►
From YouTube: IETF101-SECDISPATCH-20180320-0930
Description
SECDISPATCH meeting session at IETF101
2018/03/20 0930
https://datatracker.ietf.org/meeting/101/proceedings/
A
B
So
this
is
the
security
dispatch
working
group,
sec
dispatch,
I
think
our
first
meeting
as
an
actual
working
group.
So
we're
glad
to
have
everyone
here
next
slide,
please.
This
is
the
note
well
noted.
Well,
it
describes
your
rights
and
obligations
with
regards
I,
see
are
in
the
IETF
process
and
it's
important
so
take
it
into
account.
B
So
administrative
things,
blue
sheets
are
circulating
thanks
to
Ted
Hardy
for
being
our
Gabbar
rely
thanks
to
Barry,
Lee,
bang
Kris
went
for
taking
notes,
look
forward
to
reading
those
later
next,
so
the
dispatch
process
we're
intending
to
follow
here
is
pretty
much
the
same
as
what
you
may
have
seen
if
you've
seen
the
dispatch
working
group
from
the
art,
that's
in
the
art
area,
the
idea
here
is
to
dispatch
things
not
to
process
work.
So
this
this
working
group
is
not
going
to
adopt
drafts
or
work
on
drafts.
B
Our
goal
is
to
recommend
what
the
next
steps
are
for
new
work
coming
into
the
Secchia
and
those
outcomes.
Those
next
steps
have
kind
of
a
few
broad
categories,
so
we
can
suggest
the
ADEs
that
we
direct
work
to
an
existing
working
group.
We
can
propose
a
new
kind
of
I,
think
of
them,
as
mini
working
groups,
a
focused
working
group
on
a
particular
topic.
We
can
work
with
the
ATS
to
propose
a
sponsorship
of
documents,
or
you
know
we
can
say
that
this
is
not
a
topic
that
the
ITF
should
be
working
on.
C
B
Away,
it's
not
not
something
interest
right
now,
maybe
if
you
revise
things
later
so
the
goal
of
each
of
the
we've
got
I
think
four
presentations
on
the
agenda
today.
The
goal
for
each
of
those
is
to
come
up
with
one
of
these
outcomes
that
that
we
feel
comfortable
with
as
a
working
group.
Next
slide
please.
B
So
this
is
the
agenda.
We've
got
now.
We
are
currently
in
the
logistics
introduction
portion
and
then
we've
got
four
different
topics
after
that
to
cover
in
and
to
dispatch
in
sequence,
I
will
do
a
brief
agenda
bash
right
now.
Are
there
any
additional
topics
or
changes
to
the
agenda?
Anyone
would
like
to
propose.
D
So
this
one
addiction
and
agenda
topic
application
or
TLS.
We
are
working
on
yesterday
and
there's
a
reasonably
positive
feedback
and
application
era
TLS,
and
this
is
vision
where
people
want
to
discuss
it
today
at
SAC
dispatch.
It's
yours.
B
E
Everyone
hear
me
clearly,
okay,
thank
you
very
much,
so
thank
you
very
much
for
the
opportunity
to
present
SKU
dot.
Txt
here
set
this
batch.
This
is
my
very
first
ITF
meeting,
so
I'm
a
complete
newcomer.
This
is
all
very
new
to
me
and
I'm
extremely
excited
to
finally
get
to
present
my
internet
draft
here
at
the
ITF
and
to
get
some
feedback.
The
latest
draft,
the
latest
internet
draft,
is
co-authored
by
Yaakov
and
me
Edwyn
video
and
basically,
the
promise
of
secure
text
tears.
E
E
What
steps
I
need
to
take
in
particular,
and
what
forms
of
communication
are
available
for
me
to
report
an
issue
next
slide,
please
the
ideas
stemmed
from
my
time
in
New,
York
I
was
recovering
from
DEFCON
and
during
the
time
I
was
discussing
with
a
lot
of
skin
searches
and
remembers
the
industry
sort
of
various
issues
that
one
might
encounter
during
the
vulnerability
disclosure
process
and
what
we
notice
is
there's
no
real
standard
across
the
board.
There
lists
all
of
these
steps
and
it's
in
a
really
simple
format,
so
I
just
quickly
threw
up.
E
This
idea
is
in
a
screen
at
City,
publish,
don't
get
out,
but
it
overnight.
The
immediate
reaction
was
this
needs
to
be
sanitized
properly.
We
formal
language
and
need
to
know
make
this
into
an
RFC,
so
I
wrote
the
first
Internet
drops
and
they
published
that
we're
now
on
version.
Four
next
slide,
please
and
amazingly
already:
there's
already
organizations
adopting
security
and
implementing
secure
txt
files,
most
notably
Google
Facebook,
tumbler,
Dropbox,
Shopify
and
very
recently
protonmail.
E
This
has
this
has
been
a
great
motivator
for
me,
especially
you
know
seeing
how
they
implemented
it
and
stuff
I
could
see
what
directives
they
would
like
to
implement
and
how
they
use
it
and
sort
of
adapt
that
into
the
specification
next
slide.
Please,
and
we
also
created
a
little
website
at
security,
ext
org.
That
gives
you
a
more
condensed
overview
of
security
XE.
E
So
if
you
need
to
share
the
idea
or
you
want
to
get,
you
know
quick
overview
of
what
the
project
is
rather
than
spending
time
and
read
the
entire
trial,
you
can
use
the
website
and
there's
a
forum
there
to
generate
secure,
txt
files.
It
really
demonstrates
how
simple
the
idea
is
and
that
we
can
just
really
present
it
in
this
format
and
hopefully
further
adoption.
E
We
also
increases
discussion
and
that's
the
beauty
of
it
is
that
a
lot
of
people
have
given
us
feedback
and
questions
and
we've
been
able
to
use
that
to
adapt
the
draft
next
slide.
Yes
and
one
question
that
stood
out
for
me
was
of
course
well:
we
have
RSC
21:42.
Why
do
we
need
security,
XT?
Well,
the
way
I
view
security
XT
is
I,
don't
view
as
a
replacement
or
of
iOS
or
2142
at
least
I'm.
E
It
allows
you
to
just
present
that
and
we've
seen
that
with
gale
pages
in
particular,
where
developers
are
for
their
personal
address
and
their
welcoming
report.
So
it's
a
great
opportunity.
You
know
to
increase
this
sort
of
good
own
best
practice.
Then
another
point
is
I
noticed
this
protonmail
recently
on
proteomic
comm.
They
have
a
SKU
txt
file
that
points
to
an
address
on
the
dot
CH
TLD.
So
if
that's
cool
I'll
take
still
par,
wasn't
there
and
I
found
an
issue
on
proton.
Accom
I
might
report
it
to
the
wrong
inbox.
E
They
might
never
have
seen
it,
but
of
course,
computer-
and
you
know
friction
or
bio
with
ski
I'll-
take
see
we're
hoping
to
reduce
that
sort
of
friction.
I
know
immediately.
Okay,
I
see
the
steps
I
know
who
to
report
it
to
and
I
can
follow
those
steps.
Another
thing
is:
we
have
different
methods
of
communication.
Not
everybody
wants.
You
know
an
email
reports,
I've
had
cases
where
ever
for
an
issue
and
they've
told
me.
E
But,
most
importantly
because
we
want
to,
we
don't
want
to
take
up
space
in
the
root
directory
and
we
also
don't
want
to
prevent
name
collisions
in
particularly
screwed
up
txt,
so
secure
that
takes
is
supposed
to
be
located
under
the
well-known
you're
right
and
it's
like
this
and
then,
as
we
sort
of
describes,
Fiat
60
in
certain
the
various
aspects.
I
want
to
highlight
one
issue
in
particular
during
the
discussions,
and
that
is
how
do
we
verify
the
authenticity
of
the
file
obvious.
E
That's
going
to
be
a
very
crucial
point
with
you
dot,
txt
and
I.
There
was
a
lot
of
discussion
in
the
mailing
lists
and
on
Twitter
and
so
on,
and
this
is
something
that's
still
open.
I'm
still
interested
to
hear
ideas,
because
there
are
various
methods
and
there
were
lots
of
great
ideas,
but
we're
really
looking
for
something
really
simple,
because
the
philosophy
behind
securedoc
takes
t-this
is
really
simple
to
implement
so
for
all
parties
involved.
We
hope
to
find
some
sort
of
method
that
would
make
the
price
is
really
simple
of
authenticating
the
file.
E
So
if
you
have
ideas,
I
guess
you
come
up
to
the
mic
up
to
talk
if
you're
seem
in
the
hallway
feel
free
to
give
me
a
you
know
an
idea
or
my
email,
I'm
working
that
and
it's
like
this
and
finally,
so
why
am
I
presenting
security
or
txt
here?
That's
the
idea,
I'm
hoping
that
to
get
more
feedback
to
get
more
interest,
because
we've
got
lots
of
volunteers.
We
made
great
great
contributions,
but
we
want
to
really
expand
it
and
see.
E
Can
we
get
more
supporting
the
ITF
community
and
possibly
groups
and
people
involved,
so
we've
come
up
with
other
ideas
and
look
at
other
aspects.
This
Q
dot
takes.
Do
you
cover
that's
next
slide,
but
that's
about
it.
Thank
you
very
much
and
if
you
want
to
contact
us
the
others,
the
addresses
are
here
on
this
side.
Ok,.
F
Mark
9
a.m.
so
is
the
intent
for
this
to
be
mostly
used
by
people
right.
That's
right,
yeah,
ok,
because
I,
this
kind
of
reflexive
don't
define
your
own
text
format.
Then
I
realized.
Oh
no!
It's
for
people!
That's
probably
ok,
yeah!
This
seems
incredibly
reasonable
with
the
fact
that
you
have
adoption
you
know.
Is
it's
awesome,
so
we
generally
trying
to
encourage
that
I've
heard
someone
say
that
this
should
maybe
go
to
the
HTTP
working
group
and
I.
Would
that's
not
a
thing
I
think
just
because
it
uses
HTTP
in
some
weird
way.
F
F
E
G
H
Good
idea
so
I
think
it
should
be
April,
look
for
and
I
think
it's
a
it's
related
to
the
marks
comments.
So
it's
if
there
is
in
any
front
to
have
a
hockey,
Jason
or
document
I
cancer
machine,
readable
format
with
it's
a
human,
readable
format,
I
think
it's
better
to
have
like
also
human,
readable
and
also
much
available
it.
Then
they
try.
If
some
part
was
fine,
some
issues.
They
can
send
automated
report
to
that
URL
or
email
address.
There's.
E
J
Hi
this
is
Daniel
con
Gilmore
from
they
show
you,
thanks
for
this
I
appreciated
simplicity,
so
I
support
this
having
having
something
nice
and
clean
and
simple,
like
this.
I
just
wanted
to
know
that
your
draft
talks
about
web
services
and
companies
and
your
example
that
you
gave
in
front
of
the
mic
was
about
a
github
page,
which
may
not
be
a
company
and
may
not
be
a
web
service.
