►
From YouTube: IETF94-DISPATCH-20151104-1300.webm
Description
DISPATCH meeting session at IETF94
2015/11/04 1300
A
D
Alyssa
Cabrera,
Kingdom
bachelorhood
suppose
she
felt
very
bad
about
this,
because
I
saw
like
8,000
he
knows
about
this
before
it
went
out,
but
the
privacy
of
the
network-
that's
kind
of
weird
like
so
I
might
say,
I'm
just
telling
you
that
when
this,
when
we
approved
this
before
we
approve
it,
I
might
suggest
an
editorial
change.
That's
fine
yeah!
They
don't
know
so
yeah,
sorry
for
not
catching
that
sooner.
Okay,
just
send
us
the
change
or
actually
can
do
to
change
yourself
right.
Yeah
didn't
want
you
to
be
surprised.
Okay,.
E
So
in
terms
of
meeting
format
they
were
we
had.
We
not
meeting
apps
AWG
is
not
meeting
this
time
at
all
and
as
it
gradually
spins
down,
we
have
three
documents
left
the
process
and
when
they're
done
I,
imagine
berries
just
going
to
close
that
working
group
and
we'll
continue
with
this
one.
Okay,
some
of
the
feedback
we
got
as
that
transition
is
happening.
E
Is
that
people
really
liked
what
we
used
to
do
the
monday
morning
meeting
where
we
would
have
the
boss
summaries
and
the
new
working
group
summaries
people
from
lots
of
areas
came
to
hear
that
and
so
I
think
the
plan
with
when
Osiris
is
to
reinstate
that.
So
that
would
be
the
art
area
general
meeting,
and
it
will
also
include
those
things,
but
there
will
again
be
no
protocol
development
of
any
kind
going
on
there.
F
E
D
G
However,
there
is
no
failure,
if
that,
if
that
security
is
not
available,
so
this
is
this
is
essentially
what
opportunistic
security
is
all
about,
and
it's
very
important
that
it
we
recognize
that
it's
not
a
substitute
for
full
security
policies.
Okay,
those
that
that
want
and
have
the
ability
to
say
we're,
always
going
to
use
full
security
will
never
have
me
for
opportunistic
security.
So,
for
example,
RTC
web
web
RTC
has
made
the
good
decision
that
you
know
all
media
is
encrypted
and
authenticated
all
the
time.
G
So
this
is
not
a
new
topic.
Many
of
you
have
been
involved
in
previous
discussions
of
this.
It
actually
goes
all
the
way
back
to
Z
RTP,
where
we
called
it
best
effort
srtp-
and
you
know
this.
This
was
something
that
the
industry
many
years
ago
recognized
that
we
needed
in
the
transition
from
unencrypted
RTP
to
encrypted
and
authenticated
srtp,
and
there
was
a
draft,
the
the
kaplan
and
music
best
effort
draft,
which
was
discussed
a
couple
of
times
and
it's.
It
basically
lays
out
the
arguments
for
best
effort.
G
Srtp,
it
goes
into
a
lot
of
detail,
goes
through
requirements
and,
ultimately,
that
approach
is
what
is
used
widely
in
the
industry
today
next
slide,
and
we
just
want
to
the
authors,
we
wanted
to
dedicate
this
work
to
our
good
friend,
Francois
oday.
Many
of
you
knew
him.
He
worked
very
hard
to
improve
sip
and
RTP
security
and
was
a
co-author
on
the
kaplan
best
effort
draft
slang.
G
So
why?
Now,
after
so
many
years
and
after
the
industry
has
largely
adopted
this,
a
number
of
factors,
one
is
in
the
SIP
forum,
we
in
adding
srtp,
we
wanted
to
add
a
opportunistic
or
best-effort
mode,
but
unfortunately
we
have
no
no
specification
to
reference
for
that.
The
IMTC
went
ahead
and
and
wrote
their
own
as
part
of
the
best
practices
for
sip
security
document
defines
this
and
is
implemented
in
a
number
of
places,
and
you
know
these
days.
Opportunistic
security
does
have
some
respectability
here
in
the
post,
snowed
and
era.
G
We
know
that
more
encryption
is
better,
regardless
of
how
you
actually
do
it.
You
know
many
years
ago,
best
effort,
srtp
was
was
was
very
controversial,
but
hopefully,
hopefully
it's
not
going
to
be
today
and
ultimately,
the
more
Internet
traffic
that's
encrypted,
the
better
and
with
with
WebRTC
and
RTC
web,
we're
already
generating
a
lot
of
that
encrypted
traffic,
and
you
know
the
approach
just
works
and
it's
it's
nice
to
circle
back
and
and
get
this
right
next
slide.
G
So
one
thing
we
did
talk
about
the
author's
about
whether
we
should
just
publish
the
the
capital
and
best
effort
draft.
We
decided
not
to
do
that
to
write
a
new
draft
for
a
number
of
reasons.
One
is
that
it's
a
it's
a
fairly
long
and
involved
draft
that
that
makes
a
lot
of
arguments
for
best
effort,
and
you
know
today
those
are
well
summarized
in
the
opportunistic
security
document.
Also,
the
best
effort
approach
to
finding
that
draft
is
a
little
bit
different.
It's
it's
really
best
effort
in
the
way
you
negotiate
it.
G
It
doesn't
relax
the
authentication
aspects
that
opportunistic
security
does,
nor
does
it
make
user
interface
recommendations
as
well.
So
technically,
it's
slightly
different.
Also,
it
doesn't
discuss
the
more
modern
keying
approaches
such
as
DTLS
srtp,
and
also
to
try
to
appease
some
folks.
The
01
version
of
that
had
some
additional
things
added
to
it
that
nobody
liked
relating
to
a
specific
payload
for
the
srtp
and
the
like.
So
nobody.
D
G
It
really
just
describes
how
to
how
to
use
all
the
tools
we've
got
but
use
them
in
an
opportunistic
manner.
And
specifically,
it
involves
the
caller
indicating
support
for
opportunistic
srtp
by
including
srtp
attributes
in
in
the
end
line.
However,
they
still
use
the
the
AVP
profile,
so
they
do
not
use
the
secure
profile
in
the
end
line,
which
is
the
piece
that's
caused.
