►
From YouTube: IETF111-IPSECME-20210726-2130
Description
IPSECME meeting session at IETF111
2021/07/26 2130
https://datatracker.ietf.org/meeting/111/proceedings/
B
Yay,
that's
good
all
right,
so
I
think
my
clock
is
now
half
hour
past
midnight,
so
we
are
about
to
start
so
it's
9
30
utc.
So
this
is
ipsec
maintenance
and
extensions
working
group.
I
think
it
was
supposed
to
be
minor
extensions.
Did
I
misspell
that
all
right
anyway?
So
this
is
the
idea
meeting.
So
we
have
a
note.
Well,
you
have
probably
seen
that
before
and
noted
it
well.
B
C
B
B
D
D
The
thing
I
did
about
a
month
back,
we
published
a
new
version
that
you
know
took
some
of
your
comments
on
the
the
reordering.
I
don't
know
we
covered
all
of
your
comments,
but
you
know
we
think
we
covered
the
gist
of
you
know,
and
you
know
it's
about
added
about
a
paragraph
that
talked
about
reordering.
B
D
D
B
E
B
E
B
E
B
B
C
I
just
I
just
want
to
second
christian
hope
that
you
will
find
time
to
write
separate
review
for
iq
to
intermediate.
It's
been
waiting
for
you
for
chair
review
for
since
previous
idea
and
yeah
quite
a
lot
of
interoperable
implementation,
and
I
think
the
traffic
is
quite
ready
for
publishing
terrorism.
C
B
C
Okay,
so
it's
a
very
short
informational
message
that
we've
had
a
high
pre-tech
between
the
ability
to
test
an
event.
So
next,
please
it
was
on
july
the
1st
it
was
organized
by
secunet,
and
there
were
three
pacific
participants,
trump
swan,
elvis
plus
and
genoa,
and
we
performed
quite
a
lot
of
testing
based
on
a
combination
of
iqr2
intermediate
and
iq2
multiple
key
exchange,
and
we
performed
a
real
post
quantum
crypto
key
exchange
based
also
implementation.
C
C
So
the
result
was
that
strong,
swan
and
ls
plus
performed
up
to
four
additional
key
exchanges
with
different
algorithms,
like
kyber
saber
for
the
km
psych
and
all
works
very
well,
except
for
minor
issues
that
the
same
additional
case
changes
voice
letters
that
was
prohibited
by
roxy
and
with
genoa.
Initially,
there
were
some
troubles
with
creation
when
using
lipos,
but
later
they
fixed
on
the
second
day,
and
they
also
successfully
performed
to
interpret
interoperability
testing.
C
C
So
the
results
are
that
results
that
there
are
at
least
three
independent
implementation
of
this
drought,
so
they
are
interoperable
or
we
badly
need
common
identifiers
and
I'll
request
to
assign
code
points
for
multiple
key
soon,
and
we
also
need
a
temporary
identifiers
for
post
quantum
and
the
reason,
because
there
are
quite
a
lot
of
them.
We
use
some
private
numbers
that
are
on
the
right
on
the
screen
and
genna
and
with
passwords
are
interested
in
testing
machines
which
doesn't
fit
in
multiple
key
because
it
has
a
very
large
public
keys.
C
B
G
Could
you
explain
a
little
bit?
What
was
the
experiment
that
you
perform?
So
I
I
saw
there
is
securenet,
so
you
have
a
three
different
implementation
of
the
ipsec
post,
quantum
hybrid,
and
so
you
you
you
so
you
are
three
that
implemented
in
some
ipsec
client,
including
libor,
qs,
that's
right
and
after
you
you
test,
if
it's
more
or
less
working,
and
so
do
you
try
to
have
some
performance
comparison
or
not
at
all.
C
This
event
was
to
to
to
confirm
that
implementation
are
interoperable,
so
we
didn't
perform
some
performance
testing
well
from
from
my
experience
as
a
user,
it
takes
a
bit
longer
well,
but
it's
still
tolerable
to
to
to
to
establish,
I
can
say,
with
up
to
four
post
quantum
key
exchange,
algorithms,
but
it's
it's!
It
takes
about
half
a
second
or
probably
one
second,
but
keep
in
mind
that
the
implementation
was
on
the
different
countries.
