►
From YouTube: IETF102-IPSECME-20180718-1520
Description
IPSECME meeting session at IETF102
2018/07/18 1520
https://datatracker.ietf.org/meeting/102/proceedings/
A
We
have
bruises
that
are
probably
already
forced
everybody,
I
think
or
is
their
vegetable
seeds
or
going
around
there
should
be
one
blue
sheet
called
rod
where
it
is
okay,
it's
already
passed
in
the
end,
so
somebody
good
practice.
We
bring
it
out
here
in
the
front,
because
I
think
there's
probably
going
to
be
people
coming
in
not
late,
but
actually
on
time.
A
A
What
if
you
are
having
a
discussion
or
something
like
that,
so
there's
already
I
prefilled
it
we
talk
or
if
you
know
things
out
there,
so
it's
actually
very
easy
to
in,
and
you
just
see
where
cocoa
optic
and
if
you
have
a
chopper
scribe,
we
do
have
people
there
at
least
admit
a
code,
but
they
like
that.
But
we
also
coming
up
questions
from
this
chopper.
Anybody
willing
to
do
chopper,
scribing.
A
Actually
would
be
interesting
to
have,
okay
could
fall.
You
can
do
it
because
one
of
the
things
is
because
if
you
have
a
very
we
have
a
remote
presenters,
then
we
actually
cut
them.
I
think
they're,
I,
don't
know
what
actually
I
can
see
that
the
if
they
were
might
need
to
know
what
the
slider
you
are
on
because
actually
ostomy
take
horse
up,
show
you
actually
the
slides
or
the
person
who
is
speaking
alright.
A
Okay,
so
then
we
have
a
choppers
room
and
we
have
a
meter
Co
and
at
eater,
pod
and
I
actually
remember
to
update
person
on
ITF
numbers.
So
here's
our
agenda
for
now
in
the
attenti
passing
the
autistic
stuff.
Anybody
had
any
big
that
needs
to
be
changed
here
or
update
it
you're.
Actually
we
don't
have
too
many
items
there
or
we
have
a
some
items,
but
actually
I
think
we
should
be
getting
this
done
quite
quickly.
I
picture
submit.
That
must
disgust
me.
So
if
there's
nothing
else,
then
we
go
to
reach
our
Turing.
B
Irrigator
so
I
have
a
draft
order
from
a
German
which
had
a
buncha
light
IHC
comments.
You
sent
me
a
revision
which
they
encourage
most
to
come
us,
but
on
all
of
them.
I'm
gonna
realize
it
attempt
to
hit
all
of
them,
and
then
it
should
go
out
for
sure
no
review
I
don't
see
any
hundreds
of
any
problems,
but
so
I'll
actually
try
to
go
out
during
this
meeting.
Perhaps.
A
Alright,
so
the
next
one
is
draft
status,
so
we
have
one
craft
that
is
the
EDD
si
that
is
in
our
shared
eater.
Q
has
been
there
for
a
long
time
and
I.
Guess
it's
because
it's
a
part
of
very
big
group
of
documents
that
are
going
to
be
published.
At
the
same
time,
there
are
now
in
Hadley
some
of
those
are
in
out
48
hours,
I'm,
not
sure
if
all
of
them
are
already
out
48
hours,
but
it's
it's
going
to
be
probably
taking
some
time
to
cook.
A
It
I
think
there
was
about
almost
10
documents
in
the
same
cluster,
so
it
still
takes
some
time
to
get
all
of
them,
true
and
so
on.
But
it's
already,
you
know,
should
be
getting
ready.
Then
we
have
the
split
dns
document
that
was
given
to
the
ATS,
an
ad
say:
ok,
there's
some
issues.
We
will
come
back
to
the
later
of
those
we
have
one
that
is
through
working
group
last
called
implicit,
IV
and
I.
Guess
it.
We
didn't
get
any
comments
during
there,
but
I've
never
already
addressed
analyst,
but
we
have
actually.
A
A
That
that
document,
but
some
of
the
other
documents
in
the
same
cluster
are
still
I-
think
RFC
edit,
it's
and
I
don't
think
any
of
them
goes
out
before
everything
is
out.
Everything
is
ready,
so,
and
so
the
controversial
stuff
still
needs
to
I
think
we
are
going
to
be
starting
group
last
talk
very
quickly
after
this
idea
for
subscribe,
death
or
maybe
baby,
but
actually
I
want
to
actually
read
it
before
I.
A
E
E
Misuse
of
this
that
allows
a
VPN
server
to
essentially
a
hijack
and
replace
your
certificates
with
TLS
a
records
using
the
split
des
mechanism,
and
so
we
discussed
this
earlier
this
week
because
we
do
definitely
want
to
resolve
this
issue.
Just
like
an
hour
ago,
we've
posted
a
update
to
the
document
to
try
to
incorporate
some
of
the
thoughts
that
came
up
in
that
meeting,
so
we'd
like
to
review
them
now
and
hopefully
resolve
things
or
at
least
decide
as
a
working
group
what
to
do
going
forward.
E
For
me
right,
you
can't
just
put
star
so,
as
we
say,
dot
must
not
be
white
listed,
so
you
cannot
let
the
VPN
server
just
override
everything,
and
this
is
specifically
different
from
what
a
normal
split
DNS
domain
would
be
split.
Dns
does
not
without
DNS
egg
does
not
have
the
same
restrictions.
This
is
just
going
to
be
for
the
DNS
SEC
part,
so
any
updates
half
so
any
updates
of
the
domain
names
either
must
be
done
by
the
user
or
by
having
explicit
administrative
changes
not
being
done
in
bandwidth,
the
I
connection
itself.
E
So
we're
not
going
going
to
be
dynamically
just
allowing
your
VPN
server
to
say:
hey
I
want
to
be
the
authority
now
for
a
Facebook,
or
something
like
that.
That
is
the
idea,
so
this
language
should
hopefully
be
a
little
bit
more
strict
their
father's.
So.
D
Just
cover
this
was
to
address
the
concern
that
echo
raise,
that
a
PPN
server
might
be
compromised
and
then
send
out
new
trust
anchors.
While
it's
assumed
that
your
provisioning
out-of-band
provisioning
will
happen
through
other
CAS
and
other
security
mechanisms
that
it
would
not
be
compromised,
correct,
thicker,
so.
B
E
B
I
said
a
federal
I
think
isn't
advisable.
I
think
the
only
thing
I
would
add
is
I.
Think
some
text
should
go
in
here
about,
like
not.
You
know
if
ie
Tod
TLT
about
like
not
basically
not
do
eto,
D
and
I.
Think,
as
you
said,
lunch
I
think
something
has
to
be
a
little
wishy-washy
because
it
like
a
local
but
like
I,
mean
really.
