Internet Engineering Task Force 109, 17 Nov 2020

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF109-CORE-20201117-0500

Description

CORE meeting session at IETF109
2020/11/17 0500

https://datatracker.ietf.org/meeting/109/proceedings/

A

Oh, it's connected all together.

A

A

Okay: let's wait a few minutes also for heim to come.

A

Back any volunteer to take minutes today and be job.

A

B

I can help out but I'll be presenting in three slots so I'll. I.

A

Can we'll find one more person, at least thanks.

C

I lost the connection there for a second sorry welcome back right, yeah, we have still still people are not here, but I have a funny anecdote yeah. So the I have one socket right here where I have the mokula connected this uh phone: okay, it's like a small uh mobile mobile router, and yesterday I unplug it for a moment.

C

I forgot to plug it in and the battery ran out just like a minute ago. So that's why I got disconnected.

C

Anyways is the audio okay or.

A

Yeah that works fine. uh We got christian offering to help taking minutes, but he's also going to present a few things. So one more minute taker would be good for today.

A

Anything anyone that wants to help.

C

And still I mean it might be that we don't need to start right away. We still have a couple of minutes, maybe or one or two minutes more in case some more people join yeah I'll, see everybody yet.

C

um As usual, uh if possible, marco- or I would help with the minutes, but we need I will. We really do need one more because it becomes too.

C

C

Should we volunteer people at random?

C

Maybe we need a taco feature like congratulations. You have been selected.

D

That w3c has w3c, has a robot called zakim that they use on their irc. Chats, and one of the things you can do is ask zakim to randomly pick a scribe, and it remembers who was the scribe in your working group previously and tries not to pick the same person every time.

C

That's a nice feeling.

C

E

C

Francesca you say something sorry.

E

I said I will help.

C

Thank you. Thank you so much. Thank you very much.

C

Okay, so let's start sharing the.

C

C

C

Nice, what's going.

C

C

Okay, so should we start, we are already five minutes past, so welcome to the core session and um and good morning to everybody, those in europe and good good evening or good night and for those in asia. I guess it's good afternoon or or it's earlier actually anyways, um I'm jaime and marco, and I and we are we're having marco tilocca. We are the chairs and we are going to be conducting the session this morning.

C

We assume that everybody has read the drafts as usual and um and everybody is aware of the ipr potential, you know like the the way the apr works in atf. um We won't need blue sheets this time, they're automatically taken. We already have jabber scribes. Do we have javascript.

A

Not formally, but I can have a look at the chat I can.

C

I can also do that as well, and uh we already have two note takers. Thank you, christian and francesca. um Remember that the note well applies um for for the idf interactions.

C

um Well, we have the curate request in imiteco. We have also some new features for um doing some sort of humming, uh which is the show of hands which maybe we will use um for queuing as usual, just type make a column and ask, and and so on, and the meeting will be recorded and, as I said, the blue sheets already automatically filled. So for today's.

C

This is the agenda. We will start with rd and stateless and few other material graphs, the drafts and then move to group com and oscore and friday well, friday will be whatever is left from from this time. As you can see, we have two hours each time. So probably there won't be anything left out, and I think I think we have plenty of time so time for agenda bashing.

C

All right so uh some of the documents so rd as if you have been in the interims you you have seen that we have done a lot of progress and at this point uh well christian we will give an update, um but essentially it's on the ad table.

C

All of the isg comments were addressed and um I have to finish the write up. I will take some notes from from this session, but after that, then we are done on stateless, um similar situation, uh pretty much an 80 follow-up and we will have the presentation by michael.

C

The vrn we've had some uh updates uh by jari and I think, also pretty much ready and similarly with the core request stack, so we have quite quite good progress. I think we can accomplish. I mean this can be done very quickly um and let's see, let's see how the session uh develops for, for the first two then uh on post working group last call so we are awaiting the write up on on the core conf cluster and yeah. That's essentially the status. I believe.

C

And then for oscor group com, so the working glass call has concluded and the comments were processed. um I believe the marco correct me if I'm wrong, like we needed a few more reviewers or whatever.

A

You came during the hackathon from christian, so next step is to process that review and well. I have an update in the presentation later perfect.

C

So that's it without further ado. I guess we can start with rd, which is resource directory christian. Are you ready? Yes, okay, just a second, then I am not ready I'll. Remove my video sorry.

B

So um this is hopefully one of the later updates of resource directory next slide. Please um we've published a dash um 26 just before the cutoff, which managed, which includes all the changes that were necessary due to the iesg review.

B

I won't go through all of them here, because there is a detailed changelog and if you have anything particular then please look it up there. How about there's four things that I'd like to point out first, is that a new section was added a new. uh Basically, security policy was added for previously this only outlined, however, security policy means what a security policy could do, and now we have a concrete example which may be chosen by implementations as a default policy.

B

If you have something that's kind of install and run that this is something that it can do.

B

There was a lot of clarification around the discovery process, which now says more explicitly that this the host discoveries itself, which, of course from things like dhcp options, etc, um is not particularly relied on in terms of security or the path discovery is if there are um in in particular cases.

B

um One change that might come as a surprise for implementers is that we found out that that, basically, we didn't think of whether it's a good idea to use the well-known core resource just post, um simple registrations there as well.

B

It turned out there's no really good reason to answer that um that question that came about that. So it was actually changed to a new um to a new, well-known resort to be registered resource and a lot of the examples had um our resource type values that were based in um in the core interfaces draft, which is not active enough to really warrant having using registered values there that are not actually registered.

B

So um that was changed in favor of of short, your eyes and one more change you might have seen in the last document, um thanks to the other authors um for offering me to kind of shuffle to the top position of the offices.

B

um So this all the next slide, please, um there were a few questions that we did address as the questions themselves, but there was follow-up work to do. There's still follow-up work to do that has not wound up in the document yet and there's roughly three topics around this first is the the topic of dtls replays. So the original comment here was that um we're using ptls like tls, so it might be a good idea to to enable replay protection, but really the same thing.

B

So the the one thing where replays can be problematic is where the is is not immediately mitigated by by turning on replay protection. So if, even if we turn on liquid protection, it would still be possible to exploit something like um a device registering and deregistering repeatedly and then injecting a message in which the devices the device's registration is deleted um without the device I actually haven't authorized. This next slide base, so there is a work in progress text to mitigate that.

B

We've also talked about this and other ways of doing it and alternative methods uh during the interims. um This just basically needs to be finished in terms of text and then get a few pairs of eyes from the working group and wind up in the dash 27.

B

It's using the icon mechanism from echo request tag which is also used in other parts of the document already, so we're not bringing in anything conceptually new we're just referring to a mechanism, that's specified somewhere else.

B

Next slide, please another question that came up was: um how much can you trust the links from the resource directory and there's a simple answer? That is um that the security policies tell you that, but from the white space of the on the bottom of the slide, you can tell that this is not all of it next slide, please so um a device uses the authorizations it has to create a request. Then it has an intention.

B

It phrases this into a request and that request then has other side effect which gives it the response slightly. In concrete. This might mean that a device wants to create a topic and then discovering a property of a particular resource um phrases. This into a request, let's say a post request to slash topics. Another topic that's created, and while the process between the request and the action is well protected, we don't really have much in terms of how does the device? How can we?

B

How can the server be sure that what the client intended is what the client put into its request? Next slide, please.

B

So in terms of the resource directory, I don't think we have anything much more to do so. We already stated in earlier versions that this is something to take care about when thinking of application of into of the integration between the resource tracking and the security policies. um Due to the latest changes. We now also follow that same advice when it comes to how the resource directory is discovered, but we should probably have some more discussion on on how this was mitigated in the general case.

B

So one way of doing it is saying that a server should really only use one have one function. This is something like that in oauth, but that means we've got a lot of security context. This could mean that we introduce a way of verifying statements. The resource directory this would all or any other means of discovery.

B

The resource directory is a cache and same applies for multicast responses and so on, and possibly also to talk in a more fine-grained way about the permission about the roles that a server might do serving, which is probably a topic for for ace, but this is something I'd like to have more discussion on in the general core context.