So
it's
it's!
B
C
I
C
I
B
I
B
Them
they
can
actually
try
to
use
the
same
private
numbers,
okay,
okay,
sure,
all
right,
yeah,
okay-
and
I
think
I
think
there
was
one
question
in
the
chat
about
the
3k
access
using
the
same
algorithm.
Was
that
intentional
or
failure
in
negotiation,
or
was
it
a
failure?
I
actually
was
a
bargain
that
it
code.
C
B
K
K
Can
can
you
hear
me,
does
it
work
great?
So
I
will
talk
about
the
improvements
for
pos
quantum
iqv2
and
the
main
point
of
issue
we
had
with
post
quantum
migrate
ii
are
intermediate
intermediate
exchanges
so
next
place
they
are
rather
complex,
especially
designing
of
them,
and
especially
when
used
with
fragmented
messages
or
fragmented
exchanges,
and
since
the
post
quantum
key
exchanges
are
rather
large.
They
are
most
of
the
time
fragmented,
so
the
the
signing
of
them
is
quite
complex,
and
that
means
always
the
risk
of
of
bugs
and
security.
K
Critical
box
is
always
there
and
we
also
have
a
higher
cost
of
maintenance
and
implementation.
Furthermore,
large
post
quantum
key
exchanges
like
make
a
list
require
data
to
be
sent
more
than
two
megabytes.
We
got
in
large
parameter
sets
and
doing
this
before
authentication
leads
to
vulnerabilities
against
the
os
attacks
or
ddos
attacks,
so
we
moved
them
in
our
implementation
to
the
follow-up
key
exchange.
K
How
that
looks
next
place
we
see
here
so
that
is
the
state
machine
of
of
igv2.
With
all
these
drafts
applied
and
there
we
see
we
perform
iksa
in
it,
and
thereafter
we
move
on
to
intermediate
exchanges,
doing
all
all
the
exchanges
which
do
not
require
large
amounts
of
data,
so
it
might
like
no
mecalis,
for
example.
Then
we
authenticate,
then
we
immediately
re-key
the
iksa
and
during
the
re-king
we
perform
all
the
exchange
of
the
the
key
exchanges
which
require
too
much
data
to
be
sent
during
ike
intermediate.
K
K
I
can
say
unit
and
then
it
all.
It
is
already
secure
on
its
own
for
someone
needing
a
high
level
of
security
for
a
long
time.
So,
like
I
don't
know,
10
years
or
more,
there
is
the
possibility
to
have
additional
key
exchanges
after
authentication,
which
also,
if
maybe
in
10
years,
someone
has
a
efficient
way
of
breaking
psych,
for
example,
or
n2
in
a
small
parameter
set
and
acdh.
K
There
is
still
the
the
the
michaelis
or
frodocam
whatever,
which
is
also
it
should
be
secure.
Also
then,
so
a
record
in
harvest
attack
is
impossible
and
the
second
exchange,
the
second
change
we
would
introduce,
is
related
to
the
state
machine
being
not
cleared
in
this
state
because
we,
after
ike
off,
we
cannot
rely
on
the
essays
being
created
and
success
successfully
established
so
next
place.
K
We
require
a
further
key
exchanges
to
be
conducted,
otherwise
yeah
the
extra
the
handshake
has
to
be
awarded,
and
also
we
have
the
possibility
to
introduce
another
hash
of
the
the
public
key
from
the
follow-up
exchanges,
which
is
then
also
signed.
So
we
do
have
an
additional
anchor
for
security,
also
for
the
exchanges,
key
exchanges.
After
the
alternative,
auth
and
yeah,
then
we
have
the
more
clear
stuff.
K
K
We
have
a,
we
introduced,
the
large
quantum
key
exchanges,
but
drs
protected
because
they're
after
authentication,
it
is
a
more
clean
estate
machine
because
if
we
introduce
them
after
the
classical
icos,
like
auth,
doesn't
mean,
as
the
key
handshake
has
finished
and
in
general
we
have
a
new
place
of
for
exchanging
handshake
data
after
establishing
an
authenticated
channel
due
to
the
new
exchange
type,
which
might
also
be
yeah
making,
which
might
which
might
also
make
the
introduction
of
post-quantum
signatures
easier.