We
should
tell
people
they
shouldn't
be
doing
call
exactly
so
that
that's
what
the
one
thing
also.
B
The
entire
Internet
is
like
something
that
you
understand
and
like
I'm,
not
saying
I.
Think
like,
and
you
know
it's
true
like.
Maybe
you
decide
that
someday.
That
turns
out
that,
actually
you
did.
You
know
that,
actually
you
know
you
used
dot,
you
know,
got
Apple
and
then
suddenly
Apple
goes
and
buys
it
or,
conversely,
that
you
just
like
no,
you
really
take
a
reward
like
serious
thought
should
be
given
before
you
like.
Take
a
TLD
and
hoisting
this
last.
E
Right
and
actually
a
really
good
example
of
this
practically
in
deployments,
I
have
seen
many
cases
in
which
some
configure
usually
not
a
well-set-up
enterprise,
but
someone
else
is
going
to
list
out
in
their
domains.
A
calm
be
calm
right.
You
know,
they're
going
to
try
to
hack
the
list
in
some
way
by
listening,
ridiculous
things.
So,
just
saying
an
implementation
should
reasonably
also
not
include
things
that
are
clearly
just
trying
to
grab
the
entire
internet
good.
A
Giving
in
a
chair-
but
you
do
it
all
one
of
the
things
actually
is
that
we
end
up
in
every
time.
If
look
it's
very
easy.
Every
time
you
go
below
dot,
we
get
problems
because
there's
lots
of
things
like
the
suffix
list,
for
example,
okay,
which
CA
is
to
allow-
or
we
saw
you,
know,
subdomains
of
country
codes.
A
I
mean
it
on
point.
For
example,
when
truth
was
in
China,
you
know
there
was
you
know
some
of
these
countries
had
their
own.
You
know
the
trust.
Of
course.
They
were
publishing,
I,
say
oh
yeah,
but
I.
Don't
progress,
we'd
erratic
they
had
at
their
own.
You
know
they
were
actually
signing.
The
doctor
is
if
before
they
root
for
sign
and
that
or
actually
say,
okay,
if
you
want
to
use
this,
you
have
to
do
that
and
and
okay,
this
probably
doesn't
go
with
I
I.
A
Think
the
country
code
chart
quite
a
bit,
but
something
below
that
is
actually
well
might
happening.
So
he
said,
and
then
they
are
have
acts
are
the
other
question
is
for
them
machine
I
know
I
enough.
We
now
have
a
registration
for
this
which
says
it's
zero
or
more,
and
that's
actually
one
of
the
question.
Okay,
with
Paul
was
parable,
polos
actually
saying
it
yeah,
okay,
we
could
actually
see
the
empty
list
and
just
verify
it.
But
if
you'd
say
that,
okay,
you
always
must
send
the
list.
A
E
D
So
just
to
clarify
a
little
bit
so
so
we're
actually
talking
about
stealing
the
delegations,
not
so
much
as
installing
it's
just
anchorite,
because
they're
already
binding
you
to
so
it
already
means
it.
It's
not
specific
to
the
trust
anchor.
It
also
means
the
redirection,
so
I
mean
we
could
add
tax.
It
says
you
must
not
redirect
your
domain,
that
that's
not
yours
and
then
maybe
you
should
really
not
take
one,
that's
not
in
use
and
then
hope
for
the
best.
B
I'm
not
really
looking
for
texture
but
I'm,
just
like
I
think,
like
I,
intend,
says
well,
I
think
I
think
that
that's
you
know
how
we
get
to
get
past
your
concern,
but
I
think
like
I'm.
Trying
to
get
out
of
this
document
like
who
thinks
like.
Okay,
fine
I'll
have
to
do
that
dot
on
the
dude
calm
like
that's
stupid,
don't
do
that
right!
That's
all
I'm!
Getting
at
and
like
a
paragraph.
That
said,
like
the
implication
of
doing
anything
which
is
effective.
Generic
is
like
you're
like
well.
This
needs
our
internet.
E
E
I
J
K
World
just
remind
you
would
like.
Oaks
is
Brewers
in
London.
Can
you
say
gif?
It
was
presented
as
a
mean
to
transfer
large
public
keys.
That
not
only
large
public
is
that
it's
probably
a
primer
primer
implementation,
primary
purpose
of
this
use
of
this
exchange,
but
it
can
be
as
far
as
the
purposes
to
so.
K
This
exchange
must
be
finally
authenticated
and
in
the
draft,
the
war
supposed
a
scheme
that
outlined
here,
cells
that
sign
octet
for
initiator
and
first
ponder
include
I
CV
integrity,
check
words
from
messages
of
I
ox,
and
so
that
you
include
only
I
CV
saves
space,
but
because
I
don't
need
to
store
to
keep
the
messages
until
like
all
takes
place,
but
latest
got
floor
and
Denis
1g
youngest
identified
some
problem.
So
the
problem
is
that
there
are
actually
two
problems.
K
The
first
problem
is
for
me
is
another
problem,
so
not
not
Jenny
and
generally
speaking,
not
only
a
ID
algorithm
has
a
separate
ICP
where
you
probably
it
is
possible
to
invent
algorithms
that
will
speed,
authentication
information
across
sulphate
test.
But
currently,
all
the
idea
algorithm
defined
have
a
separate
authentication
texels.
It
serves
as
IC
value
integrity
check
value.
So
this
this
problem
machine
is
a
minor
program,
but
a
magic
problem
is
a
security
problem.
So
the
problem
is
that
some
I
D
algorithm
behave.
K
K
Key
exchange
can
be
broken
by
a
checker
who
is
equipped
with
quantum
computers
so
taken
all
the
keys,
and
in
this
case
the
attacker
can
vouch
hi
kokes
messages.
Is
we
use
this
authentication,
as
described
in
current
draft,
so
for
not
not
in
every
case,
but
in
the
used
algorithm
is
acceptable
to
this
attack,
for
example,
GCM
is
acceptable.
K
Well,
so
this
is
description
of
this
attack
so
attack
in
the
middle.
A
clip
is
a
quantum
computing
break
initial
key
exchange,
so
she
learns
ske
SQL
and
if
negotiation,
a
media
Greece
was
not
resistant
to
second
preimage
attack
sounds
that
attacker
can
forge
like
aux
messages
and
change
its
content
and
Muro
Muro.
K
Share
it
secret
and
attacker
will
note
it.
So
it's
a
question:
it's
not
only
little
attack,
so
it
is
not
good,
so
a
possible
solution.
The
simplest
solution
is
to
include
the
cool
messages
into
so
not
yet,
but
it's
completed
words,
but
it
opens
a
possibility
for
the
you
know,
service
attack
because
PS
need
to
keep
messages.
It
might
be
quite
much
until
like
all
states
place
and
a
cows
cannot
take
place
at
all,
so
it
will
exhaust
memory.