B

Next slide, please, and the third upcoming change for dash 27 is the topic of um examples and the link format representation again, um so we are doing two things with respect to rfc 6690 link format. That is one. um We described that there is a subset that we think that everyone who's implemented it can can actually work with, because there is there's a few um bits of misalignment between the actual implementations.

B

That also stems from ambiguity in the original document, and the other thing is that we prescribe that both um both the link target and the anchor need to be fully expanded on the next slide. Please thing is um the kind of the the um the the reading of the duck of 6690 that caused the most trouble and the most overhead in terms of bites on the wire um was my reading and in the discussion.

B

I think that from the discussion I take it that this reading was wrong and that we can simplify what we send on the wire a lot like actor f2 in many cases, um and so pending a check of the other implementations which I've reviewed but two years ago, which I need to go over again. This could still be changed to not prescribed that the anchor must be there unconditionally, but give a still simple but way sharper rule about when it needs to be there and update the examples accordingly.

B

Next slide guys. So that's the three things that still should probably change um in a follow-up document. So the mail to the reviews all so indicated that this is addressing the their concerns. As they were phrased, but those questions raised more questions and they will be answered in the dash 27 on how to have this in a submittable state around the start of december questions, comments.

F

Do you still hear me.

G

E

D

This is barry aliba.

D

I saw that you when you posted 26, you um sent a note to the uh to the three ads who have discusses on the resource directory document uh and they haven't responded yet, which is now about two weeks ago. It would be good to follow up on that and uh make sure it doesn't get lost. um I'm sure they were busy leading up to the meeting, so maybe in another week, ping them again and remind them.

B

So I got one I didn't keep track of who sent that exactly. um I got one mail about the ballot that's about to be cleared, um but I'll follow up with the others. Thank you. I think.

D

That was ben. I think the two eric's still need to be uh anyway. I'm just saying uh just remember to follow up on it and don't uh don't let me drag it because uh and we get busy and we forget so.

H

Christian, I don't know, francesco stepped into the queue here.

H

Otherwise, my question is: um I haven't. I haven't followed the details, this protecting the intention. What how can you can you elaborate a little bit on that.

B

So the thing is um the the client has something in in mind when it wants to send a request and it's using material that it has around about the server. So that might be that might be a link that might be um attributes on a link that might even be a form that might be something that it got from uh from a 401 um you'll need to register with that es um response, and not all of that information.

B

The client will have with uh with another, from a source that it can trust as much as it can trust the origin, server and assembling that information into requests means that, if that information is grossly misleading, the request might be not what the client intended, but will still be executed with whatever credentials. The client has so, um if say, you're, trying to create a topic and you're discovering from from, for example, from a resource directory that there is a resource with that property.

B

That indicates that you can just post there and then a topic gets created.

B

Then, if, if that information is wrong, for example, if if actually on that resource, there is a thing that says um please do you ask me in a very blunt example, then the client would authorize that action, believing that it means something different, and this intention is not. Trans is not part of what we, what we authenticate in the in the even with the request response, violence that we have in our school.

B

H

B

H

That that makes sense that that was sort of my understanding when you uh presented it in in more detail. What my problem is: what what do you plan to do about it? How can you, how can you the.

B

Easiest the easiest thing to do it is to for the application to carefully differentiate between what is a hint and- and that's also what we already say in research. What is a hint like if, if there is a if there is an indication of content, form of accepted content types on a resource?

B

The worst thing that will happen is that the content types will be downgraded, but the interaction will still be the same, and what is a statement that is really necessary to be under to be to come from a trusted source and then for the client to differentiate.

B

Can I use this piece of information, um or can I not, and once we have that in place, we can think more about how can a client get by that piece of information in a more efficient way without go doing a round trip through the origin server all the time things like also come right. Thank you.

C

Francesca, please sorry, you were in the queue.

E

Yeah basically joran said what I wanted to to ask, um but I wanted to ask more about this uh single view, servers which I didn't really understand: uh how that.

B

The idea is just don't, have a pub sub server and a dos me server run on the same on within the same security context, and then you'll be talking to different authors to different resource servers and have different um security associations with them. So you can accidentally um hit the wrong button.

E

So so my question is: are are these the bullets in a slide.

E

uh Yes, these are to be taken together. These are not several different options or.

B

These these are different options that may be combined.

E

C

But again, these options will be out of the scope of rd as such. Yes,.

B

Because rd gives rd says that do the second one and um hopefully do it well, but we don't have good guidance to point. You.

C

May I ask you planning to add this to the rd extensions or a different.

B

C

B

Should I think this one place, this should definitely wind up. Is the discussion about coral, because um coral forms are way more powerful in the sense that the surf that whoever presents the form can make the um can make the client issue more complex? um A wider variety of.

B

B

B

I think we have matthew in the queue, but no one else is talking so matthew.

B

You can just unmute yourself on the top right.

B

C

uh Marco, we don't hear you, you are speaking as well.

A

C

uh Matt, we cannot mute you, you need to mute yourself and just speak.

A

Can you try again.

A

A

Maybe you can't hear us either now.

C

Well, matt just feel free to jump in uh later, also so that we have all the questions or use the chat other. It is um so I'll relay from the jabber. uh Can you read it also christian.

B

Yeah, the question is: um can the security issues be addressed with link layer security um only if that linked late? If the link layer security extends to the origin server, which in most cases it will not so link layer, security would might might get you to the resource directory, um but in the general case it won't get you to the origin server and will not give you better other any better statements about the um any better verification on the statements that the client will act.

B

B

I

C

We see you, we do not hear you yet. Maybe you you are muted. Still I mean I can oops um michael, we don't. We don't hear you or I don't hear you at least same here. I can hear michael, oh uh michael, we don't hear you.

C

Can you try again? Let me just revoke uh this. Try again try once again.

C

uh You are muted, the video is okay, but you are muted. Do we need to give some permission or something no.

A

No, no, that should be all inside yeah. It seems.

C

That the there's few glitches here and there on the various browsers right.

G

Now yeah now it works, go ahead, reload it again, so it's been re disconnected about three times since we started the meeting. um Okay, so uh core stateless, so stuck on review comments since uh may um next slide, please, these are slides, are mostly the same as in the virtual interim. This is really the update, so a bunch of these were marked as don't won't fix. um You can go through them and read the um comments, if you like the about this- and there are some emails about that on the list next slide. Please.

G

um One of the things was a suggestion to use automatic key management, but that would only really apply if in fact, there was another peer. So in this case, what we're talking about is um a node is going to send a token to another node. The other node is not going to decrypt it, but rather it's going to echo it back uh with the response, and so actually you can use any kind of uh randomly generated key you like, um and you just encrypt your token and then when you get it back.

G

You decrypt your token, so you just basically have to make sure that you still have the key around and that it's strong enough or fast enough to deal with the fact that you could have an attacker trying to send you lots of random uh nonsense. So you don't want to burn out your battery trying to deal with that.

G

um So there's a preference for using, for instance, whatever hardware accelerated uh encryption algorithm you have, um and the text now has some recommendations and some issues about the replay window, which is to say how long you will stick around and allow keys to uh sorry responses to arrive out of order um before you start saying: well, wait a minute! I it they're they're, probably too old, and I won't accept anymore.

G

An attacker could, for instance, uh instead of just making up a token, could, for instance, um record some data um and play it back at you to either cause you to redo something that was not item potent or to um just to mess up your network. That way next slide. Please.

G

um So the 60 minutes what had to do with the replay minute, so we've got some better text for that. It's been reviewed and some other text relating to the integrity protection that I just speaking about next slide. Please.

G

So um 07 was uploaded on the on the 12 on november. 2. 08 was uploaded uh 25 minutes ago, um as I was pointed out that the it could now be uploaded um and ben has has replied actually today, just uh or whatever. That means today uh a few hours ago and uh has cleared the discuss um and there may be one additional cycle, perhaps about some tweaking some words, um but I don't think so and that's it any questions.

