►
From YouTube: IETF95-STIR-20160407-1620
Description
STIR meeting session at IETF95
2016/04/07 1620
B
B
C
C
A
E
We
can
tell
here
first
or
service
today,
yep,
so
the
new
version
there
was
the
last
time
we
thought
we
would
go
to
the
trouble
of
putting
out
something
new.
The
main
thing
we
really
did
in
this,
though,
is
that
we
divided
the
description
of
certificates
in
into
in
the
draft.
In
to
be
sick
approaches-
and
neither
these
approaches
are
presented
as
being
necessarily
better
than
the
other
I
think
they
both
have
hard
edges
on
them,
their
advantages
and
his
badges,
as
both
in
fact
they're
presented
in
a
way.
E
I'd
say
that
is
not
entirely
incompatible
and
we
can
imagine
a
migration
path
that
actually
would
allow
these
two
approaches
to
ultimately
merge
going
forward
and
I'll
talk
a
bit
about
that,
but
otherwise
I
mean
there's
very
little
different,
like
a
lot
of
the
same
four
mechanisms
that
we
had
and
that
the
prior
version
of
the
draft
are
still
there
and
I
think,
hopefully
we're
getting
pretty
close
to
done.
There
are
a
couple
of
outstanding
issues
we
are
going
to
need
to
talk
about
towards
the
end
of
this
I
think
we're
pretty
close
excellent.
E
So
these
are
the
two
approaches
writ
large
I
mean.
We
know
that
we
have
this
whole
RFC,
4474
business.
We
have
the
signing
mechanism
in
the
identity,
header
that
it
defines.
We
know
we
have
the
passport
object,
which
gives
you
what
all
the
critical
headers
and
claims
are
that
we're
going
to
use
to
prevent
impersonation
in
these
calls
really
now
we're
just
looking
at
what
the
credentials
are
going
to
do
that
are
going
to
sign
those
things,
and
that
could
be
clear.
E
E
Those
could
in
turn
be
encoded
as
domain
names
and,
in
fact,
appear
in
the
subject:
alt
name
field
of
desert,
or
they
could
be
in
some
new
certificate
extension
we
defined
I,
think
that's
just
syntax,
I
mean
the
real
semantic
distinction
of
this
approach.
Is
we're
not
going
to
talk
about
the
numbers
themselves
in
the
cert
at
all,
held
numbers
are
not
a
component
of
this.
E
In
the
first
approach,
it
really
just
identifies
the
subject,
which
is
either
the
network
that
it
has,
or
some
surrogate
identifier
for
the
network
like
a
spit
and
to
be
clear
network,
might
have
many
spits
right,
and
so
we
would
then
have
some
sorts
of
and
have
many
skids
in
them,
or
perhaps
we
would
have
speed
specific
service
or
all
kinds
of
like
ways
to
tune
that
to
what
operators
might
want
to
do
with
that.
But
the
high
level
that's
the
first
approach.
E
Let
us
down
this
path
because
there's
a
lot
of
concern
about
potentially
leaking
I,
wouldn't
say
private
information,
but
proprietary
information,
perhaps
about
companies
by
revealing
that
inserts
themselves
do
people
here
get
the
distinction
that
we're
drawing
anybody.
Seeing
this
doesn't
understand
what
the
two
approaches
are.
They
were
documenting
in
the
snow.
I
see
people
nodding
their
heads
people.
If
you
cared
you
get
this,
you
don't
care
you're,
not
to
nod
your
head.
I
promise
I
mean
it'll,
have
a
subject
right.
E
I
mean
a
sense
of
their
there
or
XY
by
knowing
fields
and
so
on,
but
that
subject
is
not
actually
there
to
identify
the
carrier
ostensibly
and
I'll
talk
to
actually
about
ways.
Of
course,
you
could
migrate
from
the
first
to
the
second,
you
could
take
a
cert
that
has
a
clear
subject
like
that
and
then
add
to
it.
Whatever
these
extensions
are
that
help
you
to
identify
the
health
numbers?
Yes,
parts
yeah.
F
I
went
crazy.
These
two
approaches,
as
you
know,
specifying
number
ownership
directly
versus
indirectly.
The
second
option
speaks
directly
to
authority
to
speak
for
a
number
in
the
first
case,
there's
some
implicit
claim
of
the
number
of
IM
signing
in
a
passport
object
or
something
like
that.