So
it's
not
good.
The.
G
K
Solution
is
to
use,
instead
of
whom
messages
use.
Hashes
of
these
messages
will
some
hash
function
is
ortiz
cohesion
at
second
preimage
resistant.
So
it's
all
also
a
good
solution
for
sourcing
this
attack,
but
the
problem
is
that
we
don't
have
unlikely
to
return.
12
hash
function,
primitive,
so
it
is
not
negotiated
and
it
is
not
defined.
So
we
need
to
define
new
registry
and
you
negotiation
mechanism,
and
you
transform
type
so
include
its
increases
protocol
complexity
and
the
beta
to
avoid
it.
K
So
the
third
solution
possible
is
to
use
pure
from
the
zero
key
instead
of
crash
function
and
PRF
is
negotiated
and
we
have
registering
ahead
negotiation
and
in
so
everything
is
fine
well,
but
this
no
problem
is
again
that
not
every
PRF
is
resistant
to
second
pretty
much
attack
in
case
when
I
take
another
key,
but
good
news
that
well,
which
make
this
pair
of
are
resistant.
But
some
people
have
at
least
two
pairs
that
are
registered
as
a
different
file.
P2
is
X,
CBC
and
Alex.
A
A
K
K
Is
minor,
Indians
minor
everywhere,
like
two
pair
F,
is
used
in
suggestions
as
attacker
doesn't
know
the
key,
but
in
this
case
it
is
a
little
bit
in
a
different
situation
and
Scott
escaped
Agra
facade
a
shoot,
as
a
sample
of
you
have
at
least
two
of
them
badly.
Oh,
it's
made
behave,
behave
good
ki,
make
pair
of
that
is
based
on
kachuck.
It's
also
became
good,
so
most
part
became
good,
but
there
are
very
few
of
them
that
are
not
very
good
in
this
situation.
D
K
G
K
Need
to
know,
we
need
to
negotiate
it
first.
We
need
to
negotiate
it
before.
I
calls,
there's
no
negotiation
mechanism
and
no
among
the
list
of
hash
function
that
are
currently
defined
for
useful
signature.
There
is
at
least
one
identity
function
that
is
not
collision
resistant
at
all,
so
it
is
not.
It
is
not
an
option.
I
was
thinking
about
it
a
bit
so
currently
the
search
solution
using
peripheral
looks
like
best
possible,
but
compromise.
If
you
have
any
other
batch
IDs,
please
you're.
K
A
K
This
presentation
well
I,
don't
know
what
even
presented
isn't
it.
So
the
draft
just
has
two
changes
from
conversation:
all
changes,
auditory
sense
to
Tommy
and
cool,
and
it's
just
qualification
it
they
didn't
change
becomes
aware.
So
we
still
have
four
in
implementation
such
that
were
tested
for
interoperability,
and
we
believe
that
the
draft
is
ready
for
a
school.
It
is
quite
stable
for
the
last
half
a
year.
L
Hi
from
CeCe,
please
forgive
this
late
comment
from
a
newcomer,
but
when
I
was
reviewing,
the
draft
I
was
looking
at
the
there's,
notify
use
PPK,
that's
in
sent
in
the
I
guess
a
in
it.
I
was
wondering
what
why
that
is
actually
necessary
when
you
send
a
notify
with
the
key
ID
in
me,
Ike
auth,
particularly
by
sending
that
you're,
enabling
someone
to
an
attacker
to
profile
which
connections
might
actually
be
quite
and
resistant
or
not
to
enable
them
to
to
store
those
ones
versus
ones.
That
might
be
quantum
resistant.
Well,.
K
The
problem
is
that
the
job
has
several
versions
in
the
very
first
versions.
The
PKK
ID
was
sent
in
a
case
a
need
just
in
the
very
first
message,
but
because
it
has
a
much
more
disadvantages
and
advantages
first
became
de.
It
was
if,
if
I
remember
correctly,
it
was
a
hash
of
okay.
So
you
it
was
bad
from
agility
point
of
view
because
the
cache
function
wasn't
initiated.
So
he
first
need
to
negotiate
some
terrific
primitive
before
you
can
use.
G
L
K
L
L
E
K
E
Right
that
was
the
point
I
think
I
was
going
to
make
as
well.
So
with
the
current
structure.
If
you
do
support
the
PPK,
then
you
actually
are
replacing
the
Eickhoff
payload
with
the
pbkdf2
key.
So
in
order
to,
if
you
wanted
to
not
negotiate
upfront,
let's
say
I'm
talking
to
a
legacy.
Client
I,
don't
negotiate
it
I.
Don't
have
any
confirmation
that
the
responder
sports
BBK
they
will
not
recognize
the
PPK,
the
no
PPK
off
payload.
They
will
look
at
the
off
payload
expect
it
to
be
the
normal.
M
As
much
laughs,
thank
you
so
much
for
continuing
efforts.
This
document
I
think
that
it's
a
really
good
condition
and
thank
you
for
comments
about
the
PRF
sand
properties
which
can
be
or
it
cannot
be
applicable
for
the
properties
you
require.
You
know
if
there
is
some
excellent
up
to
time
version
of
security
assessment
of.
K
K
M
K
I,
don't
I'm
not
a
club
affair.
I
can
rely
on
Scott.
It's
good
that
assert
that
some
PRF
are
not
pretty
much
second
preimage
secure
in
situation
when
attacker
knows
the
key
and
he
said
that
each
mark
and
key
mark,
although
each
map
based
a
surah
qamar',
is
secure
also,
but
exhibition
and
smoke
are
not
secure.
Well,
I
can
is
comment
about
it
because
I'm
not
a
photographer.
It's.
M
K
A
H
A
A
But
actually
we
can
start
working
from
plastico
before
that,
yes,
so
I
think
we're
actually
going
to
be
starting
work,
intro
class
code
for
this
quantum
registers.
You
know
draft
as
in
few
minutes
or
something
like
that,
all
right.
So
what's
next
in
our
charts
and
I
need
to
check
it
because
our
last
time
I
missed
it.
So
we
have,
we
have
post
quantum
key
exchange
for
I
can
Scott
this
already
there
so
and
switch
this
floor.
Is
this
one.
N
Sorry
I
forgot
to
throw
my
mic.
Okay,
we
are.
This
is
the
most
recent
draft
of
our
proposal
to
actually
to
try
to
extend
IP
to
to
include
post
quantum
key
exchanges
I'm
afraid
that
to
do
a
technical
glitch
are
the
most
draft.
Most
recent
Grafton
going
got
updated
a
few
days
ago
and
I
don't
know
if
you've
got
a
chance
to
review
it.
Yet
let's
go
on
to
slide
three,
because,
where
we're
going
a
bit
short
in
time,
fight
three
please
or
do
I.
