►
From YouTube: IETF107-WPACK-20200325-1949
Description
WPACK meeting session at IETF 107
2020/03/25 1949
https://datatracker.ietf.org/meeting/107/proceedings
B
Begin
all
right,
great
okay,.
A
A
David
Lawrence
David
Lawrence,
so
I'm
going
to
run
the
slides
today
of
my
laptop
Dave's,
going
to
manage
the
queue
as
I
guess,
as
he
mentioned,
let's
get
into
it.
So
this
is
the
meeting
tips
that
you've
probably
been
staring
at
for
lap
ten
minutes,
while
I
cuts
around
with
my
laptop.
Please
make
sure
your
video
is
off
meet
your
microphone
unless
you're
speaking
use
your
headsets.
To
avoid
echo,
please
use
the
WebEx
chat
only
to
join
the
mic.
A
A
A
A
A
Thank
you.
Cw
is
Oh
Peter
whoo,
okay,
thank
you,
Peter,
all
right
great.
So
again,
the
other
thing
is
that
we
do
is
when
at
the
microphone
or
when
you
come
off
me,
please
make
sure
to
state
your
name
and
let's
keep
it
professional.
So
here's
our
agenda
basically
put
this
together.
We
had
we
weren't
quite
a
working
group,
so
we
were
going
to
do
administrivia
and
then
do
some
use
cases
and
jump
into
the
protocol.
A
The
chair
is
actually
think
that
we
could
maybe
agenda
bash
these
cases
out
of
the
jar
out
of
this
now,
because,
basically,
we
were
just
going
to
read
the
Charter,
so
we're
not
sure
that
we
really
need
this,
and
maybe
we
could
give
this
five
minutes
back.
Considering
that
I
ate
10
minutes
trying
to
futz
around
my
laptop.
Are
there
any
objections
to
that.
D
D
Next
slide,
when
I
need
the
next
to
it,
and
that
confirms
they
even
hear
me:
okay,
so
I'm
Jeffery,
askin
thanks
everyone
for
coming
thanks
thanks
to
the
chairs
for
volunteering
to
chair.
This
is
kind
of
a
description
of
the
work
that
we've
done
and
the
the
design
sketch
that
we
have
in
this
bundle
of
exchanges
draft
none
of
this
is
final
I'll
describe
at
the
end.
What
Chrome
has
implemented
so
far,
but
treat
that
as
a
prototype
as
a
way
to
gather
evidence
rather
than
kind
of
solidifying?
What
what
has
to
happen?
D
So
the
general
semantics
of
a
bundle
are
that
it's
a
sequence
of
bytes
or
a
file
that
might
be
retrieved
from
a
URL
might
be
stored
on
local
disk
kind
of
whatever
it
contains
a
set
which
sometimes
I've
been
thinking
out
of
the
cache
of
HTTP
like
resources.
Each
resource
like
an
HTTP,
is
addressed
by
a
URL
and
there's
some
support
in
the
in
the
format
for
content
negotiation
right
now
expressed
with
Mark
Nottingham's
variants
headers,
but
that
has
changed
at
least
once
in
the
evolution
of
the
format
and
could
change
again
to
select
representations.
D
There's
also
some
bundle
wide
metadata.
The
bundle
starts
with
a
prime
with
a
or
L
of
a
primary
resource,
which
is
used
by
a
client.
If
someone
navigates
to
the
bundle
they
actually
load
that
primary
resource.
If
the
client
can't
parse
the
whole
bundle
it
can
redirect
to
that
resource,
so
that's
kind
of
the
required
bit
of
metadata
and
then
there's
there's
another
field
where
you
can
stick
the
ARL
of
a
wreath
of
an
internal
resource,
that's
something
like
a
web
app
manifest
or
the
ePub
packaged
document,
or
some
other
manifest
like
metadata
format.
D
See
a
resource
inside
a
bundle
is
addressed
by
a
full
URL.
So
there's
there,
some
Authority
inside
that
that
URL,
the
resource
might
be
authoritative
for
the
URL
and
HCP,
defines
or
uses
this
notion
of
an
authoritative
response
and
there's
there's
several
conditions
that
might
cause
the
resource
to
be
authoritative.
The
one
that
I
think
is
it's
pretty
safe
is
if
the
bundle
was
retrieved
from
the
same
thing,
HTTP
origin
and
if
you're
familiar
with
service
workers,
you,
you
might
have
heard
of
the
of
a
path
restriction
there.
D
So
now
we
have
this
kind
of
goal
to
have
a
format.
There's
a
lot
of
formats
out
there.
We
need
to
make
sure
that
we're
not
just
kind
of
adding
to
the
pile
that
there's
that
either
we
reuse
an
existing
one
or
there's
some
compelling
reason
to
design
something
new
and
right
now.
I
think
there's
compelling
reasons
to
design
something
new,
but
we
should
always
be
kind
of.
D
As
we
refine
the
needs
in
this
working
group,
we
should
always
be
paying
attention
to
the
possibility
that
that
will
eliminate
a
requirement
and
that
will
allow
us
to
reuse
something
next
slide
you
so
some
of
the
properties
of
the
current
design
we're
trying
to
make
it
secure,
trying
to
make
it
extensible
we're
trying
to
make
it
usable
in
a
random-access
way
and
to
load
the
content
in
a
streaming
way
and
I'll
describe
the
what
those
mean
in
the
next
couple
slides.
So
next
slide.
D
D
So,
for
instance,
zip
allows
implementations
to
read
to
make
at
least
two
kinds
of
mistakes
in
picking
what
the
name
of
a
resources
they
can.
They
can
read
it
from
the
resource
header
instead
of
the
global
index,
and
they
can
pick
the
the
first
instead
of
the
last
of
the
last,
instead
of
the
first
copy
of
a
name
from
that
that
index
and
that
has
caused
secure
security
vulnerabilities.
So
we
don't
want.
We
don't
want
to
do
that.
We
want
to
make
the
format
easy
to
parse.
D
Don't
don't
have
a
lot
of
kind
of
choices
in
the
format
which
would
increase
implementation
complexity.