J
L
I
like
this,
a
lot
I
was
just
asked
to
I,
got
a
graphic
after
review
cassette
beer
with
a
similar
idea
for
TLS,
that's
being
discussed
in
UTA
this
week,
so
you
might
want
to
take
a
look
at
that.
The
curse
yeah
we're
getting
into
the
point
now,
where
a
lot
of
applications
are
having
feedback
on
what
to
do.
L
If
something
goes
wrong,
it
would
be
very
good
if
we
could
get
to
some
sort
of
consensus
of
doing
this
in
a
consistent
way
across
protocols,
and
oh
I
would
like
to
get
us
to
get
to
the
point
where
the
feedback
piece
becomes.
Like
you
know,
protocols
often
have
to
produce
a
neighbors
part
of
their
outputs
I'd
like
providing
feedback
for
it.
Your
security
is
broken
it
to
be
something
that
is
a
standard
thing
that
you
have
and
is
in
our
toolkit.
M
Colin
Jennings
I
love
your
draft
I
like
it
as
it
is
I
think
we
should
move
forward.
A
ad
sponsored
of
this
draft
I.
Think
it's
a
prime
candidate
for
that
I
think
you
should
ignore
all
the
advice
from
the
ITF
to
add
more
languages
and
make
it
complicated
in
weird
and
bizarre
ways:
don't
add
languages
it
like
contact
is
easily
understandable
and
the
email
address
is
in
whatever
language
it's
in
right.
It
will
work
for
its
purpose.
It
does
not
need
to
support
lots
of
languages.
It
is
already.
M
It
is
already
machine,
readable
this
contact
:.
You
can
pull
that
data
out
like
this.
Is
you
know,
and
yet
it
is
still
also
human,
readable,
I.
Think
that's
a
great
feature
and
my
Bar
None
favorite
feature
of
it
is
you've,
got
several
major
websites
to
just
go
camp
on
a
code
point
in
dot
well-known
and
they
don't
care
the
slightest
about
that.
So
super
every
way
around.
Thank.
N
Paavo
so
now
we've
had
like
seven
people,
think
it's
a
good
idea,
so
I'll
do
the
obligatory.
This
is
a
bad
idea.
I'm
upset
assistant
up
set
it
on
the
list
already.
If
your
web
servers
compromised
like
how
can
I
trust
that
there's
the
security
geek
supporting,
we
do
the
right
thing,
sure
there's
you
know
a
hundred
thousand
of
bannered
WordPress
sites
that
will
have
the
security
that
leaves
default.
N
That's
all
you
know
you
can
take
these
people,
but
really
we
have
other
ways
and
you
know
sort
of
a
third-party
system
where
you
can
contact
someone
we've
got
who
is
so
are
deaf
where
you
can
get
the
information.
We've
got
a
DNS
zone
that
has
like
a
email
address
in
it.
This
really
feels
like
asking
a
mail
server
like
who
can
I
contact.
You're
spamming
me
like,
like
you,
don't
ask
the
person,
that's
actually
malicious
to
go.
N
You
know
ask
for
contact
and
and
throwing
all
kinds
of
external
GPG
schemes
and
other
authentication
schemes
on
it
like
if
I
contact,
if
I
look
at
a
web
server,
that's
malicious
to
me
and
I
don't
find
the
security
txt
file
like
like
what
do
I
do.
Is
this
the
attacker
who
removed
it?
Maybe
it's
the
attacker
would
actually
put
a
bogus
on
there
and
now
I
have
to
go
elsewhere.
N
O
Then
Caidic
speaking
as
not
yet
ad
occurred,
some
people,
the
proponents
and
suggest
a
sponsorship
and
I
just
wanted
to
sort
of
get
a
sense
of
people.
We
have
this
question
of
internationalization
that
was
raised,
and
maybe
we
decide
to
ignore
that.
There's
also
I
believe
still
something
of
an
open
question
about
what
mechanism
to
use
or
you
getting
some
indication
of
authenticity
and
whatnot,
and
if
these
are
still
sort
of
open
questions,
would
it
be
better
to
try
to
spin
up
a
small
working
group?
Then
try
and
go
straight
to
a
nice
concert.
Yeah.
B
B
E
So
with
the
would
be
fourth
draft
now,
the
way
I
at
least
view
is.
There
are
at
least
the
major
issue
layers
with
the
authenticity
of
the
file
which
someone
raised
just
early
on
and
I.
Think
in
itself
is
something
that
I
might
not
personally
be
capable
of
answering
and
I
need.
You
know
the
support
and
so
on,
but
as
a
whole,
the
sort
of
the
directives,
the
contact
methods,
the
feedback
we've
received
from
you
know:
users
already
that
in
a
stop,
I
think
is
already
set
in
stone,
is
already
pretty
well-established.
Q
Erik
respond
a
minute,
yes,
I
mean
I,
guess
I
I
do
appreciate
that
there
are
security
problems
with
having
you
know
the
website
host
its
own
thing,
but
I
spend
a
little
time.
Thinking
with
this
I'm,
not
sure
I'd
do
a
better
job
without
like
really
like.
How
do
you
say,
incredibly
heavy
weight?
You
know
that
they've
just
rattle
off
you,
the
obvious
obvious
options.
You
know
you
could
initially
decide
it,
but
then,
with
the
key,
the
key
is
probably
the
website
key,
which
probably
isn't
much
better
I.
Q
Guess
you
could
shove
that
in
CT,
which
we're
gonna
some
value,
you
could
DNS,
but
the
DNS.
You
could
do
that.
Six
I
know
these
all
seem
like
things,
but
probably
like
the
same,
like
you
know,
like
probably
about
the
same
security
properties
of
the
website
itself.
You
know
III,
guess
I'm,
assuming
the
model
here
is
that
you
know
the
the
website
probably
hasn't
been
like
totally
hack
sword,
but,
like
actually,
you
know,
has
a
vulnerability.
Q
What
you
found
you
exploit
or
has
a
vulnerability
which
doesn't
necessarily
lead
to
complete
website
compromised
or
hasn't
been
used
at
the
base
to
the
faces
here
at
attacks,
so
some
my
suspicion
is
probably
miscarry
presented.
This
is
about
as
good
as
you're
able
to
do
without
like
something
really
heavy
weight.
I,
don't
know
how
to
do
that
said.
I
wouldn't
be
a
posting
up,
a
small
working
group.
Q
We
do
need
to
learn
how
to
do
that,
for
that
all
right
that
part
is
ad
I
wouldn't
be
I,
wouldn't
be
posted
a
small
working
group
we
get
into
workout
it
be
that
so.
R
You're
on
chef,
you
seem
to
be
a
little
bit
undecided
on
whether
this
is
aimed
at
machines
or
humans
and
I
think
there
are
actually
trade-offs.
For
example,
internationalization
is
much
more
important
if
we're
talking
about
humans
and,
more
importantly,
the
contact
only
really
works
for
merciful
robots
if
it's
an
email
address,
not
when
it's
a
contact
form,
so
you
have
to
make
up
your
mind.
Thank
you.
Her.
P
Son
Thompson
I'd
like
to
put
this
this
question
of
robots
to
bed.
This
is
a
machine,
readable
format
that
contains,
in
the
current
form
a
set
of
your
eyes.
None
of
that
is
internationalize
of
all,
takes
the
comments,
maybe
but
I
think
we
can.
We
can
live
with
that
and
I
think
that
in
its
current
form
it
doesn't
need
any
intern
eyes,
internationalization
support
and
that's
a
feature,
not
a
bug
and
I.
P
C
P
I
Hildebrand
I'm
just
agreeing
with
Martin,
it
already
says
it's
encoded
as
utf-8.
It's
got
all
the
right
language
for
that,
and
so
you
know
if,
if
the
human
who
is
writing
the
thing
wants
to
say
you
know,
here's
English
version
and
here's
the
Spanish
version
go
to
like
it
doesn't
need
to
get
anything
more
than
that
because,
as
Martin
said,
all
the
stuff,
that's
computer,
readable
doesn't
need
any
more
code.
Thank.
P
P
P
Q
To
clarify,
because
I
wrote
the
Charter,
mostly
the
the
Charter,
is
intended
to
be
that
this
working,
we
recommend
two
babies
for
a
sponsorship
and
they
need
to
figure
it
out.
So
I
think
the
way
this
would
work
out
would
be.
If,
like
you
know,
this
working
group
thought
that,
like
this
only
beauty
sponsor,
then
better
company,
though
I,
haven't
sketched
out
whether
that
was
appropriate
and
if
they
felt
it
you
know,
should
form
a
working
group.
Then
we
have
discussion
for
you.
How
did
how
to
make
that
happen?
M
I
run
a
similar
working
group
in
a
different
different
area,
and
so
what
I
want
to
comment
on
is
to
the
people
in
the
room
about
the
those
are
the
two
choices.
Definitely
we're
on
the
right
path.
What
the
difference
is
on
these
two
choices:
okay,
so
what
I
think
the
people
in
the
room
I
want
to
describe?
You
know
if
you
believe
this,
you
should
hum
this
way.
If
you
believe
this,
you
should
hum
that
way.
M
Okay,
so
the
the
advantages
of
spinning
a
small,
fast
working
group
is
that
it
allows
you
to
bring
a
bunch
of
people
and
really
debate
some
hard
topics,
have
a
bunch
of
email,
discussion
and
and
then
change
the
draft
and
get
it
out.
So
if
you
think
there
are
some
hard
meaty
problems
that
people
need
to
discuss
it,
then
then
you
would
do
that
and
by
the
way,
if
we
felt
we
needed
to
add
internationalization
into
this
draft,
I
would
definitely
say
we
would
probably
need
to
spin
up
a
small
working
group
right
now.
M
If
you
think
this
draft
is
pretty
ready,
as
it
is
like
yeah
sure
we
might
have
to
you,
know,
tweak
a
few
things
fix
a
few
language
doesn't
stop,
then
you'd,
probably
lean
more
towards
the
ad
sponsor
one.
Other
thing
that
you
might
factor
in
in
thinking
about
this
one
way
or
another
is
is:
is
the
experience
of
actually
forming
a
working
group
doing
a
draft
getting
it
out
the
door
having
a
public
rush
and
closing
the
working
group
in
less
than
one
IETF
cycle?
H
M
Might
view
it
as
an
experiment
that
way,
but
I
think
that
those
are
the
things
that
you
need
to
think
about
it,
trying
to
choose
between
these
two
paths
personally,
like
I,
just
hate
it
when
we
have
like
a
new
person,
bring
a
draft
that
is
meeting
the
community's
needs,
it's
working,
fine
and
then
we
all
feel
like
we
need
to
screw
with
it.
Miss
a
couple
of
spices.
I
want
Tomatoes
in
this
person
once
I
have
this
one,
everyone
tries
to
add
their
personal
favorite
Peck
technology
into
it
by
the
time
it's
done.
M
T
Kathleen
Moriarty
ad
sewed
add
to
that,
while
it's
a
good
summary,
some
of
the
other
considerations
are:
is
this
something
that
should
have
working
group
consensus
because
you
get
that
by
putting
it
through
a
working
group,
you
could
get
adequate
review
through
ad
sponsored
as
well,
because
anytime
I've
done
a
Navy
sponsored
draft
I
very
intentionally
picked
to
the
draft.