N
Have
this
plea:
yeah,
okay,
just
a
quick
summary
to
my
people.
What
the
problem
was
is
is
we're
trying
to
add
key
post-punk
exchanges
to
Ike,
as
opposed
to
the
previous
draft,
was
just
trying
to
add
an
a
post
quantum,
a
pre-shared
keys.
We
also
want
to
do
multi
exchanges,
so
you
can
do
both
diffie-hellman
del
the
curve
plus
new
fangled
post
quantum,
so
that,
basically
we
don't
make
things
worse
and
also
because
of
most
post
quantum
algorithms
are
tend
to
be
chatty.
N
N
Quick
overview,
we've
completely
revised
our
ideas
from
the
previous
ones,
because
we
were
there
actually
rather
complex.
We
were
basically
going
to
use
the
the
I
Cox
exchange
is
proposed
by
Valerie
and
basically
the
idea
is
that
we
put
the
additional
key
exchanges
within
those
I
and
so
that
and
and
so
that
the
final
key
is
we
actually
used
is
actually
the
only
secure
of
any
of
the
previous
key
exchanges
were
actually
secure.
N
All
Qixing
is
our
first,
our
encrypted
it
confers
are
encrypted
so
that,
as
Valerie
mentioned
earlier,
standard
like
fragmentation
works
and
therefore
that
solves
the
fragmentation
problem.
If,
if
the
key
things
you
really
want
needs
to
be
is
big,
then
just
do
a
just
to
do
a
say,
a
group
nineteen
transfer
to
be
Helmand,
XJ
exchange
that
front
and
then
use
your
the
one.
You
really
want.
I
next
slide
this
proposal.
The
protocol
is
actually
quite
simple.
N
N
Basically,
the
the
initiator
just
lists
does:
does
it's
a
normal
essay
policy
in
the
essay
1
and
also
lists
what
sort
of
additional
key
things
it
would
would
like
and
responder
list
which
responds
with
which
I
wanted
it
accepted
next
slide,
then,
basically,
assuming
that
there
was
and
that
they
they
both
agreed
on
at
least
one
additional
key
exchanged
and
then
didn't
they.
They
perform
each
key
exchange
within
a
separate
I
message,
with
each
exchange
with
the
keys,
which
have
already
been
agreed.
N
I've
been
agreed
to
with
the
previous
key
exchanges
and
each
kids
to
exchange
updates
the
keys
for
the
next
exchange.
Look
at
the
bottom,
when
we've
done
through
all
the
I
Cox
messages
with
my
billing
one,
then
we
do
and
I
thought
exchange
to
actually
do
authentication
to
to
make
sure
that
the
Prius
transcripts
were
not
man-in-the-middle,
attacked
and
and
beyond
that.
N
After
that,
we
go
and-
and
everything
is
nice
next
slide
format
a
policy
we
put
together,
I
put
a
very
simple
one,
basically
just
list
I
supposed
trying
to
get
fancy
with
an
or,
as
we
just
list
what's
our
combinations
you
would
would
like,
and
this
is
an
addition
to
the
key
exchange
performed
in
I.
Can
it
so
that,
if
your
policy
is,
you
want
to
do
ECD,
h,
plus
one
just
say
route
around
to
back,
then
all
you
need
to
do
is
list
round
two
and
you're
in
your
policy.
Its
next.
N
N
N
One
of
the
things
we
they
debated
was
doing
a
lot
for
try
to
allow
multiple
key
exchanges
per
exchange
just
to
make
things
more
efficient.
How
do
we
include
policy?
We
picked
a
rather
simple,
dumb
method,
something
more
involved
appropriate
and
also
it
was
actually
brought
up
in
the
previous
ITTF.
That
key
exchange
key
share
is
greater
than
64.
K
is
a
bit
problematic.
We
don't
see
that
as
problem.
We
just
want
to
make
sure
that
we
all
agree.
K
N
K
Well,
what
about
your
questions
so
I
think
that
the
general
approach
is
good,
so
I
think
that
second
bullet
is
perfect,
that
we
treat
click
on
quantum
equally
and
I.
Think
that
we
should
not
allow
multiple
kicks
chair.
Multiple
key
exchanges,
box
exchange
well,
I,
think
is
that
only
see
negotiation
well,
I'm,
not
I'm,
not
convinced
that
it's
currently
the
best
way
I
still
prefer
to
use
in
I
guess
a
payload
for
negotiating
premiership,
but
probably
I
can
live
with
it.
Well,
one
question:
is
it
inverted
to
send
multiple
modified
a
lot?
It's
turned
of.
G
K
N
N
K
N
D
A
Okay,
I
think
that
was
or
call
I
didn't
see
anybody
in
deloin
anymore.
So
I
guess
we
have
getting
answers
to
some
of
their
questions
here
and,
let's
see
okay.
So,
let's
move
to
next
forward,
then
this
is
drafted
is
ongoing,
so
we
are
going
to
be.
You
know
working
on
this
for
some
time
anyway.
So,
but
if
you
of
course
would
be
a
good
thing
to
if
people
actually
read
it
at
some
point,
meaning
me
to
stun
it
already
here.
Let's.
A
C
Why
mess
with
perfection
all
right,
so
I
started
a
few
years
back
at
a
company
doing
SDRAM
stuff,
which
is
what
got
me
involved
in
all
this
stuff,
we're
building
things
a
little
differently,
so
we're
building
very
large
full
mesh
networks.
We
do
10,000
nodes
and
in
our
networks
everything
is
controller
based.
So
we
push
everything
down.
We
want
the
end
nodes
as
light
as
possible,
and
this
is
where
we
came
up
with
this.
So
a
lot
of
work
was
done.
C
Looking
at
how
do
we
get
the
scalability
going
I
know
some
discussions
been
done
on
the
list,
so
I
actually
kind
of
try
to
address
scalability
a
bit.
We're
really
not
focused
on
how
many
different
ins
we
can
do
in
a
second
there's
a
lot
more
to
our
scalability
that
we're
looking
at
how
much
memory
are
we
taking
up
even
things
like
the
latency
of
bringing
up
a
an
IKE
session
is
important
to
us
and
so
for
us
having
sessions
ready
to
go
after
the
controller.
C
Sends
you,
your
information
in
a
full
mash
was
important,
and
so
that's,
where
we've
come
out
of
other
things,
we're
looking
at
st
wins.
Getting
more
and
more
popular
different
groups
are
looking
at
them
and
I'm,
seeing
folks
talking
about
doing
key
exchanges
in
a
controller
environment
where
they
are
sending
keys
through
the
controller,
and
that
was
something
we
really
wanted
to
avoid.
We
don't
want
that
man
in
the
middle.
C
We
don't
want
controllers
to
ever
know
what
keys
were
actually
using
to
encrypt
data
and
and
even
in
that
we've
come
up
with,
though
there'll
be
some
stuff
on.
