►
From YouTube: IETF103-TLS-20181107-1120
Description
TLS meeting session at IETF103
2018/11/07 1120
https://datatracker.ietf.org/meeting/103/proceedings/
B
B
B
B
B
Excellent.
Thank
you
all
right.
We
owe
you
one
appreciate
it
all
right.
This
is
the
note.
Well
it's
Wednesday
afternoon
ish.
You
should
have
seen
this
by
now.
Basically,
you're
gonna
be
at
the
microphone.
It's
gonna
get
recorded,
got
an
IPR,
please
disclose
it
more
informations
available.
We
did
the
minute
take
urge
a
prescribed
blue
sheets
are
currently
making
their
way
around
I'm
at
the
microphone.
Please
state
your
name
at
the
mic:
let's
keep
it
professional
at
the
mic,
as
well
as
being
succinct,
we're
not
gonna.
Do
any
of
the
other
update
stuff
cuz.
B
B
B
B
My
only
personal
perspective
is
that
we,
as
like
I,
say
we
cross
the
streams
so
we're
basically
crossing
browsers
web
PKI,
dns
ii,
dane
all
at
once,
and
so
everyone
gets
Lively
and
it
gets
exciting
a
little
bit
of
a
Mia
culpa.
Here
we
haven't
done
the
best
job
in
being
chairs
during
this
process.
I
think
that
we
have
a
lazy,
fair
attitude
about
a
lot
of
things,
sometimes
and
hope
that
it
would
just
kind
of
work
out,
and
it
hasn't.
B
So
that's
why
we're
here,
and
so
hopefully
we're
we're
going
to
try
to
fix
some
of
that
today.
We're
willing
to
take
some
of
the
blame,
but
I'm
also
here
to
tell
you
that
there's
some
blame
to
be
laid
at
your
feet
as
well,
so
my
plan
is
to
provide
an
annotated
outline
of
the
time
of
events,
there's
others
that
you
can
use
to
follow
because
I
posted
it
earlier
in
the
week
to
hopefully
maybe
get
you
up
to
speed
and
that,
if
there's
repeals
later
that
it
can
be
uses
as
the
appeal
input.
B
Also
because
I
got
the
mic
there'll
be
some
teaching
moments
that
I'm
gonna
let
go
and
again
the
ultimate
goal
is
to
see
if
we
can
figure
out
what
we're
gonna
do
with
this
raft.
So
Sarris
questions
audience
participation.
If
you
are
here,
please
raise
your
hand
all
right.
Nearly
100
percent
participation.
B
B
E
B
B
Followed
the
list
discussion
in
some
way
shape
or
form
so
yeah
we're
like
quarter
all
right.
Who's,
read
the
presentation.
All
right,
we're
like
down
to
five
so
I
got
a
question.
Is
who's
planning
to
implement
to
this
draft
all
right,
so
I
see
like
three
ish
hands
who's
planning
to
deploy
the
draft?
B
Well,
three
ish
hands;
okay,
all
right!
So
that's
good
to
know
so
just
kind
of
started
off
back
way
in
the
day.
Victor
says
yes
to
those
okay,
okay
way!
Back
in
the
day,
we
had
an
initial
post
like
in
2015
right.
We
did.
This
I
think
it
was
Melinda
that
sent
this
draft
across
and
it
was
like
great.
There
was
two
quick
threads
like
the
numbers
in
the
parentheses
of
the
amount
of
messages
that
were
sent
now.
B
I
may
be
on
or
off
by
some,
because
I
get
a
lot
more
messages
about
drafts
that
you,
maybe
don't
cuz
I'm
in
the
chair,
but
hey
the
best
thing
was
really
awesome.
Is
we
got
an
agreed
use
case
in
like
ten
emails,
and
it
was
this.
The
idea
was
primarily
aimed
at
making
game
practical
for
HTTP
or
small
considerations
on
the
client
and
her
significant
part
of
it
adoption
barrier
and
the
short
version
is
basically
this
think
of
sustained
stapling
kind
of
like
OCSP
stapling,
and
that
was
fairly
easy
to
get
to
that's.
B
B
Basically,
everyone
went
pretty
normal
yeah
there's
a
lot
of
messages
that
I
didn't
include
in
there,
which
is
me
picking
the
author
saying.
Well,
if
there's
no
problem,
let's
just
push
this
damn
thing
forward
and
keep
going
so
not
a
lot
to
happen.
So
all
these
things
are
they're
all
hyperlinks.
You
can
click
on
them
and
read
the
threads
and
the
whole
nine
yard.
