►
From YouTube: IETF109-DRIP-20201118-0730
Description
DRIP meeting session at IETF109
2020/11/18 0730
https://datatracker.ietf.org/meeting/109/proceedings/
B
B
So
if
you
did
not
expect
to
be
in
the
direct
working
group,
then
you
are
in
the
bronx
session
and
let's
start
so.
I
hope
it's
not
the
first
time
you
see
the
not
well,
but
if
it
is,
please
take
the
time
to
to
read
it,
and
if
you
have
any
questions,
please
check
that
with
myself
or
eric
or
every
director
logistic,
so
see
what
happens
when
you
don't
do
it.
B
B
B
B
B
B
B
C
Nothing
specific
for
the
moment,
yeah
so
that
we
are,
as
you
mentioned,
we
have
just
received
the
deletion
statement.
We
also
received
them
a
note
from
from
jim
raid
to
to
have
more
background.
I
would
say
on
the
on
the
work
of
this
working
group,
so
yeah,
so
the
the
intent
will
be
to
discuss
how
we
can
deal
with
this.
C
B
D
A
Yes,
indeed-
and
thank
you
jim
indeed,
that's
a
good
question
and
the
working
group
will
reply
so
it
will
be.
I
mean
we
will
not
spend
hours
and
hours
on
this,
but
the
point
is
that
the
working
group
itself
will
reply.
Of
course,
the
letter
or
the
email
will
be
written
by
the
chair,
but
content
will
be
based
on
the
working
group.
B
E
Oh
hi,
can
you
hear
me
now?
Oh
yeah,
they
often
do
this
while
they'll
lob
liaisons
over
at
us,
and
ask
us
to
review.
Ask
a
working
group
to
review
their
output.
It's
up
to
you
to
decide
how
much
in-depth
review
you
want
to
provide
either
individuals,
the
working
group.
So
you
know
approach
at
you
know
as
you
see
fit,
but
I
think
the
the
going
up
and
using
the
existing
channels
and
making
sure
that
it
all
gets
answered
in
a
timely
fashion
is
important.
E
B
B
G
G
Okay,
all
right
all
right
just
take
off
my
speaker,
so
I
want
to
say
thanks
to
for
making
the
effort
already.
Hopefully
we
can
make
this
out
together
on
time
next
slide,
please
so
we're
sending
out
the
zero
five
version
just
trying
to
address
the
previous
issues
from
the
I
would
say:
10
reviewers
already
we
have
a
github
to
list
other
issues
which
is
not
a
shared
to
the
other
person
except
the
author.
G
G
G
Then
we
also
refer
to
the
requirement
itself,
and
that's
also
some
of
the
comments
from
the
previous
already
and
the
architecture
should
also
explain
the
relationships
among
all
the
drip
entities
such
as
the
uav
ground
control
station
operator
registry
and
security,
trustworthy.
All
these
entities
and
the
current
arc
draft,
including
all
of
them
so
and
stu,
has
already
shared
offline,
a
list
of
the
entities
which
we
needed
to.
I
think
we
needed
to
cherry
pick
and
discuss
and
hash
out
all
the
details.
What
should
be
including
this
architecture?
G
So,
as
far
as
I
can
tell
from
the
list,
we
have
most
entities
covered
in
solution
draft
in
in
separate
draft.
We
just
need
to
explain
how
it's
going
to
be
used
and
the
relationship
in
between
different
entities
in
the
architecture
graph.
I
think
that's
the
most.
The
comment
and
some
of
the
comments
from
previous
is
kind
of
overlapping,
but
that's
the
main
concerns
to
explain
the
english.
The
connections
between
each
of
entities
next
slide.
G
G
Okay,
so
this
is
one
of
the
summary
we
have
tried
to
address
on
the
new
version.
Some
of
the
comments
are
the
same
with
from
others
such
as
lack
of
a
broadcast
read
introduction,
so
we
added
section
1.1
1.2.2,
which
is
borrowed
from
the
requirement
documents.