I!
Don't
claim
that
that
the
format
is
kind
of
meets
this
goal
perfectly,
but
it's
it's
kind
of
a
design
goal
that
that
we
trade-off
that
we
should
trade-off
a
kind
of
changes
in
the
format
against
next
slide.
D
The
current
format
is
extensible
by
adding
new
metadata
sections.
This
is
similar
to
a
bunch
of
other
formats
like
being
and
japheth,
and
the
current
support
for
signatures
are
done
as
an
extension,
section,
they're
kind
of
a
side
side
piece
of
the
format,
rather
than
integrated
into
the
whole
thing
next
slide,
so
we
want
it
to
be
random
access.
D
One
one
property
that
we
don't
have
is
that
assert
is
to
allow
a
server
to
stream
the
generation
of
a
bundle
and
the
Charter,
also
kind
of.
Does
it's
not
explicitly
but
intentionally
skip
this
possible
property
in
order
to
get
it,
we
would
have
to
to
get
rid
of
of
at
least
one
of
the
other
properties.
D
D
So
one
of
the
questions
run
into
in
using
bundled
is
how
do
we?
How
do
we
name
the
contents
of
the
bundle
so
on
this
slide
is,
is
a
sketch
of
a
URL
scheme
or
URI
scheme
that
that
might
work.
It
includes
both
the
URL
of
the
bundle
and
the
URL
of
the
of
the
resource
inside
the
bundle
structured
in
a
way
that
that
the
the
important
parts
wind
up
in
the
in
what
a
web
browser
would
parts
of
the
origin.
D
There's
a
question
of
whether
we
can
use
the
package
colon,
slash,
slash
URL,
where
we
have
to
use
back
into
colon
that
that
I
think
will
we'll
discuss
more
in
the
future,
and
then
we
we
want
to
assign
a
web
origin
to
all
of
these
resources.
My
initial
thought
had
been
to
assign
the
origin
as
the
URL.
D
It's
also
possible
to
do
an
origin
based
on
the
content
of
the
of
the
resource
and
it's
important
to
avoid
having
to
hash
the
whole
things
that
we,
we
probably
would
use
something
like
Martin,
Thompson's,
Merkel
integrity,
hash
system.
But
again,
that's
that's
something
that
we
can
work
out
in
the
future.
The
critical
thing
is
that
we
need
a
way
to
to
address
the
contents
and
end
a
web
origin
for
those
contents.
D
Let's
see
next
slide
you,
so
these
are.
These
are
partially
in
for
some
use
cases
in
chromium,
it's
currently
possible
to
navigate
to
a
bundle
and
there's
a
web
dev
article
describing
how
you
do
that
and
giving
some
some
demos
we're
working
on
being
able
to
load
sub
resources
from
a
bundle.
So
this
is
things
like
provide
all
the
images
on
a
page
in
one
download
or
provide
a
JavaScript
module
tree
in
one
file.
This.
D
D
Should
we
separate
the
streamable
format
from
the
random-access
format?
So
if
we
have
either
two
different
formats
or
or
two
options
within
the
format,
it
can,
let
us
be
a
little
more
optimal
for
both
at
the
cost
of
implementation
complexity,
and
the
question
is
whether
that's
worth
it
and
then
that
the
urls
and
origins
for
the
resources
still
still
meet
a
lot
of
design
and
and
people
who
know
about
urls.
D
It
would
be
nice
to
tell
us
whether
we've
got
it
right
or
whether
there's
a
better
way
to
do
it.
I,
don't
think
we're
trying
to
come
to
any
firm
conclusions
at
this
meeting.
This
is
just
kind
of
things
to
start
talking
about
looking
for
stuff
to
pay
attention
to
and
looking
for
people
to
to
help
draft
a
kind
of
the
answers
to
these
questions.
C
Chris
for
Lucas,
hey
Jeffrey,
you
said
something
about
random
access,
I'm,
trying
to
figure
out
what,
though
desirable
random
access
properties
you
have
are
on,
namely
so
I
heard.
You
say
that
you
should
be
able
to.
You
know
access
a
subsection
on
without
having
like
scrutiny,
it
skims
the
entire.
You
know
the
entire
bundle
or
at
least
who,
on
average,
half
the
bundle
on
and
I
thought.
C
I
heard
you
say
something
about
being
able
to
use
pieces
of
subsections
without
reading
the
entire
subsection
did
I
hear
you
correctly
II,
let's
see
so
they
say.
C
Of
the
image
right,
what.
D
Point
do
you
think
I
should
going
to
use
the
image
right,
so
the
design
so
far
has
been
that
you
should
be
able
to
go
straight
to
an
image,
and
then
you
should.
You
should
have
to
read
the
prefix
of
the
image
to
start
to
start
using
it,
and
if
these,
if
these
things
are
have
some
sort
of
integrity
attached,
I've
been
using
Martin
Thompson's
Merkel
integrity
to
allow
you
to
read
just
the
first
chunk
before
you
start
using
it.
D
If
there's
no
integrity
and
no
signature,
you
could
probably
you
can
probably
just
read
the
first
byte
and
use
that
I
have
not
in
trying
to
let
you
read
kind
of
the
last
half
and
then
use
just
that
last
half
there
are
there
potentially
some
use
cases
around
video
that
and
kind
of
very
large
resources
that
might
benefit
from
that.
But
what
I've
heard
from
people
who
do
video
is
that
they're
already
used
to
chopping
up
the
videos
into
small
files,
and
so
it's
it's
not
a
requirement
to
that
use
case.
Great
I,
actually,
don't.
C
C
D
Right,
so
you
could
have
several
different
representations
at
one
URL,
using
I'm
using
the
HTTP
terminology,
which
is
not
not
Universal.
So
that
is,
if
you
have
both
like
an
image
and
an
a
HTML
page
at
the
same
URL
that
you
use
the
accept
header
to
pick
between
or
if
you
have
two
different
languages
at
the
same
URL
that
you
use
except
language
to
pick
between
or
gzip
than
and
bz2
or
or
whatever
do
we
want
to
support
that?
