►
From YouTube: IETF101-SIDROPS-20180322-1550
Description
SIDROPS meeting session at IETF101
2018/03/22 1550
https://datatracker.ietf.org/meeting/101/proceedings/
C
B
C
All
right,
this
is
the
cider
house
meeting
at
IETF
101.
If
somebody
could
reach
back
and
close
the
door.
That
would
be
great.
Thank
you
very
much.
I'm
Chris.
This
is
kare
hi,
guys
quickly
about
the
mics.
Please
talk
into
the
mic:
don't
don't
gradually
get
a
whole
bunch
louder
and
scare
people
in
the
room.
C
C
B
C
D
C
There's
a
note
well
I'm
sure,
you've
seen
it
at
least
once
on
this
trip
already
quickly
read
it
I'll
make
it
fall
on
smaller.
Next
time
we
have
an
agenda,
I.
Think
there's
one
item
we
want
to
add
to
the
very
end,
ruin
or
request
to
add
at
the
very
end
and
that's
the
chat
just
really
quickly
about
protocol
level
security.
C
Stuff
Jeff
has
gave
a
presentation
at
the
IEP
G,
which
you
can
get
from
IE
PG
org
to
see,
but
basically
it
talks
about
some
standards
to
be
sort
of
standard
written
down
like
if
you
want
to
do
this
or
this
or
this
with
your
protocol.
Here's
the
options
you
have
for
securing
it
for
identification
for
cryptographic,
a
sorry
for
confidentiality
and
and
that
that's
the
only
two
I
care
about
right
now.
So
that's
that
we
can
talk
about
the
very
end
if
there's
time,
otherwise
we
need
to
find
jabber
scribe
and
a
note-taker.
E
C
Jeb
prescribed
great
javascript,
no
notes,
thicker
notes.
Somebody
wants
to
write.
The
writing
notes.
Part
is
easy.
You
can
do
it
in
whatever
application
you're
like
that,
takes
text
and
then
email
to
the
chairs.
At
the
end,
if
you
like
using
the
etherpad
thingy
on
the
data
tracker,
you
could
do
that
not
my
faith,
not
my
first
choice
but
notes,
notes,
Jeff,
Moss,
take
notes.
C
That's
the
problem
with
the
ultimatum,
I'm
gonna
be
the
worst
parent
ever
and
not
follow
through
notes.
Yep.
Thank
you
very
much
all
right.
That's
all
about
finding
a
compromise,
just
like
with
kids,
oh
okay,
so
I
think
we'll
write
quickly
through
the
status
of
all
these
things
there.
These
are
the
drafts.
You
can
get
all
this
content
off
of
the
Dan
tracker,
the
materials
link
for
the
meeting.
All
these
are
just
what's
on
the
drafts
page
on
tools.
C
G
Afternoon,
everyone
I'm,
not
Daniel
cop
I'm,
Aris,
Lumbee
Anita's
from
AM
sex
I'm,
doing
the
presentation
of
behalf
of
the
authors
and
simply
because
I
had
a
glass
of
wine.
I
can
take
comments
down
so
I'll
try
to
be
succinct
here.
I'll
try
to
explain
what
the
problems
are
that
we're
trying
to
solve.
G
We
might
be
running
into
the
issue
of
people
not
wanting
to
run
rpki
for
whatever
political,
technical
or
business
reason.
So
what
we
try
to
do
here
is
to
translate
RPI
into
a
community
and
send
it
over
through,
for
example,
our
I
experience.
River,
that's
the
first
goal.
The
second
one
is
to
standardize
your
already
ongoing
process
of
what
we've
seen
has
been
going
on
in
the
market,
which
is
XP,
is
trying
to
communicate
that
kind
of
information
to
the
clients.
G
G
The
history
here,
unfortunately,
is
not
accurate,
but
the
key
takeaways
is
to
say
that
the
most
important
updates
for
the
draft
have
been
to
incorporate
feedback
with
regards
to
generalizing
the
draft
to
BGP
speakers
instead
of
just
AK
spirit
servers
and
then
also
reusing.
The
four
octet
extended
BGP
community,
with
an
additional
code
point
that
I'll
tribe
later
on.
G
G
G
There
happens
turns
about
path,
hiding
I,
think
that
I've
seen
17
947
basically
addresses
most.
If
not
all
these
concerns,
so
there's
nothing
new
Under
the
Sun
here.
If
people
filter
out
row
us
before
they
do
the
best
path
selection,
then
everything
works
pretty
fine
and
that's
again,
something
that
they
cannot
do
if
they
don't
want
to.
H
Job
Snyder's
NTT
communications
through
a
series
of
trick
questions
I
would
like
to
see
if
we
can
establish
a
better
understanding
of
the
proposed
mythology.
This
ipv4
prefix
80.2
for
9.20
8.0
/
21
ring
any
bells
for
you,
yeah,
that's
the
MDT
Union,
and
you
would
agree
that
if
I
/
22
a
more
specific
would
be
propagated
through
the
default
rezone,
it
would
be
very
unfortunate.
H
Peers
yeah,
so
many
many
ixp
appearing
on
participants.
Their
sessions
would
drop
because
the
more
specific
route
wins
to
BGP
control,
plane
traffic,
but
that
depends
on
their
configuration
as
well.
So
if
I
would
receive
this
slash,
22
from
a
peering
partner
or
a
customer
that
somehow
managed
to
sneak
through
my
IR
based
filters
and
I,
then
propagated
onwards
to
you
to
my
other
peers
to
other
customers,
but
clearly
market
with
a
BGP
community.
H
I
feel
that
none
of
us
are
getting
any
benefit
from
the
rower
that
exists
for
this
specific
prefix
and,
and
my
main
obstacle
with
this
draft
is
that
if
there
is
poisonous
information,
you
should
any
BGP
speaking
entity.
That
knows
that
it
is
poisonous
information,
because
the
route
server
in
this
draft
is
aware
of
the
validation
state,
should
not
market
with
the
community
and
distributed,
thereby
amplifying
the
problem.
It
should
always
be
encouraged
to
drop
the
invalids
connect.
G
Can
I
comment
on
this
yeah,
of
course,
so
I'm
inclined
to
agree,
but
I
would
also
say
firstly
that
it
depends
on
the
environments,
because
this
Jeff
could
still
be
applicable
to
research
environments
that
are
not
connected
to
the
Internet
at
all,
for
example,
and
secondly,
because
it
could
be-
and
it
is
a
large
discussion-
it's
probably
a
good
idea
to
have
it
as
a
different
draft.
So
if
we're
talking
about
best
operational
practices,
let's
just
make
another
raft
I'm.
H
Aware
of
the
trick
to
deflect
criticism
to
separate
deaths,
I've
used
it
myself
a
few
times,
but
I
don't
think
we
can
use
that
card
here,
but
on
the
technical
side,
the
trick
the
there
are
two
concerns
related
specifically
to
using
bgp
communities.
One
is
the
timeline
of
deploying
a
new
extended
community.
Not
all
implementations
allow
you
to
just
put
in
hexadecimals
and
go
with
it.
Many
implementations
require
that
there
is
actually
form
of
support.