The
binding
is
right.
E
G
E
G
E
G
Guess
that
was
sort
of
my
point
was,
it
seems
like
it
seems
like
seems
like
all
the
all
the
referenced
one.
It
seems
like
anything
that
exists
for
reference.
A
list
should
be
a
listen,
listen,
listen,
numbers
you
in
one
place
and
things
that
are
just
pointers
to
identity
to
another
place,
but
I
wouldn't
try
to
merge
them.
Yeah,
I
think,
is
I.
Think
the
exceptional
out
of
it
for.
E
So
I
think
I
think
people
get
let's
go
to
the
next
slide.
We'll
talk
a
bit
about
what
some
of
the
advantages
and
disadvantages
that
a
few
roaches
are.
This,
of
course,
just
exists
to
remind
everyone
here
who
might
not
be
following
stir
super
closely.
What
the
basic
architecture
is,
some
kind
of
logical
authorities
can
be
provisioning
these
credentials
down
probably
into
things
like
intermediaries.
Intermediaries
are
going
to
be
doing
assigning
her
quest.
E
This
is
unchanged,
I
think
between
the
two
approaches,
there's
going
to
be
some
kind
of
authority,
that's
doling
out
search
for
this,
and
it
may
be
that
it
looks
a
lot
like
a
traditional
web
Authority
if
we're
just
operating
on
traditional
DNS
names
right,
but
nothing
about
the
way
that
we
do
the
actual
signatures
and
identity
headers,
and
things
like
that
is
going
to
be
substantially
altered
by
this.
Yes,.
G
Sorry
more
question:
gee,
as
you
suggest,
there's
a
billy
d
rekt
to
have
a
reference
rather
than
a
you
know,
rather
than
entity
itself
is
your
notion
is
that
is
that
particularly
for
impression,
or
so
also
for
for
flexibility,
I
think.
E
It
so
there
are
a
couple
of
strategies
and
I
think
we
have
thought
about
this-
that
we
use
for
by
reference.
One
of
them
is
much
more
like
an
interrogation
system
where
you
to
say
for
this
particular
certificate.
Is
this
number
within
its
scope
right
and
obviously
that
has
different.
You
know
semantics
for
preserving
proprietary
information
than
saying.
Could
you
please
tell
me
all
of
the
telephone
numbers
that
are,
but
you
know
within
the
scope
of
authority
of
the
certificate
right
and
it's
a
trade-off
and
I
think
there
are
actually
implementation
environments.
G
So
the
concern
you
get
at
is
the
referential
integrity
of
the
information,
namely
that
that
it
won't
impact
upon
the
data
directly
in
client's,
difficult,
a
signature
not
covered
by
some
HTTPS
dereference,
and
so,
if
the
property
your
company
obtained,
is
that
merely
that
you
only
want
to
see
some
of
the
records
as
opposed
to
that
you
want
to
have
flexibility
to
change
it
later,
then
it's
probably
worth
considering.
E
G
E
G
H
E
Right
so
the
first
approach
goes
through
how
verifiers
felidae
calls
when
the
cert
only
identifies
the
carrier
or
has
a
surrogate
ID
like
anos
en
hora
spit
now
the
very
simple
and
extremely
deployable
way
to
do.
This
is
if
we
have
major
networks
that
have
bilateral
trust
relationships
that
are
doing
these
signings
I.
E
Comcast
net
is
the
subject
with
this,
and,
if
you
trust
comcast
does
not,
then
you
trust
resigning
it
on
the
other
side
of
it.
The
advantage
is
very
deployable.
The
disadvantages,
it's
not
very
inclusive,
and
the
inclusivity
of
this
is
I.
Think
the
part
of
it
that
we
try
to
address
when
we
talk
about
the
possibility
of
having
some
kind
of
an
external
service
but
Richard
you
seem
to
speak.
Those.
E
Is
also
a
scalability
issue.
Ultimately,
given
it,
there
are
of
stay
in
the
United
States
around
3,000
local
exchange
carriers.
There
are
I
think
it's
ninety-five
percent
of
all
numbers
are
done
by
the
top
12
or
something
I,
don't
know
the
north.
On
my
habits,
it's
like
it's
quite
a
bit,
there's
very
long
tail.
Okay,
so
Martin
dolly
I.
H
I
think
you
could
start
out
with
with
something
like
this.