I
put
the
app
signs
to
show
you
if
you
want
to
jump
into
the
media
Co
presentation
to
see
where
the
discussions
started.
B
So
you
know
just
to
kind
of
get
ready
to
go
working
group
call
for
adoption.
We
had
about
ten
people
that
send
in
stuff.
We
confirmed
basically
what
we
found
at
the
the
meeting
it
at
ITF,
ninety
father,
that
was
interest
in
moving
this
thing
forward
and
off
we
went
just
to
know.
We
had
no
ITF
last
call
comments
during
the
generous
re
during
the
IHG
evaluation
process.
We
ended
up
getting
a
discussion
going
in
Eric's
thread
where
Victor
there
was
a
downgrade
attack
and
the
what
this
was
was
he's.
B
Basically
claiming
I'll
explain
the
downgrade
attack
later
that
this
was
a
problem
it.
It
had
been
in
the
draft,
and
there
were
some
text
in
there
that
had
a
identified
mitigation
stand
for
it,
but
basically
now
it
was
kind
of
as
done
as
a
showstopper.
So
the
downgrade
attack
itself
was
basically
you
know.
The
short
answer
here
is
that
day
means
downgrade
resistance
against
P
kicks
attacks,
and
that
was
the
stuff
that
was
from
the
the
draft.
You
know
outs
in
a
whitelist
that
client
misdirected
to
a
server
that
is
fraudulently
acquired.
B
A
public
CA
issued
certificate
for
the
real
servers
name
could
be
induced
to
establish
a
PKK's
verified
connection
to
the
rogue
server
that
precluded
day
month.
Indication,
okay,
I
put
it
in
quotes
because
some
people
don't
think
it's.
They
don't
think
it's
a
classical
downgrade
attack.
But
that's
why
I
did
it
so
I'm
trying
to
be
as
fair
as
possible
here
to
both
sides?
B
B
Yes,
so
ITF
101,
we
had
a
discussion
about
that
particular
downgrade
attack
during
the
meeting
and
what
happened
was
the
discuss
that
occur
had
got
cleared
and
then
the
document
got
approved.
So
the
problem
was
right.
So
hey
the
document
gets
approved.
We're
all
happy.
Well,
you
know:
did
we
really
address
the
the
issue
that
was
raised
during
the
discuss
and
did
we
do
it
properly?
So,
not
surprisingly,
right
here
we
had
office
threats
of
Appeal.
B
At
least
that
was
where
and
so
to
kind
of
address
that
we
decided
to
do
a
consensus
to
publish
as
is
or
to
address
the
work
noob
issues-
and
this
was
the
consensus,
call
itself.
I
don't
want
to
read
this
all,
but
basically
it's
like
do
you
just
want
to
publish,
but
if
we're
not
gonna
publish,
do
you
want
to
start
adding
some
text
about
denial
of
the
existence
and
pinning
stuff
and
then
a
bunch
of
other
things
that
happened
later?
So,
if
no,
then,
what
are
we
gonna
work
on?
B
So
this
is
where
the
teaching
moment
starts.
So
we
had
20
people
participating
in
the
thread
we
had
about
10
people
actually
answer
the
first
question,
which
was
nice.
We
had
10
people
answer
some
vague
amounts
of
questions,
not
always
the
first
question
and
some
other
question
that
they
wanted.
Oh,
we
had
other
people
that
didn't
have
anything
to
really
say
about
the
threat.
B
It
just
wanted
argue
when
the
chairs
ask
these
things,
it's
much
better
when
you
actually
answer
them,
because
it
helps
us
judge
consensus,
and
so
the
interesting
point
here
is
if
we
were
just
straight-up
counting,
this
document
would
have
been
published
right.
It
was
a
split
decision,
but
we
as
the
chairs
decided
basically
that
there
was
enough
consensus
to
do
a
and
there
was
enough
discussion
to
bring
it
back
to
the
working
group.
Now
that
didn't
happen
immediately
for
whatever
reason,
but
that's
basically
what
we
decide
so
just
to
be
clear.
B
A
was
essentially
to
put
some
adding
denial
of
existence
proofs
in
the
chain
provided
by
the
extension
all
right.
Well,
that's
the
big
butt
here,
but
we
screwed
up
and
didn't
tell
the
office
we'll
just
put
the
text
in
now.
There's
a
reason
for
that,
though,
and
we're
going
to
that
the
second
as
a
minor
aside,
here's
the
message
count
before
and
after
this
is
just
to
kind
of
illuminate
the
amount
of
threads
that
happened,
and
these
are
the
public
ones.