I
think
one
of
the
comments
from
daniel
from
you
is
actually
trying
to
make
sure
the
architectural
draft
is
self-contained.
G
So
that's
one
of
the
things
we
taking
actions
on
it
and
we
also
added
section
three
to
explore
all
the
acronyms.
That's
the
michael's
comment.
There's
too
many
tl
is,
and
it's
hard
to
understand,
so
we
we
try
to
edit
as
much
as
we
can
on
the
section
three.
So
there's
a
new
section
on
section
four:
this
is
it
for
us
id.
G
I
expect
the
most
in
this
section
will
resolve
lots
of
existing
comments
such
as
like
why
hdit
is
a
perfect
design,
I'll
call
it
perfect
design
for
a
read
and
what
perk
pro
what's
the
problem
it
will
solve.
So
it's
current
format.
We
put
lots
of
notes
in
there
because
michael
has
has
comment.
I
think
it's
pretty
common
to
list
the
issues.
G
G
So
more
comments
regarding
the
hybrid
remote
id
subsection.
We
remove
that,
and
I've
discussed
with
bob.
I
think
that's
not
to
be
used
useful
anymore.
Hopefully,
everybody
agrees
that
again
we
added
the
broadcast
id
figure
and
we
will
put
more
explanations
for
the
comments
regarding
how
a
broadcast
study
would
be
used
without
networking
or
with
networking.
G
We
also
planning
to
address
the
safety
and
the
security
issues.
I
would
assume
gonna
be
in
section
10
security
considerations,
but
there's
I
think
there
are
three
people
comment
on
that
constantly
and
amelia
think
that
we
need
to
make
distinction
right.
What
is
safety
and
security
in
in
in
the
architecture?
Draft?
G
Okay,
next
slide,
please
so
this
is
this
slide
lists
the
things
at
least.
I
think
we
need
to
focus
on
for
next
one
or
two
revisions,
so
mostly
existing
comments.
Maybe
it's
solved.
You
will
fill
out
all
the
details
in
the
list
items
for
the
others
like
alex,
and
I
think
and
his
comment
we
have.
I
haven't
got
enough
time
to
look
at
it,
but
his
comment
is
more
regarding
why
it
is
not
perfect.
G
I
mean
it's
perfect,
I
mean,
so
we
need
to
explain
that
in
section
four
also,
as
I
already
mentioned,
that
we
have
done
in
section
one
and
the
detail
of
the
section
1.4,
which
is
the
drip
architecture
overview
and
that
still
needs
some
work
to
explain,
drip
ecosystems
plus
the
stews
of
recommend,
sorry
at
least
over
the
entities,
will
probably
need
to
put
the
some
of
the
entities
there.
Try
to
make
connections
then
section
five
comments
regarding
adding
a
ds
registry
section.
G
I
think
this
is
great
comment.
Then
we
can
use
that
session
to
explain
why
reid
should
be
using
reverse
dns
lookup,
and
I
think
that's
one
of
daniel
yours,
commenting
you
and
also
stu.
Also,
I
mean,
as
I
mentioned,
still
stress
the
list
of
and
youtube
sorry
the
entities
that
will
be
also
explained
in
section
five.
G
G
G
G
Well,
I'm
guessing
in
one
or
two
weeks
we
should
have
a
new
version
to
get
the
architecture.
We
want
the
the
structure
we
want
it
right
at
least
one
or
two
weeks.
I
think
we
need
to.
We
need
to
hash
all
the
details.
All
right,
I
mean
I
only
took
it
over
like
two
or
three
weeks,
so
I
need
to
understand
the
the
the
other
draft
to
understand
what
I
mean.
G
So
I
think
that's
that's
the
things
we
need
to
agree
on,
because
previous
comments
is
to
keep
explaining
that
and
droop
architecture.
I
mean
we
don't
have
architecture,
but
in
my
mind
we
do
have
architecture
but
should
be
focusing
inside
the
group
that
that's
my
understanding.