If
you
look
at
the
long
pole
in
the
tent
on
this,
it's
and
something
that
hasn't
been
addressed
yet
is
what's
going
to
be
displayed
to
the
end
user,
and
so,
if
we
look
at
this
from
a
deployment
perspective,
you
know
stage
deployments
you
know
getting.
You
know
the
big
78
to
deploy
the
signing
first
and
exchanging
it
this
way,
while
working
on
you
know
with
respect
to
the
you
know,
exchanging
of
the
serfs
and
whatnot,
you
know
to
detect
that
I
mean.
H
E
E
E
D
Chris,
when
I
was
just
gonna
point
out,
I'm
hoping
this
is
more
simplistic
than
what
the
first
approach
is
purely
based
on
trust,
I'm,
hoping
that
there's
certificate
infrastructure
there
that
we
can
rely
on
cryptographic
dress.
Not
just
are
you
implying
here,
like
we
just
self-signed
certificates
and
ATT
trust
Comcast's
there
that's.
G
E
Again,
if
the
first
approach
is
based
on
this
whole
notion
that
what
you're
a
testing
and
the
certificate,
the
reason
why
you
trust
the
certificate
is
because
of
who
who
that
entity
is
right
and
the
way
that
you
expressly
that
in
India
is
we
have
a
couple
options,
but
the
simplest
of
those
is
just
to
take
whatever
credential
is
used
today
to
us.
You
know
to
a
test
that
you
are
comcast.net
and
to
use
those
okay.
D
D
E
D
Yeah
I'm
just
pointing
out
what
the
goal
is:
I
mean.
There's
the
practical
thing
of
you
know
when
is
that
available
and
what
what
you
know:
chick
chick
sorry,
chicken
or
egg
scenarios
a
where
one
is
available
than
the
other,
but
I
mean
the
big
thing
to
work
on
is
getting
the
protocol
in
place
and
end
end
calls
happening
and
we
do
but.
E
It's
important
that
we
document,
though,
what
we
think
the
range
of
possible
certificate
usages
are
what
we
think
is
a
transitional
strategy,
that's
getting
us
towards
where
you
want
to
go
and
we're
one
end
as
we
do
that
and
yes,
what
the
start
looks
like
I
think
it
look.
Very
much
look
like
what
you
just
described.
C
E
But
yes,
one
thing
when
I
stressed
about
this
approach
is
that
any
time
you
have
a
carrier
who
perhaps
is
not
part
of
those
bilateral
trust
relationships,
one
alternative
that
I
would
put
on
the
table
immediately.
Is
that
that
some
kind
of
Oracle
could
probably
help
you
with
this?
If
they
have
an
identifier
like
an
OC
n
or
a
spin,
something
that
can
just
be
thrown
out
to
an
external
data
service
and
inquire,
it
ok,
I,
don't
know
much
about
this
person.
E
Is
it
likely
that
this
number
that
has
follows
from
you
know
is
actually
under
their
authority,
and
there
are
a
bunch
of
different
ways
that
you
could
do
that
this
doesn't
have
to
be
a
golden
root.
This
casino,
this
couldn't
be
done.
I,
think
a
variety
of
competing
services
could
provide
this
as
a
function
or
the
certificate
itself.
If
the
ca
was
structured,
that
way
could
bless
particular
one
that
was
trusted
for
your
network
and
I.
Don't
think
we're
gonna
make
decisions
about
which
of
those
is
right.
E
Next,
please!
So
right.
The
second
approach-
and
this
is
the
approach
that
originally
the
stuarts
draft,
was
most
Gaston-
is
this
notion
that
a
verifier
validates
a
call
when
the
authority
over
numbers
is
actually
built
into
the
cert
itself?
The
purpose
of
having
a
sir
is
for
the
cert
to
tell
ya
what
numbers
are
in
its
scope.
There
are
a
bunch
of
different
ways
to
do
this.
You
know
the
most
obvious
them
would
be
like
there
is
this
TN
off
list
certificate
extension,
which
is
specified
now
and
the
stirrups
document.
E
E
I
Work
channeling
eric
berger
that
work
all
right.
I
don't
need
to
be
that
loud,
so
eric
berger
with
more
hair
and
says,
please
second
approach
simply
will
not
work
in
the
u.s.
numbers
are
regularly
and
for
good
reasons
listed
as
the
caller
ID
that
do
not
have
anything
to
do
with
the
carrier.