These
are
not
the
public,
the
private
ones.
B
So
there's
been
some
thread,
so
it's
not
like
we
it's
a
little
different
in
that.
If
you
were
at
the
quick
session,
you
saw
that
there
were
lots
of
people
talk
to
you
about
it.
There
were
like
29
people,
I
think
toll
or
something
in
me
threads,
and
that
this
is
like
the
top
10,
so
text
proposals.
We
had
a
lot.
We
had
some
from
Victor.
We
had
some
Shuman,
we
had
some
from
Ben
and
then
Victor
kind
of
pulled
a
bunch
of
them
together
and
did
proposals
for
the
interim,
which
was
great.
B
And
then
we
even
had
an
interim
about
this
just
about
this.
The
interesting
thing,
though,
was
that
we
had
office
proposals
and
then,
after
the
interim,
we
tried
to
have
a
chairs
put
together
some
summary
of
the
minutes
and
what
was
the
actual?
You
know
facts
on
the
grounds
were,
and
we
had
like
a
hundred
emails
and
couldn't
agree
to
it.
We
just
had
to
send
with
what
we
thought
we
thought
we
had,
so
that
really
wasn't
fun.
It
really
kind
of
wasn't
great
and
we're
really
not
making
the
ITF
great
again
there.
B
B
F
H
F
Where
you
say
like
all
these
people
are
either
too
aggressive
or
mail
too
much
I
I
understand
that
when
some
people
mail
and
they
sent
large
emails
because
they're
extremely
pedantic
that
these
emails
are
large-
and
it's
sort
of
you
know
some
people-
don't
have
the
resources
to
read
it.
But
this
comes
with
really
close
to
sort
of
shaming
people
from
contributing
to
diet.
Yet.
B
I
B
All
right
keep
going,
keep
going
all
right
now
to
some
housekeeping
all
right.
So
next,
so
we
had
a
consensus
call
during
the
security
considerations
thread.
The
four
questions
that
were
asked
was:
do
you
support
the
working
group
taking
on
future
work
of
pinning
mechanisms?
Do
you
support
reserved
bytes
in
the
revision
of
future?
Pinning
mechanisms?
Do
you
support
the
proof
of
denial
existence
text
in
their
vision?
Do
you
support
a
new
and
improved
security
considerations?
B
Obviously
the
two
on
the
right
or
the
number
three
was
basically
kind
of
redoing
than
one
of
the
first
ones,
and
the
number
four
was
text
that
we
thought
people
seemed
to
be
basically
pretty
happy
with
and
one
into
where
we
think
pretty
much
where
the
big
argument
was
so
we
had
seven
people
in
that
thread,
not
great
we're.
Basically
at
the
point,
where
were
finding
it
difficult
to
to
judge
that
there's
consensus
to
progress
the
document,
especially
when
it's
split
like
it
is
so
what
happened?
Basically,
we
had.
B
Yes,
we
do
support
the
proof
of
denial,
existence
text
and
in
the
revisions,
and
yes,
the
new
and
improved
security
considerations,
and
we
did
not
have
support
for
pinning
or
for
the
reserved
fights.
So
with
that.
What
we're
gonna
do
we're
gonna,
we've
I've
started.
This
process
already
is
to
merge.
B
Yet
there
were
there's
a
24
part
commit
in
there
with
that's
a
little
interesting
to
follow,
but
basically
we'll
Emma
started
working
on
this
stuff.
There
anything
that
there
were
a
bunch
that
were
marked
as
editorial
and
it's
gonna
go
through
there
and
the
ones
that
are
editorial.
We're
just
gonna
merge
the
goe
related
stuff,
we're
gonna.
We've
reconfirmed
that
we're
gonna.
Do
that,
so
we're
gonna
push
that
text
in
there
we're
gonna,
let
them
identify
which
ones
are.
B
What,
after
that,
we've
been
circling
around
for
this
for
a
while,
we
are
getting
less
and
less
participants.
A
lot
of
people
have,
you
know,
told
me
off
list,
so
take
it
for
what
it's
worth,
that
they
feel
like
the
things
been.
Some
of
the
threads
have
been
hijacked.
Some
of
people
have
thrown
their
hands
and
up
and
walked
away.
Some
said
that
while
they
would
participate,
they
don't
have
time
all
kinds
of
other
things.
So
we're
kind
of
at
this
point
where
we
can
do
a
couple
of
things.
B
Since
we
don't
have
consensus
with
the
painting.
You
know
the
extension
stuff
in.
