►
From YouTube: IETF111-SACM-20210726-1900
Description
SACM meeting session at IETF111
2021/07/26 1900
https://datatracker.ietf.org/meeting/111/proceedings/
A
I
was
doing
so
I
was
working
on
getting
the
last
set
of
slides.
That's
what
I
was
doing.
I
knew
I
was
doing
something
hopefully
productive.
Just
give
me
a.
A
All
right
so,
while
I'm
giving
you
all
another
minute
or
two
to
get
your
bearings
and
everybody
to
get
connected,
I
am
gonna
need
we
chris,
and
I
would
like
desperately
to
have
a
minute
taker
so
or
do
we
have
any.
E
Can
you
hear
me
this
is
bill?
This
is
phil
yes
bill.
I
can
hear
you,
I
can
do
part
of
it
and
then
I'll
be
talking
right.
Do.
A
G
B
F
F
Sure
is
the
link
for
the
notes
somewhere
convenient.
Oh
it's
off
of
the
agenda.
Isn't
it
I
can
do
that.
Yeah.
A
I
remember
this
last
time
my
laptop
when
I
start
running,
meet
echo
and
gather.
It
starts
sounding
like
an
airplane
about
to
take
off
my
desk,
so
hopefully
nothing
will
crash.
A
A
The
first
couple
of
creative,
slides
with
pictures
are
all
thanks
to
chris,
because
I'm
no
longer
creative,
I
think,
but
we
are
not
in
san
francisco.
We
are
all
virtually
at
our
desks
all
over
the
world,
so
welcome
to
ietf
111
and
to
the
sacramento
group.
A
As
a
reminder,
this
is
our
note
well
in
little
tiny
font,
so
you're
going
to
look
it
up.
If
you
need
it
and
as
a
reminder,
this
these
processes
apply
to
all
ietf
meetings
and
by
participating
in
this
meeting,
you
are
agreeing
to
comply
with
these.
A
This
is
our
agenda
for
the
day
we
have
note
takers
for
oh,
so,
first
of
all,
is
there
any
agenda
bashing.
Do
we
have
anything
to
add.
A
I
just
read
the
chat,
so
so
the
so
there's
no
agenda
bashing.
We
have
minute
takers,
we
can
all
see
the
jabber
rooms,
I
don't.
I
don't
think
we
really
need
a
jabber
scribe
in
this
format
and
with
that
the
first
agenda
item,
I
think,
is
pretty.
I
think
it
basically
got
resolved
over
email
either.
I
I
earlier
today
but
chris,
do
you
want
to
talk
about
the
status.
B
B
Of
move
forward,
karen
you're
right
did
get
resolved
earlier
today,
over
email,
all
of
the
kind
of
knits
and
everything
else.
The
update
looks
good,
so
both
roman
gave
it
a
review.
I
gave
it
a
review.
I
updated
the
shepherding
doc
that's
submitted,
so
that
means
that
roman
is
going
to
bring
it
forward
for
to
iesg
for
its
final
blessing.
A
Excellent,
so
then,
are
there
any
questions
or
comments
on
the
status
of
coastwood.
A
Thank
you
for
the
to
the
editors
for
addressing
all
of
roman's
comments
and
we'll
be
moving
that
document
on
to
the
next
stage.
The
next
document
is
the.
A
Architecture
document
and
bill
is
going
to
talk
about
that
bill.
I
was
gonna.
Do
you
want
to
share
the
slides,
or
would
you
like
me
to
do
that.
E
Do
you,
if
you
have
them
up
and
ready,
then
go
for
it?
Well,
ready
is
a
little
bit
optimistic,
but
yes
ready
enough.
I'm.
E
So
we
did
a
number
of
updates.
It
looks
like
about
one
a
month.
There
was
two
in
two
in
june
there
that
were
actually
on
the
same
day.
I
feel
like
so
did
a
couple
of
updates
there,
and
there
were
a
couple
of
new
issues
that
were
opened.
E
I
will
say
that
we
haven't
necessarily
been
hugely
using
the
issues
features
in
github,
but
we
did
close
a
number
that
were
there
or
got
rid
of
a
few
that
were
pretty
old,
that
got
replaced
so
we
can
go
the
next
next
slide.
First
update
in
march
just
kept
the
draft
alive,
so
it
didn't
expire,
no
real
work
on
that
one.
E
We
can
go
the
next
one,
a
few
enhancements,
especially
to
the
the
overview
section
kind
of
changed,
a
little
bit
of
words
around
there
for
producers
and
consumers
and
kind
of
defined
what
those
different
capabilities
interactions
were
going
to
be.
We
added
a
concept
of
a
manager
component
and
kind
of
then
had
to
resolve,
revise
all
the
diagrams
to
include
that
in
there
and
that's
sort
of
the
kind
of
the
administrative
kind
of
management
of
the
the
ecosystem
there.
E
E
So
may
you
know
kind
of
continued
down
the
path
with
defining
the
role
of
the
manager
and
its
interactions
put
in
an
operation
for
generic
status
notifications.
That's
basically
just
a
publish
subscribe
where
any
component
can
either
publish
or
subscribe
to
to
receive.
E
We
changed
the
name
of
component
onboarding
to
component
registration,
not
really
that
big
of
a
deal
talked
a
little
bit
about
payloads
and
payload
categorization,
and
really
what
this
came
from
was
it
was
the
the
document
was
reading
a
little
bit,
leaning
towards
one
particular
flavor
of
an
integration
service,
and
we
didn't
want
to.
I
guess-
have
that
sort
of
lean
or
push
towards
particular
types
of
technology,
so
we
kind
of
defined
the
different
types
of
payloads
and-
and
I
guess
not-
I
guess
the
two
categories
of
payloads-
that's
topic-centric
and
payload-centric.