But
that
is
another
point,
so
that's
it
thanks
a
lot.
C
Actually,
we
discussed
a
little
bit
with
daniel
already
his
proposal,
and
I
think
that
there
are
a
few
things
that
that
I
don't
like
about
it.
First,
I
can't
immediately
is
not
used
only
for
the
exchange,
it
is
also
it
may
be
useful
and
I
suspect
it
will
be
useful
for
the
sins
too,
and
so,
if
this
proposal
completely
drops,
I
get
immediate.
C
I
think
it's
not
a
good
thing,
then
I
don't
think
that
this
proposal
makes
state
machine
simpler
and
then
then
it
is,
I
think
it
might
make,
makes
it
more
complex
and
the
new
authentication
exchange.
I
think
it's
a
new
exchange,
it's
not
that
gross.
It's
like
icon,
alternative
off
it's
another
exchange
with
which
must
be
implemented
with.
C
It
is
not
clear
for
me
right
now
what
this
exchange
should
contain
until
probably
draft
will
be
written
on
something
more
detailed
explanation,
so
it's
difficult
to
to
make
a
conclusion
whether
it
is
more
simple
or
more
from
my
understanding.
It
is
more
complicated
than
I
can
immediately
and
I
get
immediate
because
it's
all
problems
it's
a
bit.
B
H
Okay
next
chart,
so
no
no
changes.
We
we've
submitted
the
draft,
it's
so
basically
it's
it's.
The
management
for
the
ipsec,
so
for
the
iptfs
and
the
only
the
only
difference
is
the
the
base
file
the
base
yang
that
we
augmented
for
this
is
now
an
rfc
next
chart,
and
so
the
tree
this
was
was
presented
before.
So
these
are
the
management
objects
for
iptfs
and
the
counters
that
we
have
for
the
iptfs
okay
next
chart.
H
So
if
you
go
to
the
next
chart,
we
we
used
the
the
yang
to
to
produce
snmp
objects
that
could
be
were
were
the
same
as
the
as
the
yang,
and
so
it's
it's.
Basically
one
model
that
and
and
there's
two
views,
there's
the
yang
view
and
then
there's
the
snmp
mid
view.
That's
so
you
can
read
it
and
we
we
talked
about
this
before
that's,
because
some
people
still
would
like
to
be
able
to
read
this
with
snmp
and
just,
for
example,
the
next
chart.
H
B
I
just
started
couple
of
last
calls:
we
have
now
three
working
club
last
goals
ongoing,
so
I
would
actually
like
to
postpone
these
and
concentrate
and
get
iptfs
out
and
then
getting
the
three
last
calls
out
and
then
hopefully
start
this
after
we
get
iptfs
forward.
So
we
don't
consume
resources
for
these.
While
we
are
actually
trying
to
get
the
main
core
document
out.
First.
H
B
C
C
It's
also
leverage
svgb
is
a
way
to
to
transfer
parameters
for
encrypted
dns
servers,
and
the
draft
address
comments
released
by
the
working
group
in
idea
114
through
his
deployment
section
to
appendix
it's.
A
minor
comment
and
a
magic
comment
was
to
reliable
magnitude
with
data
and
certificate,
so
we
introduced
instead
of
using
picayo,
introduced
a
new
attribute
that
can
weigh
sufficient
the
dns
server
certificate,
so
the
next
piece.
C
So
what
is
simplified
design
instead
of
having
six
attributes
for
two
versions,
families
and
three
protocols
like
dot,
doh
and
doku?
We
have
only
two
attributes
now
for
version
four
inversions
at
leadership
on
their
competition.
Six
and
all
the
specifics
of
encrypted
dns
server
is
conveyed
in
service
parameters.
That
has
a
format
of
what
we
see
so
connect.
Please
and
a
new
attribute
is
introduced.
C
Its
attribute
contains
a
hash
of
the
encrypted
dns
server
certificate
and
the
hash
is
computed
using
official
algorithms
from
the
ip2
cache
organism
registry.
So
there's
no
no
need
for
new
registry.
We
use
an
existing
one
and
at
the
same
time
we
have
algorithm
agility.