We
can
basically
publish
a
consensus
document
that
we
have
now
without
the
pinning
of
the
reserve
feels
and
obviously
we'd
have
to
make
sure
the
text
all
makes
sense
from
the
the
points
that
we'll
merge
or
we
can
just
basically
have
it
gradually
die,
because
the
people
think
that
consensus
document
is
just
useless.
So
we're
basically
trying
to
figure
out
what
to
do
here
and
we're
we're
hoping
to
have
a
home
on
these
two
options.
J
Hello,
you
can
hear
okay,
so
the
first
thing
I
want
to
mention
is
that
the
call
to
say
that
there
is
no
consensus-
and
there
cannot
be
a
consensus-
seems
very
premature
because
the
landscape
has
been
shifting.
Recently.
We
have
recently
clarified
the
lack
of
the
foot
gun.
We've
had
a
few
people
acknowledge
that
analysis,
Chris
wood
posted
a
message
summarizing
the
analysis
asking
for
some
responses
and
objections.
J
Nobody
posted
anything
that
in
any
way,
refuted
the
analysis
that
you
have
demonstrated
that
the
pinning
is
quite
different
from
the
analogies
to
HP
K
P
that
were
being
posted.
At
this
point
there
are
very
few
people
claiming
that
the
pinning
has
anything
bad
and
they
posted
nothing
of
substance
to
back
it
up
and
so
I
think
that,
with
a
little
bit
more
work,
the
pinning
can
get
support
and
we'll
go
through
and
you're
shutting
down.
J
The
argument
halfway
through
and
at
this
point,
I
see
no
basis
for
failure
to
properly
analyze
and
understand
the
issue
in
the
past
to
be
a
predictor
of
the
of
the
future,
because
the
process
is
recently.
In
fact,
gotten
unwedge
des
is
moving
forward
and
I
strongly
object
to
that
to
what's
happening
here.
This
is
an
ambush.
The
slides
got
published
late.
They
did
were
not
available
for
on
this
discussion
before
this
meeting
and
I'm
sorry
this.
This
is
not
a
good
way
to
resolve
the
issue,
so.
B
K
F
B
F
Then-
and
this
is
a
remark-
I've
made
repeatedly
on
the
list
as
well,
if
you're
publishing
an
accurate
extension
with
a
downgrade
attack
where
the
downgrade
is
between
quotes
or
not,
that
is
not
something
that
should
be
possible
by
saying
there's
consensus
to
do
this
down.
Gradable
thing,
I,
don't
think
consensus
overrides
a
security
concern.
A
F
B
D
A
L
B
L
Sorry
I
didn't
have
an
indication
so
right,
I
think
you
know
Victor
says
we
were
making
progress
on
the
foot
gun
thing.
I.
Think
a
lot
of
what
was
going
on
here
is
that
a
lot
of
people
didn't
want
to
even
engage
with
the
proposal,
because
you
know
this
fear
of
foot
gun
because
you
know
hey,
pkp
failed
and
in
fact
there
has
been
no
desire
to
even
engage
with
the
arguments
on
foot
gun
not
being
of
a
gun.
L
You
know
this
is
what
Ben
refers
to
as
apathy.
Of
course,
you
could
easily
call
consensus
right,
you
can
ask
for.
Is
there
a
foot
gun?
You
could
actually
ask
that
question
and
that
would
further
progress
towards
consensus.
Well,
we
don't
see
this
instead,
we're
saying:
hey
we're
all
completely
out
of
patience.
You
know
too
many
emails
and
so
on,
and
you
know
there
have
been
a
lot
of
emails,
but
nothing
like
Jason's
back
or
any
number
of
others,
so
I'm
a
little
confused.
It
seems
like
you're
just
ramming
this
through.
L
You
know,
I
think
you
could.
You
could
totally
ask
this.
Is
there
a
hit
done
right,
since
that's
the
only
real
objection,
if
there
isn't
one,
then
what's
the
real
objection
is:
are
there
any
others
and
I
think
you're,
just
cutting
it
short
you're,
just
saying
we're,
you
know
I
understand
the
desire
for
that.
But
I,
don't
you
know
I,
don't
think
you
actually
I,
don't
think
we've
actually
gone
through
the
process
correctly,
all
the
way
you
have
the
mic.
M
N
E
Investing
the
amount
of
time
necessary
to
follow
the
thread
and
participate
in
the
thread
becomes
a
bit
of
a
losing
proposition.