So
I
think,
when
you
hash
out
the
architecture,
the
structure
first
in
one
or
two
weeks,
then
the
rest
will
be
fitting
details
and
I
think
everybody
can
chip
in
for
that.
G
I
I
Please.
So
it's
a
joint
effort
by
the
nine
students
and
me
in
the
in
the
course
in
the
university,
and
we
have
two
components
to
to
develop
so.
First
openhip
open
source
version
which
have
been
updating
for
for
few
years
and
the
new
crypto
protocols
that
bob
is
submitting
in
that
draft
and
we
also
took
open
source
open
drone
id
as
a
starting
point
for
for
develop
observer
app
and
also
a
broadcast
study.
I
I
So
first
we
needed
to
make
better
signature
algorithm
for
for
signing
messages,
so
edward
digital's,
initial
algorithm,
then
the
structure
of
new
arcades,
which
describe
how
the
host
identity
tag
is
made
and
finally
they're
introducing
hierarchy
into
the
heat
so
that,
for
example,
it's
not
like
plain
text,
128
string,
but
it's
also
include
some
data
like
who
issued
this
hit.
Next,
one.
I
So
this
orchid
actually
now
is
a
little
bit
outdated
because
it's
describes
the
first
version
of
remote
id
draft,
but,
as
you
see
the
traditional
orchid,
they
had
the
reserved
prefix
and
for
for
new
orchid,
where
we
have
hierarchy,
we
need
like
a
special
hash
function,
called
c
shake
definable
output
and
it's
also
inco
includes
the
id
of
organization
that
issued
it.
So
it's
a
new
change.
Next,
one.
I
So
for
new
crypto
we
have
currently
implemented
kiock
cipher
because
it's
light
weight
and
more
efficient
than
ies,
but
it
has
not
been
selected
for
next
nist
route.
So
maybe
we
are
switching
to
hudiak.
Also
a
key
generation
function
based
on
it
and
the
edwards
curve.
Digital
signature
algorithm
that
I
already
mentioned
for
efficient
small
signatures.
Next.
I
I
So
this
is
like
prerequisite
to
have
this
feature
when
we
start
adding
trust
into
the
remote
id
or
provide
transport
for
network
id
next,
please
so
for
the
drip
implementation.
We
want
to
start
with
implementation
of
broadcast
drone
id
using
bluetooth
orifi,
where
we
just
assign
this
post
identity
tag
in
hierarchical
way
and
for
development
platform.
I
So
for
android
application
for
open
drone
id,
it
supported
only
bluetooth
so
far,
but
we
wanted
to
try
wi-fi
first,
because
we
didn't
have
like
bluetooth
dongle,
and
we
took
this
wi-fi
analyzer
as
like
open
source
application
to
start
with,
and
it
proved
to
be
a
bit
challenging
because
actually
to
get
some
data
from
the
drone,
you
need
to
connect
to
it
as
access
point
and
then
like
try
to
figure
out
what
is
it
broadcasting.
So
it's
as
next
slide
will
show
it's
a
bit
tricky
in
practice.
I
So
currently
we
are
reading
this
ssids
of
wi-fi
drones
and
try
to
identify
them
this
way
in
future,
maybe
using
wi-fi,
neighbor
neighborhood
aware
networking
mode
would
will
be
like
more
practical,
because
in
current
mode
you
basically
need
to
root
your
android
device
and
it
it's
not
corresponding
to
the
model
when
a
user
just
installs
something
from
up
play,
store
and
see.
Let's
see
the
drone,
so
it's,
but
on
the
other
hand,
this
nine
mode.
It
requires
hardware,
support
from
wi-fi
chip
and
also
maybe
updating
the
android
version.