H
G
But
we
could
also
say
the
same
thing
four
years
ago
and
we
didn't
what
we
didn't
exactly
so
I
cannot
cannot
have
any
guarantees
to
that,
but
I
can
guarantee.
You
is
that
we,
if
we
don't
standardize,
which
is
one
of
the
goals
on
this
thing.
Four
years
down
the
road
we're
gonna,
be
having
we're
gonna,
be
having
50
80
100
HP's
doing
their
own
thing,
which
is
a
nightmare
for
customers.
Well,.
H
Okay
last
last
comment
from
my
side:
okay,
I
also
feel
it
has
not
been
sophistic
sufficiently
justified.
Why
locally
significant
communities,
namely
using
the
ASM
of
the
route
server
and
just
documenting
this
community,
means
that
the
route
server
made.
This
observation,
why
that
is
insufficient
and
why
it
has
to
be
a
extended
community,
because
right
now,
I
think
believe.
Your
organization
has
the
capability
to
tack
the
announcements
quit
and
you
publicly
documents,
666
7,
:,
1,
2
3
means
a
and
:
1
2
3
4.
It
means
be
quick.
Why
is
that
not
sufficient.
I
Alexander
zoom
of
keurig
lips
I
have
a
more
general
question,
so
IRA
filters
and
Arctica
are
built-in
methods.
The
filter
out
in
Veracruz
and
others
are
representing
huge
access
that
you
have
already
implemented
IRA
filters,
so
you
can't
say
that,
so
you
are
not
working
with
roots,
you
are
just
sending
them
in
all
directions
and
so
forth.
So
my
question
is:
if
we
have
two
methods
that
have
the
same
goal,
why
do
you're
trying
to
treat
them
differently?
G
I
G
A
very
good
question,
my
personal
opinion
to
that
is
because
RPI
generally
has
a
more
solid
foundation
in
terms
of
standardization
compared
to
IRR.
So
IRR
is
already
our.
Our
filtering
is
already
problematic,
as
it
is
based
on
the
fact
that
people
are
already
doing
it
way
too
fragmented,
but
it
could
be
the
case
that
we
might
address
this
in
a
different
draft
as
well.
I
My
idea
was
different,
so
it
see
that
you
should
treat
them
both
in
the
same
way.
Yes,
it's
a
it
is
correct,
but
you
should
filter
they're
both
out
so
the
second
question.
Okay,
let's
imagine
that
you've
managed
to
make
this
dratted
optisense.
It's
became
here
in
the
RFC.
Do
you
really
believe
that
your
customers,
majority
of
your
customers,
will
be
using
such
a
community
to
do
tree
the
BGP
decision
process?
It's
from
my
perspective,
it
is,
it
is
I,
don't
think
it's
our.
G
J
Tilikum,
I
failed
to
provide
draft
and
presentations
on
ideas
how
to
use
the
expanded
general
community
called
space
that
we
have,
that
expanded
code.
Space
quite
clearly
allows
for
say
having
euro
IX
as
a
coordination
of
VI
XP
operators
acquiring
an
AAS
number
that
could
be
used
to
publish
the
common
repertoire
suggested
by
by
Euro
X
as
common
semantics
communities,
and
maybe
maybe
the
Asian
IX
operators
are
lazy
and
would
just
say
well,
okay
for
our
customers,
we
are
pointing
to
that
same
registry.
J
There
are
quite
definitely
no
easy
ways
and,
yes,
it
would
be
really
good
to
have
a
draft
and
finally,
an
informational
or
BCP
RFC.
That
explains
a
common
way
of
doing
this
and
the
and
the
benefits
would
be
as
Europe
was
pointing
out.
Deployment
of
new
wrapper
routing
repertoire
becomes
much
more
agile
than
with
the
extra
extended
communities.
J
There
is
also
another
benefit
when
you
use
the
regular
open
community
attribute,
and
that
means
that
not
only
and
one
does
not
have
to
wait
until
the
Rueter
vendors
provide
the
news
of
the
version
that
understands
and
implements
the
semantics
potentially
of
the
thing.
It
also
means
that,
as
as
control
of
propagation
of
signals
can
be
implemented
by
operators,
that's
easy
with
standard
communities.
It
is
absolutely
not
possible
with
extended
communities
as
long
as
not
everybody
actually
has
the
implementation
of
that
and
I.
J
J
J
J
C
J
Okay
s,
us
you
are
an
IXP
who
is
supposed
to
already
or
soon
use
that
kind
of
stuff.
My
question
would
be,
and
that's
not
really
protocol
stuff,
which
trust
anchors.
Are
you
actually
using
and
are
you
sure,
are
you
sure?
Have
you
checked
that
all
the
things
that
you
are
doing
don't
have
bad
consequences
outside
of
just
routing?
L
Montgomery
Ida
just
a
quick
question
about
scope
so
and
and
I,
don't
know
what
the
answer
is
about
encoding
external
attributes.
Oh
all
that
conversation
is
good,
but
that
seemed
to
be
the
only
thing
that
this
draft
added
all
of
these
descriptions
of
simple
tagging,
dropping
and
tagging
strip,
strict,
dropping
and
tagging
you
can
do
now.
You
just
put
names
on
them
right.
L
G
L
That's
not
clear
to
me,
and
one
other
thing
I
wanted
to
ask,
is
you
know,
there's
lines
in
here
like
a
validating
BGP
speaker
must
support
at
least
a
simple
tagging
operation
when
it
says
a
validating
BGP
speaker.
Do
you
mean
a
speaker
that
implements
this
spec
quit
or
just
a
normal
rpki
validating
BGP
engine
I.
G
C
M
Good
afternoon,
I'm
stratum
and
my
co-authors
on
this
are
Oliver,
bore,
shirt,
Doug
and
job.
So
this
is
about
trying
to
be
e,
I
mean
you'll,
see
we
mean
we
don't
want
to
go
to
them.
In
the
case,
we
don't
want
to
immediately
go
to
dropping
invalid,
so
rather
have
some
intermediate
transition
period
where
we
are
trying
to
route
them
towards
their
less
specifics
and,
at
the
same
time,
like
truth,
truly
drop
the
invalids
but
try
to
route
them
to
their
less
specifics.
M
Let's
get
into
that
so
when
it
obviously
raises
no
concerns
not
found
not
penalized
during
partial
deployment.
So
the
question
is
about
the
invalid.
So
should
we
always
drop
invalid,
the
answer
is
perhaps
not
because
network
operators
would
like
reach
ability
not
to
be
compromised
during
incremental
deployment
or
transient
conditions
unconditionally
dropping
invalid
that
we
could
do
only
in
mature
state
of
rpki
deployment,
so
the
so.
The
next
question
is
during
incremental
deployment
state.
M
M
So
essentially,
the
idea
is
that
it
that
you
are
dropping
the
invalids
and
you
are
routing
them
towards
the
less
specific
that
is
I,
either
valid
or
not
found,
and
by
doing
this,
the
in
the
invalid
announcements,
all
of
them
are
dropped.
Some
of
them
could
be
hijacks.
Some
of
them
could
be
due
to
traffic
engineering,
but
what
we
are
trying
to
ensure
in
the
process
is
that
the
traffic
for
the
more
specific
does
get
to
that
the
destination
it
is
supposed
to
reach.