So
a
legitimate
call
under
the
second
approach
will
be
rejected.
Approach
to
is
DOA,
at
least
in
North,
America
and
probably
in
most
jurisdictions.
The
issue
also
kills
the
Oracle
function.
John
mentioned
related
to
the
first
approach.
I
E
I
water
too,
mr.
Berger,
that's
a
very,
very
strong
assertion,
and
I
think
I
would
need
too
much
better
understand
the
motivation
for
that
assertion,
because
it's
simply
not
my
understanding
that
that
that
is
the
situation.
There
is
no
regular.
That
is
true.
Mr.
Berger,
then,
like
I
message
is
illegal.
Obviously,
so
we
you
care
to
explain
why
why
why
we're
not
arresting
tim
cook
for
that
long,
upper
offenses?
At
this
point.
J
Is
audio
editor
there
we
are
hi
there.
So
the
reason
it's
like
that
is
you're
a
legitimate
call.
Center
you're
doing
outbound
calls
for
a
client.
The
number
you
have
in
there
is
there
CenturyLink
number.
Your
number
is
served
by
Verizon
wholesale
verizon
wholesale
does
not
own
the
CenturyLink
numbers
not
going
to
work.
I
you
put
in
your
800
number
coming
back
800.
Your
number
is
carried
by
AT&T,
but
your
CenturyLink
customer
CenturyLink
will
not
have
those
numbers,
so
they
can't
sign
for
it.
J
E
Mean
I
think
you're,
aware
Eric.
We
have
this
whole,
like
delegation
thing
that's
built
into
this
too
right
and
that
you
can
delegate
that
way,
and
it's
been
like
a
huge
part
of
this
from
the
start,
write
it
that
solves
everything
that
you
just
add
and,
as
we've
been
discussing
like
three
years
here
so
and
as
this
was
part
of.
G
C
E
Yeah
we
have
a
rat
model
document,
the
primal
I've
been
very
explicit,
I
mean
I,
don't
know,
I
have
the
slide
in
and
this
one
there's
a
specific
piece
of
text.
It
says
that
what
we
were
going
to
try
to
solve
in
this
group
is
a
way
to
ascertain
whether
or
not
the
signature
for
these
calls
has
the
authority
design
for
that
particular
number
or
not.
The
suggestion
that
this
is
like
illegal
or
something
and
every
use
of
hell
of
you
or
impossible
to
realize
is
absolutely
preposterous.
E
C
I
It's
Daniel,
Reyes
I,
mean
I,
mean
here
in
the
early
days,
and
it
was
in
that
same
situation
of
saying
this.
You
know
for
hosted
application,
servers,
etc.
That
are
working
on
behalf
of
somebody
like
the
doctor's
office,
I
mean
we
could
talk
about
that
from
the
beginning.
Does
that
work
under
the
second
approach
and
what
you
got
in
here?
Okay,
I,
think
I
think
that
that
was
what
I
took
from
Eric's
message.
She
was
looking
to
say
to
ensure
that
it
would
you.
E
E
I
have
this
working
group
called
stir
and
they're
like
from
you
know,
visiting
networks
and
home
networks
and
I
can
like
totally
imagine
ki
proxying
systems
that
would
be,
you
know,
I
mean
I
was
being
facetious
but
like
if
that's
the,
if
you
want
to
point
to
like
ims,
architectures
and
say
that
those
are
the
things
that
make
this
problematic
yeah.
There
are
ways
to
address
secure
delegations,
cure
redirection
and
even
work
like
approaches
to
that.
So
six
it
to
suggest
it's
like
technically
impossible
or
that
it's
like
you
know
against
regulation.
D
E
There
are
specific
use
cases
for
which
this
seems
like
having
that
specific
number
attestation
actually
kind
of
useful.
It's
not
ever
use
case,
and
it
may
be
not
be
the
main,
like
carrier,
signing
use
cases
that
are
motivating
the
considerations,
not
us
today,
but
precisely
things
here
that
you're
talking
about.
If,
if
so
much
of
impersonation
say
around
this
time
of
year,
comes
from
specific
spoofed
numbers
that
are
associated
with
the
IRS,
for
example
in
North
America.
This
is
like
a
seasonal
problem
that
comes
up
around
tax
season
and
is
responsible
for
a
lot
scams.