I
So
in
this
slide
you
can
see
a
prototype
of
wi-fi
listening
and
displaying
access
points
which
are
like
flying
drones
in
in
this
our
current
prototype,
but
since
it's
kind
of
hard
and
implement
without
rooting,
so
maybe
wi-fi
is
not
the
best
option
for
using
this
broadcast
remote
id,
and
that
might
be
explains
also
why
open
drone
id
and
the
adams
prototype
has
not
been
using
it.
So
now
we
are
switching
to
bluetooth
because
it
seems
to
be
easier
and
does
not
require
this
rooting
problem
next
slide.
I
So
currently
we
started
to
look
at
the
back
performance
in
bluetooth
and
there
are
different
versions,
so
this
is
even
like
bluetooth,
low
energy,
but
I
think
for
for
drones.
It
makes
sense
to
use
regular
bluetooth
because
we
need
the
bigger
range
and
also
it's
not
so
critical.
On
the
battery
I
mean
drones
operate
max
few
hours.
So
it's
not
like
a
sensor
that
needs
to
save
battery,
for,
for,
for
I
don't
know,
weeks
or
years
so
maybe
it'll
switch
to
the
standard
next
slide.
I
But
so
far
we
found
bluetooth
much
better
to
and
easier
to
work
with
than
than
wifi.
So
there
are
already
several
applications
available
that
we
are
working
to
to
improve
on
and
bluetooth
flow.
Energy
range
is
not
that
big
around
50
meters,
but
I
think
in
adams
experiments
they
reached
about
100
meters
total
to
4
and
500
4.25.
So
we
are
looking
also
to
achieve
this
kind
of
ranges
slide.
I
So
that's
basically
it
so
we
are
aiming
to
complete
complete,
like
a
full
version
of
remote
broadcast
id
with
bluetooth
and
wi-fi
by
end
of
this
year.
So
now
we
are
working
to
update
their
kit.
Implementation
of
hit
to
2.5
also
take
hodjak
latest
cipher
and
update
to
the
latest
air
id04
implementation.
F
F
The
uas
redworking
group
did
have
an
interim
meeting
they're
very
friendly
to
our
few
small
requests,
but
all
mods,
not
just
ours,
are
in
the
backlog,
iko's
trust
framework
people
are
also
accepting
our
inputs
in
a
very
friendly
way.
They've
made
some
substantial
revisions
to
their
documents
based
upon
our
inputs.
F
I've
mostly
been
working
lately
with
the
the
people
who
are
doing
the
use
cases,
that's
the
tron
working
group
and
then
that
gets
turned
into
identity
standards
by
the
di
working
group
and
then
a
network
by
the
grain
working
group
and
bob
has
been
more
active
in
in
those.
But
he
indicated
to
me
earlier
today
that
that
that's
been
a
little
bit
quiet.
In
the
last
few
weeks,
we've
had
a
number
of
interactions
with
various
us
agencies,
starting
with
faa.
Of
course,
all
the
other
agencies.
F
There
was
a
lot
of
interest
in
what's
variously
called
blue
force,
tracking
or
iff,
which
leads
to
interest
in
resilience
against
spoofing,
which
drip
provides
in
the
utm
pilot
project.
2,
we
showed
multi-vendor
uss,
uss
interoperability
with
you
know,
key
functions,
including
both
forms
of
remote
id,
remain
range
of
the
broadcast.
Remote
id
remains
a
concern
and
the
faa
in
their
nprm
said,
don't
use
unmanned
aircraft
registration
numbers
as
the
uas
id
type,
and
they
gave
their
reasoning
for
not
wanting
to
do
that.
F
F
So
you've
all
seen
this
before.
I
just
wanted
you
to
see
what
we
said
to
the
federal
agencies
and
how
we
set
it,
and
I
don't
see
any
point
in
drilling
into
it
right
now.
People
can
look
at
this
slide
later
if
they
want
to
next
slide,
and
we
had
a
lot
of
slides
like
this
that
you've
seen
before
now,
you
see
the
fine
print
under
the
red
cannot
be
spoofed.