Shepherd
would
be
you
know.
So
if
it's
a
straight
draft
and
as
internationalisation
I
would
have
put
somebody
with
that
expertise.
So
there
are
different
ways
to
balance
it.
The.
B
A
Okay,
we're
about
to
hum
on
three
options
or
just
to
present
those
options
again.
If
you
support
ad
sponsorship,
that's
going
to
be
the
first
hum.
If
you
support
spinning
up
a
small,
focused
working
group,
that's
going
to
be
option
two
and
if
you
support
not
doing
anything
with
this
draft
at
all,
that
would
be
hum
three.
Forgive
me,
but
there
was
a
a
comment
in
the
evening
which
overlap
you're
you're,
starting.
A
C
B
K
There
was
a
sec
dispatch,
so
it's
called
graph
near
sag.
Obviously
now
please
go
to
check
this,
but
rather
than
Sampson
next
slide.
So
why
are
we
doing
this?
There's
lots
of
interest
in
short
term
certificate.
There's
interest
in
the
standards
process.
Acme,
there's
a
acne
star
draft
and
steer
in
anima
in
data
centers
and
in
systems
that
are
deployed
would
have
multiple
nodes
that
communicate
with
each
other
either
through
GLS,
or
these
are
some
some
kind
of
certificate
based
syndication.
K
Certificates
being
short-term,
what
we're
interested
in
this
is
in
avoiding
revocation
checking.
So
the
goal
here
is
to
get
a
document
that
tells
people
that
this
is
okay
to
skip,
revocation
and
also
tell
people
what
they
need
to
do
to
make
it
okay,
so
next
slide.
So
why
do
we
want
to
avoid
me
vocations?
So
relocation
makes
relying
parties,
and
these
more
complexity
reduces
a
lot
of
modes
of
failure.
K
It
makes
the
protocols
complex,
you
have
to
add
stapling
or
add
crl
and
those
ESP
respond
to
the
state
machine.
Relocation
makes
the
system
more
expensive.
Now
you
need
some
kind
of
revoke
relocation
server.
It
could
be
a
civil
distribution
point
if
at
the
end
of
CSP
responder,
and
that
has
to
be
all
the
time
available.
K
Otherwise,
communication
fails
so
we've
a
question
also
makes
startup
time
slower
start
the
connection,
whether
it's
TLS
all
right
and
to
go
to
the
OCSP
server
gets
the
the
whole
city
response
takes
time,
and
it
really
doesn't
make
sense
anymore
recently
had
to
talk
to
people
who
are
not
security,
geeks
and
explain
to
them.
Why
we
need
we
vocation
and
of
course,
newbies
always
ask
the
best
questions?
That's
well.
Why
are
you
signing
blob
and
then
you're
going
to
sign
blob
me
just
to
say
that
blob
a
is
still
valid?
K
Why
not
just
sign
global
all
over
again
and
well,
historically,
used
to
have
a
human
involved
in
the
signing
of
the
certificates,
whereas
the
CSP
responses
were
just
signed.
Automatically
thing
is
done
automatically
anyways
today,
so
why
do
we
even
need
this
Bob?
The
next
slide,
so
we
define
short-term
certificates
as
certificates
with
a
short
period
of
time
between
the
time
they're
issued
and
the
not
activated
the
time
they
expire.
It's
not
necessarily
the
same
as
the
not
before
date.
K
There's
a
little
discussion
about
that
in
the
draft
and
we
avoided
having
a
hard
definition
of
what
is
a
short
regular
web
certificates
are
issued
typically
for
one
or
two
years
in
acne.
We
kept
that
to
three
months
and
then
relocation
is
still
necessary
because
I
don't
want
some
attacker
to
have
a
valid
certificate
for
three
months
and
nothing
I
can
do
about
it
so
justifying
forgoing.
Revocation,
we
have
to
do
something
much
shorter,
we're
thinking
one
week,
two
weeks
or
perhaps
a
lot
shorter,
maybe
every
day.
K
So
in
that's
right
that
imagine
a
system
where
you
have
hundreds
of
thousands
of
nodes
and
empties
and
we
renew
their
certificates
every
week
every
hour
every
day.
There's
no
way
to
do
this
manually
manual,
renewals,
profit.
Every
couple
of
years
ago,
even
Google
had
a
couple
of
hours
where
Gmail
was
had
an
expired
certificate.
I
mean
Google
has.
K
It's
fine
to
have
manual
intervention
with
issuing
the
first
certificate
that
we
knew
has
to
be
automatic,
and
luckily
we
have
a
lot
of
ways
to
do
it,
there's
a
standard
way
of
doing
in
acne
and
there
are
all
sorts
of
vendor
specific
things.
These
are
kind
of
protocols
that
I'm
working
with
in
the
past
and
note
this
is
a
different
definition
than
the
then
what
we
have
in
the
acne
start
back,
because
there
it's
limited
to
only
acne.
K
U
U
There
is
none
I'm
standing
ambe's
because
we
use
a
standardized
protocol,
uses
ITF
technologies,
the
lightweight
MGM.
It's
used
to
manage
and
took
millions
of
ID
devices,
but
it's
just
probably
not
listed
in
your
in
your
document,
but
still
follows
very
much
the
same
spirit
so
I
sure
agree.
That's
a
useful
approach.
Sure
Acme.
K
Here
is
only
as
an
example:
you
can
do
it
with
TMS,
okay,
so
that's
life.
So
how
do
we
revoke
with
such
a
system?
We
just
simply
not
renew
if
we
renew
that
certificate
every
day,
and
we
don't
like
to
step
in
more
and
we
just
don't
renew
it
and
after
a
day,
it's
not
valid.
So
the
time
it
takes
to
revoke
a
certificate
is
limited
by
the
certificate
lifetime,
and
that
means
that
the
relying
parties
have
to
take
root
expiry
seriously.
This
practice
of
having
a
72-hour
grace
period
has
to
go
out
the
window.
K
That's
like
so
is
this
the
web.
Well,
there's
no
reason
why
it's
not
the
web,
but
the
web
is
different
from
pretty
much
anything
else.
The
web
is
a
huge
investment.
Read
estimates
over
10
trillion
dollars
invested
in
everything
going
into
the
web,
there's
commercial,
non-commercial
CAS
and
they
have
expensive
redundant
infrastructure
all
over
the
world
with
CBN's
there's
lots
of
stuff
going
into
the
web.
So
when
I
say
something,
oh,
this
is
not
feasible
in
my
TK,
I
can
say
well,
but
we
did
it
on
the
web.
Well,
no
web
is.
K
U
V
Is
Timothy
as
a
former
research
scientist,
one
of
the
things
that
I
think
I'd
like
to
see
tweaked
about
this
I
love?
This
we've
strongly
advocated
court
records
we've
if
it
gets
for
a
long
time,
but
I
think
some
of
the
motivation
is
a
little
bit
too
over-the-top,
and
particularly
on
this
one,
there's
no
reason
why
it
can't
work
on
the
web.
V
You
know
you
run
the
numbers.
We
run
two
thirds
of
the
CT
logs
on
the
planet.
That's
gonna
make
our
expenses
go
to
the
roof,
but
you
know
it
might
be
the
right
thing
to
do
so.
You
know,
let's,
let's
not
talk
down
too
much
things
like
replication
things
like
that:
a
short-term
certificate
on
the
web.
These
are
just
challenges
that
we
have
to
figure
out
how
to
solve.
Yeah.
K
W
However,
you
do
such
things.
It's
needed
that
you
have
some
channel,
that
you
get
new
versions
of
your
key
right,
so
if
the
key
is
quickly
expiring,
you
need
the
new
key
come
in
and
I'm
the
same
way.
On
the
same
communication
way,
you
can
send
notifications.
So
if
you
have
such
an
automatic
way
of
distributing
keys,
then
you
have
an
automatic
way
of
distributing
revocation
but.
B
W
B
L
Actually,
there's
some
very
good
reasons
why
you
want
to
move
to
the
short
short-term
certificates
on
the
web,
and
that
has
to
do
with
the
way
that
data
centers
work
and
how
cloud
systems
work,
and
we
recently
had
an
incident
in
which
s
the
subsea
a
sent
a
file
with
15,000
private
keys
to
a
CA,
forcing
revocation
and
some
who's
asking.
Why
did
they
have
them?
Well,
if
you
think
about
the
complexities
of
managing
the
cloud
with
current
certificates
that
becomes
inevitable,
there
is
a
path:
there's
an
option
to
dump
out
all
five
keys.
Q
Okay,
so
I
guess
the
theatres
in
here
Eric
Sprott
is:
are
you
expecting
there
to
be
some
indication
from
the
CA
to
the
to
the
client
that
does
not
expect
to
issues
issuance
ESP,
so
I
mean
so
present
so
presently
like
presently
cab
at
the
BR,
richer,
curative
or
wrong,
but
be
ours
requiring
pride
on
CSP
and
they
require
you
to
have
a
no
CSP
endpoint
and
so,
if
you're
doing
now,
not
a
very
good,
of
course,
septic
ABBA
but
I'm.
Nevertheless,
you
know
that
is
an
important
concept.
Q
So
are
you
threatening
some
or
some
indication
in
the
search
that
this
is
a
short
term?
Certain
airport
does
not
need.
Let's
just
be
checking
me,
you
don't
expect
just
apply
it
o.
K
Q
B
X
B
X
Y
K
K
K
There's
to
get
all
this
TLS
up
and
running,
you
need
a
lot
of
certificates
and
something
has
to
distribute
those
certificates
and
there's
really
some
kind
of
controller
or
management
function
that
distributes
those
certificates
and
that's
a
good
thing.
We
got
us
of
whether
a
lady
you
break
TLS
or
not
so
we're
adding
PKI
in
the
datacenter
to
manage
these
certificates.
You'd
want
the
PKI
to
be
as
simple
as
possible,
rather
than
carry
all
the
baggage
next
yeah.
K
So
that's
proprietary
use
case
my
current
work.
Well,
we
have
a
lot
of
data,
client,
sort
of
biggest
servers
and
they
all
talk
to
each
other
and
the
old
package,
and
potentially
they
could
all
talk
to
each
other
over
IPSec
or
over
TLS,
and
but
you
have
to
authenticate
them.
Otherwise,
I
you
get
a
bigger
deleted,
so
sometimes
either
encrypting
we
always
need
authentication
and
the
management
server
is
some
kind
of
a
natural
candidate.
K
You
also
run
the
CA
as
manages
everything
why
not
the
certificates
as
well
so
next,
okay,
this
is
an
example
from
anime
and
since
I'm,
not
gonna
expert.
Let's
just
leave
it
for
a
few
seconds.
People
who
understand
that
imagine
we
that
and
next
and
so
benefits
we
have
a
simple
PKI,
no
need
for
distribution
points
of
these
P
responders.
The
series
can
be
pretty
much
fire-and-forget
and
they
can
easily
integrate
into
a
management
function
rather
than
be
standalone
servers.