A
Okay,
Thank
You
Jeffrey.
That
was
the
end
of
the
my
cue
so
from
a
chairs
perspective
understanding.
This
is
the
early
days
of
the
working
group.
What
we're
looking
at
trying
to
figure
out
what
this
track
is,
whether
this
is
kind
of
a
good
starting
spot
for
the
working
group
to
begin
its
work,
so
we're
not
going
to
do
that
call
immediately,
but
that's
how
people
should
be
thinking
about
looking
at
this
draft
because
there's
not
not
something
that
really
else
is
coming
along.
A
This
is
essentially
like
what
we're
trying
to
fix
between
the
two
so
and
then
in
the
coming
weeks
and
months.
I
guess
people
should
think
about
whether
this
is
a
draft
where
we
want
to
start
from.
F
F
We
really
have
enough
time
here
to
talk
about
whether
it's
appropriate
to
have
some
concept
of
your
eyes
or
identification
for
these
things
integrated.
We
obviously
just
had
a
discussion
about
how
integrity
interacts
with
this
sort
of
thing.
That
too
I
think
is
an
important
discussion
to
have,
but
it
may
be
a
separate
thing
who.
A
C
Sorry
I
think
I'm
back
in
the
queue
as
okay
I
was
on
Air
Patrol
again.
Yeah
I
think
that
the
there's
a
conceptual
sort
of
question
here,
which
is
what
the
relationship
of
is
of
the
stuff
in
the
bundle
to
stuff
outside
the
bump
neck,
okay,
and
make
that
partly
dictates.
You
know
Martin's
question
about
like
the
URLs
and
part.
C
There
are
things
so
like,
hypothetically
speaking,
you
know
you
know
as
a
concrete
example,
you
say
well,
you
know
I've
got
like
a
web
page
and
then
it's
got
a
bunch
of
like
you
know
and
like
I
said,
one
classic
way
to
build
an
app
right
is
you've
got
like
a
giant
like
tar
ball
of
like
supporting
garbage,
and
then
you
have
like
a
master
web
page
which
loads
it
up
and
often
like.
C
If
you
like,
using
Django
or
something,
then
you
like,
pull
in
you
know
like
interpolate,
JavaScript,
terribly
values
into
the
rest
of
web
page
slash,
it
has
to
be
like
has
to
be
like
you
know,
online
generated,
but
everything
else
could
be
static
right,
and
so
so
one
when
a
super
important
question
is
like
diz
stuff.
In
the
bundle
into
the
cache-
and
they
get
referenced
by
references
in
that
in
that
and
that
generated
thing
and
I
think
that's
probably
the
that's
probably
the
use
case
function
that
force
factors.
C
D
The
cube,
sorry
I
wasn't
sure
if
I
was
like
standing
at
the
front
of
the
room
or
in
the
mic,
you
you're
still
basically
at
the
front
of
the
room.
You
can
address
the
yeah.
So
so
my
my
goal
has
been
to
to
make
it
possible
that
I,
you
you
take
the
stuff
in
a
bundle
and
you
kind
of
trusted,
as
as
coming
from
the
from
the
authoritative
server
and
for
four
things
at
the
same
pass
or
things
within
things
under
the
same
path
that
that
seems
pretty
safe.
G
Yes,
so
I
think
that
it's
basically
essential
for
some
of
the
use
cases
to
to
be
able
to
interact
with
the
resources
that
are
in
the
bundle
outside
of
it
and
I'm.
Mostly
thinking
about
the
role
of
slash
webpack,
you
case,
where
we
able
to
be
able
to
bundle
different
JavaScript
resources,
instead
of,
what's
currently
being
done
by
tools.
Turning
the
image.
One
big
chunk.
A
A
D
Yeah,
so
we've
we've
had
a
little
bit
of
discussion
on
the
list
for
a
counterproposal
to
the
designed
exchanges
draft
and
this
this
is
kind
of
a
reframing
of
what
what
the
signed
exchanges
draft
does
in
the
context
of
bundles
and
and
in
the
context
of
what
what
pieces
are,
are
contentious.
So
this
is
this
is
a
way
of
establishing
Authority
for
for
a
resource
inside
a
bundle
that
is
based
on
signatures.
D
D
So
authenticity
is
the
way
that
I'm
talking
about
it
is
that
the
user
gets
a
piece
of
content
while
they're
offline,
they
may
might
get
it
from
their
friend.
They
might
get
it
maybe
from
a
web
server,
that's
closer
to
them
or
that
they've
already
been
interacting
with
rather
than
going
directly
to
the
origin,
and
they
need
to
know
what,
where
the
content
came
from
in
a
in
a
way
that
they
they
understand,
they
need
to
know
whether
they
can
trust
the
content
and
and
there's
a
caveat
here.
D
There
was
a
presentation
at
enigma
conf
last
year
that
URLs
are
not
actually
good
at
expressing
authenticity
to
users.
Users,
don't
don't
really
understand
what
what
a
URL
means,
but
then
what
we
have
and
we're
fixing
them
for
the
online
case,
so
so
providing
them
for
the
offline
case
would
would
at
least
get
that
to
parity
with
with
what
we're
doing
well
online
next
slide.
Please.
D
D
Have
existing
certificate
authorities
check
that
that
the
person
who
owns
that
private
key
is
the
same
one
who
owns
a
particular
domain
and
then
give
the
give
the
thing
they
find
an
origin
of
that
domain,
so
give
them?
If
you,
if
you
know
how
to
find
things
as
a
domain,
then
your
content
can
be
can
be
trusted
as
that
domain
next
slide.
D
So
this
has
this
has
a
bunch
of
downsides.
In
addition
to
the
to
the
upsides,
it
allows
off
paths
attackers.
It
means
that
users
might
might
continue
using
content
that
the
author
would
like
to
have
revoked.
There's
a
pile
of
security
considerations
in
the
draft
there's
a
logistical
problem
within
updating
the
signatures.
So
next
slide.
