►
From YouTube: IETF101-UTA-20180322-1810
Description
UTA meeting session at IETF101
2018/03/22 1810
https://datatracker.ietf.org/meeting/101/proceedings/
A
A
And
note
the
fact
that
there
there
has
been
there
have
been
IPR
disclosures
related
to
these
one
of
our
drafts
that
we're
working
on.
So
this
means
that
we
have
to
be.
You
have
to
be
extra
careful
about
this,
so
think
about
the
note.
Well,
so
this
is
what
we're
going
to
do
today.
We
don't
have
a
lot
of
time,
but
we're
gonna
basically
try
to
cover
our
document
status.
A
So
this
working
group
has
produced
quite
a
lot
of
output,
our
core
documents
from
early
on
our
or
RFC.
Some
of
them
have
even
got
a
rota.
I,
don't
know
that
bit
whether
that's
a
good
or
bad
thing,
but
anyway,
our
current
work
is
getting
done
all
of
the
work
except
one.
The
the
two
of
the
core
documents
that
we're
working
on
right
now
are
scheduled
for
inclusion
on
the
next,
and
the
near
term
is
di
tella
Jets.
A
Right
new
term
is
t-tell
shots,
not
on
the
next
election,
and
then
we
have
the
SMTP
record
here
as
option
to
work
on.
So
we
don't
have
a
lot
work
left
there.
There
has
been
a
couple
of
what's
called
the
related
drafts
that
turn
up
in
data
tracker.
We
haven't
talked
to
harness
yet,
but
Hannah's
has
has
has
created.
This
draft
called
draft
show
finish
to
be
a
TLS
one,
three
profile
that
you
know
he
called
it
UTA.
A
C
A
quick
comment
about
the
two
documents
that
MTA
STS
and
report
so
report
is
on
IG
agenda
for
April
19th.
So
at
the
moment
we
have
IG
has
too
many
documents
on
the
next
to
tell
the
charts.
So
I
put
the
STS
one
on
the
my
beginning
of
May,
but
anyway
I'll
try
to
get
it
on
the
same
April
19th
one
but
I,
just
I
apologized
I
promised
April
19th
but
I
hope
that's,
okay,
right!
Fine!
C
A
Right
thanks,
Alexa
all
right,
so
we're
gonna
spend
a
bit
of
time.
Come
back
to
our
agenda
savoring
it
some
of
the
MTA
STS
issues
resolved.
Now
we
have
a
we
actually
created
a
separate
slide
deck
for
that
and
Alexei.
We
sort
of
Dragoon
you
into
talking
to
this,
because
it's
mainly
area
director
review.
A
C
Yes,
the
major
issue
there
by
major
issue:
I
mean
it's
not
necessary
to
fix.
It's
just
I
think
it
needs
to
be
fixed.
One
question
is
about
ignoring
all
parameters
to
content,
type
and
I.
Think
I
suggest
you
don't
ignore
the
church
set
parameter
because
it
effects
objects.
You
know
if
somebody
puts
text
file
on
the
web
server
with
wrong
character
set
which
is
not
based
on
a
scheme
subset
and
I
I
think
it's,
it
seems
as
potentially
problematic.
C
So
in
this
case
I'm
sort
of
thinking
of
malicious
but
malicious
or
ignorant
use-
or
somebody
put
you
know
if
this
is
a
file
editable
or
on
the
web
server
than
somebody
can
use
a
very
obscure
encoding,
for
example,
in
one
of
the
Asian
character,
says
it
doesn't,
which
is
not
utf-8
and
then
that
just
becomes
a
bit
problematic
or
even,
if
you
just
use
unicode,
16
or
32-bit
based
encoding,
it's
not
going
to
parse
correctly
or
utf-8
yeah
I,
just
yeah.
C
C
D
D
D
D
F
C
A
B
A
C
Right
so
this
issue
is
just
some
sort
of
minor
well
I
think
it's
very
easy
fix,
but
the
reason
why
we
went
with
colon
separated
key
key
value
pairs
because
you
can
reuse
parser
for
email,
header
fields,
so
you
can
just
stick
this
into
your
existing
parser
and
use
it
in
them.
You
know
masala,
so
if
you
love
for
trailing
whitespace,
then.
C
Basically,
it
interacts
with
message:
blindfolding
facility
which
use
spaces
on
continuation
lines
right
spaces.
Sheryl
F
is
going
so
it
will.
If
you
feed
it
into
a
parse,
then
the
second
line
become
parts
of
the
first
and
then
it's
going
to
be
wrong.
