►
From YouTube: IETF106-HRPC-20191119-1000
Description
HRPC meeting session at IETF106
2019/11/19 1000
https://datatracker.ietf.org/meeting/106/proceedings/
A
A
Approach
of
it,
okay,
so
that
means
all
the
conversation
we
had
not
knowing
the
mic
was
on
the
open
mic
conversation
we
had
was
not
heard
in
the
room.
I
suppose
I
should
be
relieved
good
morning.
I
guess
we
should
start.
We've
got
the
agenda.
Yes,
the
agenda
is
up
so
first
I'm
going
to
start
by
asking.
Is
there
anyone
that
is
willing
to
be
a
jabber
scribe?
And
if
you
were
listening
to
the
conversation,
you
know
that
I
wasn't
able
to
get
jabber
running
on
the
iPad
I'm,
not
sure
why?
Okay!
A
A
Thank
you,
okay,
so
we
have
a
note-taker
and
we
have
a
jabber
scribe
and
I'm
really
quite
grateful
to
you.
So
this
is
our
periodic
meeting
of
the
human
rights
protocol
considerations,
research
group
and
we
have
the
welcome
and
introductions
which
I'm
in
the
midst
of
at
the
moment,
then
there's
a
talk
by
Jed
Crandall
of
Arizona
State
University
is
Jed
here,
oh
there
you
are
thank
you
and
then
there's
a
talk
by
John.
Matson
of
Erickson
is
John
here.
Yes,
you
are
thank
you
and
then
we'll
do.
A
Updates
on
research
group
drafts,
one
on
the
Association
draft
and
one
on
the
political
draft,
and
the
political
draft
has
been
sort
of
a
topic
of
conversation
on
the
list
lately.
So
we'll
try
to
continue
from
there,
then
there's
an
update
on
the
guidelines,
draft
and
short
presentations
from
reviewers
and
then
finally,
there
a
discussion
on
consensus,
building
and
research
group
drafts,
and
this
is
for
those
of
you
that
went
to
the
IRT
F
open.
This
is
a
topic.
A
That's
relatively
consistent
with
that
in
terms
of
looking
at
what
we
do,
though,
the
question
had
come
up
on
the
list.
Earlier
of,
why
do
you
act
like
an
IETF
group
when
you
don't
have
to
so
a
little
bit
of
conversation
on
that
and
just
to
catch
sort
of
the
the
opinions
of
those
of
you
in
the
room
or
remotely
on
that
sort
of
behavior?
A
So
any
issues
any
questions
about
the
agenda
before
moving
on
there's
the
note
well
on
intellectual
property,
and
even
though
we
don't
need
to
follow
IETF
rules
in
terms
of
being
a
research
group,
we
do
in
terms
of
privacy
and
code
of
conduct,
hopefully
you've
all
had
a
chance
to
read
it.
One
of
the
things
that's
important
is
also
the
goals
of
the
IRT
F
and
we
focus
on
longer
term
research
issues
related
to
the
Internet.
While
the
parallel
organization,
the
IETF,
focuses
on
shorter
term
issues
of
engineering
and
standards
making.
A
Of
course,
the
terms
longer
and
shorter
are
probably
relatively
relative.
The
IRT
F
conducts
research.
It
is
not
a
standards,
development
organization,
and
certainly
this
group
has
no
intention
of
creating
any
standards.
Nor
does
anything
we
do
approach
a
standard
while
the
IRT
F
can
publish
information
or
experimental
documents
in
the
RFC
series.
Its
primary
goal
is
to
promote
development
of
research,
collaboration
and
teamwork
and
exploring
research
issues
related
to
internet
protocols,
applications,
architecture
and
technology,
which
I
believe
is
what
we
are
attempting
to
do.
A
There
is
a
primer
okay,
so
we
were
chartered
to
research
how
protocols
strengthen
and/or
threaten
human
rights,
as
defined
in
the
und
H,
our
UDHR
and
yes
and
the
ICCPR.
So
basically,
that's
what
we
look
at
I'll
go
on
with
that:
the
objectives
to
expose
the
relationship
between
protocols
and
human
rights,
with
a
focus
on
the
rights
to
freedom
of
expression
and
freedom
of
assembly,
but
early
in
our
process.
A
We
started
looking
at
other
rights
that
may
affect
those
and
and
given
the
notion
that
all
rights
are
intertwined
and
it
is
impossible
to
separate
any
one
from
another.
We
have
not
strictly
been
saying:
no,
we
cannot
talk
about
that
because
it's
not
Association.
No,
we
cannot
talk
about
that
because
it's
expression,
basically,
if
they're
related
that
we
have.
A
That
was
with
RFC
82
80
and
an
ongoing
work
from
that
in
the
considerations
document
that
we'll
talk
about
towards
the
end
of
this
session
and
then
finally,
to
increase
the
awareness
in
both
human
rights,
community
and
technical
community
on
the
importance
of
the
technical
workings
of
the
internet
and
its
impact
on
human
rights.
One
of
the
things
we
need
to
look
at
a
little
bit
more
as
we've
been
coming
here
to
the
technical
community.
A
lot
we
have
and
I
know
this.
This.
A
This
explanation
going
through
this
was
probably
not
planned,
but
I
figured
it
was
worth
doing
while
reading
it
I
I
think
we
need
to
look
at
how
to
do
more
in
the
in
the
human
rights
community
they're
starting
to
know
about
the
effort
it
gets
discussed.
Sometimes
it
gets
referenced,
but
we
haven't
had
many
meetings
or
sessions
held
in
the
their
venues.
A
So
it's
something
that
we've
been
talking
about,
trying
to
find
a
way
to
increase,
doing
okay,
the
outputs
we
have
internet
drafts
policy
and
academic
papers,
love
to
see
more
academic
papers
and
policy
papers.
There
is
a
film
there
have
been
textual
interviews,
data
analysis
and
visualization.
There's
been
a
certain
amount
of
work
done
and
then
protocol
analysis,
though
that's
one
of
the
items
in
which
we
have
reach
caution,
that
protocol
analysis
is
all
well
and
good
of
existing
protocols,
but
we've
been
advised
I
think
that's.
A
The
right
word
advise
to
be
more
careful
about
doing
protocol
analysis
of
ongoing
work
so
that
we
don't
find
ourselves
interfering
in
any
way.
With
the
engineering
work
today,
October
2014
to
15
we
were
a
proposal.
Our
own
research
group
proposed
and
15.
There
was
the
film
net
of
Rights
at
IETF
94
in
2015,
we
were
chartered
in
2017
RFC
80
to
80
was
release
current
work,
active
internet
drafts
of
the
research
group,
freedom
of
association,
which
we
will
be
talking
about
today.
A
It
is
undergoing
some
rework
and
we'll
have
a
conversation
on
that:
rework
how
it's
going
and
where
it
needs
to
go.
There's
guidelines
for
Human
Rights
protocol
considerations,
which
is
ongoing,
work
that
stems
out
of
80
to
80
and
tries
to
capture
the
experiences
and
learnings
of
people
who
have
used
those
guidelines
to
do
protocol
analysis
and
notes
on
network
standards
and
politics.
A
That's
a
draft
that
is
basically
being
considered
whether
it's
ready
for
last
call
our
research
group
last
call
I
will
be
talking
about
some
of
the
issues
that
have
come
up
in
discussions
over
the
last
months
on
the
list
related
to
that.
While
we
continue
that
discussion
what's
next,
that's
it!
So
now
we
go
to
our
first
agenda
item,
which
is
the
the
talk
by
Jed
and
please
come
up.
There's
a
red
X,
there's
a
clicker
for
you
to
change,
slides
and
the
blue
sheets
are
passing
around.
B
Is
this
microphone
working?
Okay,
thank
you
for
the
introduction
and
thank
you
for
having
me
here
today.
So
there's
a
famous
quote
from
John
Gilmore
in
Time
magazine
in
1993,
the
the
internet
views
censorship,
damage
and
routes
around
it,
and
so
today,
I
want
to
tell
you
about
some
research
that
we've
done.
You
know
looking
at
the
lower
layers
of
the
protocol,
so
I'm
talking
about
physical
layer,
link,
layer
and
routing
layer.
So
we
know
that
in
terms
of
Internet
censorship,
there's
definitely
been
a
trend
of
growth.
B
Looking
at
you
know,
internet
measurement
in
this
area
and
2007
on
the
Great
Firewall
of
China
was
basically
a
hack.
It
was
like
looking
for
packets,
HTTP,
packets
and
then
doing
a
simple
keyword
search,
not
even
a
gret.
Just
you
know
looking
for
a
particular
substring
and
then
you
know
not
even
a
regular
expression
or
anything,
and
then
it
would
just
reset
both
ends
of
the
connection
and
only
about
3/4
of
the
paths
into
China
were
covered,
and
now
almost
every
path
into
China
is
covered
and
it's
a
very
sophisticated
system
has
active
probing.
B
B
So
that's
a
big
part
of
the
center's
how
things
evolve
over
time
and
that's
one
of
the
things
we're
going
to
look
at
today
and
evolution
of
what
so
we're
gonna
define
a
major
called
choke
point
potential
and
it's
going
to
be,
and
then
it's
will
use
choke
point
to
potential
to
define
national
choke
point
potential,
which
is
a
measure
of
a
nation
and
it's
how
easily
they
can
choke
off
the
internet
with
a
few
autonomous
systems
and
so
on.
The
Left.
We
have
an
example
of
a
nation
with
high
choke
point
potential.
B
The
yellow
nodes
are
AAS
nodes
that
are
on
the
border
and
they
have
connections
to
asses
outside
the
country.
The
red
nodes
are
internal
nodes
and
so
I'll
talk
about
how
we
define
it,
but
just
intuitively,
if
you
have
high
choke
point
potential,
it's
easy
to
choke
off
the
internet
with
just
a
small
number
of
autonomous
systems.
B
We're
going
to
focus
on
internet
controls
that
happen
at
national
borders
and
just
some
examples
of
the
kind
of
internet
controls
that
we're
looking
for
because,
like
I
said,
it's
a
very
broad
issue,
we're
specifically
interested
in
things
that
happen
at
borders.
So
an
example
would
be
the
internet
shutdown
in
Cameroon,
where
somebody
told
me
literally,
the
army
just
cut
a
line
with
a
machete
and
then
later
after
they
fixed
that,
and
then
they
worked
with
the
the
major
ISP
in
the
country
and
they
were
able
to
keep
the
internet
off.
B
B
And
then
there's
things
they
arguably
may
or
may
not
have
in
a
national
border,
so
NSA
has
quantum
insert,
which
is
a
lot
like
the
China's,
great
cannon,
so
China's,
Great
Firewall
is
doing
deep
packet
inspection
and
then
trying
to
reset
connections.