That's
a
good
thing
and
sha
2
256
is
my
data
template
so
the
next
please.
C
So
the
client
requests
in
request
includes
an
mdns
digest
info
attribute
with
a
list
of
hash
algorithm.
It
supports
and
a
server
chooses,
selects
one
of
this
algorithm
computes
cache
or
use
a
precompute
hash
of
the
certificate
and
includes,
in
response
refresh
of
the
dns
server
certificate,
along
with
a
special
gifts
identifier.
C
C
C
So
you
can
see
that
the
client
requests
the
parameters
of
the
encrypted
dns
server
and
the
responder
returns
a
hash
of
the
dns
server
certificates,
which
the
client
can
further
compare
with
the
certificates
that
dns
server
is
using.
So
this
time
this
way
a
client
verifies
its
by
authentication
with
responder.
E
Okay,
so
I
guess
I'm
a
little
confuses.
Why?
Wouldn't
we
almost
just
send
an
svcp
presentation,
format,
dns
record
to
the
client
and
say
like
this
is
what
we
have
you
figure
out
what
you
want
to
use?
Why
is
there
an
additional
authentication
here,
because
the
the
ike
exchange
itself
is
already
authenticated,
so
why
does
that?
Do
we
have
to
have
a
separate
authentication
in
this
step?
C
Security
association
between
client
and
initiate
and
responder,
and
we
need
to
also
authenticate,
not
authenticate,
but
we
did
the
dns
server
certificate
in
a
server
with
the
different
entities
and
responded.
And
so
we
need
to
know
that
certificates
that
is
used
by
dns
server
is
weighted
from
responding
by
authentication.
E
E
Because
so
I
think
it
includes
things
like
pub
key
and
other
things
and
sure
it's
not
maybe
not
authenticated.
If
you
do
it
that
way
anyway,
I'll
I'll
take
this
on
the
list.
I'll
have
another
look
at
it,
because
it's
now
changed
quite
a
bit
so
I'll
have
another
look
and
and
clarify
my
questions.
Okay,.
B
I
have
one
question
because
it
seems
to
be
here
here:
you
have
a
hash.
Algorithm
item
requires,
yes,
seems
to
indicate
there's
a
list
of
them,
but
how
do
you
actually?
Is
there
some
kind
of
end
marker,
or
is
there
actual
number
of
them
and
if
there
are
multiple
certificate
tickets?
Also,
if
you
have
multiple
house
algorithms.
C
B
C
B
C
C
But
there
is
one
notable
exception:
it's
a
classic
mechanism
and
with
a
small
ski
size
of
255
kilobytes,
some
national
regulators,
like
bsi,
recommend
using
classic
mechanics
so
because
it
is
very
conservative
and
some
cartographers
think
that
it
is
most
most
conservative
and
that's
why
most
trustable
of
all
the
candidates-
and
we
also
anticipate
that
with
quantum
digital
signature
will
be
used
in
likely
too
and
looking
into
the
needs.
Third-Round
candidates,
at
least
two
algorithms
that
are
either
candidates,
so
alternative
candidates
have
either
signature
size
or
public
key
size,
greater
than
64
kilobytes.
C
We
want
so
the
performance
of
episode,
traffic
not
suffer,
and
we
want
that.
This
mechanism
must
be
as
simple
as
as
possible
and
reasonable
and
introduced
minimal
change,
typically
something
next,
please
and
not:
gold,
not
gold,
to
define
the
generic
mechanism
of
transfer
any
load
greater
than
64
kilobytes,
because
it
it
requires
to
redesign
ip2
and
reload
format
and
accents
that
it's
it's
announceable.
C
Yes,
please.
So
the
approach
is
very
simple:
if
some
block
of
data
doesn't
fit
into
the
single
blue,
just
split
it
into
the
chunks
less
than
64
kilobytes
and
place
it
into
the
sequence
of
adjacent
adjacent
reloads
of
the
same
type
and
the
responder
will
concatenate
all
these
chunks
and
receive
a
large
global
data.
C
C
So
it's
it's
an
example,
so
we
have,
I
can
say
need
then
I
get
immediately
with
with
ballots
that
are
in
blue.
