►
From YouTube: IETF110-COSE-20210312-1430
Description
COSE meeting session at IETF110
2021/03/12 1430
https://datatracker.ietf.org/meeting/110/proceedings/
B
C
Hi,
yes,
I
have
a
proposal
for
the
any
other
business
if
we
could
have
a
few
minutes
just
to
discuss
the
need
for
defining
a
cosy
header
map
for
raw
public
keys,
which,
as
far
as
I
understand
there,
is
nothing
defined
yet
and
that
that
could
be
useful.
For
example,
in
in
lake.
B
B
B
I
know
me
and
michael
would
be
taking
a
look
there,
but
probably
someone
helping
out
there
will
be
really
helpful.
Are
there
any.
B
B
Wow
christian,
would
it
be
possible
to
like
take
action
items
make
sure
that
they're
in
the
minutes?
I
think
everything
else
should
be
perfectly
fine
handled
by
us.
B
B
Handled
on
the
chair,
changing
side,
matthew
miller,
who
has
been
co-sharing
with
me
so
far,
will
be
stepping
down
as
quasi
chair,
and
we
are
pleased
to
welcome
michael
jones
to
replace
him.
B
So
I
would
personally
like
to
thank
much
of
our
oh.
His
help
and
thank
mike
for
taking
this
opportunity
to
help
with
the
cause.
Sharing
might
do
want
to
say
a
few
words.
A
A
Since
its
inception,
I
was
one
of
the
people
who
read
the
original
drafts
in
excruciating,
detail
and
provided
feedback
to
jim,
and
what
have
you
and
I've
also
done
two
algorithms
drafts
for
cose,
as
well
as
helping
other
groups
like
the
w3c
web
auth
and
use
the
cozy
algorithm
identifiers.
A
Many
of
you
probably
know
me
because
I
was
one
of
the
primary
editors
of
the
jose
specs
in
jason,
as
well
as
working
in
oauth
and
open
id
connect.
I've
produced
something
like
two
dozen
rfcs
with
many
of
you,
but
this
is
the
first
time
I've
been
an
ietf
chair,
so
I'm
looking
forward
to
both
helping
with
progress
and
learning
some
things
along
the
way
so
look
forward
to
working
with
you.
Thank
you
very
much.
D
B
We
have
our
new
charter
up
for
discussion
by
the
isg
like
almost
two
weeks
from
now,
so
we
are
looking
forward
for
any
feedback
on
that
and.
B
We
have
the
quasi
counter
sign
document
that
is
still
in
the
working
group
and
michael
richardson
is
preparing
the
shepherd's
write-up
so
that
we
can
move
it
forward.
There
have
been
a
question
should
it
update
rfc
8152
or
the
base
struct.
B
I
think
that
was
discussed
in
the
mailing
list
and
some
conclusion
was
already
reached,
but
if
you
have
some
other
thoughts
on
that
and
you
want
to
discuss
it
now,
please
raise
your
hand.
B
B
B
F
They
were
too
not
frequent
enough,
but
it
really
depends
on
whether
we
have
active
discussion
going
on
in
the
draft.
So
I
would
expect
in
the
next
couple
of
months
we
will
still
talk
a
lot
about
the
zebra
city,
civil
encoded
certificates.
B
A
De
facto,
two
interims
between
itfs
is
about
once
a
month
per
what
ben
was
saying.
C
Yeah,
if
I
may
jump
into
around
scandal,
I
think
I
just
agree
with
kirsten
saying
that
it
really
depends
on
on
whether
people
have
time
to
progress
the
work,
how
how
much
we
need.
I
think
it's
a
good
idea
to
have
at
least
one
interim,
perhaps
two
before
the
next
itf.
B
Okay,
so
it
sounds
like
we
want
to
have
at
least
two
three
interim
so
once
per
month,
more
or
less
one
option
is
to
schedule
them
like
every
two
weeks
and
then
just
cancel
some
of
them.
If
we
see
that
we
don't
have
enough
progress
or
something
like
that,
maybe
we
can
discuss
it
also
in
the
mailing
list
in
the
interest
of
them.