K
So
there
are
operational
challenges
that
need
to
be
discussed,
and
they
briefly
mentioned
in
the
document,
but
need
to
be
expanded.
So
with
shortened
author,
we
need
certificates,
clock
skew,
causes
more
failures
sooner.
You
have
proxy
you're,
always
going
to
get
certificates
that
are
either
not
yet
valid
or
already
expired.
K
When
they
shouldn't
be,
and
in
with
starts
the
press,
it
happened
sooner
and
yes,
clock
skew
is
a
thing
in
2018,
not
only
in
the
IOT
space,
see
it
in
real
data
centers,
a
Down
Siri
will
give
you
download
sooner
but
having
the
certificates
expire
over
a
year,
there
expire
really
sweet,
but
that
would
be
the
same
with
location,
service
and
there's
a
problem
with
interaction
with
certificate.
Sparrin
see
where
you
might
be
spending
this
at
a
different
fancy,
love
with
lot
more
certificates
than
than
they
expected
so
next
slide.
K
Security
properties.
Regular
certificates
with
the
relying
party
checking
on
our
sister
sponsor
is
the
best
security,
but
many
applications
cannot
live
with
the
latency,
so
browsers
refuse
to
do
online
location
checking.
Unless
you
have
mistake,
link
that's
brothers
that
exist
today,
so
the
second
best
is
to
have
OCSP
stapling
and
at
the
end
of
he
gets
the
OCSP
response
and
then
presents
it
to
be
relying
party
in
the
protocol
and
you
can
enforce
it
with.
There
must
stay
plans
extension.
K
Our
claim
is
that
star
is
roughly
equivalent
to
staple,
though
CSP,
because
we
can
make
the
certificate
issued
as
often
as
all
CSP
responses
are
issued.
So
you
can
make
the
validity
the
same
all
right
next
slide,
so
security
challenges
is
that
you
can't
just
devote
this
ticket
is
valid
until
expiration
and
you're
stuck
with
it.
The
mitigation
is
been
making
their
lifetime
shorter.
Even
with
live
equations,
both
CL,
the
no
CSP.
You
have
responses
that
are
cached,
so
the
question
is
not
immediate.
K
Ever
and
there's
no
difference
between
system
that
system
issues
that
made
when
you
are
late,
like
clock,
skew,
network
issues
and
real
the
bad
days
have
my
private
key
revocation.
So
we
have
to
treat
expiry
seriously
and
no
grace
period.
So
that's
right
summary.
We
don't
need
signed
blob
number
two
to
validate
signs
of
number
one
revocation
checks
made
sense
when
issuing
CFL's
was
easy,
while
issuing
certificates
was
hard,
but
acme
intra-party
protocols
make
this
a
non-issue
anymore.
K
Y
Height
Melinda
Shore
I've
got
a
couple
of
comments,
one
of
which
might
change
what's
actually
going
on
with
the
draft
merely
of
which
it
changes.
Language
on
the
first
is
that,
since
the
typical
case
for
evocation
is
the
private
be
compromised,
he
might
rethink
a
language
around
TVs
and
we
know
right
sergeant.
Y
It's
an
since
the
typical
case
in
which
is
something
that
certificate
is
rerouted,
that
there's
been
a
privately
compromised
I,
because
all
the
stuff
is
automated,
you
might
recommend
there
might
be
recommendations
about
freshness.
You
know
rekeying
every
new
certificate.
You
know
that's
as
computational
overhead,
but
it's
a
little
bit
more
secure.
The
other
stuff
is
that
I
do
like
this,
but
it's
nothing
to
change
the
CAD
program
requirements
right.
Y
Y
Z
Z
C
Z
Way
all
the
drawbacks
of
location
approach
are
still
still
valid,
because
certificate
deployment
makes
protocols
more
complex.
You
just
replace
crl
with
a
eggman,
and
it
makes
the
system
more
expensive
because
you
need
a
certificate
distribution
server,
which
is
always
online
and
actually
the
requirements
for
it
being
online
are
marked
strict
than
for
a
serial
distribution
server
because
for
short-lived
certificate,
this
server
should
actually
run
like
24%.
It
becomes
a
single
point
of
failure
in
its
structure.
Iii
I
mean
I
I'm,
not
sure
this
is
this
might
win
the
security
versus
usability.
K
B
K
B
L
So
this
is
happening
after
I
think
that
we
need
to
talk
to
cap
forum.
Changing
the
cap
forum
rules
is
actually
really
easy.
All
it
means
is
we
just
put
in
a
ballot
I
can't
guarantee
that
it
would
pass,
but
I
can't
imagine
that
so
long
as
you
have
status
within
the
seven
days
period,
that
cap
form
mandates
by
that
the
technical
challenge
is
going
to
be
interfacing
to
CT
I.
L
Think
that
there's
a
really
easy
way
around
that
that
requires
a
CT
people
to
rethink
what
they're
doing
and
when
it
charters
you'll
have
to
work
out
some
way
of
interfacing.
The
two
groups
together,
if
indeed
CT,
is
still
operative
and
hasn't
finished
all
its
work
at
that
point.
But
you
don't
want
the
two
meetings
to
be
scheduled.
At
the
same
time,.
AA
Max
pretty
thing
on
behalf
of
the
Animus
slide,
that
was
up
there.
They
are
very
interested
in
the
work,
and
that
makes
sense
in
their
use
case
as
well.
I
would
like
to
bring
up
the
point
that
was
made
around
the
complexity
of
the
CR
ELLs,
and
the
distribution
of
them
are,
though
CSV.
This
is
a
chunk
of
code,
we're
talking
about
which
has
been
described
as
the
most
dangerous
in
the
world.
Simplifying
that
code,
highly
supportive
I
think
should
go
to
over
here
upon
that
sure,
would.
AB
Russ
Housley,
so
the
first
thing
I'd
like
to
suggest
is
that
you
use
the
no
Rev
available
security,
a
certificate
extension
that's
defined
in
3281
to
flag
these
certificates.
Just
says
there
is
no
replication
available.
You
put
that
in
and
step
up
the
0pp
of
it
AIA
or
any
of
those
and
I
think
that
a
AV
sponsor
is
also
a
really
bad
idea
here
and
lamps.
It
seems
like
a
reasonable
home
yeah.
Q
Era
for
Scola
early
role,
rumors
like
badge
on
to
this
I
hope
so
I
want
to
make
one
technical
point
and
then
ask
a
question.
Ethical
point
is
that
I?
Do
it
I
see
how
you
think
that
this
is
technically
equivalent
to
less
staple,
but
it's
not
difficult
in
one
important
respect,
which
is
that
it
is
possible,
have
a
different
OCSP
signing
key
than
a
certificate
signing
key,
and
that
and
and
so
so
imagine
a
situation
where
you
have
a
high
security
key,
which
you
use
for
signing.
Q
That's
very
hot,
very
important,
but
you
think
that
OCSP
mistakes
aren't
as
serious
because
after
because
they
can
only
occur
as
well
as
with
signing
mistakes,
not
qicang
the
operated,
both
security
now
for
a
CA
like
let's
encrypt,
who
runs
24/7
and
these
20%
access
to
its
signing
keys,
that's
not
as
big
a
deal
but
for
a
operation
with
actually
issues
service
relatively
infrequently.
That's
a
pretty
significant
difference,
that's
not
to
say
in
short
circuits
are
a
bad
idea
and
really
that
these
aren't
equivocal.
Q
My
my
question
is
like
it's
not
entirely
clear
to
me
what
publication
it
is
draft
as
an
RFC
does
to
change
the
world
to
change
the
world,
so
I
think
it
helped
me
if
you
would
explain
why
it
matters
in
this
draft
is
published
and
why
it
matters
to
go
to
work.
Group
that'll
be
helpful
to
be
thinking
about
that.
Well,.
AC
C
A
AC
A
AD
Q
As
a
process
point
I'm
not
sure
we
need
a
hum
here,
I'll
say
Y,
which
is
I,
haven't
heard
anybody
say
this
should
be
be
sponsored
and
I.
Don't
think
you
often
think
so
either
as
my
read
and
like
we
wouldn't
stop
you
taking
it
two
lamps,
so
you
know,
and
lamps
will
stop
to
the
side
if
they
want
to
take
it.
So
I
mean
I,
guess
like
I
guess:
I'll
hum
is
fine,
but
I'm
not
sure
like
it
seems
to
be
I.
Don't
know
anybody
say
yeah
they
should
go
somewhere.
I!
Q
K
B
Think
that
we've
heard
a
couple
folks
say
lamps,
it
looks
good.
Is
there
anyone
who
thinks
that's
a
bad
idea
and
we
should
have
a
new
working
group
instead.
Okay,
then
well,
bye-bye,
you
know
unanimous
consent.
Thank
you.
Yes,
you
know
I'll
take
that
to
Lance.
Alright,
thanks.
You
next
up
is
mister.
Housley
talk
about
Merkel,
three
signatures.
C
AB
AB
I
got
it
working,
but
these
are
the
things
that
I
found
along
in
the
spec,
which
is
perfect
right,
but
here
we
are
at
am,
and
so
now
will
be
at
11:00,
but
I
think
that
hey
I
got
it
working
and
it
is
a
really
good
place
to
be.
But
the
the
interesting
thing
is
that
these
signatures
are
quantum
resistant,
they're
really
fast
to
generate
the
signatures
that
really
fast
to
verify
the
signatures.
AB
The
validator
is
very
small,
but
the
signatures
themselves
are
quite
large,
so
signing
firmware
is
one
of
the
places
that
these
things
make
a
lot
of
sense
and
I
think
that
they're
very
important
to
start
signing
firmware.
Now
we
know
from
the
sha-1
it's
a
sha-256
transition
that
it
takes
at
least
five
years
to
deploy
a
new
algorithm
and
what
I
think
we
need
to
start
doing
is
signing
software
updates
with
a
quantum
resistant
signature
so
that
when
we
decide
we
need
the
quantum
resistant
rest
of
the
suite,
we
have
a
way
to
deploy
it.
AB
AB
B
AB
AB
AB
Q
Doesn't
thank
you
the
way.
I
usually
say
it.
Maybe
it's
what
people
as
wrong.
You
need
to
verify
only
with
the
quantum
algorithm,
because
the
classical
are
going
to
assume
in
the
future.
We've
broken
and
have
verified
the
quantum
algorithm
you'd
ever
need
to
sign,
with
the
quantum
out
without
the
verification
won't
work.
Thank
you.
Well,.
U
On
it
doesn't
I
think
what
is
this
interesting
is
in
particular
in
cases
where
you
have
the
bootloader
anything
wrong.
You
can't
change
it,
you're,
not
updating
the
bootloader,
that's
what
the
code
is
and
then
later,
as
you
have
the
devices
that
you
want
to
have
out
in
the
field,
but
then
or
even
longer.
Yes,
then
that
becomes
a
challenge
so.
AB
AB
AB
B
AB
U
J
C
AE
AB
AE
Just
yeah
I
think
doing
this
work.
It
should
be
done
at
some
point.
There
has
to
be
an
idea
of
picking
between
those
two
in
the
IETF.
Obviously
a
40s
on
there,
so
that
may
be
McGrew
is
the
right
one.