F
Of
course,
there
is
no
such
thing
as
a
system
that
can't
be
spoofed,
but
we
think
that
to
spoof
this
you
need
to
have
a
little
tiny
quantum
computer,
and
this
was
very
popular
with
the
federal
agencies,
and
the
point
is
that
this
is
the
first
thing
that
we
do
above
and
beyond.
Astm
f3411
next
slide.
F
So
this
is
what
it
looked
like.
We
did
a.
We
did
a
scenario
where
we
had
operators
alice
bob
and
carol,
and
we
had
observers
doug
and
eve,
and
there
was
a
several
step
scenario
and
we
showed
that
if
the
sender
has
only
baseline
astm
or
if
the
observer,
the
receiver
has
only
baseline
astm,
then
you
cannot
disambiguate
between
spoofers
and
real
folks.
But
if
both
the
sender
and
the
observer's
receiver
have
our
trustworthy
extensions,
then
yay
verily,
you
can
disambiguate
a
spoofer
from
the
real
deal
next
slide.
F
Oh
the
the
picture
in
the
middle
is
adam's
app,
yep,
okay,
so
it's
really
nifty
so
way
forward.
Registries,
big
open
area.
This
really
needs
to
be
hit
hard.
We
have
talked
about
crowdsourced
grid,
feeding,
broadcast
into
network.
We
need
to
start
prototyping
that
and
then
we
need
to
start
leveraging
drip
to
enable
the
things
beyond
you
know
id
as
an
end
itself,
things
where
id
is
instead
a
means
to
various
ends,
and
so
you
know
making
the
sender
trustworthy,
not
just
the
communications,
trustworthy,
but
the
origin
of
the
communications.
F
Trustworthy
would
be
an
obvious
next
step
and
then
we
need
to
start
thinking
about
what
happens.
You
know
on
beyond
that
with
intermittently
networked
autonomous
uas,
and
I
believe
that
was
my
last
slide
so
anyway,
a
lot
of
interest
from
u.s
federal
agencies.
I
can't
say
what
the
europeans
or
anybody
else
may
be
thinking
at
this
point.
We
kind
of
need
some
champions
to
you
know
to
put
this
forward
to
easa
and
other
caas
around
the
world.
Other
regulators
and-
and
you
know
not
just
the
faa
thanks-
I'm
done.
F
They're
just
well
okay,
so
this
is
all
rumor,
because
the
faa
rule
writers
are
not
allowed
to
talk
to
anybody
else.
Even
other
federal
agencies,
while
they're
writing
a
rule,
but
the
rumor
is
that
they
are
abandoning
the
concept
of
network
remote
id.
Now
I've
gone
on
record
with
the
federal
agencies
as
saying
that's
not
going
to
happen,
because
even
if
there's
no
network
remote
id
by
name,
there
will
nonetheless
within
the
scope
of
utm,
be
functions
that
are
essentially
the
equivalent
of
network
remote
id.
B
H
Yes,
oh
there
it
is
there
we
go
pardon
the
cheeky
name.
I
worked.
I
worked,
it's
3
10
a.m.
For
me,
so
I've
been
working
on
this
the
past
couple
days,
so
my
mind
turned
to
mush.
So
I'm
going
to
just
talk
about
claims,
assertions,
attestations
and
certificates.
Oh
my
next
slide,
please
so
small
recap.
This
was
first
off
the
draft
that
this
is
pulling
from
was
rewritten
massively.
It
got
switched
from
xml
to
markdown.
H
I've
started
to
call
it
drip
proofs,
but
that's
kind
of
me
talking
out
of
wherever
I'm
talking
but
stu
started
a
conversation
on
the
list
because
he
was
realizing
that
there
was
a
lot
of
people
getting
confused
because
we
were
throwing
the
term
certificate
around.
We
were
throwing
the
term
claim
around
and
then
the
word
attestation
started
getting
thrown
around
and
he
started
a
email
chain
in
the
list
to
be
like.
What
do
we
mean
by
these
terms?