So
much
trouble
in
the
in
the
offer
answer
negotiation
over
the
years.
So
that's
in
the
offer
and
in
the
answer.
G
So
next
line
and
it's
important
to
recognize
that
this
approach
is
not
specific
to
any
keying
mechanism
for
srtp
and
in
fact
it
seems
it's
even
possible
to
include
multiple
keying
options
in
the
offer.
As
long
as
the
answer
only
selects
one.
So
that's
a
little
bit
of
extra
extra
flexibility
that
it
seems
we
can
do
as
well,
but
it
does
relax
the
the
authentication
requirements
for
those
keying
mechanisms.
G
Now,
if
the
authentication
is
there,
then
that
you
definitely
use
it,
but
it
is,
it
is
not
a
requirement
so,
for
example,
with
SDP
security
descriptions,
we
still
require
the
confidentiality,
so
you
still
need
to
use
TLS
transport,
for
example,
but
you
do
not
need
an
authenticated
signaling
channel
and
for
DTLS
srtp.
It
means
you
don't
need
an
authenticated
signaling
channel,
not
that
anybody
ever
has
an
authenticated
signaling
channel,
but
in
any
case
that
that
is
relaxed.
B
H
B
B
G
I
J
That's
why
we're
gonna
do
all
this
right
and
if
they're
does
happen
to
be
a
way
say
there
were
some.
We
were
to
try
to
revise
4474
and
for
some
reason
that
actually
worked.
He
would
still
be
able
to
sign
right
these
fingerprints.
However,
they
hear
your
you
list
for
different
methods,
for
today
are
too
poor
for
sony.
Corp
is
really
only
talks
with
won't
roll
into
detail,
SSR
GP,
but
I'm
sure
we
could
figure
out
a
way
to
sign
the
rest
of
them
as
well.
J
K
J
That
is
one
of
the
questions
and
Emmy
and
I
I.
Don't
know
if
this
is
begging.
Questions
are
coming
up
in
our
their
slides
if,
whenever
we
offer
all
set
at
different
ways
to
be
able
to
do
things
and
say
the
answer
gets
to
pick.
Obviously
there
are
concerns
that
arise
from
that,
especially
if
some
of
the
modes
are
problematic
for
various
reasons,
so
I
mean
at
least
out.
Are
there
going
to
be
a
preference
order
right
like
you,
you
can't
accept
this.
G
G
G
G
I
Jonathan
onyx
I
think
one
other
slot.
One
other
comment
that
would
be
useful
to
have
in
the
motivation
section
is
the
everybody
hates
kapnek.
You
know,
which
is
that
you
know.
Technically,
you
could
do
this
with
cap
Nick
in
practice.
Nobody
has
ever
implemented
everyone
hates
it
we
need
to
have.
Please
say
you
know
you
know
everyone
hates
it
and
explain
why
and
no
bit.
You
know
in
particular,
because
we
want
to
make
the
original
motivation
for
Captain.
It
was
exactly
this,
but
somehow
it
spawned
massive
tentacles.
H
H
The
information
is
different
that
might
cause
us
to
want
to
move
forward
or
not
move
forward.
If
you
said
I,
so
our
people
find
with
not
discussing
the
details
of
a
charter
and
sort
of
more
moving
into
the
heart
of
the
conversation
of
effectively
whether
the
ITF
would
do
this
work.
If
we
decide
yes,
then
we
can
move
into
the
details
of
it.
H
G
Yeah,
so
I'm
arguing
that
we
really
don't
need
to.
You
know
we're
not
starting
from
the
start
here.
We
don't
need
to
start
with
requirements
and
and
all
those
kind
of
things
you
know
we
really
want
to
document.
What's
what's
been
done
out
there,
but
we
could
use
some
good
security
reviews
so,
whatever
path
we
take,
we
need
to
get
some
good,
solid
reviews
to
make
sure
that
that
we're
not
doing
anything
that
we're
going
to
regret.
C
On
the
oven,
just
a
question:
I
mean
I
sent
an
email
because,
for
example,
RFC
5763
had
16
611
about
best
effort,
describing
you
Z
cap,
neg,
so
I
think.
If
that's
the
case,
then
we
need
to
update
that
and
point
it.
If
we're
going
to
take
this
work,
we
need
to
look
at
the
other
document
and
verify
that
this
is
recommended
in
the
documents
that
that
are
proposing
how
to
do
best.
Airport
security,
okay,.
B
Krista
Homer,
yes,
I
support
this,
and
even
though
this
draft
doesn't
define
any
new,
you
know,
htp
procedures
or
attributes
I
think
we're
going
to
have
to
connect
it
to
to
the
dtls
sdp
draft,
which
which
does
that
that
but
I
think
they're
going
to
go
hand
in
hand
because
there
you
have
been
you
there.
We
have
a
new
attribute
and
and
so
on.
Okay,.
A
G
Now
it
yeah
it
doesn't,
it
doesn't
replace
the
full
security
policies,
which
is
the
best
thing
to
do,
and,
for
example,
RTC,
web
and
web
RTC
we're
doing
the
right
thing
there.
This
is
this
is
for
the
rest
of
the
universe
which,
which,
unfortunately,
you
know
isn't
starting
from
scratch,
has
a
lot
of
deployed
base
yeah
and
needs
to
manage
it,
a
transition
where
you've
got
all
different
devices.
Yeah.
A
So
if
we
do
something
here
in
the
security,
consider
I
think
we
should
capture
that
and
say
you
know
we
are
allowing
you
to
negotiate
among
various
options
here,
but
you
should
make
sure
that
you're,
okay
with
the
least
least
good
option
and
whatever
you
accept,
definitely
yeah
sort
of
in
a
similar
vein
it.
It
makes
me
pretty
uncomfortable
to
include
things
like
s
des
in
here,
because
that
is
not
I
mean
we
saw
in
the
WebRTC
discussion.
A
It's
not
really
when
we
have
the
opportunity
to
move
away
from
that,
so
the
technology
that
that
we
should
be
putting
more
effort
behind
on
so
I
would
feel
more
comfortable
with
this
draft.
