►
From YouTube: IETF104-STIR-20190329-0900
Description
STIR meeting session at IETF104
2019/03/29 0900
https://datatracker.ietf.org/meeting/104/proceedings/
A
All
right
Robert:
can
you
put
the
agenda.
B
A
C
D
C
What
is
divert
and
why
we
keep
working
on
this
forever,
because
this
answers
answers
a
pretty
pressing
issue
Forster,
which
is
in
a
lot
of
these
boarding
cases.
You
may
end
up
with
a
two
header
field
being
signed
by
passport,
but
if
something
gets
changed
in
midstream
that
may
not
ultimately
end
up
being
the
destination
of
cols
stuff
property
halves.
If
that
has
been
understood
for
some
time,
you
kind
of
heave
SIF
calls
over
the
wall
without
much
of
a
sense
of
where
they
will
ultimately
land.
C
So
we
needed
something
that
would
show
that
actually
there's
going
to
be
secure,
redirection
that
if
you
hit
retargeting
server
some
kind,
that
it
was
that
it
was
the
right
server
and
that
this
wasn't
just
you
know
by
something
bad
in
the
middle
month,
mangled
somewhere
or
cut
and
paste
it
by
someone
who
is
trying
to
impersonate
a
poor
person
who
created
a
passport
boom.
So
we
created
this
special
passport
that
doesn't
attract
just
disk
and
it
has
this
div
extension
to
it,
which
lets
you
know
how
that
redirection
occurred.
C
This
is
a
problems
from
studying
sip.
You
know
for
some
time
this.
This
recording
stops
so
we
have
like
history
info
and
the
diversion
header.
This
is
a
little
different
in
part
just
because
it's
signs
it's
actually
secure,
unlike
those
mechanisms
and,
moreover,
because
of
the
canonicalization,
that's
in
stir.
This
only
really
captures
the
major
changes
next
slide.
So
what's
new
in
zero
5
we've
gone
back
and
forth
thanks
to
lots
of
interventions
from
various
people
over
whether
or
not
these
these
passports
should
be
nested
or
non
nested.
C
What
that
means
is
Shakeel
have
a
passport
that
actually
encapsulates
the
previous
passport
you're
diverting
from,
or
should
you
store
this
passport?
This
separate
identity,
header
and
then
kind
of
figure
out
as
the
recipient
verification
service
like
which
which
identity
header
connects
with
which
and
at
first
we
did
this
like
non
nested,
and
then
we
did
everything
is
nested,
and
then
we
realized
that
that
wasn't
gonna
work,
and
so
we
ended
up
in
this
draft,
try
and
find
a
compromise
position
and
we've
split
the
mechanism
into
two
parts.
C
The
first
part
is
div,
which
is
for
in
band
it's
non
nested,
in
other
words,
you'll
use,
multiple
identity
headers
for
this
use
case,
and
then
we
created
this
separate
div
o
for
a
nested
that
will
be
used
by
things
like
how
to
ban
which
I'm
going
to
discuss
in
a
moment,
and
this
tries
to
ground
some
capability
negotiation
concerns.
People
had
who
are
going
to
have
both
nested
and
non
nested
to
be
under
div
itself.
It
to
seem
cleaner
to
fork
these
into
two
separate
passport
types.
C
Additionally,
on
thanks
to
the
people
that
add
us
kicking
the
tires
on
this
one,
pretty
hard
and
I'm.
Looking
at
you
Chris
and
your
your
buddy
Dave
Hancock,
with
these
just
huge
number
of
use
cases
of
how
you
actually
figure
out
what
authentication
and
services
and
verification
services
are
gonna
do
in
order
to
process
this
we've
beefed
up
that
text
considerably
I
mean
if
you
look
at
eighty
two,
twenty
four,
which
is
really
where
the
identity
and
verification
services,
the
I,
authenticate
and
verification
services
are
specified.
C
It's
pretty
like
specific
to
set
because
eighty
to
twenty
four
is
specific
to
SAP,
and
so
we
kind
of
made
this
specific
to
the
use
of
this
diversion
mechanism.
In
particular.
However,
this
was
a
pretty
extensive
overhaul.
This
is
like
been
through
a
mask.
We're
gonna
bus
call
already
but
like
this
is
a
really
really
different
draft,
and
so
probably
some
Iser
needed
next
slide,
and
is
this
jabber
scribing
or
as
an
aside
in
this,
and
this
has
come
up.
This
is
another
thing
we
discussed
many
times
in
the
course
of
trying
to
do.
C
Do
this
question
of
whether
or
not
in
baseline
80
to
24
when
you're
putting
a
passport
type
into
the
identity
header,
the
value
of
that
should
be
quoted
or
uncoated.