M
M
M
The
in
this
case,
all
of
these
and
there's
there
is
a
hijack
at
the
top
coming
from
s5.
So
there's
traffic
engineering
of
the
more
specific
there
is
also
a
hijack
of
the
more
specific
and
the
less
specific
is
making
its
way
as
well
to
the
a
s4
so
sitting
at
a
s4.
These
are
all
not
not
found
and
we
are
not
really
differentiating
in
this
case.
They
they
are
all
in
the
same
status.
M
So
now
we
look
at
situation
where
two
has
come
into
play,
so
there's
a
row
buffer
for
the
slash
20
to
make
which
makes
the
more
specific
invalid.
The
traffic
engineering
intended
one
as
well
as
the
real
hijack
one.
So
s4
applies
the
DSR
policy
and
it
drops
all
the
invalid
that
it
sees
with
the
more
specifics
and
routes
that
and
because
it
sees
that
the
less
specific
invalid
or
not
found
in
this
case
I'm.
Sorry,
the
less
specific
valid
it's
covering
the
the
more
specific
invalid.
So
it.
M
Same
thing
happens.
If
there's
a
row
I
in
between
the
row,
I
was
not
created
for
the
slash
22,
but
it
was
created
for
a
twenty
three,
which
makes
the
a
slash
twenty
two
not
found,
as
opposed
to
valid
so
but
as4
decides
to
choose
that
and
route
the
traffic
to
the
not
found,
rather
than
the
invalid,
so
again
drops
the
invalids
and
the
traffic
still
gets
to
the
correct
destination.
M
In
this
case,
the
the
less
specifics
are
being
aggregated
by
a
s
two
and
a
row
wise
been
created
for
the
slash
twenty
three,
the
aggregation
the
hijack
is,
is
caught
and
dropped.
The
traffic
definitely
teaches
the
less
specific
through
a
s
to
that.
The
more
specific
through
a
is
to
no
problem
there.
M
So
in
this
scenario
there
is
might
be
homing
previous
one
didn't
have
multihoming,
so
when
you
have
might
be
homing
now,
yes,
the
the
traffic
engineering,
the
be
more
specific
intended
for
traffic
engineering
is
invalid,
as
well
as
the
real
hijack
is
invalid.
Both
are
dropped
and
the
traffic
is
routed
to
the
less
specific
and
they
s2
is
able
to
distribute
the
traffic
to
the
more
specifics
underneath
it
Jeff
has
never
had.
It
pointed
out
an
interesting
situation
where
there
seems
to
be
something
to
be
a
little
concerned
about
with
this.
M
So
now
the
desire
policy
would
so
there
is
a
the
a
s2
is
p2
created,
a
role
for
the
/
26
I'm,
sorry
/
16,
and
what
happens
is
that
as4
picks
and
selects
the
less
specifics
last
16,
and
what
you
see
happening
in
this
picture
is
that
yes,
indeed,
the
the
/
24
traffic
goes
to
a
s,
but
it
has
nothing
to
deliver
because
the
customer
has
moved
away.
So
the
customer
basically
experiences
unreachable
'ti.
So
should
we
be?
M
The
question
is
so
it's
a
non
paying
customer
who
is
stolen,
a
sub
allocation
and
ran
away
with
it.
So
should
he
be,
should
the
ISP
to
decide
that
it
should
be
punished
for
this
that
reason
and
and
suffered
non
reach
ability
or
she
dies.
We
have
some
concern
or
compassion
and
and
based
on
that,
if
they
do
have
some
some
soft
corner
thinking
that
maybe
the
main
that
the
check
is
in
the
mail
or
something
like
that
they
they
can
go
ahead
and
create
a
rover
for
the
more
specific.
M
So
that
is
one
option
that
that
a
ISP
to
has
in
case
they
want
to
be
soft
towards
this
customer
for
a
grace
period.
All
right,
so
we
have
looked
at.
What
are
the
implications
of
this
policy
I
mean?
Is
it
helping
in
terms
of
looking
at
real
route
views
and
roja
data?
So
at
the
top
we
are
looking
like
from
seven
route
views
collectors
we
are
looking
at
750,000
outs
of
which
close
to
60,000
are
valid.
M
N
M
Not
less
specific
or
equally
or
the
same
prefix
so
certainly
like
in
68,000
out
of
sixty
eight
hundred
six
thousand
roughly
are
routable
to
to
a
valid
or
or
not
found,
and
then
the
next
question
is
of
those
how
many
have
the
same
origin
AAS
and
how
many
have
a
different
origin,
a
s.
So
as
expected
about
six
thousand
I
mean
almost
I
mean
almost
all
of
them
have
same
origin,
a
very
small,
tiny
fraction
and
have
a
different
origin,
and
so
that's
expected
because
in
this
case
it
is
max
length
invalid.
M
So
what
happened
is
that
the
the
owner
is
routing
both
the
less
specific
and
the
more
specific,
and
they
forgot
to
put
the
right
max
length
or
they
forgot
to
create
an
additional
rower
for
the
more
specific.
Now
you
can
drill
down
on
the
right
side,
this
further
forty
of
them,
which
have
a
different
origin
areas,
and
it
turns
out
that
out
of
that
twenty
six
of
them
go
to
the
transit
provider
of
the
different
OS.
So
it's
the
same
path.
It's
just
going
to
1s
above,
which
is
the
transit
provider.
M
M
Here
we
got
some
inputs
from
Jeff.
Thank
you
for
that,
and
and
I
would
request.
You
have
to
help
me
out
here
in
case
I'm,
not
saying
something
right
on
the
list.
Jeff
Jeff
had
an
objection
about
the
algorithm
that
is
currently
written
in
the
draft
and
over
there
we
said
something
about
like
changing
things
in
the
local
proof
and
Jeff
suggestion
to
me.
So
what
you
are
seeing
in
this
picture
is
that
you
have
agitate,
add
ribbons.
You
have
the
origin
validation
checks,
then
you
go
through
the
decision
process,
shortest
path,
etc.
M
Then
you
put
stuff
into
the
local
group
and
after
that,
only
if
I
understand
Jeff
suggestion
correctly.
Only
after
that
you
bring
in
the
digital
policy
and,
as
you
select
the
doubts
to
go
into
the
fear
bought
the
a
jury
bouts.
That
is
the
time
when
we,
when
you
check
for
the
less
specific,
more
specific,
is
invalid.
Is
there
a
less
specific,
that's
either
valid
or
not
found?
If
so,
then
you
put
it
in
the
frame
or
in
the
ads
rebounds.
So
that's
the
implementation
conceptual
implementation.
M
Then
you
have
to
be
careful
about
what
happens
when
things
change
so
when
a
value
dot
not
found
out
is
is
added
at
that
point
of
time
you
have
to
check
if
there
are
more
specific
prefixes
in
the
favorite,
a
dreary,
bouts,
subject
subsumed
by
the
route
prefix,
and
if,
if
those
more
specific
prefix
routes
are
invalid,
then
you
need
to
remove
them
from
the
add
your
abouts
or
the
frame,
because
the
valid
not
found
route,
that's
newly
alia
added
covers
it.