If
that
were
not
there,
and
we
had
only
things
that
had
automated
key
key
agreement,
I
realize,
there's
probably
others
in
the
room-
would
disagree
with
me
on
that.
But
well.
A
Got
her
as
a
security
guy
and
the
final
thing
was
I
I'm,
more
concerned
and
I'm
by
no
means
an
sdp
expert,
but
I've
heard
there's
a
difference
between
a
vp
and
sav
p
and
I'm
concerned
just
knowing
that
that
exists.
I'm
concerned
that
if
we
go
down
the
thinking
through
how
this
works
that
we
may
end
up
adopting
more
of
the
complexity
of
the
prior
efforts
and
ending
up
with
something-
that's
not
quite
so
simple
but
I
defer
to
people
who
understand
the
negotiation
process,
better
yeah.
G
I
Yes,
so
I
guess
the
one
question
I
mean:
maybe
the
mechanism
a
little
out
of
scope
but
I'm
just
worried
about,
especially
for
the
S
test
case,
the
early
media,
because
you
can't
actually
distinguish
RTP
from
SR
vp
based
on
the
wire
format
and
you'd,
really
don't
want
to
play
out
encrypted
media
as
save
g.711.
That
make
you
very
unhappy.
So
so
we
want
to
make
sure
that
we
have
some
notion
of
that.
Obviously,
if
it's
DTLS,
you
can
tell
if
you
get
a
DTL
SN
Jake,
but
yeah.
G
I
So
I
mean
my
first
instinct
for
venue
would
probably
be
a
music
but
I,
don't
know
if
you
get
enough
security
people
showing
up
so
oh
and
the
other
thing
I
didn't
want
to
comment.
Sorry
is
that
you
say
it
didn't.
Somebody
claimed
this
didn't
in.
You
know,
do
any
new
sdp
attributes
of
procedures
it
may
not
meet.
You
know,
attributes,
definitely
new
procedures,
so
at
least
in
terms
of
what
standardized,
if
not,
what's
what's
there
in
terms
of
what's,
you
know,
deployed.
K
Okay,
Paul
and
Jessica
Deutsche
Telekom
as
a
general
statement.
Of
course
we
support
this
work
fully
and
we
had
so
many
discussions
about
security
and
if
security
is
the
highest
grade,
but
nevertheless
we
have
some
use
cases,
also
where
it's
more
important
to
get
a
call
through,
instead
of
to
have
a
secured
call
with
regard
to
that,
so
we
need
some
additional.
K
B
D
E
Charles
a
call
just
in
terms
of
should
we
do
this
work.
Yeah
I
would
really
like
to
see
this
happen.
You
mentioned
the
IMTC
before
and
we
you
know,
came
up
with
a
proposal
for
how
to
do
this,
at
least
exactly
as
issued
said,
and
we've
been
doing
this
for
at
least
five
years.
It's
been
working
very
well
for
us
and
just
didn't,
have
the
stomach
to
bring
it
into
the
ITF
and
see
what
would
happen
so
very
happy
to
see
you
doing
it
and
I
hope
ya
like
to
see
this
go
forward.
H
F
H
A
It's
a
same
stuff
I,
said
before
I
think
that
I
I
worry
that
relying
too
much
on
this
for
deploying
security
encourages
barriers
to
security.
Continue
it
exists
because
they
can
force
things
down.
I!
Think
it's
important!
You
know
you
can
do
this.
Like
I
said
before
you
and
Alan
pointed
out.
You
can
do
this
and
say:
oh
I'm,
only
going
to
accept
a
certain
minimum
enforcement
level
and
okay
in
that
context,
maybe
it's
useful
to
negotiate
between
dtl
essence
at
RTP.
A
Maybe
there's
some
benefit
there,
but
I
think
it's
more
useful
to
in
the
communities
that
want
that
are
trying
to
move
to
a
secure
state
to
actually
establish
minimum
security
requirements
instead
of
leaving
this
negotiation
thing
that
can
encourage
the
barriers
to
security
to
stay
around,
and
we
see
this
in
the
web
in
terms
of
tolerating
breakage
so
and
part
of
the
reason
that
we
don't
allow.
We
don't
treat
HST
s
upgraded
links
as
big
as
not
mixed
as
secure
content.
A
Right
now
is
because
we
want
people
to
find
their
mixed
content
issues
and
fix
them,
and
there's
sort
of
an
analogy
here
like
if
we
enable
these
things
to
be
treated
as
secure.
If
we
need
an
able,
you
know,
the
calls
to
continue
to
complete,
even
in
the
presence
of
these
things
that
are
breaking
security
and
the
things
that
are
breaking
security
will
stay
in
the
network
longer,
because
the
calls
still
work.
I.
J
But
I'm
not
I'm,
sorry,
John,
Peterson,
I'm,
not
sure,
that's
entirely
a
paddle
with
with
doing
this
work
in
the
sense
of
I
I.
So
if
it
turns
out,
we
need
to
vote
some
options
off
the
island
because
we
don't
think
that
they
meet
that
minimum
security
bar
I
think
that's
a
subsequent
discussion
to
have
now.
If
you
do,
you
believe
there
is
only
one
that
is
satisfactory,
and
maybe
that
is
your
position
right
then
you
know-
and
I
think
it's
it's
I
understood
your
response.
J
Alan
two
brothers,
a
lot
of
s
des
out
there,
even
though
a
lot
of
people
think
s
des
socks
and
if
there's
my
key
problems
as
his
madness
is
pointing
out.
I
think
that
that
is
actually
the
tough
part
of
this
is
having
that
discussion
about
what
we
think
is
acceptable,
but
the
notion
that
there
could
be
this
mechanism
that
has
this
negotiation
capability
in
it
right
that
we're
just
defining
for
stp
and
doing
it
in
something
like
em
music,
as
kind
of
like
Crisco,
is
suggesting
just
a
generic
profile.
J
D
A
D
A
Letters
bcp
reminded
me
that
if
we
do
this,
I
would
prefer
that
this
not
be
anything
considered
like
a
bcp
and,
at
least
in
the
IETF
context
of
other
said
context
want
to
put
something
promotes,
are
on
it.