D
Yes,
I
think
we
have
some
some
good
input
from
people
and
hopefully
the
chairs
can
make
a
concrete
proposal
about.
You
know
having
two
interims
before
111
about
once
every
month
and
we
can
get
confirmation
on
the
list
that
that's
going
to
work
for
most
people.
E
Thank
you
so
this
is.
I
got
an
action
point
to
try
to
summarize
the
discussion
here
on
the
github
issues,
the
discussion
on
the
list
and
the
discussion
on
the
last
interim
and
try
to
make
a
pr
out
of
that.
So
this
only
talks
about
this
pr
and
the
pr
I
can
take
next
slide.
E
E
So
the
main
solution
here
was
the
solution
suggested
by
russ
to
use
x5
t,
together
with
the
other
parameters,
to
make
it
secure.
E
E
So
the
pr
definitely
needs
to
be
updated,
then
added
that
integrity
protection,
as
I
said,
can
be
added
by
adding
using
x5t
together
with
other
headers,
add
in
a
one
sentence.
Explanation
that
x5
bag
and
x5
chain
in
unprotected
allows
an
intermediate
to
remove
old.
E
E
And
then,
if
you
do
end
the
entity
protection
of
the
certificate,
I
think
then
you
end
up
with
that.
You
don't
need
any
requirements
for
protection
of
the
uri
and
then
I
added
security
considerations
based
on
integrity,
protection,
which
is
quite
separate
but
discussed
in
the
same
thing
and
then
why
integrity
protection
of
the
entity
certificate
needs
is
needed
for
proof
of
possession.
That
would
then
be
need
to
be
updated.
Based
on
warrants
comments.
E
B
Whether
this
is
something
we
want
to
do
I
mean
here
it's
not
like
explicitly
referenced,
but
I
guess
we
will
need
to
somehow
say
what
this
thing
is.
So
maybe
we
need
to
have
an
informative
reference
if
we
keep
the
text
like
that,
whether
this
is
something
we
want
to
do,
maybe
maybe
not
just
a.
E
E
E
E
G
John,
a
question
since
you
raised
this
question:
what
are
the
main
use
cases
like
in
in
general
that
may
answer
some
of
the
the
questions
whether
you
need
this
or
that.
E
G
Like
the
document
is
includes
like,
for
example,
the
the
document
specifies
the
number
of
ways
to
pass
x,
500
x,
509
certificates
for
different
types
around,
such
as
the
one
that
you
show
on
the
on
on
the
screen
with
the
bag
of
certificate,
and
so
it
depends
a
little
bit
on
what
you
what
use
case
you
are
trying
to
cover
on
whether
all
of
those
things
are
needed,
because
one
of
the
problems
I
had
with
cosi
was
like
it's
a
it's
a
laundry
list
of
things,
and
then
nobody
implements
the
laundry
list
and
then
it's
it
turns
out
that
it's
often
incomplete
ill-specified
and
so
on.
G
So
I'm
curious
like
what
are
the
use
cases
we
start
with,
and
my
next
question
would
then
be:
are
you
implementing
them
to
see
whether
the
description
is
actually
matches
reality
than
in
in
terms
of
code.
E
I
think
I'm
the
wrong
person
to
ask
here:
I've
not
written
this
document,
I'm
only
providing
this
pr
that
fixes
these
four
issues,
but
maybe
somebody
else
can
answer.
C
Yeah
I
mean
john
had
a
question
about
how
we
should
formulate
the
statement
here,
whether
we
should
go
for
proof
of
possession
or
make
it
a
make
a
must
requirement
instead
for
for
integrity
protection,
and
I
think
that
that
would
simplify
things
to
go
for
a
must.
C
This
becomes
very
complicated
to
for
anyone
to
to
comply
with.
So
that's
that's
one
comment.
C
Then
we
had
a
discussion
on
the
previous
slide
on
the
mentioning
of
examples
here
and
in
this
slide
there
is
also
mentioning
of
of
ad
hoc
here's
a
protocol,
and
I
I
think
that
this
is
motivated
here,
because
it's
an
example
of
how
cosy
is
being
used
in
a
security
protocol
which
is
not
the
I
mean
which
is
not
the
case
for
the
previous
slide.