E
Topic-Centric
means
that
the
naming
conventions
of
the
topic
are
are
really
the
label
that's
attached
to
the
payload,
not
literally
attached,
but
it's
you
know
associated
with
that.
Payload.
The
integration
service
then
matches
that
against
the
known
subscription.
So
the
the
topic
naming
and
the
topic
naming
convention
provides
more
of
a
deterministic
purpose.
E
So
that
way
one
can
discern
from
the
topic
name
what
the
intent
of
the
payloads
are
and
the
the
different
types
of
payloads
that
would
be
published
to
those
topics,
stuff
message
or
payload
categorization,
that's
payload,
centric,
the
the
only
technology
that
I
could
think
of,
or
that's
made
it
you
know
put
in
as
an
example
in
the
draft-
is
xmpp
which
has
actually
a
finite
number
of
payload
types.
So
it
has
different.
E
You
know
the
a
message,
an
information
query
and
a
presence
and
like
those
are
the
only
three
types
of
payloads
that
you
can
have
and
then
what's
inside
the
payload
actually
defines
the
actual
operations
that
will
happen
on
that
payload.
So
if
it's
an
information
query
with
a
collect
instruction,
then
the
payload
there
is
defining
what
happens
when
that
message
is
received
by
another
component.
E
Hopefully
that
made
a
little
bit
of
sense.
We
also
added
a
couple
of
different
health
operations
over
the
administrative
interface.
That's
basically,
the
you
know
from
the
from
the
manager
directly
to
each
individual
component
are
the
are
the
administrative
interfaces
and
that's
the
health
check
and
heartbeat.
Basically,
those
just
sort
of
are
different
based
on
who
initiates
the
actual
operation.
E
E
So
june
we
added
a
terminology
section
and
adam
did
a
number
of
updates
to
that
to
make
sure
that
we've
got
some
good
terminology
in
there.
Russ
warren
from
the
open
cyber
security
alliance,
who's
kind
of
in
charge
of
a
lot
of
the
architectural
components
that
are
in
architectural
meetings
and
designs
that
are
going
on
over
there
at
the
oca
did
a
review
of
the
document
provided
a
number
of
comments
that
we
put
into
some
of
those
issues
that
we
then
resolved.
E
You
know
fairly
quickly
after
after
his
comments,
so
that's
pretty
much
why
we
ended
up
with
two
two
revisions
really
quickly.
There
in
june
took
a
shot
in
the
dark
about
capabilities
in
in
the
ayana
sections,
about
kind
of
naming
particular
types
of
capabilities
and
things
of
that
nature.
So
I'm
not
married
to
anything.
That's
in
that
section
right
now
so
and,
like
I
said
I
I've
never
had
to
do
that
before
so
yeah
shot
the
dark
last
update.
E
As
on
the
next
slide,
this
is
lucky
number
13..
We
fully
kind
of
wrote
out
the
operational
section
for
ad
hoc
collection,
which
is
basically
from
a
a
saccum
producer,
in
this
case
the
manager
initiating
the
collection
activities
distributing
message
to
the
orchestrator.
The
orchestrator
can
then
massage
the
information
to
the
specific
posture
collection
service.
E
Posture
collection
service
goes
off
and
does
its
collection
publishes
the
collected
posture
attributes
to
the
repository
interface
and
also
includes
some
definitions
in
there
of
where
all
the
different
status
notifications
can
take
place.
E
All
right
and
then
moving
on
to
the
fun
stuff
is
the
next
slide
so
coming
out
of
some
of
the
meetings
with
the
oca
and
and
kind
of
the
the
lack
of
sort
of
work
that
was
being
done
through
the
the
scap
endpoint
data
collection
groups
and
that
sort
of
stuff
was
supposed
to
be
brought
into
the
oca
that
work
never
really
sort
of
trained
transitioned
into
that
and
the
meetings
just
sort
of
went
away
and
a
lot
of
the
ascap
people,
weren't
weren't,
showing
up
at
the
oca
meetings
or
whatnot.
E
So
we
kind
of
came
in
and
adjusted
a
little
bit
to
have
the
sakam
architecture
sort
of
fill
that
void
since
the
s-cap
can
be
considered.
Basically,
an
instantiation
of
the
sakam
architecture,
we're
pretty
good
there.
We
had
some
discussions
within
the
oca
and
between
cis
and
some
of
the
the
dod
folks
in
the
room
to
kind
of
flesh
out
an
idea
to
build
a
prototype
and
we're
calling
that
pace.
The
posture
attribute
collection
and
evaluation.
E
E
We
just
had
a
meeting
on
on
some
stuff
earlier
today
and
are
making
really
great
progress
on
developing
what
will
likely
become
a
working
prototype
for
a
number
of
the
different
workflows
defined
in
the
sakam
architecture,
kind
of
using
openc2
as
well
and
and
then
opendxl
as
the
integration
service,
so
we're
kind
of
getting
getting
into
the
depths
of
sequence
diagrams
and
designing
and
then
divvying
up
the
work
to
see
like
what
pieces
that
have
already
been
developed
from
openc2
that
we
can
use
as
the
different
components.
E
So
it's
actually
been
really
great
progress,
and
you
know
I'm
pretty
excited
about
the
the
work
that
we're
getting
done
there
and
then
that
just
moves
on
to
the
last
slide.
There
is
the
the
proposed
direction
again:
we've
got
a
a
github
for
the
pace,
prototype
development,
we're
still
kind
of
evangelizing,
all
of
that
in
the
the
sakam
architecture
within
the
oca,
and
then
the
bullets
for
the
the
continuation
of
draft
work,
the
different
types
of
collection,
all
of
the
different
evaluation
flavors.