I've
no
hard
opinion
of
that
I
thought.
Does
your
draft
clearly
address
the
issue
with
the
limited
number
of
uses
of
the
same
private
key,
or
do
you
think
that
is
once
within
scope
of
what
you're
taking
the
workers
do.
AF
AB
AE
S
N
AB
V
Tim
Holly,
this
is
some
my
favorite
work.
I
mean
the
post.
Quantum
transition
is
probably
the
most
important
thing
we'll
be
working
on,
for
maybe
the
next
20
years.
I
would
prefer
that
it
not
gets
scoped
to
IOT,
just
because
I
think
it
has
much
broader
applicability
and
I
understand.
You
know
research,
resource
issues
and
things
like
that.
L
Q
Air
patroller
baby
hat
on
for
this
one
yeah
I
mean
speaking,
is
84.
Lamps
hung.
This
seems
like
quite
appropriate
for
lamps
happy
to
try
to
find
you
a
co-chair.
P,
that's
necessary.
I
I
could
see
the
that
or
you
do.
The
consensus
call
yells
that
did
that.
Q
I
mean
I
I
think
this
now
speaking
personally,
I
think
this
is
like
important
work.
We
should
be
doing
I'm
a
little
sad
to
see
like
thinking
about
advancing
to
algorithms
here
I
wish
they
see.
How
far
do
you
tell
us
what
to
do
so?
We
can
stop
that
doesn't
think.
Q
Be
awesome,
I,
agree
of
PHP
that,
like
we
should
be
doing
like
we
should
be
doing
a
version
of
this
or
per
piece
well,
I
mean
if
we're
gonna
do
this
like:
let's
do
it
I
I'm
not
enthusiastic
about
having
a
post
when
working
group.
That
seems
like
a
lot
of
rest.
That's
worked
really
well
for,
like
the
sort
of
limited
thing
of
basically
hoisting,
you
know
like
changing
elliptic
curves
but
like
this
is
like
a
more
complicated
problem.
So,
like
I,
mean
I,
think
it
made
Colonels
been
great
but
I.
Q
B
AB
M
Conscience
I
mean
I
think
this
is
really
important
stuff
for
many
reasons
done:
yeah
I
I,
if
it
is
done
in
suit
I,
think
it's
very
important
that
it's
done
in
a
way
that
does
not
in
any
way
tie
it
to
the
suit
framework,
because
I
think
a
lot
of
the
IOT
vendors
think
suits
a
disaster,
but
they
do
want
to
be
able
to
use
this.
So
it
needs
to
be
an
abstract
thing
that
they
can
use
separately
from
that,
because
this
is
important.
C
AC
AB
Q
Cms,
so
you
know
I
guess
when
the
Henderson
hearing
isn't
working
well,
I
thinking
I
want
to
spend
this
up
where
you
think
you
bringing
it
to
Kozak
once
you're
done
here.
Q
So
I
guess
well,
one
thing:
I
think
that
may
be
relevant
is
like
I
went
through
document
in
pretty
thorough
is,
it
seems
like
there
are
perhaps
some
generic
considerations
that
would
apply
to
any
messaging
application
of
this
and
then
there's
the
you
know.
How
did
I
get
this
image
of
right
and
I?
Q
Wonder
I,
wonder
if
it'd
be
useful
to
you
know,
I,
don't
to
make
it
to
work,
but
it'd
be
useful
to
either
freak
that
it's
two
documents
or
a
beast
to
sort
of
like
you
know
like
make
the
document
like
clearly
say
this
is
generic,
and
this
is
like
the
stuff
that
is
like
only
applies
to
CMS,
so
that
like
then,
if
we
want
to
do
a
cozy
mapping,
we
can
just
point
back
to
like
this
document.
Nothing
like
replicas.
Q
AB
Q
Do
that
or
you
could
or
as
I
say
other
document
could
be.
You
know
please
incorporate
this
shift
by
reference
and
then
here's
the
know
date
because,
like
I,
don't
I
guess
I'm
you're
saying
to
be
good.
If
it
be
good,
if
we
could,
like
not
it'd,
be
good
at
that
section,
that
was
generic
in
fact,
was
generic
splits
accidentally
being
on
generic,
which
I
know
happens
right,
yeah,
fair.
AG
C
AG
Actually
have
a
couple
of
places
where
signing
could
be
used
and
CMS
design
the
firmware
or
considering
an
individual
draft
that
is,
a
seed
bore,
manifest
that
uses
Hosea's
container.
So
anything
we
can
do
to
accelerate
adoption
of
these
signature.
Algorithms
into
the
various
security
containers
would
actually
be
a
good
thing.
A
B
C
B
B
W
W
W
Okay,
our
background
is
we're
trying
to
make
using
of
cryptography
for
end-users
in
a
very
easy
and
it's
more
about
email
and
messaging,
it's
less
about
the
web.
What
we're
doing-
and
we
see
that
there's
plenty
of
work
to
do
and
one
of
the
points
we
want
to
introduce
you
is
the
trust
words
idea
and
asked
to
dispatch
it
next
slide.
Please
we
have
a
list
of
things
we
are
doing
in
the
pet
projects.
W
In
our
view,
we
are
trying
to
add
that,
in
this
case
of
trust
words,
we
have
a
list
of
standards,
but
no
one
seems
to
fit
at
least
we
don't
see
them
being
used
in
the
wild,
and
that
is
why
we
think
that
needs
a
new
idea
next
slide.
Just
that
you
can
see
an
overview
of
our
work,
it's
we
are
doing
encryption
for
email
and
XMPP,
and
we
are
doing
that.
W
We
are
addressing
two
major
problems.
One
problem
is
the
problem
of
key
management,
and
the
other
problem
is
the
problem
of
trust
management
in
different
ways
that
they
are
addressed
today
and
out
of
the
trust
management
idea.
That
comes
the
idea
of
doing
a
hand.
What
we
call
a
handshake
between
two
persons
on
aunt
uses
devices
I
have
to
mention
that
we
are
doing
everything
peer-to-peer.
W
So
there
is
no
server
infrastructure,
we
can
rely
on
and
we
are
using
already
existing
messaging
transports
like
email
or
XMPP
or
anything
else,
and
so
we
have
no
specific
message:
transport
we
can
rely
on.
We
have
also
transports
which
have
different
ways
of
connectivity.
For
example,
email
is
quite
offline,
so
you
get
its
replication
and
you
get
somewhere
later.
You
get
a
copy,
and
you
don't
know
if
the
other
person
is
online
already,
while
chatter
is,
they
are
opposite,
so
the
transports
have
different
properties.
We
have
to
follow
for
all
our
concepts.
W
We
need
to
think
about
transports
with
very
different
properties,
and
so
the
concepts
we
are
trying
to
introduce
can
be
used
for
any
of
them,
and
today
we
want
to
suggest
that
we
have
the
transverse
idea
being
registered,
but
then
we
need
to
explain
what
press
routes
actually
are.
Thank
you
next
slide.
B
AH
Okay,
so
I'm
now
going
to
explain
you
that
little
piece-
that's
already
documented
in
internet
draft,
so
it's
trust
works.
So
if
the
motivation
that
well
at
least
so
much
easier
to
compare
and
hexadecimal
strings
like
nobody
compares
like
AE,
f,
Yi
and
so
on
with
each
other,
because
it's
not
it's
not
semantics
to
do
so
so
the
use
case
is
actually
a
cooperation
of
fingerprints
or
some
calculations
there
of
target
audience
is
only
human
users
and
the
method
is
basically
met
being
between
these
binary
strings
and
some
worlds.
AH
The
world's
never
semantics
next
like
this.
So
we
have
here
an
example,
as
you
see
in
the
first
time,
something
that
is
no
semantics
met
into
something
that
is
semantics,
like
dog
house
proton,
something
it's
easier
to
compare.
There
is
previous
work.
Even
in
the
ITF,
there
are
some
free
RFC's.
We
could
discover
the
tetris
verbs
or
some
kind
of
word
lists
to
used,
for
example,
for
a
long
time
passwords
or
the
kitchen
fever
list,
which
is
a
similar
approach
next
place
so,
but
the
new
work
is
somewhat
different.
AH
AH
And
the
number
of
words
you
have
to
register
at
the
trust
words,
they
are
only
right,
usually
on
a
side
channel
like
a
phone
and
only
by
humans.
It's
not
like
machines
that
are
using
them
or
like
need
to
be
typed
in.
In
normal
case,
the
concept
is
open
to
any
language.
All
the
other
approaches
use
only
English
as
a
language
for
this
method.
So
we
propose
to
open
that
area
to
go
to
other
languages
that
I
use
because
they're
humans,
actually
comparing
it
and
humans,
do
not
always
speak
English.
AH
It
tried
to
establish
a
aina
haina
registry
for
the
trust
not
lists
in
different
languages.
It's
similar
concept,
as,
for
example,
in
RFC,
61.7
or
others
with
the
next
review.
Word
specification
required
next
slide.
So
the
issues
that
has
been
brought
up
on
the
mailing
list
are
was
a
translation
between
the
trust
worlds.
We
didn't
quite
see
a
use
case
for
that
and,
to
be
honest,
I,
don't
think
we
want
to
go
down
that
road.
AH
AH
I'm,
not
sure
about
the
sake
is
the
purpose,
because
it's
I
can't
hide
it
in
the
track
cause
nowadays
the
case,
but
my
idea
would
be
for
our
idea
would
be,
to
put
it
to
say,
discuss
it
there
to
detail
for
discussion
until
we
find
another
group
that
there
can
be
the
home
for
this
work
or
even
maybe
continue
and
finish
it
in
say
if
that
is
possible
and
open
for
other
suggestions
could
also
be
a
short-term
working
group
or
a
teaspoon
salt.
Maybe,
but
let's.
A
AH
W
G
Little
slow
for
this
plus
I
think
that
internalization
program
is
more
complex,
but
then
you
think
because,
for
example,
if
two
human
want
to
communicate
and
they
speak
different
languages,
the
Venn
translation,
Trust
works
in
two
different
languages
won't
help
because
they
just
don't
know,
don't
know
each
other's
language
and
otherwise,
if
they
communicate
announcing
just
digits,
the
dictionary
is
much
smaller.
Well,
they
can
understand
and
say
they
are
able
to
communicate
at
least
so
it's
not
it's
not
enough
to
translate
transport
into
different
languages.
G
W
I'm
not
sure
if
I
understand
you
right,
that's
all,
please
feel
invited
for
the
discussion
later
on,
because
that
is
a
discussion
of
how
to
do
it.
Actually,
today,
we
avoid
any
translation,
because
it's
only
important
that
if
you
decide
for
a
language
as
to
people
communicating
to
each
other,
that
they
decide
for
the
same
language
and
usually
people
sending
messaging
messages
to
each
other
do
already,
because
that's
a
message,
that's
a
language.
W
P
C
P
Precisely
but
I
got
it
to
make
a
more
substantive
point,
and
that
is
that
with
where
the
history
of
using
humans
as
intermediaries
for
carrying
cryptographic,
information
and
they're
notoriously
unreliable,
and
we
did
this
with
passwords
right.