G
E
G
E
G
For
for
the
particular
design,
we're
looking
at
here
in
terms
of
their
silly,
our
designs,
which
would
allow
you
to
attest
to
on
which
are
allow
you
to
have
a
small
certificate
on,
only
reveal
one
of
the
entries
in
it
and
yet
not
require
database
dip
right.
So,
for
instance,
Adam
Berkel
hash
tree
with
bit
commitments
for
the
for
the
values
so
I'm,
not
since
I
Gilzean
understand
all.
Yes,
that's
what
were
the
constraints
that
were
trying
to
outdo
eyes
for
I
mean.
E
And
you're,
when
people
start
getting
terrified
about
the
direction
of
history
search
draft
was
when
Barnes
you
may
need
to
go
back
to
the
dunce
position
in
the
bathroom
again
when
we
were
talking
about
stapley
right
I
mean
if
you're
gonna
do
those
ESP
like
you
could
do
stapling,
which
obviously
does
invert
that
yes,
privacy,
consideration
and
I
can
imagine
doing
a
set
better.
That
is
a
staple.
That's
right,
sure
sure
it
did.
You
think
that
techniques
like
that
or.
G
Essence,
that
seems
viable
I
mean
I,
guess
I.
That
generally
is
not
occur.
To
me
how
OCSP
stapling
is
on
these
be
stapling,
looks
a
lot
like
short
shorts,
right
right
and
so
I
mean
on
I
mean
and
the
bottom
line.
Is
you
need
to
that?
In
fact,
in
this
particular
case,
if
I
have
it
OCSP
stapling
response,
I
might
as
well
have
the
cert,
and
so
the
point
so
and
so
the
the
typical
reason
to
have
I
mean
the
typical
reason
to
have
the
matter.
G
Honey
I
mean
I,
mean
so
I
think
I
mean
I.
Think
if
you're
a
given,
if
you're
given
assert
that
has,
is
a
testimonial
for
a
large
block
and
then
you
and
that
you
can't
read,
and
then
it
says
please
call
here
to
find
out
which
it
is
particularly.
Certificate
is
valid.
Like
then,
and
you
say,
invert
that,
and
you
say
well,
the
ocsp
response
would
have
gotten
is
the
one
that
it
basically
is
a
testimonial
for
a
single
entry
in
the
block
and
it's
attached
to
the
cert.
E
It
would
be,
the
turtle
asserts,
is
more
viable
option.
Scott's,
Franklin,
GSP,
I
I
think
we
can
get
away
with
saying
we're
punting
on
that
to
get
this
initial
thing
out
the
door
to
help
get
us
on
the
migration
path.
Like
another
thing,
I
saying,
if
you
see
something
you
think
we're
saying
here
that
is
going
to
prevent
us
from
going
down
shortly,
search,
for
example,
as
a
path.
We
should
find
that
and
no.
G
I
I
don't
I,
don't
I
guess
this.
This
is.
This
is
a
very
flexible
mechanism.
You
designed
with
a
lot
of
possible
options
and
I
guess
I'm.
Trying
to
figure
out
is:
are
all
those
options
useful
or
could
be
cover
the
use
cases,
a
small
set
options?
I,
don't
I,
don't
disagree
with
you
I
think
what
this
would
certainly
enable
us
to
do
is
definitely
voz
usual
asserts
on.
G
It
would
not
enable
us
I
believe
to
do
not
enable
us
to
do
something
like
hash
hash
trees,
where
you
are,
you
know
where
you
subsequently
revealed
pieces
of
it
unless
you
I
mean
misery.
Here's
like
actually
a
concrete
example
of
line.
You
can
imagine
with
a
hash
street
right.
You
say
like
basically
on
you
know:
I
give
you
a
I
of
it.
G
I,
the
big
I
I
have
a
sign,
I,
even
assigned
a
huge
block,
and
I
get
it
and
I
get
essentially
covers
that
entire
block
and
as
a
signature
on
the
root
of
the
hash
tree
and
then
I
know
all
my
all
my
entries
and
then
I
give
you
as
an
entity
because
you
got
one
you're
allowed.
G
One
phone
number
is
I,
give
you
a
copy
of
my
search
plus
the
chain
of
the
hash
tree
for
only
you
and
then
you
can
attach
to
this
one
entity,
but
but
I
don't
have
to
do
a
delegation
down
to
you
and
I.
Also
don't
have
to
do
on
on.