C

um I believe, oh sorry, go ahead.

D

Sorry again, just um let me know when you think it's ready to go and I'll give it a final check and do the approval.

G

I think that with oh eight, it's ready to go.

D

Okay, so you you don't want to make any tweaks. uh I.

G

I don't know I'm just saying there: there could be a there could be a conversation about moving a word here or there, um but I don't think it's. It will fall into the category of discuss.

D

Okay, well, yeah, and so and any anything that you get uh that's a minor editorial thing. We can do enough for you anyway, so, okay I'll, give it.

C

D

There and uh and send out the approval.

C

Thank you very much, um michael. I believe klaus gave some comments yesterday that those are also pro they were positive, but just to know, if you have to have a look at them, they are. I.

G

Have not seen them I'll look in the archive, uh so uh yeah I've just woken up for tuesday, so yeah it should be on the issue. No, I don't think it was on the main list.

G

Okay, um I'm sorry! Then I haven't, I haven't dealt with them and barry. Maybe I take back what I just said.

C

G

C

Positive, they are positive, they are mostly positive, so I think you you wouldn't have to change anything.

G

Okay: well, then, that's great all right, but have a look just in case.

C

Okay, great any, I see there is a discussion on miteko, but it's not related to this any, uh and now we have your video as well, um so any comments on stateless anything any last thoughts before we conclude the draft. Well, when michael sends the oh wait.

G

So I actually have two copies of myself as video, because I already thought I was sending video interesting.

C

Yeah, okay, I mean this was a very uh brief presentation, but I think everything has been pretty much covered during the interim, so maybe there is no need to duel any longer on this topic. Another comment, sorry. I know all right: there is no okay, then, let's move on to the next topic, uh just a second!

C

Thank you, michael by the way. I thank you for the very quick, uh uh agile uh way of preparing the slides. So it was a bit the last minute request.

C

um So I believe the next one was yeah, secure group communication, so group on bs, just a second.

C

Okay, ah yes, go. We have audio issues again, yeah same as before, yeah same as before, but we do see you, we see the video hey morning.

A

Can you try to reset the audio stream on the bottom right of the windows? Go that seems to do the work for.

A

C

I think we all are using flavors of chrome one way or another, so I think that's a recommended browser, probably not to advertise anything in particular, but okay, it.

J

Actually, work.

C

Yes, please go ahead. I.

J

Think I think you have to reset first and then unmute again, so that's the trick, so it happens if you uh were not connected to audio before I think then.

J

Okay, maybe let's start with the presentation now good communication, uh so we are presenting here this revision, two yeah. This is just an overall uh goal of group communication yeah this slide, so it's intended as the successor of rc7390 and now recast as a standard track document and in scope is co-op group communication over udp ip and now also possibly secured with groupon score.

J

Okay next slide, please.

J

So I'll give now an overview of the status updates of the zero two revision and there's also the tickets uh linked to that, and so the first thing we changed well was to clarify the messaging and endpoint model. We had some discussion that the server might actually respond from a different udp port and that turns out to be a legitimate way of responding to multicast in co-op. So this is now clarified in the messaging model text and then issue number two, that's a very small change.

J

We had some requirement for uh consistency for response suppression, so now it's based on the class of the response code. So if a server typically yeah suppresses a response of a certain class like 4.x or 5.x due to policies, then it should be consistent so that all the responses of that class are also suppressed.

J

And number three is basically the section that we had on group definition.

J

It was some a big piece of text, so this is now expanded into sub-sections and we have more details on the relation relations between the different group types. So there's the co-op group application group and the security group um yeah, there's also the option added after discussion that we could use the uri host option for encoding application group and that's a possible way to do it. But on the other hand it has some problems of its own.

J

So I also added a best practice for how groups are typically included in co-op requests, which is in the your right path. But of course both methods are fine to use. Okay next slide, please.

J

And yeah the next change was that the fetch method was also included. Many places were applicable so where, before it said, get we now say often is get or fetch if it applies also in the observe and the blockwise is included now, and there were quite some changes in the text so that that falls under the various enhancement and editorial.

J

One of these things is, for example, explaining that you can do re-registration with observe as well, so a little bit more detail all right. Let's move to the next slide now.

J

So this is just a picture corresponding to this issue number one where the server response may come from a different udp port at the server. So we've shown this also in a previous presentation, I think in yeah either the interim or the previous itf meeting.

J

Okay, the next slide, please.

J

Yeah, so what are the next steps of this draft um yeah? There was some feedback from marco. I received the last minute, so I think he can tell more about it. So one of the first things was due to the interrupt experience of last week. It was the idea to move the handling of multiple cog responses from the co-op layer and to the application layer. So that means maybe some text in 2.3.1 and all this needs to be changed, and the second point was the proxy operation 233.

J

It's not really talking about much about caching of responses, and I think what we need to do is first explore. Maybe some scenarios in caching so suppose a client sends out a request to a proxy and that leads to a group communication operation, so the proxy sends out the multicast and receives the responses to that.

J

So are there situations where the proxy can actually suppress the sending of the multi-customer quest? So what if another client comes? Does a similar or the same request? Can it actually suppress? In that case, the sending of multicast requests and instead serve from the cache and also yeah, is the proxy able to do a cache refresh, so it, for example. It knows it already has a 90 of the responses cached and they are fresh as well.

J

So can I do a refresh to see if yeah, if there are other devices that just joined the same group and are not in the cache yet so this is a bit of a yeah still open topic, also open for discussion here. If people want it's relatively new, so I think this uh concludes the presentation.

J

There's one thank you slide still with the link. So if there's any issues, please uh mail or use the issue tracker to report- oh yeah, no one more thing, yeah, there's more reviews would also be good for these graphs.

J

I just marks here cristiano in france. I think who made a promise at itf 108 to do a review and also what we think also want to do is to test test more in co-op implementations and, for example, observe combined with multicast and also yeah report. The results of the testing on this.

J

All right, that's it yeah thanks.

A

Let's go: we have a comment from carsten in the chat carson if you want to take it on the mic.

F

Well, yeah, just uh fantasizing: um wouldn't it be nice if we could e tags for all responses that we have in cash.

F

uh I I don't know how to make this work, but once operation based on having cash information already available, what would be a nice feature.

J

Yeah, I was also thinking of these something like these e-tags in detail, so that the the many servers maybe only need to respond uh when their information has changed, with respect to the yeah, the cached request, so that it could be a direction indeed.

J

But I haven't thought myself that much about it yet.

B

Kristen, I'm just um we've. We've brought this up in a in a discussion during the hackathon and I don't think that there's anything that would stop this from working um other than the server needing to um needing to react on. Oh wait! No sorry! I missed something that we found there yeah sure on the server wouldn't know if there's any other and the client wouldn't know if any servers had collisions on their e-text. So that's the that's the hard point there.

F

B

On e-tanks, um one server's e-tag, that is met, that is, that matches another service e-tag. That just happened to change to that value.

F

Okay, yeah, you would have, you would have to include some server identification together with the e-tag, because the the request addresses somebody different from from who the e-tags are associated with. So that's why this becomes big and ugly very quickly and why I haven't actually made a proposal out of that, but I think maybe we can continue to think in that direction.

B

Another possibility we we explored in that hackathon discussion was that um the client might request might send the request to the very small block size, which at least allows the servers to send short responses, and then the client to follow up with those services that actually have changes.

J

Yeah that could also fit to the group communication model of beta. So you typically want to not not send large responses back by the servers, but they typically would send a short message back or short response or their first block.

J

Is commenting uh if you want the hat method.

J

Yeah, that's basically, uh I think in co-op. That's the block-wise transfer right, that's a similar, although yeah it's more implicit than a hat method, exactly.

J

J

A

A

Seems not also in the.

A

A

So I guess you can hear me and see me now.

J

A

Great, so this is an update of the group. Score document now needs version. 10. next slide, please uh the version tender we submitted right before the cut off includes updates, mostly addressing comments we received uh following the working group plus call that closed in july uh two reviews out of them and more comments that came up around itf, 108 and right after so I have an overview of them in the next slides.