The
great
cannon
can
actually
inject
things
like
malicious
JavaScript
and
so
NSA
has
something
called
quantum
insert.
That
does
the
same
thing
and
then
there's
been
reports
in
Turkey
of
something
similar
that
was
used
to
serve
spyware
in
Turkey
and
then
adware,
Egyptians
and
indirectly,
spyware
also
to
Syria.
B
So
these
are
the
kinds
of
things
we're
looking
at
is.
If
you
can
do
a
man-in-the-middle
attack,
what
kinds
of
things
you
can
do
and
if
you're
trying
to
do
that
at
a
national
border,
then
you
need
a
choke
point,
so
we're
looking
at
commanding
heights
of
the
internet.
You
know:
where
do
you
want
to
be
sitting?
If
you
want
to
do
these
kinds
of
things,
and
this
could
be
a
company
or
a
physical
point
of
presence,
so
a
company
would
be
like
an
autonomous
system.
B
So
you
know
you
could
call
them
on
the
phone,
and
you
could
say
you
know,
assuming
that
you're
a
regime
that
wants
to
do
this
kind
of
thing
and
the
national
government
you
call
the
autonomous
system
on
the
phone.
You
say
like
I
want
you
to
install
these
boxes.
I
want
you
to
block
this
IP
address
for
me
and
then
a
chokepoint.
It's
a
company
would
be
something
you
know,
somebody
you
can
call
on
the
phone
or
it
could
be
a
physical
point
of
presence.
B
So
you
could
say
all
of
our
internet
has
to
come
through
this
data
center
right
here
and
then
you
can
do
all
the
censorship
or
whatever
controls
you
want
in
the
data
center.
A
couple
of
things
I
want
to
mention.
One
is
the
IP
layer.
Censorship
is
often
a
prerequisite
for
higher
layer
censorship,
so
you
might
have
heard
about
like
in
various
countries.
There's
social
media
filtering
and
even
you
know,
delete
posts
after
they've
been
posted,
Facebook
and
Twitter.
Do
you
know
censorship
according
to
local
laws,
in
pretty
much
every
country
around
the
world?
B
So
that's
just
a
long-winded
way
of
saying
like
it's.
The
censorship
and
the
IP
layer
is
important,
even
though
it's
a
small
piece
of
the
big
picture
and
then
also
the
geography
and
virtualization
come
into
play.
So
we're
going
to
talk
about
choke
points,
you
imagine
an
island
nation
that
has
only
one
cable
out
to
the
Internet.
B
That's
a
choke
point,
whether
that
island
nation
is
a
repressive
regime
or
not.
So
geography
is
definitely
consideration,
and
then
you
can
also
imagine
virtualization.
So
you
could
have
three
different
autonomous
systems
on
that
island
that
use
that
cable
to
make
connections
in
the
AAS
graph,
and
you
can
even
go
the
other
way
even
just
between
two
routers.
It
could
be
multiple
actual
physical
lines
that
one
connection
is
going
over.
B
So
that's
why
we
wanted
to
work
at
a
higher
level
of
abstraction
and
that's
why
we're
going
to
consider
only
BGP.
So
we're
going
to
look
at
choke
points
just
in
the
BGP
graph
and
the
autonomous
system
graph
of
the
Internet,
and
we
could
have
considered
trace
routes.
We
could
have
combined
trace
routes
of
BGP,
there's
a
whole
research
area
about
how
to
build
graphs
of
the
Internet,
and
we
could
have
considered
physical
maps
like
actual
data,
centers
and
cabled
landing
stations.
B
But
we
found
that
BGP
was
a
good
level
of
abstraction
capture,
the
salient
trends.
So
if
it's
like
a
physical
choke
point
like
an
island
that
will
be
reflected
in
the
autonomous
system
graph,
because
BGP
is
basically
an
announcement
to
get
to
them,
go
through
me
and-
and
you
know
somewhere
like
China
or
they
have
the
three
big
in
exchange
points
and
then
lots
of
ice
peas
are
forced
to
participate
in
that
and
then
one
of
those
is
peas
is
in
charge
and
actually
coalesce
as
all
of
the
BGP
advertisements.
B
B
The
so
the
research
questions
were
interested
in
is
how
our
internet
borders
evolving
over
time
and
so
we're
going
to
look
at
the
eighth
graph
and
then
how
that's
changing
over
time.
And
is
there
a
relationship
between
Internet
freedom
and
topology?
So
we
want
to
know:
is
there
a
correlation?
If
your
regime
is,
you
know
known
to
do
internet
controls?
Are
you
also
likely
to
have
internet
that
has
a
choke
point
in
it
at
the
National
border?
B
So
let's
talk
about
internet
topology,
so
we
took
the
qaeda
AAS
relationship
data
set.
You
know
we
built
our
graph
in
a
pretty
standard
way.
Yeah.
This
is
a
publicly
available,
it's
inferred
as
topology
per
month,
and
then
we
use
the
team
Kim
ruh,
who
is
serviced
to
determine
the
nation
to
node
mapping.
So
every
note
on
a
s
graph,
we
want
to
assign
a
nation
to
it,
and
so,
just
from
this
simple
graph,
you
can
already
answer
a
simple
question
which
is:
are
there
borders
getting
stronger?
So
you
can
look
at
the
ratio.
B
B
The
internet
is
getting
a
little
bit
more
restrained
as
it
crosses
national
borders,
but
we
wanted
to
ask
more
sophisticated
questions
about
specific
countries,
so
we
wanted
to,
you
know,
dig
a
little
more
into
detail,
so
we
defined
a
major
called
chokepoint
potential
and
I'm
not
going
to
explain
the
math,
because
it's
actually
pretty
simple.
The
idea
is
the
you're
counting
the
number
of
pads
into
the
country
and
the
choke
point
potential
chocolate
potential
is
a
property
of
an
autonomous
system
and
specifically
a
border
autonomous
system
and
you're.
B
Just
counting
the
number
of
pads
into
the
country
and
the
choke
point
potential
of
an
autonomous
system
is
the
fraction
of
paths
into
that
country
from
the
outside
internet.
They
go
through
that
autonomous
system.
So
here
that's
four
paths
into
the
country.
F&Amp;E
are
outside
the
country.
D
is
an
internal
node
inside
the
country,
then
a
B
and
C
are
all
border.
A
s
is
C
has
two
of
the
four
paths
going
through
it.
B
So
it's
truck
point
potential
is
zero
point:
five,
where,
as
a
and
B
have
just
one
path,
each
going
through
them
into
the
country,
so
their
choke
point
potential
is
only
0.25.
So
if
you
want
to
call
if
you
can
only
call
one
of
these
autonomous
systems
and
say
we
want
you
to
block
a
particular
web
site,
you
would
call
C
first.
B
So
from
choke
point
potential
you
can
define
national
choke
point
potential,
which
is
now
going
to
be
a
property
of
a
country,
and
so
we
define
the
choke
point
potential
of
a
country.
You
have
to
pre,
define
some
fraction
F
and
that's
the
number
of
paths
that
you
want
to
be
able
to
control.
So
if
you
wanna
do
information
controls,
you
want
to
block
a
website.
You
want
to
be
able
to
say
well,
I
want
90%
of
the
paths
into
my
country
to
be
covered,
so
you
define
F
equals
0.9.
B
So,
given
that
predefined
at
the
choke
point
potential
of
a
country
C
it's
a
reciprocal,
so
it's
they're
super
cool
because
we
want
higher
truck
point
potential
to
be.
You
know
what
you
would
want
if
you
want
a
few
places
to
do
the
information
controls
and
that
Psalm
is
just
a
way
of
saying,
like
you'll
call
the
the
the
autonomous
system
of
the
highest
choke
point
potential
first.
B
That
way,
and
then
you're
trying
to
cover
as
many
paths
as
possible,
and
the
question
is
how
many
autonomous
systems
do
you
have
to
call
what
fraction
of
the
border
account
of
systems
do
you
have
to
get
on
the
phone
with
before
you
can
cover
that
F
ratio
of
pads
into
your
country,
so
I'm
going
to
give
you
some
results,
but
just
to
put
the
results
in
context.
Let's
just
take
a
snapshot
of
the
internet
because
we
can
compare
across
time
and
then
we
can
compare
across
countries.
So,
let's
take
a
snapshot
of
China.
B
You
know
around
2008
ish.
This
is
a
picture
of
Chinese
internet
pronoun
by
CN,
Nick
and
again.
I
apologize
for
always
picking
on
China
has
just
been
a
subject
of
my
research
in
a
personal
interest
and
there's
four
lines
of
nodes
in
this
graph.
The
top
line
is
other
countries,
so
those
are
the
other
countries
that
China
connects
to
you.
B
The
second
and
fourth
lines
are
the
same
six
ISP,
so
each
of
the
six
major
ISPs
appears
twice
just
to
show
how
they
connect
to
each
other
and
how
they
connect
to
those
three
and
in
exchange
points.
And
then
the
third
line
are
the
internet
exchange
points
in
Beijing,
Guangzhou
and
Shanghai,
and
so
you
can
see
there's
a
a
choke
point
at
the
internet
exchange
points.
B
So
if
most
of
the
country
gets
to
the
Internet
through
these
six
ISP
and
then
they're
forced
to
talk
to
each
other
through
these
three
in
exchange
points,
then
you
can
imagine,
there's
a
nice
choke
point
there
and
then
also
in
2007.
This
was
our
first
study,
majoring
internet
censorship
and
in
a
we
said,
approximately
twenty-eight
point
three
percent
of
the
Chinese
host
that
we
tried
to
reach
with
basically
an
HTTP
packet.
That
said,
Falun
Gong,
which
was
one
of
the
banned
keywords.
B
Twenty
eight
point:
three
percent
of
the
time
it
went
along
the
path
to
the
host,
without
ever
you
know,
being
noticed
by
the
Great
Firewall
of
China,
so
the
great
for
all
trans,
basically
covering
three-fourths
of
the
passing
of
the
country
at
that
time.
Compare
that
it's
you
I
mean
it's
comparing
oranges
to
apples
a
little
bit,
but
if
you
read
the
recent
literature
about
Chinese
internet
censorship
in
various
ways,
it's
about
one
half
to
one
percent,
now
of
paths
that
aren't
covered
so
they're
covering
a
lot
more
path
now
so
see.
B
If
that
bears
out
in
our
data,
let's
go
to
2009,
which
is
as
far
back
as
the
a/s
graph
data
that
we
have
goes
back
and
you
can
see
just
check
the
time.