So,
from
my
perspective,
the
reason
that
you're
getting
fewer
people
involved
in
this
is
because
they're
not
interested
in
the
feature
and
I'm
willing
to
deal
with
the
volume
of
email
that
we've
had
on
the
topic
and
not
something
waiting
in
line
quite
a
while.
Now
I
don't
see
that
stopping
unfortunately,
and
it's
it's
kind
of
toxic
afraid.
H
Paul
Hoffman
I
want
to
emphasize
what
Martin
just
said
at
the
end,
because
the
conversation
was
toxic.
It's
not
that
I'm
apathetic
I
just
didn't
want
to
participate.
I
kept.
In
fact,
I
had
a
couple
people
on
both
sides
trying
you
know
trying
to
get
me
involved
and
I
would
say
it's
not
apathy
that
you're
seeing
it's
sort
of
message
sickness,
but
it's
also
a
lack
of
leadership.
Quite
frankly,
we're.
H
But
taking
on
the
chin
by
saying
that
the
group
has
been
apathetic
is
not
actually
a
way
to
do.
It
I
think
calling
things
again
like
you're
doing
now.
If
you
had
done
that
on
the
list
weeks
or
months
ago,
would
have
caused
numbers
to
go
up
so
I'm,
hoping
that
you're
going
to
do
that
again
and
okay,
so
I
won't
go
on
in
that.
But
I
had
a
question
at
the
end
of
what
you
said
here.
He
said
when
it
goes
back
to
the
iesg
look.
B
H
O
David's
cannot
see
Google
two
points
first,
one
speaking
as
browser
developer,
no
plans
to
implement
this,
and
that
goes
for
both
browsers
that
I've
been
involved
with
lately
and
the
second
point,
as
an
individual
contributor
to
the
working
group,
I
want
to
echo
what
the
previous
people
said
this
the
time
it
would
take
to
invest
in
this
I.
Don't
want
to
take
that
time,
just
the
mental
stress
of
just
even
reading
these
so
yeah,
please,
please,
please
kill
this,
let
it
gracefully
die
or,
if
impossible,
not
gracefully
die.
O
This
is
taking
up
huge
time
on
the
mailing
list
and
in
the
working
group,
and
if
this
keeps
going
on
I'm
thinking
of
maybe
I
wouldn't
attend
this
session,
because
I
am
NOT
interested
in
this,
and
please
kill
this.
So
we
don't
lose
contributors
that
I
don't
know
about
myself,
but
I'm
sure
others
could
provide
some
interesting
feedback
to
the
working
group.
Please
kill
this
arrow.
P
Scroll
I
don't
need
to
duplicate
Martin
statements
about
what
we
go
over
on,
implement,
I
guess
in
terms
of
signal.
You
know
that
I
certainly
agree.
There
been
a
number
of
assertions
in
Manilla
list
about
what
is
theirs.
Not
true.
There's
been
a
bunch
of
back-and-forth
I'm,
not
sure
apathy
is
the
right
word,
but
exhaustion
might
be
I
don't
he
should
not
conclude
in
the
fact
that,
like
I
only
stopped
responding
on
the
mailing
list,
that
I
agree
with
the
claims
didn't
made
by
several
people.
J
Hi
again
so
here
we
are,
and
yet
the
document,
even
with
the
twenty
four
commits,
still
has
major
gaps
that
I
had
postponed
talking
about.
Until
you
know,
it
was
clear
that
you
know
we
were.
We
were
going
somewhere
and
I
wasn't.
Just
gonna
write
commits
that
nobody
was
going
to
read.
It
fails
to
properly
explain
how
virtual
hosting
works,
and
there
are
some
subtle
issues
there
that
need
to
be
clarified.
If
it
already,
it
fails
to
deal
with
the
TNS
TTLs
and
how
the
service
supposed
to
handle
them
and
that
text
isn't
written.
J
The
document
still
needs
considerable
work
and
we're
merely
asking
for
a
to
bite
field.
Pardon
my
french
that
will
not
in
any
way
be
onerous
to
any
implementers,
is
well
motivated
and
has
seen
no
through
their
contract.
Not
nobody
has
explained
why
these
the
bad,
why
they're
incomplete
all
week
worth
really.
B
So,
ok,
so
nothing
has
stopped
you
from
publishing
a
draft
that
included
all
these
things
that
you
wanted.
The
second
thing
is
just
because
there's
absence
of
discussion
of
a
proposal
does
not
make
it
good.
We
had
this
exact
problem.
Dan
Harkins
I
can
fly
draft
right.
If
you
really
really
wanted
that
thing,
and
there
was
just
kind
of
like
no
interest
in
moving
it
forward.
