►
From YouTube: IETF93-DBOUND-20150720-1740
Description
DBOUND meeting session at IETF93
2015/07/20 1740
B
B
C
Sam
you
want
to
prescribe
and
Dan
will
jab
describes
my
lord
a
new
york
and
someone
want
to
just
take
top-level
action
item
minutes
and
please
your
name
I'm,
sorry
Steve.
Thank
you.
I
knew
that.
C
Ok,
blue
sheets.
A
B
A
C
You
have
the
right
to
remain
silent.
Anything
you
say
can
be
used
by
the
ietf.
You
have
the
right
to
consult
with
an
attorney
with
respect
to
your
intellectual
property
rights
and
obligations.
Part.
Are
you
participating
in
any
ITF
context?
If
you
do
not
know
what
the
I
ATF
IPR
rules
are
find
them
out
now
and
you
may
not
even
want
to
sit
in
the
room
while
you're
doing
that
just
go
discover
them
it's
a
wonderful
journey,
but
please
be
aware
that
if
you
are
here
and
contributing
that
has
implications
for
you.
C
A
These
are
worth
consulting
if
you
haven't
seen
them
already,
so
we're
going
to
spend
a
lot
of
time
today
confirming
that
we
have
a
good
understanding
of
the
problem,
we're
trying
to
solve
here
and
then
trying
to
confirm
that
we
can
do
these
in
either
11
omnibus
solution
or
whether
there
needs
to
be
separate
solutions
for
separate
use
cases.
We
thought
we
had
this
nail
down
before,
but
it
seems
like
there's
still
some
conversation
that
needs
to
happen
about
it.
So
this
whole
hour
pretty
much
it's
going
to
be
dedicated
to
that
and
as.
C
Chairs,
one
of
the
things
we
noticed
is
these
2
are
orthogonal
questions
right
that
there's
this
whole
set
of.
What
do
we
need
to
represent
and
then
do
we
need
multiple
mechanisms
and
the
answer
to
those
questions
can
be
answered
independently.
So
that's
what
we're
looking
to
find
out
at
the
end
of
the
day
today.
D
Thanks
Ella
for
the
pink
box:
hey
there's
another
one
which
is
Oh
earth,
Anderson,
there's
another
one
which
is
who's
next,
should
I
throttle
if
I'm
seeing
problems
from
this
domain
or
I
need
to
contact
someone
from
this
domain
and
where
do
I
look
for
that
information,
so
that
in
some
ways,
is
looking
for
an
abuse
record
you're
looking
for
a
Thor
tative
who
is-
and
it
can
be
related
in
some
ways
to
this
kind
of
question
space
as
well.
That's.
E
This
is
under
Sullivan,
I,
really
really
think.
That's
a
completely
different
problem
from
this
I
I
think
I.
Think
it's
an
important
problem
and
I
wish
that
weird
had
solved
it
by
putting
on
its
bootstrap
records
into
the
DNS.
The
way
same
people
would
have
done
it
as
opposed
to
putting
in
an
eye
on
a
registry,
but
we're
not
gonna
fight
that
here
on
so
so
so
so
so
my
view
is
that
you
could
have.
F
Crocker,
could
you
go
back
to
the
bullets
hello,
so
the
first
three
bullets
are
different
in
an
interesting
way
from
the
fourth
bullet.
The
fourth
bullet
is
really
just
about
a
DNS
mechanism
for
going
to
a
place,
and
the
first
three
involve
a
lot
more
than
that
which
I
will
call
on
semantic
detail
after
you
figure
out
where
to
go.
Look
for
some
information
and
there
it
that
they're
useful,
because
they're
very
concrete
they
have
known
applications.
We
don't
actually
want
to
answer
those
first,
three
questions
in
their
entirety.
F
We
want
to
answer
enough
of
the
mechanism.
Questions
to
then
allow
the
next
layer
up
to
make
the
kind
of
decisions
that
are
in
there.
This
is
this
is
about
finding
information,
rather
than
actually
deciding
whether
to
accept
a
cookie,
for
example,
and
those
first
three
bullets
are
interesting
enough
that
we
could
easily
and
probably
would
get
very
bogged
down
if
we
don't
remain
very
clear
about
this
difference
between
the
mechanism
we're
trying
to
create
versus
the
use
of
the
mechanism.
F
E
E
So
now
I
can't
see
them
right.
So
as
her
time
to
pull
this
out.