A

Otherwise we had a third, I think, interrupt set of tests during uh the past hackathon, with three different implementations um involved and for the first time we also tested successfully uh the pairwise mode of group of score, uh considering different algorithms and and different combination of roles, so more testosterone, but I think we have covered all the main functionalities here now and again during the the hackathon. Last week, we received a review from christian. Thank you very much for that of this version, 10 that will process for the for the next round.

A

Next slide. Please.

A

Right an overview of the updates in this version 10 um some regarded the the security context. uh It was noticed some information was just redundant, so we removed the counter signature key parameters as all that information um is indicated already in the counter signature uh parameters, entry related to the algorithm, while we also added some more parameters in the common context highlighted in red here, describing the algorithm and the properties uh for the pairwise mode. If this is supported, of course, um as a suggestion, also around working group call.

A

We added the possibility for a server to reply with a 503 error to a client in case all is in principle fine, but the server doesn't have a recipient context already right at the moment, especially doesn't have the public key for that client and is not a good time right now to to go and retrieve that so client.

A

Please come back soon to me and- and we can make it work uh of course, it's an optional thing to do uh for the server uh rather than just responding with uh with a general error like context not found.

A

uh We have also worked on non-recycling policies of ids at the group manager. What we say right now is to never ever reassign uh reassign the same sender, id value in the same group and based on christian's review, um there's an open point about a slightly uh relaxing it, but I'll come to that uh later on.

A

uh Instead, we never reuse the same group id value so the same id context for the same group during its lifetime. Next slide. Please.

A

Right, something happened also for the sequence number. Eventually we convert for keeping things as they are for the the space of value. So we keep one single space shared for both the group mode and the pairwise mode, uh but we introduce the change so that whenever the context is uh updated or re-established, meaning a new sender id is assigned or there's a whole group requiring and the key material changes.

A

um The assignment the sender sequence number is reset to zero, and that simplifies a lot also for other group members to understand that a change of key material has happened. In the first place.

A

uh We better clarify the requirement that wasn't uh to clear in the previous version, uh even is protected with a latest new context, which happens to be different uh from the one used to protect the request because of an interleaved wrecking well. The server definitely has to use its sender sequence number as partially v to be included in the response to avoid answer usage.

A

um Also now that, as I mentioned before, the sender sequence number is reset in case of raking, and we still want to have observations surviving uh across uh a possible raking, and we need to do something to be sure that a given notification cannot match with more than one original registration request. Cryptographically.

A

That means that all observations have to be linked with the same original observation request, also by the original group id that was used when the registration request was sent and that practically meant, including one more parameter in the external aed, as request kid context, specifying in fact the original group id value used uh in the registration request. So this is beneficial necessary for observations only, but practically um it ends up in in the external ids for all messages. Of course, uh next slide, please.

A

Okay and something more again on supporting observation, um exactly for what I've just mentioned, we were saying already in previous versions that the client and the server have to store the original key id from the registration request. Now they just have to do the same. Also for the original group id and to clarify some comments around this from working group. Call.

A

The client technically has to store them only if it really cares about having observations from inside um surviving across a possible group wrecking otherwise it can just choose to forget about them in that case and doesn't need to store those values um again.

A

In that case, it's also beneficial for the client to store an invariant identifier of the oscar group that really never changes across group rankings, and that can practically be what we call a group name in related ace documents, and that simplifies for the client, the possible dialogue later on with the group manager to retrieve updated group key material by still using this constant group, name even in case of group, wrecking next slide.

A

A

Thanks uh so that concludes the update on version 10. uh Some highlights from from christian review and before coming to open points to to share with the group.

A

uh There was one main point that we discussed for several hours during the the academ, concluding that um the draft should be a better distinction between the the anti-replay and possible uh freshness requirements that have to be, of course, addressed in different ways, uh which includes also better clarification of what we mean with a server synchronizing with a client which is strictly related to to freshness and building on this. We have different approaches for synchronization in appendix e and and out of the discussion.

A

We could understand that we definitely still need the approach on appendix e3, based on the echo exchange uh for the sake of making replay windows valid and also achieve freshness. Thanks to that. But then that, basically, following those clarifications, would make the the current approaches in e1 and v2 uh well, basically moot uh as not contributing to freshness and not contributing to under replay very much other than what you already have from a correct and valid replay window. So they can possibly just be removed.

A

And while discussing uh on this, we found also one more possible reason to have a loss of mutable security context of part of it and, and especially the recipient context. That can happen because servers have memory limitations that practically set a maximum amount of recipient context that can be around at the same time inside the group context.

A

Well, when that limit is reached and as new clients continue to come, the server has to destroy a current recipient context to leave room for a new one when, when this kind of overflow is reached uh from then on, if the server creates a new recipient contest, it can be a recreation of one context that used to be there uh and essentially from then on each newly created recipient context would start with an invalid uh replay window and from then on is replay.

A

Protection is still important uh that server either has to be rekeyed through the group manager, or it has to run the the echo exchange again uh gaining freshness too. So this has all to be a clarified better in the next version. In fact, next slide, please.

A

Then we have also some open points following from from this review. I mentioned one before about relaxing uh the no recycling of sender ids from the group manager. Now it really says uh never ever uh for the group manager never give the same sender id uh in the same group.

A

That eventually leads for larger and larger kids uh in size, and there's no way back for that, and we thought that we can possibly relax this so that sender, ids don't have to be a recycle ever under the same group id value, but if there is a keying and the group id value changes, the current review sender ids are locked again, but any value free at that moment becomes also safely available to be assigned.

A

Is there any issue anyone sees on this change.

A

Yes, yes, going jordan.

H

Okay you're on here. um So how do you? How do you make sure that you actually only recycle when you've changed the gid or I mean maybe that's trivial, but I.

A

Is still under the control of the group manager uh after all and the raking and the change of group id is triggered by the group manager, so it knows when it becomes safe.

H

So it's the ins design, the assignment from the group manager. That's yes,.

A

H

What yeah, okay.

H

D

J

Yeah, no, I think I was not in the queue, but I I didn't have a question anyhow. So it was, I think the group id value so will will that ever change then, or is that also something that can change.

A

The group id changes if the key material changes, because the group manager ultimately takes the decision to rekey the group when the group id changes, and that happens in case of working, we're just saying, is possible that sender id is not currently used really at the moment, can also become free for reassignment and it's safe to do. Yeah.

J

Well, that sounds at least safe to me to do that, so no issues.

A

Okay, thank you um and next other point was about the external aad structure. uh On the left. You see what we have now. One version is for the encryption operation and one version is for the signing operation for the group mode. Only uh we started with this design uh before editing in the last version request, kd context, because before doing that, uh the version on the extreme left for encryption was really uh mirroring the version from oscore.

A

uh While we introduced the version for signing only for the group mode, but now that we have added request kd context, the version for encryption already is essentially.

A

A

J

Okay, I think the video is lost from.

J

J

All right yeah, we lost your video and audio for a brief.

J

A

To be used both for encryption and signing, of course,.

H

Yeah you're on here I think, that's unreasonable, but we need to look at the details.

A

A

uh There's a comment on the chat, I think oh no, just on the last audio okay. Thank you uh next slide, please yeah and and more on the external id. It was noted again that, um as is today already, we have again that.

A

A

B

Because then, I'm just, I think, whatever we do, there should be aligned with how those things are precisely defined in cozy.

C

Did we did we just lose marco.

J

Yeah I saw his video disappear now. Yeah.

C

And there he's back, you lost me yep, but the video got cut for a second.

A

Okay, everything reset on my side.

A

Okay, I think I was asking, um should we do this deletion in the external led structure, an opinion.

A

Okay, a little bit open, also to discuss on the list- and one last point I think, is still related to the um external ead structure and right now we are covering the the the current set of existing and register cosy, algorithms uh for each of which the only algorithm capability registered is the key type and that results also in the parking design, parameter to specify, in fact, only the capabilities of that key type. In turn.