There
are
more
than
one
person
here,
that's
interested
in
doing
this,
but
that
does
not
seem
to
be
many
more.
Q
B
Q
Victor
has
posted,
oh,
it
can
be
used
to
strengthen
the
web
PKI
by
adding
in
you
know,
various
other
authentication
schemes.
Paul
has
posted
that
it
can
be
used
to
limit
the
web
PKI
because
browsers,
you
know,
there's
too
many
unrestricted
cas
in
the
trust
store,
and
so
it's
not
just
oh
well.
Ad
gain
is
a
strengthening
thing.
It's
now
become
a
completely
separate
security
model
or
possible
to
implement
a
completely
separate
security
model.
Q
R
Wes,
her
tucker
is
a
speaking
with
one
of
my
hand,
salon
I
am
the
IETF
guides
one
of
the
co-chairs
to
introduce
new
people
into
the
IETF,
and
one
of
the
things
that
we
have
found
after
listening
to
a
year's
worth
of
feedback.
Is
that
highly
negative
discussions
caused
people
to
drop
out
and
when
you
need
the
consensus
of
the
IETF,
you
needed
the
consensus
of
the
participants.
This
downward
slope
in
participation
in
discussions
is
far
too
common.
When
and
I
am
equally
as
guilty
right.
R
Those
of
us
in
the
security
field,
we
take
a
hard
line
in
the
stance
and
we
don't
want
to
move
and
we're
willing
to
state
so
loudly.
But
the
problem
is
is
when
you
word
messages
that
don't
take
the
high
road
and
how
you
deliver
your
opinion.
It
pushes
people
away
and
and
very
generically
of
the
feedback
we've
received
in
the
past
year.
R
90%
of
the
negative
perceptions
come
from
this
working
group
and
it's
a
problem
and
I'm
I'm,
just
saying
so
think
about
it
as
you're.
Writing
your
messages
going
forward.
Please
think
about.
Am
I
putting
this
in
a
derogatory
way,
or
can
I
encourage
participants
by
rewording
it
in
a
polite
way
that
still
gets
my
technical
point
across
okay?
R
Now,
back
to
the
matter
at
hand,
I'm
concerned
with
option
A,
because
publishing
the
consensus
document
without
the
agreed-upon
text
means
that
technically,
that
document
hasn't
reached
consensus
so
missing.
One
piece
of
the
document
where
maybe
there's
non
agreement
upon
it
loses
the
notion
that
the
the
people
that
disagreement
about
the
the
section
will
be
happy
with
the
consensus
document
when
the
reality
is.
The
reason
that
it
was
needed
was
to
get
consensus
around
the
problem
in
the
first
place
of
by
dropping
it
you're
you're,
still
not
in
consensus
to
publish
the
whole
document.
R
F
So
Paula
occurs
in
response
to
rich
on
the
under
usage
cases,
so
the
teal
assay
records
in
DNS
already
defined
these
use
cases.
So
this
working
group
cannot
go
ahead
and
say
what
other
use
cases
or
are
involved
these
use
cases
or
with
it
Tila,
say
traffic.
So
the
usage
selectors
are
clearly
defined
egg.
You
can
do
pinning
to
restrict
the
CA.
You
can
do
pinning
to
restrict
the
end
certificate.
You
can
do
pinning
to
restrict
to
the
public
key.
F
Those
are
all
defined
in
RFC
s
that
are
out
there
and
there's
DNS
clients
that
use
this
information.
Postfix
will
use
this
information
that
is
all
out
and
deployed,
and
everything
and
we're
now
just
looking
at
how
can
we
also
get
this
security
for
those
clients
that
cannot
reach
the
last
mile
to
get
these
records
via
the
normal
DNS
Channel,
so
that
we're
not
talking
about
introducing
new
authentication
mechanisms
or
new
PGI's?
F
All
of
these
things
are
already
out
I'm
exist
and
then
my
second
point
is
I'm
a
little
confused
that
the
people
who
don't
like
pinning
seem
to
be
also
the
people
that
have
no
interest
in
implementing
it.
Anyway,
so
why
not
let
the
pin
and
go
on
for
those
people
who
do
want
it
and
do
want
to
implement
it?
You
don't
have
to
implement
this
RFC
if
you
don't
want
to,
but
why
are
the
people
that
are
not
planning
to
implement
it?
Blocking
me
from
my
use
case,
Wow.
P
I
couldn't
have
picked
a
better
psychic
outstanding
because
I
ever
poseable
CI
r
approval
to
get
out
of
this
mess,
which
is
the
following:
Erico
scoreline
in
I
in
draft
RFC.