So
here
the
x-axis
is
the
number
of
guesses
that
you
have
to
control,
and
you
know
again,
assuming
that
you
call
the
one
that
covers
the
most
paths
first
and
then
the
fraction
of
pads
that
you're
able
to
intercept
is
the
y-axis.
B
B
So,
if
you
look
at
six
on
x-axis
and
you
go
up
it's
about
0.8
paths
that
you're,
you
know,
80%
of
the
paths
are
able
to
cover
and
again
it's
oranges
to
apples,
because
not
all
links
carry
the
same
amount
of
traffic
and
you
know
a
path
is
not
the
same
as
a
route,
but
you
know
roughly.
We
can
see
that
there's
a
significant
chunk
of
paths
that
aren't
covered,
and
so
let's
compare
that
to
China
and
2018,
you
know
getting
closer
to
today.
B
You
can
see
it's
moved
up
and
to
the
left,
which
means
with
just
a
few
autonomous
systems.
China
can
cover
well
over
90%
of
the
paths
into
the
country,
so
you
can
actually
see
that
evolution
in
the
routing,
and
so
you
can
compare
across
years.
You
can
also
compare
across
countries.
So,
let's
take
a
look
at
Russia
in
2018.
I
can
show
you
Russia
in
2009.
It's
not
that
much
different
and
basically
you
can
see
in
Russia.
They
don't
have
a
very
high
choke
point
potential
like
China,
so
it's
very
hard.
B
B
The
United
States,
you
know
consistently
has
has
pretty
low
choke
point
potential.
It
doesn't
mean
that
they
don't
do
horrible
things
on
the
internet,
but
in
terms
of
the
kind
of
controls
that
we're
looking
at
it
would
be
very
hard
to
do
in
a
country
of
low
choke
point
potential.
You
can
see.
India
and
Egypt
are
up
there
a
little
bit,
but
you
can
see
China
for
a
long
time
was
right.
B
Around
0.1
0.2
you
and
then
shot
up
just
like
we
saw
in
the
data,
so
they've
actually
taken
steps
through
additional
internet
exchange
points
to
make
their
internet
B
have
a
stronger
choke
point
and
you
can
see.
Russia
has
consistently
had
a
pretty
low
choke
point
potential,
and
so,
as
an
application,
we
looked
at
the
correlation
between
Internet
freedom
and
national
choke
point
potential.
So
on
the
graph
on
the
top,
the
that's
national
choke
point
potential.
So
the
countries
that
are
white
or
light
green
are
the
lower
choke
point
potential.
B
So
they
have
a
harder
time
with
a
few
autonomous
systems
patrolling
all
the
paths
into
the
country,
whereas
the
darker
green
are
the
countries
with
the
higher
choke
point
potential
and
then
on
the
bottom.
So
we
use
freedom
on
the
net
scores
from
freedom
house
yeah,
it's
very
subjective.
They
have
free,
partly
free
and
not
free.
B
It's
actually
a
score
between
zero
and
a
hundred,
and
so
you
can
argue
you
know
as
a
country
free
if
they
really
do
surveillance
or
whatever,
but
in
terms
of
the
kinds
of
controls
that
we're
looking
at,
which
is
specifically
censorship
and
internet.
Shutoffs
and
that
kind
of
thing
it's
a
pretty
relevant
score
to
national
choke
point
potential.
So
we
wanted
to
look
at
the
correlation.
You
can
see
visually
that
there's
some
correlation
and
then,
if
you're
innocent
of
the
details,
we
have
statistics
in
the
paper
to
actually
show
that's
statistically
significant.
B
There
is
a
correlation
between
the
major
that
we
define
the
national
choke
point
potential
and
the
freedom
on
the
net
scores.
Well,
you
might
notice
a
huge
outlier.
Does
anybody
notice
the
huge
outlier,
where
there's
not
so
much
correlation
a
huge
in
a
physical
sense
to
you,
so
you
might
notice
that
Russia
is
why
it
has
a
very
low
choke
point
potential,
but
it's
red
it's
considered,
not
free
in
terms
of
freedom
on
the
net
scores.
B
So
that's
an
interesting
case
study
and
ironically,
one
of
my
former
graduate
students,
Roy
and
Sophie
she's
now
on
the
faculty
at
University
of
Michigan,
and
she
has
put
out
a
paper
last
week
saying
that
choke
points
aren't
as
relevant
as
they
used
to
be
because
Russia
is
doing
a
great
job
at
censorship
and
they
don't
have
choke
points.
My
own
personal
opinion,
I.
Don't
think
that
they're
gonna
reach
the
level
of
sophistication
the
a
country
like
China
has
or
Iran
they
do.
You
know
some
very
sophisticated
things
that
we
can
talk
about
offline.
B
My
reasons
for
thinking
this,
but
I
don't
think
they
I
think
that
choke
points
are
still
relevant
because
anybody
can
just
go
to
a
bunch
of
ISPs
and
say
I'm.
You
know
all
of
the
dozens
of
Eyes
peas
that
our
border
ISPs
in
our
country
just
have
them
throw
this
HTTP
filtering
box
in
path,
but
that
you
know
it's
a
lot
harder
when
you
try
to
do
the
more
sophisticated
things.
In
my
opinion,.
B
So
that's
one
thing
I
want
to
tell
you
about,
is
just
the
research
that
we
did,
but
we
also
have
some
data
and
tools.
I
want
to
tell
you
about
because
I'm
hoping
they.
You
know,
you
have
your
own
questions
and
your
own
thoughts
about
what
might
be
reflected
in
the
ass
graph
and
you
can
use
our
data
and
tools
so
in
terms
of
our
data
techniques.
B
So
we
took
the
qaeda
data
and
then
the
a
s
relationship
data
set,
and
then
we
used
a
breadth
first
search
algorithm
and
the
GAO
Rexford
Rowdy
model
to
identify
paths
between
a
s
pairs
and
then
the
part
that
requires
a
supercomputer
is
generating
the
routing
trees
for
each
destination
autonomous
system.
So
so
that
way,
you
can
reason
about
the
routing
from
one
autonomous
system
to
another
for
any
pair
of
autonomous
systems
in
the
world
and
we
saved
those
routing
trees.
B
So
if
you
want
to
use
our
tools,
you
don't
need
a
supercomputer,
just
download
the
routing
trees
from
ask,
and
then
we
calculate
a
chokepoint
potential
for
each
border
autonomous
system.
But
once
you
have
that
graph,
you
could
answer
any
question
or
make
up
any
major
that
you
think
would
be
interesting,
and
so
we
have
all
of
our
tools
or
open
source
and
they're
bundled
up
in
this
thing
called
bgp
simulation,
analysis
and
storage,
and
then
we
have
the
routing
data.
So
if
you
don't
have
a
supercomputer
handy,
you
can
just
download
this.
B
It's
200,
gigs,
compressed
and
then
compresses
to
about
2,
terabytes,
so
I'm
sure
you'll
be
able
to
find
my
slides
on
IAT
effort
is
Google,
my
name,
and
then
that
way
you
don't
have
to
write
down
these
other
key
links.
So
the
the
second
link,
the
middle
link,
is
what
I
just
talked
about
the
routing
trees
and
all
of
our
software
and
everything.
As
of
yesterday.
B
So,
just
for
fun,
I
went
to
the
internet
world
map.
This
is
something
that
Kurtis
the
first
author
of
the
paper
did
where
you
can
actually
draw
the
autonomous
system
graph
for
each
country,
and
then
it
does
border
nodes
as
yellow
and
then
internal
is
green
and
foreign
is
orange
and
you
can
see
how
Singapore's
changed
from
2015
to
2018.
B
It
might
not
be
on
this
slide
is
big
enough
to
see
there's
a
yellow,
there's
a
you
know,
very
substantial
border
autonomous
system
in
2015
and
then
fast
forward
to
2018,
and
it's
more
spread
out.
There's
a
lot
more
border
autonomous
systems
connecting
out
the
country
now,
so
we
would
expect
Singapore's
national
truck
point
potential
to
have
gone
down
between
2015
and
2018.
B
That's
exactly
what
we
see
the
yellow
line,
that
kind
of
goes
up
after
2013
and
then
back
down
after
2016
is
Singapore
and
you
can
actually
see
their
national
choke
point
potential
went
out
for
a
while
and
then
came
back
down
and
a
lot
of
times.
These
things
happen
because
of
you
know
in
exchange
points,
and
you
know
different
changes
that
get
made
and
then
I
just
took
some
of
the
countries
in
the
region,
so
you
can
play
with
it.
Go
to
that
website.
B
You
can
put
in
your
own
countries
to
play
around
with
I
put
China
for
context.
You
can
see
China
going
up
and
you
can
I
just
selected
a
bunch
of
African
countries
and
you
can
see
they
there's
kind
of
a
downward
trend.
So
as
they
get
more
connected
to
the
internet,
they
have
lower
choke
point
potential.
The
one
exception
is
Ethiopia
up
there
at
the
top
there's
just
a
line.
That's
one
point
all
the
way
along
and
that's
to
be
expected.
B
So
if
you
take
a
look
at
the
Internet
of
Ethiopia,
it's
one
autonomous
system
which
is
a
border
autonomous
system,
and
then
it
connects
to
three
autonomous
systems
outside
the
country.
That's
why
they're
there
in
their
choke
point
potential
is
one
so
in
terms
of
takeaway
messages.
So
hopefully
I've
convinced
you.
The
national
choke
point
potential
is
a
useful
measure
and
something
that's
useful
to
think
about,
but
I
also
wanted
to
tell
you
we
have
code
and
data.
B
So
if
you
want
you
have
your
own
questions,
your
own
majors,
your
own,
you
know
things
that
you
want
to
do
with
it.
I
please
get
in
touch
with
us
if
you
have
any
problems
with
our
tools
or
data
or
anything
and
in
terms
of
future
work,
so
Stephanie
and
Curtis
are
interested
in
missing
links
of
a
they're
working
with
a
graph
theory
expert
and
trying
to
identify
the
the
links
in
our
graph
that
might
be
missing
using
statistics
I'm
more
interested
in
physical
infrastructure.
B
So
if
there's
blackouts,
you
know
how
do
you
measure
the
internet
from
inside
a
blackout
see
what's
going
on
and
then
tcp/ip
oddity?
So
if
you're
interested
in,
like
you
know,
details
I'll,
just
give
you
a
little
previous
initial
sequence
numbers.
We
looked
at
TCP
initial
sequence
numbers
it's
something
like
13%
of
the
internet
generates
initial
sequence
numbers
in
a
way,
and
this
isn't
sync
cookies
ignore
sync
cookies.
It's
still.
13%
of
the
internet
generates
initial
sequence
numbers
in
a
way
that
lowers
the
entropy
and
makes
it
easy
to
connections
IP
ID
a
similar
problem.