Syntax,
so
I
suggest
just
prohibit
threading
quite
space,
and
then
you
don't.
You
can
just
use
this.
You
know
there
are
no
continuations
in
in
this
format,
but
you
will
never
be
tricked
into
using
one
by
allowing
trading
whitespace.
C
A
C
Stop
come
back
here,
just
an
example:
it
shows
to
IMAX
records,
but
it
shown
them
in
quotes
as
if
it's
it's
a
valid
part
of
the
policy
document,
but
it
actually
requires
here
11
between
them,
so
I
think
I
suggest.
You
know
to
point
out
that
there
is
a
zero
left
between
them
or
I
mean
in
case.
You
know
people
will
try
to
cross-check
the
example
against
you
know
the
syntax
they
might
just
get
confused
here.
That's
next.
C
C
C
D
D
C
Another
thing
you
know
you
just
long
space
here
so
if
somebody
adds
a
field
which
is
just
a
three
line
comment
with
spaces,
this
is
actually
just
allowed
by
your
grandma
I.
Think
that
would
be
annoying
for
people
because
effectively
you
are
the
field
and
you
make
the
whole
policy
document
invalid
I,
don't
know,
yeah,
that's
sort
of
why
I
thought
you
know
it.
I
suggest
you
relax
this.
H
D
White
space
is
absolutely
fine,
because
it
sort
of
doesn't
make
party
more
difficult,
I,
don't
have
a
strong
feeling
about
equals
and
I,
don't
think
it
sound
like
Colin
there
and
I
think.
Maybe
because
we
reuse
the
ground
equals
seems
like
it
requires
that
you
should
be
a
little
more
careful
in
the
parser
to
do
sort
of
split
up
the
first
equals
and
then
treat
the
trailing
string
as
a
value,
but
actually.
C
G
C
That
is
a
perfectly
fine
solution
to
the
CS
and
say
you
know
two
water
strings
and
insert
the
boat
end
in
between
or
something
like
that,
all
right,
just
a
clarity
question.
Basically
you
know
to
make
sure
that
is.
You
know
either
you're
clear
that
it's
just
two
pieces
of
from
the
document
or
it's
a
you
know,
fully
complete
piece.
You
know
or
documents
of
it
right.
C
Yes,
so
this
is
basically
your
mansion
yeah.
Actually,
this
is
probably
slightly
less
minor
than
intended
to
be,
because
our
RFC
50
to
80
is
already
pickax
document
is
a
requirement.
It
describes
how
you
validate
chains,
how
you
check
for
certificate,
expiring
and
key
usage
and
other
things.
The
text
sounds
like
you
describe
everything
that
needs
to
be
checked,
but
it
might
be
taken
as
a
contradiction
with
how
you
will
do
it.
Otherwise,.
D
Daniel
Marton,
sir,
so
I
think
we're
fine
differencing.
The
RFC
really
do
any
in
just
sort
of
eliminating
most
of
this
text.
I
think
we
weren't
sure
what
to
do
have
to
use
a
jurisdiction
so
I
would
service
everyone.
A
mirror
sort
of
HTTPS
is
okay,
not
having
a
certain
key
usage
or
anything
like
that,
but
I.
C
Don't
make
sure
I'm
sorry
I,
don't
actually
know
the
exact
answer
to
this
question,
but
you
can
have
certificates,
voice,
mom
or
you
can
have
certificate
for
websites
and
you
might
not.
You
know
one
might
not
be
usable
for
other
purpose
so,
depending
whether
the
client
agree
well,
no
I'm
not
suggesting
you
usage
as
suggests
that
maybe
should
verify
the
usage.
J
J
D
So
I
think
we
want
to
do
you
know
the
design
was
to
do
as
close
to
what
you
would
do
when
validating
any
other
HTTP
resource.
If
your
surrender
so
I
think
that's
sort
of
the
guiding
principle,
I
had
to
be
honest,
actually
don't
know
what
browsers
do
about
any
video
certificate,
key
user
choice
and
they're
restricted
by
but.
J
K
Thompson
I
think
there
may
be
a
simplification
you
can
make.
You
know
you
can
simply
say
that
it
must
be
valid
for
that
hosts
in
descendants
because
we're
talking
about
HTTPS
and
there
are
certain
expectations
of
a
city
PS.
You
could
go
to
the
trouble
of
referencing,
61,
25
and
28
a
18
and
all
of
those
things.
But
frankly,
what
you're
gonna
get
is
pickles
HTTP
decks
and
that's
the
intent.