D
So
normally
an
attacker
who
gets
a
TLS
private
key
that
they
shouldn't
have
still
has
some
logistical
challenges
in
actually
attacking
people
with
it
they
have
to.
They
have
to
intercept
the
users,
DNS
requests
or
or
somehow
yet
get
on
the
path
between
the
user
and
the
actual
site.
If
you
get
a
sign
exchange
private
key,
you
avoid
all
of
those
challenges
you
can
just
attack.
People
next
slide.
D
D
Within
that
couple
day,
time
frame,
and-
and
we
really
like
to
be
able
to
avoid
that
somehow
so
so,
we've
got
this
kind
of
relatively
simple
to
think
about
system
in
which
kind
of.
If
you
find
something,
then
it
can
act
with
you
and
there's
this
pile
of
downsides,
and
so
I
want
to
take
questions
on
the
next
slide
about
kind
of
any
details
of
this.
A
F
So
I
apologize
for
not
being
able
to
keep
up
with
the
Java
chat
and
Geoffrey
at
the
same
time,
so
I
may
have
missed
something
there.
There's
a
bunch
of
questions
here
that
I
think
are
really
important,
and
I
probably
should
have
had
some
comments
on
that
last
one.
But
anyway
this
is
I,
guess
an
alternative
rephrase
reframing
of
the
the
problem
space
next
slide.
Please.
F
Okay,
so
as
a
bit
of
a
review,
the
current
web
security
model
depends
on
TLS
connections.
We
have
these
things
called
service
workers
that
aim
to
support
the
transition
from
an
online
state
to
an
offline
state.
Often
that's
just
a
periodic
thing,
so
people
use
them
to
deal
with
temporary
glitches
in
in
connectivity.
F
There's
not
a
lot
of
sites
that
use
this
capability.
We
see
that
web
service
workers
use
for
push
messaging
and
not
a
lot
of,
but
the
premise
there
is
that
you
have
some
sort
of
online
connectivity
with
an
origin
before
you.
You
have
any
ability
to
go
offline,
but
there
are
emerging
drivers
now
for
real
offline
solutions.
So
we
have
a
ton
of
people
who
aren't
online
much
and
that's
much
of
much
of
the
world.
F
F
And
we
have
to
assume
that,
if
we're
using
the
web
and
these
these
things
are
web
applications
or
websites
we're
using
them
offline,
it
means
that
we
want
to
come
and
do
some
communication
some
later
point.
It
doesn't
make
a
whole
lot
of
sense
to
have.
Essentially
this
be
a
an
application
delivery
platform
with
no
future
possibility
of
online
communication.
We
already
have
plenty
of
alternatives
in
that
space.
F
So,
as
Jeffrey
talked
about
the
authority,
question
is
kind
of
key
to
this.
Someone
can't
connect.
How
do
we,
how
do
we
connect
this
online
notion
of
authority
to
the
notion
that
we
have
here
of
applying
something
or
other
if
we
talked
about
using
signatures?
I,
don't
know
that
that's
entirely
necessary,
but
it
certainly
has
some
some
value.
F
Jeffrey
talked
about
what
it
is
that
we
display
in
the
the
page
in
terms
of
origin
and
there's
a
bunch
of
really
hard
questions
there.
That
need
need
some
consideration.
It's
a
next
page
I
think
I
might
skip
over
this
a
little
bit.
This
is
essentially
my
one
page
summary
of
the
signed
exchanges
thing
you
take
a
bunch
of
stuff,
you
sign
it
and
then
it
becomes
part
of
a
real
online
origin.
F
F
We
have
potential
diversification
of
the
wave
in
which
we
determine
what
authority
means
and
Geoffrey
talked
about
this
a
little
bit
as
well,
because
we
diversified
with
potentially
a
week
and
what
it
means
to
have
authority
and
there's
a
bunch
of
things
that
you
have
to
do
in
order
to
to
work
through
that
the
revocation
status
and
and
so
forth
is
quite
quite
challenging.
One
of
the
major
problems
identified
there
was
content.
F
Has
this
limited,
lifetim
I
think
we're
talking
about
seven
days,
which
actually,
in
practice
turns
into
quite
a
usable
usability
problem
in
the
sense
that
you
can't
have
offline
content?
That's
good
for
very
long
because
of
things
like
clock,
skew
and
various
other
padding.
You
only
have
a
couple
of
days
worth
of
usage,
there's
a
bunch
of
other
minor
things
that
go
along
with
that
as
well,
but
anyway,
to
the
proposal.
Next
slide.
F
So
the
idea
is
to
give
content
its
own
origin,
distinct
from
the
online
origin
that
it
might
aspire
to
be
part
of,
and
distinct
from
the
origin
that
may
have
delivered
that
content.
F
The
bun
will
have
to
identify
the
target
origin,
there's
some
bunch
of
reasons
why
you
might
want
to
do
that
sort
of
thing
and
at
the
time
when
you
come
online
again
or
you
decide
to
come
online,
because
some
of
these
things
are
discretionary
rather
than
simply
in
consequence
of
not
having
an
internet
connection,
you
ask
the
target
origin
whether
it
wants
to
automate
it
wants
to
accept
the
the
content
and
it
can
reject
that,
which
is
an
important
thing.
Next
slide
please.
F
So
this
is
obviously
very
drafty
and
sketchy,
but
you
would
say,
give
a
bundle.
New
type
of
origin
I
used
the
named
information,
your
eye
scheme
here,
because
that
was
already
available,
but
obviously
there's
a
bunch
of
other
ways.
We
could
slice
this
up,
but
here
we
have
a
different
type
of
origin
and
browsers
know
how
to
deal
with
origins.
So
we
can
treat
this
like
any
other
origin.
F
F
So
in
designating
a
target,
the
bundle
identifies
where
it
wants
its
information
to
go
and
it
then
initiates
a
transfer
to
that
to
URL,
and
so
the
browser
fetches
that
URL
asks
that
URL
essentially
issues
a
challenge
and
if
the
site
answers
the
challenge
correctly,
then
it
the
site
navigates
to
that
online
origin,
but
takes
along
with
it
all
of
the
state
and
all
the
content
that
was
contained
in
the
bundle.