A

So we started to wonder if we can take this opportunity to generalize this format a bit more for possible future algorithms. That cosi would theoretically admit that can have zero or more than one capability and then require more information to be um expressed there as capabilities in power counter sign- and there is a kind of abstract uh meta format that we can consider for it. But for what we have today, they would practically become. uh What we have already uh so to say are coded in detail in the document.

A

Any comment or input on this.

A

You can still hear me right.

J

Yeah, we can hear you. Yes, I was thinking um this. This new format you propose, so is it kind of backwards compatible with it while it's there today or is it a small change.

A

It is backward compatible, meaning that, on on the practical value you you build today with current implementation, nothing changes, but it is more flexible. Looking forward actually.

J

Okay, it's more like the definition is then ready for the future yeah kind of okay. That sounds good at least.

E

A

I'll open issues on github for all these points and and more from christian's review anyway, next slide, please, and that should be the last one.

A

Okay uh yeah: this version is addressed comments for working group last coal and around the the previous meeting, with a successful test at the akaton, as next step is submitting version 11 addressing christian's review and run even some more tests again in pairwise mode testing. Also, some error conditions.

A

That concludes it.

A

And hi, maybe you're sharing your screen at least I'm not seeing it. Maybe it's just my side, though,.

C

Oh I'm sharing, I'm um I think esco. Can you see it yeah.

A

C

We are now on the last slide with the thank you comment, song.

J

A

C

Then carson also says that it works for him. So christian, do you have some comments.

B

C

B

Unmuting because I'm kind of messed up in the queue.

C

Okay, so I guess no more comments, then. Thank you. Well then, thank you, marco.

C

um We are now halfway on the time wise, so we still have an hour to go well now, um 53 minutes to be precise, so christian, whenever you are ready um yep, I am.

B

Now it's okay! Now it's sorry I'll just get in again.

C

So christian, um if you are here manifest, please manifest yourself.

C

Do you hear me now? Yes, we hear you, there is no video, um but this is what you can do without.

B

um So, to recap uh what this is all about um when, uh when a device enters a network that is configured to join a group, it may have very limited information. So it may know that it has this particular application group and it will probably have some some credentials stored, but it may not know where this resource director, where this group actually is, um how to join it, etc and link and web linking can generate a next clip history.

B

Web linking can generally help with that and the resource directory is the typical place to make this more efficient in a core based network.

B

So what the device when joining can do is that it knows its application group. It queries the resource directory for the joining resource, and it may do something similar for the for getting the actual group address to to join on next slide clip.

B

So in the in the updates that were published before this itf, um we basically addressed the the the comments that came in and closed several of the of the open points. So we um we now state explicitly that a few things that the that the cozy registry theoretically allowed allows can just not be done with this with link format, because it can distinguish between a literal, minus two and the digit minus two.

B

um We've added a mechanism for discovering where the, where the authorization server for a particular resource uh is located, which should allow the which basically saves the round trip to the to the resource server in but exchanges this for router to the resource directory.

B

Let's type this, which is okay, um there's a few more updates when it comes to um to the precise values we're using for resource type and interface, which are now aligned better with with our documents where they are partially moved or where they are taken from. So we don't, uh we don't specify any of this ourselves anymore.

B

Next slide is um what we do currently specify, because the because nothing else in ace is doing this so far is describe how those web links can be used to discover where the um where the authorization server for a particular resource is located. So when the registration is done in this way. With this additional piece of information on the left, then, in the discovery process on the right, the client can send an additional resource. Lookup query, to find where the authorization server is now.

B

This is not saving a lot when it's being done with link format, but with the possible future extensions to the format also to the queries, and especially with what might be possible with with coral queries.

B

uh So with the coral fetch format, um there would be a lot to be saved here, because then this could save another round trip next slide. Please.

B

So um one one thing that was missing from from dash o six was how the information actually gets there about the application groups, because the group manager is set up to basically to just manage the security group and doesn't necessarily need to be aware of the application groups.

B

Now in alignment with oscar group manager administration, we describe how the group manager well that, basically, that describes that the group manager can be informed of the application groups that the security group would be later used for, and this puts the group manager in a position to register these application groups as parameters on its joinery resource, which are then used by the by the client to to actually find it.

B

There were also comments on topic of multiple security groups being associated with the same application group, which we're not fully sure what the what um whether this would be used a lot at all.

B

But if it's used, we now describe what it um how it can, how it can work at all, which is that um a server has to join all the all the groups associated with it, because the client might be a bit more constrained and needs to pick one of those security groups, because if it really, if it were the other way around, the client had to join all and the client would need additional information which it can't have, because the security groups are essentially equivalent because they are all part of that application.

B

Group next slide, please so um yeah there's we do. We are not done yet um we'll. We still have to to add a few bits about how the um what metadata we can exchange of the group- and there will be a few updates on based also on what is changing in rd-27.

B

We plan to give this a test run based on existing implementations of the resource directory and we'll hope to report outbreak from there in the next at the next session. Next slide, please! So thanks questions.

B

J

Yeah, I did have one question christian yep, so that was basically on the the linking of the application groups to the security group so yeah. It is an optional thing in a way that that you can also decide that the group energy does not know about any application groups or.

B

The thing is: um if the group manager does not know someone needs to provide that information for the client, because the clients will typically come in knowing their application group.

B

So if that information is not passed to the group manager, then someone else can generally put it in the resource directory and register those statements about the join resource, but then that someone else needs to get all the information from the group manager about where the actual join resource for that security group is and what its properties are, and they would need to put that into resource directory. So, yes, in in principle, listen. This doesn't need to be done by the group manager, but it appears now that this is. This would be the logical choice.

J

Okay, just because the clients will will discover everything, uh including their application group, they need to join.

B

So the clients would know the application group, that's that would be basically part of part of the information they have yeah, but whether that's provided by the group manager or some other party. As long as the right link winds up in the resource directory, they will care.

J

Okay, now I was thinking about cases where new groups get added later, um but yeah that that's. That just means that this information needs to be updated. Then, in the resource directory at the moment that these groups are created, for example, yeah.

I

J

C

Christian, I have a question. I haven't read the document, uh sorry for that it doesn't seem to be uh only tailored to oscar, I mean like the basically, this is authorization, and so registration discovery of a servers on rd right, it can be, is very generic. So this.

B

This very this very point of the very point of this slide. Yes, this could be used in a more generic way and, um quite frankly, I'm I'm kind of still hoping that this is getting picked up in ace, and then we can do what we did for the other uh for the art resource type on the interface and just say that, and by the way they are saying how it is done, and this could be used here as well, um but right now this has not been picked up.

B

So so right now it's sitting here, but yes, this particular step is more general. Okay,.

C

Do we need any kind of communication, in particular with ace? uh I I'm not in contact at least with these people. I uh maybe marco, you are more more in contact with them, but I'm wondering like. Is there something we can do marco and I to to help uh to to help for for a folks to pick this up? It sounds like an important feature. It's very. It looks very useful actually, because authorization is a recurring topic on on rd. I guess we all have had issues with that.

A

Several meetings ago, it was mentioned already a possible connection with ace. We can check again with daniel uh there's, no particular rush anyway.

H

So, christian, what what do you want to be picked up by ace sort of what? What draft and what type of change would.

B

You like the link relation, so um if, if ace could say that um one way of expressing that for accessing a particular resource, you would need to get a token from this particular as and this relation is expressed with the link relation type authorization server. Whichever gets picked, then that would be a small.

B

That would be the cool thing that I would ask ace to um to review or to specify.

H

And that would be, would you see that as an update to the framework, or is it like a separate draft just I think that I.

B

Don't I don't see my way around the the various ace documents? Well not to answer that question: okay, okay, fair enough.

C

Carson go ahead.

F

Yeah, I think the most important part here is having the right security considerations around, because most successful attacks on auth are based on confusing the parties as to who the authorization server is, and we just added one more channel to to create confusion.

F

So I think it's really important that clients that rely rely on this information actually go through the right stops. Steps to validate them.

