
quickly.
So
please
do
read
it
understand
it.
No
we're
doing
next
slide.
D
So
Martin
also
pointed
out
that
kind
of,
especially
with
AIA
our
security
considerations,
for
this
are
great
and
there's
a
privacy
problem
with
this.
So
the
whole
concept
that
an
individual
service
provider
might
want
to
have
a
certificate,
that's
responsible
for
like
five
hundred
thousand
numbers,
and
you
can
go
to
reference
the
AAA
and
get
that
list
of
numbers.
Well
that
actually
leaks
some
information
like
in
a
non-trivial
way
right,
maybe
a
servicer,
doesn't
want
you
to
know
what
all
500,000
numbers
are,
that
they
have
that
the
surge
is
responsible
for
it.
D
They
only
want
you
to
know
the
one-
and
we
have
danced
around
this
for
so
long,
like
our
original
plan,
with
OCSP
as
the
way
to
handle.
This
would
be
that
you
would
do
in
OCSP
query
just
for
the
calling
party
number
right
for
a
call
when
it
comes
in.
If
you
throw
line
party-
and
all
you
would
learn
from
the
surd-
is
okay,
this
cert
is
useful
for
this.
There
may
be,
among
others,
but
some
of
you
know
any
of
the
other
numbers
are.
We
have
drifted
away,
though,
and
are
thinking
about
short-lived.
D
Is
there
anybody
who
has
heartburn
with
that?
This
is
actually
one
that
I
think
matters
in
the
sense
of.
If
you,
if
anybody
out
there
really
thinks
they're
gonna
do
certs
that
are
responsible
for
a
large
number
of
numbers
and
so
to
be
clear
to
me.
Assert
that's
responsible
for
like
an
ocn
I
can
go
interrogate
a
database
and
tell
you
every
telephone
number
that
is
associated
with
that
OCA
right.
Those
things
are
interchangeable
quantities
to
me.
D
So
if
you
give
someone
a
service
for
no
seeum,
there,
any
only
know
what
the
numbers
are
that
that
serves
responsible
for
if
we
want
something
that
cuts
that
up
more
finely
the
best
answer,
we
have
now
a
short-lived
certs.
If
buddy
thinks
there's
a
better
answer
than
that,
I'd
like
to
know
what
it
is
and,
of
course
we
have
this
whole
story
about
like
acne
and
about
how
it's
gonna
be
short-lived
sources
like
the
star
stuff,
their
whole
adaptation.
For
this,
it's
all
gonna
be
grows
II.
D
C
C
K
D
Point
of
the
acne
short
lists
are
the
thing:
is
this
any?
This
would
be
purpose-built
for
calls
I
would
when
this
is
what
what
this
star
stuff
in
acne
is.
So,
if
I
have
like
an
acne
account
that
says,
I
have
responsibly
for
500,000
numbers
if
I
need
to
sign
for
a
call,
I'd
go
from
acne
and
acquire
the
cert
for
that
one,
no
one
to
sign
this
one
call
I'm.
D
Sorry,
maybe
maybe
I
didn't
expect
that
yes,
so
this
is
part
of
the
way
we've
written
this
up
in
acne,
we
have
a
short-lived
certain
document
that
says
this
and
start
that
we're
not
talking
about
today,
but
because
we're
still
figuring
out
how
exactly
the
pieces
of
modern
acne
in
store
fit
together
a
little
bit
and
we'll
be
talking
about
that.
A
lot
in
different
places
this
week
throughout
the
week,
but
yeah,
that's
the
plan
though,
or
this
that's
the
best
plan
I've
got
so
far.
It
could
be
there's
a
better
plan.
D
We've
been
thrashing
on
this
for
a
while,
so
but
rich
likes
that
plan
and,
like
I,
say
it's
a
trade
off
from
data
immunization
versus
the
RTT.
At
the
end
of
the
day,
you
take
the
RTT
hit
and
in
this
case
you
you're
taking
at
the
calling
party,
takes
it
right
because
they
have
to
go,
get
the
short-lived
cert
at
the
time
that
they're,
placing
the
call
that
RTT
hit
can
translate
into
post
valve
ally
right,
and
so
you,
you
know,
there's
no
free
lunch
any
of
this,
but.
D
I
L
L
D
L
D
I,
don't
think
we
need
to
have
a
dependency
I.
Think
I,
don't
we're
gonna
put
in
the
security
considerations
is
there
are
gonna,
be
strategies
that
involve
short
that
sir,
it's
it's
it's
we're
not
gonna
end
up
with
a
normative
dependency
on
that
and
there
now
somebody
may
barf
on
that
right
down
the
road
I
can't
promise
they
won't,
but
I
I
think
we
can
get
away
with
it
for.
M
What
it's
worth
the
Chris
went
that
for
what
it's
worth
when
I
did
passport
and
dealt
with
the
media
types
we
were
dealing
with.
It's
may
be
slightly
different,
but
I
think
somewhat
similar,
a
plus
Jason
or
something
like
that,
and
it
didn't
make
sense
in
the
end.
So
I
think
the
argument
back
was
in
fact
I
advocated
for
that,
but
then
got
knocked
down.
So
okay
I
think
it
would
be
similar
here.
I.
D
C
I
M
Last
time
we
met
99
I
submitted
a
zero
zero.
We
talked
about
it.
This
is
the
shaken
passport
extension
document
to
register
the
claims
needed
for
shaken
John
had
given
me
a
comment
about
providing
more
detail
about
the
use
of
a
test
and
Orage
ID
I
did
that
in
the
0-1
submission
I
didn't
receive
any
other
comments,
and
last
time
we
talked
about
work
group,
adoption
I
think
we
were
supposed
to
do
that
on
the
list
and
I,
unfortunately,
didn't
follow
up
on
that.
So
I'll
do
that
right
here,
but
John
I.
D
Just
want
to
say,
I
think
it's
fine,
yeah
I
mean
I,
don't
think
we
needed
much
right.
I
just
wanted
to
know
for,
like
the
values,
a
B
and
C
somebody
reading
an
idea,
so
I
could
know
what
they
were
right.
So,
yes,
that
you
went
through
and
there's
bullet
points
and
they
say
what
it
means
and
that's
that's!
That's
all
we
needed
great
thank.
M
C
N
N
C
Can
ask
for
the
sense
of
the
room
I
is:
can
I
have
a
home
for
those
who
are?