So
anything
that's
been
built
up
over
time.
We
would
go
along
with
that
transition.
F
H
F
Know
that
this
is
something
that
I'm
committed
to,
but
it
seemed
like
a
neat
way
to
solve
some
of
the
problems.
Essentially
when
you,
when
you
have
a
transfer
from
the
offline
thing
to
the
online
thing,
the
origin
that
you
had
previously
now
becomes
an
alias
for
the
for
the
thing
that
was,
it
was
transferring
information
to,
and
so
that
allows
you
to
do
things
like
well.
If
people
were
previously
talking
to
the
offline
origin,
then
those
messages
will
be
seamlessly
routed
to
the
online
version
at
the
same
I.
F
Don't
know
if
this
is
absolutely
necessary,
but
at
the
same
convenient
yes,
our
next
page,
please.
So
there
are
two
ways
in
which
you
might
fail
to
transition.
If
you
fail
a
transfer
that
that
is
because
you're
offline
or
the
server
gives
you
a
server
failure,
error
or
something
along
those
lines,
then
the
content
and
all
the
state
associated
with
it
just
sort
of
remains
in
the
offline
origin
that
you
add
in
the
content.
F
But
if
the
server
fails,
the
challenge
and
returns
a
positive
response
to
your
request,
but
doesn't
provide
you
with
a
clear
indication
that
it
understands
there.
The
requests
that
you
made
of
it,
then,
what
happens
is
that
all
of
the
state
that
you
might
want
to
transfer
it
doesn't
transfer
and
you
just
navigate
to
the
to
the
target
URL
and
lose
any
of
their
continuity
and.
F
Probably
the
more
interesting
one
is
that
content
isn't
really
attributed
to
an
origin
that
people
understand.
That
is
only
a
potential.
The
the
target
origin
is
is
potential
only,
and
that
means
that
you
can't
do
things
like
show
that
target
in
the
URL
bar.
You
can't
say
that
this
is
a
particular
website.
Example
com.
You
have
some
sort
of
a
big
gibberish
that
you
want
to
show
someone
which
doesn't
really
work
from
user
usability
perspective.
F
The
transition
to
online
takes
a
round
trip.
If
you
look
at
the
signed
exchanges
proposal,
one
of
the
advantages,
I
guess
is
that
in
particularly
the
amp
use
case,
you
have
a
distributor,
can
take
a
bundle
of
content.
Give
that
to
you,
you
render
it
all
up
and
they
say
go
and
the
transition
to
something
that
looks
to
be
online
is
virtually
immediate,
there's
no
back
and
forth
to
the
server,
whereas
this
requires
that
you
go
back
to
to
the
server
the
state
transfer.
F
Stuff
is
kind
of
non-trivial,
particularly
when
you
consider
the
possibility
for
a
particular
target
origin
to
have
multiple
bundles
outstandings
have
a
bundle
for
every
user
news,
article
on
a
site
and
every
single
one
of
them
had
state
accumulated
with
that
merging
all
of
the
information
is
quite
challenging
and
there's
been
probably
a
bunch
of
other
things
that
I
haven't,
thought
of,
and
there's
a
few
other
things
in
the
draft
next
slide,
please
so
just
to
go
through
the
the
amp
case.
In
a
little
bit
more
detail,
you
can
imagine
that.
F
F
They
essentially
tell
the
the
browser
not
to
communicate
with
those
sites,
but
they
provide
them
with
a
bundle
of
content
that
is
for
those
sites.
The
browser
can
then
do
things
like
pre-rendering
that
content
and
building
it
up.
If
you
look
at
the
way
that
the
content
origins,
work
actually
proposes,
this
work
is
those
those
things
would
operate
in
an
offline
origin
by
choice
for
the
book
for
the
purposes
of
preparing
that
content
for
for
display.
F
But
this
is
a
very
short
period
of
time,
because
once
someone
clicks
on
the
link
and
follows
into
that
offline
origin,
the
transfer
to
an
online
origin
would
then
be
effectively
immediate.
So
the
state,
the
accumulation
problem,
isn't
so
much
of
a
big
deal.
In
this
case,
we
only
have
to
worry
about
the
the
transition
to
to
being
a
in
an
online
origin,
so
there
might
be
a
one
round-trip
time.
While
you
talk
to
the
server
and
check
things,
but
it
would
immediately
then
flip
across
to
the
target
origin.
F
So
in
a
sense,
this
case
is
much
easier
to
handle
than
having
a
fully
offline
experience,
but
there
are
a
bunch
of
usability
problems
to
go
along
with
that.
One
I
think
that's
all
the
slides
I
had
we
got
to
the
next
one.
We
have
a
nice
pattern
and
that's
all
and
I
think
blood
than
the
Florida
questions.
Yeah,
don't
worry
about.
A
I
Can
you
hear
me
yes
here,
you're
good
I'm
interested
in
some
other
use.
Cases
like
take
the
example
of
PDF
get
a
package
of
things
that
are
attentive
to
our
injury.
Of
course
it
has
a
paged
imaging
model
which
is
inappropriate
for
the
web,
but
otherwise
you
could
take
some
clue
from
APA
a
PDF
file.
When
you
sit
into
someone
you
were
the
person.
Maybe
you
gathered
the
information
from
a
web
page.
I
To
have
had
that
the
youth
case
that
is
currently
for
pedia
of
taking
a
web
page
and
archiving
it
and
are
taking
a
web
page
and
signing
it
as
their
final
urgent
and
that
that
would
be
an
interesting
kind
of
replacement,
and
the
other
thing
is
that,
if
you
do
people
do
this
with
data
:
you
or
URL,
they
have
data
that
they
want
to
be
part
of
the
package
and
I'd
like
to
see
this
physics
was
released,
the
goals
obsolete
and
just
to
think
through.
What
is
the
origin
of
a
data?
I
Then,
to
other
use
cases
that
I'm
not
sure
are
as
quite
as
strong.