B
There's
a
third
of
the
internet
has
generated
an
IP
IDs
in
a
way
that
is
vulnerable.
So
if
you're
interested
in
that
kind
of
low-level
tcp/ip
stuff,
please
talk
to
me
offline
and
with
that
I'll
just
acknowledge
my
author.
So
you
have
their
contact
information
when
you
find
the
slides
and
I'll
take
any
questions.
Thank.
A
You
that
was
really
quite
fascinating
and
one
of
the
things
you
mentioned
it
and
anybody
I'll
ask
my
question.
While
lining
up
you
mentioned
Iran
once
at
the
moment,
we've
got.
You
know
it
basically
in
a
shutdown
where
the
news
reports
that
only
5%
of
traffic
is
getting
out
now,
I,
don't
know
how
they
figured
out
that
kind
of
measure.
A
B
We
we,
we
did
a
lot
of
different
things
with
the
statistics
and
then
just
because
of
the
the
vagaries
of
academia.
A
lot
of
it
got
cut
from
the
paper
now.
The
statistics
section
is
like
1/2
of
a
column,
but
mostly
we
compared
things
like
freedom
on
the
net
scores
and
there's
another
one
like
freedom
of
the
press
and
different
indices,
and
then
we
compared
them
to
different
ways
of
doing
our
major
and
then
in
terms
of
statistics.
If
you
look
at
lots
of
different
things,
then
you
have
to
account
for
that.
B
When
you
say
something
is
statistically
significant
because
you
don't
want
to
look
at
20
things
and
say:
oh
look!
It's
statistically
significant!
When
you
look
at
20
things,
it's
not
statistically
significant,
or
so
we
accounted
for
all
of
that
I'm,
not
the
statistician.
The
statistician
has
actually
been
on
the
paper,
but
we
did
a
lot
of
controls
and
things.
So
we
tried
to
control
for
a
lot
of
things
in
the
CIA
world,
factbook
that
might
explain
the
correlation
to
make
sure
that
we're
not
just
saying
well.
B
Poor
countries
are
poor
in
rich
countries
to
reach
rich,
and
so
the
statistics
stood
up
to
all
of
that,
but
all
of
that
had
to
get
cut
out
of
the
paper,
but
we
we
did
not-
and
this
would
be
interesting
to
do-
is
you
know,
look
at
some
of
the
data
that
tor
has
or
Unni
or
you
know,
whoever
is
able
to
come
up
with
these
numbers
like
5
percent
of
the
traffic
and
try
to
correlate
to
that.
So
there'll
be
something
interesting.
If
we
don't
have
time
to
do,
hopefully
somebody.
A
C
D
Nalini
Elkins
there's
a
country
that
I'm
pretty
familiar
with.
That's
had
internet
both
internet
shutdowns
too
in
the
last
few
months,
and
also
it's
an
interesting
thing,
I'm
pretty
sure
what
they
did
was
just
call
the
ISPs
and
tell
them
to
shut
off
a
particular
region.
They're
a
lot
more
concerned
about
particularly
pinpointed
targeting
of
certain
regions
rather
than
then
you
know
things
coming
across
the
border.
D
I
think
it'd,
be
an
interesting
thing
to
know
is
peak
coverage
because,
if
there's
like
one
isp
serving
a
particular
region
versus
like,
I
know,
there's
a
lot
of
projects
like
you
know
the
Google,
loon
and
various
other
kinds
of
things
that
might
in
in
the
future
give
us
a
different.
You
know
that
the
inability
to
do
anything
like
this
governments
to
do
that,
but
but
who
knows
what
I
mean
I'm,
just
it's
just
a
cure,
yet
I'd
be
interested
to
know
something
like
that.
D
B
D
E
D
B
Their
concern
is
more
like
if
we're
routing
data
within
our
country-
and
we
don't
want
the
NSA
spying
on
us.
How
can
we
make
sure
that
our
data
doesn't
cross
international
border
and
then
come
back
in
and
so
there?
Those
are
two.
You
know
separate
questions
that
you
might
look
at
in
the
AES
graph.
But
those
are
not
the
question
we
chose
to
look
at,
but
they're
definitely
interesting
questions
that
we
should
look
at.
F
John
Brewer
independent
there's
been
a
proliferation
of
IX
extension
services,
where
internet
exchanges
will
allow
you
to
connect
to
the
I-x
remotely.
So,
for
example,
you
could
be
within
a
quite
restrictive
country.
You
could
have
a
circuit
from
the
very
restrictive
license
national
carrier
and
you
could
just
run
a
tunnel
over
it
and
appear
to
be
peering
at
say:
B,
bi,
X
in
Japan
or
Hong
Kong
internet
exchange.
This
creates
a
lot
of
adjacencies
that
really
are
still
going
through.
One
choke
point
that
you
haven't
mapped
I,
don't
think
you've
mapped
in
this.
F
Have
you
thought
about
this
problem
and
how
extensive
it
is.
So
it
creates
an
adjacency
because
of
the
internet
exchange
point,
so
it
allows
an
ASN
inside
of
a
restrictive
country
to
tunnel
out
and
create
a
lot
of
adjacencies
that
make
it
look
like
an
isp
inside
of
a
restrictive
country
is
actually
paired
with
200
guesses
in
another
country.
However,
they're
still
going
through
the
choke
point
of
their
national
carrier,
which
can
shut
them
off
like
that
yeah
yeah,.
B
So
if
anybody
has
recommendations
like
how
we
could
find
that
data,
that
would
be
really
interesting
to
us
and
we
also
like
just
in
terms
of
physical
infrastructure,
you
get
ma.
This
speaks
to
the
first
question.
To
is
you
get
regions
like
you
know,
Tibet,
where
they'll
be
very
local,
shutdowns
and
then
they'll
get
very
conflicting
information
about
where
the
internet
shut
down
or
whatever,
and
so
they
would
like
a
map
of
their
local
little
internet.
B
G
G
Can
you
speak
to
what
your
thoughts
are
as
to
what
kind
of
you
know
if
you
imagine
a
world
where
much
more
traffic
is
encrypted,
maybe
using
encrypted
SMI,
so
you
can't
kind
of
block
that
way.
How
would
that
impact
on
what
statistics
you
might
use
instead
of
the
ones
you
have
our?
How
would
you
evolve
your
current
statistics
and
that's
not
kind
of
context.
B
Yeah
I
think
in
terms
of
encryption
I
mean
it's
it's
hard,
because
if
you
look
at
the
way
the
internet
censorship
gets
applied,
you
know,
especially
in
the
countries
that
are
good
at
it.
It's
a
very
graduated
response,
so
as
long
as
they
can
tell
that
you're
using
a
VPN,
you
know
they
can
be
very
successful,
just
watching
VPNs
and
then
shutting
them
down
when
they
really
need
to
and
not
exerting
a
lot
of
pressure
for
there
to
be.
B
You
know
a
lot
more
office
keishon
at
it
or
anything
like
that,
and
you
know
it'd
be
great.
If
there
was,
you
know,
obfuscation,
encryption.
That
would
convincingly
could
stop
these
kinds
of
internet
controls,
but
I
think
the
reality
is
like.
Vpns
are
a
good
example
a
lot
of
times.
You
know
there
will
be
VPNs
that
work
inside
a
country
and
the
only
reason
they
work
is
because
the
VPN
company
you're
connecting
to
you
is
sharing
the
data
with
that
that
country's
governments
of.
H
Alright,
Joe
Hall.
This
is
wonderful
work.
Thank
you
for
doing
it.
Choke
points
is
obviously
a
rough
metric.
I
mean
I'm,
not
trying
to
criticize
you
it's
great
stuff,
I'm
wondering
you
know,
there's
so
many
other
things
that
powerful
sensors
do.
Have
you
thought
about
extending
this
to
measuring
not
just
choke
points,
but
some
notion
of
instrumentation
like,
for
example,
the
great
cannon
which
may
not
be
as
interesting
as
it
was
when
we
first
saw
it
come
in,
which
you
know
injects
into
HTTP
flows,
JavaScript
DDoS
other
sites
right.
H
It
might
be
interesting
to
sort
of
be
able
to
look
at
some
of
these
things,
like
the
graphs
and
stuff
with
not
just
the
ability
to
sort
of
shut
stuff
off,
but
the
ability
to
tinker
with
with
flows
in
ways
that
might
not
be
shutting
down,
but
you
know
bandwidth
restrictions
or
the
probability
of
getting
a
TCP
reset,
or
something
like
that.
That
may
be
too
hard
to
analyze
like
this,
but
I'm
just
wondering
if
you
thought
about
extending
it
to
stuff,
that's
not
just
jokey,
but
things
that
are
kind
of
tinkering.
I.
B
Yeah
I
mean
that
would
definitely
be
interesting
and
I
didn't
really
have
our
later
works
slide,
but
there
there
have
been
other
studies
and
we
cited
in
the
paper
that
look
yeah.
We
were
interested
in
the
a
s
graph,
but
there's
been
other
studies
that
have
looked
at.
You
know
who
controls
all
the
paths
for
DNS,
and
you
know
just
assuming
they
actually
had
usage
statistics
for
everybody
over
the
world.
B
A
E
Thank
you.
So
this
is
about
five-year
security
and,
in
particular,
how
party
security
affects
privacy
and
surveillance.
So
five
years
getting
deployed
now-
and
we
are
noticed
that
there
is
a
lot
of
interest
both
from
government
organization
and
also
from
privacy,
democracy
and
human
rights
groups.
How
5g
will
affect
privacy
and
surveillance.
E
E
There's
new,
stronger
authentication,
there's
a
zero
trust
architecture
inside
the
networks
and
between
them.
Talk
more
about
that
and
authentication
there's
more
separation.
Different
signaling
is
encryption
and
integrity,
protection
of
basically
everything.
At
least
that
was
the
goal.
In
many
cases
the
integrity
protection
was
a
bigger
problem
than
lack
of
encryption.
E
You
could
inject
traffic
and
get
data
out
and
a
main
goal
that
has
been
mainly
driving
by
Ericsson
is
to
prevent
tracking
and
identification
of
users
and
the
main
station
organization
for
5g
is
3pp,
but
this
is
also
done
in
a
lot
of
other
issues,
particularly
Heidi
uses,
IDF
standards,
the
large
attempt
and
trying
to
go
through
three
things,
which
I
think
is
mostly
interesting
for
HR
pc.
Now
very
much
hope
that
you
have
questions
happy
to
explain.
E
E
And
there
has
been
a
lot
of
attacks
using
that
lack
of
cryptography.
There's
also
been
examples
of
as
a
7
interface
being
accessible
from
the
internet
in
4G.