C

Francesca go ahead.

E

Yeah uh concerning ace, I would say that this would be a different document and to answer what erin was saying: um yeah, I don't see how this could be fit into the framework right now, but I think it really fits space and it would make sense to bring it there.

E

um Maybe uh just one one more presentation and uh and get feedback.

C

All right, thank you.

B

So um maybe to briefly um hook into what uh what carson said on the topic of authorization. As I understand the the current um way that is proposed in ace is that the client contacts the server.

B

It gets back, an error response that contains basically the same information, just not encoded in link format but encoding, something different but still unprotected and then acts on that which, which is some, which is at least something that we can take. The security considerations from uh or bring.

C

H

Yeah yeah, I was just about to say that I think there is actually time on the ace agenda, so why don't you propose to bring this up tomorrow?.

H

C

um Maybe you're muted, carson.

F

Well, nobody told me that it was my time so um basically to to validate such an authorization, server relationship, the client.

F

If the validation of the the authorization server relationship is based on validating something from the server, then of course a related question becomes. How do you validate a server in the first place and.

F

There are gaps in the authorization flows in the validation flows that are hard to to build a successful that make it hard to build a successful model, because, right now a client somehow has to know all this information or has to have a secret relationship to to some manager that actually helps it validate that information, and we, we haven't really been talking about uh that part of the picture and that's actually where the ace actors document comes in and explains how to do that.

F

uh But that has been on hold for a long time and maybe it's time to actually resurrect that and complete uh the work on that.

F

Yeah trust anchors are great uh hank. I think said on the chat, trust anchor stars, but again, whether a trust anchor actually provides you the right information to validate something specifically, that requires more information than than just the trust anchor.

B

Itself sounds a lot like. I have to spend more time with these.

F

Yeah yeah, maybe actually it's one of the things that we need. This iot ops group four, because ace is kind of stuck in in the oauth past and uh we really need a more comprehensive view of authorization uh flows and I think the the onboarding discussion is a good source of of uh information in this uh environment. We have had a bit of onboarding discussion in the think, research group um and, if uh io geops actually takes off, uh that may be a good focal point for for getting that discussion going on.

C

um Is there any informal meeting for iot ops this week just asking.

C

uh Hank you want to share a stream or just go ahead, go to the mic.

K

I'm just very clumsy with my mouse hi: oh, this is hank. um No, there is no formal, iot ops meeting this week. Unfortunately, it's a timing issue. um There are isg meetings, though so, but but there will be a presentation on iot ops in the ops, awg and rob will talk to that, and I think that is a point where to ask questions about when where why- and maybe this topic here, please- and I also can bring it up if nobody is joining unless conflicts. I will do that. Of course, thanks thanks a lot.

C

Can people hear me actually the icon that shows the audio doesn't show anything at the moment. Can we hear you okay great? So then we move to the. uh Thank you christian. um I guess it's time to move to the next presentation. I'm just checking the time and yeah I'm going to be carried away.

A

We are 20 minutes late, but we can still make it.

C

A

C

I like it, that is not rushed. It's actually really good, because we have more discussions and more comments, so but anyways christian, you are still on uh actually and.

B

I'll I'll, in light of that I'll try to make it concise wherever I can.

C

B

C

We have also two hours next next week, so just make sure you present what you want to present, not.

B

C

Week next friday,.

B

This is this is about um sending multicast responses so and in particular notifications.

B

This is coming from the topic that um we have this asymmetry in where we can use multicast, we can use multicast and requests and that's basically becoming very stable now, but for responses we don't have anything, and this has led to possibly seen this weird um constructions where the flow of the of what might be perceived as regular rest operations is inversed and we had to post some things just or put some things just in order to get them out to multiple devices and really this is not sparing us all those details of agreeing on something, because if we post somewhere, then they all have to be in a group and they'll have to have a resource, um but we just haven't previously um tackled the topic of.

B

How do we do observations and the other? uh How do we do requests kind of from a multicast source um in that we here we have to synchronize the top the token so multicast notifications is about adding multicast responses, with a focus on on actual multicast notifications. Next slide, please.

B

So um we introduce multicast responses. We define how the token space here works in that it's still the client and the quotes um that's responsible for the token space, but the client's, a multicast group and the next best um delegation point. There is the server with whom this group is talking, because that's part of what fragments the token space.

B

So this is so. The server is basically in charge of the tokens on behalf of the group of clients, an extra next slide list.

B

How this actually works um is that the server sends the server sees that people are interested in the resource. Whether it's on the first, whether it's by configuration or just when a threshold is crossed, um creates an own request that it will then consider the consensus request or the configured request.

B

For that particular token, send that do as if it sent that request stole that request and then start sending out responses to that imagine request that could never be serialized, but that was imagined to have been sent from a multicast address when clients come in and try to observe this on unicast and the server is not inclined to answer them all individually.

B

It can send what we call an informative response and an error response so that the original kind of the the individual observation request is declined. But in the error response there is information how to how to hook into the um the request that is already going on from the multicast group. Next slide, please.

B

So, since the dash 03, um we've updated the format of this response and really have been um converging on in one part of this design space. So the design space ranges from we express we are kind of taking apart the whole co-op messages and then in older versions. We've had um even particular co-op options expressed as fields in this response and, on the other hand, of the design space.

B

We have um basically the the whole co-op over udp message serialized inside this, and what we are now using is what I think is the swiss sweet spot is that the request code and the options are all inside one co-op, serialized by string, which is very very similar to what is happening inside oscore and, I think, might come out as something like the transport agnostic form of the request and the response, and in addition, we have one seabor array that encodes all the protocol specific details, including in this ambiguous- that allows us to use co-op over any other multicast transport that we might come up with.

B

That is not not udp and the details needed for that which are basically the the address and the port and the token are all encoded in here next slide. Please, um oh I'll just skip over this two forward and come back to this, I'm so too forward.

B

Please, the nice property about this new field is that we can make it work with proxies so um the um especially in the case of protect of oscar protected multicast. So in in in such a situation, the proxy has no way of knowing what the what what's in that option, because what's in the payload, because it's encrypted and the client has to go through the proxy again and ask it to join that multicast group and the way we are proposing.

B

This is to use that very same um sybor array that includes all this transport specific information and send it, along with the with the phantom request to the proxy again. um This then allows the proxy to see that. Oh, um this is another option. uh This is a hub. This is a.

B

This is an option that I have to understand and if it understands it, it can then not send out the request, because it would have to send it from the multicast address by the values in there and instead um join that multicast group and forward the responses to the to the original client, and what I think is particularly neat about this is that the original client doesn't even have to be aware of what udp is. So if say, that original client is sitting in a web browser.

B

That's talking to a uh to a cross proxy via web sockets. It probably has never heard of gdp, um but it can take that information as it is pass it on to the proxy on the proxy, will either do the right thing or say sorry. I can do that for you. um This just doesn't work.

B

So this is this is where this transport information is used again, um two is live backlit.

B

So what else changed um since since dash uh since station four, uh since dasho three um we've updated the mechanism that helps us that helps us. um Do the estimate of the number of active clients based on the suggestions from custom on comparing the last bits of something? So we still go with randomness, um because we don't necessarily have good client identifiers. We can.

B

We can use, um but now the the basically the factor that the um that the server uses to control how many responses it wants to get back is now expressed as an exponent, thus much more compact and that's also easier to compute for the client. So we now have pseudocode in the appendices that describe how this can be done very easily with a client with a with an embedded device.

B

Next slide, please yeah! I think I've largely mentioned everything. That's that's relevant here, yeah, um when, when proxies are used without entering security, this whole process is a bit can be a bit more streamlined, but with enter and security. There is just no way for the proxy to look into the option in between so there there has to be some round tripping on the on the kind of on the downstream and involved that a lot that gives the proxy the information that originally passed through it to slide forward. Please.

B

So what are our open points? uh One more place. We we've just briefly after publicate uh after um submission. We've noticed that there is still a few odd points around the proxy example. So if you want to review this right now, I'm we're happy to take your reviews, but please be aware that the proxy examples probably need a bit of more work.