C
Where
there's,
basically
I
mean
it,
doesn't
have
to
be
used
within
within
the
protocol,
so
that
that
would
be
a
reason
why
you
would
actually
give
the
example
with
external
aad
as
a
clarification.
I
think
that
aligns
a
little
bit
with
harnesses
is
missing
explanations
here,
so
I
think
that
should
be
kept
in
the
in
the
slide.
Five.
E
Okay,
next
slide
is
chain,
it's
extreme.
It's
exactly
the
same
thing
as
bag.
E
E
So
here
is
x5t.
I
added
text
to
clarify
this
is
an
end
entity
certificate.
It
was
a
comment
on
about
that
on
the
list
or
in
the
issue
tracker
and
then
similar
text,
but
not
exactly
the
same
as
for
bag
and
chain,
and
proof
of
I
think
here
it
seems
like
we
are
leaning
towards.
Having
must
integrity
predict
yeah,
and
then
we
have
sunny
and
protected
head
there
or
included
in
the
external
aad
and
then
a
backward
reference
to
bag
and
chain
click.
Next.
E
E
Any
comment
on
using
application
keyboard-
I
guess
I
assume
people
are
fine
with
that
and
make
it
more
specified.
Okay
next
and
let's
do
some
commenting.
E
E
In
fact,
I
think
if
we
go
for,
must
we
don't
need
this
uri
protection
at
all,
maybe
except
if
you
want
to
transfer
new
trust
anchors,
but
here
in
this
text
it's
now
divided
into
two
sections
one.
If,
if
it
is
integrity
protected,
then
the
uri
does
not
need
any
protection,
and
if
it's
not
integrity
protected,
then
you
need
the
same
protection
as
you
had
in
the
old
version
where
you
need,
for
example,
https
on
the.
E
Yeah,
I
think
that's
just
the
summary.
Any
high
level,
I
think,
seems
no
objection
to
this
seems
like
we
people
so
far
positive
on
the
list
we
go
for
must
need
to
explain
the
security
consideration
based
on
lawrence
comment.
It's
not
the
only
proof
of
possession
and
then
a
more
specific
media
type.
F
F
In
the
chat,
I
think
we
just
said
that
we
don't
want
to
mention
an
ad
hoc
in
the
text,
because
you
would
have
to
add
a
reference,
and
that
is
a
bit
late
in
the
process.
So
we
should
be
using
more
general
terms
than
specifically
referencing
network.
C
And
then
I
I
responded
to
that
and
said
that
for
the
in
in
order
to
illustrate
how
the
external
aed
is
used,
that
that
that
would
be
one
reason
to
keep
it.
But
otherwise
we
could
rewrite
that
part
as
well.
But
that
would
mean
we
need
to
change
the
part
which
is
specifically
mentioning
how
external
aed
is
used.
F
G
I
record
in
the
vr
like
adrock
being
mentioned
five
times,
sounds
to
me
a
little
bit
overselling.
I
think
I
understand,
but
I
understand
the
motivation
but
yeah.
G
Yeah,
I
think
I
think
it
should
be
independent
of
those
protocols,
whatever
the
next
favorite
thing
is
and-
and
there
would
be
like
there's
new
stuff
already
developed
being
developed
now,
so
that
this
would
be
there
would
be
a
continuing
list
of
protocols
being
used
in
that
context.
So.
C
E
F
G
E
Yeah,
so
we
have
see
we
have
25
minutes
left.
I
think
this
can
be
quite
short
and
we
can
leave
things
for
the
next
interim.
How
much
time
do
you
need
your
for
the
ayanna
and
your
other
business?
E
You
need
ten
minutes
or
five
five
minutes
each
yeah,
that's
fine
good
yeah,
so
seaborn
encoding
of
x509
certificates.
E
E
There's
not
been
much
discussion
on
the
list
for
that,
so
I
don't
think
you
can
say
that
there's
consensus
about,
but
that's
the
current
working
assumption
feel
free
to
comment.
If
you
want
that
to
change.
E
So,
yes,
the
overview
for
people
that
has
not
been
on
the
interim,
this
has
expanded.