Well,
the
multi-part
related
forum,
a
to
Mel
and
multi-part
form.
Data
for
file.
Uploads
are
other
instances
of
packaging
that
you
want
packaging
to
be
whatever
word
every
fact
does
to
be
able
to
do
absolutely
because
the
way
that's
it.
Thank
you.
J
J
What
sitting
to
me
about
all
of
this
is
that
both
of
these
kind
of
feel
like
something
which
I'm
more
familiar
with,
which
is
web
caching
and
in
web
caching.
I
can
still
use
a
resource
even
if
I'm
not
immediately
connected
to
something
because
I've
done
it
before
and
I
had
an
explicit
cache
lifetime.
Now
I
can't
handle
my
cache
contents
to
you,
Martin
and
you,
you
know
then
be
able
to
use
them
as
it
came
from
the
origin
but
I'm
still
using
it
without
a
direct.
B
I
wanted
to
first
say
that
a
lot
of
the
security
problems
you're
talking
about
at
least
sound,
like
they
are
solved
by
a
distributor
whitelisting
of
some
sort.
That
is,
if
you're
worried
about
things
like
the
stolen
key
attacks,
that,
if
you,
if
you
can
make
a
long-term
delegation
to
our
trust,
certian
to
a
distributor.
H
B
B
F
That's
that's
an
interesting
suggestion,
but
I
do
seriously
contemplate
that
approach,
but
one
of
the
things
that's
come
out
in
the
discussions
is
that
there's
there's
a
lot
of
case
cases
where
you
can
just
do
things
like
take
an
index
DB
database
and
drop
it
across
and
you
don't
have
to
put
special
code
in
the
the
origin
to
handle
that
case.
I
was
using
database
X
I
continue
to
use
database
X
after
the
transfer.
F
That's
fine
I
know
that
no
one
else,
no
other
bundles
or
no
other
resources
on
this
on
this
origin
will
be
mucking
with
that
content.
So
this
is
this
is
safe
for
me
to
do.
It
gets
a
little
more
interesting
when
you
have
multiple
potential
bundles,
interacting
with
the
same
database,
which
is
why
the
the
transfer
exists.
But,
yes,
it
does
have
some
some
complexities
involved.
K
What's
my
from
router,
so
I
think
you
really
can
punt
on
the
state
achieve
some.
If
you
provide
the
mechanism
to
get
the
state
and
Noah
bundle
meet
it,
then
the
application
developer
can
decide
is,
is
too
old
to
merge,
or
it
is
still
merger
Bowl,
either
server,
side
or
client
side
depend
on
how
they're
doing
that
already.
The
other
thing
is
with
terms
of
layering
I.
Think
you
really
want
this,
because
if
you
have
a
web
application,
where
you
have
some
JavaScript,
that's
really
setting
everything
up.
K
F
Right,
so
that's
a
good
question
off
one
of
the
things
that
I'd
imagine
doing
here
was
using
the
progressive
hash
based
stuff
the
different
I've
been
working
on.
He
says
it's
my
work,
I
say
that
he's
allowed
to
claim
that
as
well,
which
which
essentially
says
that
you
you
can
use
one
of
the
you
can
use
the
advertised
hash
of
the
content
prior
to
actually
knowing
the
whole
content
and
receiving
the
entire
bundle.
Obviously
you
need
to
validate
that,
but
you
can
potentially
do
that
as
well.
Okay,.
F
C
Howdy
so
Martin
I
guess
you
know
that
III
Meyer
the
period
this
proposal
I
think
offline,
I
email,
you
a
sort
of
hybrid
proposal
on
this,
where
things
are
named,
not
by
content
hashes
but
by
I'm
signature,
but
by
finisher
keys
on
the
D
I.
Think
that
has
some
of
the
properties
of
each
these
proposals
on
in
particular.
It
allows
you
to
like
you
know
it
allows
you
to
upgrade
the
to
means.
C
Packages
as
are
upgraded,
but
then
it
but
then
it
has
some
of
the
same
compromised
properties
of.
H
C
A
compromise
process
properties
designing
pass
so
I
think
it's
great
to
have
these
two
examples
on
either
side
of
it.
But
I
just
want
to
float
that,
like
the
intermediate
it
has
said,
you
know
looser
combination,
the
two
properties
that
woman
imagine
thinking
was
good
or
my
not
yeah.
F
C
Marge
please,
if
I
already
peer
to
peer
enthusiasts,
so
I,
really
like
a
lot
of
some
of
what
this
is
doing
as
I
put
it
into
the
chat.
I
think
there
are
definitely
cases
here
where
this
could
be
useful,
either
in
the
presence
of
sinkers,
like
the
son,
bundles
that
they
are
now
or
to
move
from
kind
of
a
context
where
you
have
something
which
is
not
signed
and
be
able
to
treat
it.
His
sign
and
kind
of
joining
those
two
contexts
would
be
quite
useful.
C
Bundles
I
think
we
we
have
in
our
charter
the
ability
to
receive
a
web
package
or
an
entity
other
than
the
origin
server
and
have
a
cognitive
experience
and
State
that's
kind
of
a
key
goal
here
and
for
me,
that's
always
meant
that
you
be
able
to
do
this
in
a
way
or
that
continuity
of
state
merges
with
state
that's
already
there
and
I
think
we
kind
of
motivated
that
on
the
list
ended
with
a
simple
example
and
I
did
with
a
more
dire
one,
but
I'm
I'm
really
interested
to
hear
whether
you're
you're
willing
to
pursue
this,
even
if
we
also
continue
to
go
for
the
signed
exchanges,
because
I
personally
think
that
would
be
useful.
C
F
Don't
think
this
is
necessarily
exclusively
that
an
an
alternative
to
what
Jeffrey
has
proposed
I
think
this
is
just
yeah,
eliminating
some
of
the
other
opportunities
that
we
have
for
things
in
this
space.
I'm
going
to
have
to
come.
Come
back
to
that
discussion,
we
had
on
the
list.