I
would
prefer
this,
be
you
know
heavily
caveated
and
for
use
in
specific
situations,
transitional
technology,
sure.
E
Charles,
a
call
I
guess
on
the
positive
side
where
I
see
here,
is
that
a
lot
of
waiting
lot
of
deployments
like
securing
the
media
was
not
being
turned
on
because
they
important
percentage
of
calls
would
fail
as
soon
as
you
turned
on
these
security
mechanisms.
So
a
lot
of
people
were
just
turning
it
off
now,
at
least
with
this,
it
does
allow
them
the
mechanism
to
turn
it
on.
Obviously,
there's
a
lot
of
reasons
why
it's
not
perfect,
but
this
way
you
can
turn
it
on
so
the
opportunistically.
E
It
works
some
percentage
of
the
time
and
as
more
and
more
people
start
to
turn
it
on
in
this
opportunistic
mode,
then,
hopefully,
at
some
time
in
the
not-too-distant
future,
you
can
go
to
the
point
where
it's
just
on
and
that's
the
only
way
and
you
you
can't
go
backward
and
even
even
in
the
IMTC
way
it's
what
we
said
is
if
both
sides
support
it
and
if
it's
mandatory,
you
obviously
just
turn
it
on
on
both
sides,
and
this
never
comes
into
play.
But
I
think
this
just
helps.
You
make
those
incremental
steps
forward.
G
K
I'll
I'm
told
I
just
want
to
echo
that
pretty
much
it
I'd
love
it.
If
people
went
and
resolved
all
these
encryption
problems
in
the
network,
they
ran
into
encryption
problems,
but
most
people
solve
that
problem
by
turning
off
encryption.
It's
sad
but
true,
I
support
this
work
because
it's
just
documenting
what
we're
doing
today.
I
Government's
the
only
thing
I
would
suggest
and
the
mechanism
is
that
you
know
we
all
you
know
I
mean
it
seems
like
it's
a
relatively
easy
extension
to
do
something
like
say
you
know,
use
sav
p,
as
the
proto
ins
basically
do
opportunistic
dtls.
So
you
know
I'd
rather
do
dtls
if
you
support
it,
but
I'll
fall
back
to
in
van
keys.
I
A
I
guess
sort
of
my
underlying
I
knees
here.
Maybe
this
is
because
I
spend
most
of
my
day
time
in
the
web.
Is
you
know,
we've
had
opportunistic
proposals
like
this
in
the
web,
and
people
be
get
really
confused
as
to
if
you
do
opportunistic
security,
do
you
get
the
lock
icon
right
right?
You
don't,
which
you
clearly
must
not
right,
know
that
and.
A
A
L
Top-Level
media
type
next
slide,
and
so
what
we're
talking
about
here
is
not
font
times
new
roman
door,
fonts
arial
or
font,
dingbats
or
god
help
us
all
thought
Comic
Sans.
It
is
things
like
this.
It
is
formats
for
fonts
just
as
an
image.
It
is
not
image
/
picture
of
my
mom.
It
is
image
/
jpg,
for
example,
image.
Oh
well,
that's
cat,
/,.
H
L
/
that
would
that
work.
So
the
process
is
how
many
weeks,
okay
next
slide,
and
so
the
draft
which
is
available
and
and
all
can
view,
makes
a
volume
it
for
not
making
an
application
based
on
a
number
of
things,
for
example,
that
application
/
star
is
often
treated
as
suspicious
by
things
like
virus
scanners
and
fonts
are
not
generally
considered
to
be
active
content
and
that
there
are
a
number
of
common
parameters
that
they'd
like
to
apply
to
all
font
formats
and
and
also
sometimes,
they
have
unique
licensing
and
usage
requirements
in
that
world.
L
B
Thompson
Thompson.
So
on
that
first
point
it
was
my
understanding
that
these
font
formats
were
preaching
approaching
turing-complete
I
in
the
number
of
features
that
they
have
I'm.
Not
an
expert
on
this,
but
I
spoke
I've
spoken
to
some
people
about
this,
and
then
the
number
of
things
you
can
do
with
a
font
is
approaching
the
point
where
suspicion
will
be
entirely.
L
L
Now
we
have
four
backs.
We
have
a
well-reasoned
system
of
backup
liaisons
in
place,
you'll
never
get
rid
of
a
song.
We
had
a
very
lovely
discussion
about
this
very
topic
independently
on
the
app's
discuss
list
around
2011.
If
I
remember
correctly,
it
went
on
for
some
time
and
I
reread
the
entire
thread.
About
a
month
ago
it
seemed
like
the
general
feeling
was
despite
a
few
people
who
didn't
agree,
there
was
an
overwhelming
support
for
yes,
let's
do
font
/.
Somebody
should
go
write
that
draft
and
nobody
went
and
wrote
that
draft.
L
So
now
the
w3c
has
become
interested
in
this
there's
a
relevant
community
there
and
in
the
web
font
work.
They
highly
desire
this
to
happen,
and
so
they
took
the
trouble
to
actually
write
the
draft
and
so
I
asked
Barry
what
the
right
thing
to
do
was
and
Barry
said,
take
yourself
to
dispatch
young
man,
which
is
very
kind,
and
so
here
we
are
I,
don't
know
much
about
dispatch,
but
here
I
am
and
that's
all
I
have
I
guess.
F
L
F
No,
no
III
did
not
mean
if
you're
a
credible
person.
If
you
know,
if
you
know
people
are
saying
yeah,
you
know
we're
ready
to
implement
this
and
I
think
we
should
do
it.
Otherwise,
it's
going
to
be
like
the
archive
thing
that
came
up
a
few
months
ago,
like
yeah,
that
was
that
was
a
great
idea.
Nobody,
nobody
any
implementation
plans
so
well,.
F
J
F
Saying
know
that
this
was
archived
yeah,
but
nobody.
Nobody
said
like,
like
here's,
my
concrete
example:
it's
like
application,
gzip
never
existed
mm-hmm.
You
know
until
a
few
months
ago
with
demark
came
along
and
I
needed
when
you
did
I
need
a
streamable
archive
format,
so
they
said.
Okay,
you
know
we'll
do
gzip,
but
now
you
know
so
so
we
did
it
so
I
mean
I.