You
know
all
this
worry
about
8k
use
and
whether
or
not.
H
C
C
G
G
K
Yeah
I
will
concede
that
none
of
this
is
written
down
and
that's
not
important.
Yeah,
that's
kind
of
a
deficit
and
I
don't
want
to
put
someone
in
that
pit
because
that's
a
I
mean
do
you
remember
how
long
it
took
to
get
6125
out
and
that's
just
by
this
tiny
little
tiny
little
slice.
It
was
years
right.
G
D
But
we
shouldn't
address
it
as
possible,
so
I
think
like
our
sort
of
issue
and
clearly
we
sort
of
get
it
wrong
when
you
try
and
specify
actual
behavior
references,
but
our
intent
is
to
reference
existing
RFC's
when
possible
and
I
think
they're
sort
of
at
least
for
me
sort
of
startlingly
confusing
anyway.
So
the
the
sort
of
ideal
feedback
is
which
we're
not
referencing.
It
should
be
where
we're
too
specific
and
should
not
be.
A
C
Okay,
I
think
you
know
I
think
well,
roughly
agreeing
where
were
slightly
bike-sharing
on
specific
text.
You
know
another
way
of
addressing
this
text
is
saying
instead
of
making
sure
that
it's
not
a
full
list
of
things,
you
need
to
check,
say,
for
example,
and
saying
the
intent
is
check
that
it's
a
valid
HTTP.
Yes,.
I
This
may
sound
like
I'm,
creating
a
normative
reference
dependency
here,
but
it's
sounding
like
right.
Jennifer,
oh
I
am
I've
reread
our
charter,
but
it
sounds
like
we're
identifying
an
item
that
has
to
do
with
using
TLS
and
applications.
It's
something
that
may
be
another
work
item
for
this
working
room.
A
K
L
E
G
G
D
D
M
K
Mom
Thompson
there
are
until
I
stacks
out
there
that
don't
support
SNI
anyone
using
one
of
those
two
less
taxes
own
already.
Basically,
the
this
is
Android
2.2
and
what
are
we
up
to
now?
17
or
something
yeah,
this
it's
crazy,
but
that's
kind
of
the
the
era
in
which
we
we're
talking
about
even
even
Windows
XP
supports
S&I.
So
I,
don't
think
this
is
a
problem.
This
is
very
widely
deployed.
There's.
K
G
H
M
D
K
J
K
J
Two
things,
first
of
all
in
the
deign
spec:
this
is
a
nice.
She
is
covered
in
a
bit
more
detail
and
it
explains
that
servers
are
free
to
not
implement
this
anion
completely
ignore
it.
If
they
do
implement
this
and
I,
they
should
certainly
choose
the
right
certificate
if
they
can,
but
what
they
must
not
do
is
abort
the
connection
if
they
don't
have
a
matching
identity
for
the
SNI.
Clients
often
support
multiple
identities,
but
can
only
send
one,
and
so
the
server
should
not
decide
that
just
because
it
doesn't
have
a
matching
name.
J
You
know
we
need
to
hang
up.
It
should
return
some
default
certificate
and
leave
it
up
to
the
client
to
figure
out
if
that's
acceptable-
and
this
is
important
for
a
person
TP,
because
multiple
identities
may
be
supported.
We
don't
know
whether
the
client
is
an
STS
client
or
a
Dane,
client
or
whatever,
or
even
even
opportunistic,
but
doing
us
an
eye
anyway,
but
doesn't
actually
care
what's
in
certificate.
So
service
should
not
get
all
picky
about
us
and
I.
They
should
do
their
best,
but
continue
under
all
circumstances.
J
Now,
as
for
IP
addresses,
in
fact,
there
are
cases
when
SMTP
uses
IP
addresses
only
when
there
are
manually
specified
gateways
for
destination
if
an
administrative
override
saying
send
mail
to
place
X
via
smart
host
given
by
IP.
That
can
happen,
and
in
that
case
at
least
Dane
just
says,
if
I
remember
correctly,
that
that
it's
not
applicable
sorry,
there's
no
danger.
I
P
addresses
and
you
can
say
the
same
thing
about
STS,
but
if
you
specify
a
gateway
by
IP,
then
all
of
this
stuff
is
out
of
scope.
J
K
B
K
B
M
Like
yeah
yeah,
this
is
just
you
know,
noting
the
you
know,
noting
that
this
increases
the
attack
surface
of
an
MTA,
and
so
you
know
that
needs
to
be
mitigated,
and
this
discusses
that
I,
don't
think
you
know.