You
know
future
stuff
to
think
about
where
you
could
even
have
end
notes,
encrypting
to
even
prevent
a
man-in-the-middle
from
spoofing
other
things,
odd-shaped
networks
we
have
networks
that
are
sometimes
links
are
one
directional.
It
is
very
hard
to
do
Ike
in
one
direction
only,
and
so
with
a
controller
model.
C
So
what
is
controller
Ike?
The
concept
is
really
simple.
You
start
off.
You've
got
a
controller,
it's
controlling
all
your
IPSec
nodes,
every
node
generates
a
diffie-hellman
pair.
They
send
their
public
is
up
to
the
controller.
The
controller
is
going
to
send
all
the
public
keys
for
everybody
out
to
everybody
else.
It
lets
everyone
know
and
then
voila
we've
got
the
ability
to
do
diffie-hellman,
shared
secrets
with
every
other
node
in
the
network.
C
What
else
here
I
mentioned?
You
could
sign
a
message
if
you
cared
to
in
this
we've
got
no
peer-to-peer
messaging
going
on,
so
every
everything
is
strictly
to
the
controller
and
you're
ready
to
go
as
it
says,
it
sounds
really
easy.
You
could
almost
think
you're
done
at
that
point,
but
it's
harder
what
happens
so?
What
happens
when
a
peer
decides
to
rekey?
And
this
is
where
it
starts
to
get
fun.
C
So
if
one
peer
decides,
it's
time
to,
you
know
expire
his
key
out,
and
this
happens
every
ever
how
many
hours
it's
configured
he's
going
to
send
a
new
diffie-hellman,
pier
and
diffie-hellman
public
key
up
to
the
controller.
The
controller
will
distribute
that
out
to
all
the
other
peers,
but
it
never
happens
at
the
same
time.
Obviously,
and
so
now,
you
need
a
way
to
make
sure
that
you
can
do
a
clean
rollover
with
every
other
peer
you're
talking
to
and
not
lose
data.
C
D
Go
ahead,
sorry,
fellas,
so
question
so
on
one
hand,
you're
saying
you
don't
have
enough
memory
to
do
multiple
difficulties
at
once,
because
you
don't
have
two
memory
for
it.
But
on
the
other
hand,
you're
saying
you
have
two
memory
to
store:
10,000,
diffie-hellman
public
key
pairs
from
all
your
notes.
So.
C
C
There's
some
other
issues:
we've
had
what
happens
when
you
have
a
network
with
more
than
one
algorithm.
Typically
in
an
ST,
LAN
environment,
you've
got
one
configuration
for
all
your
notes,
everybody's
going
to
do
AES
GCM.
You
just
tell
them
to
do
that,
but
you
have
situations
they'll
be
migrations
that
will
be
situation
three
of
older
hardware.
That
has
supports
older
algorithms.
You
want
newer
Hardware
using
newer
algorithms,
so
some
amount
of
a
negotiation,
ish
negotiation
ish
needs
to
be
supported.
C
You
have
a
question.
Yes,.
O
C
O
O
Controller
is
emitter
on
the
controller,
can
replace
all
the
share
and
and
can
be
an
Amana
me
doing
and
know
everything.
That's
how
it
works.
That's
how
you
need
authentication
for
the
fisherman
in
order
to
to
be
sure
that
you
communicate
it
to
one
to
the
right
person,
but
you
have
a
controller
who
control
all
the
shares
that
can
replace
or
a
share
by
its
own
and
then
again
they
can
get
the
he
can
get
all
the
share
secret
in
his
hand.
So.
C
O
O
C
B
A
Distilled
unit,
first
of
all,
as
a
chair,
we
take
it
here
because
there
had
been
discussed
on
an
ie
to
NSF
about
this.
You
know
things
that
are
doing
similar
kind
of
thing.
This
was
doing
better
thing
than
what
they
are
doing
there
you
state
what
they
are
having
their
east.
They
have
this
thing
that
the
controller
they'll
have
two
options.
One
option
is
to
distribute
on
a
day.
A
You
know
the
configuration,
which
is
fine,
that
the
Pierce
product
like
in
a
in
the
other
box,
or
they
have
a
toad
again
when
we
say
that
okay,
we
have
all
the
keys
generated
by
the
controller
and
it
pushes
them,
which
means
that
the
controller
has
all
the
keys,
which
would
be
really
really
nice
for
some
governments
and
TAS,
but
not
really
nice
for
anybody
else
in
here.
It
would
actually
be
yes.
A
The
co
dragon
still
do
the
same
thing
unless
you
out
have
a
into
and
out
indication
which
might
bring
this
case
more,
probably
wouldn't,
but
the
difference
there
is
that
now
the
controller
has
to
manage
the
active
management,
many
the
middle
kind
of
thing,
because
he
has
to
change
the
public
key
said:
that's
one
of
the
things
he
might
actually
get
caught,
and
he
probably
don't
want
to
do
that.
Everybody.
A
C
Certainly,
it's
very
applicable
to
IPSec
it's
being
used.
You
know,
controller
based
protocols
are
being
used
for
IPSec,
which
is
why
we
decided
to
present
it
here
sure
you
know
I've
presented
key
exchanges
in
this
forum
before
so
thought.
I'd.
Do
it
again
sure.
B
Sure
I'm
running
here
on,
but
it's
not
IPSec
maintenance.
Therefore,
if
you
were
there
for,
if
you
wished,
if
you
wish
to
actually
advance
this
you'll
have
to
let
the
screw
out
the
retarder
or,
yes,
this
form
a
new
working
group
and
not
take
a
position
on
the
quarry.
The
work
I'm
just
saying
as
a
process
matter,
it's
out
of
scope
for
this
working
group
or
go
to
I
to
NFS.
K
Come
on
back
to
the
job
already
dropped,
it's
interesting,
I
won't
talk
about.
It
is
applicable
function,
just
one
question,
so
in
your
job,
each
year
has
only
joined
a
private
key,
and
so
it
uses
it
as
its
key
for
communication
with
every
peer
in
the
network.
Sure
so
and
Pierce
policy
says
that
the
key
must
be
changed
periodically,
of
course,
so
a
key
must
be
must
take
place,
but
usually
how
often
do
you
need
to
change?
The
key
depends
on,
for
example,
how
much
data
you
encrypt
with
this
key.
K
C
K
P
Linda
Dunbar,
actually
I,
do
have
a
question
for
the
IPSec
and
week
working
group
on
this,
because
I
do
see
your
environment
because
you
now
deploy
and
then
we
have
similar
issue
and
we
have
sd1.
We
have
large
number
of
CPS
and
we
don't
want
to
CP
to
do
like
a
peer
authentication
for
area
of
the
remote
nodes
and
the.