I,
don't
have
around
this
too
much
I,
just
I
don't
want
to.
M
Sean
Leonard,
so,
as
somebody
who's
tried
to,
you,
know,
implement
a
top-level
media
type
and
had
some
experience
with
this.
I
have
a
few
remarks
right,
which
is
that
we've
tried
over
the
history
of
the
ITF
to
propose
you
know
top
level
many
times.
I
think
this
is
actually
the
third
attempt
at
defining
the
font
top-level
media
type,
because
there
was
one
attempt
in
2005
or
2006
that
failed
and
as
somebody
who,
regrettably,
you
know,
really
wanted.
The
archive
top-level
media
type
to
succeed.
M
Maybe
something
that
the
ITF-
and
we
should
think
about
is
that
the
barrier
to
registering
a
top-level
media
type
is
too
high
or
the
requirements
that
we
replace
on
ourselves
is
to
hide
to
define
all
of
the
different
permutations
and
parameters
that
can
that
we
need
to
think
about.
You
know
before
actually
issuing
the
registration,
so
what
I
mean,
for
example,
is
that
the
top-level
media
type
text
has
had
a
lot
of
additional
parameters
that
have
been
accreted
on
to
it
particularly
text
/
playing
right.
M
For
example,
there's
the
format
flowed
dell
space
fragment
stuff
like
that.
So
my
point
is:
why
don't
we
have
a
short
draft,
just
agree
that
yeah
it's
a
good
idea.
Let's
make
font
and
then
agree.
Maybe
we
can
have
subsequent
rfcs
or
publications
that
define
more
about
what's
in
common
for
this
media
type,
and
that
way
it
may
succeed.
A
It
prompted
me
to
start
thinking
about
the
mixed
content
specs
that
web
apps,
like
is
working
on
a
w3c
and
indeed
in
there
they're
part
of
the
distinction
that
spec
makes
between
active
and
passive
content
is
based
on
the
top
level
media
type,
so
things
that
are
marked
as
audio
/
or
image
/
are
treated
as
safe
content
to
load
because
they're
treated
in
safe
ways
by
the
browser.
Now,
as
Martin
pointed
out,
fonts,
are
getting
pretty
complicated
and
they
get
loaded
in
CSS
and
things
like
that.
So
it
might
not
be
this.
A
This
might
not
be
a
safe
thing
to
put
in
there.
You
could
you
could
see
it
getting
used
that
way
and
I
think
putting
browser
head
on
briefly.
We'd
probably
be
interested
in
implementing
that
if
it
would
help
address
people's
mix
content
issues
agree,
there's
there's
lots
of
analysis
that
needs
to
be
done.
I
know
jack
about
fonts,
so
this
is
very
provisional,
but
if
that
works
out
and
if
it
would
help
people's
issues
that
we
would
be
interested
in
implementing.
D
D
H
I
B
This
is
Mary
the
the
model
for
when
you
want
a
top-level
type,
is
when
there's
something
in
common
among
the
subtypes.
That
means
that
you
would
throw
all
of
these
at
one
particular
processing
engine
to
deal
with
an
application
is
a
catch-all,
but
if
you
look
at
image,
you
often
just
say:
okay,
I
have
a
special
thing
for
image
banana,
but
anything
else
that
comes
with
image,
/
anything
I'll,
throw
over
at
this
image
processing
program.
That
probably
knows
how
to
deal
with
it
and
fonts
to
me-
definitely
fit
in
that
model.
L
So
if
I
put
my
liaison
hat
on,
I
will
make
sure
that
I
take
back
to
that
community
that
they
do
need
to
participate
in
the
work
here.
I
I
don't
know
that
they'll
do
so
physically
at
the
ITF
meetings,
but
that's
fine.
We
never
that
we
all
know
but
I
think
you
know,
but
because
they
wrote
a
draft
I
think
they
know
that
to
some
degree.
M
B
E
H
So
one
of
the
things
that
we'd
like
to
say
about
that
too,
that
I
think
we
did
more
in
Rye
and
we
hope
to
be
doing
more
of
an
art
on
this
is
forming
a
working
group
shouldn't
be
hard
or
complicated,
particularly
on
something
like
this.
Let's
make
it
quick
and
simple
write
something
up.
We
can
get
something
on
the
mailing
lists.
People
like
the
Charter.
We
should
be
able
to
have
one
quickly.
This
does
not
mean
50
hoops
and
three
baths
and
two
years.
H
Know
what
look
we
need
somebody
to
to
just
drive
through
source
and
charter
texts
that
would
have
a
bit
of
experience
on
we'll
get
the
people
involved.
We
need
the
people
who
are
interested
in
doing
the
work
to
be
expressing
that
interest
and
saying
what
they
need
the
charter
to
say,
so
they
can
keep
the
world
scoped
and
narrow
and
not
oil.
The
ocean,
and
somebody
needs
to
write
that
up.
H
We
can
help
that
and
then
our
a
DS
need
to
look
at
it
and
think
that
it's
you
know
it
seems
like
between,
but
two
of
the
380s
at
the
frontier
can't
spell
their
own
name.
So
you
know
that's
a
sort
of
these
arts
were
charger
yeah,
so
we
get
that
a
t-shirt.
Ya
know
another
child,
so
we
get
that
done
really
quickly
and
then
put
the
draft
forward
start
moving
forward
and
I
assume.
This
will
be
a
working
group
that
does
most
of
its
work.
Virtually.
L
Sure
it's
gotta
drive
so
I
I
apologize
for
the
late
notice.
I
got
confused
about
the
states
in
my
defense,
I'm
new
to
this
at
least
a
dispatch.
There
is
another
draft.
That's
been
recently
submitted
by
my
quest
from
the
web,
apps
tech
working
group
in
the
w3c.
They
are
requesting
a
registry
for
CSP
directives,
content
security
policy
and
it
is
literally
just
a
draft
to
establish
a
registry
very,
very
simple
and
straightforward
I-
think
because
they
just
need
a
registry
and
w3c
doesn't
have
the
capability
to
mint
iono
registries
on
its
own
personally.