It
was
initially
a
short
small
profile
of
7925.
Then
the
comments
have
been
that
we
have
shifted
to
cover
quite
much
of
5280
and
do
very
little
profiling.
So
this
is
an
an
encoding
of
528,
zero
or
large
part
or
it
the
things
that
make
sense
for
iot
cover
7925
the
new
tls1.3
iot
profile,
they're
very
similar,
but
might
be
some
changes.
I
triple
e.
E
G
Question
in
in
some
sense,
I
was
wondering
how
this
relates
to
another
document.
I
have
been
co-authoring
which
defines
how
to
use
cwds
in
dls,
because
in
some
sense,
what
you
want
is
is
kind
of
the
the
functionality
of
a
cwd
rather
than
a
plane
cosy.
Or
am
I
getting
this
wrong.
E
So
this
is
not
these
c509
certificates
are
not
cozy,
they
are,
they
are.
The
document
contains
two
different
types.
I
think
they're
called
types
one
is
compressed
x509
their
encoded
certificate,
so
you
can
use
it
as
a
compression
mechanism,
but
it
registering
tls
as
a
certificate
type.
E
The
other
type
is
a
seaborg,
a
natively
sign
c
c509
that
give
it
get,
and
the
only
changes
between
them
is
that
in
the
one
type
the
signature
is
over
there
and
in
the
other
type,
the
signature
is
over
seabor,
but
so
far,
there's
no
two
c
in
either
of
them.
G
Because,
like
then,
the
draft
name
was
compressed
compressed
x549
certificates
right
and
that's
how
you
initially
sort
of
advertised
it
in
it.
The
feature
it
offers
is,
obviously
you
can
use
an
existing
x549
certificate
and,
as
the
name
says
it
like
does
the
compression
on
the
wire,
the
downside.
That's
has
its
beauty
and
but
then
the
downside
is
obviously
you
need
to
now.
G
Have
the
implementation
x
y
for
nine
passes
and
and
libraries,
as
well
as
the
cozy,
the
the
seabor,
slash
cosi,
libraries,
and
you
know
like
at
some
point
in
time.
You
changed
that
scope,
but
but
still
made
have
the
same
in
the
same
document.
Is
that.
E
E
E
My
plan
is
to
go
to
t
after
this
is
working
group
adopted
yeah
or
if
it
is,
which
I
hope
it
will
be
and
look
like
it
is.
Then
I
will
go
to
tls
working
group
again
and
ask
what
the
tls
working
group
thinks
about
this
and
if
they
they,
if
they
want
this,
and
if
they
think
it's
the
right
choice
and
if
they
think
this
should
be
done,
in
course,
or
if
we
should
write
the
tls
document
doing
that
registration.
G
G
I
always
like
we
had
a
discussion
in
dls
earlier
on
this
and
there
you
advertised
it
as
a
you,
only
put
an
emphasis
on
the
the
compression
feature,
not
on
the
native
sibo
feature.
So
that's
why
I
was
confused.
E
Yeah,
I
think
it
was
has
been
discussion
in
cosi,
whether
that
would
be
standardized
or
not,
and
now
we
have
ended
up
that
because
it
should
standardize
natively
sign.
There
has
been
where
I
think
most
of
the
interests
have
been
related
in
comparison
to
cvt.
I
would
say
that
cvt
might
be
more
flexible
and
new
and
that
this
c509
certificates
are
with
like
profiling
and
content
is
just
a
different
encoding
of
x
509.
E
No,
we
have
only
implemented
compression
and
working
on
that,
and
that
is
soon
done.
My
plan
is
still
to
release
the
the
compression
as
open
source,
maybe
till
summer,
okay
cool.
I
am
not
I
some
point
in
time.
I
hope
to
implement
the
inverse
also,
but
that
has
not
been
done
and
will
not
be
done
for
a
while.
C
E
E
Some
moving
information
in
the
draft
you're
under
this
change,
but
it's
naturally,
science
certificates
is
definitely
there.
So
there's
some
restructuring
of
sections
name
change
with
carson,
michael
ponto.