Anyways
I
can
turn
around
I,
don't
know
where
they
are
alright.
Sorry
about
the
logo,
but
good
corporate
people
have
decided
that
I
have
to
have
a
logo
on,
but
not
on
all
the
slides.
Fortunately,
next,
please
on
SI.
No
lo
go
on
so
so
the
the
thing
that
I
figured
we
could
do
is
just
kind
of
go
through
these
questions.
I
agree
with
the
distinction
that
they've
just
made
and
I
think
he's
he's
got
right.
E
You've
got
on
right,
cuz
you're,
making
a
decision
about
the
cookie
on
the
basis
of
the
name.
That's
really
what
the
what
the
issue
is
here
right.
We've
got
this
name
you're,
going
to
make
a
decision
on
the
basis
of
the
name,
its
data
on
and
you're,
going
to
you're
going
to
adopt
some
sort
of
policy
about
that.
E
So
the
first
thing
that
I
want
to
know
is
whether
this
is
a
question
we
have
to
answer
in
order
to
solve
the
whatever
problems
we
think
we
have
so
how
many
people
think
we
have
to
answer
this
question.
Not
not
you
know,
should
I
accept
this.
This
particular
cookie,
but
like
do
we
you
know,
do
we
have
do
we
are
we
able
to
answer
a
question,
or
do
we
have
to
be
able
to
answer
a
question
about
whether
we
can
accept
a
cookie,
given
the
name
that
we've
gone
in
front
of
us?
C
C
C
E
F
C
E
E
C
A
Maybe
a
way
to
think
about
it
is
am
I
able
to
get
enough
information.
Well
is
one?
Is
one
enabled
to
get
it?
Does
the
information
gleaned
enable
one
to
make
a
decision
about
in
this
case,
accepting
a
cookie?
That's
I
think
the
word
enable
in
there
some
way.
B
E
G
Thank
you,
a
co,
I
think
one
other
thing
to
consider
is
not
only.
What
are
we
trying
to
do,
but
also?
What
is
the
current
mechanism
in
place
for
doing?
This
would
help
give
us
some
context
so
for
right
now
you
might
say
that
the
it's,
a
combination
of
looking
at
the
relationship
between
the
two
in
terms
of
the
DNS
is
one
an
ancestor
of
the
other
and
then
also
right
now
is
one
you
know
a
it
is.
The
domain
is
trying
to
set
the
cookie
in
a
public
suffix
realm
right
right.
E
E
So
so,
yes,
I
mean
I
I.
Think
that
I
think
that
we
only
ever
started
this
this
effort,
because
we
accepted
that
there
was
something
broken
on
about
about
all
of
these
cases,
which
is
really
what
I'm
trying
to
say.
Is
it
with
that?
Is
this
a
question
we
must
answer
that
is
there.
There
might
be
some
things
in
here
that
we
think
well,
that's
not
really
broken,
it's
sort
of
a
nice
to
have,
and
so
we
might
not
Inc.
We
might
not
include
it
on
our
like
list
of
stuff.
E
We
have
to
do,
but
what
you're
saying
is.
I
think
if
I
understood
you
correctly,
what
you're
saying
is,
additionally,
how
is
this
solved
now
and
do
you
also
want
to
say
how
is
it
bad,
I'm.
G
E
G
E
Okay,
that
works
for
me
so
on
partly
also
it's
going
to
come
into
this
compatibility
question
here
right
because
we've
got
this
other
this
other
idea.
Now.
What
would
success
look
like
if
we
could
answer
this?
If
we
could
answer
this
question
so
that
then
the
first
one
was
was
portability
and
and,
as
I
said,
Casey
came
up
with
most
of
these
dimensions,
so
you
might
have
more
to
say
about
these
on
the
this
first
question.
Is
portability
and
I
think
what
that
means
is.
E
G
Again
kind
of
stand
here
or
near
here,
but
if
someone
else
needs
to
get
up,
that's
okay,
so
part
of
my
question
about
portability
also
was
the
online
offline
question
I?
Think,
oh
good,
so
you
know,
can
you
take
it
with
you
whether
you
plugged
in
or
not
I
mean
that's
pretty
much
in
essence,
or
you
know
again
to
make
comparison
with
what's
currently
out
there?
Is
it
something
that
can
be
you
know
completely
self-contained
or
partially
self-contained?
Then
I.
G
C
In
question
from
the
chair,
so
I
get
my
head
around
the
issue.