To
be
honest,
the
controller
is
under
much
much
more
secure
environment
than
those
CPL
CP
can
be
a
pop-up
box
in
like
a
shopping
mall.
P
It's
like
kerry,
not
that
important
data
from
the
network
perspective,
but
the
CPE
does
have
established
secure
channel
to
the
controller.
So
when
CP
talk
to
other
CPE,
instead
of
them
doing
peer-to-peer
authentication
like
PA
authentication,
they
can
go
to
controller
through
this
existing
control
channel
to
the
other
peer.
So
if
it
is
not
IPSec
and
maybe
create
a
different
name
and
IPSec
simplified
extra
fees-
and
so
it
really
is-
is
the
environment.
When
you
think
about
IPSec
was
created
between
two
nodes:
they
don't
have
secure
communication.
There's
a
man-in-the-middle
attack.
P
Okay,
so
we
had
this
IP
and
all
those
things
developed.
But
in
today
many
of
those
deployment
like
today
in
iTunes
I,
said
they
talked
about
this
device.
Maybe
is
the
resource
constraint
with
device?
Maybe
he's
a
container
in
the
cloud
and
for
this
particular
note
they
don't
want
this
know
to
actually
carry
the
peer-to-peer
syndication,
so
they
want
a
controller
to
be
able
to
control
it.
It's
true
you're,
saying,
hey
controller
has
everything,
but
the
truth
is
this
particular
particular
device
out
in
the
field.
P
Maybe
it's
one
hundreds
of
the
entire
thing,
the
controller
carry
much
much
more
information
or
sensitive
information.
This
particular
remote
node,
it's
almost
I
was
telling
terrorists
almost
like
your
whole
body
is
out
of
there.
You
have
that
little
finger,
you
put
so
much
effort
protecting
that
little
finger
there.
So.
C
P
O
O
C
C
O
O
A
Actually
I
think
I
will
cut
this
disgusting
because
I
don't
think
it
as
as
eager
a
quarter
said.
This
is
not
really
a
it's,
not
a
part
of
our
Charter,
which
means
that
we
are
presenting
it
here.
Giving
a
presentation
here,
because
first,
you
know
would
be
interesting,
perhaps
especially
with
the
discussing
going
with
a2
and
FS,
and
that
people
would
hear,
but
we
probably
be
more
happy
if
a
to
n
FS
Google
Code,
this
kind
of
thing
are
not
having
the
controller
having
all
the
keys,
yeah
understood.
C
Starting
about
what
happens,
we've
got
10,000
notes
everyone's
rekeying,
the
work
we
did.
We
put
this
debt.
We
put
this
together
and
started
working
on
the
state
machine
required
to
keep
everything
in
synchronous,
everything,
synchronized,
and
so
it's
been
broken
down.
If
you
read
the
draft
things
come
down
before
me,
like
all
right,
keep
standing
back
things
break
down
into
four
rules.
We've
got
four
rules
that
define
all
of
the
state
and
it's
actually
quite
simple.
What
we've
ended
up
with
is
a
way
of
synchronizing
very
loosely
we've
got.
C
C
B
Oh
well
I'm
happy
to
talk
to
you
offline,
but
I.
Think,
roughly
speaking,
this
will
say
the
second
isn't
enough
piece
of
new
work
that
I'd
be
pretty
I
pretty
like
I
breathe
like
unenthusiastic.
I
ain't
done
anything
working
group.
If
you
want
to
talk
about,
if
you
want
to
have
like
a
mailing
list
and
start
you
know
it's
our
discussions
in
having
a
boss,
we
can
show
how
the
discussion,
okay,.
C
C
A
A
D
We
talked
about
labeled,
IPSec,
I
brought
it
in
because
the
reason
we
wanted
support
by
q2
is
that
it
currently
is
supported,
Ike
v1
and
we
want
to
be
able
to
kill
like
v1,
and
so
this
is
one
of
the
items
that
some
people
are
using.
It's
not
super
common,
but
we
have
customers
that
are
using
it,
and
so
we
want
a
way
of
doing
is
not
v2.
So
there
was
some
discussion
whether
it
should
just
be
a
traffic
selector
content,
or
should
this
be
in
notify
content?
D
And
there
was
some
discussion
back
and
forth
between
mostly
taro
Nick
Oh
am
I
forgetting
and
Valerie.
Yes,
and
it
didn't
really
give
me
enough
guidance
to
go
for
one
or
the
other,
so
I
was
I
was
hoping
to
if
we
could
have
some
kind
of
discussion
and
maybe
if
the
author,
some
more
guidance
on
what
to
do.
A
They're,
given
an
individual
yeah,
the
problem,
I
think,
is
that
everybody
had
a
different
understanding.
What
liability
I
place
a
keys?
What
kinda
libel
labels
you
have
if
they're
hierarchy?
If
there
are
they,
you
know
just
a
number
to
add
there
and
I
think
before
we
can
actually
no
decide
or
think
about
what
would
be
a
suitable
way
to
express
them
in
there.
You
know
in
the
packets.
We
actually
need
to
solve
that
issue.
We
need
to
understand
what
we
had
sorted
so
things.
D
A
little
bit
more
clarity
on
that,
so
indeed
I
thought
that
was
a
possibility
of
hierarchy,
but
talking
more
about
especially
about
the
deployed
use
cases
we
have
with
with
SELinux.
Basically
there's
no
hierarchy,
so
you
either
match
or
you
don't
match
the
questions
who
do
want
to
support
other
security
system
that
do
have
a
hierarchy.
A
D
K
This
pose
so
actually
every
star
is
that
currently
and
what
label
is
is
removed.
So
probably,
if
you
give
more
examples
and
most
cases
of
which
are
more
no
closer
to
real
life
use
of
label
it.
If
you
say
it
will
be
easier,
but
anyway
anyway,
I
think
that
if
if
label
is
if
a
security
label
is
presented,.
G
K
D
A
Document,
if
you
are
just
going
to
have
exactly
one
label
for
them,
it's
very
easy.
You
just
send
you
know
traffic
search
of
its
start
and
end
at
the
same
time.
There's
no
narrowing
it
has.
It
has
the
exactly
matched.
If
you
want
to
say,
okay,
any
label
codes
to
me.
You
say
you
know
zero.
Do
whatever
the
Maxima.
Of
course
the
question
is
East
Eli
labels,
you
know
fixed
length
or
not.
That's
the
one
question:
are
they
integral
from
material
to
32-bit
integers
or
are
they
strange
or
what
they
are?
No.
G
A
One
of
the
problem
was
that
it
was
think
about
the
people
are
saying
you
know
what
would
be
you
know.
The
meaning
of
the
label
is
also,
if
you
actually
actually
negotiate
or
is
it
something
that
actually
just
charged
material?
Okay,
this
is
the
label
on
what
you
see
when
I'm
strands
meeting,
and
if
you
have
some
mapping.