We
use
the
human
to
carry
some
information
from
from
point
in
time
to
other
point
in
time,
and
we
do
everything
we
can
in
this
organization
to
avoid
relying
on
these
pieces
of
meat
but
hunt
very
effective
at
carrying
any
significant
amount
of
entropy
and
you're
actually
talking
about
now
using
humans
as
intermediaries
or
protocols.
P
W
We
are
not
adding
use
cases
where
we
put
that
piece
of
meat
into
the
process,
we're
doing
the
other
way
around
we're
removing
them
wherever
we
can
and
we
have
something
which
we
don't
get
rid
of,
which
is
like
people
comparing
the
fingerprints
right,
and
so
we
are
providing
an
alternative
which
could
actually
work
better.
In
our
view
for
everyone,
that's
all!
Yes,.
AI
This
is
jeffrey
askin.
I
I
really
like
the
idea
of
half
of
standardizing
a
word
list
to
represent
binary
strings
effectively.
I'm
I'm
nervous
that
you've
scoped
it
down
to
only
converting
from
the
binary
string
to
the
word
list
by
not
requiring
that
every
language
have
the
whole
65k
words,
and
I
I
wonder
if
this
should
go,
should
go
to
a
working
group
that
thinks
about
kind
of
that
that
full
topic,
rather
than
only
only
fingerprint
comparison.
AI
W
You
hit
a
point
and
we're
already
dealing
with
that.
We
have
ideas
as
part
of
the
truss
rod
concept,
how
to
deal
with
the
fact
that
we
may
have
let's
say
a
collision.
For
example:
I
have
a
language
with
less
than
65,000
words,
then,
in
this
case,
I
need
to
use
the
same
word
for
two
different
numbers:
right,
it's
unavoidable
and
so
the
idea
how
to
deal
with
that
it
as
seeing
it
as
a
collision.
So
we
subtract
entropy
and
still
care
that
at
least
128
bits
of
entropy
are
left.
J
If
you
have
better
ideas,
this
is
Daniel
Martinez.
He
are
you
so,
in
contrast
to
Martin,
I
do
believe
that
it's
important
that
we
think
about
how
these
views
of
meat
are
integrated
into
these
protocols.
So
I.
Thank
you
for
having
that
focus.
That
said,
I
am
not
convinced
that
16-bit
word
lists.
Make
sense
in
any
human
language.
J
So
already
after
four
languages
were
down
to
a
language
where
you
have
to
know
half
of
all
of
the
words
to
be
able
to
understand
any
given
word
list,
and
if
you
want
the
meat
to
be
in
the
loop,
the
meat
has
to
understand
the
word
and
so
I'm
concerned
that
the
size
that
you've
chosen
is
is
going
to
make
the
meat
unable
to
cope
and
I.
Just
want
to
point
out
that
the
combination
question
is
about
how
the
combinations
work
is
valid.
I
saw
the
trust
words
demonstration
at
the
last
IETF.
J
B
I
Joe
Hildebrand,
so
this
is
the
the
second
time
that
you
write.
So
you
guys
talk
in
art,
and
so
the
how
I
have
on
here
is
from
the
excellent
Yuki
community.
You
have
XMPP
on
your
slides
and
you
have
pep
on
your
slides
in
XMPP,
land
theft
is
Jeff
163,
which
is
the
personal
inventing
protocol,
and
it's
really
pretty
widely
used
in
a
variety
of
things
and
so
like
if
you're
gonna
interact
with
the
accent
compete
stuff
at
all,
I
was
just
thinking
about
that
at
least
a
little
bit.
B
I
W
W
Q
W
Now
I
think
so
so
we
have
the
idea
to
register
to
make
applications.
I
think
why.
W
C
W
Do
we
don't
I
personally,
don't
think
there
can
be,
or
there
is
a
discussion
needed
what
we
will
publish
because
we
publish
anything
and
any
without
exception,
but
I
don't
know
if,
where
other
you
know,
this
is
of
about
interoperability,
of
course,
so
I
don't
know
what
other
people
want
to
take
out
of
that
toolbox,
but,
and
so
that
is
that
made
the
idea
that
we
publish
things
in
as
fractions?
If
you
want
to
I'm,
not
sure
if
I
understand
you
right,
but
I
don't
see,
I,
don't
think
you're.
Q
Really
dressed
in
the
question
I
mean
you
have
like
10
drafts
and
in
the
art
in
the
art
dispatch
I
got
the
impression
you
intended
to
bring
to
work
in
general
idea,
and
that
was
why
you
had
the
mini
graphs,
and
so
I'm.
Trying
to
understand
is:
is
your
intent
to
come
to
IETF
and
ask
or
that
yeah
I
think
this?
This,
like
a
chart
is,
is
your
intent
pursuit
you
ask
to
bring
this
work
of
general.
It
ITF
the
way
they
like
you
know.
B
W
Okay,
I
am
already
learned
that
I'm
still
quite
new
to
the
ITF.
Okay
I
already
learned
that
there
are
things
which
are
matching
the
needs
of
idea,
for
example,
when
we
define
formats
or
when
we
define
protocols-
and
this
trust
word
thing
is
more
going
to
registry
thing.
I
guess
and
other
things
I
already
learned
do
not
match
the
scope
of
the
idea.
For
example,
what
we
are
doing
in
the
user
interface
I
learned
will
not
be
shot
off,
but.
W
W
A
Tory
Steve,
Kerr,
saying
I
think
the
feedback
is
you
have
a
collection
of
things
you're,
definitely
making
some
decisions
about
what
might
be
in
scope.
Add
a
scope
for
the
idea,
but
part
of
the
recommendation
is
don't
piecemeal.
It
don't
bring
one
draft
one
draft
bringing
the
collection
of
things.
You
think
the
IETF
should
be
working
on
together
and
talking
about
it
together,
instead
of
as
an
individual.
Okay,
that's
great
if
I'm
I
pick
them
in
so
by.
W
Q
So
I
guess
the
so
make
submit
submit,
so
maybe
that
maybe
that
poses
the
question,
but
but
a
smaller
scale
version
the
same
question
is
this
document
isn't
actually
defying
any
trust
once
this
document
just
defines
like,
as
far
as
we
know,
algorithms
for
how
to
highest
with
the
metadata
cuss
words,
that
is
a
modest
usefulness.
Are
you
planning
to
also
define
the
trust
worth?
Are
you
playing
to
also
bring
a
transfer
a
list
of
the
IETF
for
any
language
at
all?
Q
Well,
I'm
gonna.
Try
to
figure
out.
What's
a
useful
component,
I
mean
like
like
to
be
frank,
like
absolutely
Frank
about
this,
like
the
idea
of
taking
a
128-bit
or
a
string
and
cutting
up
the
pieces
and
looking
for
the
word
list
is
very
well-known
and
so
like
we
don't
really
need
a
document.
It
doesn't
actually
define
like
the
words
themselves
because,
like
does
it
actually
help
me
very
much.
G
AH
Not
sure
that
I
understood
your
question
correctly,
but
this
document
is
basically
defining
the
IANA
process
to
register
trust
words,
which
has
to
be
somewhat
in
the
trans
before
we
can
bring
the
trust
well,
so
it
can
bring
them
at
the
same
time,
but
there
will
be
definitely
documented
treach's.
So
this
kind
of
stress,
though
I
I,
guess
I,
don't
think.
Q
I
guess
I'm
I'm
not
like
blown
away
by
registering
the
registry
like
like,
like,
let's
just
think
much
as
preservation
protocol,
say
PGP
right.
Sorry,
let's
think
with
a
protective
of
a
protocol
like
PGP.
Save
PGP
wish
to
adopt
a
new
set
of
trust
words
that
didn't
like
the
old
PGP
trust.
Words
like
this
document
will
not
assist
them
in
that
end,
Everett
anyway,
and
order
system
that
endeavor
would
be
having
a
list
of
trust
workers.
Q
They
could
point
you
and
so
I'm,
and
so
I'm
trying
to
understand
is
like
again
like
what
is
the
semantic
content
of
the
unit.
You're
asking
us
to
adopt
and
semantic
content
is
merely
the
merely
creation
of
the
registry.
That
seems
like
not
very
useful.
The
semantic
content
is
the
creation
of
the
creation
registry
seeded
with
words
or
some
common
languages.
That
seems
like
a
potentially
useful
contribution.
I,
don't.
L
L
Maybe
a
way
forward
here
would
be
to
look
at
the
draft
and
work
out
some
way
of
refactoring
it
so
that
the
registry
proposal
makes
it
easy
to
is
a
little
bit
more
general,
so
that,
besides
putting
words
in
I,
would
like
to
put
images
in
if
I
had
a
dictionary
of
65k
images,
I
could
use
those
for
comparison
of
equality
of
two
fingerprints
without
having
to
bother
about
the
internationalization
thing
yeah.
How
many
of
them
are
cats?
Well,
they
eat.
L
W
L
Need
to
have
in
the
I
on
a
registry
at
minimum,
it's
no,
the
content
type
of
the
unit
and
the
Shah
to
hash
of
the
APEC
of
a
list
of
words.
If
you
have
that
information,
you've
then
got
a
fix
for
verifying
and
if
you
then
got
a
link
somewhere
that
allows
somebody
to
link
to
the
list
of
words.
If
it's
public,
then
you've
got
a
generic
way
of
using
the
public
words.
L
G
One
comment
that
correlate
with
good
energy
kg
said
and
to
do
map
and
16-bit
binary.
Where
is
two
dictionary
of
words,
so
it
means
that
your
dictionary
is
65,000.
Words
consist
of
six
65,000
good
person.
It's
quite
a
lot
for
every
human
to
know.
An
average
human
except
active
dictionary
is
about
several.
G
The
basic
dictionary
is
probably
ten
to
twenty
to
thirty,
thirty
thousand
for
64
to
65
thousand
words,
it's
a
colon
twist
and
in
your
proposal.
Well,
it's
a
key
for
the
human
who
read
this
great
Oh
China,
but
on
the
other
side,
these
are
as
a
human
must
understand
them,
and
if
you
just
know
this
word,
it
doesn't
none
of
this.
What
you
won't
understand
me,
it
will
be.
M
M
Thousands
in
most
languages,
but
yes
yeah
so
I-
think
we
yeah,
but
so
let
me
switch
for
a
second
here,
:
getting's
you're,
talking
about
the
wrong
we,
the
whole
group
of
us
right
now
are
talking
about
the
wrong
thing,
we're
talking
about
this
work
and
that's
not
what
we
need
to
do
here.
What
we
need
to
talk
about
is,
what's
the
problem
we're
trying
to
solve
and
where
we're
going
to
solve
it
and
get
it
done
and
whether
we
should
do
it
now,
I
haven't
heard
anyone
speak
to
yeah.
M
This
work
should
never
happen,
kill
it.
It's
certainly
too
confused
and
too
many
different
things
going
on
to
possibly
consider
a
be
sponsoring
it.
Ok.
So
what
you
need
to
do
next
on
this?