E
These
are
all
the
sort
of
operational
descriptions
that
are
at
the
sort
of
tail
end
of
the
draft
and
actually
getting
into
the
nitty-gritty
of
information
and
data
models
and
then,
finally,
filling
in
all
of
those
iana
considerations
and
security
considerations
and
again,
since
I've
not
had
to
write
any
of
those
before
anybody
who
would
be
willing
to
help
on
any
of
those
sections
would
be
greatly
appreciated.
A
Okay,
hank,
I
see
you,
I
was
just
getting
ready
to
ask
him.
Inbred
handy
questions,
but
I
see
you're
already
in
queue
so
go
for
it.
Hank.
H
Let
me
do
the
night
horror
in
the
view.
That's
the
best.
These
are.
These
are
boros
borrowed
by
my
kids,
so
they
they
supply
me
with
plush
animals.
I
think
they
couldn't
call
them
animals,
some
of
them
hi
everybody
nice,
to
almost
see
you
again.
H
First
of
all,
wow
the
pace
you're
going
in
is
great
and
and
when
you
are
talking
about
continuing
draft
as
id
work
here
like
flavors
of
collection,
periodic
event-based
observational
that
triggers
some
reflexes,
because
we're
doing
network
subscription
models
for
rats
and
they
basically
use
yang
push,
and
they
have
all
of
these.
So
if
you
need
hey,
I
I
said
that
before
I
know
that
I
will
have
time
again.
H
It
was,
of
course
a
naive
idea,
but
there,
if
there's
enough
synergy
in
it-
and
this
seems
to
be
the
case
here-
with
your
flavor
for
collections
and
the
information
data
models,
of
course,
and
also
the
considerations
which
I've
wrote.
I
don't
know
I've
wrote
900
lines
of
ayana
considerations
in
the
last
week,
so
I
can
help
you
there.
That
is
not
a
problem
actually
in
the
next
iteration,
and
that
is-
and
this
is
on
record
right.
H
H
E
I'm
also
attending
probably
most,
if
not
all,
of
the
the
rats
meetings
this
week
as
well,
because
it
has
some
applicability
to
other
things
that
I
have
that
are
not
not
necessarily
strictly
work
related,
but
partially
work
related.
So
yeah
I'd
be
happy
to
chat
more
and
do
some
more
stuff
as
it
as
it
relates
to
rats
and
as
it
relates
to
the
the
other
sections.
H
So
that
the
best
way
to
reel
me
in
is
to
schedule
a
monthly
weekend
where
we,
where
we
can
do
stuff
so
that
in
the
it,
if
it's
a
perceivable
option,
then
then
maybe
maybe
we
should
do
that
because
then
I
really
can
get
active.
Because
I
see
something
coming
up
in
my
schedule
and
then
things
happen.
E
If,
if
that
gets
put
into
the
notes,
then
he
says
he
promised
okay,
it's
in
the
notes.
I
see
it
and
listed
in
the
notes.
H
A
G
Hey
thanks
karen,
since
I
got
called
out
on
the
slide
I
I
figured,
I
should
jump
on
the
bike
and
just
plus
one
it
and
say
thanks
to
bill
for
kind
of
putting
this
up
there
and
talking
to
it
and
hank
thanks
for
offering.
Since
now
it's
in
the
notes,
I
guess
we'll
keep
you
to
it
the
pace.
The
pace.
Work
is
kind
of
just
kicked
off,
but
you
know
we've
already
been
driving
down
in
the
right
direction.
G
I
think
so
any
way
I
can
help
as
well
bill
in
defining
some
of
this
through
the
saccum
draft
is
just
let
me
know.
A
Okay,
any
other
questions
or
comments
so.
A
E
Yeah,
I'm
I'm
hopeful.
We
can
kind
of
at
l
at
a
minimum.
You
know
keep
the
cadence
of
updates
that
we've
got
going.
E
I
know
one
a
month
is
only
is,
is
three
more
updates,
so
I
know
that
from
a
draft
writing
perspective
adam
and
I
meet
every
week
to
to
talk
about
it
and
just
to
kind
of
give
an
idea
of
where
to
go
on
that
particular
that
particular
day
again,
if
we
can
kind
of,
I
I
think,
once
I
get
a
a
on
a
roll
of
the
other
I'll
I'll
call
them
again,
flavors
of
collection,
the
same
types
of
things
flow
from
for
evaluation,
so
describing
them.
E
I
don't
think
we'll
take
all
of
that
that
much
time
it's
more
really
getting
down
into
nitty
gritties
of
information
and
data
models
that
I
think
will
probably
take
the
most
time
I
I'd
like
to
at
a
minimum.
If,
if
there's
something
that,
if
there's
a
way,
if
you
want
to
set
a
deadline
on
me
for
any
of
those
four
bullets,
then
we
can
feel
free
to
do
that,
and
I
will
do
all
I
can
to
to
fill
in
those
those
sections
by
that
deadline.
E
B
E
That'll
be
getting
it
down
down
deeper
into
the
info
and
data
models.
So,
if
there's,
if
there,
if
I
can
snag,
you
know
some
more
of
adam's
time
on
that
or
if,
if
that's
something
that
other
folks
who
have
already
volunteered
to
give
their
time
hank
to
to
help
out
with,
then
that
would
lessen
the
blockers.
A
I
I
wasn't
specifically
looking
for
imposing
a
deadline
on
you
bill
beyond
the
one
that
roman
has
sort
of
already
set
for
us.
A
I
think
it's
like
october
is
when
he
wanted
something
done
it's
in
the
next
slide
of
the
chair
slide.
I
think
it's
october's
working
your
class
call.
Maybe
okay,
that's
the
marker,
okay,
okay,
that's
it
we'll
work.
A
Forgot
so
so
I
just
really
wanted
to
get
a
sense
of
where
you
all
thought
you
were.