L
I
would
love
to
see
that
just
because
it
would
be
great
to
see
some
of
the
web
folks
buying
into
the
whole
registry
thing
yay
registries,
so
we
need
a
place
for
that
to
go
as
well
and
and
I
kind
of
in
the
back
of
my
head.
Wonder
if
it
because
it
is
such
a
mechanical
process
thing
rather
than
anything
that
could
possibly
ever
be
contentious,
whether
that
could
be
ad
sponsor,
yeah
I
know
well,.
E
B
This
is
barry.
I
can't
speak
for
my
co,
a
DS,
but
I
would
leave
it
up
to
the
chairs
discretion
whether
they
think
this
fits
in.
That
and
I'd
be
happy
to
ad
sponsored.
If
they
don't
it's
the
sort
of
thing
that
I
would
normally
say
you
ought
to
be
done
in
the
independent
stream,
but
we
don't
want
to
be
creating
you
registries
in
the
independent
stream,
so
informational
document
in
the
ietf
stream
sounds
like
the
right
thing
is.
D
H
A
D
D
H
N
N
So
today
we
have
fast
devices
with
interactive
applications.
We
have
superfast
fibre,
fast
low
latency
networks
and
we
have
nearby
data
centers
with
huge
processing
power.
So
we
I
guess
we
all
have
real
low
latency
experience
on
all
devices.
Well,
sometimes,
but
not
always,
and
the
reason
is
that
we
still
have
kind
of
old
timer
in
the
middle
between
the
super,
fast
networks
and
our
applications
and
that's
the
classic
TCP
congestion
control.
N
There
exists
better
solutions,
but
they
can't
be
deployed.
So
there
is
what
we
call
l4s:
a
new
family
of
low
latency,
TCP
congestion
controls
and
that
are
scalable,
low-loss,
low,
latency
and
scalable,
but
we
can't
use
them,
but
if
we
could
use
them,
I'm
can
show
you
how
the
experience
what
the
difference
it
makes
to
an
experience
when
they
are
used.
So
I'm
going
to
start
the
video.
N
N
So
what
you'll
see
is
to
touch
screens
where
an
interactive
application
which
sends
the
finger
movements
to
the
clouds
and
in
the
clouds,
the
the
correct
viewpoint,
is
selected
and
on
the
fly
and
code
it
and
sent
to
the
to
these
laptops
here,
and
you
see
one.
The
right
one
is
using
a
classic
TCP
and
the
left
one
data
center
TSP.
They
are
identical
so
going
from
an
identical
laptop
to
an
identical
server
over
it's
over
the
same
bottle
neck
with
backgrounds,
a
few
file
downloads
three
on
each
pair
and
I
hope
you
can
see.
N
N
N
So
what
did
you
saw?
Actually
it
was
a
demo
on
a
real
broadband
network
with
a
base
round-trip
time
of
only
seven
milliseconds.
So
it's
close
by
we
had
heavy
background
loads.
Six
parallel
flows
actually
three
prepare
and
we
use
the
data
center
TCP.
Maybe
you
saw
it
as
an
example:
it's
it's
just
available
there
and
actually
behaves
as
a
scalable
TCP.
It
wasn't
necessarily
designed
for
it,
but
it's
available
and
we
could
use
it
so
when
it's
available,
as
is
under
linux,
the
latest
release
and
also
on
windows
server.
N
So
it's
available
for
every
packet
of
every
application,
even
file
downloads.
You
will
see
you
later
and
all
have
hardly
any
queuing
in
the
network.
We
in
the
network.
We
have
to
adapt
the
network
for
this,
but
to
do
that,
we
only
look
at
IP
headers,
so
we
don't
need
flow
identification.
We
don't
have
to
inspect
transport
headers
and
you
also
don't
use
dpi
or
whatever.
In
this
solution.
We
use
to
pues,
there
are
other
solutions
like
fq,
which
uses
a
cupid
flow
and
that
needs
to
identify
all
those
flows.
N
So
if
you
have
a
tunnel
it's
hard
to
see
what
other
there
are
really
so
close
in
there.
So
with
this
solution
is
also
not
needed
and
by
the
way,
if
all
the
TCP
traffic
is
moving
to
this,
it
will
also
still
work
so
to
demonstrate
well
on
the
next
slide.
You
see
the
set
up
a
little
bit,
so
it
is
a
real.
We
took
this
video
when
it
was
on
a
real
equipment.
Let's
say
it's:
it's
a
real
residential
gateway
with
a
real
copper
line.
N
N
N
We
just
want
to
show
and
explain
the
venn
the
benefits
to
applications,
but
maybe,
as
you
know,
it's
not
so
simple,
because
we
have
now
a
solution
to
make
this
better
tcp
compatible
with
the
current
internet,
but
it
needs
of
course,
report
in
a
network.
So
to
have
this
work
done.
We
need
to
working
groups,
three
working
groups
in
the
transport
area
involved
and
it's
both
changes
in
the
host
and
the
network.
N
Our
question
to
dispatch
line
as
the
customers
of
the
transport
areas
are
these
benefits.
You
will
see
later
useful
and
especially
the
other
question.
Is
it
useful
enough
to
overcome
the
chicken-and-egg
deployment
problem,
because,
as
long
as
there
are
no
network
support
for
it,
there
is
no
benefits
of
applications
or
your
operating
system
is
supporting
it
and
then
the
other
way.
There
is
not
really
again
if
we
support
it
in
a
network
if
there
are
no
applications
or
operating
system.
Supporting
this
okay.
N
N
Tcp
actually
works
better
if
you
have
a
basic
you
or
a
rather
big
killer,
and
that
one
is
used
to
measure
the
level
of
congestion
and
with
that
level
we
mark-
and
we
also
do
a
compatibility
swap
to
have
a
correct
drop
which
is
appropriate,
because
this
new
DCP
needs
a
lot
of
marking
to
be
controlled.
So
it's
actually
very
aggressive
if
you
use
it
normally,
so
we
need
more
marking
than
dropping
and
it's
a
very
simple
thing.
We
only
use
two
random
variables.
N
N
N
N
N
Okay,
so
here
you
say
the
the
table,
which
is
moving
the
queuing
delay.