Is
this
simply
cash
ability
or
is
there
more
to
it
than
that
because
there's
because
local
cache
ability
means
I
can
carry
it
around
with
me,
which
may
be
may
mean
that
the
first
answer
is
online,
but
other
answers
may
or
may
not
be,
and
then
there's
do.
I
need
a
collection
of
these
in
some
form
in
it
that
then
we're
getting
into
the
format
of
it
rather
than
the
nature
of
it.
So
that's.
Is
there
a
distinction
there.
G
E
So
actually,
what's
cool
about
this
is
that
the
portability
and
scalability
things
go
together
right
because,
what's
what's
so
in
this
dimension
in
the
can
you
pick
it
up
and
take
it
with
you,
the
PSL,
the
existing
public
suffix
list
on
thing
from
public
suffix
org?
That
has
the
portability
feature
that
you
can
get
the
whole
file
and
you
get
at
one
time
and
you've
got
like
the
current
version
right.
E
It
has
the
scalability
disadvantage
that
it
can't
know
about
all
kinds
of
stuff
all
over
the
internet
at
random
levels
of
the
tree,
because,
unlike
you,
want
scale
right
because,
like
there's
a
guy
who's
updating
a
list,
and
so
you
know
we
already
solved
that
problem
in
the
past.
That's
why
we
invented
the
DNS
in
the
first
place.
So
you
can't,
like
you
know,
have
another
list
on
the
side.
That's
maintained
by
a
guy
on.
E
So
that's
a
that's
an
example
of
maybe
a
set
of
trade-offs
that
we
want
to
consider
in
the
success
in
the
success
discussion
right.
How
much
of
portability
like
and
sort
of
self-contained
admiss
is
valuable
as
compared
to
being
able
to
do
it
as
a
sort
of
general
purpose
solution
for
a
lot
of
different
contexts
and
and
I,
don't
know
what
the
answer
is
to
that.
But
you
know
it's
maybe
one
of
the
things
we
want
to
consider
it.
C
C
B
E
So
I
agree
with
that
and
I
think
that
that's
another
dimension
of
some
of
these
computer
went
to
see
em
cat
caffeine.
It
no
really
it's
in
the
it's
in
the
app
store.
It's
an
excellent
app.
It
solves
exactly
that
problem.
Nothing
else!
It's
fantastic!
It
does
one
thing
and
well
on
so
few
things
left
right,
I,
even
the
DNS.
D
These
are
great
dimensions
for
discussion
on
the
list,
but
I
don't
think
that
we're
going
to
come
to
any
consensus
here
now
on
any
of
these
questions
about
these,
that's
what
the
list
is
for.
Let's,
let's
hit
the
points
and
agree.
If
we
think
we're
asking
the
right
questions,
then
we
can
dive
into
the
answers
on
the
list.
E
So
I
fully
agree
with
that.
I
wanted
to
go
over
the
on
these
terms,
though,
in
this
first
slide,
because
I
wanted
to
make
sure
that
everybody
is
in
agreement
on
what
they
mean,
because
at
the
very
beginning,
for
instance,
portability
turned
out
to
be
something
that
Casey
and
I
understood
differently
and
I've
noticed
a
distinct
lack
of
discussion
of
these
things
on
the
list.
So
that's
part
of
why
I
want
to
Goose
this
here
right
and
make
sure
that
we
we
get
there
and
I.
C
Think
that's
perfectly
reasonable
and
and
I
think
what
we
want
to
get
out
of
this
discussion.
Is
you
know
if
we
don't
have
a
sharp
answer
for
each
of
these
questions
right
now,
for
any
one
of
these
topics
immediately
boot
it
to
the
list,
but
if
we
have
an
obvious
everybody's
head
is
nodding
up
and
down
that
this
is
specifically
the
mechanism
we
need
for
question
four,
this
bunch.
That
would
be
good
to
know
now,
and
then
we
can
start
sorting
the
rest
of
the
list.
Thank.
E
Wiki
so
I,
I
think
that
the
compatibility
thing
is
literally.
How
are
people
coping
with
this?
To
the
extent
they
are
now
and
are
we
going
to
be
able
to
are
people
going
to
be
able
to
use
this
mechanism
somehow
as
a
drop
in
with
their
existing
code?
Is
that
what
you
meant
to
Casey
I,
think
that
sounds
about
right,
okay
and
then
complexity,
I
think
the
I
think
that
dimension.