Hopefully
this
is
not
controversial,
it's
just
you
know
AB
paragraph
and
we're
done
I
think
all.
H
K
Maaan
Thompson
V
from
this
threat
can
also
be
partially
mitigated
by
isolating
I
cut.
That
the
key
point
here
is
that
you've
got
a
greater
exposure
and
I
think.
That's
all
you
really
need
to
say
I,
don't
mind
a
little
bit
of
extra.
You
know
you
might
like
to
do
the
following,
but
there
are
many
many
many
things
you
might
do
to
avoid
these
style
of
attacks.
These.
M
A
J
I
just
wanted
to
briefly
back
to
us
and
I,
really
think
it's
important
that
not
only
do
we
not
care
about
the
server,
but
actually
we
do
want
the
server
to
be
liberal
and
continue,
even
if
it
can't
find
a
specific
certificate
for
the
request
of
this
and
I.
Otherwise,
you
get
into
interoperability
problems
with
clients
that
are
indicating
SMI
for
reasons
other
than
STS
and
may
Peter,
as
I
said,
opportunistic
ordained
or
whatever.
A
So
Victoria
seemed
like
you
had
text.
Could
you
like
drop
the
text
to
the
authors
as
a
suggestion
sure.
A
C
Mentioned
the
resolution
so
film
home
Baker
said
that
we
must
register
the
underscore
SMTP
report
or
whatever
it
is
in
there
I
on
the
registry
and
well.
He
was
suggesting
that
we
should
do
the
work
to
actually
define
the
registry.
If
is
not
established
as
it
turns
out,
there
is
a
registry
in
work.
We
should
just
use
it.
So
my
suggestion
is:
whichever
documents
this
one
or
the
one
creating
the
registry
gets
published.
First.
A
So
so,
to
explain
this
that
this
is
a
registry
being
created
in
DNS
or-
and
it's
basically
you
know
the
kitchen
saying
stuff
registry
of
all,
all
the
underscore
bits
that
they
found
in
in
various
documents.
They're
just
collected
and
nothing
created
an
eye
on
a
registry
for
its
sort
of
household
painting
and
I.
Guess.
Your
suggestion
Alexi,
is
that
we
we
sort
of
do
a
race
condition
on
publication
of
that
document
and
if
they
make
it
to
RFC
status
and
establish
that
registry.
H
A
A
So
so,
but
what
I
think
you're
talking
about
here
is
to
create
a
an
eye
on
a
registration
entry
for
the
registry
which
doesn't
yet
exist
and
and
and
an
RFC
editor's
note
saying
you
know,
use
this.
If
you,
if
you
can-
or
you
know
if
the
registry
doesn't
exist,
you
know
we'll
handle
it
in
another
way.
Oh
the
DNS
or
thing
it's
called
I
can
leave
something
yeah.
F
L
C
We
don't
have
a
normative
dependency,
I,
don't
want
it,
but
we
can
fix
this
by
whichever
documents
published
second
will
have
the
text.
It
is
registry
establishing
the
published
second,
and
it
will
have
a
reference
to
our
C,
which
is
already
done.
It's
the
other
way.
You
know
other
checks
anyway,
I
think
it's
it.
J
N
C
Just
one
that
the
side
comment
of
this
was
suggestion
that
the
label
is
blue.
There
is
a
separate
registry
for
top-level
underscore
label
or
second
of
underscore
label,
and
most
labels
are
second
double
underscore
labels,
so
I
think
Philip,
suggested
rate
change,
change
to
levels
to
underscore
you
know
SMTP
and
dot
underscore
report,
or
something
like
that
does.
A
C
Know
all
right,
let
it
do
people
have
a
strong
preference.
One
word
about
two
levels:
verse
one
I
mean
it's
potentially
slightly
operation.
Eight
well,
I
think
the
idea
is,
if
you
create
underscore
report,
you
can
start
other
things
underneath
it,
which
is
not
just
this
document.
What
other
things
I
think
that
that's?
Why
I
think.
C
L
D
D
A
A
C
A
C
I
So
put
your
hands:
how
many
people
will
already
know
what
required
TLS
does
how
many
people
don't
know
and
neither
review
a
lot
of
people
are
in
either
category
okay,
no,
no
review,
then,
because
that's
significant
show
of
hands:
let's
go
the
next
slide.
Okay,
so
basically
what
the
I've
done
done.
One
update
since
the
since
the
last
IETF,
which
basically
does
what
we
discussed
at
the
last
IETF.