H
H
So
this
presentation's
kind
of
me
after
reading
the
emails
about
7
000
times
what
I
saw
and
how
it
fits
into
what
drip
is
doing.
So
this
is
my
proposed
way
of
going
forward
with
it,
because
it's
important
it
touches
the
claims
draft.
It
touches
the
auth
formats
draft.
It
touches
the
registry
draft
which
hasn't
been
written
yet,
but
is
going
to
be,
and
is
the
next
thing
on
my
list,
along
with
bob
and
michael
pelage,
and
also
the
uas
draft
next
slide.
H
Okay,
so
we'll
start
simple,
there's
claims
and
there's
assertions.
Claims
are
a
predicate
consisting
of
two
elements.
This
comes
from
a
definition
I
think
stew
put
into
the
list.
There
are
some
examples
there
x
owns
y
x
is
y
x,
belongs
to
y
and
a
little
hints
of
what
it
looks
like
in
drip
and
an
assertion
is
a
grouping
of
one
or
more
claims
by
a
given
entity.
H
So
here's
an
example
of
a
claim.
This
was
something
that
bob
pointed
out
in
his
email.
A
hierarchical
host,
identity
tag
is
an
assertion.
Slash
claim
I'd,
argue
it's
an
assertion.
It
has
a
bunch
of
claims
in
it,
as
you
can
see
in
the
color-coded
portion
at
the
bottom.
We
have
a
claim
of.
I
have
a
unique
identity
or
a
unique
hash
that
points
to
a
key
pair,
and
I
have
a
unique
registry
that
I
belong
to.
That's
a
pairing
of
a
rra
and
an
h,
an
raa
and
an
hda.
H
H
So
we
move
to
the
next
piece
attestation
and
certificate.
An
attestation
is
a
signed
assertion.
It
can
be
signed
by
anybody
in
drip
scenario.
It
would
most
likely
be
signed
by
the
party
that
owns
or
claims
to
own
said
assertion,
so
they
have
the
associated
private
key
pair
public
private
key
pair
that
the
hit
points
to
and
you
sign
against
it
or
anything
else
that
you
want
and
use
the
hit
as
a
key
to
get
in
the
minimum
is
a
hierarchical
hit.
Hi
pairing
the
host
identity,
pairing.
H
You
can
also
use
it
to
bind
relationships
between
different
parties
using
other
pieces.
The
second
thing
is
certificates,
so
a
certificate
is
by
stu's
definition
that
I
kind
of
took-
and
I
think
is
a
generalization
of
what
carsten
and
hank
and
michael
were
going
after
is
it
is
signed
by
a
third
party
and
that's
the
critical
thing.
A
certificate
is
something
that
a
third
party
is
attesting
to
and
for
drip.
It
is
mostly
identities.
H
We
could
narrow
this
further
to
be
a
trusted.
Third
party
aka.
The
registry,
though
I
think
that
gets
us
in
a
very
weird
situation
where
we're
saying.
Oh,
it's
a
trusted
third
party,
but
then
how
do
you
trust
it?
I
don't
wanna
go
down
that
rabbit
hole,
so
it's
a
thought,
but
I
don't
think
we
need
to
go
there
unless
the
working
group
thinks
we
do
next
slide
please.
H
H
So
a
typical
attestation
is
a
hierarchical
host
identity
tag,
it's
a
corresponding
higher
host
identity,
a
expiration,
timestamp
signing
timestamp
and
the
64
byte
signature.
That's
at
the
max.
The
minimum
would
be
the
hierarchical
host
identity,
tag,
an
expiration
time
stamp
and
a
signature
certificates
embed
these
attestations,
so
c,
x,
x,
c,
x,
x
and
c
y
y
in
these
examples
is
wrong.
H
So
this
is
the
proposed
flow
in
drip
using
the
provisioning
process
as
a
guide.
So
the
registry,
the
aircraft
and
the
operator
would
create
attestations
on
themselves.