E
There
is
essentially,
how
hard
is
it
going
to
be
to
to
build
and
also
to
operate
on
whatever
it
is
that
we
come
up
with
so
it's
not
just
the
building,
but
the
operation
right,
there's
something
appealing
about
the
public
suffix
list
and
that
it's
dead
simple
to
understand,
but
it
turns
out
to
be
really
complex
to
you
know,
get
it
out
properly
because,
for
instance,
you've
got
to
update
every
client
every
time
you
every
time
you
want
to
do
it,
so
that
turns
out
to
have
an
operational
complexity.
E
E
So
this
is
the
user
interface
question.
This
is
the
one
arm
right,
we're
in
your
in
your
browser
magic
entry
box
at
the
top.
If
you've
got
a
domain
name
in
there,
however,
they
decided
that
you've
got
a
domain
name,
then
the
the
last
part
of
it,
which
is
sometimes
called
the
real
domain
name
or
other
terms
of
art
that
I
don't
understand,
are
highlighted.
So
is
this
a
question
that
we
must
answer
def.
F
C
It
well
that's
why
I
asked.
Are
there
browser
folks
in
the
room
if
they
wanted
to
contribute
to
this
and
say
we're
willing
to
latch
on
to
the
same
mechanism
you
guys
are
using
for
the
rest
and
we'll
make
sure
that
it
works
for
our
use
case.
That's
fine!
If
there's
no
one
in
this
room,
who
is
a
browser
person
so.
F
E
E
G
B
H
Hardy
I'd
like
to
suggest
that
that
this
is
a
much
more
narrowly
scoped
question
than
that,
and
that
one
of
the
things
many
applications
want
to
do
is
service
discovery
and
service
discovery.
Sometimes
has
this
tree
walking
urge
for
which
D
bound
might
provide
answers,
and
you
might
therefore
get
a
different
answer
to
the
do.
Some
applications
in
the
course
of
certain
processes
want
this
but
I.
I
would
really
like
to
have
use
cases
that
are
scoped
more
narrowly.
Then
some
application
might
have
some
context
and
I
like
this
one.
A
B
E
E
So
this
is
different
from
the
separation
question
in
that
there's
a
there's
an
implication
of
control
here,
I,
don't
know
if
it
turns
out
that
we
think
that
that's
an
important
distinction
or
not,
but
but
that's
that's
the
reason
that
this
control
word
is
in
there
can.
H
I,
ask
you
a
clarifying
question:
yes
1030
you,
it
sounded
like
you
were
using
this
almost
as
if
domain,
X
and
domain
y
might
be
arbitrary.
Like
example,
common
example
net.
Is
that
what
you
meant,
or
did
you
mean
they
were
in
a
single
up?
They
might
appear
together
in
a
single
label?
Is
it.
E
H
E
E
One
is
we're
going
to
absolutely
limit
this
strictly
to
our
ancestor
descendant
relationships
and
we're
never
going
to
go
across
the
across
the
tree,
but
there
are
other
people
who
think
that
cross
tree
relationships
are
also
important,
because
it
turns
out
that
when
you
know
say
large
database
Corp
eyes,
large
X
computer
manufacturer
Corp
on
and
they
merge
things
there's
you
know,
temptation
to
set
cookies
across
those
things
and
so
on,
and
some
people
have
felt
that
that
would
also
be
a
valuable
feature,
and
so
these
are
two
things
and
one
of
those
has
no
backward
compatibility
story
at
all
because
it
doesn't
work
at
all.
E
H
So,
let's
just
turn
everything
on
Ted
Hardy
again.
Would
it
be
fair
to
restate
that
slightly
more
narrowly
to
say
could
domain
X
in
some
theory,
BD
named
to
domain?
Why
I'm
getting
no?
As
my
answer
there.
B
E
The
no
no
nice
else
this
is
ambiguous
so
on
so
so
that
seems
actually
to
me
to
be
another
topic
that
we
need
to
add
to
our
through
our
use
case
problem.
That
is,
we
need
to
nail
down.
I
I
recognize
that
actually,
because
I
had
a
proposal
originally
and
and
if
its
proposal
was
like
had
inheritance
tricks
because
of
wild
cards,
but
apart
from
that,
actually
it
failed
closed
on.
E
So
my
natural
tendency
is
to
say:
well
it's
it's
the
name,
because
that's
what
a
domain
name
is,
but
I
recognize
that
there
are
other
people
who
don't
believe
that
on
and
who
believe
in
fact
that
that
sub
tree
relationships
in
particular
further
down
the
tree
are
fundamental,
and
so
actually
we
really
do
need
to
sort
that
one
out
I'm
not
proposing.