It's
this
a
lot
that
are
split
into
in
into
several
loads,
a
large
block
of
blocks
of
data
that
are
split
into
several
prologues,
for
example.
This
is
in
this
diagram.
It
is
key
exchange
below
circuit
loans
and
hospitals.
C
So
what
are
the
changes
from
zero
zero
version?
Eye
fermentation
is
not
mandatory
for
both
udp
and
tcp.
It
is
because
the
gcp
individual's
message
size
is
still
limited.
The
imessage
size
is
still
limited
to
64
kilobytes,
because
tcp
lens
prefix
is
16
bit
lens,
so
we
have
to
use
incrementation
even
with
tcp,
then
we
introduce
a
so-called
mix
transport
mode
and
the
mix
transfer
transport
mode
is
a
way
of
avoid
problems
that
ipsec
traffic
esp
traffic
have
when
it
is
encapsulated
in
tcp.
C
C
With
this
mixed
mode,
we
have
a
reliable
transfer
of
very
large
data
in
ike
essay,
but
still
doesn't
don't
have
problems
that
with
performance
that
are
caused
by
using
gcp
transport
for
esp.
So
it's
an
optional
mode.
It
is
negotiated
by
exchanging
new
notification
ico
with
tcp,
and
we
think
that
for
transforming
large
public
keys,
it's
very
useful
condition.
C
C
We
have
a
section
that
discussed
them
a
bit
and
we
said
rfc
1819,
but
we
think
that
some
more
discussion
is
needed
in
the
draft
because
of
the
large
large
data
blocks,
something
next
please
so
anyway,
there
is
some
interest
in
using
at
least
in
using
my
keyless
from
in
interest
from
vendors.
So
we
think
that
the
draft
is
in
the
situation
in
the
state
when
it
can
be
adopted,
and
so
if
the
working
group
is
saying
that
this
work
is
worse
to
to
conduct.
So
we
ask
for
adoption.
E
Okay,
just
just
one
comment
now
like
requiring
tcp
is
a
really
heavy-handed
change
to
the
ike
protocol
like
well.
While
the
world
is
moving
more
towards
udp,
we
would
be
moving
towards
requiring
tcp,
which
would
be
really
scary
and
easily
filtered
easily
blocked.
So
I
would
be
very
not
in
favor
of
requiring
tcp.
C
Well,
actually,
it
is
not
required
to
use
tcp
it
is.
It
is
an
optional,
an
option
because
with
udp,
it's
quite
difficult
to
reliably
transfer
mcalee's
public
keys.
Actually,
I
performed
some
experiments
on
the
local
local
network
on
the
land
and
even
using
edp.
It
is
manageable
to
to
exchange
michaelis
public
keys.
At
least
I
managed
to
do
it
it.
It
usually
takes
about
a
couple
of
seconds
and
about
couple
of
three
year,
transmits
of
all
the
to
55
kilobytes
message,
but
it
works,
but
with
tcp
is
much
more
reliable.
A
Yeah,
so
I'd
like
to
agree
that
the
you
can
get
better
reliability
with
udp
like
they
get
in
quick,
but
you
need
the
quick
mechanism.
Just
can't
just
use
the
thing
you.
What
we
have
in
ike
is
not
nearly
as
robust
as
what
they
have
in
grid.
I'd
like
to
push
back
on
the
statement
that
it's
a
non-goal
to
make
it
a
generic
mechanism.
C
That
was
an
option
too
and
the
last
atf
I
presented
some
ideas
of
a
new
balloon
format,
but
as
far
as
I
remember
that
wasn't
received
very
well
and
actually
actually
it's
it's
quite
a
light
change
to
to
to
the
protocol.
It's
a
larger
change,
more
more
deeper
change,
because
look
for
format
is
very,
very
inside
the
the
protocol
of
the
code,
and
you
have
to
also
negotiate
using
new
feature
and
the
code
compatibility.
A
E
B
So
after
you
get
past
that
check
that
okay,
that
group,
the
payload
negative,
zero
okay,
then
we
can
actually,
you
know,
go
to
the
other
part
and
say
that
okay,
now
we
just
change
they
change
the
you
know:
payload
numbers
to
payload
links
to
32
bits,
or
something
like
that.