My
opinion
is
that
somebody
needs
to
write
up
a
mini,
a
small
charter
and
discuss
it
of
what
the
work
would
be
done
by
some
working
group
that
could
take
on
dealing
with
whatever
it
is.
M
You
think
you're
doing
here,
because
you
clearly
don't
agree
on
what
you
think
you're
doing
or
what
the
scope
of
it
is
or
how
big
it
is
or
how
it
is,
and
the
reason
is
it's
because
no
one's
written
down
a
chart,
so
that
would
be
I.
Think
that
the
next
step
that
you
forgetting
this
to
go
anywhere
I,
don't
even
think
you
could
take
a
hum
on
whether
people
think
that
should
be
a
mini
working
group
or
not,
because
no
one
even
knows
what
we'd
be
talking
about
is
a
mini
working
group.
M
What
is
its
scope
would
be,
there's
very
different
viewpoints
on
it
and
in
general
I.
It
would
be
good
if,
when
things
came
to
this
group
that
had
the
possibility
of
perhaps
being
a
working
group
that
one
of
the
things
that
you
had
that
was
being
talked
about
and
brought
forefront
would
be
a
potential
draft
charter
that
got
everyone
in
scope
on
what
the
what
the
work
is.
That
makes
sense
is
that
you
guys
agree
with
that
or.
AH
M
Exactly
the
point
charter,
what
what
is
it
you
think
we
should
be
chartered?
We
don't
know
what
you're
asking
us
to
charter.
We
have
no
idea
and
all
the
different
people
have
come
up
to.
The
microphone
have
had
somewhat
varying
different
ideas
or
I've
been
I
have
not
been
unable
to
understand
what
they
thought
that
the
scope
of
the
work
was
right
and
you're.
Getting
that
too,
you
don't
know
which
one
of
those
boxes
on
the
on
that
picture
you're
even
asking
the
eye
you
have
to
do
again.
M
I
M
M
Maybe
this
is
the
one
you
want,
but
is
a
group
to
come
up
with
a
trust
work
with
which
you
know
a
group
that
fixes
the
problem
of
taking
a
binary
string
and
producing
a
trust
worth
of
trust
list
of
work.
It
would
include
the
words
and
selection
of
the
words
as
well
right,
that'd,
be
a
very
generic
product
that
lots
of
people
could
use
and
had
value
I'm.
Just
the
like.
M
We're
gonna
have
a
random
idea
for
a
list
of
words
like
that's,
that's
not
going
anywhere,
that's
not
enough,
so
that
would
be
the
trust
part
of
it.
Another
part
that
I
heard
some
people
speak
to
was
well
how
you
took
that
tool
and
used
it
in
different
protocols
was
also
a
value,
so
some
people
might
want
to
do
that.
AF
David
bright
turns
out:
I
got
up
here
to
+1
plucky's.
First,
first
suggestion
figure
out
what
the
minimally
useful
protocol
is,
that
uses
trust
words
to
get
a
secret
from
a
tip
to
get
this
big
binary
thing
from
point
A
to
point
B
and
write
up
the
protocol.
What
it
saw,
what
his
assumptions
are,
what
you
must
not
do
with
it
and
that
then
becomes
a
work
item
that
could
be
concretely
chewed
on
and
figure
out
what
to
do
with
it.
Okay,.
A
So,
regardless
of
kind
of
all
that
more
discussions
seemed
like
it
was
required
for
next
step
and
a
lot
of
it
had
to
do
with
specificity
on
the
bigger
the
bigger
context,
and
so
a
lot
of
what
you
were
saying.
The
beginning,
sag
discussion
makes
sense,
you
know
I.
Will
we
heard
here
at
the
mic
was
more
discussion,
more
clarity
on
on
what.
B
M
If
you're
discussing
the
technical
details
of
how
this
works
in
various
parts
of
it,
I
could
care
less,
where
you
detect
that,
maybe
I'm
sure
it
actor
will
have
more
things,
but
if
you're
discussing
how
we're
going
to
charter
some
work
that
does
this
and
we're
discussing
a
charter
I
think
that
should
be
on
this
working
group
list.
That
is
the
purpose
of
this
working
group.
I,
think
you
should
stop
discussing
the
technology
on
this
list.
You
have
discussed
what
is
the
problem
and
the
scope
think
rinse
off
I
agree.
B
Q
Make
sense
I
career,
did
you
so
I
think
I
think
I
guess
I
would
say
it
depends
and
I'll
try
to
give
you
my
attends
to
the
extent
to
which
this
is.
You
know
relatively
I'm,
just
thinking
of
thing
he
had
a
little
bit
just
enter,
which
this
is
a
relatively
contained
thing,
which
was
to
do
which
has
relatively
small
tively
like
you,
which
you
think
yeah
chartering
then
probably
appropriate.
Other
disgusting.
V
Q
List
this
tent,
to
which
you're
thinking
of
bringing
us
the
antral
piece
of
work
IETF
then
like
the
first
thing
is
gonna
happen
when
you
do
that
is
people
are
gonna,
ask
well
where's
your
mailing
list
and
how
much
traffic
on
your
mailing
with
them
with
evidence
in
tourism,
not
in
there,
as
if
you're
thinking
of
bringing
like,
basically
all
the
crap
and
read
to
IETF,
then
you
know
or
I'm
not
sure.
Actually,
the
colors
mean,
but
like
all
the
things
like
involved
wired
protocols,
IETF,
then
we
should
ask
for
is
a
nonworking.
Q
Out,
like
figure
I
mean
I,
guess
I
would
say,
like
internally
figure
out
whether
you
have
a
really
small
bite,
size
thing
or
a
big
thing,
and
if
you
have
a
small
bite
sized
thing,
then,
as
poem
says,
appropriate
to
discuss
the
sex,
the
Charter
on
sec
dispatch.
If
you
have
a
big
thing,
asked
us
for
which
we'll
have
to
regret.
You
ain't
know
your
mailing
list
where
you
can
like
start.
The
process
of
like
acting
like
people
are
in
the
idea
and
thus
makes
it
easier
to
actually
got
to
work
at
night.
Yet.
D
D
What
we're
trying
to
do
as
well
as
define
packaging
and
content,
to
explicitly
identify
that
payload
to
middleboxes,
so
we're
not
trying
to
hide
we're
trying
to
be
very,
very
obvious
and
advertise
exactly
what
we're
trying
to
do
so
middle
box
is
full
visibility.
Well,
little
box
of
visibility,
intimate
PLO
content
is
its
TLS
records
or
to
design
check
records,
so
the
gold
stay
figure
up
everyone
to
do
this
work.
We
had
a
way
to
working
launched
yesterday
and
we'd
around
30
40
attendees,
generally
positive
feedback
and
preamp.
D
Some
of
the
questions
to
gonna
come
up
and
there's
a
couple
of
a
couple
of
concerns.
Two
primary
concerns
were
at
EKG
on
no,
it's
just
gonna
be
turned
into
turtles.
All
the
way
down.
Are
we
going
to
have
another
application
area,
sent
up
fabrication,
arity
less
discussion
next
year
and
there's
also
some
concerns
raised
about
him.
Thank
you
using
HTTP
as
not
exactly
reliable
transport.
That's
like
so
use
cases.
First
use
case.
This
is
the
Cisco
use
case,
those
in
the
Cisco
draft.
D
What
we're
trying
to
do
is
bootstrap
trust,
actually
trying
to
put
your
trust
in
the
middle
Docs.
So
the
issue
we
have
an
issue
were
hitting
today
in
deployments:
is
we
unbox
a
device
plug
them
into
the
network?
The
device
need
to
connect
to
the
Cisco
coyote.
The
operator
has
a
TS
interception
middle
box
deployed.
The
box
is
now
dead
in
the
water
and
it's
a
very
expensive
operation
for
the
operator
to
bootstrap
that
device,
as
you
have
to
manually,
go
to
the
device
and
provision
the
TLS
intersection
proxy
service
on
it.
D
AB
D
To
your
home
gateway
to
some
kind
of
application
running
on
your
mobile
phone
and
the
data
that
you
need
to
gather
from
that
device
is
sensitive.
You
do
not
want
to
share
it
with
Gateway,
don't
trust
the
gateway,
so
you
want
to
establish
a
encrypted
channel
between
the
client
and
the
server
and
between
multiple
different
transport
links,
multiple
different
hops
and
the
simplest
way
to
do.
It
is
well
we're
proposing
if
the
simplest
way
to
do
it
is
to
exchange
to
get
us
records
at
the
application
area
of
the
transport
and
establisher
and
encryption
keys.
D
That
way,
the
second
device
is
very
sorry.
The
second
use
get
is
very,
very
similar.
Give
a
constrained
device
that
wants
to
connect
by
a
gateway
to
the
cloud
the
device
doesn't
the
device
does
not
trust
to
Gateway.
The
crowd
doesn't
trust
to
get
where
you
want
to
protect
your
application
there
from
that
gateway,
same
solution
use
TLS
records
to
establish
an
encryption
channel
between
your
constrained
device
and
the
cloud
service.
D
So
when
we're
looking
at
this
there's
a
couple
of
different
ways,
you
can
do
this,
but
in
the
implementation
options,
what
I'm
showing
here
on
the
left
is
where
we
actually
establish
a
full
TLS
session.
I
keep
the
TLS
session
active
for
the
entire,
the
entire
duration
of
data
exchange,
and
we
send
encrypted
data
inside
the
TLS
session.
So
every
single
encrypted
data
packet
is
sent
as
a
record
that
obsolete
means.
D
You
need
to
worry
about
making
sure
that
you're
all
the
theatre's
records
get
between
the
client
and
the
server
if
you're
using
TLS,
you
need
to
worry
about,
am
the
reliability,
the
transport
layer,
or
else
you
could
use
TLS
and
the
second
option
is
use
key
exporting
and
with
the
second
option,
all
your
using
TLS
for
the
application.
There
is
two
round-trip
handshakes
and
clearly
to
establish
a
TLS
session.
D
The
option
on
the
Left
shows
your
transport
layer
and
there
may
be
encryption
taking
place
to
the
transport
layer
and
on
top
the
transport
layer,
you're
TLS,
record
headers
and
your
data
is
encrypted
inside
those
two
nodes
records
and,
on
the
right
hand,
side
with
key
exporting
I'm,
not
showing
the
TLS
handshake
you're
explicitly,
but
assuming
your
TLS
handshake
has
taken
place.
Then
your
encrypted
application
data,
which
is
encrypted
using
those
exported
keys,
is
transported
directly
over
the
transport
layer.
I
think
that
was
the
best
like.
D
O
Connect
so
with
option
one.
We
were
just
carrying
all
of
the
data
in
TLS.
We
recall
that
you
tell
us,
has
a
prerequisite,
a
reliable
in
order,
data
stream
and
I
believe
the
draft
was
say
referring
to
using
HTTP
as
potential
transport
that
you
might
want
to
be
using.
This
was
telling
over
on
Patrick
and
Mark,
are
in
the
room
and
can
correct
me
if
I
say
that
you
know
HTTP
by
itself
is
not
reliable.
O
In
order
transport
layer,
there
would
need
to
be
some
work
to
go
in
to
specify
how
to
turn
each
one
of
these
potential
protocols.