We
try
to
sort
it
out
here
at
the
microphone.
I.
Think
again,
a
list
thing.
B
A
E
E
Point
from
it,
what
it
is
is
different
from
the
zone
administrator.
So
right
there.
This
is
not
the
SOA
is
the
is
the
key
thing.
So
it's
some,
oh
and
and
in
one
of
the
drafts
we
had
this
idea
of
it
changed
name
several
times
so
I
forget
what
I
could
what
we
call
it
last
time
it
was
policy
realm,
I
think,
is
what
we
what
we
settled
on.
B
E
And
in
that
case
you
actually,
you
need
to
have
a
mechanism
by
which
you
can
say
these
things
actually
don't
go
together.
That's
the
use
case,
like
one
of
the
use
case,
examples
that
we've
had
a
lot
of
the
time
and
stuff
like
blogger
com
right,
you,
don't
you
don't
want
blogger
com
to
be
able
to
set
stuff
in
all
of
these,
or
rather
you
know
no.
B
E
B
This
short
define,
control,
I,
think
that's
that's
the
biggest
term
here
and
I'm
not
making
this
up.
We've
we've
had
this
various
occasions
waits
for
a
certain
set
of
policies
or
services.
The
control
is
identical
that
the
controlling
body
entity,
whatever
is
identical
for
other
services.
It's
just
joked
so
filthy.
E
B
A
Rojeck,
that's
I!
That's
why
I've
been
bouncing
up
and
down,
because
that
that
issue,
I
think,
is
a
really
thorny
one
I
the
example
you
gave,
if
you
think
about,
for
example,
who's
going
to
issue
the
ssl
cert
forex,
blog
com
versus
y
dot,
blog
com,
it's
probably
blog
com,
but
you're
right
about
the
cookies,
so
I
mean
when
you
talk
about
control
its
control
of
what,
because
the
answer
to
that
is
going
to
be
the
answer
to
this
question,
going
to
be
different
depending
upon
what
aspect
of
control
you're
talking
about
so.
E
We
need
to
add
a
question
which
is
not
on
these
slides
anywhere,
so
somebody
who's
taking
notes
has
to
like
write
this
one
down,
keep
looking
XD.
We
need
to
add
a
question
about
about
whether
this
needs
to
be
scoped
to
the
service
or
scoped
to
the
domain
name
on
in
some
of
the
previous
drafts.
This
has
actually
bounced
back
and
forth,
because
people
on
this
said,
on
the
one
hand,
wait
a
minute.
It's
different
different
services
at
the
same
name
and
other
people
said
yeah
yeah,
but
everything
else
we
do
in
the
DNS.
E
We
do
only
at
the
name
level
and
below
that
you
don't
to
which
I
said
yeah
srvs,
but
I
didn't
get
anywhere
with
that.
So.
E
C
G
C
And
this
the
reason
we're
asking
these
questions
is
to
find
out
whether
we
are
using
the
same
mechanism
for
all
of
these
different
problems
or
we're
going
to
need
different
mechanisms
for
the
different
problems.
So
if,
if
what
we're
hearing
is
correct
that
for
this
kind
of
problem,
we
need
something
that
also
includes
service,
then
it
may
be
solved
by
a
different
mechanism
than
what
the
PSL
is
solving
I.
A
C
G
One
other
thing
I
mean
you
know
just
as
far
as
I'm
concerned,
you
know
and
I've
talked
a
little
bit
about
public
suffix
list
on
the
list.
But
but
part
of
the
reason
is
the
public
suffix
list
simply,
as
you
said,
delineate
public
or
not
public
right,
and
so
it's
been
used
for
other
things,
but
that
was
I
mean
that's
beyond
its
scope.
I
mean
that's,
arguably
that's
just
it
is,
and
that's
why
we're
here
right,
but
but
that's
part
of
the
reason
is
because
that's
all
I
can
do
a.
B
Rebellious,
I
see
how
come
back
to
tech.
The
Hardys
comments
I
think
it's
very
important
that
we
decide
whether
the
cross
domain
example,
converse
example
on
that
stuff
is
really
in
our
problems.