So,
let's,
let
me
just
start
a
few
flows
here
so
now
a
few
file
downloads
will
be
started
on
the
scalable
on
the
pc,
which
is
using
the
skeletal
tcp,
and
here
there
are
a
few
flow
started
on
the
pc,
which
is
using
the
classic
tcp,
and
you
see
the
the
true
put.
So
what
you
see
is
I
get
the
same
window,
the
same
fair
share.
N
Let's
say
this
be
fair:
they
are
running
tcp,
fair
and
what
you
see
here
is
the
cdf,
an
inverse
cdf
of
the
cube
size,
so
this
queue
size
is
hardly
having
any
thing
in
it.
So
it's
a
99
percentile
is
blood
two
milliseconds
on
average,
it
0.1
milliseconds
the
queue
size
while
the
classic.
You
is
here
pretty
good.
It's
a
configured
according
to
a
modern
aqm.
Let's
say
it's
around:
20
milliseconds
and
a
99
percentile
of
50
below
50
packets,
milliseconds.
N
What
you
will
see
is
that
the
data
center
TCP
flows
once
they're
up
and
running
they're,
all
pretty
much
having
a
stable,
fair
share.
Well,
if
you
look
at
the
classic
TCP
flows,
they
go
up
and
down,
and
sometimes
they
get
for
one
second,
because
these
are
throughputs
per
second,
so
per
second,
they
vary
quite
a
bit.
They
go
very
low,
sometimes
and
also
can
overshoot
very
big
in
here.
What
you
also
see
is
there
is
a
drop
probability,
because
there
is
a
lot
of
latency
and
our
queue
is
only
30
milliseconds.
N
We
need
a
drop
probability
of
around
seven
percent,
which
is
pretty
high,
but
actually
here
we
use
ecn
in
the
marking
probability
sixty
percent,
which
is
even
higher,
but
it
doesn't
harm
the
flow
because
it's
marking
the
packets
and
not
dropping
buckets
and
because
of
this
high
marking
probability.
It's
also
the
reason
why
they
are
so
stable
because
they
get
a
lot
of
information
and
they
can
smoothly
adapt
to
the
rates
and
what
is
available.
N
Another
thing
I
can
show
here
is
a
web
page
downloads,
so
there
is
a
load
generator
which
is
generating
file
downloads,
a
hundreds
downloads
per
second
and
actually
for
each
connection.
It's
for
each
object,
it's
using
a
new
connection,
and
what
you
see
here
is
the
object
size
from
1
K,
2,
1
megabyte
on
a
log
scale,
and
the
y-axis
is
the
completion
time
from
10
milliseconds
up
to
10
seconds.
What
you
see
is
that
our
blue
one,
all
the
small
up
to
10k
all
the
downloads
or
below
40
milliseconds.
N
What
you
see
here
is
that
in
there,
with
a
classic
TCP,
all
the
downloads
or
above
40
milliseconds
and,
what's
worse
because
of
the
pretty
hydro
probability
here
around
ten
percent.
There
is
a
lot
of
loss
of
the
final
packet
and
that
are
only
written
and
submitted,
offer
200,
milliseconds
and
also
a
lot
of
initial
sync
packets,
which
are
lost,
and
they
are
only
retransmitted
after
one
second
and
even
multiple
times,
maybe
I.
If
I
reduce
load
a
little
bit,
we
get
to
because
a
bit
less
loads.
But
even
then
I
can.
N
So
you
see
the
new
situation
even
then
there
are
a
lot
of
timeouts.
So
this
is
what
you
experience
if
you're
downloading
a
webpage,
sometimes
it
works
very
fast
and
then
your
smartphone
or
your
laptop
is
downloading
in
the
background
something
and
then
suddenly
you
have
to
wait.
One
second
up
to
10
seconds
before
a
page
is
fully
loaded,
so
it's
really
unreliable
while
in
the
other
case,
imagine
if
you
would
have
your
web
browser
here
and
press
to
another
page
and
they
smoothly
and
reliably
or
download.
Okay.
N
Maybe
another
thing
I
have
to
show
is
what,
if
there
is
no
normal
traffic
I'll
just
stop
the
classic
TCP
it's
not
because
there
is
classic
disappeared.
It
works
well,
because,
if
I
stop
it
here
now
reset
everything
to
make
sure
that
it's
nothing
running
here
you
see
the
queue
is
still
very
small.
Only
one
and
a
half
milliseconds
on
average
and
the
99
percentile
is
about
six
milliseconds,
you
see.
So
if
everybody
is
now
using,
the
new
TCP
still
works.
N
We
do
kind
of
priority
scheduling,
but
that's
just
because
the
new
TCPS
works
having
priority
because
its
supports
low
latency
and
doesn't
harm
the
other
traffic
by
getting
the
low
latency.
It's
the
opposite
way
that
the
classic
traffic
usually
harms
real-time
applications.
Okay,
any
questions
up
to
this
level
or
everything
is
clear
up
to
this
level.
N
N
We
included
windows,
client
and
server
just
running
the
OS
media
services
for
smooth
streaming,
and
so
we
could
configure
the
windows,
client
and
server
in
either
compound
TCP,
which
is
a
renal
like
an
improvement
on
Reno
or
in
data
center
TCP,
which
is
normally
by
default
automatically.
If
you
deploy
windows
server
in
a
data
center,
but
you
can
also
configure
it
to
run
over
these
links.
N
So
we
did
a
smooth
streaming
download
in
parallel,
so
in
data
center
piece
be
in
parallel
with
10
flows
in
of
Linux
data
center
TCP
flows
and
bit
a
capture
of
what
is
the
quality
levels
that
were
selected
for
the
video
and
I'm
the
same.
We
did
with
renal
traffic
on
the
linux,
pcs
and
the
data
center.
The
the
windows
pc
was
also
in
the
reno,
like
congestion
control,
classic
congestion
control.
The
compound
and.
N
Here
you
see
the
results.
The
first
row
is
the
quality.
What
was
selected
by
the
player,
so
the
player
sends
the
download
speed
and
based
on
that
it
decides
which
quality
is
appropriate
without
freezing
the
video
you
see
it
goes
to
1500,
and
sometimes
it
tries
to
get
to
the
two
megabit,
which
is
more
or
less
the
fair
share.