E
I
was
just
going
to
say
that
that
we're
we're
making
good
progress,
so
I
think
that
that's
a
fair
deadline
and
we'll
we'll
push
for
that
for
that
date.
A
A
Let's
see
any
other
questions
for
them,
I
assume
you
guys
are
ready
to
I
mean
you
would
you
would
take
feedback
on
any
of
these
drafts
right
any
of
your
iterations
you're
you're
waiting
for
the
group
to
be
reviewing
it.
E
Yeah,
please
do
anything
would
be
good,
especially
for
folks
who
have
kind
of,
I
guess
gone
through
the
the
the
you
know,
common
things
that
are
seen
in
the
the
overall
review
processes
and
stuff
like
that.
If,
if
we're
just
yeah
writing
things
poorly,
please
please.
Let
me
know:
okay,.
A
Excellent,
thank
you
guys
both
this
is.
This
is
really
good
progress
on
this,
so
so
next
on
our
agenda
is
tourists.
Did
you
want
me
to
do
the
slides?
Are
you
going
to
do.
A
I
A
J
Right
so
anima
working
group,
the
autonomic
networking
integrated
model
and
approach
working
group
develops
and
maintains
specification
documentation
for
interval
protocols
and
procedures
for
secure
automated
network
management
and
control
of
professionally
managed
networks.
So
that's
our
charter
that
sounds
to
me
like
it
should
be
a
good
fit
of
an
adjacency
with
zakum
on
the
goals
and
you
know
also
promoting
nmi
as
a
platform.
J
For
what
to
me
looks
in
second,
like
you
know,
higher
layer
and
more
refined
work
on
that,
and
so
to
that
extent
I
think
if
people
remember
after
animal
was
formed,
we
did
consult
with
sarcam
and
we
get.
We
went
as
the
editors
of
many
many
of
the
documents
to
sack
him
for
quite
a
few
meetings,
and
then
we
went
away
and
producing
our
chart
around
one
rfcs
and
only
recently
our
chart
around
two.
J
So
now,
with
our
chart
around
one
finished
after
ietf110,
I
felt
it
was
a
good
time
to
circle
back
to
sack
him
updating
on
what
we
did
and
encouraged
further
collaboration
input
from
the
second
community
on
the
animal
work.
So
next
slide.
J
So
it's
all
about
distributed
or
decentralized,
autonomic
agents
to
do
you
know,
network
management,
oem
functions
and
was
recognized
that
to
be
able
to
build
such
higher
level
functionality,
it
needs
some
underlying
autonomic
network
infrastructure
and
that's
pretty
much
what
was
started
to
be
forked
off
into
nmi
in
the
founding
of
enema,
and
on
top
of
that,
I
think
there
is
the
recognition
that
you
need
to
have
something
which
people
have
started
to
call
intent
based
network
management,
so
that
would
be
sitting
on
top
of
the
whole
system.
Next
slide.
J
So
yeah
so
in
may
21
we
did
finish
our
charter
round
one
with
rfc
editor.
This
is
the
list
of
the
documents
they're
all
about
this
autonomic
network
infrastructure,
which
constitutes
primarily
of
three
components.
One
is
the
secure
bootstrap.
The
second
one
is
the
you
know:
in-band
secured.
J
J
J
J
Right,
I
I'm
not
going
to
go
into
a
lot
of
details.
This
is
kind
of
our
standard
architecture
overview
after
you
know,
anima
started.
There
was
more
and
more
concern,
of
course.
Also
about
you
know,
do
we
really
want
to
have
fully
autonomic
networks?
Don't
we
have
you
know
a
good
approach,
also
with
the
sdn
network,
so
we
started
to
explain
how
what
we're
building,
especially
with
the
ani,
can
be
very
perfectly
be
an
infrastructure
on
the
bottom
below
you
know
and
improving
sdn
networks.
J
To
that
extent,
we
started
to
explain
the
the
relationship
between
the
autonomic
networking
infrastructure
and
then
any
you
know,
centralized
or
decentralized
existing
solutions
like
sdn
controllers,
orchestrator
and
so
on.
There
is
also
one
of
the
documents
that
I
wrote.
The
8368
is
going
into
details
of
that
benefits
of
the
ani
for
existing
networks
next
slide.
J
So
I
think,
what's
what's
a
lot
more
instructive
is
trying
to
understand
what
actually
the
operator
experience
is
when
you
have
an
ini
network
and
that's
what
basically,
this
slide
tries
to
explain
so
you're,
starting
out
in
day
one
to
just
physically
plugging
together
and
powering
on.
Let's
say
that
topology
of
routers
and
switches
to
form
a
network
somewhere,
you
may
have
a
control
station
where
actually
somebody
sits.
That
has
a
clue,
certainly
not
in
the
location
where
all
the
devices
are
located,
which
may
be
you
know,
branches
or
points
of
presence
across.
J
You
know
a
campus
or
a
country.
So
basically
all
these
devices
without
the
a
and
I
would
just
have
power,
but
do
nothing
because
they're
not
configured
so
when
they
actually
have
the
a
I.
What
happens
is
that
all
of
these
devices
will
automatically
get
enrolled
by
our
bootstrap
component
brewski
with
x509
domain
certificates,
and
then
the
autonomic
control
plane
will
establish
a
virtual
in-band
overlay
network.
J
You
know
if
you've
heard
things
like
vrf
lite,
so
it's
really
a
vrf
on
every
router,
hop
by
hop
secured
with
ipsec
from
the
domain
certificate
with
its
credentials
running
ipv6
with
ripple
routing
protocol.
So
that's
all
done
automatically
autonomously
without
any
touch.