Faced
very
much
sooner
than
later,
but
I
think
the
solution
space
that
we
adopt
will
depend
on
whether
we
need
that
and
also
I
can
imagine,
for
example,
dns
based
solutions
which
would
be
applicable
if
we're
only
tackling
the
sort
of
you
like
siblings,
throat,
cousin
type
approach,
where
a
parent
domain
can
make
assertions
about
it
subdomains.
B
C
Can
I
ask
a
sense
of
the
room
question
hum
if
you
think
we
need
to
address
the
cross
domain
space
and
a
hum
if
you
think
it
would
be
bad
if
we
did
the
cross
domain
space
and.
C
I
I
just
wanted
to
say
that
name,
please
sorry!
This
is
daniel
con
gilmore.
This
is
a
complicated
problem
and
there
are
clearly
scenarios
in
the
real
world
where
this
is
important
and
useful,
and
I
think
it
would
be
a
mistake
to
block
solving
the
problem.
That
is
the
strictly
hierarchical
zone,
control
public-private
under
different
mechanisms
question
by
trying
to
solve
this
as
well.
I
So
if
d
bound
wants
to
tackle
two
separate
issues,
one
of
which
is
how
do
we
do
different
type
of
service
differentiation
based
strictly
on
hierarchical
relationships
and
also
chooses
to
look
at
this?
Maybe
they're
totally
separate
mechanism?
That's
fine,
but
I
would
not
want
to
see
that
the
mechanism
for
the
clean
zone
cuts
I
mean
they're,
not
zone
cuts,
cuz
they're,
not
soas,
but
the
hierarchical
zone,
guts
block
on
something
as
complicated
as
arbitrary
aliasing,
/
name
/
service
plus.
A
G
So
what
I'm
here
I'll
go
ahead.
Sorry,
one
follow-up
comment,
and
I
think
this
follow-up
to
what
Ted
mentioned
earlier
and
in
the
spirit
of
what
dkg
just
mentioned,
but
I
think
it
would
be
worth
hearing
in
a
follow-up
if
the
chairs
so
think
to
find
out
what
what
people
think
about,
because
we
heard
strong
agreement.
The
people
want
to
solve
that
problem,
but
about
the
solving
them
in
two
different
steps
along
the
way
or,
if
that's,
if
that's
something
you
want
to
hear.
Also.
I
Okay
can
I
just
add
one
more
clarification,
which
is
the
reason
why
I
want
to
solve
the
other
one.
First,
the
reason
I
want
to
solve
the
the
one
based
on
a
hierarchy.
First
is
because
I
think
the
dns
already
represents
points
of
hierarchical
control
where
people
are
vulnerable
to
their
parents
own,
and
it
is
important
that
we
explicitly
denote
where
those
points
of
hierarchical
control
are
so
we
can
understand
the
power
dynamics
on
the
network.
I
E
One
is:
we
need
to
determine
whether
what
we're
doing
is
a
name
based
thing,
or
a
name
plus
service
based
thing
for
these
kinds
of
problems,
whatever
control
means
I'm,
so
so
acknowledging
Peter's
question
about
control
means
and
then,
secondly,
on
we
we
want
to
ask
whether
the
hierarchical
stuff
or
the
on
is
you
know,
or
arbitrary
names
and
and
whether
there
and
then
maybe
we
want
to
understand
what
the
relationship
is
between
those
two
things,
so
that
if
it
turns
out
that
it's
trivially
easy
to
add
the
cross
domain,
stuff
I,
don't
think
it
would
be
but
like
if
it
turned
out
to
be,
then
you
know,
we'd
obviously
want
to.
E
E
B
Alex
may
offer
first
I
I
think
that
we
should
stick
to
the
hierarchy
model
and
there
are
two
reasons
for
that.
First,
I
think
the
problem
was
well
understood,
and
second,
one
is
that
the
number
of
relations
between
object,
a
and
object
B,
is
limited
to
the
number
of
the
main
names
you
have
in
a
certain
point
in
a
hierarchy.
C
B
B
Just
wondering
if
this
problem
is
not
already
soft,
if,
if
I,
would
go
slide
back
and
would
replace
the
cookie
by
mail
server,
so
I
think
if
you
think
about
smtp
and
SPF
and
all
the
stuff
is
like
what
I
trust
an
email
coming
from
this
miss
other
which
is
belonging
to
a
different
domain
in
solving
a
different
domain.
I
think
this
is
more
or
less
the
same
thing
here.
So
I
would
like
to
understand
vs
the
difference
between
what
we
already
doing
for
smtp
versus
what
we
are
no
doing
for
HTTP
cookies.