You
should
not
call
this
seaboard
certificate,
so
the
new
is
c509
certificates
which
is
combination
of
cbor
and
x509.
E
Then
there
is
quite
some
changes
to
the
header
parameters,
bag
chain
tag
and
uri
based
on
the
x509
discussion.
These
are,
I
think
these
need
further
updates.
I
stopped
updating
after
and
planned
to
wait
until
the
x
509
discussion
is
finalized,
that's
more
urgent
and
should
be
the
basis
for
the
seaboard
certificates.
E
Based
on
the
discussion.
We
there
was
a
request
to
add
a
tag,
and
if
you
want
and
based
on
that,
I
created
we
created
a
new
structure
called
cc5,
which
is
an
array
containing
one
or
more
seaboard
certificates
and
the
same
board,
certificates
or
sequences.
You
can
just
add
them
after
each
other
inside
an
array,
and
then
there
is
a
tag
I
think
we
have
and
then
from
zero,
eight
zero,
seven
to
eight.
E
So
a
lot
of
open
issues,
I
think
some
of
them
are
very
minor
and
someone
and
just
reminder
we'll
go
through
some
of
them
as
much
of
their
time.
We
just
have
to
wait
for
an
entering.
E
E
So
first
this
says
new
issue.
Here
I
think
nobody
has.
I
don't
think
we
have
done
an
issue
on
github
yet,
but
this
was
after
reading.
The
tls
iot
profile
in
utah
and
the
discussion
in
sec
dispatch
seems
to
be
a
lot
of
discussion
of
moving
more
information
to
to
subject
alt
name.
I
think
the
tls
profile
changes
what
is
going
into
subject
adult
name
compared
to
the
tls
1.2
version.
So
the
question
is
more.
I
think
we
support
everything.
G
Yeah
I
rich
had
in
his
document
he
talks
about
the
server
side,
server,
authentication
and
for
the
web,
and
the
reference
utah
document
talks
about
client
authentication
for
iot
devices.
So
the
question
to
me
is
whether
the
use
of
sans
on
on
the
web
for
servers
should
also
imply
that
we
should
use
the
same
for
iot
environments
for
client
sides
or
whether
his
proposal
actually
also
applies
to
client
certificates
in
sort
of,
let's
say
app.
B
We
have
two
more
minutes
for
this
presentation.
Do
you
think
we
should
move
this
to
the
main,
at
least?
Maybe
I
think.
E
E
C
C
So
there
is
someone
whistling
in
the
background:
it's
very
nice,
a
bit
unfamiliar
sound
though
I'm
we
have
in
the
current
cosi
ayana
register.
Only.
H
C
Thank
you
for
confirming
that
you
actually
hear
it
ben.
I
thought
it
was
in
my
head
so
good
that
someone
else
hears
it
as
well.
C
I'll
I'll
try
to
just
talk
see
if
it
works
anyway.
So
what
I'm?
What
I'm
aiming
at
here
is
that
the
it's
really
distracting
what
this
cozy
currently
doesn't
define
just
encryption
without
mac
and
and
there
are
authenticated
encryption
and
authenticate
encryption
with
additional
data,
and
that's
also
explained
or
clarified
in
the
content.
Encryption
algorithm
section,
which
is
giving
the
the
restriction
to
only
use
authentication
authenticated
encryption
with
additional
data.
C
Please
so
there
is
first
of
all
this
request
from
from
fido
alliance,
registering
just
encryption:
algorithms,
there
is
cipher
block
chaining
and
as
encounter
mode,
and
it's
not
really
clear
from
the
specification,
because
it's
it's
mentioning
both
encrypt
and
mac
and
mac,
then
encrypt.
So
it's
not
really
clear
exactly
what
they
intend
to
use
it
with,
but
one
instance
which
is
presented
is
cosencrypt:
zero,
wrapped
in
a
cosi,
max
zero.
C
So
this
is
actually
a
second
request
for
so
so,
and
the
motivation
is
there
to
support
legacy
hardware
and
this
actually,
the
second
request
from
fido
to
register
legacy.
Algorithms
previous
requests
resulted
in
in
an
rfc
which
is
authored
by
our
new
working
group
chair.