I'm
going
to
be
root
and
say
these
are
r
and
o,
but
it's
a-r-r-a-a-a
and
a-o-o.
The
operator
creates
a
certificate
for
the
relationship
between
itself
and
an
aircraft.
This
would
be
coa,
so
the
term
doesn't
actually
change.
H
It's
still
a
certificate
and
the
registry
would
use
aoo
to
create
a
certificate
between
itself
and
the
operator
with
cro,
and
the
registry
would
at
least
use
coa
a
certificate
on
the
certificate
regis
operator
on
aircraft
to
create
croa
and
what
we've
been
calling
cra
for
a
long
time
now,
which
bob
is
now
starting
to
call
the
offline
attestation
certificate
and
this
actually
changes
a
little
bit.
So,
let's
go
to
the
next
slide.
H
So
we
had
a
discussion
me
and
bob,
because
bob
realized
that
there
was
a
timing
attack
or
there
was
a
replay
attack
on
the
certificate
that
we
were
actually
using
and
that
we've
been
demonstrating
for
the
past
couple
months,
and
that
is
that
it
can
just
be
replayed,
and
this
is
his
proposed
fix
to
it.
I
see
where
he's
coming
from.
I
think
it's
a
good
idea,
so
the
top
portion
is
created
by
the
registry.
It
uses
coa
to
glean
the
pieces
and
create
this
attestation
structure
of
the
identity
of
the
registry.
H
Well,
can
you
go
back
daniel
sorry,
so
I
believe
that
the
upper
portion
will
be
defined
in
the
identity
claims
it
might
get
defined
in
the
registry
draft
that
has
yet
been
written.
I
do
not
know
for
now
it
will
be
in
the
identity
claims
draft
the
lower
portion
is
going
to
be
defined
in
the
auth
formats
draft.
I
know
that
for
certain,
so
that
will
we
have
to
make
some
amendments
there.
I
have
an
open
question:
is
this
a
certificate
or
an
attestation?
H
The
whole
structure?
I
know
that
upper
bid
is
an
attestation,
definitely
because
it
fits
with
the
definition.
But
what's
the
whole
thing
is
the
whole
thing
a
certificate
or
is
it
an
attestation
because
it's
the
aircraft
signing,
I'm
not
sure.
So
I
think
it's
an
attestation-
and
I
think
bob
is
right
in
saying
it's
an
attestation
as
well,
but
I'd
like
some
feedback
on
the
work
from
the
working
group
on
this,
because
I'm
not
a
hundred
percent
sure
how
it
what
bin
it
falls
under.
H
I
need
to
change
all
the
terms
around
to
say,
search
change
certificate
to
attestation,
where
it
needs
to
and
attestation
to
certificate
where
it
needs
to
and
change
some
of
these
short
names
or
friendly
names
to
some
of
the
structures.
I
believe
the
offline
form
is
a
good
name.
It
might
just
be
called
offline
attestation
to
match
with
what
bob
was
going
with,
and
I
need
to
prefix
the
provisioning
section
so
that
all
the
naming
conventions
flow
through
the
whole
document.
H
So
other
to-do's-
this
is
kind
of
overarching
for
me,
so
that
the
working
group
kind
of
knows
where
I'm
going
with
a
lot
of
the
work
I'm
doing
so
first
off,
is
the
authentication
formats
draft.
Obviously
I
need
to
update
that.
If
I
update
the
identity
claims,
I
need
to
update
the
structures
there
to
make
sure
that
everything
aligns
and
isn't
being
fragmented.
H
I
need
to
start
working
on
a
registry
drive
for
bob
we've
been
discussing
this
I'm
getting
in
touch
with
michael
polage
me
and
bob
and
michael
will
be
sitting
down.
Hopefully
in
a
week
or
two
to
discuss
some
things,
I
have
to
continue
the
ax
implementation,
which
is
still
unfortunately
closed
source.