E
E
Lord
knows
I
sorry
I've
got
Dane
on
the
brain
on
what
we're
gonna
get
to
the
DMark
case
in
in
a
moment,
but
I
am
I'm
reliably
told
that
the
DMark
is
is
not
the
kind
of
sia
to
all
problems
that
some
people
seem
to
think.
You
know
it
has
a
use
case
and
it
works
well
for
that
use
case,
but
it
doesn't
solve
all
all
problems,
and
I
think
the
same
problem
is
true
here.
So
I
I
think
we
want
to
understand
this
thing
on
and
anyway
right.
G
Maybe
last
thing:
Andrew
Casey
Casey
DC
at
the
Mike
you
mentioned,
or
several
mentioned
breaking
it
down,
and
so
we
we
got
a
broken
down
into
ancestral
relationships,
problem
and
then
cross
domain
problem.
And
then
you
had
mentioned
services
and
names
and
I
wonder
if
that's
even
the
second
step,
ancestral
kind
of
being
the
primary
one
services
names
being
the
next
one
and
then
the
other
one.
Now.
H
G
E
Think
we've
certainly
got
to
work
out
the
relationship
between
those
as
well
I
I
think
that
probably
is
work
that
we
got
to
do
on
the
list.
We
are
going
to
take
this
all
to
the
list
this
time
right,
because
that's
what
we
said
last
time
next,
please
yeah,
okay,
so
this
is
the
the
DMark
case
and
I
confess
that
I
still
don't
exactly
understand
how
the
DMark
case
works.
What
what
I?
D
Curt
Anderson,
you
start
with
the
piece
of
mail
that
you
receive.
You
start
with
the
domain
that
is
in
that
mail.
If
that
domain
has
a
record,
you
use
that
record.
Otherwise,
you
go
to
the
top
of
the
organizational
domain
in
Demark
parlance,
and
you
say:
what's
the
record,
it
can
be
an
arbitrary
number
of
mean
if
you're
getting
something
from
ABC
example.com
example.com
is
your
organizational
domain?
Well,.
B
D
A
E
So
the
the
there
have
been
two
different
things.
So
you're
right,
I
skipped
the
first
part,
which
is
first,
you
look
at
the
name
itself,
but
once
you're
past
the
first,
you
look
at
the
name
itself.
The
current
implementation
is
basically
the
deepest
organized.
The
deepest
name
in
the
tree
is
the
organizational
domain
name.
It's
emotional.
I
B
D
F
B
E
D
E
So
so,
let's
get
the
new
the
new
question
and
then
we
should
answer
that
and
and
then
I
think
there
is
an
important
compatibility
and
complexity
unpair
that
I
want
to
I
want
to
get
to
hear,
because
on
the
the
current
demark
documents
say,
don't
use
this
when
there's
something
better,
but
if
we
change
the
way
that
the
organizational
name
is
calculated
on
that
could
potentially
change
like
the
meaning
of
this
right,
because
because
you
wouldn't
have
a
mechanism
to
put
like
C
dot,
B
dot
example.com
in
there
right
now,
casita
example.com
doesn't
appear
in
the
public
suffix
list
and
so
sub.
E
Excellent
and
and
and
so
then
there's
another
issue
here-
having
to
do
with
complexity.
G
G
Okay
and
I
bring
that
up,
because
if,
among
the
solutions
that
are
developed,
you
are
able
to
say
okay,
let's
say
we
implement
this
start
out
with
zero
implementation
and
it
still
works,
and
then
we
implement
one
and
it
continues
to
work
because
it's
using
current
mechanisms
and
only
using
the
new
ones.
If
it's
detected
that
they're
in
place.
G
That's
the
kind
of
thing
that
might
answer
part
of
the
complexity
question
and
the
compatibility
question
is
the
same
default
question
and,
and
part
of
that
you
also
might
answer
is,
for
example,
you
know
Kurt
raised
the
question.
You
know
bc
example.com.
Will?
How
often
does
that
happen?
You
know
how
often
is
the
same
default
in
the
current
deployment
actually
reasonable.
So
anyway,
those
are
among
the
questions.
We
would
ask
that
go
along
with
that.
So.
E
I
think
what
I
think
what
we
need
to
do
now,
I
think
what
this
has
done
is
exposed
a
number
of,
because
I
think
the
last
one
in
here
was
is
like
sort
of
a
nice
to
have,
but
it's
not
that
important
right,
yeah!