C
So
we
are
familiar
to
this
situation
and
this
might
be
the
the
same
type
of
request
might
be
going
back
from
from
itf
to
to
actually
make
a
registration
to
explain
how
they
are
going
to
securely
use
encrypt
with
with
cosy
mac,
and
then
I
just
want
to
point
out
that
this
is
not
the
only
next
slide.
Please.
No,
it's
not
the
only
use
of
encryption,
only
so
encryption
without
mac.
There
are
two
other
examples,
so,
for
example,
in
in
ad
hoc
in
message
two,
it's
only
by
the
security
proof.
C
It's
only
required
to
do
encryption
without
integrity
and
in
this
case
it's
using
stream
cipher,
but
it
could
just
as
well
have
been
using
cosy
with
an
encryption
without
mac,
but
that's
not
specified.
So
we
can't
use
that
for
freedom
so
that
that-
and
that
might
be
others
sit
in
the
same
situation
where
they
would
like
to
use
cosy
with
an
encrypt,
but
it's
not
specified,
and
the
third
example
is
groupos
core,
where
we
currently,
which
is,
which
is
about
group
communication,
and
there
is
a
signature
for
source
authentication.
C
C
So
that's
basically
what
I
wanted
to
say.
We
can
go
back
to
the
previous
slide
and
discuss
the
specific
request
from
fido,
but
I
think
that
the
general
question
to
the
working
group
is
are:
are
we
fine
with
actually
registering
encryption
algorithms
without
without
mac
in
if
they,
if
that's
also?
There
is
also
a
supplementary
specification
explaining
how
how
this
is
used
securely
with
security
considerations.
B
D
It
does
seem
like
this
is
something
that
we
should
probably
allocate
code
points
for,
especially
because
cos
a
is
sort
of
more
of
a
framework
than
an
actual
protocol.
We
don't
have
a
great
reason
to
limit
what
people
can
build
using
our
toolbox.
D
The
question
that
I
have
is
more
of
whether
we
want
to
change
the
structure
of
the
registry,
to
have
it
more
prominent
that
there
is
a
warning
label
that
applies
to
this
mechanism
or
if
we
think
that
the
existing
required
be
in
their
specification
or
if
we
have
a
description
that
could
say
something.
If
that's
enough.
C
A
So
this
is
mike
speaking
just
as
an
individual.
I
will
note
that
the
jose
registry
has
some
things
registered
as
being
prohibited
and
we
could
add
to
the
kosei
algorithms
registry
that
categorization
as
well
so,
for
instance,
sha1,
is
registered
as
an
algorithm.
Its
use
is
prohibited,
but
there
were
legacy
reasons
to
be
able
to
reference
that
as
an
algorithm.
I
believe
that
came
from
w3c
web
crypto,
so
I'm
perfectly
good.
Adding
code
points
I
will
say
that
recommended
versus
not
recommended
is
not
strong
enough.
We
already
also
have
deprecated.
A
C
Okay,
so
yeah
ben
is
proposing
adjectives
here.
C
C
C
I
C
So
there
is
no
slight
exactly
thank
you,
okay,
so
just
quickly,
thank
you
very
much
for
for
giving
the
opportunity
to
bring
this
up
in
the
last
minute.
So
it's
it
has
been
requested
from
from
several
several
parties
that
we
need
to
define
raw
public
key,
a
cozy
header
map
for
raw
public
key.
It
is,
for
example,
it's
a
it's
a
requirement
by
the
lake
working
group
and
it
might
be
used
in
other
in
other
settings
as
well.
C
So,
and
the
question
I
wanted
to
raise
here
is
apparently
I
already
got
some
comments
on
the
on
the
jabber
is
if
we
need
a
separate
specification
for
that
and
what
how
how
we
should
handle
that
in
in
relation
to
things
like
bob
moscowitz
mentioned
the
7250,
which
is
not
the
most
efficient
representation,
but
it's
sort
of
we
can
have
the
analog
representation
using
the
tbs
certificate
data
structure
to
the
to
be
signed
certificate
data
structure
in
c509,
which
also
provides
public
key
identity
and
an
identifier
but
no
signature.