This
was
replaced
by
diameter.
This
evolutional
radius.
It
has
cryptography,
but
there's
a
tax
on
diameter
where
you
can
downgrade
it
to
as
a
7
I.
Don't
think
yes,
as
long
buzz
is
correct,
but
there
are
vulnerabilities,
yeah,
so
5g
completely
redesigns.
There
interconnect
interface.
E
So
this
picture
shows
the
interconnect
here
called
m32
technical
name
between
the
2
different
operators
and
connection
between
2
different
operators
can
be
you
make
a
call
from
the
u.s.
to
Europe
or
you
go
on
vacation
somewhere,
and
the
visited
operators
has
to
talk
to
you
whom
operator
and
this
new
interconnect
system.
Is
it's
using
a
TLS
tunnel
to
set
up
a
shared
key
and
then
that
shared
key
is
used
to
encrypt
an
integrity,
protect
as
much
information
as
possible.
E
Previously
in
between
here
there
can
be
one
or
many
interconnect
providers
and
inside
G
they
are
given
information
on
a
need-to-know
basis,
so
as
little
as
possible
and
any
modification
chance
by
them
or
logged
and
sign.
So
you
can
see
who
changed
and
this
system
uses
Hosey
and
old
and
TLS
poetry
inside
networks.
E
I
E
What
is
in
thicket
rosa
falls
but
base
station.
There's
quite
many
forms
here
are
some
examples
there
that
got
into
media
2013.
There
was
MC
catchers
in
trash
cans
in
London,
so
basically
these
integers,
they
catch
the
permanent
identifiers
of
all
the
of
your
phone,
and
then
they
used
use
that
to
track
you
and
to
sell
advertisement.
E
Think
long
in
London
is
clear
who
put
this
out
in
the
other
cases.
Of
course,
there's
nobody
is
taking
responsibility
for
this
entropy.
You
get
this
media
reporting
them.
You
don't
know
so
much
else,
so
implicit,
two-faced
patients.
They
go
under
a
lot
of
different
names
in
the
u.s..
They
typically
on
the
name
stingray-
and
this
is
a
brand
name
from
some
company.
E
As
far
as
I
knew.
None
of
the
companies
actually
making
mobile
equipment
makes
this
type
of
equipment,
so
these
are
different
companies
having
nothing
to
do
with
3pp,
and
there
is
in
general
there's
you
can
say
that
there's
two
different
kinds
of
base
stations
there
are
fake
base
station
that
can
completely
mimic
all
the
function
of
a
cellular
system,
and
these
only
work
in
2g
is
the
oldest
system
that
was
starting
to
get
drawn
in
1990s.
E
It
was
mitigated
with
3d
that
introduced
network
authentication,
but
the
problem
is
that
two-g
is
still
here
in
large
part
of
the
verge.
Some
part
of
the
world
has
completely
shut
down
to
G,
but
you
still
have
the
problem
that,
for
example,
US
has
completely
shut
down
to
D
bit.
Us
phones
will
still
happily
connect
to
false
to
be
base
station.
That
says
it
comes
from
France
or
Vietnam
or
China
or
any
other
country.
Then
mobile
thinks
it
it's
roomy.
E
Then
there
are
more
lightweight
force
base
stations
like
the
one
in
the
trash
cans.
The
simplest
way
would
be
to
just
passively
listen
to
the
permanent
identifiers
on
the
radio,
but
it
is
quite
inefficient.
So
typically
these
also
they
were
these
four
MC
catchers
are
active,
so
they
tell
the
you
way
to
tell
me
your
permanent
identifiers,
pretending
to
be
the
network
and
the
network
answers.
E
E
E
Then
there
is
a
strict
refreshment
of
the
temporary
identities.
Tree
DPP
system
has
a
temporary
identity
since
2g,
but
there's
no
strict
rules
on
refreshment
or
how
they
were
generated
in
5g.
They
are
forced
to
be
random.
Looking
and
there's
strict
rules
on
refreshment,
then
the
permanent
ID
is
not
used
in
paging
anymore.
When
the
base
station
in
ASCII,
as
trying
to
figure
out
whether
you
is
there
is
integrated
protection
of
use,
plane,
traffic
or
some
attack
being
use.
Their
radio
direction
are
now
secure,
so
typically
falls
base
station.
E
If
you're
connected
to
4G
the
fault
space
station
will
pretend
to
be
a
4G
network
and
tell
you
you
should
connect
to
this
student
network
is
that
that
will
be
better
for
you
and
that
was
not
protected
and
5g.
It
is
protected.
So
if
you
connected
to
5g
a
force,
patient
will
not
get
you
to
reconnect
easily.
E
Of
course
it
can
jam
the
5g
frequences
altogether,
it's
very
little
to
do,
but
that
and
then
there
is
full
Space
Station
detection,
using
both
URIs
and
networks
in
collaboration
and
typically
using
the
the
data
available
in
the
network.
It's
very
easy
to
to
see
that
there
is
that
there
has
been
for
Space
Station
people.
You
cannot
shut
them
down
down
remotely,
but
you
can
send
someone
out
or
report
to
the
police.
E
E
E
And
both
of
these
ports,
I
talked
about
is
already
since
several
years
ago,
already
standardized
in
5g
in
the
Padilla
standard,
the
first
another
surveillance
related
topic
that
is
not
in
the
foggy
standard
yet,
but
we
hope
to
get
in.
The
next
release
is
to
limit
the
impact
of
compromised,
long
term
keys,
and
this
was
in
the
Snowden
revelations.
E
To
try
to
stop
this.
So
in
cellular
networks,
the
authentication
is
based
on
the
symmetric
key
one
part
is
stored
on
the
SIM
card
securely
very
hard
to
extract.
The
other
is
securely
installed
in
the
home
network,
also
very
hard
to
extract.
But
what
these
hackers
apparently
rumored
Lee
did
was
to
get
hold
of
the
key
before
it
was
delivered
to
the
home
network.
And
so
what
can
you
do?
E
If
you
get
this
key,
you
can
do
active
attacks,
so
you
can
authenticate
as
the
network
to
the
UE
or
you
can
attend
to
gate
sau
we
to
the
network
or
you
can
do
both
at
the
same
time,
being
a
man-in-the-middle
that's
hard
to
do
at
home
at
a
large
scale.
It's
relatively
expensive
and
you
can
get
you
can
be
detected.
E
You
can
also
do
passive
attacks
where,
yes,
the
eavesdrop
on
information
sent
over
the
air
and
then
you
can
decrypt
everything.
This
is
much
easier
to
do
at
large
scale.
It's
relatively
inexpensive
and
the
risk
of
being
detected
is
very
low,
and
with
this,
as
the
system
is
designed
in
14
earlier,
you
can
also
do
this.
If
you
recorded
information
in
the
past
and
then
just
get
compromised,
get
the
long
term
keys,
you
can
decrypt
the
past
information.
E
So
how
do
we
stop
this?
This
is
quite
straight
forward
known
techniques.
You
do
a
DPL
ephemeral,
diffie-hellman,
send
you
to
the
X
e
to
the
bye,
and
then
you
calculate
it
would
X
Y,
and
this
we
are
now
working
to
introduce
in
in
the
EAP
k,
so
5g
previous
five.
We
use
their
own
mechanism
for
authentication
in
5g.
It
was
introduced
that
you
can
always
used
EAP
so
for
access
to
the
mobile
network.
You
can
use
EAP
aka,
which
is
the
SIM
card,
based
authentication
method
for
private
network,
like
industries
and
so
on.
E
You
can
use
any
IP
method
and
the
EAP
is
IDF
standard,
for
example,
EAP
TLS
and
we
are
now
worked.
Ap
TLS.
It
already
has
different
monkey
exchanged
with
perfect
formal
secrecy.
We
are
now
working
actively
to
introduce
that
into
the
sim
card
authentication-
and
this
is
a
hessian
working
group
adopted
here
in
the
IDF
in
the
emu
working
group,
and
there
is
a
study
in
3gpp
to
what,
if
this
should
be
introduced
in
3d
PP
and
what
other
enhancement
should
be
done.
E
J
I'll
ask
one:
this
is
burning
volts
in
one
of
the
slides.
You
said
that
the
suppiy
s
UPI
was
shared
with
the
roaming
network.
Is
that
a
good
idea?
I
mean
I?
Understand
it's
probably
the
least
sort
of
you
know
potential
exploit,
but
it
opens
the
opportunity
that,
if
somebody
you
know
if
you
roam
somewhere
somebody
breaks
into
that
remote
network,
that
operators
thing
they
can
get
your
something
yeah.
E
I
think,
oh,
nothing
is
perfect,
so
yeah
roaming
Network
will
have
your
in
soapy,
but
and
I
think
it
has
to
have
it
for
technical
reasons.
At
least
for
now
it
changed
from
40
to
Friday
is
that
the
roaming
network
only
gets
disappear.
If
the
noble
actually
is
is
there,
there
was
a
tax
on
40,
where
you,
the
rooming,
a
rogue
roaming
network
could
get
this
get
authentication
vector,
even
if
them
all
at
home
was
not
there.
Five
divorces
the
mobile
phone
to
be
there.
At
least
you
need
to
be
physically
there
in
that
network.
E
J
K
Place
hi
so
I
have
a
question
about
this.
Inter
interconnect
security,
you
did
mention
that
now
it's
using
TLS
and
certificates,
which
is
a
big
improvement
from
ss7
and
and
diameter,
but
I
still
wonder
like
do
you
just
trust
any
anyone
that
has
has
a
certificate
or
do
you
still
have
to
manually
configure
that
I
trust
certificates
with
these
domains
in
the
SN
yeah.
I
Elliott
here
John
thanks
for
your
presentation,
as
always
a
really
good
job.
On
that
last
point,
obviously,
we've
been
doing
a
lot
of
work
on
on
how
we
address
here
at
the
ITF
about
how
we
actually
do
a
certificate
trust
establishment,
its
parties
that
are
not
necessarily
known
to
each
other,
and
so
some
of
the
animal
work
is
probably
worth
looking
at.
I
A
E
No
to
HR
PC
to
follow
this
up,
I
think
unless
you
have
a
comment
on
it
yourself,
don't
know,
there's
different
I
think
there's
different
actors
here,
there's
private
companies
using
these
type
of
things
to
sell
advertisement,
then
there's
nation-states
using
false
pay
stations
in
other
states
I
think
that
the
attack
states
won't
definitely
want
to
stop.
That
FCC
is,
for
example,
worried
about
this.
Then
there
is
report
about
police
using
MC
catchers.
I
So
I
think
some
of
this
has
to
do
with
the
trust
model
from
the
from
the
base
station
to
device
some
of
it
has
to
do
with.