B

um We would like to tackle the questions in the next revisions of where and how we can negotiate about. This was the main question being. Is there any? Is there any point in negotiating this? If the only possible outcome is that no, you can't you? We can't use this anyway, because if the server decides that it's too cumbersome for it to manage all those individuals um registrations, uh all those individual observations and the client can't can't join a group. Then really those two will not find together.

B

um A probably easier point is the topic of whether or not the last notification needs to be in the informative response. So right now it's mandatory. We think about making it optional, because that would roughly mimic what the what an observation over unicast looks like, because you can get the response back immediately, but you could just as well receive an empty act and whenever the server gets new information which it can pass on, it will actually do that and the first response will just have to wait a tad longer.

B

And finally, um we do consider adding an appendix about how the server could be its own group manager, because it really has all the information, and this would allow streamlining the joining process a bit, because the informative response could also include all the material that the client really needs to join in the monitor role it needs to have for this group, and those are the points we also would could use a bit of feedback from the working group from other than that.

B

I think that next, like this, the the next steps are rather clear and we are still hoping for a few reviews that have been announced in the last itf meeting uh next slide. So um thanks and um yeah any any input on, especially the open points or anything and anything.

B

C

Are you least yeah? We hear you well, I have it on my to-do list to at least maybe do a review on this one. um There is: is there some urgency to it or.

B

um No particular urgency- I think um the the most important part of it to me is to make sure that the I mean to to ensure that we've converged on the understanding of the of the basic principles and to basically to not to not break this in other documents, while this, while the rest of it is, is growing.

B

But at some point also, there will be the question of is this: is this mature enough that the working group could think about uh taking it up.

C

Esko, uh are you is, are you queuing or.

J

Well, I did have comments about, but my audio was not connected, so uh go ahead. I think the question was on the last part, so so was it the intention that the server becomes the group manager also for itself for its own group? Yes, yes,.

B

Just just wondering does that have a specific advantage in this case, um it's from so the thing is, it would save a lot of of I mean that group would only be used between that server and the clients and might even be limited in terms of which resources on the server are accessible by this group. So this is not something where there is any larger audience to this group than the audience of that server itself. Yeah.

J

It's just the group of the interested clients, basically that need to get the observations. Yeah, okay, so thanks so.

B

If, if there are external groups that um whose membership entails the privilege to you to view a set of resources on different servers, those groups would be obvious candidates for this as well. But um unless this is the case, this might be kind of a shortcut option.

B

C

Okay, thank you christian. Any more comments right.

C

So, oh francesca, sorry.

C

Let's go ahead: francine.

E

um um Adoption question so.

C

Do you mean adoption of multicast notifications or are we moving to the next one? um From my understanding, please christian, correct me: if I'm wrong, uh you still wanted a bit of another round to this before adoption right or did I misunderstand not.

B

Necessarily so what if, if there is, if we have roth consensus on the basic workings which we haven't um touched in a while, um then I think we this this would be an option from my point of view, um there's a lot of details that still can be that still need to be hammered out. But I don't see why this couldn't take place in the group as well.

E

So so just a disclaimer um because I don't know if it was clear. Obviously I'm one of the authors. So obviously I think that we.

K

E

And move forward and.

E

Yeah there was.

C

Yeah, that's a good point. Well, we can, um I guess we could we could uh marco, please let me know if you agree or disagree. I guess we could we didn't plan for for a specific show of hands today, but we could uh do a a show hands on the on the on the chat of miteko chat, but not the chat but the application next to it and see. How does the group feel uh for adopting this document now? uh Otherwise, I my understanding, was that there was no specific urgency on this one.

E

C

E

I agree, as christian said, there is no real urgency, but I think that uh it will be.

B

C

Yes, so we can do we can do uh um if it's, okay with you francesca, we could do a quick show of hands virtual hands on the on the miteko and like that, without any confirmation I mean anything else would happen on the main list as well, but at least we could get a feeling for what the group thinks. If that's, okay with you.

C

A

uh Yes, I just before, as an author, I just agree with the other cultures.

C

Yes, of course, there's a that's reasonable. um Okay, how do we phrase the question like? Would the group be interested in adopting this document? I guess that's a good phrasing.

C

C

So um I'm gonna click a start session. I guess everybody knows this show of hands. Tool is on the left from your chat panel. It's a new feature. So let's try it out. I'm clicking it now.

C

It should appear on your on your on there, so you just need to raise your hand if you agree. Do not raise your hand if you don't agree um as simple as that, and I guess we can. I don't know, I don't have real-time feedback. Actually I do have real-time feedback. I take it back. Sorry.

F

What is this document? There is.

C

One on the screen, the one, the one, the one on the screen, observe multicast notifications.

G

C

You have it there in the in the main screen. We see 11 raised hands, that's already quite quite a number and one not two. Okay. By the way, please feel free to voice any comments, positive or negative for adoption of the document.

F

So, are you going to ask the other questions like who's going to review and so on? At this point, yeah.

C

Yeah, I will do that and.

F

C

Actually added as a reviewer in a way of a previous version or of the current version, and so am I and so is joran.

C

So I guess in addition to those I will ask the question, but let's finish the session, I guess nobody else is raising the hand, so we have 12 like for the mini takers. We have 12 that had voiced positively for the adoption of the document and one that has possible is negatively out of 31 participants right now in in the meeting.

C

um So I guess this is pretty positive. We can confirm in the uranus sorry go ahead. Please.

H

Yeah, I didn't want to interrupt. I just wanted to ask what actually I didn't understand what it means to not raise your hand in a position to not not respond at all. I didn't understand the.

C

Difference, no so uh yeah, that's a good point. The options available were to raise hand or not to raise hands, so I guess race hand is pretty clear. You are in favor of adopting a document. You do not raise your hand uh or I guess you raise your hand negatively. I don't even know actually what that means here.

C

That's a good point, so I guess you can say that there is some people that are idle, that don't even bother to click on the on the thing which is equivalent to not raising the hand in a way, uh but we only look as usual to the positive.

C

Show hands right, so this is not a great tool for humming, because I don't get a.

I

C

I

C

Question like who does not want to adopt the document.

D

You could do that or just say, um because there was one person who, when you called the question you you said, if you don't want to adopt it, click do not raise your hand yeah. So if, if the person who clicked that meant, I don't want to adopt it.

D

That person should please unmute and tell us what the objection is and that's probably the way to handle it. At this point.

J

I can tell what what the issue was. I just I did not read the document yet in that much detail so yeah it was not the negative okay negative ratio. Hence it's just not raising the hand. Okay.

C

Yeah, thank you, esco. um Okay, we're still in the these comments in the queue you're on.

C

Up: okay, carson, then.

F

We probably don't need to go into detail about this slash race, hand, tool, but I've had the discussion. What that actually means in every meeting I've been in so far, and I think it would be good to actually define it at some point in time.

C

Yeah, marco and I were practicing these tools yesterday, but we actually didn't went so deep into details. On the I mean we thought we we we nailed it and we knew how it worked, but actually, in practice it's a bit different. So anyways.

F

uh Yesterday very suggested to to actually um ask the other question: do you not agree with adopting as well? So essentially, you have three by three ways to answer: yeah.

C

Yeah yeah- I was just thinking about that, but anyways. I think I think. Basically, we we got mostly positive. All positive comments, comments uh with the with the with what esco just mentioned in the in the call. So um I will need more reviewers, uh I don't uh so we we do have joran and carsten you'd be nice to have all the potential reviewers.

C

So please volunteers are needed.

C

Esco, you are unmuted, do you want to volunteer or.

J

No, that was not an intention, but you can have me go to the list anyway. So, okay,.

C

J

C

I will do that more often than if it is just about asking there.

A

Is thomas in the queue actually.

C

Thank you, thomas. Thank you.

A

Thank you. Okay,.

C

I think that's enough, uh we will we have some reviewers. We have done the call in the in the meeting and we will have to confirm on the mailing list, uh but it seems that everybody is interested on this document, uh marco any well. You are out co-author.