C
So
any
any
quick
comments
on
that.
What
people
think
about
should
we
define
it
as
a
sep,
an
analog
way
as
rfc
7250,
or
should
we
just
define
it
as
a
another
cyborg
another
cozy
header
map.
C
C
So
I
I'm
reading
the
jabber
here
and
saying
that
what
what
you
provide
the
question
is,
does
you
we
need
to
have
this
still
have
the
header
map
like?
If
you
look
at
the
x519,
for
example,
we
have
a
cosy
header
map
to
to
to
to
to
index
whether
this
is
an
x5t
or
an
x5
chain,
and
the
similar
similar
type
is
what
I'm
requesting
the
type
which
is
indicating
that
this
is
a
particular.
C
C
C
C
D
I
guess
renee
was
in
the
queue
before
me.
B
I
Okay,
I
just
have
a
brief
question
because
we
are
in
the
other,
any
other
business
section.
I
I
So
the
first
round
has
taken
more
than
three
months
without
any
satisfactory
technical
discussion.
So
I
was
wondering
whether
we
could
do
it
in
a
different
way
or
if
people
have
suggestions
how
to
make
it
seem
more
collaborative
instead
of
now,
it
feels
like
blocking.
I
So
currently
we
have
a
yana
expert
review
and
it's
handled
offline
and
it
seems
to
be
moving
target
and
discussions
on
the
cozy
mailing
list
also
seem
to
be
separated
from
what's
actually
in
specifications.
I
D
I
Yeah,
so
this
is,
this
is
more
a
general
question.
I
I
want
to
separate
it
from
you
know.
Particular
things
about
six
one
character
strings.
In
that
specification.
I
was
just
learning.
How
can
we
make
the
process
more
conducive
to
get
into
the
results
instead
of
making
it
an
endless,
dragging
mind
numbing
exercise.
C
I
After
three
months
of
silence-
and
you
know,
there
has
been
some
offline
discussions
where
it
seems
it
seems
that
people
are
interested
in
blocking
things
instead
of
moving
moving
forward.
Yes-
and
I.
C
So,
as
I
said,
I
think
there
has
been
an
answer
to
the
ayanna
at
least
what
I
know
from
from
from
my
side.
There
might
be
something
not
going
all
the
way
back
to.
I
I
I
have,
I
have
had
many
discussions
with
ads,
but
it
seems
that
we
have
to
wait
until
some
people
drop
off
or
something,
but
I
think
we
should.
We
should
have
a
discussion
on
technical
merit
and
not
discussion.
Yes,.
D
Based
on
specifics,
political
and
blockage,
there
have
been
several
classes
of
potential
technical
issues
that
were
raised
and
we
only
had
actual
back
and
forth
discussions
about
some
of
them.
There
are
there's
at
least
one
where
I
think
you
were
the
last
one
to
respond,
and
there
was
not
a
follow-up,
but
I
think
there
were
some
where
there
were
issues
raised
and
you
did
not
follow
up.
So
I
think
there's
work
to
be
done
on
many
fronts
here.
I
I
think
the
the
political
posturing
has
to
stop
because
there
was
already
discussion
one
and
a
half
year
ago
by
jim
shot,
who,
unfortunately,
is
not
here
anymore,
but
I
want
us
to
be
constructively
moving
forward
and
not
get
the
impression
that
people
just
for
whatever
purposes
they
want
to
drag
things
on
and
not
even
have
a
look
at
the
rfcs
8152
details.
D
D
We
are
quite
far
over
time
and
I
do
want
to
make
sure
now
that
matt
has
actually
joined
the
session.
But
I
get
a
chance
to
thank
matt
as
the
outgoing
chair
for
service
matt.
You've
been
really
great
for
this
working
group
and
we
appreciate
all
you've
done.
So.
Thank
you
again
and
best
of
luck.
As
you
move
on
to
newer
and
greater
things.
J
Thank
you
and
thank
you
everybody
for
the
time
and,
like
you
said,
we're
almost
10
minutes
over.
So
unless
there's
anything
else,
I
think
we
can
call
this
a
wrap.