Yes,
then
for
that
actually
do
you
know
that
I
would
also
be
okay,
so.
D
F
A
A
Just
sent
anything
what
my
label
says:
I
can
send
them
because
I
mean
that's
in
my
end
anyway,
confer
to
say:
okay,
I'm
gonna
using
T.
This
is
the
traffic
with
this
label.
I've
got
to
be
sending
to
this
ipsec
I
say,
and
this
means
that
he's
going
to
be
doing
that
anyway,
all
the
traffic
coming
out
there.
You
hate
going
to
be
label
attack
with
that
label
and
he
actually
did
actually
the
labels,
don't
actually
really.
You
could
actually
do
it
quite
easily
bit
local
it.
A
Unless
you
have
a
you
know,
you
want
to
actually
match
the
labels.
On
the
other
end,
of
course,
in
some
cases
you
have
a
security
gate
for
a
sequel
to
create
a
both
of
them
are
using
different
labels,
and
they
are
just
you
know:
local,
okay,
everything
coming
from
this.
You
know:
si
is
labeled
as
outside
party
one
and
everything
going
there
Hamas
to
have
a
label
outside
party
run
to
be
able
to
charge
me
to
do
this.
Essay
and
I
don't
care
what
they
are
using
in
their
end.
D
A
Mean
I
mean
that
could
be
one
of
the
cases
where
you
actually,
you
could
have
your
own,
both
of
dates.
In
some
case
you
have
a
you
know
some
party
who's.
You
know
you
are
some
external
party
where
you
actually
don't
want
to
negotiate
the
labels,
and
then
you
have
an
internal
party.
You
have
a
you
know,
branch
office
where
you
actually
assume
that
there
actually
might
be
coming.
You
know
multiple
different
labels
from
different
essays
and
you
actually
want
to
them,
keep
them
in
sync.
A
But
then
you,
you
have
a
different
policy,
for
they
say:
okay,
these
parts
must
match
exactly
or
I,
don't
care
what
the
other
one
proposed,
but
you
guys
still
propose.
Actually
they
label
all
the
time,
and
if
it
does
other
internal
three-prong,
then
you
just
continue.
So
that's
what
I
actually
could
be
further
notified,
but
I
mean
that's
something
that
actually
is
best
for
I
said:
there's
pros
and
cons
in
both
of
those.
Yes.
A
D
A
Q
So
this
is
a
draft,
as
has
been
quite
for
quite
a
while.
Now
the
idea
is
them.
So
we
call
this
EHC
and
the
primary
the
architecture
of
this
draft
is
that
we're
building
a
flexible
framework,
that's
actually
easier
to
read
here
than
on
the
screen.
Yes,
so
we're
building
a
flexible
framework
to
compress
ESP.
Q
So
the
how
it
works
is
that
we
have
a
strategy
that
defines
how
to
orchestrate
rules
and
rules
associated
with
context
can
compress
almost
every
field
in
the
ESP.
Of
course,
when
you
compress,
you
have
also
to
be
able
to
decompress.
On
the
other
hand,
so
that's
why
we
remain
we
compress
and
we
remain
compliant
with
ESP.
So
the
document
defines
EHC
rules.
Yes,
you
can't
text
the
strategy
and
some
parameters,
as
I
said
to
strategy.
So
that's
the
in
this
example.
We
have
one
strategy,
which
is
the
I
TSP.
Q
If
you
count
few
parameters
which
we
called
the
IDS
become
text,
those
parameters
are
going
to
be
used
to
define
which
rules
are
going
to
be
applied
and
which
parameters
associate
for
each
rules.
It
looks
quite
complex
from
here
but
I'm
at
the
end.
Well,
it's
we
don't
have
that
much
complexity.
These
are
the
different
rules
we
apply
and
the
different
attribute
we
use,
and
that
has
to
be
specified
in
some
cases.
In
some
other
cases,
they
can
be
directly
read
from
the
essay
already.
Q
So
it
means
you
don't
have
to
specify
those,
and
this
is
actually
well
the
rule
that
has
to
be
seen.
Well,
if
you
say,
if
you're
in
suppose,
you
want
to
compress
so
something
only
in
the
tunnel
mode,
then
you
have
to
specify
the
mode.
But
of
course,
when
you
apply
that
you
can
read
the
mode
from
the
essay
which
means
just
by
never
during
the
compression,
it
can't
be
done
automatically.
So
in
the
case
of
a
single
UDP
session,
this
is
the
kind
of
compressing
you
can
achieve.
So
you
have
the
packet.
A
Q
Q
So,
but
so
the
primary
motivation
was
for
IOT
devices,
but
we
also
find
it
useful
for
standard
VPN
so
for
a
standard
VPN.
These
are
some
of
the
parameters
you
can
configure
and
provide
until
you
achieve
32
bits.
Well,
it's
an
ipv6
so
but
no
no
bits
bytes.
So
it's
a
it's
kind
of
significant,
even
an
even
in
a
non
IOT
use
case.
Q
So
while
this
one
hardly
fit
into
the
slide-
and
this
one
is
completely
integrated
into
the
slides
there
and
again,
you
can
promote
this
since
a
few
minutes,
so
compression
may
not
apply
at
all
so
well,
we
were
almost
done
until
someone
raised
an
issue
that
yeah.
If
we
can't
compress
the
packet,
how
would
we
signal
that?
So,
for
example,
when
you
have
a
fragmentation
or
UDP
option,
you
don't
really
know
how
to
compress,
and
you
compress
those
so
you
basically
have
to
send
an
information
saying
yeah.
Q
This
packet
is
not
compressed,
so
don't
apply
your
security
policies
so
how
you
we
could.
This
is
the
I
think.
That's
the
only
updates
from
of
this
draft
is
that
so
we
had
two
solutions
while
two
solutions
we
envisioned
once,
which
is
adding
a
special
bit
so
usually
that's
a
byte
that
says
don't
compress
and
the
other
one
was
reducing
an
existing
field.
So
it
could
be
protocol
or
next
header,
but
I'm.
We
we
just
realize
how
many
they
are
left
and
say.
Well,
maybe
not
a
good
idea.
Q
Q
So
we
have
a
new
IPSec
mode,
which
is
a
eh
decompress,
but
that's
a
most
most
mostly
being
used
when
you
agree,
because
when
you're
negotiator
I
say
you
have
to
agree,
then
are
you
gonna
use
a
compressed
mode
and
so
on?
So
the
discussion
we
have
now
or
more?
Should
we
use
an
additional
mode
which
is
itse
compressed
or
should
we
just
provide?
The
strategy
were
you're
using
in
our
case
there
is
only
one,
but
in
the
future
there
might
be
additional
one,
sir,
and
once
you
pick
up,
it's
gonna
be
automatically
compressed.