Who
is
an
authorized
base
station
if
you
will
within
a
provider
network
and
and
what
sort
and
how
the
government's
might
influence
that
so
I
think
there's
probably
some
thought
that
could
be
given
there
yeah.
E
L
Mr.
abhart
all
open
exchange
now
and
since
I,
this
is
a
discussion.
That's
coming
up
in
other
environments,
I'm
curious.
How
do
you
do
the
legal
intersection
party,
since
this
is
still
a
requirement
in
most
counties?
So
I
mean
this
is
an
an
encryption
only
on
the
radio
path,
I'd
say
or
maybe
up
to
the
home
network.
But
then
there
is
a
point
in
which
the
communication
is
anyway
decrypted,
and
so
it
can
be
also
shared
with
third
parties,
or
so
I
am
I.
Getting
this
right.
Yeah.
E
E
M
Okay,
the
first
a
question
about
the
encryption
of
the
permanent
identifiers,
I
I
noticed
you
mentioned
if
it
is
enabled-
and
this
is
a
problem
like
I
personally
faced
while
reading
5d
specifications,
which
is
what
options
are
actually
left
to
the
operator
and
what
are
parts
of
the
standard
itself
which
have
to
be
monetarily
followed,
is?
Is
this
part
an
option
left
to
the
operator
or
yes,.
E
So
encryption
of
the
so
pay
is
it's
mandatory
to
support
by
all
equipment,
so
support.
Will
there
be
there?
It
needs
to
be
enabled
by
the
operator
the
tree,
the
operator
as
organization.
Yes,
ma
has
said
that
this
is
highly
recommended
for
the
operators
to
turn
on
so
I
would
believe.
I
would
believe
that
in
the
Western
world
this
will
be
turn
on
I,
don't
think
it's
turn
on
in
the
very
first
5g
deployment
that
we
are
seeing
that
all
have
been
deployed.
E
You
we,
of
course
the
ue
knows
if
it's
encrypted
the
permanent
identifier,
it's
probably
not
visible
to
the
end-user,
but
it's
it's
very
visible
for
the
radio
traffic.
So
I
think
this
is
something
that
academia
can
it.
Probably
the
operator
will
tell
you
if
they
encrypt
this
or
not,
but
you
can
also
quite
easily
checked
on
the
radio
if
it
is
encrypted.
If
it's
not
encrypted,
you
get
same
EMC
all
the
time.
If
it's
encrypted
you
get
some
random
string
as.
M
A
question
about
how
the
interconnection
encryption
would
work.
So
if
there
are,
if
I
am
going
through
another
network
to
reach
the
final
destination
network,
that
I
need
to
connect
to
the
so
the
actual
encryption
is
just
between
the
two
and
so
a
B
C
and
I'm,
connecting
through
B
to
C
B,
the
III.
Don't
see
the
I
mean
larger
point
of
such
encryption
because
we
can
still
decrypt
it.
M
E
So
the
rooming,
if
you
are
roaming
to
another
country,
that
other
network
will
see
your
permanent
identifier
eventually,
the
encryption
of
the
permanent
identifier
is
its
end
to
end,
but
then
it
goes
back
to
the
roaming
operator.
The
main
main
reason
to
have
this
encryption
is
not
to
hide
it
for
the
roaming
operator.
It's
to
hide
it
over
the
ear
yeah.
My.
E
B
D
Million
elegans
so
now
I'm
I'm
thinking,
if
that
that
I'm,
a
very
intrusive
of
government
that
wants
to
surveil,
you
know
everybody
and
I
want
to
have
the
power.
So
one
thing:
I'm
gonna
probably
look
for
the
weakest
point,
and
so,
if
you
make
all
this
secure
that
I'm
gonna
start
attacking
and
I'm
gonna,
you
know
go
on
to
the
client,
but
the
other
thing
I
know
there's
been
a
lot
of
talk
and
whether
it's
true
or
not,
I,
don't
know
about
about.
D
You
know
if
you
can
get
the
not
false
base
station,
but
this
that's
the
device
itself,
the
real
station
and
then
I
as
the
bad
guy
of
the
surveilling
government
I
a
lot
Gemalto
I
hack
into
it
or
I
make
that
insecure
so
that
on
the
back
end,
it's
given
me
all
the
information
that
it
needs,
so
I
I
mean
I
and
I,
don't
know
what
the
answer
is,
whether
like
not
like
an
independent
body
which
looks
at
all
these
things
and
kind
of
says
this.
This
thing
is
doing
this
kind
of
stuff.
E
Are
certification
programs
for
the
security
of
all
these
type
of
notes?
I,
think
the
base
stations
are
quite
closed.
I,
don't
think
it's
easy
to
break
into
to
base
station,
but
no
all
the
day
very
much
data
is
of
course
available
at
the
operator.
Basically,
the
mobile
network
needs
to
keep
track
of
all
the
users.
E
K
K
E
A
You
very
much
and
thanks
to
both
of
our
speakers
here
and
an
innovation
to
others
of
you
that
are
researching
things,
especially
things
related
to
human
rights
protocol
considerations.
Please
let
us
know
for
future
meetings
now:
I
guess
it's
Joe
hall,
I
guess
Stephan
is
also
on
online,
but
please
and
the
clicker
is
there.
C
H
H
H
The
methodology
was
to
test
the
causal
relationship
of
protocols
in
terms
of
their
effects
on
Association
and
assembly
through
typical
impaired,
dogmatic
cases
we
have
since
then
taken.
The
word
cause
a
lot
of
all
this,
because
we
have
a
lot
of
academic
critiques
about
causal
relationships
and
there's
seven
protocol
cases
in
the
document,
and
we
sort
of
are
wondering
why
these
particular
cases
so
three
issues
I'll
tee
up
for
discussion
right
now.
What
is
the
aim
of
the
draft?
H
So,
first,
the
aim
of
the
document
there's
sort
of
two
stated
goals
in
the
document.
The
first
is
that
the
document
seeks
to
deepen
the
relationship
between
internet
architecture,
protocols
and
standards
without
creating
any
new
guidelines.
This
is
HR
PC,
Human,
Rights
protocols,
considerations.
Why
is
the
goal
not
to
do
something
about?
Why
is
Human
Rights
not
in
the
goal
right
there
and
then
why
are
we
not
creating
new
guidelines?
H
I've
got
I
have
some
ideas
about
why
we're
not
creating
new
guidelines,
given
the
relationship
between
AI,
RTF
and
IETF,
and
the
second
goal
is
to
test
the
relationship
between
protocols
and
associations.
But
what
does
it
mean
to
test?
The
draft
doesn't
really
talk
about
that
much
and
are
we
at
all
interested
in
the
relationship
with
Association
or
the
broader
right,
there's
sort
of
treaties
and
other
people
recognize
that
this
right
as
being
as
assembly,
an
association
are
those
things
different.
H
They
probably
are
and
then
importantly,
how
is
this
document
going
to
be
helpful
for
folks
working
in
the
IETF
if
they
want
to
see
this
as
research
and
put
into
things
they're
doing
you
know,
how
does
that
work
at
all?
The
second
issue
is
the
cases,
so
the
cases
that
we
have
in
the
document
right
now
are
conversing
peer
to
peer
and
then
grouping
together
getting
into
groups
and
so
in
the
conversing
sense.
H
There's
IRC,
there's
mailing
lists,
there's
web
RTC
and
if
I'm
talking
too
fast
just
raise
your
hand
and
let
me
know
and
I'll
slow
down
and
peer-to-peer,
there's
actual
peer-to-peer
technologies
and
then
there's
version
control
technologies
and
then
in
grouping
together.
There's
things
like
the
domain
name
system
autonomous
systems,
but
it's
unclear
us
why
these
particular
cases
are
chosen.
H
The
document
sort
of
says
without
explanation
that
they're
typical
and
paradigmatic,
but
that's
not
really
explained
in
the
document,
but
if
we
were
gonna
change
these
cases
or
think
about
a
more
coherent
way
of
talking
about
cases
at
all.
What
will
we
do?
Might
we
think
about
events
that
happened?
Sort
of
socially
things
that
happened
in
the
world
and
how
protocols
may
have
affected
those
kinds
of
events,
either
specific
ones
or
over
periods
of
time
like
shutdowns,
which
is
sort
of
a
genre
of
things
that
happen
in
the
real
world
and
then
being
former
academics?
H
The
literature
review
is
something
we
think
we
really
need
to
beef
up
and
spend
some
time
digging
into.
We
really
think
we
need
to
be
more
systematic
and
explicit
about
the
universe
of
definitions
of
the
right
to
freedom
of
assembly
and
Association.
There's
a
lot
of
material
out
there.
What
are
the
boundaries
of
those
rights?
You
know,
how
do
we
actually
think
about
those?
H
You
know
how
have
people
thought
about
the
boundaries
of
these
rights
and
then
do
we
need
a
better
distinguish
between
enabling
the
cat,
the
capacity
to
associate
and
assemble
the
positive
right
and
disabling
it
and
then
in
the
negative
sense.
So
to
what
extent
can
you
exclude
folks
from
particular
types
of
associations
or
assemblies?
That's
also
part
of
the
right.
It's
important
you
know
to
have
a
group
that
you're
confident
in
that
you
can
kick
people
out
of
the
group
that
may
be
a
little
different
for
ietf
but
and
the
right
to
exit.
H
There's
a
link
in
the
document.
That's
actually
broken,
there's
a
percent
23
that
should
be
a
pound.
So
if
you
click
on
that
and
you
get
an
error,
just
change
it
to
PAMP
I,
don't
know
how
that
happened.
It
must
be
Google,
slides
and
then
we're
actually
looking
for
other
examples
of
folks
who
have
thought
deeply
about
the
right
to
assembly
and
Association
Association,
specific
and
digital
technologies,
and
there's
a
few
things
that
that
we
think
are
out.
There
know
they're
out
there
that
we
just
need
time
to
find.
H
H
This
is
not
a
bad
way
to
restructure
this,
and
you
can
see
you
know,
there's
a
pretty
deep
literature
review
in
here
that
sort
of
sets
up
the
boundaries
of
sort
of
what
we
think
about
the
right,
and
then
we
actually
go
into
maybe
a
different
set
of
cases
around
events
or
socially
things
that
happen
in
the
real
world
and
how
protocols
might
affect
that
rather
than
looking
at
the
protocols.
Is
these
these
sort
of
clinical
things
themselves
now
to
do
this?
We
need
help.
Obviously
we
need
help.
H
We
really
want
to
make
this
draft.
We
want
to
make
the
draft
in
a
collaborative
fashion.