Oh,
these
are
difficult
ones
know
we
really
need
a
Coppola
certificates
want
to
use
your
five
minutes
on
okay.
So
let's
use
the
five
minutes
for
the
certificates
and
and
the
but
the
follow
on
from
here
is.
E
We
need
to
to
take
these
things
now
and
really
pound
on
them
on
the
list,
because
we
we
just
completely
failed
like
the
the
the
list,
since
dallas
has
been
a
discussion,
among
maybe
four
of
us
and
and
I
was
like
you
know,
wrapped
in
iono
for
a
month
and
a
half
of
that
so
so
I
know
that
I
wasn't
participating,
but
you
know
like
I'm,
not
that
smart,
so
other
people
need
to
work
on
this
because,
like
you're
going
to
get
a
bad
bad
design,
if
you
let
me
do
it
so
so,
please,
like
you,
know,
let's,
let's
take
the
things
that
I
think
we've
got
a
good,
a
good
list
of
things.
E
Okay,
so
let's
take
the
rest
of
how
the
four
minutes
we
got
left
on
and
try
to
work
out
these
certificate
things
I,
guess
he
left
the
room.
I've
been
totaled
right
on
so
so
certificates.
The
the
reason
that
the
certificate
problem
is
a
little
bit
different
right
is
because
the
certificate
authority
doesn't
really.
It
is
not
in
the
middle
of
any
of
these
things
instead
they're
busy,
trying
to
figure
out
whether
they
can
make
statements
about
about
a
name
and-
and
so
that's
the
reason
that
that
I
thought
this
needs
to
be
treated
differently.
E
H
Sorry
so
I
think
there's
a
related
question
here
to
the
other
questions,
but
I
point
out
that
this
is
a
little
bit
tricky
because
in
certificates,
in
addition
to
having
the
name,
you
have
subject
alt
names
which
themselves
may
have
wild
cards,
so
you
can
have
a
condition
where
you
have
started
example.com
in
the
name
and
a
subject:
alt
name
of
mumble
dot
net,
a
start-up
mumble
net,
and
you
you
you.
You
have
a
question
here,
of
which
domain
name
or
domain
names
or
which
trees
or
in
which
parts
of
this
art
issue.
H
But
if
you
kind
of
boil
it
down
to
for
a
single
name
in
a
single
slot
of
a
certificate
using
a
wild
card.
Can
I
infer
from
this
record
that
this
is
a
valid
place
to
do
to
do
that.
Well,
carding.
You
might
be
able
to
do
that,
but
I
would
actually
challenge
you
to
tackle
a
slightly
more
interesting
question
that
acne
has,
which
is.
If
somebody
is
asking
for
a
wild
card
record
of
this
type.
H
H
H
In
a
request,
the
the
common
way
of
doing,
that
is
to
say
I
owned
food
example,
and
thus
everything
under
food
out
example
belongs
to
me.
I
have
the
right
to
delegate
against
it
now,
in
fact,
in
a
wild
card
certificate,
it's
it's
a
single
level
of
hierarchy
and
I
have
to
have
start
at
food
out
example.
If
I
want
have
the
the
food
out
example,
subtree
also
represented
in
single
certificate
and
I.
Do
that
with
the
subject
called
name,
but
the
real
question
I
think
comes
down
to.
H
B
Pinnacle
one
observation:
I'm
not
sure
it's
helpful,
but
you
might
judge
you
know
that
the
semantics
of
the
DNS
work
card
is
different
from
the
semantics
of
work.
Are
there
not
only
in
not
only
in
the
way
that
Ted
just
mentioned,
but
also
by
the
ability
to
punch
holes
into
the
Wildcat
expansion
so
depending
on
the
solution?
That
might
actually
be
a
question
that
can
only
be
ant
ant
after
the
proposal
solution
is
on
the
table.
Okay,.
E
C
Walk
out
the
door,
if
you
have
not
signed
the
blue
sheet,
please
do
this
was
a
tight
room
and
we'd
like
to
keep
track
of
the
numbers.
Blue
sheets
are
up
here
and
yes,
please
do
make
sure
to
keep
an
eye
on
the
list.
We
will
post
notes.
Please
do
follow
up
and
if
you
are
willing
to
write
pieces
of
this
so
that
Andrew
in
case
you
don't
have
to
do
all
the
work.
That
would
be
helpful.
Thank
you
all.