I
don't
know,
but
this
is
something
that
I
think
we
should
probably
think
about
it
when
we
are
actually
processing
those.
B
But
that
actually
it
goes
anyway,
it
goes
with.
You
know
the
you
know,
post
quantum
crypto
stuff
anyway,
because
we
need
that
for
for
it
anyway.
So
I
think
we
can
actually
still
adopt
this
as
a
working
group
document,
so
I
will
think
we
are
good
for
the
last
two.
Actually,
I
think
we
probably
going
to
be
making
a
adoption
course
quite
soon.
C
L
L
L
Currently,
the
draft
is
in
version
007
and
thanks
a
lot
for
for
the
comments
and
feedbacks
and
suggestions.
The
whole
solution
now
is
much
simpler
and
text
is
more
readable
for
now.
The
whole
optimization
solution
comprises
of
three
steps.
First,
is
a
negotiation
of
support
and
after
the
negotiation,
the
initiator
and
the
responder
can
do
the
optimization
that
is
omitted.
The
sa
payloads
and
wreaking
ike
essays
and
omitting
the
essay
and
ts
pillows
at
the
wreaking
china
essays
for
now.
There
is
no
more
consideration
for
the
situation
of
configuration
change.
L
L
The
new
notify
message,
type
notifications:
there
are
only
two
notifications
are
needed
now
and
the
previous
one
is
three,
and
the
next
pictures
shows
the
comparison
between
the
previous
version
and
the
current
version.
You
can
see
that
the
the
right
picture,
the
current
version-
is
much
simpler
and
also
now
we
have
new
two
co-authors
for
others
and
melinchen
and
welcome
them
next
slide.
Please.
L
L
For
now
about
the
draft
there
I've,
I
also
think
there
are
some
open
questions.
First,
should
the
supporting
the
notify
mean
that
peers
may
or
should
or
must
use?
This
method
must
may
be
too
strong
and
we
think
should
maybe
better
and
second
question
is,
alternatively,
if
the
supporter
notified
could
have
a
payload
that
signifies
whether
the
old
method
is
support
or
not.
We
think
this
is
not
necessary
and
it
will
increase
the
complexity,
so
we
don't
want
to
do
that,
but
we
also
want
to
hear
others.
Opinions.
C
So
for
the
question,
I
think
that
supported
always
mean.
May
it's
my
opinion,
because
it's
negotiation
of
capability
and
well,
if
you
want
to
use
it,
should
to
use
it
as
should
then
it
just
might
support
it,
but
something
like
always
used
and
yeah
for
the
third
question
for
the
third
question,
I
have
another
question:
what
about
the
first
child
the
same?
Is
it
well,
the
first
time
child
decide
is
created,
so
when
I
can
say
it's
created,
so
is
it
considered
as
negotiated
with
pfs
or
not
so
it's
just
a
first
prompt.
C
All
this
thing,
the
question
you
you
you
have
is
when
the
child
is
saying
was
nick
shaitan
with
space.
I
I'm
asking
what
about
the
very
first
child
they
say.
Is
it
considered
as
negotiated
with
papers
or
not
with
or
without
papers,
because
the
first
child
they
say
in
fact
doesn't
have
its
own
bfas.
It's
just
inherits
key
material
from
my
case.
C
C
E
B
So
I
don't
think
he
actually
like
also
includes
that,
but
I
think
we
actually
are
running
out
of
time
and
we
probably
have
one
more
presentation
from
paul.
So
I
think
we
should
take
those
questions
to
the
list,
but
might
be
much
easier
to
understand
there.
When
we
have
a
diagram
that
people
can
actually
read
the
drafts.
E
E
Normally,
you
know
it
gets
downgraded
to
two
to
five
gigs,
because
we
have
one
tunnel
with
one
counter
and
synchronization
issues,
and
so
what
we're
planning
to
do
is
having
multiple
child
assays
in
parallel
bound
to
cpus
or
network
queues
that
can
independently
push
this
traffic
much
faster
and
we
have
reached
like
40
to
60
gig
speeds.
Using
this.
E
E
We
clarified
the
terms
initial
child
assay
because
it's
a
little
confusing
when
it's
getting
re-keyed.
So
we
call
that
that
the
fallback
child
is
saying
we
also
added
the
info
notified
to
be
always
added.