It
should
get
in
a
second.
N
So
the
reason
why
it
doesn't
go
up
to
the
two
megabit
is
because
normal
tcp-
and
you
see
that
in
the
second
row
you
see
there,
the
ten
file
downloads
and
in
the
last
row
you
see
the
true
put
of
the
dash
order
has
flows,
you
see
they
vary
a
lot.
The
file
downloads
and
also
the
video
segment
downloads
will
have
this
variation
and
because
it
doesn't
get
a
reliable
throughput,
it
doesn't
dare
to
take
the
highest
level
because
it's
not
sustainable
and
it
might
freeze
in
the
future.
N
So
this
other
solution
with
fq
is
a
flow
queuing
which
makes
a
cube
but
flow,
and
you
just
do
round-robin
scheduling
in
the
network.
You
see
at
the
second
row
that
it
has
for
the
file
downloads.
A
perfect,
fair
share:
it's
a
smooth
line.
There
is
no
variation,
because
every
queue
has
a
big
enough
buffer,
so
there
are
always
packets
available.
But
the
result
on
the
dash
flows
is
what
you
see
in
this
in
the
second
row
at
the
bottom.
Is
that
all
the
tops
are
gone?
N
So
it's
not
a
lot
to
burst
anymore,
because
then
it
gets
in
a
queue
in
there
and
it's
only
when
it
doesn't
get
scheduled
when
it
doesn't
send
anything
that
its
losses
throughput.
So
you
see
the
troop
it
goes
even
below
that
Molly
with
the
data
center
tcp,
the
variations
are
very
stable
and
also
one.
It
is
downloading
the
video,
because
it's
also
every
two
seconds
that
it
tries
to
fetch
a
new
segment.
N
Then
it
gets
immediately
the
fair
share
and
the
client
detects
this
and
will
rely,
finds
the
reliable
throughput
and
we'll
select
always
the
highest
quality.
There
is
actually
one
higher
you
see.
It
even
doesn't
try
to
get
that
high,
because
that
was
around
three
megabit
and
we
had
40
mega
20
megabits
line
with
10
to
11
flow.
So
that
should
be
the
right
quality
that
should
select.
N
N
N
D
N
A
I'm
just
curious
what
this
looks
like
from
the
application
richard
barnes
curious.
What
this
looks
like
from
an
application
in
front
of
you
is
the
sort
of
thing
where
you
would
want.
The
application
is
explicitly
signal
that
hey
you
should
use
this
high
intensity
algorithm,
or
is
this
something
that
transports
that
might
just
do
for
me?
So.
N
Normally,
it's
perfectly
possible
that
all
tcp
stacks
are
upgraded
to
use
by
default
this
way,
and
if
it's
the
network
is
not
supporting
it,
it
detects
drop
and
it
will
respond
as
normal
tcp.
So
the
the
windows,
the
data
center
tcp,
does
this
automatically.
If
it
finds
drop,
it
behaves
like
Reno.
If
it's
finds
marking
it
will
behave
like
data
center
TCP,
so
there
is
normally
only
a
changing
the
operating
system.
Applications
don't
have
to
bother
anything.
They
don't
have
to
set.
What
is
my
priority?
They
don't
have
to
set
I
want
to
use
it.
F
This
is
Ben,
Campbell
I
mean
what
you've
shown
as
interesting
I.
Don't
think
this
room
is
the
room
that
can
tell
you
if
it's
a
good
thing
to
do
or
not.
If
we
can't,
we
can't
judge
the
cost
or
the
implications.
Really.
This
is
the
tier
3
thing
so
yeah.
If
tfv
worked
on
this
and
it
did
all
the
stuff
you
showed
and
it
was
for
free-
oh,
it
looks
beautiful,
but
I
don't
know
what
else
we
can
say
about
it
here.
N
C
N
N
C
And
then
the
other
point
you
mentioned
the
beginning,
you
said
there
were
other
improvements
out
there,
but
we
can't
use
them.
But
that's
all
you
said.
So
what
are
the
other
improvements
and
why
can't
they
be
used?
Because
I
guess
maybe
some
of
the
pushback
may
be
that
you
you're
getting
is
because
there
are
other
solutions
in
ITF,
they've
already
been
developed,
and
so
people
are
saying
we'll
use
those,
but
maybe
you
can
explain
what
they
are
suitable
or
why
they
can't
be
used.
I.
C
D
N
D
Crisco,
perhaps
there's
one
bit
of
information
you
mess,
which
might
be
why
people
are
confused
yeah.
The
the
existing
solutions
like
they've
sent
TCP
exist,
but
they
can
only
be
used
in
data
centers
because
they're
too
aggressive,
if
you
put
them
on
the
public
internet,
that
push
all
the
other
traffic
out
of
the
way,
and
so
what
that
the
dual
queue
system
solves.
D
Is
it
marks
the
more
aggressively
so
that
they
they're
more
aggressive
behavior
gets
pushed
back
more
aggressively,
so
it
balances
back
so
there
they
they
work
the
same
as
DCP
as
far
as
sharing
out
the
capacity
goes.
So
so
at
the
moment
you
can't
use
them,
but
with
that
queuing
system,
that
means
you
would
be
able
to
use
them.
I.
H
Think
we
wrap
up
here
what
I
think
we
have
what
happened?
We
really
want
to
have
happened.
Was
you
get
you
guys
to
show
people
this
people
who
are
interested
in
find
out
more
and
do
you
know,
send
the
pointers
and
the
stuff
to
the
the
list
for
people
can
find
out
more
of
this
and
I
hope
you
guys
recognize
both
of
these
guys,
I'm
sure
they're
willing
to
talk
to
you
more
about
it.
D
E
As
a
demonstration
of
the
newly
constituted
dispatched
chairs
team
and
how
efficient
we
are,
we
took
marks
idea
of
a
CSP
registry
and
we
put
it
retro
actively
in
a
draft
called
draft
west
web
app
sex,
CSP,
reg
03.
We
arranged
for
Barry
to
sponsor
it
and
it's
less.
It's
in
last
call
closing
monday.
So,
oh.