Second
you.
This
wouldn't
support
that,
because
you
need
a
new,
a
new
data
structure
on
I
guess,
so
I
think
if,
if
we
think
search
or
enough,
then
probably
it's
fine.
G
D
Chris,
when
I
think
this
is
less
about
arguing
about
whether
the
technology
is
appropriate.
It's
more
it's
more
about
sorry
and
get
right
in
there
it's
more
about
how
do
we
get
from
A
to
B,
and
a
lot
of
the
thought
has
been.
You
know
making
sure
that
the
verification
services
support
both
approaches
as
much
as
possible
from
the
beginning.
So
as
the
infrastructure
evolves,
you
know
we
can
move
from
A
to
B,
but
we
want
to
make
sure
we
don't
break
things
in
between
and.
G
F
I
just
wanted
to
correct
one
thing
on
this
slide
on
the
disadvantage
and
the
first
sub
bullet
says
knew
that
a
new
CA
is
needed,
and
if
these
are
done
with
a
meaningful
subject
and
some
extension
that
encodes
the
numbers,
your
allocated,
that's
perfectly
compatible
with
using
existing
web
bki
certs.
It's
just
a
different
extension
in
CA
puts
in
yeah.
E
F
F
I
In
York
eric
berger
first
just
note
that
he
was
not
talking
about
law
or
regulation.
Previously,
his
comment
is
that
it's
worth
noting
the
delegation
mechanism
in
the
draft,
which
is
in
Section
four
point,
oh,
is,
is
TBD
there's
one
section
saying
there
might
be
delegation
and
in
there
in
40,
and
then
there's
two
parts
to
it
that
our
TBD
saying
future
versions
of
spec
may
do
this.
His
suggestions
is
how
about
a
concrete
proposal
break
the
draft
and
the
two
or
more
certificate
approaches.
Why
bundle
them
together
approach?
I
E
Want
to
tell
the
SEC
that
we
are,
you
know,
delivering
something
that
doesn't
actually
solve
their
problem
and
something
that
doesn't
actually
solve.
What's
in
the
problem
statement
that
you
can
figure
out
how
to
get
weather
for
the
subject,
if
the
number
is
in
the
scope
of
it
or
not,
is
what
we
said
result
and
I
understand
that
you
know
I
again.
K
E
E
We've
discussed
have
surrogate
identifiers.
They
will
then
query
some.
You
know
public
Oracle's
that
could
again
I
may
not
even
be
connected
to
the
certificate
authority
in
any
way
to
answer
questions
like
is
this
number
under
this
fit
right,
it
could
be
that
there
are
independent.
Is
you
trust
your
own
reasons?
You
could
have
your
own
offline
database
right
sitting
right
there
and
next
to
your
verifier,
that
has
big
maps
of
that
for
you,
if
you're
one
of
the
larger
providers,
that's
not
at
all
an
implausible
scenario,
and
so
you
know
I.
E
E
That
only
works
for
the
first
step
in
this,
because
what
that
will
lead
to
is
a
not
very
inclusive
environment,
going
forward,
wear
something
completely
new
and
different
will
have
to
be
done
to
support
anybody
other
than
that
gang
of
eight
or
whatever
it
is
from
participating.
I
think
that
is
unacceptable.
As
a
as
a
migration
story,
and
that
is
why
they
start,
my
argument
has
been
that
we
need
these
to
be
in
the
same
draft.
So.
G
We
can
recap,
but
I
think
you
just
said
they
taught
me
in,
like
you
know,
training
so
you're,
saying
initially
we're
gonna
situation
where
basically
I
look
at
this
and
go.
This
is
e
TMT
I
don't
care.
The
number
is.
This
is
totally
carmela
right
and
then,
but
if
you
won't,
but
you
will
like
thee
but
you'd
like
that,
the
system
to
implement
arm
validation
mechanisms
which
could
support
a
more
rich
set
of
delegation
procedures
so
that
when
we
didn't,
we
have
some
others,
80
I
can
actually
oh.
G
E
H
So
I'm
martin
dolly
I
mean,
I
think
the
approach
you
know,
particularly
if
you
have
some
representation
like
an
OC
n
in
the
sir,
can
go
beyond
the
gang
of
seven
eight.
It
can
but
and
I,
also
and
I
agree
with
Chris
as
well
that
there
are
use
cases
where
the
second
approach
is
also
very
useful.