So,
basically,
as
soon
as
the
devices
are
connected
and
the
ani
starts
up,
you
will
end
up
with
the
network
operation
center,
having
ipv6
connectivity
to
the
network
to
every
device
and
any
further
orchestration
configuration
or
so
can
be
done
from
the
noc
securely
remotely
into
all
of
these
devices.
J
J
Now,
after
that
day,
one
you,
you
know,
as
I
said,
you
can
start
configuring
everything
and
that's
of
course,
also
a
benefit
of
the
ani
that
persists
through
the
life
cycle.
So,
first
of
all
a
certificate
renewal.
One
of
these
big
pain
points
in
the
under
security
underlay
of
infrastructures
is
fully
automated
and
can
also
be
distributed.
J
So
when
I
was
finalizing
the
acp
document
early
in
the
year,
there
was
a
very
good
fun
instance
of
one
of
these.
You
know
where
the
federal
communication
consortium
was
publishing
analysis
of
big
network
failures
and
so
put
a
reference
into
that
where
an
operator
had
been
fined,
I
think
10,
10
million
or
more
dollar,
because
they
felt
to
to
operate.
J
You
know
the
911
service
and
if
you
look
at
the
details
of
that,
that's
exactly
because
you
know
people
were
doing
to
do
remote
network
management
and
they
couldn't
get
to
the
routers
anymore
because
they
disconnected
themselves
through
misconfiguration,
so
that
that
is,
you
know
really
a
key
important
benefit
that
the
a
and
I
would
give
yeah.
So
that's!
That's!
Basically
you
know
the
the
operator
experience
next
slide.
J
You
know
coming
from
germany,
I
I
had
to
put
the
mernhausen
picture
in
into
it
on
the
left-hand
side,
so
on
the
right-hand
side
is
basically
simple
explanation
of
how
an
actual
operator
experience
would
be
in
terms
of
what
do
I
need
to
get
the
network
started,
and
you
really
need
one
seat
router,
which
is
shown
here
and
a
very
simple
configuration
on
that
one.
Let's
assume
that
seed
router
can
also
be
a
private
pki
certificate
authority.
J
J
You
may
have
you
know
a
good
old
notebook
to
do.
You
know
cli
configuration
at
minimum.
You
can
connect
that
to
the
seat
router
unprotected,
so
that
you
get
access
later
on
to
that
secured
network
without
having
you
know
any
new
strange
software
on
your
management
knock
network,
and
then
there
is
a
one
very
interesting
new
component
that
we
brought
into
the
security
architecture,
which
is
called
the
manufacturer,
authorized
signing
authority,
which
is
from
the
vendors
of
the
network
equipment
node
in
the
internet.
That
provides
the
security
for
the
bootstrap.
J
J
So
the
you
know
all
the
protocol
and
the
script
on
how
this
works
is
fairly
complicated.
So
it's
it's
a
lot
easier
to
just.
You
know
talk
about
the
cast
of
the
things
that
are
involved
here
and
hopefully
that's
easy
enough
to
show
in
an
overview
presentation.
J
So
the
central
point
is
really
the
domain
registrar,
which
is
a
you
know,
an
enhanced
pki
registrar,
and
it
basically
has
to
talk
to
you
know
a
couple
of
other
instances,
so
primarily
the
devices
in
the
network
we're
calling
them
pledges
they
need
to
get
enrolled.
They
may
not
have
any
ip
addressing
or
any
other
connectivity.
You
know
network
reachability,
so
we
have
proxies
that
basically
are
automatically
enabled
in
the
ani.
J
So
as
soon
as
you
connect
a
new
device
to
an
already
a
I
running
device,
the
proxy
functionality
runs
and
helps
the
pledge
to
get
connectivity
to
the
domain
registrar.
So
that's
the
front
end.
What
do
we
need
on
the
back
end?
Well,
we
need
a
certificate
authority.
We
need
that
masa.
The
masa
is
delivering
a
new
electronic
component.
J
You
know
electronic
artifact
called
the
voucher
which
beside
the
certificates
is
helping
the
pledge
to
believe
that
this
network
is
one
it
should
trust
and
get
enrolled
into,
and
the
only
you
know
original
trust
that
a
device
has
is
with
its
manufacturers.
So
that's
basically
why
we
designed
it.
We
may
need
a
domain
admission
controller
that
basically
says
which
devices
are
allowed.
J
You
know
to
be
enrolled
into
the
network
and
of
course
we
need
address
management,
because
the
certificate
also
include
the
addressing
information,
so
every
device
has,
through
its
certificate
a
stable
address
that
doesn't
change
through
its
life
cycle.
It's
kind
of
a
name
for
the
device
in
the
ani
and-
and
there
is
not
only
fun
in
this,
but
you
know
this
is
actually
the
domain
registrar.
That's
a
picture
of
me
when
I
was
doing
you
know
prototyping
and
you
know
pre-standard
development.
So
all
of
this
can
be
done
manually.
J
Of
course
we
do
like
our
protocols,
but
the
whole
mechanism
really
is
an
abstract
architecture.
There
are
multiple
different
protocols
to
do
it.
Brewski
is
our
anime
protocol.
There
is
also
netcon
zero
touch,
which
has
a
subset
of
this,
but
pretty
much
relies
on
the
same
basic
bootstraps,
enrollment
architecture.
It
can
support
master
voucher
and
so
on.
It's
just
not
that
completely
integrated,
as
we
can
do
an
enema,
but
protocols
come
and
go.
The
system
itself,
I
think,
is
very
universal
next
slide,
so
yeah.
J
So
we
also
have
these
slides
that
are,
you
know,
on
the
commenter
go
into
red,
which
is
explaining
how
it
goes
into
detail
that
is
left
for
self
study
next
slide
yeah.
This
is
the
you
know
the
bootstrap,
also
the
the
sequence
of
of
the
messages,
so
good
reference.