It
turns
out
that
80
to
24
is
not
particularly
clear
about
this,
in
the
sense
that
it
says,
like
there's
normative
text,
it
says
it
must
be
quoted,
and
yet,
if
you
look
in
the
a
B
and
F
there's
just
like
token,
which
I
understand
is
not
actually
encompass,
probably
we
need
to
around
this
and
to
clarify
kind
of
which
of
these
parameters
of
the
identity.
C
C
Probably,
if
I
were
one
of
the
chairs,
this
working
group
I
would
insist
upon
a
new
working
group
last
call
for
this,
but
then
advance
it,
because
this
is
already
been
baked
into
the
specs
in
at
us
and
like
we
need
this.
So
probably
we
should
have
a
second
working
group.
Last
call,
and
at
least
somebody
should
read
it
because,
like
I
wrote
like
a
ton
of
new
stuff
in
this
than
this,
but.
G
C
C
C
G
C
H
F
C
A
H
I
I
K
Okay,
negative
yeah
next
page
pretty
much
the
update.
There
was
actually
two
updates,
but
three
was
just
a
minor
one
to
address
a
comment:
Russ
head,
the
major
addition
here
is
adding
J
card.
We
discussed
this
at
the
last
meeting
as
well,
so
I,
don't
think
any
surprises
here
and,
of
course,
I
extended.
All
the
examples
tried
to
include
both
normal
stir
and
shaken
as
well.
Next
page.
K
So
now
we
have
three
standard,
key
value
claim
or
sorry
key
values
that
are
inside
the
JSON
object
for
our
CD
name,
which
is
I,
guess
I
should
put
up
there.
Mandatory
j
CD,
j
CL
j
CD
is
the
embedding
of
the
jake
card
directly
in
the
in
the
JSON
object.
J
CL
is
a
URL
to
you
know:
remotely
retrievable
j
card.
K
K
F
K
That
gets
pretty
straightforward.
It's
required
to
be
HTTP,
obviously
next
page
so
I
think
there's
a
couple
of
things
and
John.
Keep
me
honest
if
there's
some
things
that
I
didn't
include,
you
know
given
the
interesting
discussion
in
dimmi
yesterday.
Obviously
we
have
talked
about
including
logos,
so
I.
K
C
In
other
words,
you
know,
if
you're
being
called
by
something
that
shows
up
as
like
James
Bond
right
on
your
caller
ID
there's
a
lot
of
people
named
James,
Watt
right
and
which
one
is
that
so
I
mean
it.
It
has
all
this
a
you
know,
just
call
her
name
in
general.
Has
this
this
problem,
and
so
I
mean
I?
Think
we're.
F
M
Mean
I
may
be
part
of
difficulties.
We
have
like
a
pre-existing
infrastructure.
That's
designed
to
attach
these
like
these,
like
the
American
Empire's
to
some
sort
of
textual
thing
now,
something
like
actually
I
could
just
like
call
up
and
be
like
hey.
You
know.
My
name
is
Brock
Obama
and
I'd
like
a
phone
line,
but,
like
you
know,
but
like
the
problem,
the
problem
with
with
this
and
Vinny
for
logos
is
like
now
you're
like
you
know
now
you
because
I
can
new
infrastructure
that,
like
we
all
know,
damn
it
right,
I
mean
like.
M
C
Yeah
I'm
happy
to
put
one
up
if
you're
gonna
give
me
money
for
it,
but
no
I
mean
the
point.
It's
like
Apple.
Does
this
like
already
right,
like
when
Apple
actually
is
calling
you
on
your
phone
like?
Oh,
you
know
what
Apple
logo
appears
like
that.
The
problem
is
this:
this
is
like
in
the
wild
and
the
question
is
just:
can
we
do
better
than
what's
in
the
wild.
M
M
L
C
Just
just
to
give
one
example
of
a
way
to
scope,
this
I
mean
I.
Think
the
shorter
answer
is
the
global
email
is
kind
of
problem
when
people
are
discussing
is
completely
intractable.
Take,
let's
say
we
just
did
this
for
North
American
free
phone
numbers,
so
North
American,
free
phone
numbers
have
a
very
particular
authority
structure.
There
is
this
concept
of
something
called
a
rest.
C
Borges
is
associated
three
free
phone
number,
and
so,
if
you're,
getting
called
by
like
1-800
United
like
there's
a
whole
chain
of
authority
there
determines
like
who,
who
who
that
is
like
who
and
who's
on
the
hook
to
be
properly
testing
who
it
is
and
like
I
could
imagine
somebody
creating
registry.
They
did
it
like
just
for
that
and
like
so
that
that's
the
point
it
would
be
like
you'd
have
to
pick
like
a
really
narrow
use
case.