We
want
to
actually
write
it
in
a
collaborative
fashion,
so
we're
thinking
of
having
three
short
seminars
to
like
working
seminars.
I
guess
you
could
call
it
an
interim
I
heard
someone
say
that
the
other
day
I
won't
say
who,
but
we
could
think
about.
These
is
short
interim
meetings
for
HR
PC
between
now
and
the
March
Vancouver
meeting.
H
That
will
allow
us
to
work
in
a
group
on
these
kinds
of
things
and
get
a
more
clear
idea
of
folks
who
want
to
participate
in
contribute
to
this
of
where
it
should
go
before
you
know,
publishing
a
new
version
of
the
draft
and
sending
it
back
to
the
group.
There
may
be
a
few
versions
along
the
way
and,
as
a
matter
of
fact
anyway,
that's
it
I
spoke
very,
very
fast,
but
I'm
wondering
what
people
think
are
you
in.
Do.
A
O
I
Least,
hi,
it's
Elliot
again,
Jo
I,
really
like
your
approach
in
terms
of
the
rigor
that
you're
introducing
and
I
think
that's
very
useful
to
two
points.
First,
on
the
question
that
you
asked
about
whether
the
document
should
provide
advice
to
the
ietf
community,
the
IRT
F
is
certainly
not
prescribed
from
doing
so
and
I.
Think
that's
part
of
the
charter
of
the
IRT
F
is
to
provide
that
assuming
you
can
derive
useful
advice
from
the
the
experience
of
having
written
put
putting
together
the
document.
I
That's
it's
surely
an
open
question.
The
second
point,
though,
is
in
terms
of
the
examples.
So
we
have
standards
examples
and
certainly
DNS,
as
a
rendezvous
mechanism
can
be
used
to
impede
freedom
of
association.
One
can
can
pretty
easily
envision
that
the
thing
that
I
was
thinking
about,
though,
is
the
societal
discussion
that
we're
having
about
this
is
well
outside
the
protocol
arena
right
now.
I
It's
what
sort
of
impact
can
government's
have
on
social
networks
like
Facebook
and
and
Twitter
in
this
regard,
and
so
one
of
the
things
I
would
like
you
to
leave
open
and
I.
Think
this
group
should
leave
open.
Is
the
import
of
this
work
compared
to
the
you
know?
What's
going
on
elsewhere,
if
it's
really
minor
import
and
it's
gonna
be
a
really
major
effort
to
try
and
put
this
together?
Let's,
let's
be
honest
with
ourselves
about
that
and
I
leave
it
as
an
open
question,
but
I
think
it
should
be
a
question
so.
I
Exactly
okay
and
it
could
be
that
we
might
want
to
refactor
again
towards
that,
it's
a
little
less
in
the
you
know
towards
the
IETF
space.
Perhaps,
but
it's
still
a
very
valid
area,
and
it
could
be
that
maybe
it's
a
valid
area
for
others
to
do,
but
I
leave
that
open
as
well,
but
I
think
we
should
have
that
discussion.
Cool.
H
P
O
O
O
A
Q
P
Yeah
Melinda
Shore
I
am
really
enthusiastic
about
this.
It
looks
great
on
I.
You
know
the
caveat
that
I'm
sort
of
yeah
on
the
idea
of
providing
guidance
to
the
IETF
I
think
it
can
be
implicit
in
the
document
and
that
would
be
sufficient,
also
I'm
going
to
disagree
with
with
Elliot
there.
There
are
many
examples
of
ITF
protocols
being
used
to
disassociate
people
from
the
internet
and
from
one
another
and
I
mean
DNS
is
actually
you
know.
We
can
come
back
to
that
circle
around
that.
But
you
know
DNS
is
a
good
example.
H
I
do
think
that
there's
a
way
to
to
combine
those
two
comments
in
the
sense
like
Brazil
platform
blocking
whatsapp
is
also
sort
of
meta
protocol
block
right
in
the
sense
that
they
have
to
do
a
whole
bunch
of
protocol
level
stuff.
To
do
that,
then
they
start
throwing
people
in
jail.
Sorry,
if
you're
from
Brazil
but
okay.
A
I
H
H
H
O
H
N
A
Okay,
so
basically
this
hopefully
Neil's
is
online
and
listening,
because
definitely
he
should
intervene
in
anything
I
say,
but
so
too,
with
the
rest,
we've
had
discussions
on
this
and
and
on
the
list.
I
said
that
I
would
try
to
do
sort
of
a
quick
look
at
where
we're
at
on
this,
so
that
we
could
then
look
at
going
further.
So
the
current
state
is
the
author
and
and
and
other
people,
and
and
it's
more
than
a
few
many
other
people
have
believed
that
the
doc
is
ready
for
a
research
group.
A
Last
call
there's
also
also
been
a
number
of
people
that
have
questioned
that
and
have
said,
perhaps
not
a
lot
of
people
think
it's
a
valuable
piece
of
work
that
should
continue
should
eventually
be
published.
There
are
a
few
people
that
have
questioned
that
and
and
and
a
very
few
have
actually
seemed
against
taking
it
forward,
but
I'd
say
that
the
majority
of
people
that
I've
been
listening
to
have
said.
Yes,
it's
worth
doing
it's
worth
taking
forward.
A
I
think
that
Neil's
has
done
an
incredibly
admirable
job
to
her
I
think
three
or
four
versions
in
an
attempt
to
to
respond
to
all
the
comments.
People
are
making
it
in
QuickTime
and
so
I
really
wanted
to
thank
them.
For
that.
I
also
think
that
the
conversation
that
has
gotten
going
on
the
list
by
people
trying
to
make
their
points
and
trying
to
make
their
points
understood,
has
been
really
good.
A
It's
kind
of
the
thing
I
often
look
for
in
this
group
is
not
just
someone
puts
out
a
document,
everybody
nods
and
then
it
gets
published,
but
but
rather
than
some
real
conversation
on
the
depths
of
issues
happens.
So
I
really
wanted
to
thank
the
people
who
sometimes
despite
their
busy
lives
and,
and
whatever
else
have
done
that
so
thanks
and
and
and
don't
go
away.
So
some
of
the
issues
now
these
are
the
issues
that
I've
sort
of
picked
up
in
in
a
brief
form.
A
Obviously,
we've
had
well-spoken,
erudite
writers,
writing
paragraphs
and
paragraphs,
so
I'm
sure
I
did
not
capture
it.
We
also
in
Neil's
as
many
versions.
Perhaps
some
of
these
have
been
fixed,
but
I.
Don't
want
to
make
the
assumption
until
others
have
said
so
there
was
a
clarity
on
on
the
research
question.
People
were
sort
of
saying:
what
is
the
research
question
that's
being
asked
here,
and
can
you
make
it
clear
in
the
document
it
has
gotten
clearer,
I'm,
not
sure
whether
it's
yet
clear
enough
for
all.
A
There
is
a
consistency
between
sections
of
the
document
with
questions
being
asked,
and
here
I'm,
quoting
one
of
the
people
that
commented
do
networking
standards
have
political
use,
and/or
impact
is
there
politics
and
the
development
of
networking
standards
are
protocols,
political
and
and-
and
those
are
statements
that
are
all
made
there
connected-
is
the
logic
between
them
working
within
that
framework,
our
all
the
statements
is
sufficiently
substantiated
with
argument
or
references.
Many
many
are
I
believe
probably
most
are,
some
may
not
be.
A
A
One
of
the
questions
that
came
up
that
had
been
in
the
draft
was
taken
out
of
the
draft,
but
others
felt
was
still
important
was,
should
access
to
IETF,
whether
it's
to
the
meetings
to
the
documents
to
the
whatever
be
included
in
the
discussion
of
the
political
nature,
and
there
were
lots
of
discussions
on
that.
There
was
definitely
a
split
in
the
viewpoint
of
it
being
critically
important
to
it
not
being
relevant
at
all
or
to
it
being
a
confusing
issue
to
include.
There
were
issues
with
definitions,
the
the
the
term
political.
A
There
was
a
single
definition
given
for
political
and
yet
I
think
almost
as
many
definitions
for
political
as
we
have
in
the
room
so
was
that
that
that
large
span
of
definitions
of
political
sufficiently
covered
is
the
definition
of
political.
That's
in
there
adequate
use
of
standard
without
a
definition.
In
other
words,
there
was
talk
of
protocol
considerations.
There
was
talk
of
standards,
considerations,
the
comparison
and
the
relationship
between
protocol
and
standard
was
not
differentiated
and
and
and
such
there
was
questions
of
made
of.
Are
we
talking
de
facto
standards?
A
Are
we
talking
about
the
jurist
de
jure
standards
if
we
could
call
an
IETF
standard,
a
de
jure,
also,
discussions
of
normative
versus
voluntary?
Nothing
in
the
IETF
is
indeed
normative.
It's
all
voluntary
and
recommended.
So
how
does
that
fit
in
to
this
this
political
analysis?
There
was
the
difference
between
non
standard
protocols
and
standard
tract
protocols.
Does
that
make
a
difference
in
the
political
nature?
In
the
political
analysis,
how
does
that
work?
Is
it
sufficiently
defined?
A
Does
it
work
for
people
in
in
the
illogical
analysis
of
the
document
again,
a
similar
question
that
came
up
for
us
in
Association,
for
whom
is
a
document
being
written
and
does
it
achieve
that
purpose?
That
is
not
clear.
Is
it
for
the
IETF
I
think
personally,
that
is
probably
broader
than
that,
but
but
to
whom
and
does
it
achieve
the
purpose?
There's
a
second
page.
These
were
issues
that
sort
of
were
issues
that
weren't
necessarily
in
those.
Perhaps
they
were
mine.
The
abstract
speaks
of
general
agreement
as
opposed
to
an
open
discussion.
A
I
know
every
time
I
run
into
general
agreement
at
the
beginning
of
a
document.
I
I
sort
of
freeze
up
a
little
and
I
wonder
how
we
substantiate
that
notion
of
general
agreement
and
I
certainly
haven't
seen
us
get
there.
Yet
on
this
one
there's
an
inconsistent
referencing.
Sometimes
it's
superb,
and
sometimes
it
seems
a
little
short
to
me
and
and
some
more
reference.
Some
more
depth
could
go,
but
I
also
must
admit
that
there
was
at
least
one
reviewer.
A
A
Looking
at
this
from
a
from
a
Shepard
point
of
view
from
a
co
chair,
point
of
view,
I'm
kind
of
looking
to
make
sure
that
we've
got
consistent
language
across
the
documents
that
when
we
use
a
word
in
one
document,
we
don't
have
a
different
definition
for
it.
Unless
we've
been
explicit
about
saying,
hey
we're
going
to
change
the
definition
here,
because
it
looked
to
me
like
the
definition
that
section
five,
the
discussion
was
a
little
one-sided
and
and
and
really
didn't
represent.