If
you
want
to
read
up
on
the
secure
bootstrip
how
this
you
know,
extension
of
the
pki
boots,
bootstrap
architecture
work,
so
that
is,
you
know
quite
involved,
and
we
are
starting
to
have
a
lot
of
variations
and
extensions
to
that
as
well.
J
Ongoing
in
in
anima
next
slide
right.
So
where
are
we
now
so
we
have
in
in
end
of
19?
We
added
our
second
charter,
because
that's
when
we
went
had
finished
our
working
group
documents
and
went
into
isg
so
also
a
I
enhancement,
the
intense
stuff.
We
try
to
figure
out
what
to
do
with
intent
for
five
years
in
anima
gave
up.
I
pushed
it
back
to
nmrg
when
we
had
one
of
our
nmrg
site
meetings,
they've
actually
been
doing
really
good
initial
work
on
that,
creating
taxonomy
and
explanations
of
that.
J
So
if
you're
interested
in
you
know
the
language
for
intent
of
of
network
automation,
go
to
nmrg,
the
bootstrap
sees
quite
a
wide
proliferation
and
adoption
across
the
itf
and
the
industry.
We
had
a
hackathon,
it's
actually
relatively
little
code,
to
write
on
top
of
existing
pki
tool
chains.
But
of
course
you
know
it's
it's
sensitive
code,
because
it's
a
security,
critical
and
I'm
actually
getting
confused
as
a
working
group
chair
about
way
too
many
different
protocol
preferences.
J
Different
parts
of
the
industry
have
so
that's
a
fun
exercise
to
keep
that
all
together
and
trying
to
make
sure
that
everything
maps
to
the
common
framework
and
common
security
behavior
so
yeah.
So
there
are
two,
I
think,
key
things
that
you
can
listen
on
on
thursday
enema
meeting.
Basically
the
cloud
connected,
registrar
and
then
constrained
version
of
this
for
iot
networks,
the
acp
itself,
that
that
connectivity
hasn't
seen
not
that
much
movement
yet
may
be
logical
because
the
bootstrap
goes
first
there.
J
Of
course,
you
know
productized
pre-standard,
industry
implementations,
but
it
is
also
in
existing
routers
and
switches
fairly
complicated
to
implement
correctly,
and
I
think
it
would
become
a
lot
better
once
we
see
more
and
more
of
you
know,
virtualized
software
infrastructures
and
network
devices
where
these
things
can
be
easier
added.
J
Yeah,
so
this
is
the
landscape
for
middle
management.
Like
myself
working
group
chair
trying
to
figure
out
where,
in
itf
and
elsewhere
in
the
industry,
there
are
also
aspects
of
the
brewski
bootstrap
being
done.
I
you
know
I
can
try
to
answer
questions
about
these.
It's
necessary,
but
I
certainly
wouldn't
want
to.
You
know,
show
you
that
explain
that
landscape
up
front
here
next
slide.
J
Yeah,
so
going
circling
back,
so
we've
got
ongoing
work
in
nmrg.
J
For
for
a
I
we've
pretty
much
done
a
hopefully
good
job
on
sorry,
sorry
for
intent,
we've
hopefully
done
a
good
job
on
the
a
I
that's
going
on,
which
basically
leaves
the
middle
block,
the
you
know,
automation
of
actual
any
type
of
security
and
network
automation,
the
asa
as
we
call
them
up
for
grasps
and
so
we're
looking
for
for
input
and
ideas
and
work
in
this
area
and
we've
seen
over
the
past
five
years
and
always
pushed
back
of
that
because
of
our
charter,
a
lot
of
interesting
architecture
and
proposals
and
what
I've
been
trying
to
educate
people
is
that
we're
actually
in
ops.
J
So
the
ops
area
is
really
meant
to
be
very
pragmatic,
so
we're
also
very
much
looking
into
ideas
of
what
can
be
done
short
term
and
adopted
as
opposed
to
you
know.
You
know
fully
the
self-driving
network,
as
people
also
have
to
come
to
to
name.
You
know,
network
automation,
next
slide.
J
Yeah
so,
and
to
that
end,
you
know
our
ideas,
as
as
the
contributors
to
enema
started
from
very
pragmatic
considerations
right
so
security
being
really
one
of
the
starting
point
that
we
wanted
to
automate
more
with
asas,
and
you
can
think
about.
J
You
know
two
levels
right:
there
is
the
end-to-end
security
you
know
with
tls
and
quick
which
of
course,
is
also
used
in
the
network
management
itself
and
by
application
they
very
often
do
not
use
strong,
automatically
renewed
and
flexible
pki
certificates,
but
just
tls
with
username
and
password
and
web
pkr
with
its
problematic
trust
anchors.
J
So
you
know
always
when
I
ask
why
don't
you
use
real
certificates?
Operators
told
me
it's
it's
difficult
to
deploy
and,
of
course,
a
I
certificates
are
not
only
for
the
ani
itself
right.
They
can
perfectly
well
be
reused
for
any
other
purposes
in
the
network,
and
then
you
can
leverage
the
a
I
infrastructure
to
enroll
and
renew
these
certificates,
and
one
of
the
interesting
parts,
of
course
would
be
how
to
look
into
more
authorization
role,
information
to
be
put
automated
into
these
certificates
so
that
they
can
serve
further
purposes
next
slide.
J
That
really
didn't
see
a
lot
of
adoption.
So
we
still
have
you
know
10
20
year
old
security
models
for
routing
protocols,
and
so
that
is
something
we
could
really
do
very
nicely
and
easy
automate
with
the
scripts
that
are
built
on
top
of
the
apis
of
the
a
I
right.
So
python
tickle.
It's
it's
very
easy.