So
we
work
for.
M
J
L
M
Think
that,
like
if
the
beanie
guys
objective
was
like
only
like,
you
know
only
for
the
fighters
matter,
which
is
to
say
like
Microsoft,
Yahoo
and
google
like
does
it
appear-
I
mean
the
problem.
Is
they
would
like?
You
know
they
would
like
Marty
right
so
I,
don't
think
it's
really
a
problem
with
like
30
structures.
The
problem
is
he's
like,
but
yeah
I
think.
The
answer
here
is
like
it's
only
like
huge
companies,
like
seems
like
builds.
A
Rus
Housley
speaking
as
a
individual
country
reader
I'm
also
worried
about
the
fact
that
it's
a
URL
to
a
logo
file
of
an
image
and
there's
no
hash
function
in
the
sign
thing
to
make
sure
that
website
provider
doesn't
change
the
logos
whenever
they
want
so
I
think
we
need
to
put
some
kind
of
integrity
mechanism
that
make
sure
the
signer
of
the
passport
is
cognizant
of
the
logo.
That's
going
to
be
displayed,
yeah,
yeah,.
C
Because
I'm
not
sure
I
actually
got
this.
This
attack
for
this
use
case
like
for
the
we're
imagining
that
these
J
cards
can
be
used
where
it's
the
originating
service
provider.
That
is
inserting
this,
like
the
reaching
service
provider,
has
control
over
what
that
URL
s,
it's
an
HTTP
URL.
Well,
that's
the
point
I
mean
so
I
can
imagine
an
operational
practice
where
that
is
not
again
we're
if
the.
C
If
the
actual
case
that
we
would
seriously
consider
for
this
is
like
Fortune
500
companies
right,
they
have
websites
that
have
HTTPS
that
have
URLs
on
them
that
they
can
point
to,
and
if
it's
basically
going
to
be
originating
sites
from
shredders
putting
this
in
so
I'm
happy
having
it
be
optional.
If
I
can
imagine
most.
A
C
N
And
so
this
is
Shawn
Turner,
two
things
from
Eric
Berger.
The
first
thing
is
on
the
previous
thing:
I
slept.
You
said
he
would
agree
to
review
the
previous
draft.
Let's
make
sure
you
put
him
in
the
minutes,
and
the
other
thing
is
Eric
said
is
he's
concerned
that
you
know
or
that
the
logo
is
some
kind
of
tracker.
He
also
says:
no.
M
The
one
I
thought
you're
talking
about
is
the
one
where
you
know:
I
am
I
the
system
on
the
tested,
color
and
you
know
and
I
have
a
logo
which
is
like
already
deserted
for
the
system
but
then
likes
like
I'm
United,
and
you
know
then
I
and
then
I
like
and
then
I
like
Carl.
You
know,
I
called
John
and
but
but
then
I
exchanged
the
logo
to
be
Delta
and
I'm.
Like
sorry,
mr.
Peterson,
like
two
flights.
M
M
A
P
M
As
a
link,
but
not
as
an
authority,
I'm
actually
happy
for
another
reason,
which
is
I'm
concerned
about
the
fact
that,
like
every
time,
I
want
to
find
out
like
every
time,
I
had
a
phone
call
now
I
have
to
like
go
back
and
hit
the
website,
and
that
seems
like,
for
the
reasons
Russell
just
indicating
like
if
this
is
like
Akamai.
You
know
then
like
might
then
like
then
like
how
come
I
had
no
other
reason
alone.
M
You
call
me,
but
now
they
do
so
it
and
so
having
a
hash
cells
that
problem
as
well,
because
then
you
can
do
hash.
Caching,
so
I
guess
my
question
to
John
and
Chris
would
be
it:
what
resources
being
conserved
by
not
having
this
hash
right,
yeah.
C
E
A
K
We'll
have
to
figure
out
how
to
insert
that
when
we
don't
like
J
card
doesn't
already
have
something.
Well,
maybe
we
could
divine
the
j-card
thing,
but
it
would
have
to
know
which
thing
it's
pointing
to
which
thing
the
hash
is
referring
to
in
the
j
card,
so
we'll
have
to
figure
some
of
those
things
out.
I
guess.
C
K
K
You
know
for
third-party
providers
that
you
know
either
directly
own
that
information
or
maybe
I've,
got
it
from
secondary
source
or
those
types
of
situations
obviously
need
to
expand
all
the
security
considerations.
I
guess
the
point
is
here:
I
think
we
still
have
one
more
work
to
do
for
sure,
especially
after
that
pass
good
discussion
and
John.
K
B
C
C
N
N
N
F
N
H
C
So
out
of
ban
stir
out
a
ban.