Who
believes
that
we
should
adopt
this
with
the
intention
of
pretty
much
quickly
moving
to
work?
Your
blessed
call
if
you're
in
favor
of
that,
both
both
actions,
please
hum
now,
and
if
you
think
that
we're
not
ready
to
do
that.
Please
some
now!
J
J
D
Sorry
about
that
I
we're
gonna
talk
some
more
about
my
favorite
topic,
stir
out-of-band
next
slide.
This
is
the
general
slide.
Just
I
talk
about
every
time
we
talk
about
stir
out-of-band.
Why
are
we
doing
this?
Why
does
this
matter
so
you
know,
stir
started.
Obviously
from
this
thing
it
was
RFC
4470
for
which
was
attempt
to
put
an
identity
header
intercept
we
built
basically
on
the
same
concept
for
the
way
we
approach
stir
the
problem
with
that,
because
it
is
in
band
and
sip.
D
It
kind
of
assumes
that,
like
end-to-end
IP
is
the
use
case
that
works
for
you
know
at
best,
it
addresses
a
case
where
there's
sip,
endpoints
or
I
should
say
sip
services,
at
least
on
both
sides
of
the
call
and
internet
in
the
middle.
As
such,
it
can't
really
help
with
some
of
these
sip
to
PSTN
cases
or,
more
importantly,
PSTN,
to
PSTN
cases.
Let's
say
that
not
all
of
the
world
is
yet
sit.
D
I
keep
your
encouraging
things
these
days
about
how
much
of
the
world
is
safe,
which
is
good,
I,
think
we're
attacking
this
in
the
right
place,
but
I
still
want
to
have
a
way
that
we
can
make
this
work
for
as
much
of
the
legacy
environment
as
possible,
especially
the
transitional
legacy
environment.
The
real
problem
is
so
much
of
the
things
we
care
about
in
stir.
Come
from
this
IP
GSD
n
calling
pattern
that
use
case.
D
Somebody
on
the
internet
is
like
placing
a
VoIP
call
and
that's
gonna
hit
a
gateway
in
that
gateway
is
eventually
in
a
sense
called
the
PSTN.
It's
gonna
end
up,
trusting
whatever
it
heard
from
the
I
the
internet
side
to
populate
the
called
party
number.
The
next
thing
you
know
you
have.
You
have
Robo
calling
that
it
uses
perfect
impersonation.
D
D
You
know
it's
important
to
point
out
as
well
that,
like
even
some
of
these
IP
to
IP
environments
may
not
pass
identity,
and
that
was
another
one.
The
reasons
that
out-of-band
was
part
of
our
strategy
for
this
from
the
start,
I
know
heading
is
gonna,
be
here
pending,
I
guess
is
not
here
yet
heading
would
will
always
put
it
that
we
needed
to
do
both
of
these
approaches.
Early
on
and
the
chartering
of
ster,
we
decided
to
focus
on
the
in
ban
case
first
and
get
to
out
of
em.
D
D
That's
that's
the
big
idea
here
and
again
this
this.
These
could
be
enterprises
that
are
the
smart
phones.
I
show
there.
They
could
even
be
like
gateways
to
run
by
service
providers
in
a
variety
of
cases.
A
lot
of
the
ways
the
people
I
know
as
strategies
are
looking
at
getting
you
know:
legacy
smaller
providers,
rural
providers
in
on
the
stur
scheme,
it
have
some
kind
of
gateway.
That's
gonna
do
something
not
dissimilar
at
all
to
what
we're
discussing
here
next
slide.
That's
just
to
show
you
the
basic
ontology
of
it.
D
D
They
could
be
run
by
carriers,
they
could
be
run
by
service.
Bureaus
I
can
imagine
a
whole
bunch
of
different
architectures
for
that
so
making
sure
that
the
for
a
given
call
that
the
originating
site
and
turning
side
find
the
same
CPS
symbolize.
That
is
one
of
the
hardest
problems
at
this.
We're
gonna
talk
a
little
bit
about
that
today,
but
mostly
I
want
to
talk
about
a
more
fundamental
issue
than
that,
perhaps
which
is
how
to
make
sure
that
the
right
parties
are
storing
when
retrieving
passports
at
the
cps.
D
So
next
slot-
and
you
know
figuring
out
in
the
first
place,
who
gets
to
store
passports
at
CPS
is
tough.
It
might
not
just
be
that
there's
a
smartphone
there,
as
I
said
there
could
be
ass.
If
you
a
that,
is
then
talking
to
a
gateway
in
the
Gateway
is
the
one
that
wants
to
be
able
to
store
a
passport
I
mean
it
could
be
that
that's
if
you
way
at
the
start
can
sign
and
provide
an
identity
header.
But
there's,
like
you
know
in
that
middle
there,
because
you're
just
going
to
the
Potts
level.
D
Well,
all
that
would
be
lost,
there's
no
way
to
rien
code
stir
until
like
so7,
so
there
would
have
to
be
some
step
here
that
gets
this
up
to
the
CPS
so
that
it's
available
to
the
smartphone.
The
problem
is,
of
course,
that
means
the
conditions
under
which
entities
can
provision
into
the
CPS
passports
were
calls
in.
Progress
have
to
have
pretty
broad
and
permit
you're
permissive
authorization
properties,
and
that
got
us
looking
towards
a
certain
class
of
designs.
So
next
next
slide
as
I
said,
because
we
want
to
we
want
to
optimize
for
privacy.
D
We
need
to
assume
that
the
call
and
call
party
have
no
required
free
association.
We
need
way
to
store
passports,
that's
what
they
can
be
found.
There
has
to
be
some
way
that
we
can
index
these
passports
in
the
CPS
that
minimizes
the
information
that
the
CPS
has
about
calls
that
are
in
progress.
There's
just
a
data
minimization
exercise.
D
You
know
we.
We
looked
at
a
bunch
of
different
semantics
for
this
and
the
main
differences
between
this
version
of
the
draft
and
previous
ones
that
you
might
have
seen.
We
talked
about
a
lot
options
of
like
different
semantics,
for
how
you
might
ask
hey:
is
there
a
call
for
me
at
the
CPS
or
things
like
that?
I
think
we
have
that
locked
down
now
to
a
concrete
story
that
addresses
the
rough
requirements
that
you
see
outlined
on
this
slide
and
we're
gonna
talk
about
that
a
little
bit
right
now
in
the
next
slide.