What
is
the
number
Paul
Sean
on
the
that
the
I
Anna
consideration
to
CLS?
Eighty
four,
forty,
seven
right
in
our
CV
for
forty
seven,
we
allow
you
to
get
Co
all
the
code
points
you
need
based
purely
on
is
the
specification
and
so
I
proposed
so
and
you're
right.
P
We
don't
have
any
intention
with
this
and
I
have
no
objection
that
Co
point
be
allocated.
What
I
do
object
to
is
the
document
being
published
always
proposed
with
endorsement
else
working
group
therefore
I
propose?
Is
we
take
this
other
tailless
working
group?
You
should
feel
free
to
take
this
ID
and,
on
that
basis,
apply
for
a
code
point
and
with
any
semantics
you
like
whatsoever,
pinning
no
pinning
but
extension
bytes,
no
extension
bytes
any
cements
whatsoever,
and
then
we
will
simply
be
done.
A
Richard
burns:
oh
okay,
off
the
last
two
words
there.
Let
us
be
done
well,
I!
Think
mr.
skin
now
see
mr.
Hardaker
summarizes
pretty
well.
Now
is
the
moment
on
which
to
call
cloture
on
this
debate
and
to
move
on
one
way
or
the
other
I
think
there's
sort
of
three
paths
I
had
two
guys
in
mind
that
the
chairs
articulated
well,
but
I,
think
ecers
articulated
a
valid
third
path.
You
know
if
there
is
some
if
we
can
roll
back
so
some
things.
A
We
agree
on
and
implement
those
things
and
get
people
to
a
point
where
they've
been
willing
to
go
forward
and
publishing
all
means.
Let's
do
that
and
succeed
if
we
can
consist
succeed,
but
if
that's
not
possible,
then
I
think
it's
now.
This
is
time
to
take
this
back.
Let's
take
it
out
of
the
working
groups,
queue
and
the
authors
can
start
over
either
with
this
document
or
with
eckers
approaches,
they
like
yeah,.
B
And
to
be
clear,
like
gracefully
died
in
the
working
group,
there's
always
the
possibility
for
someone
to
write
whatever
draft
I
want
to
have
it
be
there
just
be
an
internet
draft
and
request
code
points
they
could
go
to
the
ISC.
They
could
take
it
to
the
area
director.
They
could
there's
lots
of
ways
for
these
things
to
get
published.
We're
not
talking
about
stopping
that
publishing.
It's
just
that.
We
don't
have
consensus
here
to
give
it
right.
A
N
Channeling
Tariq
Suraj
from
Jabba
room
I
would
come
to
a
comment
over
what
left
guy
from
Google
said.
Yes,
that's
David
that
left
the
document
die,
gracefully
or
ungracefully
I'm.
Sorry,
it
is
still
a
contribution
and
it
ended
proof
that
this
kind
of
implementation
doesn't
have
the
community
consensus
and
that's
kill
it.
Basically,
please
highlight
my
comment:
Thanks
I.
S
Steve
Barr,
I,
guess
I'm,
just
gonna
agree
with
the
last
couple.
People
and
I
don't
see
how
you
can
kind
of
get
to
a
concentr
working
group.
Consensus
document
with
the
pinning
and
reserve
so
I
think
that's
kind
of
a
pity,
but
I
think
that's
reality.
So
maybe
you
know
taking
it
to
the
IOC
with
getting
code
points
is
reasonable.
B
T
B
Kicked
out
of
this
working
group
or
decide
to
go
out
or
whatever
they
do,
the
first
question
the
ISE
Asus
says:
have
you
been
fee
I?
That's
it
the
CLS
working
group.
They
will
ask
us
and
we'll
say
yes,
here
are
the
hundreds
of
messages.
Here's
one
one,
we
said
you've
been
set
loose
scope.
We
go
forth,
be
free.
T
T
T
D
T
U
Yeah,
so
we
just
had
a
contentious
oak,
Evelyn
and
I'm
on
the
ISC
board,
so
we
just
had
a
contentious
document
go
through
the
ISC
and
the
is
e
takes
the
advice
of
the
IAS
G
from
conflict
review.
They
don't
have
to
adhere
to
that
advice.
They
can
publish
anyway,
they
are
their
own
publication
stream.
That
advice
is,
is
very
important,
it's
very
helpful,
but
they
have
that
option.