We
have
this
problem
and
this
is
why
we've
kept
working
on
this
for
years
that
it
turns
out
that
some
telephone
calls
don't
actually
use
sip
and
and
and
I
know
in
this
day
and
age
like
what
does
the
world
come
to,
but
it's
true
where'd
you
see,
h.323
is
still
out
there.
That
goes
to
be
223
haunts
us
all.
You
know,
but
because
of
that,
since
we're
late,
we
define
sip
initially
that
refined,
stir
initially
in
82
24
as
a
pretty
much
a
sip
specific
service.
C
We've
done
a
lot
of
meditation
about
like
what
what
you're
gonna
do
for
these
cases
when
calls
especially
only
partially
goo
a
percent
and
like
if
there's
any
hope,
you
know,
vapor
call
like
starts
in
the
IP
domain,
and
then
it
goes
through
a
gateway
and
that's
going
through
the
PSTN
and
it
lands
from
a
smart
endpoint.
Is
there
like
something
we
can
do,
and
this
is
how
we
come
up
with
this
basic
stir,
out-of-band
architecture
that
has
this
concept
of
a
CPS,
a
call
placement
service
which
is
a
place.
C
You
can
store
a
passport
from
an
authentication
service
or
maybe
maybe
even
a
gateway
in
some
cases,
so
they've
calls
then
go
through
some
non
sip
network.
There
is
a
potential
of
these
that
they
could
be
retrieved
from
the
CPS
by
a
terminating
verification
service,
and
you
could
still
get
something
like
the
assurance
of
passport
and
peace.
Leinster
seems
like
it's
really
cool
idea
next
slide.
C
So
we've
been
spinning
this
one
a
lot.
This
also
has
been
through
working
up
last
call
during
that
process.
Actually
Robert
found
some
good
bugs
and
just
cut
and
paste
errors
and
craft
that
was
in
it.
We
had
kind
of
been
going
back
and
forth
in
previous
revisions
over
whether
the
best
way
at
the
CPS
to
index.
C
These
passports
was
by
the
culling
party
number
or
the
called
party
number,
and
we
kind
of
had
this
consensus
previously
that
it
should
be
under
the
called
party
number,
but
when
I
really
got
out
the
thumbscrews
I
found
a
lot
of
text.
Actually
that
was
still
in
the
previous
version,
referring
to
doing
it
at
the
calling
party
number
and
that
has
been
extirpated
dramatically.
C
We
also
added
a
new
enterprise
use
case.
A
lot
of
enterprises
are
actually
kind
of
interested
in
this
I'm
hearing
this
more
and
more
when
I
go
talk
to
companies
about
stir
these
days
that
these
are
these
cases,
maybe
most
interesting
for
force
to
the
CPS
and
for
out-of-band
and
one
that
we
didn't
really
cover
in
the
way
we
described
it
was
an
inbound
call
center
Enterprise.
That
would
have
an
extremely
high
volume
and
the
main
thing
we
added
to
describe
that
use
case,
and
this
is
the
notion
that
there
could
be
a
notification
interface.
C
Basically,
you
would
like
subscribe
to
the
CPS
so
that,
if
there
are
tons
of
calls
coming
in
you'll
just
get
the
passports
rather
than
it
being
something
you
have
to
like.
Go
fetch
them.
Basically,
when
a
call
comes
in
because
it's
completely
misaligned
with
the
way
that
these
highlight
and
call
centers
would
work
and
there's
a
couple
of
different
architectural
ways.
We
can
do
that,
but
remember
this.
This
draft
is
intended
really
just
to
give
an
architecture
and
a
framework,
rather
than
you
know,
an
immutable
concrete
protocol
specification
for
how
this
is
supposed
to
work.
C
So
we
just
want
to
come
to
outline
at
a
high
level
how
these
different
techniques
could
be
implemented.
Also
because
of
those
changes
I
mentioned
to
give.
We
now
have
this
DeVoe,
which
we
pretty
much
made
for
out-of-band,
so
I
did
go
through
and
align
the
text
with
new
stuff,
finally
did
a
little
bit
of
reorganization
to
try
to
kind
of
just
a
couple
more.
C
The
description
of
the
use
cases
and
the
architecture
from
you
know
the
kind
of
strawman
solution
that
we
proposed
for
this,
which
Decker
came
up
with
some
some
great
stuff
for
for
how
we
could
try
to
do
this
as
like
a
public
CPS
in
a
way
that
has
some
hope
of
being
secure
and
minimizing
data
for
privacy
purposes
next
time.
So,
like
all
that
said,
the
changes
actually
weren't
too
dramatic
to
this.