So
likewise,
you
also
have
to
look
at
two
other
conditions.
M
I
will
not
explain
those,
but
those
two
other
conditions
are
when
a
valid
or
not
found
route
is
withdrawn.
Again
you
have
to
perform
checks
or
when
there
are
changes
in
the
rpki
state.
That's
once
again
when
you
need
to
do
the
to
redo
the
checks.
So
that's
the
high
level
conceptual
implementation.
When,
once
we
decide
that
we
have
some
support
for
this
proposal,
we
can
work
out
the
details.
M
Finally,
this
my
last
slide.
So
here
we
have
what
we
have
is
a
gradual
hardening
of
the
stick.
Today
invalid
routes
are
not
dropped.
That
is
early
adoption
and
we
do
our
best
to
operators
do
their
best
to
notify
invalid
educate
and
encourage
adoption
among
their
customers.
Then
we
apply
as
as
we
go
into
actually
making
it
real.
M
We
use
a
stops
star,
softs,
a
stick,
that
is
the
desert
policy,
and
here
we
are
assuring
the
the
the
the
negligent
user
who
has
not
created
it
over
that
for
the
more
specific
you
didn't
create
it
over,
but
for
the
less
specific
you
have
a
robot,
it's
valid,
we
are,
we
are.
We
are
doubting
it
to
the
less
specific,
so
your
traffic
is
not
being
dropped.
M
On
the
floor,
like
we
saw
in
the
scenarios,
you
are
getting
the
traffic,
and
so
that's
during
moderate
adoption
once
again
continue
the
efforts
for
notifying
the
invalids
to
the
customer
and
educate
them.
And
finally,
the
hard
stick
is
always
drop
invalid.
That
would
be
immature
adoption.
Thank
you.
K
If
you
go
one
slide
back
so
cute
Patel
one
more
slide
back,
please
right!
So
as
an
implementer,
would
you
ever
get
a
request
from
your
provider
that
says,
if
I
figure
out
that
I
really
want
to
drop,
invalids
right
or
I
won't
implement
your
algorithm
I
want
to
do
it
at
the
point
where
I
don't
even
consider
a
decision
process.
I
may
want
to
optimize
that
we
don't
require
a
change
in
a
draft
so.
K
It
will
go
through
many
changes,
so
no
doubt
so,
I
suggest
you
provide
that
flexibility.
That's
all
I
was
saying,
and
then
the
second
question
I
have
is
how
many
levels
do
you
expect
assuming
there
is
an
attack
and
assuming
the
attack
happens
in
in
a
way
that
someone
announces
more
specific
and
there
are
a
bunch
of
less
specifics
that
are
announced
so
say
there
was
a
slash
24,
followed
by
slash
16,
followed
by
slash
8.
K
O
So,
let's
say
I
end
up
with
an
invalid,
slash,
24
and
there's
currently
a
covering
slash
20.
That
is,
you
know,
not
found
or
something
I
then
hide
the
slash
24,
because
it's
currently
invalid,
when
the
covering
wrap
goes
away
and
then
comes
back,
it
sounds
like
I
have
a
fair
bit
of
work
to
do.
Yep
it's
just
the
amount
of
work
sounds
okay.
P
That
was
a
good
point
by
the
way,
so
I
just
wanted
to
point
out
that
in
your
you
know,
taxonomy
of
you
know
different
network
cases.
I
think
your
second
one
showed
you
know
a
multihoming
case,
and
then
your
third
one
showed
a
prefix
portability
case
and
I
just
want
to
point
out
that
you
know
generally,
the
point
of
multihoming
is
also
prefix
portability
in
what
I
mean
by
that
is.
P
M
Q
M
P
N
P
M
P
He's
still
announcing
all
right
right,
he's
so
announced
in
the
aggregate,
so
so
that
guy
you
know,
then
gets
no
service
and
at
the
same
time
I
mean
right.
Okay,
II
guess
you
could
argue
that!
Oh
well,
that's
okay,
because
you
know
the
for
the
reason
you
give
at
the
bottom,
but
but
it
still,
you
know,
means
that
and
there's
a
whole
bunch
of
business
ramifications
to
this
then
about
about
multihoming
and
so
on
that
it's
probably
Chris's
beeper
beat.
P
H
Snyder's
entity
communications
I
want
to
emphasize
that
the
reason
we're
looking
into
this
is
because
there
currently
is
zero
deployment
of
original
elevation.
I
am
one
of
five
networks
that
does
original
foundation,
so
we're
performing
really
poor
and
I
see
this
as
an
experiment,
a
false
experiment.
L
I
I
F
So
very
quick
reminder
how
this
all
works.
We
have
to
trust.
I
can
locate
a
file
which
Excel,
essentially
it
contains
a
bunch
of
your
eyes,
or
at
least
one
and
they,
let's
say
fingerprint-
of
the
key
of
the
swastika
certificates.
This
gets
either
shipped
by
default
or
configured
by
users
of
a
relying
party
software.
F
It
done
fetches
a
a
certificate,
validates
it
and
that
it
matches
the
fingerprint,
let's
say
and
then
from
there
on
it
can
commence
validation.
So
what's
the
issue
here
well,
sometimes
new
you
rise
may
be
applicable.
I
was
going
to
talk
about
HT,
yes
and
tell
us
next,
so
that's
a
potential
use
case,
but
there
may
also
be
a
need
to
have
a
new
key
in
particular.
F
F
You
could
maybe
do
a
hack
and
ship
new
tells
with
a
validator
and
figure
out
we're
using
this
old
thing.
Then
I'll
replace
it,
but
it's
it's
a
bit
yeah
Dorji
and
it's
hard
to
reach
it,
deploy
bays
and
get
people
to
do
this.
So
why
talk
about
now,
I
thought
I
put
this
one
up
to
me.
This
is
quite
important,
not
super
urgent.
We
don't
have
a
problem
right
now,
but
you
know
it's
only
not
original
until
it
becomes
urgent,
so
I
think
we
should
have
a
good
discussion
about
this.
F
Also
given
the
the
well,
the
the
issues
with
the
DNS
Keys
I
think
also
show
that
it's
good
that
we
can
tackle
this
early.
So
what
is
in
this
drops
it
covers
planned
rolls.
So
we
are
planning
to
use
a
new
key
lamps,
a
new
publication
points,
but
it
doesn't
cover
unplanned
rolls
and
well,
like
I
tried
to
say
in
the
in
the
in
the
slide
about
you
know.
I
think
this
is
important,
not
urgent,
but
we
should
start
talking
about
this
I'm
really
open
to
suggestions
like
nothing
in
this
document.
F
This
Carson
stone
took
up.
The
other
token
on
this,
because
I
think
it's
important
enough,
that
we
start
a
discussion
but
I'm
really
open
to
other
ways
that
this
can
be
done.
Let's
get
it
right.
So
that
being
said,
this
is
what
the
document
says
now
for
plan
roll
in
Shawshank.
It
should
set
up
a
new
key
first
and
publish
all
the
objects
that
go
with
it
and
then
publish
in
New
Scientist
all
object.
F
We
nine
parties
who
see
this
must
use
it
immediately
and
ETA.