D
So
this
is
our
thinking.
Passports
are
always
going
to
be
encrypted
going
with
CPS.
It
kind
of
makes
sense
that
they'd
have
to
be
at
the
end
of
the
day,
they're
trying
to
minimize
the
data
that
the
CPS
itself
can
learn,
and
our
thinking
is,
let's
just
allow
pretty
much
anybody
to
store
encrypted
passports
and
they
will
index
them
at
the
called
party's
key,
in
other
words,
we'll
use
the
called
party's
key
as
the
key
in
the
you
know
to
the
database
that
lets
you
find
passports
that
have
been
stored
there.
D
There
couple
properties
of
this
they'll
go
into
that
well,
I
think
that's
interesting.
What
this
doesn't
tell,
whoever
is
that
there
is
now
a
certificate
discovery
mechanism
required
as
a
prerequisite
for
doing
this.
At
all-
and
this
is
a
known
problem-
it's
not
an
easy
problem
and
we
can
talk
about
active
directory's
and
all
the
apps
and
things
like
that
that
people
use
this
kind
of
thing
today.
It's
a
non-trivial
problem.
However,
if
you
can
assume
that
that
problem
is
solvable,
I
think
the
rest
of
this
design,
ultimately
is
tractable.
D
I
mean
go
through
and
talk
about
what
what
we
think
that
might
be
one
hard
edge
on
that
certificate,
discovery
that
we
should
make
clear-
and
this
is
something
that
we've
built
into
stir
and
modern
and
Acme.
Everything
else
we
talked
about
about
does-
is
the
notion
that
there
might
actually
be
multiple
entities
who
are
entitled
to
have
certificates
for
a
particular
destination
number,
and
you
know
some
of
that
might
be
that
there's
a
carrier
who
just
controls
and
ocf
right
and
like
all
the
numbers
of
those
in
are
things
they
control.
D
They
should
have
a
cert
that
should
make
them
eligible
to
retrieve
and
decrypt
a
passport
that
has
been
stored
in
the
CPS.
But
then
there
could
also
be
like
a
service
bureau
they
delegated
to
or
an
enterprise
that
they
delegated
to
you
or
an
end
user
that
delegated
to
who
might
all
have
different
keys,
and
so
because
of
that,
the
key
discovery.
The
key
discovery
problem
may
result
in
learning
multiple
public
keys
having
to
encrypt
a
passport
to
multiple
destinations,
and
indeed
that
that
that
can
make
this
more
complicated
in
some
respects.
D
I
think
that
necessitated
us
making
sure
there
was
indexed
by
the
called
parties
public
key
and
not
by
the
call
parties.
Number
I'll
come
back
to
that
again
in
a
minute
as
well,
but
you
know
once
you're
just
storing
encrypted
passports
like
why
not
just
let
anyone
retrieve
them
right
because,
like
if
you
don't
have
the
corresponding
private
key
or
not
gonna,
be
able
to
decrypt
their
passport
and
know
whether
or
not
there's
a
call
in
progress.
D
N
D
So
this
is
basically
the
way
that
we're
trying
to
minimize
the
amount
of
data
that
is
visible
to
the
CPS.
This
is
the
core
of
the
design,
make
sure
the
passports
are
encrypted,
make
sure
that
they
are
indexed
and
stored
at
the
CPS
under
the
public.
Key
that
you
are
using
to
encrypt
the
passports,
then
people
that
want
to
weigh
at
least
purport
that
they
are
the
targets
of
these
calls
that
they
just
received
a
call
and
they
want
to
know
something's
going
on.
D
They
would
present
basically
that
public
key
to
the
CPS,
the
CPS
would
say.
Oh
here's,
the
passports
kobe-wan
could
be
more
that
are
stored
here
right
now,
corresponding
to
your
public
key.
That's
the
big
idea.
Do
people
get
this
mean
again.
I'm
kind
of
looking
around
and
I
I
know
that
some
people
here
don't
care
about
how
to
band
at
all.
The
only
thing
in
band
is
important,
but
in
the
subset
of
people
here
they're
these
vaguely
interested
in
the
possibility
of
getting
out
of
band
to
work.
People
think
this
is
clear.
D
M
D
D
H
I
D
F
D
O
O
B
If
that
makes
sense,
you
need
to
have
a
comment
on
that.
So
a
question:
if
I
get
20
calls
a
day
versus
a
hundred
calls
a
day,
I'm
going
to
get
more
passports
that
will
have
them
now.
Most
of
I
can
discard
because
I've
seen
them,
but
the
volume
that
so.
D
We
have
some
language
in
there
about
doing
dummy
requests
for
these,
so
for
I'll,
actually
debate
about
saying
anytime
that
you
either
store
or
retrieve
a
passport.
You
should
also
you
should
fake
doing
the
other
at
the
same
time
and
again,
if
you're
paranoid
about
this
by
all
means,
I
would
just
randomly
provision
like
fake
stuff,
whatever
you
want
or
randomly
ask
for
fake
stuff,
it's
something.
B
D
So
the
real
problem
is
that
again,
there's
so
little
entropy
in
this.
All
you
got
is
you
know
the
calling
party
number
of
the
call
party
number
and
a
rough
indication
of
the
time
in
which
the
call
was
launched
and
that
that
last
thing
it's
it's
vague.
It's
like
you
know.
It's
got
a
five
second
margin
of
uncertainty.
Probably
right
five
seconds
would
solve
most
of
the
problems.
Well,
it's
that
sure
so
remember
again
that
these
these
things
have
a
short
life
cycle
in
CPS.
Yeah
like
CPS,
is
gonna
jettison
these
things.
Okay,.
B
B
D
They
expire
and
also
we
do
have
a
story
and
I'll
get
to
this
event.
That
Ecker
has
done
done
if
you
read
his
mail
about
this,
about
trying
to
do
flood
control
to
prevent
like
arbitrary
perm
like
potion
is
chunk
data
and
it's
CPS
so
that
you
get
so
there's
like
fifty
thousand
passports.
When
you
go
ask
your
number
to
have
a
story
about
that.
He's
basically
just
wants
you
go
get
a
token.
That
is
a
pass
that
you're
gonna
unwind
later
that
whole
like.
D
D
It's
it's
a
so
remember,
so
what
can
happen
at
any
time
is
that
there
can
be
multiple
passport,
so
Mira
this
the
call
the
calling
party
may
end
up
provisioning
like
10
passports,
right
if
there
are
10
certs,
it
finds
in
a
search
store
for
this
destination.