C
It
has
gone
through
a
working,
a
bus
call
I,
don't
know
if
people
feel
like
we
need
a
second
working
group
last
call
because
I
added
this
new
enterprise
use
case
and
like
fix
stuff,
but
you
know
our
ambitions
for
this
draft
are
actually
like
pretty
modest
again.
We
really
just
want
to
get
like
the
idea
out
there.
The
architecture
made
sure
people
understand
it
enough
and
I
think.
Once
we
see
some
of
these
toy
deployments
that
I
keep
hearing
rumors
are
going
on,
you
know
beefed
up
a
bit.
C
We
may
be
able
to
do
some
more
concrete
specifications
for
some
of
those
use
cases
I.
Imagine
that
there
could
actually
be
a
couple
of
protocol
specifications
that
we'll
end
up
relying
on
this
architecture,
so
I'm
in
the
mood
to
declare
victory.
But
if
people
want
to
do
a
second
working
class
call
I'm
cool
with
that
and.
H
E
C
C
This
this
is
a
lot
of
fun.
This
is
again
another
thing.
I
talk
to
people
about
like
all
the
time
out
in
the
industry
these
days,
it's
really
hot
again,
especially
for
some
of
these
enterprise
cases
and
for
OTT
providers-
and
we
alluded
to
this
when
Sean
and
I
did
RFC
80
to
26,
we
had
some
texting
there
saying
hey.
There
should
probably
be
like
some
way
you
can
delegate
these
resources
so
that,
if
you
have
an
ocn
or
a
telephone
number
block,
you
can
create
a
subordinate
certificate
from
that.
C
That
will
invest
some
subset
of
your
authority
to
a
different
administrative
entity,
and
this
is
something
that's
obviously
been
extensively
studied
by
good
people
like
like
Russ
and
Shawn
in
x.509
since
time
immemorial.
So
there's
a
plenty
that
we
can
steal,
but
still
we
just
need
a
way
to
explain
how
it's
gonna
work
with
the
specific
the
things
that
are
specific
to
82
26,
which
mainly
means
the
TN
auth
list
object
that
we
added
to
x.509
in
order
to
be
able
to
talk
about
who
owns
telephone
numbers
and
service
provider
codes.
C
So
we
needed
to
document
that
like
what
this
means
for
that
type
of
certificate
gives
some
indication
for
how
authentication
and
verification
services
would
deal
with
certificate
chains,
which
is
not
something
really
given
any
guidance
on
previously
and
finally,
the
interaction
with
Act.
You
know
over
in
the
Acme
working
group,
Chris
and
I
Mary
have
worked
on
a
set
of
authority,
token
mechanisms.
C
We
call
them
that
kind
of
you
know
in
the
anticipated
deployment
architecture,
especially
in
shaken,
are
used
to
inform
Acme
servers
of
what
what
what
you
want
out
of
our
certificate
and
to
make
sure
that
the
proper
policy
entities
have
vetted
the
certificates
that
are
being
issued.
This
is
not
a
long
draught
and
honestly
I
hope
it
doesn't
need
to
get
much
longer
to
accomplish
those
three
objectives
does
not
take
a
lot
of
work
on
our
part
and,
like
I,
said
this
supports
a
number
of
enterprise
use
cases.
C
C
I
mean
this
is
just
a
picture.
What
that
delegation
would
look
like
you
know,
fifty
to
eighty
and
innumerable
other
specifications
in
the
IDF,
give
you
an
idea
if
you've
got
delegation
and
certificates
and
you're
relying
party
how
to
do
path,
construction,
validation,
the
paths
that
would
look
effectively
like
the
things
you
see
here.
There's
some
readeth
Ora
tea,
that's
responsible
for
doling
out
these
numbers.
C
So
you
can
imagine
under
that
100
TNS
Enterprise
block
that
enterprise
can,
in
turn
sub
delegate
to
an
entity
like
a
single
one
of
those
TNS
or
maybe
regionally
distribute
them
or
whatever,
and
the
notion
is
once
we
have
these
delegated
certificates,
authentications
and
services
and
stir
will
sign
with
them
and
it
pretty
much.
The
work
just
like
stir
always
works.
It's
just
dessert.
The
difference
is
the
verification
service
then
needs
to
when
it
gets
this
thing
signed
by
this
delegate,
certificate
to
evaluate
the
certificate
chain
and
to
figure
out
path,
validation
for
it.
C
Fortunately,
for
us-
because
this
is
so
hierarchical-
we
don't
really
have
the
kind
of
path,
construction
problem
that
you
classically
encounter
in
PK
eyes,
where
your
their
diverse
trust,
anchors
and
you're,
trying
to
make
your
own
path
to
the
trust
anchor
that
you
like
out
of
a
set
of
possible
paths
that
could
be
there.