Q
So
that's
a
but
I
think
that's
more
related
to
the
ike
negotiation
of
this
header
compression,
but
I
think
so
far
and
that's
the
only
things
we
we
have
discussed
during
the
last
ATF.
So
the
current
status
is
that
we
have
the
two
drafts
almost
ready.
In
an
hour
view,
we
had
one
publication
of
an
implosion
in
Kentucky
and
well.
We
should
have
another
implementation,
a
riot
but
I'm.
This
shoot
has
been
a
shoot
for
two
years,
because
any
time
we
had
the
student
leaving
but
before
the
project
starts.
Q
A
G
A
E
G
E
A
E
Great
so
I
like
that,
a
lot
as
far
as
deploying
this,
if
we
know
we're
in
a
situation
in
which
we're
not
going
to
be
allowing
IP
fragmentation
and
we're
not
going
to
be
using
UDP
options,
it
would
be
reasonable
to
only
negotiate
the
compressed
childís,
a
cracker
like
it
is
optional
to
have
to
you.
Just
may
drop
packets.
A
E
A
A
K
A
K
Q
K
K
A
You
can't
use
the
exactly
same
keys
because
I
made
a
situational
person
and
so
on
needs
to
be
different,
for
you,
I
mean
otherwise.
You
have
a
nonce,
collisions
and
so
on,
but
you
could
have
confronted.
You
know
Kim
at
twice
to
canary
to
different,
but
then
you
need
to
have
something
different,
that
you
have
the
SPI,
a
very
firm
you
work,
but
I
think
actually
much
cleaner.
The
just
to
do
a
charter
sacred,
shall
they
start
to
pocket
exchange
and
it
doesn't
need
to
do
differ.
Hellman
yeah,.
Q
A
A
So
this
is
their
given
not
working
as
a
working
group
share
pattern
into
it.
Also,
I
posted
a
email
couple
of
days
ago
about
adding
this
or
allocating
numbers.
For
you
know,
I
enter
numbers
for
12,000
and
16,000
bit.
Groups
for
a
mod
p
and
regional
dynamics
are
asking
what
to
get
your
feedback,
because
I'm
a
little
bit.
You
know
this
kind
of
conflicts
here,
because
I'm
working
group
chair-
I
am
eighty
Ayana
expert,
probably
one
who's
going
to
be
writing
the
draft
or
RFC
fight.
A
There
is
going
to
be
one,
so
I
want
to
know
if
there's
any
other
people
who
are
actually
think
this
is
a
good
idea
or
bad
idea
before
I
just
go
and
do
it
myself
or
should
I
just
ignore
it
so
that
the
reason
there
is
I
attended
in
the
email
list
and
every
most
people
biggest
reason
is
that
there
is,
you
know
people
say:
oh,
we
need
to
have
a
shot.
We
need
to
have
a
256-bit
security
because
of
the
comms
and
computers.
A
They
don't
know
what
the
two
five
six
is,
except
that
it's
a
number
and
they
know
two
five,
six
Oh
a
yes
to
faxes,
feels
that
one
so
to
512.
We
love
that
one
more
P,
okay,
we
don't
have
any
more
P
that
feels
that
one
we
could
have
a
8,000
bit.
Species
200
bits,
not
enough.
16,000
would
be
enough,
but
we
don't
have
that
one
as
a
higher
number.
We
have
generated
the
Krug's
when
we
created
the
old.
A
A
Use
it
in
some
cases
when
you
have
not,
when
you
have,
you
know
a
thousand
customers,
but
if
you
have
a
site-to-site
VPN,
you
know
with
one
VPN
link,
then
you
can
actually
do
it
even
it,
of
course,
there's
a
issues
with
fragmentation
of
the
pocket,
but
okay
site
to
site,
VPN
old,
usually
have
a
good
internet
and
not
behind
Nats,
and
not
behind
captive
portals
or
anything
like
that.
That
would
destroy
fragments
and
so
on.
So
do
people
think
it
is
a
good
idea,
bad
idea.
What
should
I
do.
D
Well,
Paris
I
think
it's
okay,
as
long
as
I
say
really
good
instruction
in
the
document.
I
say
do
not
add
this
to
your
list
of
default
proposals,
because
we
know
that
some
implementations
at
everything
they
implemented
their
proposals,
which
leads
to
you,
know,
giant
explosion
of
of
components,
and
it
will
indeed
lead
to
like
our
let's
use
the
highest
number,
because
there
must
be
the
most
secure
and
then
you're
actually
running
this
everywhere,
instead
of
only
in
this
case
as
you
want
it,
but
and
I'm
willing
to
help
you
with
the
document.
It.
A
No
I,
don't
think,
actually
is
a
force
sensor
security.
We
see
that
actually
do
offer
you
two
five
six
bits
of
security.
The
difference
is
that
with
quantum
computers,
none
of
our
are
good
about
what
piece
or
elliptic
curves
is
safe.
I
mean
that
reason
why
you
actually
were
equal
to
56
is
false.
The
reason
that
this
fact
that
it
actually
do
provide
256
bits
of
security
is
valid.
A
R
A
A
They
don't
they
don't
understand
the
reason
why
it's?
Why
why
5
6
is
better
than
you
know,
white
white?
Oh,
why
you
need,
for
example,
or
some
people
actually
say
that
you
must
be
able
to
do
two
five
six.
They
usually
don't
say
that
you
have
to
do
it.
They
said
you
must
be
able.
Okay,
that's
fine.
This
is
actually
one
of
the
reasons
we
were
actually
in
15,
for
as
we
are
running
out
of
5,
but
15
4.
We
have
now
working
this
stuff
in
I
Triple
E.
A
A
K
K
D
D
Ciphers,
a
small
different
topic-
if
we're
done
with
this
part,
is
reddit,
so
I
also
have
a
case
where
customers
want
to
roll
out
IPSec,
but
if
they
find
authentication
little
bit
hard
to
do
so,
they
first
go
like
what,
let's
do
mutual
know
first
and
roll
that
out
and
then
later
on.
They
want
to
update
to
use
certificates
other
things
and
then
and
do
authenticated.
So
now,
you've
got
this
this
cloud
structure.
D
It
has
all
these
off,
no
notes
that
are
talking
to
each
other,
and
then
you
slightly
want
to
upgrade
them
whenever
you
configure
new
notes
to
have
like
say
certificate,
so
what
we
ended
up
doing
is
doing
the
same
trick.
That
is
used
in
the
in
the
No
PPK
case,
where
we
basically
sent
a
second
earth
payload
one
with
the
certificate
of
one
for
earth
know
and
on
the
other
side
can
pick
like
I
have.
Since
we
brought
seem
to
be
supporting
authenticated,
we
can
just
bump
our
connection
from
Earth
node
to
authenticate
it.