It'll
put
them
all
in
and
when
you
go
then
requests
when
you
do
your
gap,
yeah.
D
That
there's
an
11th
one,
that's
put
in
there
by
bad
guy
right,
the
11th
one.
You
know
again,
provided
this
isn't
a
very
clever
substitution.
In
fact,
there
is
actually
a
section
about
a
particular
substitution
attack
in
the
draft
which
may
be
what
you're
alluding
to,
but
provided
that
the
calling
party
number
of
the
one
doesn't
match
the
calling
party
nor
the
call
you
receive.
There's
no
race
condition
right
this.
This
is
the
key
thing,
so
if
two
people
are
actually
calling
me
at
the
same
moment,
right
one
call
reaches
me.
D
In
CPS
there
are
two
passports
waiting
for
me.
One
is
for
the
call
I
got
and
one
is
it
so
the
well
that's
all
I
got
is
all
I
need
to
know
that,
but
no
I
got
is
valid.
Ok,
so
that
breaks
recent
worry.
There
are
substitution
attacks
that
are
more
subtle.
Like
there's
a
callback
service.
I
can
induce
to
call
me
at
a
particular
time
there's
things
that
are
trickier
to
be
right.
M
Now
I
didn't
I,
didn't
I,
wasn't
aware
of
the
possibility
of
getting
in
a
read
back
yeah
cuz,
you
said
index
on
the
public
key
but
yeah.
If
it's
an
area.
D
So
you
need
to
get
it
right
back
in
it
yeah
we
need
to
talk
me
talk
about
what
the
actual
HTTP
binding
for
this
looks
like
like
how
that
is.
Gonna
work
right
like
because
people
are
be
posting.
You
know
if
ten
people
are
posting
different
resources
for
this.
You
know,
I
want
my
gat
to
make
sure
that
I
get
all
those
resources
and
we'll
make
sure
we
get
the
rest
fold.
Are
you
that
correct
and
no
that's
been
done
yet?
That's
all
I'm!
Just
writing.
D
If
people
understand
the
basic
architecture
and
to
say
yes,
I
get,
it
I
think
it
works.
This
seems
to
solve
the
privacy
problems
efficiently.
This
is
worth
doing
then
we'll
go
design
the
architecture,
what
you
actually
upload
to
the
CPS
and,
like
you
know,
get
down
to
the
bits
and
bytes
of
that
I'm.
Just
writing
a
high
level.
Architecture
of
this
is
a
place
where
I
think
it
solves
the
problem.
Well
enough
to
be
worth
us
trying
to
figure
out
how
to
implement
it.
D
Yeah,
so
the
benefits
of
this
solution
of
the
approach
we're
talking
about
the
encryption,
really
limits
with
the
CPSC's
like
this.
Actually,
you
know
yeah
you're,
never
going
to
eliminate
it
entirely
right,
so
there's
a
sense
in
which,
because
these
things
have
to
be
indexed
by
the
public
key
and
you
have
to
assume
the
certs
store
basically
lets.
You
turn
telephone
numbers
and
public
keys,
and
vice
versa,
you
can
probably
figure
out
who
one
of
the
parties
is
to
a
passport
that
has
been
provisioned
right.
D
That
much
said,
you'll
never
know
if
it's
a
real
call,
because
it
could
be
like
a
dummy
that
is
being
dissed
stochastic,
we
fired
off
every
few
hours
or
whatever
it's
those
there's
things
you
can
do.
That
will
weaken
the
CPS's
assurance
at
this,
but
it
really
limits
the
amount
the
CPS
can
gather
as
useful
and
certain
metadata.
D
It's
very
difficult
to
pull
the
server
to
learn
about
calls
and
progress
in
this
instance,
like
I,
said,
I
think
it's
basically
useless
if
you're
always
going
to
provide
back
an
encrypted
blob,
no
matter
what
I
think,
unless,
unless
the
implementation
of
that
is
stupid
in
some
way
that,
because
the
length
of
the
blob
or
whatever
it
reveals
things,
we
need
to
make
sure
that
is
properly
done.
So
that
concerns
like
that
generalize.
D
But
that's
a
solvable
problem
like
I
I'm,
convinced
that
we
can
solve
that
problem
and
again
I
like
the
in
Huston
Enix
for
the
public
key,
be
precisely
because
it
works
better
than
the
calling
party
number
if
there
are
multiple
certs
right
there's
what
if,
let's
say
that,
like
the
carrier
has
a
cert,
the
enterprise
has
assert.
The
end-user
has
a
cert.
If
I
go
to
the
CPS
and
say
hey
give
me
all
the
calls.
D
Four
people
have
called
this
number
I'll
get
back
the
things
for
all
three
of
those
different
certs
and
we'll
try
to
decrypt
them,
and
it's
like
annoying,
so
we
just
make
it.
My
public
key
is
what
I
asked
for
whose
encrypted
the
things
that
I
know
I
can
decrypt.
Then,
even
though
it's
like
50
potential
entities
that
you
end
up
putting
passports
in
that
our
cryptid
at
different
destinations,
I
only
get
the
ones
that
I
can
actually
decrypt
myself
I.
Think
it's
a
useful
property
I
think
that
that
this
is
much
better
than
anything
else.
D
You
want
to
try
to
figure
out
whether
to
render
to
the
user
or
not
that
the
number
is
valid
behind
it.
You
do
not
have
time
to
sift
through
40000,
like
bogus
passports,
to
find
the
one
that's
actually
valid
for
this.
So
I
mean
I
won't
go
into
Hecker
a
solution
in
a
lot
of
detail,
but
it
basically
involves
having
some
pre
association
with
the
cps.
Where
you
go
to
the
cps,
you
get
pieces
like
a
pawn
ticket
from
it
ahead
of
time.
That's
like
hey.
D
With
this
one
ticket
later
I
can
come
and
like
provision
I
can
go
store
a
passport
with
you.
You
won't
be
able
to
know
who
I
am
so
there's
some
cryptography.
That
is
fancy
in
that
that
lets
the
CPS
know.
Yes,
this
is
the
right
anyway.
I
gave
it
to,
but
I
don't
actually
know
from
this.
What
the
key
was
they
used
to
prove
to
me
who
they
were.