Well,
that's
what
the
current
document
says
must
still
operate
the
Alt
key
for
at
least
24
hours,
not
sure
that
that's
entirely
necessary.
If
relying
parties
have
to
switch
over
immediately
anyway,
but
then
the
third
stage
is
retire,
the
Alt
key,
but
if
you
can
leave
a
pointer
to
where
the
new
key
is
so,
if
people
arrive
later,
they
can
still
find
our
way
publication.
F
F
F
If
you
remove
the
only
location
that
it
was
a
relying
party
half,
then
of
course
things
will
break,
so
it
kind
of
assumes
that
you
didn't
do
that,
but
you're
trying
to
phase
are
one
of
most
multiple,
so
yeah.
The
the
thought
here
is
up.
Okay,
continue
to
operate
this
dislocation
for
a
while
at
least,
and
the
dock
and
Kearney
says
24
hours,
but
yeah
I'm,
not
sure
that
that's
the
right
value
to
be
run
on
us
then
well
issues.
F
There
were
some
issues
well,
first
of
all,
there's
a
double
encoding
issue
like
the
content
of
to
tell
is
encoded.
Well,
it
doesn't
have
to
be
double
encoder
that
say:
that's
base64,
that's
a
minor
issue.
There's
magic
times
in
here,
like
I,
mentioned,
not
sure
that
we
really
need
them
and
what
the
value
should
be.
Everything
isn't
immediate
to
me.
Somebody
suggested
I
think
it
was
storm
that
maybe
you
want
to
plan
ahead
and
say
I
plan
to
use
this
new
thing.
F
Two
months
from
now
to
me
that
doesn't
seem
like
yeah
to
me:
I'm,
not
sure
that
I
agree
that
the
use
case
there.
It
seems
simpler
to
me
to
just
do
it,
but
it's
a
it's
a
point
of
discussion,
another
point
of
because
the
discussion
is:
should
we
actually
try
to
govern
on
land
rules
and
if
so,
then
it
may
be
a
good
idea
to
use
the
same
mechanism
for
plan
rules
and
on
plant
rules.
Because
can
we
just
have
one
way
of
doing
things?
F
Why
unplanned
rolls?
Well,
if
I
look
at
our
case,
we
do
use
our
security
model
to
protect
our
keys,
so
the
the
chance
that
people
steal
the
key
is
very,
very
small,
but
you
can
still
lose
access
to
the
key,
and
if
you
have
multiple
keys,
then
you
could
store
them
in
different
locations
and
maybe
reuse
at
risk.
But
the
expenses
and
let
me
go
here,
is
that
it
would
complicate
the
well
the
scenario
that
I
thought
of
at
least
how
you
could
do
this
is
it's
more
complicated
than
that?
F
F
F
F
Future
changes.
Do
people
really
do
people
see
a
use
case,
I
think
we
can
look
into
it,
but
again
to
me
it
seems
that
it's
easier
from
the
relying
parties
implementation
perspective
that
we
just
deal
with
it
when
it's
ready
and
don't
keep
track
of
when
we
need
to
do
something
in
the
future
times
what
you
use
and
yeah
importantly,
covered
complan.
True
heroes
should
we
go
there
is
the
use
case
strong
enough
to
have
potentially
more
complicated
ways
of
doing
this
and
I?
Think
that's
it?
Yes,
so
any
questions
or
comments
and
I'll
open.
R
R
One
way
to
think
about
it
in
terms
of
are
these
numbers,
saying
or
rather
in
terms
of
what
the
protocol
is
saying,
is
say:
you're,
keeping
the
24
hours,
which
sounds
aggressive
to
me,
but
for
purpose
of
discussion,
pretend
you're
keeping
the
24
hours.
What
happens
is
somebody
has
been
asleep
for
two
weeks
now
badly
did.
Does
this
break?
Does
it
just
magically
recover?
Are
they
screwed?
You
know,
what's
just
go
through
the
whole
thing
that
way.
F
R
Q
F
Think
one
thing
that
would
be
useful
is
to
hear
from
you
and
and
and
D,
as
well
as
a
relying
party
implementers,
how
much
cost
with
this
in
curl
on
relying
party
software.
If
you
have
to
do
all
these
checks
all
the
time,
another
way
to
think
about
is
is
would
operators
of
trust
anchors?
Actually
you
know:
do
they
see
the
need
for
doing
this?
F
N
F
This
one
should
be
easy
famous
last
words:
it's
the
essence.
Rusty
anchor
locator
spells.
So
it's
essentially
just
this.
It
said
have
one
or
more
I
think
your
eyes
now
the
document
says:
a
new
version
has
been
written
with
my
name
and
and
George
my
cousin's
name
on
it.
I
reached
out
to
authors
of
the
original
RFC
actually
and
I,
don't
think
people
there
were
thought
that
it
needed
to
be
on
the
author
list,
but
they're
welcome
to
because
the
change
is
actually
minor.
F
F
F
To
what
we've
done
in
the
data
protocol,
tier
last
validation
is
well,
I
would
say,
definitely
somewhat
useful,
but
people
also
mess
it
up,
and
because
you
got
this
object
and
you
have
a
fingerprint,
you
can
actually
verify
that
this
certificate
is
is
valid,
so
there
is
object,
secure
security
there.
So
the
advice
is
essentially
do
this
warn
in
case
it
doesn't
validate
and
but
use
it
anyway,
and
it
leaves.
F
To
local
policy
or
the
relying
party
software
to
then
decide.
Okay,
maybe
I
want
to
try
another,
your
Ida
that
works
without
warnings.
So
that's
one
thing
to
think
about
I,
think
but
other
than
that
I
feel
this
is
probably
pretty
much
done
and
yeah
we'd
probably
even
go
for
law
school
very
soon,
unless
people
feel
I
need
to
discuss
more
on
this.
So
that's
I.
Don't
have
a
question
slide
here,
but
consider
don't
rush
to
mark
and
please
review
considerations.
As
my
questions.
F
No,
the
fun
bit
yes,
I
think
we
have
the
uncoolest
name
of
the
validators
out
there
by
far,
but
I
almost
couldn't
think
of
a
better
one.
So
sorry
and
we've
been
working
on
a
new
version
of
a
validator,
some
reasons
why
stability
maintainability
from
a
software
point
of
view,
because
your
tools
written
in
scala
and
whilst
I
still
think
that's
a
pretty
nice
language,
it's
quite
hard
to
have
people
find
people
who
can
maintain
it.
F
Redundancy
and
deployment,
is
something
you
want
to
look
at
you're
going
to
reduce
the
memory
footprint
somewhat,
because
the
old
one
was
keeping
everything
everything
in
memory,
and
we
also
want
to
look
at
the
deployment,
an
update
model.
So
I'm
features
it's
pretty
similar
to
the
current
one.
We
have
export
of
Roma's
and
sees
the
in
Jason
that's
compatible
with
the
earlier
version.
We
added
support
for
motor
certificates
and
a
PIR
TR
version,
one
that
most
includes
with
the
certificates.
We.
F
N
F
F
Can
compete
with
nginx
or
Apache,
or
things
like
that
I'm
a
bi,
the
UI
users
may
be
at
the
API
itself
as
well,
and
it's
browser
go
with.