You
want
to
tunnel
over
into
a
reliable
in
order
data
stream,
and
once
you
do
that,
that's
all
the
work
you
just
literally
run
TLS,
because
you
have
this
stream
that
you
can
use,
whereas
with
the
second
option,
where
you
run
just
the
TLS
handshake
and
do
ki
exporters,
that's
a
little
bit
less
complicated,
potentially
and
that
you'll
need
to
worry
about
in
order
and
reliable
for
these
first
few
messages.
O
But
TLS
itself
does
not
really
expect
to
give
you
where
the
message
boundaries
are
in
terms
of
you
need
to
retransmit
something
what
you
retransmit
and
you
know,
what's
the
ordering
and
then
at
the
end
of
that
and
shake
you.
Just
have
these
keys
that
you
exported,
and
now
you
have
to
specify
some
completely
new
protocol
to
do
your
actual
data
encryption
here.
Your
data,
so
it
sort
of,
seems
like
either
way
you're
basically
required
to
do
a
lot
of
work
and
specify
a
complete
new
protocol.
O
D
So
so,
first
on
the
unreliable
transport,
you
could
use
TLS
and
send
details
records
between
the
client
and
the
server
and
on
the
on
the
key
exporting.
Okay,
if
you
want
you
could
use
TLS
records
and
it
makes
the
mix
the
reliability
problem
far
far
simpler,
because
you
only
do
have
to
worry
about
two
round
trips.
That
makes
specification
of
that.
Retry
make
this
really
really
trivial.
You
don't
need
to
ensure
two
packets
get
through
unless
they're
large.
B
It
turns
out
in
practice
that
if
you
know
and
I
think
it's
implemented,
it's
like
when
you
look
at
what
the
things
are,
that
wants
enemies,
request
responses
their
flights
from
the
client
server
that
are
clearly
defining.
The
stack
gives
you
clear
signals
for
when
that's
starting
those
things
start
and
end,
because
when
it's
done
writing-
and
so
you
have
a
pretty
clear
idea
of
what
the
chunks
are,
that
you're
getting
back
and
forth
and
their
reliability
properties
are
pretty
clear.
O
V
Have
McManus
Pat
McManus
Mozilla
thanks,
then
you're
gonna
make
my
comments
shorter,
so
I'll,
plus
one
of
those
to
start
with
I,
actually
wanna,
make
some
dispatch
comments.
I.
Actually,
in
retrospect
wish
I
had
objected
to
the
agenda
bashment.
They
don't
think
the
right
people
in
'silly
in
this
room
or
can
be
assumed
to
be
in
a
security
meeting.
I
think
this.
This
crosses
a
lot
of
topics
you
know
we're
fundamentally
now
talking
about.
Was
this
the
transport
Kuroko
and
its
interactions
with
transport?
It
does
very
little
to
TLS.
V
Sorry,
that's
actually
not
a
whole
lot
of
impact
to
the
security
directly,
but
it
is
the
definition
of
how
to
build
an
application
protocol
on
another
transport,
and
so
it
may
very
well
be
an
art
topic
is
a
lot
of
those
things
are
and
given
that
it
has
like
all
those
interactions.
My
suggestion
for
this
working
group
session
is
that
this
be
table.
There's
probably
only
suitable
for
a
full
ITF
scoped
off
right
to
get
all
those
perspectives.
V
The
other
thing
you
know
the
this
build
something
that
looks
a
lot
like
an
HTTP
connect
tunnel
right
and
it
gives
it
different
names,
I
guess
its
value
is
that,
like
we
can
expect
it
to
work
today,
it's
still
unclear
to
me
why
someone
would
allow
this
in
situations
where
they
wouldn't
know.
I
would
connect
hello
once
figure
it
out.
V
This
is
what's
going
on
and
the
goal
of
this
work
is
to
be
visible
and
the
goal
of
his
work
is
also
explicitly
to
annotate
each
message
going
through,
which
is
very
much
like
the
plus
but
kind
of
work
going
they've
gone
on
before
so
now
you
can
attack
which
cookies
to
every
message
and
so
on
that
might
be
a
undesirable
property.
So
I
would
certainly
want
to
see
a
much
broader
audience.
D
D
I,
don't
think
that
I
think
this
solves
a
different
problem:
HP
connect
online
I,
don't
think
HIV
connect
on
Allah
solves
the
issue.
This
historic
salt
they
should
be
connect.
Onling
is
generally
to
hop
over
a
local
domain
forward
proxy,
whereas
if
we
wanted
to
use
connect
tunneling
for
solving
this
issue,
we'd
actually
be
using.
It
connects
to
hop
over
a
reverse
proxy
in
front
of
the
Artem
server.
J
This
is
Daniel
Congo,
more
so
I
would
want
to
+1
both
of
the
previous
Commons
I
feel
like
there's,
there's
a
bunch
of
stuff.
That's
mixed
in
here
in
terms
of
sex
dispatch.
I
would
actually
say
not
that
this
should
go
to
the
whole
IETF,
but
this
should
be
broken
apart
into
the
different
things
that
it
does.
If
there
is
a
if
there's
a
question
about
how
do
we
transport
datagrams
or
applications?
Let's
do
that?
Let's
do
that
in
the
transport
group.
If
there's
a
question
about
how
do
we
annotate
TLS?
J
Let's
bring
that
to
the
TLS
working
group
and
say
hey,
we
want
to
stick
more
data
outside
the
TLS
packets
and
we'll
have
a
discussion
about
how
that
extension
works.
Maybe
that
discussion
will
be
very
fruitful
but
will
at
least
be
having
it
in
the
right
place.
So
I
think
there's
too
many
different
use
cases
here
for
us
to
actually
have
a
clear
discussion
about
what
this
is
trying
to
do,
and
so
I
recommend
breaking
it
up
and
thinking
about
the
transport
and
the
security
properties
separately.
Q
Never
squirrel
it
so
I
certainly
don't
think
it's
fruitful
to
try
to
like
design
this
protocol
in
this
meeting.
I
think
it's
usually
mean
it
seems
to
me,
like
the
questions
that
might
be
useful
for
the
discussion.
This
meeting
are
one.
Do
people
generally
think
that
tunneling
some
sort
of
cryptographic
protocol
specification
tunnels
in
traffic
protocol?
Well,
there's
something
else
over
application
layers
is
a
useful
thing
for
the
IETF
to
be
defining
I
mean
that
that
won't
lead
to
it
not
only
doing
bleaker.
Q
Even
if
every
room
heats
it
then
I
think
you
know
what
the
answer
is
the
and
so
that'd
be.
The
first
thing
I
would
think
that
would
useful
to
like
get
our
heads
around
and
then
I'm
hearing.
You
know
the
I'm
hearing,
various
I
I
agree.
I,
don't
think
we
started
this
here.
You'd
put
this
somewhere
here
of
you,
give
it
twice
so
I
think
that
you
know
this
question
that
that
sort
of
on
one
hand
we
had
me
there
should
be
up
off
in
their
head.
Q
We
can't
be
overrated
should
be
like
dissected
into
pieces
and
part
it
out
also
like
these
fall
for
people
to
explore.
So
I'd
encourage
people
focus
on
those
questions,
rather
than
the
questions
of
like
exactly
what
the
technical
mechanics
are
here,
which,
like
I've,
no
doubt
that,
like
with
enough
rapping
or
slicing
or
whatever,
we
can
figure
out
some.
How
do
I
tell
the
laksa
prefer
to
call
for
HTTP
heavy
that
can
be
worked
out.
U
This
is
honest,
so,
as
many
know,
I
worked
on
IOT
security
and
I
need
an
end-to-end
security
solution
and
I
have
not
just
an
HTTP
based
environment,
but
they
have
a
mixture
of
different
verticals
and
I
want
to
have
some
handshaking
mechanism
and
then
secure
the
application.
Data
in
TLS
provides
me
that
capability
and
it
turns
out
that
it
can
be
incorporated
with
existing
code
fairly
easily.
U
We
have
been
passed
around
in
in
various
different
groups
on
trying
to
do
that,
entertain
that
idea
and
get
a
start
of
feedback
on
what
we
would
consider
both
from
a
trench
for
the
toilet
from
a
security
point
of
view,
but
every
every
place
we
go
to.
We
essentially
push
to
another
place
and
it
sounds
a
lot
at
this
time
going
to
they're
going
to
the
IDF
was
who
was
done
on
here
less
extensively
that
we
are
now
being
told?
U
Well,
maybe
that's
not
a
right
thing
to
do,
while
at
the
same
time,
in
a
suit
much
smaller
audience
for
it,
man
only
a
fraction
of
security
people
in
the
room.
It's
fine
to
entertain
the
idea
of
defining
essentially
a
new
TLS
version
for
the
application
layer,
just
using
a
different
encoding
as
Steve
or
cosy
encoding,
which
requires
me
to
re-implement
everything
from
scratch.
I
don't
get
that.
T
Definitely
Moriarty
easy
for
a
day
and
a
half.
So
to
me
this
sounds
like
it's
right,
probe
off
and
I
would
think.
It
also
seems
like
it's
if
it
goes
to
a
working
group
that
it
would
be
one
that
we
would
handle
in
a
cross
area
way
as
opposed
to
dividing
up
so
what
we
do
with
that
normally
is
we
pick.
T
You
know
the
area,
directors,
chat
and
figure
out
which
areas
should
it
go
in
if
it's
crossed
and
then
partway
through
the
working
group
life
cycle,
it
can
even
get
switched
over
to
the
other
area.
Based
on
you
know,
do
we
want
an
increased
participation
from
a
different
area?
So
that's
another
possibility.
I
didn't
hear
anyone
mention
that,
but
I
don't
want
that
to
be
lost,
because
it's
a
good
way
to
manage
something
that
crosses
multiple
areas.
B
Regards
I
just
kind
of
like
to
synthesize
what
Eric
and
Hannes
were
saying,
I.
Think
the
point
of
these
use
cases
that
oh
and
it's
presented
is
that
they,
we
do
have
use
cases
for
tunneling
a
security
protocol
over
the
top
of
the
application,
their
protocol,
and
it
said
the
reason
this
is
application
their
TLS
as
opposed
to
app.
C
B
D
D
Q
Here's
what
I
think
the
PowerPoint
campaign
said?
Why
don't?
Why?
Don't
you?
Why
don't
that
proponents,
this
get
together
with
the
area,
directors,
I,
think
I,
would
think
minimally
for
art
and
for
Arden
security
and
we'll
see
if
we
can
figure
out
a
way
for
you
that
to
like
have
you
know,
check
Taurus,
there's
a
way
for
this:
what's
prison
Bop
because
I
think
I
agree
their
bosses
right.
B
C
A
Okay,
so
just
summarize
summarize
what
we
heard
so
first
we'll
take
the
feedback
that
this
was
a
late-breaking
kind
of
item,
and
you
know
it's
helpful
to
treat
those
perhaps
in
a
different
way
or
careful,
careful
consideration
in
planning,
so
everyone
that
comes
here
can
read
about
these
items.
I
heard
thee.