This
is
why
we
have
ekor.
D
You
can
solve
problems
like
this
for
us
in
ways
that
I
certainly
cannot,
but
with
that
this
this
provides
a
rate
limiting
function.
Basically,
that
makes
it
pretty
obvious
when
someone
is
just
trying
to
acquire
lots
of
tickets
like
spam.
The
system
and
things
like
that.
It
seems
plausible
to
me
that
we
can
get
something
like
that
to
work
and
if
we
lick
that
I
think
we've
licked
on
most
of
the
major
ways
you
could
mess
with
this.
M
D
D
B
D
D
Bringing
it
up,
I
mean
you
know,
I.
Think
again,
it's
never
to
be
perfect
right
this.
This
isn't.
This
is
all
about.
Like
you
know,
to
the
degree
we
can
on
mitigating
the
potential
purpose
implications
of
designing
a
system
like
this,
because
we
we
think
it's
a
useful
system.
We
just
want
to
find
a
way
to
do
it.
That
is
going
to
be
least
impactful
to
and
user
privacy,
as
we
can.
P
D
Probably
yeah
and
again,
if
we're
assuming
that
there
is
already
so
you
know
it's
also
important
member.
We
have
this
assumption
that
there's
a
cert
store
that
you're,
interrogating
and
I
don't
know
if
that's
ad
or
LDAP,
or
something
fancy
or
right
to
get
certs
associated
with
destinations.
You
actually
do
the
encryption.
D
All
the
same
concerns
arise
around
that
right,
so
you
you
have
at
least
these
two
entities,
you
the
more
decouple
they
are
this
works
and
if
there's
some,
maybe
there's
some
trickiness,
we
can
do
between
those
two
provided
we
can
ensure
they're,
not
cooperating.
That
makes
this
easier.
I
mean
it
I
think
we've
got
it.
We've
got
some
some
moving
parts
here
right
that
look
promising
to
me.
Then
we
can
get
something
that
doesn't
totally
suck
out
of
us.
D
Yeah,
so
service
discoveries-
the
other
really
hard
part
of
this,
this
question
of
how
many
sicknesses
there
should
be
and
how
you
find
them
because
remember
like
basically,
the
only
shared
secret
that
the
two
parties
to
this
communication
have
is
the
called
party
number
in
the
calling
party
number
right
the
time,
the
rough
time
you
know
it
isn't
really
shared
secret,
because
all
your
adversaries
know
that
as
well
right
so
like
it's.
Basically,
the
only
rendezvous
data
you've
got
to
find
a
CPS
is
the
combination
of
the
called
party
in
the
calling
party.
D
We
don't
want
to
make
a
totally
monolithic,
CPS
sort
of
have
there
only
be
three
CPS's
in
the
world.
I
mean
there's.
You
know,
there's
some
K
anonymity
properties
right
that
we
get
that,
but
it
becomes
just
too
attractive
a
core
past
target.
The
more
concentrated
this
is
so
I
mean
our
thinking
is
there
has
to
be
some
degree
of
Federation.
I
would
love
to
see
at
least
each
of
the
major
service
providers
say
have
some
set
of
these
things.
I
D
I
I
don't
know
exactly
how
to
do
that
yet,
but,
and
it
may
be
in
some
use
cases
it
honestly,
just
it
doesn't
even
matter
I
could
imagine
this
being
used
in
vertical
silos.
You
know
if,
like
Apple,
wanted
to
use
this
for
iMessage
right,
okay,
well,
the
Apple.
This
puts
off
a
guy
message,
CPS,
right
and
and
and
it's
just
clear
from
the
apps
are
engaged
in
it
that
they
use
it.
So
I
also
has
a
day
to
be
too
prescriptive
about
it.
D
P
D
I
D
Thought
about
that
we've
looked
at
Ledger
ways
of
doing
this
actually
I
know.
Cisco
has
looked
at
this
and
said.
We
think
that
there's
a
better
Ledger
way
to
do
this,
it
may
be
one
size-
may
not
fit
all
in
this
right,
so
yeah
III
think
we
need
at
least
one
good
story.
I
think
there,
probably
a
bunch
a
bunch
out
there
I
mean,
ironically,
you
know,
since
you
know
Cisco
when
they
tried
to
do
this
with
Viper
yeah,
but
Viper
actually
had
a
lot
of
these
properties.
D
So
lucky
we're
going
to
look
at
the
way
that
OB
works.
It's
kind
of
think
we
cut
Viper
up
into
these
different
slices
and
used
passport
and
use
things
from
store,
certs
that
weren't
available
to
Viper
right
to
build
an
architecture
that
actually
have
very
similar
property.
If
we
made
it
reload,
we
would
really
just
be
doing
like
a
Viper
or
almost
you
know,
reload.
C
D
People
deploy,
it
is
the
problem.
You
know
perennial
ii
finding
what
the
anchor
should
be
forever,
though,
and
getting
that
into
the
implementations
was,
was
a
big
deal,
but
I
mean
I
will
say
there
there's
a
lot
of
interest
in
this
stack,
and
so
it
could
be
that
there's
just
enough
implementation,
mojo
behind
it
that
yeah
you
get
with
those
anchors
up.
You
know
like
I,
mean
before
us
next
week.
D
D
Was
just
thinking
actually
I
hadn't
thought
I'm,
looking
at
barns,
I
thought
about,
like
you
know,
like
the
CT
approach
to
the
credential
distribution
for
this
and
then
actually
have
like
the
CPS
we
built
into
the
certs
that
are
available
in
C
team
that
you
could
do
like
a
ledger
like
that.
That's
actually
not
not
totally
insane!
D
D
D
I
continue
to
worry
about
this
as
well,
so
this
is
that
the
other
end
of
a
use
case
I,
showed
a
little
bit
ago
where
the
Gateway
was
provisioning
was
storing
to
the
CPS.
That's
a
great
use
case
was,
of
course,
in
that
use
case
you
can
assume
the
Gateway
right
does
the
key
discovery.
Encrypts
the
passport
puts
the
passport
up
in
CPS.
D
This
is
this
is
a
hard
case,
especially
if
there's
like
dummy,
you
know
encrypted
blobs
up
in
the
CPS
that
it
might
end
up
carrying,
but
that
much
said
you
know
in
sip
we
allow
multiplied
any
headers
and
some
of
the
some
of
them
may
be
for
keys.