You
can
well
itself
document
it
and
you
can
try
it
out
command
line
interface,
I'm,
afraid
we
won't
have
time
to
build
that
right
now.
But
if
anybody
is
willing
to
do
work
in
this
space,
we'd
be
very
happy
to
work
with
you
yeah.
So
that's
the
features
architecture,
so
the
Ottoman
redundancy
is.
F
We
don't
assume
that
you
would
be
running
one
validation
engine
so
that
doesn't
share
state
between
let's
say
two
instances
of
a
validator,
but
the
way
we've
looked
at
the
ER
PRT.
Our
thing
is
it's
a
separate
playable.
At
the
moment
it
uses
the
API,
it
eats
local
state
in
case
the
Dominator
is
unavailable,
for
example,
for
a
I'm
afraid
you
can
have
multiple
well,
you
can
have
scripts
using
the
the
API
a
little
more
on
this
internal
validation
versus
patching.
This
is
where
we
spend
quite
a
bit
of
work
in
the
internals.
F
N
F
A
repository
is
unavailable,
our
validation
process
isn't
blocked,
but
it
does
add
a
bit
of
overhead
when
we
first
start.
We
need
to
first
try
all
the
repositories
under
a
tree
and
we
discover
them
by
doing
incremental
validations
and
so
may
still
be
things
that
we
haven't
tried.
Yet
so,
as
long
as
we
haven't
tried
all
the
repositories
in
a
tree,
the
trust
anchor
is
not
a
spending
and
our
PR
TR
doesn't
include
the
results
for
it
and
then,
as
soon
as
we
do,
try
them
if
they
fail,
they
fail.
F
Hopefully
this
will
help
debugging
issues
a
bit
better
known
issues,
because
this
is
still
in
beta
reporting
on
pending
trust
anchors
is
still
some
of
confusion,
confusing
if
you
start
up
the
fidelity,
the
the
tool
and
start
running
it,
it
needs
to
build
up
state
initially
and
it's
kind
of
reporting
the
object
that
it
has
found,
even
though
it's
not
ready
yet.
So
that's
something
we
want
to
look
at
in
the
UI.
F
Local
exception
are
not
completely
finished,
but
we
are
looking
at
that
I'm
making
good
progress.
There
is
no
user
interface
for
trust,
anger,
management's
for
adding
new
trust
anchors.
There
is
an
API
for
this.
This
may
remain
a
feature.
What
we
may
actually
do
is
that
we
just
have
a
small
scripts
that
exemplifies
how
you
can
use
the
the
API
to
upload
a
it's
raw
second
operator.
F
So,
please,
let
me
know
what
you
think
it's
all
available
in
github,
so
you
can.
You
can
create
issues
there.
You
can
talk
on
the
list.
You
can
talk
to
me
personally.
Everything
works,
we're
quite
dedicated
to
fixing
any
any
bugs
and
issues,
but
we're
careful
about
features.
We
want
to
keep
this
thing
maintainable
and
that's
also
why
I
want
to
eat
the
feature
set
quite
minimal
for
deployments,
and
we
currently
supports
rpms
for
Center.
Seven.
That's
because
we
use
that
internally.
F
It's
not
because
everybody
should
use
it,
of
course,
but
I'm
going
to
do
what
we
can.
Let's
say
he
made
a
docker
image
as
well
based
on
this.
That
might
be
useful
for
some
people
and
there's
a
generic
built
so
that,
based
on
that,
you
could
also
figure
out
how
to
deploy
it
in
other
distributions.
If
people
are
interested
in
making
distributions
for
certain
platforms-
and
they
have
some
Authority
in
those
distributions
them
again,
we'd
be
very
happy
to
work
with
you
and
that's
what
I
think
so.
Yep.
R
Last
and
again
at
one
question:
that's
sort
of
relevant
to
ITF
limitation
when
I
was
implementing
the
client-side
of
our
DP
and
using
ripes
enormous
database
as
the
server
side.
I
noticed
very,
very
different
day.
Yeah
I
had
to
cope
with
in
my
implementation
in
terms
of
the
difference
between
full
transfer
and
incremental
transfer
in
the
database.
Behavior
was
totally
different
if
you
had
any.
You
want
experience
in
that
area.
That
sort
of
thing
that
you
came
across
while
doing
this.
That
would
probably
be
useful
for
the
working
with
Janelle.
S
S
S
F
So
support
ability
can
reconsidered,
we
had
it
in
the
two-point
X
series
of
the
validator
as
a
global
config,
because
this
was
before
the
time
that
we
discussed
that
a
object
identifier
on
certificates
will
be
used
and
we
haven't
done
it
in
this
one.
Yet
it
wouldn't
be
difficult
for
us
to
do
it,
but
we
were
waiting
to
see
whether
the
the
the
standard
goes
and
the
discussion
about
you
know
how
it
should
be
deployed,
because
the
moment
that
we
would
publish
a
certificate
within
the
already
in
it,
things
will
break.
F
So
we
need
to
have
a
discussion
there
and
yeah
one
open
issue.
There
is,
if
you
use
these
new
ADIZ,
can
you
use
a
mix
or
can
you
not
use
a
mix?
But
what
do
you
need
to
validate?
It
is
not
entirely
clear.
Yet
the
document
are
specifies
basically
say
is
how
it
could
work
in
various
cases,
but
we
need
to
have
that
discussion.
I.
Think
about
you
know
what
is
an
acceptable
deployment
model
here
before
we
do
the
the
RP
code,
because
otherwise
we
may
end
up
redoing
it.
F
So
I
don't
really
see
the
point
in
and
going
ahead
of
that.
But
that
being
said,
it's
it's
very
easy
for
us
to
do
this.
We
are
not
relying
on
on
open
SSL.
It's
on
a
local
implementation.
We
already
keep
track
of
the
let's
say
the
validated
resource
set
concepts
because
in
our
mind
any
any
certificate
in
the
chain
can
use
the
inherit
attribute.
Let's
say
so:
we
already
keep
track
of
what
resources
go
with
a
certificate
and
changing
this
to
something
where
we
say.
S
S
Before
touching
upon
the
very
subject,
I
would
like
to
reiterate
the
motivation
of
the
reason
why
we
do
these
only
suggesting
without
implementer
skip
reading.
All
those
are
pH
related
documents
absent
me.
No,
because
anyone
who
wants
to
comprehend
this
new
technology
can't
be
exempted
from
reading
the
necessary
documents
actually
I
see.
This
document
could
serve
as
a
manifesto
for
all
necessary
army
functions.
If
I
remember
correctly,
they
are
reserved,
seek
6430
for
ipv6,
nor
the
requirements.
S
I
believe
we
are
doing
the
similar
things
and-
and
we
believe
implementers
shouldn't
do
more
than
the
what
RP
requirements
are,
because
the
implementers
need
to
know
how
to
reflect
all
the
function
functions
of
RP
as
they
are
making
software
design.
So
I
really
think
this
argument
couldn't
make
this
walk
more
necessary.
So
that's
vacation
of
the
motivation
moving
along
to
the
overview,
this
document.