I
think
there
are
some
some
interesting
pitfall
so
that
creates
that
taking
an
approach,
that's
more
toward
this
end
of
the
space
might
avoid
so
I
think,
there's
probably
a
bunch
more
iteration.
F
C
Really
appreciate
your
willingness
to
engage
in
that
iteration
and
I
agree
with
you
that
that's
going
to
be
a
key
piece
to
this.
So
the
way
I
think
about
this
and-
and
there
are
107
people
on
on
the
webbing-
so
certainly
somebody
hasn't
heard
me
natter
about
this
in
the
past-
is
that
with
this
system
in
place,
you
get
the
consequence
that
the
web
can
continue.
The
internet
is
withdrawn
and
that's
something
that
you
know
the
references
to
the
other
bundle
protected.
Dt
ends.
C
A
solid
is
a
really
interesting
thing
for
those
of
us
who
care
a
lot
about
your
if
your
cases
and
in
particular,
given
a
possibility
that
the
Internet
is
withdrawn
and
in
consequence
that
something
outside
the
users
with
control,
not
just
they
didn't
turn
on
their
as
cellular
their
network.
So
I
would
really
like
us
to
distinguish
between
cases
where
that
maybe
isn't
the
primary
goal,
but
is
still
something
we
can
support
a
little
bit
more
work
and
cases
well
or
some
seek
in
30
or
other
per
trade
off.
F
I
think
this
is
a
really
interesting
space
to
be
working
in
one
of
the
reasons
why
I
hadn't
thought
so
much
about
the
Internet
is
withdrawn.
Being
something
that
this
working
group
was
was
interested
in
is
that
we
we
sort
of
have
a
self-service
option
for
that
one
in
in
service
workers
I'm
not
sure
that
I'm
especially
happy
with
that
solution
and
adoption
of
that
particular
capability
sort
of
indicates
that
other
people
aren't
either
so
so
they
going
to
talk
about
it.
A
Okay,
just
a
quick
note
that
we
only
have
a
16
minutes
left
in
this
session
and
still
one
more
ten-minute
presentation
from
Martin
and
Jeffrey,
and
then
we
had
50
minutes
of
discussion
at
the
end,
but
we're
not
going
to
have
that
full
amount
of
time.
Devon
and
EKG
EKG
just
took
himself
out
of
the
queue
but
Devon.
If
you
could,
please
make
it
kind
of
quick
so
that
we
can
get
Jeffery
and
one
slash
resilient,
hi.
B
Yeah,
can
you
hear
me
this
is
Devon
Mullen
theis,
going
to
add
two
nuances.
One
is
the
amp.
Is
the
concept
that
amp
is
sort
of
offline
by
choice
for
a
little
bit
is
mostly
true
but
I?
Guess
it's
it
for
resources
that
don't
require
the
authoritative
origin.
They
could
kind
of
race.
The
state
transfer
request
and
the
other
one
a
comet.
B
Is
that
the
comment
that
like
because
the
indexdb
migration,
if
the
database
X
doesn't
exist
in
the
authoritative
the
rotative
space
that
it
would
be
safe
to
just
drop
it
there
I,
don't
think
that
would
be
true
for
arbitrary
and
for
arbitrary
content.
There
is
the
potential
that
kind
of
databases.
X&Amp;Y
could
conflict
in
the
JavaScript
application,
though
I
certainly
don't
know
of
any
kind
of
specific
cases
of
that.
A
All
right
so
we're
switching
gears
to
the
to
a
comparison,
the
I
guess.
We
should
really
preface
to
say
that,
as
you
can
tell
from
the
discussion
that
the
the
two
proposals
are
working
together,
and
so
it's
not
necessarily
true
that
we're
going
to
have
a
beauty
contest,
I
think
we're
actually
trying
to
avoid
that
and
I
guess.
I
appreciate
the
both
the
opportunity
to
work
together
so
I'm
not
sure
how
Geoffrey
and
Martin
how
you
guys
want
to
do
beat
this
up.
But
you
guys
just
want
to
tell
me
next
slide
and
I'll.
D
I
think
I
think
I'm
going
to
do
most
of
the
talking
here,
but
Martin
is
welcome
to
jump
in
and
we'll
both
answer,
questions
and
stuff
yeah.
As
as
Sean
said,
this
is
not
kind
of
an
either/or
question.
I
think
these
are
complementary
approaches
and
that
we
will
eventually
wind
up
taking
some
pieces
of
each.
So
to
recap,
with
a
sign
our
origin,
the
content
gets
its
origin
based
on
who
signs
it
with
a
content
origin.
It's
it's
based
on
the
hash
of
it
spice
and
then
some
online
origin
might
adopt
it
later
next
slide.
D
D
Next
slide
upgrades
are
for
content
origins,
as
I
think
echo
pointed
out
it's
hard
to
to
say
that
the
the
version
I'm
going
to
release
next
week
should
be
able
to
be
an
upgrade
for
the
version
I
released
today,
because
you
don't
know
the
next
week's
versions
hash,
whereas
with
a
signature
you
you
can
say
that
I
trust
this
signer
to
get
my
data
and
then,
when
it
comes
back
online,
we'll
check
with
the
with
the
liveness
check
I
mentioned
in
the
previous
slide.
So
so
signatures
are
probably
an
important
addition
to
the
content
origins.
D
Next
slide,
then
we
have
the
question
of
what
URL
to
display
as
Martin
described
a
content.
Origin
is
not
human
readable.
It's
that
ni,
garbage
and
and
a
signature
from
some
human,
understandable
signer,
gives
you
something
to
put
in
the
URL
bar
I.
Believe
Martin
may
have
something
to
add
here
about
some
details
of
how
we
decide
to
trust
things,
if
not
obvious,
that
that
kind
of
a
7
day
old
signatures
is.
It
is
definitely
what
you
want
to
describe
in
the
URL
bar.
Yes,.
F
So
I
think
probably
the
most
important
thing
here
is
that
when,
when
we
do
something
like
a
hash
based
origin
or
an
origin
based
on
a
signature
key
as
what
what
I
could
suggest,
it
is
that's
not
human
readable.