For
example,
you
know
just
to
negotiate
through
the
a
and
I,
with
our
you
know,
signaling
protocol
securely
discover
a
neighbor
and
then,
for
example,
simply
negotiate
a
session
keys.
You
know
all
of
that.
J
This
negotiation
would
be
protected
by
the
a
so
very
easy
to
do
all
the
underlying
you
know.
Connectivity
and
security
issues
have
been
removed
which
otherwise
any
security
automation
would
have
to
reinvent
for
every
protocol
by
themselves
and
I've
seen
many
of
these.
You
know
being
done
in
the
past
next
slide
right
so,
and
this
is
the
end
slide
right.
So
this
is
the
marketing
right.
J
As
I
said,
there's
often
the
past
few
years,
people
talked
about
self-driving
networks
and
in
reality,
the
self-driving
networks
that
we
have
are
being
driven
by
a
lot
of
automation
and
central
location
right.
So
someone
has
to
either
be
or
programmed
the
sdn
controller
orchestrator.
You
know
you
have
to
have
roles
of
developer
analyst
operator
security
expert,
and
you
know
we
really
like
to
create
the
infrastructure
through
enema
that
can
really.
You
know
this
decentralize
distribute
a
lot
of
those
aspects.
J
You
know
leveraging
the
knowledge
and
things
that
we
have
on
the
centralized
site,
but
making
these
things
a
lot
more.
You
know
resilient
against
the
central
failures
and
better
self-adopting,
and
I
think
that's
it
next
slide.
J
B
I'll
I'll
jump
in
a
little
bit
so
this
this
doesn't
seem
to
have.
I
guess
any
kind
of
security
regime
in
your
network
is
is
doable.
I
didn't
see
anything
that
would
limit
it.
So
if
you
had
a
software
defined
perimeter,
that
would
probably
seem
to
be
okay.
B
J
So
no
I
mean,
as
far
as
the
any
application
you
know,
running
from
central
location
or
on
asa.
They
only
need
to
think
about
global
ipv6
addresses.
That's
all
automatically
set
up
or
using
ula
you'd
never
have
to
care
about
link
local,
that's
all
handled
by
the
ani,
so
the
ani
itself,
or
it's
hop
by
hop,
secure
tunnels,
ipsec
tunnels
or
so
that
uses
link
local
because
obviously
we
want
don't
want
to
invent
and
allocate
any.
J
You
know
global
addresses
when
it's
not
needed,
but
you
know
when
you
write
asa,
you
never
have
to
think
about
that.
You
would
have
the
signaling
protocol
grasp,
which
you
know
through
the
api,
would
give
you
local
discovery
or
network-wide
discovery
of
anything
you're.
Looking
for
or
announcement
thereof,.
B
F
J
So
right
now
nmr
has
a
very
simple.
You
know
domain
concept
right,
which
basically
means
everybody
in
the
domain
trusts
each
other,
so
that
we
can,
even
in
the
absence
of
connectivity,
to
central
location,
just
plug
together
and
have
secure
connectivity
between
any
pair
or
group
subset
of
the
devices
that
are
admitted
into
that
domain
during
the
bootstrap
right.
J
So
that
basically
means
it's
just
a
big
nice
happy
family
in
a
domain,
everybody
trusts
everybody
else,
and
that
is
the
domain
that
that
you
need
to
think
of,
and
typically
that
would
be
an
enterprise
network,
an
iot
network,
even
a
service
provider
network-
and
you
know
anything
that
does
isn't
part
of
that,
like
any
user
device
that
you
connect
to
it.
That
simply
you
know
would
be
you
know
connecting
to
the
network
through
any
of
the
pre-existing
configuration
or
things
that
you
can
set
up,
but
wouldn't
be
able
to
access
the
ani
itself.
J
Yes,
that's
the
lowest,
I
mean
we
had
to
start
really
from
the
bottom,
because
otherwise
we're
always
building
you
know
overlay
solutions
and
they
always
struggle
to
find
deployment
in
at
you
know,
because
the
bottom
isn't
worked
out.
There
is
no
no
standard
to
to
get
you
really
bootstrapped
up
and
have
you
know,
common
communications
that
is
secure
and
reliable,
yeah.
I
Is
that
working?
Yes,
I
I
I
just
wanted
to
add
to
to
chris's
question
their
answer
to
that.
There's:
a
number
of
groups,
including
fair
hair,
for
instance,
thread
that
are
using
brewski
to
do
application,
layer,
enrollment
and
actually
are
not
using
it
for
comms
enrollment.
They
have
another
method,
and
then
there
are
other
groups
that
are
doing
multiple
certificate
enrollments
once
they
have
their
trusted
their
est
session.
I
How
that
exactly
will
play
out
is
a
question
outside
of
the
ietf
a
little
bit,
but
essentially
you
say
it's
for
comms,
but
it's
for
management
right.
We
are
building
an
acp
and
once
you've
done
that,
you
then
know
how
to
trust
the
manager
and
so
now,
if
you
want
to
add
additional
credentials,
you
can
do
that
with
yang
rpc
or
you
know,
snmp
or
a
cli
or
whatever
you
want.
J
We
started
you
know
very
early
on.
It
was
all
a
monolithic
building
block
in
terms
of
you
know,
we
want
to
have
a
and
I
as
a
single
block
and
then
very
quickly.
We
try
to
steer
so
that
we
have
a
lot
of
reusable
components.
I
think
we're
seeing
that
primarily
now
with
brewski,
where
we
see
a
lot
of
variations
and
brewski
being
used
in
networks
that
don't
have
anything
else
of
the
nmr
components.
J
But
you
know
all
the
components
are
pretty
much
built
that
you
know
you
can
do
variations
the
deviations
and
so,
as
michael
said,
also
apply
it
to
different.