S
S
Come
the
changes,
above
all
on
we
add
the
applicator,
the
RPK
Rapala
tree
down
the
protocol,
when
we
mission
is
a
synchronization
mechanism
supported
by
hugging
the
repositories
and
second,
we
have
made
the
reference
to
obviously
64
87,
more
detailed
with
the
new
granularity
of
sections,
so
not
just
telling
people
to
go
to
the
app
see
to
search
for
what
they
want,
and
we
also
add
a
paragraph
that
indicates
the
amended
procedure
to
handle
accidental
over
Crimea
specified
in
the
Vantage.
We
consider
document
which,
by
the
way,
is
about
to
be
on
see.
C
C
We
can
leave
the
cat
up
all
right,
so
Jeff's
presentation,
just
not
here,
I,
don't
think
great.
We
talked
about
him,
he
won't
even
know.
Jeff's
presentation
basically
said
as
an
implementer
of
protocol.
They
have
a
lot
of
fun.
Making
their
cool
protocol
do
do
cool
things
and
then
they
go
to
the
iesg
and
security
ad
slams.
C
This
hammer
down
like
Thor
and
says:
hey
dummy
you
got
to
protect
this
and
everybody
either
goes
Mario
I,
don't
honor
do
either
or
they
do
what
we
did
for
cider
and
say
you
have
an
awesome
answer:
it's
called
TCPA,
oh,
but
nobody
knows
how
to
do
it
so
we're
just
gonna.
Do
bgp,
md5
and
or
just
into
md5,
and
until
something
better
comes
along
I
think
we
actually
said
to
use
SSH.
But
anyway,
the
point
of
the
matter
is
like
you
can
create
your
own
fictional
thing
to
do
that
which
seems
not
constructive.
C
C
That's
right!
It's
he's
more
like
the
flash,
I
guess
so
anyway,
I
guess
Jeff's,
requesting
that
somebody
put
some
time
into
sort
of
making
a
matrix
of
I,
have
a
protocol,
tcp
or
UDP
I
care
about
identification
of
the
far
side
and
some
cryptographic
assurance
that
the
packet
didn't
get
messed
with
on
the
way
and
I
should
use
this
or
I
should
use
this
based
on
what
they
but
protocol
you're
using.
C
If
you
want
to
do
also
get
confidentiality,
then
you
would
have
to
do
something
else,
let's
say
IPSec
or
TLS,
and
then
some
information
about
how
to
actually
implement
those
things
as
in
in
operations,
and
maybe
some
pointers
to
existing
code
would
be
great.
This
seems
like
a
good
idea
to
me:
I,
don't
necessarily
think
it's
cider
ops
work.
In
fact,
it's
probably
a
little
more
like
grow
work,
but
at
least
to
do
to
write
the
document,
but
I
would
like.
H
H
We
won't
see
the
fingerprint
we
say
yes
or
no
and
it's
cached,
and
you
know
forever
that
material
can
be
used
to
securely
do
stuff
and
a
TLS
is
not
the
right
solution
here,
but
something
lightweight
something
that
it's
transferable
from
device
to
device,
something
that
doesn't
require
operators
to
jump
through
hoops
to
share
secrets,
something
that
is
not
encrypted
on
the
wire.
So
we
can
still
debug
it.
That
would
have
my
interest
so
I
think
there's
perhaps
multiple
initiatives
that
could
flow
from
this
sound.
C
P
Carp
is
a
fish
and
it
started
to
smell
bad,
so
it
died
or
maybe
maybe
it
happened
in
the
other
order.
I'm
not
sure
yeah.
So
I
also
would
like
to
see
if
this
work
get
done
somewhere.
Cuz,
obviously
I'm
one
of
the
people
that
it's
the
big
headaches
when
you
know
Thor
bangs
his
hammer
down
at
you,
know
silver
hammer
on
my
head:
yeah
am
I
offering
to
do
it.
I
did
hear
some
threats
about
a
design
team
when
I
was
in
sag
and
I.
P
Neither
run
screaming,
nor
did
I
raise
my
hand
in
volunteer,
but
there's
a
whole
lot
of
people
who
think
a
whole
lot
of
problems
are
the
problem
to
solve
so
I
as
much
as
I
despise
problem
statements.
That's
probably
the
first
piece
of
work
to
get
done
is
to
just
figure
out
which
problem
or
problems
it
is
that
we
want
to
solve,
and
then
we
can
decompose
it
from
there.
T
Russ
Housley,
so
I
also
was
in
Sag,
and
this
all
started
when
I
was
security
area
director.
So
that
was
a
long
time
ago
and
then,
when
I
was
ITF,
chair
I
got
the
routing
a
DS,
the
ops,
IDs
added
security
ATS
together,
and
we
bashed
out
this,
and
this
led
to
TCP,
I/o
and
car
and
a
whole
bunch
of
things.
T
If
it's
like,
please
tell
me
why
this
is
different,
because
I
felt,
like
you
know,
I
was
the
cheerleader
to
round
all
those
people
up
and
get
those
specs
developed
and
as
far
as
I
can
tell
the
only
thing
that's
changed.
Is
we
came
up
with
a
more
efficient
Mac
function
since
then,
as
you
know,
right
now,
those
that
TCP
Aero
specifies
a
cha-cha
one,
which
is
getting
a
little
long
in
the
tooth.
But
okay,
we
could
use
GMAC.
Okay,
we
got
X
plus
y
annoyed,
and
we're
done.
Is
that
really
it
actually.
T
M
P
You
know
I'm
perfectly
happy
to
have
you
adjourn
right
now.
That's
fine
I
was
just
getting
up
to
say
that
I,
you
know
I
could
answer.
You
know
Russ's
question
which
may
or
may
not
have
been
rhetorical,
but
I'm
not
sure
what
your
intent
is
with
with
raising
the
topic
like
is
this.
Are
we
discussing
this
topic
in
the
room
until
we're
done
or
or
what.
E
Had
forty
eight
oh
eight
and
we
have
roll,
we
have
md5
because
we
were
being
attacked
and
got
TCP
resets.
Currently,
nothing
is
successfully
attacking
md5.
When
that
happens,
maybe
we'll
go
with
our
checkbooks
and
beat
on
the
heads
of
the
vendors
and
they
will
give
us
TCP
a
Oh
in
the
moment.
Tcp
a
Oh
doesn't
exist,
it's
a
fantasy.
E
U
Pitch
this
is
the
third
time
of
her
t
Spiro
this
week,
the
other
two
with
same
presentation
saying
when
we
get
into
his
pay.
Oh
and
the
work
the
presenter
said
he
conducted
he
took
was
talking
to
him
of
working
groups.
Like
me
got
my
list
idea.
Our
pimp
ECE
best
pals,
RT
g
WG
I,
wondered
why
I
do
office
was
not
exist,
so
there
is
quite
a
lot
of
activity
on.
Why
are
we
doing
T
Spiro,
and
is
it
the
right
answer
and
do
we
need
a
better
sha-256
or
something?
C
Were
all
protocol
groups,
this
is
an
Operations
Group.
We
can
ask
we.
This
is
part
of
the
reason.
I'm
just
I
had
stuff
talk
topic
up.