What
we're
usable
at
anyway,
but
there's
there's
a
distinction
between
the
concept
of
fee
of
the
origin
of
the
browser
has
in
mind
and
separation
of
of
content
and
the
thing
that
is
displayed
to
the
user
and
I.
Think
we
can.
F
We
can
explore
the
the
separation
of
those
states,
one
of
the
things
that
Firefox
has
had
for
a
long
time.
That's
kind
of
unique
in
the
browser
world
is
this
concept
of
extended
attributes
on
on
origins
which
allows
us
to
segregate
off
content
from
a
sense
of
the
same
origin
into
different
different
compartments.
If
you
will,
and
so
that's
a
that's,
a
powerful
concept
of
I
think
might
inform
some
of
the
designs
eventually.
D
A
C
D
Yeah,
so
with
to
solve
the
problem
of
liveness
it'd,
be
nice
to
use
kind
of
origins
for
it.
The
reason
I
mentioned
if
content
origins
work
is
because
the
state
transfer
is
complicated
and
we'll
have
to
we'll
have
to
figure
out
how
to
design
it
for
upgrades.
The
signatures
are
our
key,
so
we
we
need
to
do
something
that
that
involves
identifying
a
signer
who,
who
is
allowed
to
to
get
the
origins,
data
and
then
for
URL
display.
I.
Think
that
we'll
want
to
show
something
based
on
the
signers
origin
in
the
URL
bar.
C
Well,
I
think
I
understood
the
first
two
of
the
first
who
made
that
map
about
lineup
Nevada
is
aspecting
the
last
one
thing
I'm
a
little
confused
on
so
I
mean
I.
Think
in
I
mean
like
in
my
hypothetical
world,
so
I
guess
I
guess
like
made
it.
Let's
just
try
walk
through
these
inner
prefer
to
tell
me
like
anybody
else.
Is
someone
I'll
just
shut
up
this?
If
you
have
nine
minutes,
I
mean
it
seems
to
me
they
designed
exchanges.
What
happens
thanks
tkj?
Go?
They
go
out.
C
C
Okay,
so
I
think
I
think
those
are
the
only
possible
as
far
as
I
can
tell
that's,
like
the
only
possible
way
you
could
like
implement
like
the
content
that
you
either
either
of
the
sort
of
content,
whether
assigning
or
signing
or
non-signing
content
ones
and
like.
Why
would
you
anything
else
for,
like
the
precise
furless
I
know,
changes
one
so.
C
D
Only
talking
about
that
intermediate
state
before
you've
contacted
the
origin,
and
the
question
is
what
what
do
you
show
there
and
I
think
find
exchanges
have
something
to
offer
in
figuring
out
what
to
show
in
that
intermediate
state.
Other
group
got
once
we've
checked
online,
then
you
should
show
the
online
version
right.
C
I
mean
otherwise
I
mean
for
this
content
record.
You
got
like
drop
your
hands
right.
One
thing
I
think
be
useful
to
have
on
these
more
than
I.
Don't
like
this
ended
change
offline
on
about
this
sort
of
you
know,
security,
compromised
property
to
this,
which
I'm
not
sure
I've
read
about
that
well
on.
So,
if
you
guys
have
something
that's
sort
of
like
compares
to
sort
of
like
like
sex,
F,
hos,
compromise
and
and
key
compromised
that'd
be
helpful.
Not
maybe
I'll
do
it.
We
did.
C
H
F
H
H
E
F
Yeah,
so
you
need
two
things:
I'm
sorry
you're
broken
up
and
it
may
be.
May
just
be
me,
but
there's
there's
really
two
things
here.
One
is
the
reputation
that
you
attach
to
the
to
the
content
that
you're
interacting
with
and
the
other
one
is
understanding
where
it
is.
The
information
you're
putting
in
might
not
end
up
going
and,
and
those
may
be
separate
things,
but
both
of
those
are
important
in
this
context.
H
I
would
like
to
tell
suggestions
that
are
in
the
beverage
chat
right
now.
They're
making
me
feel
a
little
bit
better.
One
other
wrinkle
that
I
wanted
to
throw
in
is
one
of
the
major
problems
that
we've
had
with
DNS
SEC,
which
is
another
signed.
Records
signed
content
instead
of
on
incentive
trick,
Sigma
meant
occation
is
proof
of
non-existence
and
we've
got
bundles
and
the
items
within
the
bundles
themselves.
Having
URLs-
and
it's
not
clear
to
me
if
two
different
bundles
could
potentially
contain
resources
that
are
actually
the
same.
H
F
L
This
is
my
bishop.
I
was
just
going
to
comment
in
terms
of
the
origin
display.
I
commented
on
Jabar
I.
Think
probably
the
most
sensible
one
user.
Understandable
thing
is
to
display
that
it's
from
the
origin,
that
as
of
when
it
was
signed
or
last
validated,
and
if
people
are
offline-
and
you
told
them
it's
from
three
weeks
ago-
they're
going
to
be
ok
with
that
because
they
know
they're
offline
I
also
think
in
terms
of
the
transition
to
online
state
I.
L
K
Shelter
here
and
I
was
interested
in
the
thanks
for
these
presentations
and
I'm
interested
in
the
tension
between
control
by
the
origin
and
and
signer
and
control
by
the
user,
and
wondering
how
far
were
shifting
away
from
the
end
user.
Who
wants
to
do
something
different
from
what
the
packager
intended
might
be
able
to
repurpose
the
archival
use
case
or
the
anonymous
passing
on
of
content.
F
A
Okay,
thank
you.
It's
back
to
Sean
for
closing
comments.
We
are
at
find,
though
so
I
will
say.
Thank
you
all
for
your
participation
and
Sean
gets
the
last
word
yeah
again.
Thank
you
for,
for
all
of
your
time.
Apologies
again
for
me,
clubbing
around
my
laptop
eyes,
install
something
for
the
next
time.
Let's
take
it
to
less
folks
thanks
a
lot
by
all
see
you
at
the
plenary.
Okay,.