We
now
have
two
different
mechanisms
that
are
part
of
this
same
graph.
I
I
I
I
As
opposed
to
the
required
TLS
SMTP
option,
which
first,
which
requires
that
it
be
negotiated,
requires
that
the
SMTP
option
be
negotiated
on
each
hop,
which
basically
guarantees
the
or
basically
asserts
a
promise
from
the
risk
from
the
SMTP
server
that
it
will
continue
to
heed
the
require
TLS
requirements
next
slide
and
I'm
just
ahead
of
myself
here.
So
that's
basically
what
I
just
said.
I
There
are
three
options:
one
is
to
require
the
MX
lookup
to
be
DNS,
SEC
protected,
which
I
think
is
probably
the
security
concern
that
Chris
had
started
to
think
about
in
the
context
of
MTA
STS
you
do
in
order
to,
you
know,
really
be
protected
against
attackers
here.
You
do
need
to
make
sure
that
you're
doing
a
DNS,
SEC
ma
MX
lookup,
because
of
the
direction
that
this
mechanism
proceeds.
I
You
have
the
ability
to
restrict
how
certificate
verification
can
be
done.
If
you
don't
like
certificate
chains,
because
you
don't
you
know-
maybe
you're
in
the
country
you're
dealing
with
a
country
that
owns
the
CA
and
you're
concerned
that
they're
going
to
manufacture
a
CA
or
something
like
a
certificate
for
the
domain
that
you're
sending
to
or
something
like
that.
You
have
the
ability
to
say
well,
I
just
want
this
message
to
go
by
adding
a
verified
certificate,
so
these
options
are
somewhat
negotiable.
I
We've
had
some
opinion
that
maybe
this
is
a
little
bit
too
much
optioning
and
you
know
there
are
other
opinions,
I
think
around
that
you
know.
Maybe
we
should
even
have
more
options
to
specify
what
end
ciphers
and
all
those
sorts
of
things
we
haven't
done
that
far
next
slide
and
I'm
continue
to
be
ahead
of
myself
here.
So.
I
Next
slide
main
issue
here
is
you
know
if,
then,
the
update
and
so
forth
kind
of
sent
how
to
send
out
a
request
for
reviews
said
it
was
probably
during
the
holiday,
so
I
sent
had
another
request
for
reviews
and
still
for
a
little
for
a
little
comment.
I
have
gotten
indications
from
some
other
organizations
that
that
they
feel
like
this
capability
is
important,
but
these
are
not
the
sorts
of
organizations
that
necessarily
participate
in.
I
K
I
You
wanted
to
send
a
tornado
warning,
you
know
the
weather
service,
you
want
to
send
tornado
warnings
just
triggered
victim
and
and
and
and
so
the
idea
is,
it's
important
that
the
message
get
there:
the
security,
it's
completely
public
information.
So
really
you
don't
want
the
the
message
to
be
inhibited
by
a
policy
mechanism.
I
J
Yes,
I,
don't
think
the
required.
Tls
no
case
is
turning
off
TLS,
its
turning
off
mandatory,
authenticated
TLS
from
Dane
or
STS
or
similar
in
recognition
of
the
fact
that
sometimes
there
are
operational
errors
and
one
thing
one
needs
to
do
is
inform
the
people
on
the
other
end
that
you
know
they
have
a
problem.
So
that's
a
good
use
case
for
turning
off
TLS.
J
Another
good
use
case
for
turning
off
TLS
is
you're,
a
customer
of
an
ISP
that,
or
you
know,
service
provider
that
implements
Dane
or
STS
or
both,
and
you
have
an
urgent
message.
You
know
tornado
warning
or
the
like
to
send.
Somebody
and
the
destination
is
broken,
they're
messed
up
their
policy,
but
you
have
an
urgent
non
sensitive
message.
You
should
be
able
to
say
you
know
some
damn
little,
you
know
damn
it's
and
the
torpedoes.
You
know
what.
Why
can't
we
let
the
user
decide.
The
delivery
is
more
important
than
confidentiality
or
or
security.
J
It's
their
choice
with
a
browser.
They
can
click
OK
and
you
know
and
go
through
all
the
warnings
and
go
to
an
insecure
site
with
email.
It's
asynchronous.
In
the
background,
these
are
can't
click
through
all
the
hops.
This
just
provides
them
an
equivalent
mechanism.
It's
the
click.
Ok,
but
you
know
dumb
asynchronously.
In
the
background.
It's
perfectly
fine.