Is
it's
something
that
operations
people
think
that
they
need
not
necessarily
a
Oh
per
se,
but
if
they
need
this
functionality
they
need
to
speak
to
their
vendor
and
maybe
going
to
them
and
saying
here's
some
paperwork
you
should
read.
Please
make
it
work
for
me,
but.
C
P
Know
nobody
should
do
that.
John's
got
her
again.
So
ok,
teh
answer
Russell's
question,
which
I
think
he
asked
sort
of
which
was
you
know
what
the
hell
do
you
want
for
me?
Is
your
the
algorithms
in
there
not
making
you
happy.
Did
you
want
a
different
algorithm?
The
answer
is
no
I
mean
this.
Isn't
what
Stuart
actually
said,
but
I
think
it's
what
he
should
have
said,
and
this
is
kind
of
what
Jeff
said
it
saying
also
is
it's
it's
not
a
technological,
not
a
technology
problem.
P
Primarily,
we've
got
all
the
technology
SPECT,
the
specs
are
pretty
much
fine.
As
far
as
we
know,
it's
an
economic
problem
which
is
kind
of
what
you
were
saying
about
checkbooks
and
it's
a
process
problem
which
is
kind
of
what
Randy
was
saying
about.
Md5
is
fine.
It
would
be
nice
not
to
get
you
know
after
you
have
the
same,
damn
problem
or
argument
over
and
over
and
over
again
every
time
we
send
up
something
to
be
iesg.
So
to
me
at
least
as
much
as
anything
this
you
know
never-ending.
P
Series
of
discussions
in
different
working
groups
about
AO
is
not
about
the
technology
of
AO
at
all.
It's
about
the.
What
does
the
IETF
do
when
reality
is
over
here
and
desire
is
over
there,
and
you
know,
instead
of
having
a
hissy
fit
every
single
time.
Someone
sends
over
a
draft.
Can
we
have
one
huge
hissy
fit
and
just
get
it
out
of
our
systems,
and
then
you
know
be
done.
O
So
Warren
quarried,
largely
following
it
from
that
yeah
I
mean
either
better
security
or
a
good
answer
on
why
we
don't
need
security
for
this,
but
having
the
same
fight
again
and
again
and
again,
it's
getting
old
sure,
but
I
mean
every
I
mean
we
see
it
often
where
a
drop
comes
up.
Now,
like
cheesy
b
mv5
are
you
nuts
and
then
we
go
through
this
thing
again
on
what
it's
there
for
and.
J
Kind
of
kind
of
at
the
time
we
did
the
Rooter
rpki
protocol.
We
actually
did
a
dance
on
well.
Okay,
the
the
politically
correct
answer
to
security
unfortunately
wasn't
available,
and
we
did
that
we
did
a
dance.
We
did
a
dance
and
that
delayed
the
whole
thing
for
some
months
or
even
more
and
kind
of
the
enthusiasm
for
kicking
that
stuff
off
from
here
is
very
limited
and
that's
actually
somewhat
a
different
situation
from
LDP
or
BGP,
where
the
DS,
where
the
md5
deprecation
have
happened.
J
B
Brian,
wise
Cisco,
so
I
was
involved
in
the
TCP
OS
as
some
of
the
rest
of
you,
where
I
think
we
we
did
that
as
a
response
to
needing
to
replace
an
algorithm.
We
did
that
I
I
think
game
over.
We
just
need
to
get
it
implemented.
Okay
and
I'm.
Sorry
as
a
vendor,
I
have
to
tell
you
that
you
have
to
tell
us
apparently
jumped
a
minute
and
let
you
buy
stuff
that
it
just
seems
to
be
the
way
it
works.
B
I
I
do
what
I
can
internally
and
okay,
so
it
seems,
like
we've,
understood
the
problem.
We
solved
the
problem.
We
just
don't
have
an
implementation.
Why
should
we
have
the
implementations
I?
Think
it's
because
we
wanted
to
be
prepared
for
when
there
were
problems,
and
we
wanted
to
be
able
to
react
quickly.
Okay,
at
the
moment,
we
know
what
the
problem
is.
We
know
how
to
solve.
It
will
react
whenever
we
have
implementations.
That's
not
it.
R
Boston,
this
isn't
really
about
a
yo,
it's
worse
than
that,
I,
don't
know!
If
you
remember
what
we
originally
did
with
the
RPK
router
protocol,
it
was
gonna,
be
over
SSH,
just
plain
old
SSH.
We
gave
up
on
that
because
well
we
couldn't
find
anybody
who
implemented
this
server-side
for
this
or
the
client-side.
For
that
so
said.
Okay,
we
looked
at
this
with
that
looked
at
TLS
people.
Today,
oh,
we
left
an
md5.
R
It
turns
out
the
intersection
of
the
things
people
were
actually
willing
to
support
was
unencrypted,
TCP
full-stop,
which
is
what
people
are
using
now.
Okay,
still
all
right,
this
didn't
go
anywhere
right.
That's
still,
all
anybody
can
use,
because
for
anything
you
name,
someone
doesn't
implement
their
side
of
it,
because
people
don't
care.
H
Job
Snider's
entity
as
to
implementing
TCP
authentication
options,
I'm,
not
so
sure
if
the
operator
community
in
the
BGP
worlds
actually
wants
that.
If
you
talk
about
inter-domain,
a
BGP
people
really
really
hate
exchanging
shared
secrets.
It
leads
to
it's
not
a
technology
problem.
It's
just
people
are
sometimes
ridiculous
about
this
stuff.
H
H
E
P
There
were
several
beats
there
before
that
the
wake.
What
came
back
so,
I
think,
you're
right
that
making
it
actually
operationally
useful
might
be.
You
might
be
a
good
idea.
I
think
that
as
far
as
I
can
tell-
and
you
Russ
can
opine
about
this-
it's
AO
is
designed
such
that.
If
you
had
a
way
that
way
to
manage
keys
that
wasn't
stupid,
you
could
just
plug
it
into
a
oh,
so
it
will
be
valid.
They
have
the
AR
implementation.
It
would
be
valid
to
have
good
key
management.
It's
a
decomposable
problem.
B
Brian
wise
first
point
on
yes,
the
key
management
or
how
you
would
key
management,
so
I
was
also
co-chair
of
carp
and
we
actually
had
specifications
dress
specifications
anticipating
that
people
would
want
to
stop
using
pre-shared
keys
and
instead
using
some
kind
of
automated
key
management
protocol.
There
was
not
nothing
just
to
continue
so
that
died
on
the
vine
that
could
be
resurrected
somewhere.
If
there
actually
was
enough
interest,
he
see
the
other
thing
I
wanted
to
mention
is
I.
Think
one
reason
to
talk
about
it
in
an
office
area.
B
Maybe
not
this
one
is
what
I
was
hearing
I,
think
little
bits
of
and
sag.
Is
that
there's
issues
or
concerns
about
keychains
or
how
would
you?
How
would
you
do
order
the
key
rollover
and
I
think
that's
a
solved
problem
that
needs
to
be
just
described.
At
least
that's
my
opinion.
I
could
be
wrong
and
I
should
be
told
if
that's
the
case,
that
it
may
be
there's
an
operational
document
to
be
written.
That
describes
how
to
put
this
all
together.