We
imagine
for
practical
deployments
of
a
to
26
certificates.
C
There
are
is
an
alternative
we
could
be
considered,
which
is
doing
something
like
classical
5280
name
constraints.
I.
Think
our
feeling
about
this
is
the
Tia
novelist.
Is
the
constraint
right?
There's
no
need
to
have
a
separate
thing
that
says
this:
isn't
the
constraint,
for
these
always
says
that
Tia
clothes
is
the
constraint
itself
of
what
can
be
delegated
from
an
individual,
sir
yeah.
C
That
hierarchy,
which
they
are,
which
is
why
there's
authentication
service
and
verifications
or
its
behavior
in
here
that
talks
about
what
the
expectations
the
verification
service
are
now
in
the
interest
of
full
disclosure.
There
are
some
hard
edges
on
this
when
it
comes
to
delegating
from
and
ocn
say
from
service
writer
code
to
at
en
bloc.
This
requires
a
neo
domain
expert
knowledge
of
the
verification
service
to
determine
the
validity
of
encompassment
and
like
we
this.
This
is
something
that
that
I,
don't
know
how
to
fix.
C
I
mean
I,
think
there
is
literally
no
fix
for
it.
You
know
what
it
what
it
so,
what
this
practically
means
just
to
get
into
a
little
bit
more
deeply
like.
There
are
databases
you
can
look
in
it'll
tell
you
which
telephone
numbers
are
under
which
OCF
right-
and
you
basically
use-
need
to
have
access
to
something
like
that
database
in
order
to
be
able
to
make
the
decision
of
whether
or
not
a
particular
telephone
number
or
a
block
is
encompassed
by
an
as
yet.
L
Which
sort
of
reads
to
me,
like
search
chains
that
have
one
of
these
ascendancy
in
hops,
will
effectively
not
be
globally
verifiable
like
if
I
place,
a
call
to
Malaysia
and
they're
trying
to
verify
against
some
check
database
like
how
they
not
set
up
to
do
that
so,
which
is
honestly
kind
of
okay
with
me,
because
most
of
the
use
cases,
probably
within
zones
where
people
have
this
stuff
set
up
and
that
see
where
it
fails.
It
seems
like
it,
creates
pain
and
back
pressure
to
for
people
to
do
TN
all
the
way.
Certs
sure.
C
And
in
this,
this
is
something
that
emerges
from
a
very
particular
set
of
North.
American
deployments
will
have
this
property
that
are
based
on
the
shakin
principles,
I,
don't
think
for
the
general
technology
of
how
delegation
should
work
for
a
stir.
Those
assumptions
always
apply
that
much
said.
The
the
set
of
entities
that
participate
in
the
IP
and
and
I
write
and
address
are
the
set
of
venues
that
have
access
to
that,
and
so
the
places
where
people
are
signing
things
that'll
have
this
property
for
OSI.
C
In
the
first
place,
are
the
people,
the
people
verifying
it
are
the
people
that
basically
have
access
to
those
resources
to
do
so
and,
like
you
know,
it's
it's
a
trusted
network
in
the
3324
sense,
so
these
things
have
to
be
strict
if
they
exit
it,
and
so,
if
it
leaves
that
trust
Amin
and
ends
up
in
Malaysia,
the
shaking
passports
be
stripped
anyway.
Yeah.
F
C
K
N
So
this
is,
this
is
Shawn,
basically,
echoing
all
of
that.
The
part
that
I
was
gonna
say
at
where
we
were
when
this
came
up
before
was
to
explain
that
there
is
this
verification
system
that
is
gonna,
be
there
and
it's
gonna
do
all
of
these
checks
and,
like
the
worry
about
like
a
CA,
is
just
gonna
pop
up
out
of
the
blue
and
start
doing
stuff.
Pretty
gonna
be
hard
for
that
to
happen
in
this
system,
so
I
mean
not
going
to
say
not
gonna,
but
it's
gonna
be
pretty
hard
for
it
to
happen.
N
L
L
K
Chrisman
did
just
also
note
I
mean
that's
sort
of
the
assumption
we
already
have
and
shaken
that
you
know
the
in
right
now
the
it's
an
implicit
association
to
an
ocn,
and
you
should
verify
technically
on
the
verification
side
that
that
telephone
number
is
owned
by
that
Oh
Sen.
So
we
already
sort
of
have
that
assumption
built
in
the
whole
frame.
Nothing
is.
C
Shaken
yes
and
yeah,
I
I
think
we
think
I
even
put
in
already
a
line
that
kind
of
gives
this.