You
support
and
some
don't
for
very
legitimate
resets
right
for
exactly
the
reasons
you
were
describing
if
you're
a
particular
relying
party
that
is
receiving
a
sip
requests
with
multiply
any
headers.
D
You
know
some
of
them
could
be
for
the
carrier,
so
I'm
going
to
be
for
whatever
the
long
and
the
short
of
this
is
the
reason
it's
interesting
is
because
I
we
may
ultimately
need
a
sip
identity
encrypted
header
for
this
specific
use
case
or
I
know,
if
it's
a
header
right,
maybe
it's
just
like
there's
a
parameter
that
we
attach
to
identity.
That
tells
you
that,
what's
in
there
is
an
encrypted
blob,
but
you
know
be
ended
like
our
CD
and
things
like
that.
D
Anything
that
carries
more
like
location
data
or
anything
like
that
within
passport.
Then
it
becomes
much
more
privacy
sensitive
as
well,
and
we
may
find
there's
a
general
requirement
for
the
in
banned
case.
That
falls
out
of
how
this
looks
because
of
these
use
cases
now
to
ban
for
having
encrypted
passports
be
carried
in
ban
with
insect
terrify.
You
Chris
no.
M
M
D
D
M
D
So
it
could
be
that
we'll
figure
out
a
way
to
do
encryption
and
passport
that
isn't
just
block
encryption
on
the
entire
passport
itself,
but
within
the
passport
there
will
be
individual
components
of
it
that
are
encrypted.
It
could
be
other
strategies
for
that
third
meaningful.
The
problem
is
like
the
claims
at
least
I
mean
again
the
header.
The
headers
can
leak
privacy
data.
Obviously,
but
you
know
the
claims
would
always
have
to
be
encrypted.
So
maybe
there
are
things
where
you
want
to
just
encrypt
the
the
JA,
cleanest.
D
If
the
metadata
collection
will
removes
concerned
about,
is
the
called
party
number
calling
party
number
and
the
time
right
that
you're
historically
archiving,
like
you
know
like
if
you
encrypt
the
entire
claims
object,
then
all
that
stuff
at
least
is
invisible
to
the
CPS
or
to
the
professor.
That's.
D
You
know
you
often
forget
the
practicalities
like
that.
Yes,
but
any
weight
like
that.
So
this
use
case
is
what
I'm
still
thinking
about
and
what
the
motivations
then
might
be
to
try
to
figure
out
ways
to
do
encrypted
passports
actually
for
in
band,
probably
some
of
them
in
cases
like
if
there
is
like
I,
said
geolocation
firm,
ation,
that's
in
the
passport
in
some
new
claim,
we
defined
it's
under
our
CG
that
might
not
be
replicated
elsewhere
in
the
SIP
and
hyssop
headers
right
and
so
so
excited
alright.
D
But
this
is
where
I
really
need
to
get
so
look
we've
been
trying
to
figure
this
out
for
a
long
time
and
our
initial
ways
of
thinking
about
this
weren't
that
great
at
this
point,
I
think
the
ways
we're
thinking
about
this
actually
aren't
bad,
like
I.
Think
when
I
look
at
what
the
requirements
are,
we
have
enough
of
an
architecture
here
that
I
think
we
could
pull
the
trigger
on
this
and
probably
build
something
that
you
know
does
much
better
than
it
could
ready
to
do
out
of
and
and
and
remember,
I
mean.
D
M
D
C
C
I
D
I
mean
so
the
no
civil
rollout
to
saw
this
overall
problem
right,
we're
attacking
this
from
like
four
different
ways:
cuz
you
have
to,
and
just
you
all
the
all
you
ultimately
do-
and
this
is
the
best
you
can
do
with
like
90%
of
security
solutions-
is
raise
the
cost
on
the
attacker
enough.
That
is
no
longer
economically
viable
for
them
to
do
what
they're
doing
and
like
I
suspect
we
can
get
there
with
the
right
cocktail
components
around
this,
and
this
is
this
is
a
piece
of
it.
D
So
I
mean
you
know,
I
I'm,
looking
for
a
go
or
maybe
I
should
do
something
else
right,
like
I.
Don't
have
a
better
idea
than
this
of
how
to
try
to
deal
with
these
cases
outside
of
in-band
Seb
I
think
as
far
as
I
can
tell
it,
it
works,
or
it
should
probably
should
work.
There's
you
know
all
the
stuff
we
need
to
do,
but
it's
tough
we
actually
need
to
do.
Is
the
protocol
design?
Now
we've
got
the
architecture.
D
D
I
I
think
I
think
we
can
define
at
least
one
satisfactory.
Oh
well
again,
III
think
the
that
the
credential
itself
having
the
SIRT
itself
be
the
CPS
discovery
mechanism
is
satisfactory.
Provided
again
you
think
that
the
cert
discovery
problem
is
itself
tractable
and
there
there
are
reasons
to
be
skeptical
about
that,
but
it's
been
much
more
widely
studied
than
CPS
discovery
right
and
I
think
that
alone
is
a
sufficient
proof
that
there
is
a
non
insane
way
to
do.
That
I
mean
I,
don't
know
how
you
guys
are
chairs
I.
D
My
fourth
row
says
anybody
who
thinks
they
have
a
better
idea.
We
have
a
charter
item
for
this
right
and
like
we
have.
This
is
a
working
group
item
document.
The
architecture
is
here
there.
Anybody
here
who
thinks
that
I
should
not
proceed
with
ecker
and
Coalition
of
the
Willing
to
try
to
make
this
into
a
real
protocol.
I.
J
M
D
D
Yes,
divert
some
people
say
at
out-of-band.
You
know
that's
like
down
the
pie,
II,
we
don't
really
read
nad
for
a
while,
I
mean,
and
it's
not
gonna
important
for
these
carrier
cases.
Everybody
wants
this.
Everybody
I
talk
to
is
like
this
is
the
thing
that
is
going
to
prevent
ster
from
actually
working,
which
is
divert.
D
There's
this
problem
and
sip
that
when
you
send
out
a
sip
request,
you
kind
of
throw
it
over
the
wall
at
a
sip
network
of
intermediaries
who
make
arbitrary,
retargeting
decisions,
you
may
have
initially
thought
your
call
was
sort
of
this
place,
but
you
to
call
forwarding-
or
all
these
other
conditions
and
in
fact
goes
to
a
completely
different
place
than
you
anticipated.