You
know,
layers
of
of
the
problem
space
like
certificates,
for
you
know,
applications
as
opposed
to
the
oam
infrastructure,
as
as
I
think
we
call
it.
A
I
guess
I
just
had
a
really
quick
one
for
you.
I
was
wondering
if
you
had
specific
asks
from
the
staff
and
working
group,
or
this
was
primarily
for
information.
Yeah.
J
So
I
think
you
know
my
ask
would
really
be
you
know
to
invite
somebody
for
coffee
and
sit
down
physically
in
person
and
and
understand
second,
a
little
bit
better
because
I
haven't
followed
up
in
the
past
few
years,
but
you
know
given.
However
virtual
that's
pretty
difficult,
so
hopefully
we'll
see
each
other
in
person
fairly
soon
so
and
talk
about
the
next
steps,
because
I
think
from
my
end,
it's
it's
rather
a
big
question
mark
for
me.
J
What
would
be
you
know
possible,
you
know
interaction
and
collaboration
on
that
side,
other
than
you
know,
soccer
members
being
interested
in
the
animal
work,
and
simply
you
know
doing
that
through
enema
itself.
But
beyond
that,
I
have
just
a
big
question.
Mark.
A
Okay,
well,
thank
you
for.
A
For
providing
that
that
was
very
useful,
nobody
else
has
anything
on
that.
I
folks
can
follow
up
on
the
anna
and
mailing
list,
as
well
as
the
sac
and
mailing
list.
That
would
be
great.
C
I
I
just
wanted
to
say
I
think
it's
probably
a
good
idea
if
we
get
maybe
some
of
the
architecture
crew
to
sit
down
with
you
and
kind
of
just
share
notes
on
a
deeper
basis.
C
It
may
not
be
in
person
we're
probably
going
to
have
to
do
zoom,
webex
or
something
like
that,
but
I
think
that
that
could
be
useful,
potentially
and
just
to
spend
30
45
minutes
something
like
that
to
learn
more
about
what
each
side
is
doing,
because
I
think
there
might
be
applications
for
what
you've
done
in
the
sakham
architecture,
and
then
there
might
be
ways
the
sacrum
architecture
might
be
able
to
leverage
or
assist
what
you're
trying
to
do.
Also-
and
so
maybe
that's
really
all
I
wanted
to
say
that
was
it.
I
think.
J
J
Me
let
me
check
my
schedule
for
the
week
and
I
can
ping
you
on
email,
and
maybe
there
is
a
time
in
gather
downtown
or
so
to
have
a
chat.
A
If
bill,
if
you
and
adam
and
torilis
can
I
I
know
adam,
you
said
you're
on
pto
this
week,
but
if
it
doesn't
happen
this
week,
maybe
another
week,
if
the
three
of
you
can
coordinate
and
have
a
conversation,
that
would
be
great.
A
We
have
one
milestone
in
our
charter
right
now,
that's
open
and
that's
the
sacrum
architecture.
I
told
you
all
I
looked
at
this
earlier
today
and
then
I
forgot
what
it
said.
A
So
next
steps
we
have
not
been
doing
virtual
interims,
I
think
adam
you
and
bill,
and
your
group
working
on
that
have
been
making
good
progress
from
that
perspective.
A
Given
that
that
so,
basically
the
direction
from
our
area
director
who
can't
be
here
today,
I
mean
he's
in
another
session
at
the
moment-
was
to
figure
out
where
we
were
with
architecture,
and
you
know
he's
still
in
his
mind-
has
it
that
we
will
finish
the
architecture
and
then
close
the
working
group
unless
something
really
compelling
comes
to
the
fore
along
with
a
list
of
energized
volunteers
to
work
on
it.
A
So
we
are
in
end
of
july
now
the
next
ietf
meeting
is
november.
A
E
Yeah,
I
think
I
I
think
we're
we're
making
good
progress
and
we
can
accomplish
things
on
list
if
and
schedule
things
that
way
and
if
there's
meetings
to
have,
I
don't
necessarily
think
they
need
to
be
official
virtual
interims.
But
I
guess
if
we,
if
we
need
one
we
can
always
reach
out,
is
that
right,
yeah.
A
G
Yeah,
I
was
basically
just
going
to
say
the
same
thing.
Bill
did
if
we're
allowed
to
ad
hoc
and
just
use
the
mailing
list
to
coordinate
with
those
who
have
shown
interest
in
participating,
whether
it's
on
the
pay
side
or
through
the
saccum
architecture.
Draft
just
writing
it
specifically.
Then
I
think
ad
hoc
is
great.
A
Yeah
I
mean
that
that's
fine,
just
you
know
sort
of
report
back
occasionally
and
also
so
so
we
won't
plan
on
having
a
virtual
interim
between
now
and
then
unless
something
changes
now
in
november.
A
But
I
would
like
to
remind
all
of
the
working
group
members
to
please
review
that
you
know
every
you,
you
get
notifications
every
time
a
draft
is
posted,
so
feel
free
to
look
at
the
changes
and
make
any
comments
along
the
way
you
know
because
adam
and
bill
and
michael
and
the
rest
of
them
are
working.
A
You
know,
outside
of
this,
you
know,
feel
free
to
comment
with
that
we're
at
the
end
of
the
agenda,
I
probably
should
have
scheduled
a
one-hour
meeting
instead
of
a
two-hour
meeting,
so
my
apologies
to
the
secretariat
and
the
leadership
who
struggle
with
scheduling
for
these.
A
Today,
okay,
with
that,
oh
wait,
I
see
some
others
comment.
Oh
thanks!
Everyone
thank
you
with
that.
I
think
we
can
call
it
a
day.
Everybody
enjoy
the
rest
of
your
week
and
we
will
see
you
virtually
or
in
person
at
some
point.