You
know
caveat
emptor
about
this
part
of
the
mechanism,
but
the
one
thing
I
do
want
to
make
clear:
is
we
design
stir
here,
not
chicken
as
well,
and
so
we're
giving
very
high
level
mechanisms
for
this
and
shakin
is
gonna,
have
to
specify
all
this
in
far
more
detail
cuz,
it's
like
an
actual
operational
profile
for
using
this.
C
In
that
context,
we're
just
creating
the
you
know,
code
points
that
are
filled
in
by
the
profiles
that
execute
this.
So
it's
really
all
superman'
to
say
yeah,
so
I
guess
the
other
thing
we
do
is
we
stole
shamelessly
from
Acme
this
application
PEM
certificate
chain
to
be
the
way
that
x5u
and
passport
will
convey
significant
chains
when
that
is
necessary,
and
so
I
think
that
just
works,
we
do
actually
change
it.
A
little
bit.
C
Finally,
there
is
a
bit
of
text
in
there
that
puts
in
these
hooks
to
our
authority.
Token
work
in
AK
mean
typically,
and
we
want
to
create
the
hooks
for
it.
We
are
not
trying
to
imply
that
the
only
way
to
get
a
delegate
certificate
is
with
acne,
in
other
words
like,
if
you
have
some
other
interface,
because
you
are
a
carrier
and
you
just
want
have
a
web
service
where
your
customers
can
connect
to
you
and
you
get
them
credentials
these
delegate.
C
N
C
Q
D
C
This
was
just
I
put
this
in
just
in
case
I
wanted
to
refer
to
the
Acme
architecture.
I,
don't
think
I
need
to
I,
think
everybody
here
probably
got
set
and
what
we're
doing
with
it
next
slide.
Okay,
so,
like
I
said,
we
want
to
keep
this
modest.
There
are
a
few
things
that
are
future
work
that
are
connected
with
this,
and
this
is
partly
also
a
future
work
of
the
store
working
through
kind
of
creep
discussion
here.
C
But
the
one
thing
that's
very
closely
tied
to
this
is
the
concept
of
partial
delegation,
and
this
is
something
I
hear
people
talking
about
in
in
the
industry.
This
notion
that
you
want
to
be
able
to
delegate
authority
to
another
entity
for
a
very
narrow
purpose.
So,
in
other
words
let's
say,
I
have
a
service
bureau
who
does
all
of
my
MS
traffic
and
I'm
a
carrier
and
I'd
like
them
be
like
sign.
C
My
essays
with
Starr
can
I
create
a
lien
certificate
that
empowers
them
to
do
that,
but
not
sign
cults,
so
that,
like
relying
parties
of
a
CEO,
the
service
bureau
is
decided
to
start
signing.
You
know
actual
was
calls
something
is
gone
wrong
this
again,
it's
something
that
I
hear
some
people
are
interested
in.
I
could
see
doing
that
at
some
point.
C
C
K
C
Again,
we
do
not
want
to
try
to
reinvent
x.509
or
30-
that's
tough
here,
so
this
delegation
stuff's
pretty
new.
My
experience
has
been.
Is
we
specify
these
things,
the
ITF
and
then
there's
work
on
the
other
side?
Sometimes
we
need
to
make
changes
to
reflect
the
wisdom
of
the
books
of
that
is
so
I.
Imagine
getting
alignment
without
us
on
this.
C
Probably
some
things
will
shake
out
of
that
that
we
don't
know
what
they
are
yet,
but
that
is
that
is
a
leading
cause
of
things
in
store,
going
that
slowly,
the
wheels
of
stir
they
grind
slow,
but
fine
is
my
philosophy,
so
so,
finally,
just
just
kind
of
three
other
pieces
of
work
that
are
related
to
this
delegation
cases
enable
a
lot
of
enterprise
calling
architectures
and
as
soon
as
we
start
talking
about
that,
we're
going
to
start
talking
about
connected
identity.
What
is
connected
anything
mean
this
is
stir
in
the
reverse
direction.
C
When
I
call
you
I
want
to
make
sure
I
reached
the
right
party,
and
so
there
is
a
backwards
direction.
Passport
that
comes
with
this.
There
are
enterprises
that
are
interested
in
doing
that,
and
precisely
with
the
RCD
ish
kind
of
advanced
display,
mechanics
to
make
sure
people
know
that
they've
connected
to
the
right
party
I.
Imagine
that
once
this
is
flushed
out
enough
and
our
CD
is
flush,
I
don't
know
if
that
is
something
we'll
be
returning
to
work
on.
C
So
it's
actually
kind
of
cool
always
like
that
connected
any
stuff,
and
you
know
all
that
sip
brandy
jazz
actually
plugs
into
that
as
well.
Now,
the
other
thing
that
this
leads
us
back
to
is
short-lived
certs,
which
has
been
a
you
know,
parked
in
the
back
burner,
as
we've
tried
to
figure
out
the
Acme
stuff
I
think
we
have
a
TC
and
acne
pretty
well
specified
at
this
point.