J

But you're also quarter so.

C

Okay tomorrow, so thank you christian uh this song. Yes, thank you. Thank you both! um Let's move on, we still have time uh 10 minutes more.

C

If I manage to make this thing work, it should work for one more presentation. Yes, okay, so I guess francesca you'll be moved to friday. If that's okay with you like right, sorry for making you wait and we okay, thank you and we moved to esco sorry, uh it's hard to track the the chat and the screening and everything at the same time.

C

There you go so let's go. Please go ahead.

J

Yeah, so this document is the group com proxy document next slide, please yeah. So the background of this is using the co-op group communication support and what we contribute here is more details on the description of how proxy operations can be done for group communication.

J

Next slide, please.

J

So recap of how this works: there is a client sending a unicast request to the proxy and the proxy will translate that into a multicast group communication quest, and the idea we have is that the client should indicate that it's interested in and capable of handling multiple responses and also how long the proxy should collect and forward back responses, because normally the client determines how long it listens for responses. Now that needs to be done by the proxy and we use a new car option for that. The proxy will actually remove that option.

J

Now the proxy gets back the responses from the origin, surface and yeah. It also includes for each of these responses. A new co-op option responds forwarding to indicate to the client which server responded so that it can distinguish the individual responses, so it gets an ip address, also from for each responding server, and also here, grouposcore can be used for end-to-end security and also possible is to use dtls or oscore security between the client and the proxy directly.

J

Okay. Next slide, please.

J

I

J

That we did was well editorial reorganization of the text for observation now, there's some more dedicated subsections added there and yeah. The observation is also explained in more in detail, so the idea is that the proxy just keeps forwarding the notifications back until the observation terminates. So this will extend beyond the yeah the time that is indicated for a normal responses collection, so this will just persist basically until termination security considerations are updated.

J

Also, the new cop options have updated semantics and usage, and uh one thing is that there's no description also how a chain of proxies would work.

J

So it's not not that different from a single proxy, but we have a chain of multiple proxies that basically invoke other proxies until the last one sends the actual multicast request. That's described in a bit of more detail.

J

Okay, next one.

J

Now this is a description of the multicast signaling option that is used by the client to the proxy and there's a time value in there. So this is indicating how long the proxy should forward back the responses, and now a new thing added here is that the time value can also be zero.

J

So that means the proxy is basically waiting yeah, zero time for collecting responses, um so we figured this could be uh still useful to have so that's basically indicating to the proxy that there's no no need to forward vector responses, but still the request will work and we also advise that it should be used together with the no response option, because, ideally, the server should not be sending those responses back if no one is interested to them, but we wanted to still keep the option two options independent from each other, not to entangle them too much so client.

J

If there's really some weird needs to. It can also uh use it without a no response option.

J

So here we are also requesting feedback on, so you can think on it during the presentation or later we can get back to it. um Next slide, please.

J

Yeah, here's the response forwarding option, so it's used from the proxy to the client typically, so the client can use it to distinguish the responses and also the servers that we're sending those responses.

J

So sometimes you can basically get some information on the client already, uh of course, from the payload of the response or from the security context of it. But this also is a basic way to to indicate to clients: okay, where, where is this server? What ip address did it respond from, so that helps the client to be able to contact the server in unicast one to one if it wants to to either find a proxy or directly if possible.

J

So this format is now updated to have an address and optional port in the value, and if the port is omitted, then the default port is issued, which is the yeah the same port, as was the destination of the group request. So that's the most common case.

J

So usually the report would be omitted then, um before it used to be an absolute uri with the scheme and the host name, and now we have made it smaller. So that's a positive thing: less and there's also less parsing to do for the client useful for constraint lines yeah. The downside is that it's not possible for the proxy anymore to to insert the dns hostname.

J

That could be done if it's uri, so normally that wouldn't happen, because the proxy will only know the ip address of the responders and why why using dns host name in that case, so this seems like a reasonable thing to do to to make it less generic.

J

So you can yeah also think about that for a while. That's a question also to the group. So can we live with it that it's less less generic, but but still usable in, I think, almost all cases. Okay, next slide.

J

Yeah, this is about to support for a chain of proxies, so what each portion will do it will, if it there's a chain, it will send the request onwards to configured proxy in the next hop and the last proxy that is actually not configured with the next hop proxy will will do the operation as intended, so it will remove the multicast signaling option and send out the group request and in the draft we have some specific timing, timing descriptions also related to that so um yeah.

J

I think that there's no time to explain that in detail, and the idea is that if the time runs out so suppose that there's a long chain of proxies, for example, or the client provided the two small time value, then proxy can reply with 5.05 proxy not supported, and then it will also include the multicast signaling option in the response, but then indicating a time value that is acceptable.

J

That basically tells tells the client or the proxy before it. What what minimum time value would be possible so that it still can serve the request.

J

J

Slides yeah. So this concludes the chain of proxy's uh explanation. So responses go back each time to the previous hop and in this case only the yeah, the last proxy. So that's the one that send out the yeah. Basically, the group request and gets the actual responses that will add the response, forwarding options and these other proxies in the chain so that are before it do not alter or remove the response forwarding option: okay and then, if we do that it will work next slide. Please.

J

Yeah then we can have oscor also between clients and proxy and yeah that can, at the same time coexist with grouposcore used between the clients and servers. So that's the end-to-end usage coupon score and well. We get some particular processing things that come up. If we do that, so we need to treat, for example, some class. U options that are unprotected now as class e, and these are listed here and yeah. There was a bit of a thing that could be more options in future co-op options that also need to be yeah.

J

I need to get the same treatment, so a question that came up from this is well: is there any general rule to identify them so that yeah that you can basically know know already in advance specify okay, which options need to be treated differently? In this case.

J

So there's still uh no question here: do we have any generic rules here.

C

Can you hear me so? Yes, um I'm just thinking that we are now on the hour and um you have still there's still quite a few slides right. There's I don't know actually yeah well, one.

J

Or two: we try to continue.

C

Then sorry, sorry, then, let's try to extend a bit more, but just fyi like that we are on the on the hour at the moment. Yeah we can continue.

J

C

Next next friday too, but you click go.

J

C

And yeah we could take.

J

The maybe the questions uh to next friday, also after our further questions and leave the discussion for friday as well.

J

Okay, maybe then the next slide uh just see see if this was the last one. No, that was not yet the last one. So here's a proposal uh here um so I think yeah we need to get get back to that later.

J

um Let's see, let's try to recall, maybe next slide to see if we have a conclusion summary: okay, yeah. So in summary, uh we define proxy operations for co-op group communication and we define two new core options to have that working correctly and next steps that we have are well work on these open questions, of course, and also the idea was to define http header so that we can also tackle the use case of http to co-op cross proxies.

J

So this would enable a hd client in unicast to basically talk to a co-op group and get a collection of responses back from the group and then there's the need for reviews, and I think uh we have also there promised from an earlier meeting- is christian, carson and francesca, but more of course would be welcome. Of course, thank you.

C

Thank you esko, I'm sorry for the pushing on the time um any comments, any thoughts, please.

C

We will extend the time just a couple of minutes more and then people are go ahead. Christian no need to raise your hand by the way like we can just go.

B

On the on the topic of class, due to class e option, I think that would really be all options unless the proxy needs to understand them, because it's it's up with the help by hop option, so everything that comes this is this is not treating uh treating a message and then splitting it up into class. You can see this is really taking the whole message unless something is really be needs to be unraveled by the time it passes through this hub with, which is the the help.

B

I hope that by help options, so I think that it should be the general to include everything.

J

Okay, that sounds at least useful and it's clear what you need to protect them. Yeah.

C

All right before we get kicked off any more comments.

C

I never been kicked off. Actually that would be interesting, but um okay then enjoy the rest of the day. Guys, thank you for uh lady and for for for the time and see you next friday. Today I will see some of you, I guess in rats and not asdf, maybe tls in 30 minutes so have fun. Thank you see you on.

G