H
H
J
H
So
I
think
this
ties
into
a
little
bit
what
the
registry
does,
because
the
registry
would
get
it
an
age
hit
and
then
check
in
the
listing
of
eight
hits
that
are
available
of.
Oh,
is
this
unique
within
my
scope,
the
hda
scope
and
then
the
sign
and
the
certificate
come
in
to
claim
this
is
a
unique
id.
So
the
wording
I
I
agree
with
you
is
wrong
here:
that's
not
the
right
term.
H
H
It
creates
a
key
pair
and
then
it
hashes
it
and
then
creates
the
hierarchical
hit,
and
then
it
asks
the
registry,
the
hda.
I
have
this
new
128
byte
thing.
Can
I
use
this
to
be
who
I
am?
Can
I
use
this
as
my
name
as
my
identifier
and
the
registry
gets
the
final
say
of
saying
no
someone's
already
taken
that
that's
already
in
my
list
or
yeah?
That's
yours!
H
K
K
Privacy,
to
whom-
and
that
is
to
the
observer,
what
whether
they
should
know
or
not.
No,
let's
go
on
the
problem
statement
is
that
in
the
standard
messages
there
is
uas
operator
pai
and
something
needs
to
be
done
about
that
to
fight
to
meet
pai
regulations
go
on
who
should
have
access
pai,
the
uss
for
the
ua
authorized
entities,
no
whom
and
so
forth
others,
but
we
do
need
to
protect.
We
do
need
to
encrypt
the
api.
That's
coming
with
the
broadcast,
go
on.
K
So
how
to
encrypt
the
pei?
The
us
should
have
business
relations
with
some
uss.
In
fact
that's
basic
requirement.
Thus
they
can
establish
a
symmetric
key
for
encrypting,
the
pai
with
authorized
entities
able
to
access,
ask
the
uss
for
either
the
pi
directly
or
for
the
key
for
ongoing
real-time
access
to
the
information
and
so
on.
So
let's
go
next
slide
here,
so
the
symmetric
cipher
must
encrypt
without
expanding
clear
text.
That's
hard
no
bites
to
spare.
K
K
K
K
The
unique
id
is
not
needed
for
each
application
of
cfp.
So
again
it's
it's
just
a
good
cryptographic
fit.
I
did
get
a
couple
bruises
on
the
cfrg
list
coming
to
this
conclusion
now
when
to
encrypt
behind
this,
the
the
pi
must
be
conditional
only
when
allowed
by
the
uss
only
when
the
uas
has
connection
to
the
uss,
and
otherwise,
if
you
have
don't
mean,
let's,
let's
do
the
encryption,
but
there
are
limitations
to
this
and
that
must
be
put
into
the
protocol
and
the
recognition.
K
I
did
look
at
alternative
cfp
there's
a
fiso
scheme,
it's
slow,
but
pretty
neat,
probably
asctrs.
We
needed
two
bytes
in
the
message
for
a
counter
and
there's
no
two
bytes
available,
and
I've
spent
quite
a
bit
of
time
in
the
cfrg
list.
On
this,
there
might
be
an
alternative
coming
from
the
nist
lightweight
crypto,
but
that's
not
for
another
year
yet.
So
that's
why
I'm
staying
with
cfbs
32
for
now
continue
so
again.
Carmen's
met
is
privacy,
one
and
two
confidential
handling
and
encrypted
transport.
K
Can
you
and
read
the
draft?
It's
been
out
there
and
I'd
like
to
see
a
drop
adapted
adopted
by
the
work
group
for
for
this.
This
is
currently
the
only
pai
in
the
estm
messages
that
may
change
with
the
final
making
and
and
changes
to
it.
For
instance,
the
operator
location
does
not
save
the
operators.
Elevation
is
that
the
guy
on
the
third
floor
balcony
or
the
fourth
floor
balcony,
but
that's
that's
easily
handled,
because
that
would
just
be
handling
eight
eight
bytes
in
and
works
in
this
model.