If
you
want
one
of
these
additional
child
assists
just
to
make
it
easier
to
recognize
it,
because
someone
could
start
a
traditional.
I
guess
a
sorry,
a
traditional
creature,
let's
say
with
no
no
identifiers,
meaning
that
it's
just
separate
from
this
mechanism.
E
E
So
you
basically
pick
the
maximum
of
the
two
parties,
obviously
within
like
denial
of
service
reasonability,
and
that
that
gets
you
out
of
a
lot
of
the
the
corner
cases
that
we
saw.
We
attempted
to
clarify
the
qos
case,
but
I'll
talk
about
that.
A
little
bit
more.
We
added
some
operational
considerations
that
we
realized
about
mostly
about
acquires
and
if
you
don't
have
per
cpu
acquires
so
next
slide.
E
So
then
this
was
the
major
issue,
so
the
authors
on
this
drive
don't
are
actually
not
quality
of
service
experts
and
we
we
see
a
bunch
of
issues
with
quality
of
service
and
how
to
do
that.
So,
first
of
all,
there's
no
code,
so
we
can't
actually
test
any
of
this.
Another
question
is:
what
do
you
do
with
qos?
Do
you
like
negotiate
all
of
the
possible
combination
flows
at
first,
and
so
so?
Do
you
start
like
64
tunnels
or
do
you
just
say
like
well?
E
E
So
we
don't
really
know
the
answers
to
these
questions,
so
we
are
kind
of
tempted
to
say.
Maybe
if
there's
really
qos
people,
they
should
put
all
of
this
in
their
own
draft
and
work
on
it
and
and
get
these
things
done,
and
we
would
like
to
see
maybe
kick
this
out
of
the
our
draft.
So
ardor
focuses
on
you
know
the
the
cpu
slash
network,
cues
that
are
available
because
that's
actually
the
code
we're
seeing
we're
implemented.
We
know
about.
We
just
have
too
many
questions
about
this.
E
There
was
some
some
talk
about
what
to
return
error
code
wise,
and
I
know
that
valerie
had
had
suggested
no
additional
essays,
but
we
realized
that
there's
one
issue
with
that.
If
you
have-
and
I
can
say
with
multiple
child
essays
and
with
some
of
them,
you
want
to
do
this,
multiple
children
and
with
some
of
them
you
don't,
then
doing
no
additional
essays
might
be
confusing
to
say
whether
you
mean
no
additional
saves
for
this
traffic
selector
set
or
or
that
it's
still
allowed
to
do
other
traffic
selectors.
B
B
The
previous
one
could
be
actually
put
into
the
compression
stop,
but
we
have
to
think
about
it
more.
So
I
think
we
need
to
have
a
discussion
with
the
lady
and
the
authors
and
see
if
we
need
to
reach
our
or
something
like
that,
but
we
are
now
running
out
of
time.
So
we
can't
do
that
one
now,
but
I
please
send
a
list
to
the
email
to
the
list
and
and
remind
this
and
then
our
added
ccdiads
and
our
creators
are
coming.
F
Right
no,
I
agree
we
should
talk
about
this
offline,
but
I
had
I
wanted
to
join
the
the
queue
to
say
something
unrelated,
which
was
since
we
were
talking
about
post
quantum,
so
much
and
hybrid
techniques.
Today
I
wanted
to
point
out
that
tomorrow,
at
the
sag
session,
we're
gonna
have
a
topic,
for
you
know
how
should
the
ietf
be
handling
post
quantum
stuff
in
general,
which
may
be
of
interest
to
many
of
us
here?
So
please
come
to
that
and
share
your
opinions.
B
B
Yeah
the
cookies
out
there
in
the
gutter
towel,
so
it's
probably
gonna
grab
them
before
people.
Other
people
take
them.
Okay,
so
that's
all
for
the
high
basic
mma
and
I
hope
people
we
had
a
little
bit
problem
with
my
my
scheduling
because
I
was
in
the
vacation
where
I
was
supposed
to
schedule
this
meeting.
So
that's
why
we
only
get
to
one
hour
and
in
wrong
location
in
overlapping
or
several
other
systems,
but
hopefully
that
was
still
useful
and
so
okay.