T
What
I'm
saying
is
actually
from
an
author's
perspective,
it
is
way
more
likely
that
this
document
will
ever
be
published
as
as
an
ISE
than
through
good
through
this
working
group,
and
so,
if
I'll
row
back
my
earlier
statements
and
the
interests
of
consensus.
Yes,
okay,
maybe
nobody
can
stop
our
document
forever,
but
in
practice
it's
gonna
a
lot
harder
to
get
it
through
this
working
group
than
out
through
the
IC
right
and
and
that's
something
that
I'm
gonna
row
back
on
my
earlier
comments.
I
think
we
should
we
should.
O
David's
canasa
aka,
the
guy
from
Google
I'd,
like
to
clarify
my
earlier
points.
I
was
not
suggesting
to
about
a
Paul
in
any
way
to
prevent
anyone
from
implementing
this
before
me,
because
I
don't
have
that
power
and
you
do
whatever
you
want.
That's
fine
I
was
not
suggesting
that
you
don't
try
to
publish
this
somewhere.
I'll
see
that
you
can
do
that
have
do
whatever
you
want.
All
I
was
saying.
Is
this
needs
to
move
out
of
this
working
group
when
I
say?
Please
kill
this
I'm
saying.
O
P
So,
just
to
address
that
question
Victor
raised
generally,
we
do
not
in
the
ITF
assume
the
only
people
with
status,
to
discuss
for
a
documentary
against
our
people
and
implement
so
I
hope.
That's
totally
true,
because
I've
been
participating
for
years
discussing
things
I,
don't
plan
to
implement.
So
you
know
the
question:
is
it's
a
working
group
have
consensus.
P
This
is
a
good
stuff
and
I
think
that's
the
where
this
is
going
around
for
I
want
to
clarify
I,
don't
lose
consensus
for
either
variant
of
this,
so
I
think
if
there
was
falling
ground
on
both
on
both
count
on
both
versions.
Q
Rich
Sawbuck,
my
yeah
Victor,
also
understands
the
importance
or
the
difference
between
working
group
and
non
OpenSSL
has
a
policy
that
if
it's
not
a
standard
document,
it's
not
gonna
go
in.
Unless
somebody
on
the
project
really
really
really
wants
it
so
yeah,
it
might
have
been
a
rhetorical
question.
So.
L
I
won't
really
object
to
moving
forward
in
any
of
the
ways
that
were
proposed
just
now
effectively
both
drafts
to
ISE,
you
know
or
one,
but
if
we
do
one
in
the
working
group
without
pinning
I
really
really
want
the
denial
of
existence
stuff
in
there
right.
So
so
the
bugs
have
contracts.
We
can
agree
to
disagree
on
pinning,
but
the
the
bugs
have
to
be
fixed.
B
B
C
Cullens
pullin
drinks,
just
listening
as
conversation,
I
consensus
is
measured
at
a
Cullen
Jennings
consensus
is
measured
at
a
point
in
time
and
I
think
you
almost
need
to
ask
the
original
question
you
ask
for
any
work
which
is.
Does
the
working
group
have
consensus
to
work
on
this,
because
that
question
is
obviously
open
at
this
point?
And
it's
just
one
question:
it's
a
very
simple
question.
We
ask
all
the
time
you
could
ask
it
again
easily
and
I
suspect
the
answer.
B
I
So
while
you're
doing
that
stay
in
New
York
just
to
be
clear
for
folks
to
who
are
looking
at,
you
know
saying:
let's
punt
this
to
ISE
or
something
or
let
the
authors
choose
that
just
the
author
or
the
folks
who
I
mean
should
be
aware
that
that
is,
he
also
means
it's
either
informational
or
experimental.
It's
not
a
stun
non-standard
yeah.
It.
B
T
Zouk
leave
my
tie.
Point
outlet
is
e,
has
the
nice
property
that
it
says
right
at
the
top?
This
is
not
an
ITF
standard
and
sometimes
people
get
confused
when
they
see
rfcs
and
they
think
their
standards
and
I
see
is
I,
think
the
best
vehicle
that
can
be
produced
by
the
ITF.
In
terms
of
lessening
that
confusion,
yeah.
B
B
B
B
That's
pretty
clear,
so
I
should
be
clear.
Also
that
I'm
not
really
happy
with
this
outcome.
It
would
have
been
a
lot
better
if
we
could
have
got
this.
This
worked
on
it's
unfortunate.
This
happens.
This
is
not
our
shining
greatest
moment.
Hopefully
we
will
have
some
learning
moments
and
I'm
interested
in
hearing
your
opinions
on
how
we
could
do
a
better
job.
That
concludes
this
session.