Ok,.
K
K
With
with
this
the
option
that
you're
talking
about
I,
don't
think
that
makes
hollow
sense,
particularly
when
you
get
down
to
things
like
controlling
so
I
persuades
and
and
all
of
these
things,
yeah
there's
an
infinite
number
of
knobs
you
can,
you
can
twiddle
and
what
you're
asking
is
for
someone
to
override
their
policy
in
a
myriad
ways
for
the
next
hop
where
you
should
just
be
saying:
I
have
an
expectation
of
security.
That
is,
you
know,
please
don't
send
it
in
clear
text
and
please
authenticate
the
other
end.
K
You
you
want
to
establish
the
baseline
here
and
I.
Think
that
there's
reasonable
guidance
in
the
existing
documents.
For
for
this
you
want
TLS.
Then
you
want
to
authenticate
the
other
end
right.
That's
basically
what
we're
looking
for
and
to
some
extent
you
have
to
have
to
trust,
go
to
the
next
that
the
next
hop
is
going
to
respect
that
in
the
white
in
the
best
way.
That
I,
can
you
just
handed
them
a
message
and
so
I
think.
K
I
I
I'm
open
to
whatever
the
consensus
is
on
this
by
the
way,
but
I
mean
I'll.
Express
the
the
flip
side
of
this
is
that
the
sender
of
the
message
has
some
idea
of
what
their,
what
their
threat
profile
is,
and
you
know
might
be
concerned
about
nation-state
attackers
in
some
cases
or
might
be
concerned
about
attackers
that
can
spoof
DNS.
So
so.
A
B
J
Multiple
times
express
the
fact
that
I
think
all
the
fine-grained
features
are
a
bad
idea
should
be
a
please
deliver
securely
over
some
kind
of
TLS
that
you
know
to
be
secure
and
any
attempt
to
be
much
more
specific
than
that
is
a
non-starter
I.
Think
all
the
people
who
might
know
how
to
specify
additional
properties
and
have
a
reasonable
expectation
that
they're
doing
the
right
thing
are
probably
in
in
the
meeting
room
and-
and
nobody
else
will
ever
you
know,
be
able
to
correctly
specify
all
the
mobs
for
multiple
hops.
That's
just
insane.
J
As
for
DMS
neck,
the
the
only
policies
that
require
TLS,
you
know
presumably,
is
compatible
with
his
either
sts
ordain.
We
don't
have
any
other
secure
delivery
mechanism
for
start
TLS,
opportunistic,
isn't
it
and
both
SDS
and
Dane
find
various
ways
of
dealing
with
the
insecurities
of
DNS
each
with
their
own
mechanisms.
I
A
J
You
don't
need
you
simply
do
not
need
it
gain.
Of
course
we
are
see
in
a
sec,
but
STS
works,
as
you
know,
as
well
as
it
works.
You
know
it's
got
a
first
contact
issue,
but
otherwise
without
the
intersect.
But
you
know
here's
me
trumpeting.
You
know
it's
TSI,
usually
you
know
say
bad
things
about
it,
but
it's
you
know
mostly
good
enough
if
get
effect
isn't
available.
Let's
it's.
Let's
get
mostly
good
enough
in
the
field.
It
would
raise
the
security
card
to
buy
people
turn
off
security,
read
RFC.
J
B
Is
dkg
I'm
gonna
relay
Ned
freed
from
the
jabber
room?
He
says
the
history
of
TLS
and
SMTP
began
with
Microsoft
shipping,
a
product
which,
out
of
the
box,
failed
whenever
search
LS
was
attempted
I'm
much
more
concerned
about
the
ability
to
control
the
character
about
the
ability
to
control
the
characteristics
of
TLS
across
multiple
hops.
The
essential
characteristic
of
email
is
that
it
gets
through
when
nothing
else
does
compromising.
That
has
to
be
done
carefully.
A
M
minutes
left
and
we've
got
one
minute
left
so
final
thoughts
on
the
mic
very
quickly.
L
A
So
there
seems
to
be
quite
storms
to
put
in
the
room
for,
for
you
know,
removing
as
many
policy
notes
as
possible
from
this
draft.
So
and
but
of
course
you
don't,
as
you
say,
you
don't
have
like
a
lot
of
review
any
any
of
you
who
have
participated
indeed
in
this
discussion.
We
really
appreciate
this
if
you
could
take
the
time
to
go
and
read
and
review
Jim's
draft,
because
this
is
a
working
group
document
and
we're
gonna
get
it
done
with
that.