A
problem
is
in
order
to
prevent
a
certain
class
of
replay
attacks
baseline
passport,
as
you
sign
over
the
original
to
header
field,
the
original
destination
of
the
call.
D
The
reason
why
you
do
that
is
because
we
don't
do
that.
You
know
I
can
take
a
call
from
to
Brian
right
and
you
know,
and
eavesdropper
can
capture
that
and
like
in
fact
senator
rich
right
and,
if
you
know
rich,
can
look
at
the
request
and
see.
Oh,
this
is
really
signed
to
be
for
Brian
Rosen.
Then
he
knows
that
there's
a
problem
right
and
that
that's
something
something
unusual
may
have
happened,
and
you
should
treat
this
call
with
more
or
suspicion
than
then
you
did.
Ordinarily,
you
know
problem
with
that.
D
Is
it's
not
always
easy
to
know
whether
or
not
a
call
should
have
been
retargeted?
What
a
legitimate
retargeting
for
a
call
is.
Sometimes
it
can
be
very
obvious
if
you
know
what
the
original
called
party
number
was,
because
it's
your
office
right-
and
this
then
ends
up
at
your
home
as
a
second
table,
you
would
say:
okay,
I
can
I
can
understand
that
this.
This
call
was
originally
targeted
for
my
office,
but
you
know
I
know
I
have
a
call
forwarding
thing
that
sends
it
to
my
house.
So
it's
fine.
D
Those
are
the
sunny
day
cases.
This
is
designed
for
all
the
rainy
day
cases
all
the
range.
A
cases
where
things
get
retargeted
multiple
times-
and
we
have
studied
this
in
sip
for
ever
and
done
a
bunch
of
different
things,
to
try
to
activate
the
service
data
service
logic,
to
make
it
clear
to
entities
what
service
logic
had
been
executed
during
the
processing
of
a
call.
Mary
Barnes
obviously
took
the
lead
on
a
lot
of
this
with
the
history
info
stuff.
D
This
diversion
header
that
I
flung
do
that
originally
I
forget
who
did
that
it's
like
yeah
back
in
the
day.
This
ended
up
being
this
still
widely
used
right
sort
of
these
headers
that
the
IDF
effectively
refused
to
standardize.
That
is
still
is
still
everywhere.
So
what
we're
doing
here,
that's
actually
different,
is
interesting.
It's
based
on
how
the
canonicalization
stuff
that
surrounds
passport
and
stirrer
works.
D
There's
a
lot
of
text
in
passport
and
stir
that
describe
what
kind
of
important
semantic
changes
are
to
the
destination
of
a
call
versus
merely
some
tactical
changes
like
if
you're
just
illuminating.
You
know
the
dashes
that
some
be
put
into
a
dial
string,
or
you
know-
or
if
you
know
the
call
is
recently
carried
by
Skype
to
a
target
telephone
number,
but
it
ends
up
then
going
to
global
crossings
network.
So
originally
the
URI,
the
SIP
uriah
says
this
number
at
Skype
and
then
later
it's
this
number
at
Global
Crossing.
D
These
are
merely
syntactical
modifications.
Are
our
current
thinking
anyway,
to
the
destination
and
stir
just
ignores.
Those
stir.
Has
a
canonicalization
procedure
that
lets
the
signature
over
the
original
call
still
work
if
you're
merely
making
those
kinds
of
like
tiny
modifications.
We
do
a
lot
of
work
on
this
to
try
to
make
that
work.
Well,
so
that's
that's.
What's
most
different
about
this
from
previous
approaches,
also,
history
info
and
diversion
were
never
signed
there.
You
had
no
assurance
from
the
retargeting
entities
that
they
were
actually
the
right
people.
There
were
target
this.
D
C
I
I
I
I
D
Are
you
with
us,
sir?
It's
good,
ok,
I
know
these
things
are
fascinating.
I
know
that
sip
and
security
of
sip
is
so
fascinating.
So
what
does
this
actually
do?
What
we
actually
do
in
divert?
The
basic
idea
is
that
we
take
a
passport
that
already
has
been
put
into
a
set
call
in
ban
and
we
create
a
new
one
when
you're
the
retargeting
and
Edie
is
your
job
to
look
at
that
passport.
Say:
okay,
I
received
this
I
validated.
It
looks
good
I
know
who
the
original
color
was
I'm.
D
Now
gonna
make
a
new
passport
referring
to
that
original
passport
and
I'm
going
to
sign
it
with
the
key
that
shows
that
I
was
the
original
destination
right
and
that
I
am
diverting
it
to
this
new
entity,
and
that
provides
this
chain
of
security.
That
can
let
you
tell
that
this
retargeting
actually
happened
because
it
went
to
the
right
person
the
original
correct
destination,
for
the
call.
That's
the
basic
idea
next
slide.
D
What
you
have,
then,
is
down
here,
a
div
says:
oh
yeah,
in
this
new
passport,
the
original
destination
was
first
target.
Your
new
destination
is
second
target,
and
you
sign
this
thing
with
the
key
that
lets.
You
know
that
you
were
the
first
target
and
that's
different
from
house
tour.
Ordinarily,
where
it's
ordinarily
stur
says
you
need
to
sign
with
the
key
that
says
that
you
have
authority
for
the
orig
and
we
are
breaking
that
rule.
D
That
is
a
changed
rule
just
for
the
special
case
or
using
div
or
instead
you
want
to
sign
with
that
thing.
That
shows
you
were
the
original
first
target
and
you
can
have
a
chain
of
these
if
it
ends
up
there's
complicated
service
logic
that
takes
you
through
different
places,
you
could
end
up
with
a
chain
of
them.
That
was
the
idea
next
slide,
but
then
I'm
starting
to
work
on
this
out
of
band
stuff.
D
So
this
is
why,
right
we
were
like,
let's
at
least
start
doing
out
of
band
before
we're
completely
done
with
the
things
were
doing
mr.
certs
and
he's
related
extensions.
It
turns
out
it
has
this
interaction.
The
problem
does
because,
if
you're
putting
you
know
the
original
passport
and
the
did
passport
into
the
same
sip
invite
it's
clear
that
they're
correlated.
D
However,
when
you're,
storing
these
things
into
CPS
and
they're
encrypted,
the
CPS
can't
even
tell
that
they're
correlated.
So
what
do
you
do
right?
If
this
is
an
out-of-band
case,
you're
the
retargeting
entity?