A
The
opposing
views
seemed
more
of
an
assertion
than
a
discussion
now
I'm,
not
trying
to
say
here
in
this
analysis
that
it
must
be
a
consensus.
What
I'm
saying
is
that
it
is
fine
for
it
to
have
an
assertion
of
this
is
the
point
of
view
and
we've
proved
it
against.
The
opposing
views
here
are
the
opposing
views,
and
this
is
why
they
did
not
prevail,
that
that
kind
of
discussion
that
shows
the
back-and-forth
that's
gone
on
between
various
things
and
then
there's
lots
of
typos.
A
So
first
of
all,
as
I
said,
I've
been
acting
as
the
shepherd
on
this
one,
not
that
we
really
had
this
notion,
but
certainly
once
it
went
to
research
group
last
call
and
went
to
the
IR
s
G.
It
needs
to
be
shepherded
by
someone
and
I've
sort
of
been
putting
myself
into
the
place
of
that.
But
if
there's
a
strong
aversion
to
me
being
the
shepherd
on
it,
because
I
may
be
too
prejudiced
in
my
opinions
or
or
what
have
you?
A
A
But
but
there
isn't
a
clear
in
the
conclusion-
and
this
is
how
we
move
forward,
and
this
is
how
it's
useful-
and
this
is
the
further
research
that
can
be
done
and
and
here
I'm
coming
into
the
topic
from
yesterday's
meeting
and
it's
a
topic
for
later
the
word
consensus,
I'm
looking
for
consensus,
as
we
had
on
80
to
80
that
the
document
is
clear
for
publication
that
people
look
at
it
and
say:
yeah
I
disagree
with
it,
but
my
point
is
covered
fairly.
Yeah
III
had
a
point
there.
A
It
was
discussed
it
was
covered
and
not
looking
for
consensus
on
it
having
a
single
view
that
everyone
agrees
to,
because
I
don't
think
that
that's
actually
possible,
but
I
do
think
it
is
possible
to
achieve
a
document
where
everybody
can
say.
Yeah,
that's
fair.
My
point
of
view
is
expressed
in
there
I
see
it
I'm
I,
basically
and
looking
for
it
not
to
be
something
that
someone
could
confuse
with
a
work
of
polemics
or
work
of
of
arguing
a
point
of
view
without
having
covered
all
the
other
points
of
view.
A
We
talked
about
adding
an
editor,
no
one's
come
through
to
as
a
volunteer
to
work
with
Niels,
yet
I'm,
hoping
that
at
least
one
of
the
people
that
had
a
lot
to
say
and
did
almost
as
much
writing
in
commenting
as
they
might
end
up
doing
as
a
co-editor
will
actually
volunteer.
We
had
talked
about
replacing
the
editor
I
have
no
ideas
on
that.
I,
don't
think
it's
necessary
if
we
can
find
someone
to
work
as
a
co-editor
and
I'll
stop
that
I
think
that
was
the
last
thing
yep.
That
was
the
last
thing.
A
I
Please
Audrey.
Thank
you
very
much
for
that.
I
think
you
covered
the
ground
really
well.
This
is
Elliott
again.
If
you
go
back
to
your
first
issue,
slide
yeah,
so
I
think
a
great
many
of
these
are
just
a
matter
really.
It's
a
matter
of
clarity
of
purpose
and
clarity
of
argument
that
that
that
had
to
be
addressed
and-
and
that
has
always
been
my
particular
issue-
the
point
about.
Let
me
help
a
little
bit
here.
The
point
about:
should
access
to
the
ITF
be
included
in
the
discussion.
It's
not
a
mandatory.
I
We
had
that
discussion
and
I
think
you
know
people
just
agreed
to
disagree,
and
it's
at
the
end
of
the
day.
You
know
that
whatever
the
editor
did
it
you
one
can
cover
it.
One
cannot
cover
it
and
one
doesn't
have
to
cover
every
issue
in
every
document.
So,
as
the
person
who
raised
the
issue,
I'm
certainly
happy
to
see
it
fall
off.
I
If
that's
where
people
want
to
go,
the
issue
around
consensus
is
one
that
I
think
it's
probably
worth
just
a
little
bit
of
discussion
a
little
bit
of
further
discussion
in
as
much
as
we
are
clear
as
to
what
you
know
how
the
room
felt
about
the
document
in
terms
of
is
this.
Did
everybody
agree
with
the
thing
that
was
that
were
the
result
and
if
we
say
well,
not
everybody
agreed
with
the
result
of
this
document.
However,
here
is
the
here's.
I
What
we're
producing
as
long
as
we're
clear
in
the
dock
in
the
front
of
the
document
as
to
the
position
I,
think
that
that's
a
perfectly
fine
way
to
go
forward
and
but
but
that,
having
been
said,
I
I
do
think
there
is,
unfortunately,
the
need
for
quite
a
bit
of
editing
in
the
process
that
could
help
I
think
just
improve
the
result
and
I'm
I
wish
I
had
the
time
to
do
the
Ted
to
help
there
myself,
but
I
do
not.
Okay.
A
R
Ludwick
relaying
comments
from
Jabbar
from
nll
said
thanks
a
lot
for
this.
Every
is
very
useful
for
me,
the
author
editor
of
the
document.
It
would
be
great
to
have
guidance
from
the
Shepherd
what
we
have
agreement
on
either
approaches
and
or
arguments
and
what
needs
improvement,
because
sometimes
it
feels
like
we're
going
back
and
forth.
Could
we
perhaps
make
a
Shepherd
issue
list
may
be
taken
from
this
presentation
and
seek
to
address
the
issues
one
by
one
else.
R
A
A
S
Hi
Colin
Perkins.
Thank
you.
This
I
think
this
was
a
nice
summary
of
some
of
the
issues
on
your
last
slide,
you
say:
you're
you're,
looking
for
consensus
that
the
document
is
a
balanced
expression
of
views,
even
if
it
continued
to
review
that
it's
not
consensus,
I
think
a
balanced
expression
of
uses
is
a
very
good
good
thing
to
have
in
there
I
think.
A
document
which
concludes
with
a
view
there
there
is
not
consensus
on
is
perfectly
reasonable
thing
to
do,
provided
it
is
clear
whose
view
it
is.
S
A
S
A
O
M
M
Are
that
if
you
look
at
the
MLS
group,
for
example,
or
the
OTR
protocol,
where
deniability,
which
is
the
diametrically
opposite
to
attribution,
is
a
legitimate
goal
that
is
pursued
for
anonymity
and
privacy?
So
if
you
have
any
thoughts
on
this
topic
on
how
to
address
this
in
the
draft
and
how
to
include
it
happy
to
listen
to
that
otherwise,
I
will
let
bring
the
topic
up
back
in
the
list.
M
O
You
grocery
bot
I
just
want
to
support
teasing
out
some
of
those
tensions,
because
that
is
how
that
is
really
accurate
in
the
in
the
framework
of
human
rights.
Is
that
sometimes
there
are
conflicts,
and
there
are
nuanced
and
that's
the
whole
point,
so
I
think
the
document
can
only
be
made
stronger
by
identifying
where
those
tensions
exist
and
actually
trying
to
learn
a
bit
more
about
them
in
the
context
of
protocol
and
standards.
Development,
but
I
do
think.
O
M
I
would
say
the
problem
in,
but
not
exactly
a
problem.
The
way
the
document
is
structured
is
in
terms
of
questions
right
and
while,
while
there
is
a
lot
of
theory
on
how
human
rights
would
interact
and
are
in
conflict
with
each
other
in
in
a
questionnaire
sort
of
format,
it
seems
like.
Oh,
if
I
take
this,
then
this
is
a
cross,
and
perhaps
we
can
then
include
a
statement
that
you
know
this
is
just
use
it
as
an
indication
of
what
you
want
to
achieve.
Rather
then,
yeah
well.
O
I
just
think
because
it's
guidelines
right
like
if
you're
doing
a
similar
thing
for
in
a
legal
policy
space,
you
really
want
to
focus
on
those
in
a
lot
of
ways,
because
that's
where
you
can
influence
people
making
difficult
decisions
when
it
matters.
So
maybe
if
we
have
enough
of
these,
maybe
it's
not
just
this
case,
but
there
are
a
couple
of
other
tensions.
We
can
maybe
start
to
collect
them
in
a
separate
section.
That
is
like
you
know,
sticky
issues
or
particularly
interesting
things
to
pay.
A
Not
that
we
have
any
time,
but
anyone
have
a
oh.
You
have
open
questions
and
okay,
so
yeah.
So
please
you
know,
review
that
draft
and
especially
if
you
are
using
it
somewhere,
please
please
contribute
the
last
topic.
We're
not
gonna
get
to
I'll.
Take
it
back
to
the
list.
It
was.
Why
do
we
insist
on
acting
like
an
IETF
group
when
we
don't
have
to
and
and
and
all
I
could
say
is
that
was
the
method
we
decided
to
use
at
the
beginning.
A
It
was
a
notion
of
gee,
let's
use
a
method
that
we're
all
comfortable
with
and
and
and
let's
see
it,
the
same
dog
food
as
everyone
else
around
us,
but
more
than
willing
to
change.
If
we
have
a
good
reason
to
change
I
know
we
don't
have
to
operate
like
an
IETF
working
group,
but
that
doesn't
mean
that
we
can't
and
and
and
so
I'll
stop
there
because
it's
time
and
they
don't
see
anybody
running
frantically
for
the
microphone
but
I
do
want
to
keep
carrying
it.
On
on
the
on
the
list,
I
mean.
O
O
Like
a
draft
Association,
you
can
imagine
one
on
freedom
of
expression,
because
those
are
specifically
mentioned
in
our
charter,
where,
as
political
I
feel
like
isn't
necessarily
like
a
core
one
as
an
example
right
and
maybe
is
even
more
like
the
the
way
that
what
the
draft
is
trying
to
achieve
is
even
better
suited
for
it
being
an
opinion,
because
otherwise
it's
it's
everyone's
an
opinion
and
then
of
it
therefore
says
nothing,
but
so
just
to
think
about
the
nuance
of
that
it's
a
case-by-case
basis
as
well.
No.
A
In
fact,
as
I
said,
if
anybody
ever
wants
to
write
an
article
for
a
journal
that
is
not
in
the
RFC
status,
then
we
could
find
a
completely
different
method
of
working
it.
So
anyhow,
I
still
see
nobody
running
frantically.
We
are
over
time.
Thank
you
very
much,
please
be
active
on
the
list.
Thank
you
to
Jabbar.
Thank
you
to
note-taker
and
talk
to
you.