So
I
think
you
know,
supporting
both
you
know
and
recognizing
a
migratory
path
is,
is
a
good,
is
good,
pragmatically
and
I.
Think
King
we
can
get
consensus
around
that
which
is
probably
more
important.
Yeah.
I
E
An
argument
at
me
before
they'll,
make
again
now
is
that,
if
the
gang
of
eight
people
that
we
hope
to
seed
adoption
for
this,
where
the
source
of
the
calls
that
are
problematic,
that
we're
actually
being
asked
to
address,
then
you
know
it
would
be
a
great
solution
to
the
robo
calling
and
voicemail
hacking
in
every
everything
else,
problems
to
just
get
them
to
do
it.
However,
as
we
know,
it's
actually
primarily,
at
least
in
the
United
States,
a
number
of
much
smaller
entities
right
that
are
the
source
of
this.
E
The
problematic
calls
as
a
consequence
again,
I.
Look
at
it
much
more
like
it
is.
You
know,
seating
adoption
from
the
major
providers
gives
us
that
bootstrap
gives
us
that
implementation
base
and
we'll
handle
some
of
the
problematic
cases
right.
But
it's
it's
really
a
lot
of
these.
These,
unfortunately
I
think
these
smaller
providers
that,
if
you
don't
have
a
story
to
how
to
get
them
into
this
they're
actually
with
the
problem,
is
coming
from
right.
So.
I
I
E
I
If
I
could
the
summary
I
see,
then,
is
that
you
both
agree
that
the
first
approach
could
work.
The
difference
is
that
Eric
wants
to
stop
with
with
approach
one
or
just
get
that
out
there
and
ship
it
basically
get
that
started,
whereas
you
want
to
ship
something
that
includes
that
approach,
but
also
includes
another
approach
that
could
be
used
by
others.
Yet.
G
I
D
D
Chris,
when
I
I
don't
want
to
extend
things
too
much
further,
but
I
you
haven't
seen
anything
or
advocated
for
anything
that
doesn't
allow
the
smaller
carriers
or
the
pink
carriers
or
whoever
to
get
a
certificate.
I
mean
those
are
the
guys
that
will
probably
resist
this.
The
most
right.
It's
it's
in
our
paper
to
have
less.
You
know
spam
on
our
voice
networks,
so
I'm
not
sure
why
we
need
to
bring
up
gang
of
eight
or
anything
like
that
other
than
the
fact
that
maybe
we
can
push
this
forward.
That.
D
F
Yeah
so
so
I'm
looking
at
the
Charter
here,
it
says
we
will
develop
a
solution,
a
mechanism
for
verification
that
the
originator
of
a
sip
session
is
authorized
to
use
the
claim
source
telephone
number.
And,
as
that
reads
to
me,
you
know
a
mechanism.
One
here
just
doesn't
meet
the
mail
for
that.
If
you're
verifying
the
summit,
nan
telephone,
number,
identity
of
the
originator,
that's
great!
That
can
be
used
with
some
out
of
band
stuff
to
verify
the
telephone
number
authorization.
G
F
E
G
E
B
E
E
Well
soon
know
me
I
salamat.
Let
me
try
to
explain
why
I
think
what
he
means
by
that,
insofar
as
you
know,
pink
carriers
are
attempting
to
impersonate
numbers
that
are
used
by
gang
of
eight
people,
provided
there
is
an
expectation
among
the
members
of
that
trust
domain
that
they're
going
to
have
these
signatures
in
there.
Then,
yes,
that
impersonator
is
not
going
to
be
able
to
impersonate
one
of
those
gang
of
eight
numbers.
E
However,
as
we
all
know,
the
source
of
these
impersonation
things,
Henning
Henning,
actually
has
a
great
graph
of
this
I'm
sure
you've
seen
Eric
of
what
the
rural
Washington
telcos
are
that
are
being
used
as
the
primary.
You
know,
robo
calling
sources
right
and
like
I.
I
think
the
optics
of
this
are
entirely
different
than
you
think
so
for
like
voicemail,
hacking
I
agree
the
gang
of
eight
approach.
This
isn't
a
bad
one,
because
it
will
prevent
someone
from
be
able
impersonate
you
to
call
your
own
mailbox.
G
L
C
So
you
guys
are
just
in
back
and
forth
mode
between
the
two
of
you
now.