I
think
we're
pretty
close
to
being
able
to
lock
that
down.
C
One
of
the
main
use
cases
for
short-lived
certs
is
I,
wouldn't
be
able
to
delegate
this
to
an
enterprise
on
a
very
short
leash,
and
so,
as
a
consequence
of
that
Imagi
and
the
short
the
certs
work
will
probably
come
back
just
to
support
in
general.
The
way
people
are
probably
going
to
use
this
foundation
out
there
in
the
wild,
so
acne
already
has
stuffed
our
and
our
delegation,
and
else.
L
C
C
These
enterprise
says
is
that
when,
if
you
imagine
that,
like
the
only
certificates
that
you
care
about
for
signing,
ster
belong
to
like
seven
carriers,
it's
very
simple
for
you
to
you
know:
have
their
certificate
cash
it
you
know,
keep
track
of
it
when
it's
going
to
roll
over.
If,
however,
Chris
goes
crazy
and
delegates,
you
know
a
hundred
thousand
individual
T
and
certificates
to
a
set
of
customers
in
you
know,
pilot
city
somewhere
acquiring
those
certificates.
C
Actually,
you
know,
is
a
slightly
more
cumbersome
process,
and
so
we've
talked
about
doing
x5u
with
CI
D,
where
it's
actually
like
a
message
body
that
contains
the
certificate.
But
it's
not
like
we've
ever
fleshed
that
out
or
really
figured
like
how
that
would
work,
and
or
should
it
be
a
header?
Should
we
you
know,
are
these
certificates
gonna
be
small
enough
and
now,
of
course,
these
we
chains
now,
because
these
are
delegate
cases
that
we're
considering
you
know,
can
we
fit
one
of
these
chains
in
a
header?
L
C
K
Just
Chris
when
I
was
just
gonna,
bring
up
sort
of
somewhat
related
topic
of
key
our
certificate
rotation
mechanism.
I
know:
we've
had
some
conversations
about
it,
but
just
maybe
to
make
a
more
broader
audience
aware
of.
Like
you
know,
is
there
mechanisms
that
if
we
don't
convey
it
directly,
you
know,
can
we
have
a
pointer
to
something
that
hey?
This
is
gonna,
be
my
next
cert,
so
maybe
you
want
to
grab
it
before
the
other.
One
expires,
type
of
thing
yeah
you.
N
F
C
C
P
C
All
right
so
yeah,
those
are
that's
basic.
My
laundry
list
of
things
I
think
cuz
we're
wrapping
up
out-of-band
we're
wrapping
up,
give
this
delegation
and
stuff
honestly
I,
don't
get
that
much
work.
What
his
work
is
now
plugging
all
these,
together
into
the
set
of
things
that
you
see
on
the
bottom.
There.
K
Chris
when
I
just
want
to
sort
of
say
like
this
is
very
important
stuff
that
is
sort
of
hitting
ahead.
You
know
people
want
to
know
how
at
least
I
avoid
providers
can
start
signing
calls,
and
things
like
that,
so
you
know
getting
this
done
is
important
and
getting
it
done
quickly
is
also,
and
would
be
a
nice
thing
too.
So.
C
L
Well,
yeah,
plus
one
like
I'm
from
the
vendor
perspective.
We've
got
customers
asking
for
things
like
this
you're
hearing
about
stir
now
and
if
it's
getting
attention
there,
they
they
want.
The
authentication-
and
this
is
gonna,
be
a
critical
enabler
for
you
know,
scaling
this
out
to
jannat
rise.
Having.
C
D
C
C
Time
so
yeah
I
mean
I
I.
Think
there's
enough
meat
on
this.
That
I
would
call
for
adoption
if
people
are
interested
in
adopting
all
that
future
work,
stuff,
I
would
say
we'll
do
separately
from
this
particular
document.
Obviously,
review
is
welcome,
figuring
out
what
we
need
to
flesh
out
more
I
mean
yeah
when
you
do
security
considerations
and
privacy
considerations
all
that
kind
of
stuff,
but
like
what
more
mechanism
we
need
for.
This
would
be
helpful,
but
Jairus
were
your
thoughts,
so.
H
I
think
we
can
issue
a
call
for
adoption
on
list
after
the
meeting,
but
I'd
like
to
get
a
sense
of
the
room.
If
anybody
doesn't
think
that
we
should
adopt
this,
could
you
home
now
and
if
you
do
think
we
should
adopt
it,
come
now
yeah,
so
the
room
room
thinks
that
this
is
the
right
thing
to
do,
but
I
think.
Well,
you
know
we
do.