You
got
this
call,
maybe
just
over
the
PST
ad
you
go
look
in
the
CPS
you
find
in
the
CPS.
Okay,
here's
the
thing
that
went
to
me,
but
I'm
now
gonna
retargeting!
Well,
you
can
make
a
new
passport
that
looks
just
like
the
Dib
one
I
showed
in
the
previous
slide.
You
can
encrypt
that
you
can
put
it
up
there.
D
The
problem
is
the
new
destination.
Can
decrypt
calls
for
its
target
right
based
on
its
public
key,
the
one
that
the
retargeting
in
the
V
put
in,
but
that
isn't
the
key
that
was
used
to
encrypt
the
original
passport?
The
original
passport
was
encrypted,
the
key
to
the
first
destination,
so
there
is
no
way
that
second
destination
is
to
be
able
to
decrypt
the
new
passport.
D
So
we
got
to
fix
it.
How
do
we
do
that?
How
do
we
fix
that?
Well,
there's
a
couple
options
and
that's
why
I'd
like
to
talk
you
out
today?
This
is
the
interactive
part
of
our
discussion.
I,
don't
do
this
just
a
lecture,
please
I
want
people
to
get
and
like
talk
about
the
stuff.
So
here
are
some
things
we
could
do.
D
Then
there's
another
thing:
I
just
wanted
to
kick
the
tires
on
this
is
the
other
way
to
do
it.
The
draft
has
this
concept
in
it.
Now
of
an
opt
claim,
so
go
to
the
next
slide,
and
this
gets
a
little
closer
to
what
do
you
encrypt
to
put
into
the
passport
and,
as
usual,
I
can't
actually
use
tabs
or
organize
things
in
the
way
that
are
legible.
But
the
idea
here
in
a
nested
to
verb
is
in
fact
there's
this
new
field.
D
That's
all
up
and
what
opt
is
is
it's
the
entire
full
form
job,
the
entire
passport
of
the
original
passport.
So
you
could,
you
know
they're
they're,
two
choices
here:
either
they're
retargeting
entity,
copies
and
encrypts.
The
original
passport
puts
it
in
there,
along
with
the
diff
passport
or,
alternatively,
it
creates
this
one
super
passport
right
that
just
encapsulates
the
original
passport
within
it
and
signs
encrypts.
The
whole
thing
itself.
D
So
two
possibilities
next
slide
so
which
is
better.
You
know
you
could
do
the
Rhian
ssin
the
original
passport.
Maybe
that's
simplest
right
I
mean
maybe
that
that's
better
III
guess
you
know
looking
at
some
of
these
cases
that
may
go
beyond
out-of-band,
where
you
might
want
to
have
like
an
identity
encrypted,
had
her
having
a
stronger
correlation
for
that
might
make
more
sense.
For
me,
the
problem
is
this:
is
one
of
these
cases
where
the
choices
are
close
enough
that
there
isn't
a
lot
tell
me
to
do
the
other.
D
These,
the
things
I
hate
most
by
the
way
in
all
engineering
design,
is
when
the
two
things
have
very
similar
properties-
and
you
know,
like
you,
know,
I'm
afraid
of
people
I've
heard
actually
by
the
way
this
shocked
me.
There
are
implementations
in
the
field
of
SIPP
that
actually
know
forty
four
seventy
four
bits
or
74
well
enough
that
they
barf
on
multiple
identity
headers,
because
original
44
74
stipulated
there
will
only
be
one
identity
header.
D
D
So
I
I'm,
good
sir
I
can
I
can
give
you
two.
Actually
we
have
actually
seen
this
in
the
field
as
people
are
starting
to
deploy
this
by
the
way
people
are
deploying
this
faster.
So
it's
pretty
cool.
No,
we
dared
there
that
that
actually
happened.
So
the
nesting
would
get
around
that,
for
example,
but
I
don't
know,
give
me
some
thoughts.
Right,
I
mean
I
I'm
right
now,
I
guess
my
philosophy
is:
maybe
we
should
create
opt
as
an
option.
D
D
M
D
D
D
C
D
Retargeting
entity
when
it
generates
the
second
Passport,
it's
gonna
sign
and
encrypt
the
whole
thing,
but
so
this
blob
here,
though,
is
unencrypted
because
the
retargeting,
indeed
necessarily,
can
decrypt
it,
so
he
just
decrypts
it
and
then
puts
the
full
form
pass
for
it
in
after
he's
decrypted
it.
So
this
part
is
not
encrypted
anymore.
That's.
C
D
D
J
J
J
D
M
D
D
I
D
I
D
D
I
I
I
D
I
C
D
M
D
What
I,
what
I,
what
I
am
afraid
of
right?
Is
these
people,
this
policies,
they're
gonna,
look
at
any
to
any
header
and
be
like?
Oh
I,
don't
like
like
two
out
of
the
six
of
the
people.
Just
looking
at
the
X
5
you
in
the
parameter
of
the
idea
in
their
head
I,
don't
like
those
guys,
I'm
gonna
strip,
those
two,
and
so
you
can.
However,
dude
I
am
I,
would
be
astonished
or
not.
I
species
could
be
program
to
do
that
right.
So,
but
the
point
is
they?
Okay?
D
D
C
M
M
M
O
D
D
I
I
D
C
L
This
is
still
mr.
Berger
point
for
channeling.
It
was
almost
four
months
between
Martin's
identification
of
the
cert
problem
in
the
first
discussion
of
it
on
the
list
and
another
month
before
solutions
were
floated.
Now
we're
talking
about
divert,
which
is
in
the
critical
path,
Forster
acceptance.
During
this
time
we
saw
two
out-of-band
drafts.
I
am
hoping
we'll
see,
work
on
finished,
work
finished
on
certs
and
divert
before
we
see
lots
of
work
on
how
to
band
ie.
D
Is
in
the
Charter
now
we
did
get
this
Charter
at
the
right
way.
No,
but
point
taken
I
mean
this.
This
thing
with
with
search
was
unusual
and
again
I
think
it
was
largely
I
think
we
disagreed
initially
about
how
significant
some
of
these
concerns
were
and
that
we
error
and
definitely
how
much
work
would
be
needed
to
fix
it,
and
so
that
kind
of
led
to
some
some
delays
as
we
pass
through
that.
But,
as
you
can
see
now,
I
think
we're
on
the
right
path.