It
would
help
me
to
get
a
sense
of
the
room.
I
can
see
faces,
but
let's
go
ahead
and
get
a
home,
so
we
can
lay
down
what
the
the
current
thinking
in
the
room
is.
If
you
think
we
should
go
down
the
path
that
John
is
proposing,
what
the
current
document
does,
after
its
fleshed
out
of
specifying
both
of
these
approaches.
At
the
same
time,
in
our
initial
release,
I'll
ask
you
to
hum
in
a
second.
C
C
C
E
Please
do
I
recommend
again:
I
don't
want
to
trivialize
this
right.
I
mean
we're
trying
to
get
something.
It's
practically
going
to
work.
You
know
as
well
as
any
of
us
do
what
the
constraints
ours
were
operating
under
on
this
in
terms
of
the
timelines
and
in
terms
of
what
the
actual
problem
is
and
I
we've
stayed
this
for
a
long
time
and
I
mean
I.
Think.
B
E
Left
in
the
meeting,
yeah
and
I
just
want
to
say
this
again
this
this
is.
This
is
a
crucial
part
of
this
right.
We,
the
ITF,
is
not
going
to
dictate
verify
our
policy,
and
we
acknowledge
that
right
and
even
if
we
supply
additional
information
with
the
knee
certs
that
could
be
used
to
access
some
kind
of
off
board
external
service.
You
know
with
that
is
not
going
to
compel
your
verifier
that
you
are
operating
to
consult
those
services.
If
your
trust
relationships
tell
you
to
do
something
else,
because
of.
E
Hard
time
seeing
what
the
harm
is
and
specifying
this
protocol
machinery
and
making
this
available,
because
at
the
end
of
the
day,
if
what
really
people
is
one
of
you
is
just
gang
of
eight
and
they
can
they
don't
even
need
to
invoke
this
stuff.
Okay,
it's
like
a
couple
extra
bytes
in
your
cert
and
it's
it's
not
even
worth
having
this
kind
a
conflict
over
next.
E
E
We
gotta
fix
the
algorithm
stuff,
actually
that's
being
talked
about
in
the
list
today,
but
we
have
delegated
that
responsibility
to
certain
individuals
that
are
participating
in
this
process
and
I
expect
we'll
have
some
new
text
or
that
very
soon,
once
we
have
a
zero
for
which
I
promise
we'll
fill
in
those
dvds
on
delegation,
this
is
not
rocket
science
for
that
I
I
think
we
should
be
done
right.
If
the
one
thing
I'd
say
is,
we
do
have
a
non
ocsp
service
like
a
web
service.
E
That's
something
that
converts
OC
ends
to
telephone
number
lists
or
lets
you
query
Bruno.
She
had
to
say
with
a
health
number
as
their
Eric,
because
that
would
be
like
totally
new
work
totally.
Let's
do
that
in
another
deliverable
like
because
that
would
be
like
a
new
web
service
redefining
and
that
I
am
happy
to
put
somewhere
else
and
say:
let's
do
that
later,
I
think
we've
got
enough
to
do
the
basic
building
blocks
in
there
today
and
let's
do
that.
I
have
one
more
slide
that
actually
isn't
about
that.
E
So
before
we
go
to
that,
I
mean
people
roughly
cool
here.
People
feel
like
we
got
this
understand.
What's
going
on,
should
we
be
worrying
more
about
the
privacy
model
before
we
go
forward
and
not
excluding
some
of
the
options
like
a
cur
was
describing
I
mean
there.
Is
there
any
real
discomfiture
that
that
people
have
its
approach?
If
so,
this
would
be
a
great
time
to
talk
about
it.
E
So
I
got
one
more
slide:
it's
a
plug.
There
is
this
other
working
groups
called
modern
and
like
we're
trying
to
provide
kind
of
the
overall
ecosystem
for
how
numbering
might
function
on
the
internet,
we
could
really
use
some
other
people
to
come
and
talk
to
us
about
it.
We
want
to
get
like
a
bit
more,
a
place
where
you
get
a
good
consensus.
Calls
for
this.
It's
after
this.
E
E
G
E
C
E
C
H
G
Mean
honestly
I
mean
I
think
about
it.
Necole
Bitchie
came
in
from
these
dudes
proper
sound,
like
creepy
old,
but
yeah.
You
know
if
it
wins
it
because
I'm
relevant
okay.