►
From YouTube: IETF97-LAMPS-20161116-1110
Description
LAMPS meeting session at IETF97
2016/11/16 1110
A
B
C
C
C
C
C
D
D
Told
my
last
meeting
I
was
presenting
first
I
guess
was
right:
okay,
next
sector,
so
I
think
we've
managed
to
get
through
almost
everything
that
needs
to
be
done
for
these
documents.
There's
just
a
couple
of
things
that
I
wanted
to
double-check
consensus
on,
as
it
were.
The
first
is,
there
was
a
couple:
people
who
wanted
to
list
AES
192
in
the
mandatory
well
in
in
the
in
explicit,
must
should
may
list.
D
I
think
that
I
saw
enough
people
who
were
against
that
position
to
say
that
the
consensus
of
the
mailing
list
was
not
to
do
so.
If
anyone
believes
that
is
wrong,
they
need
to.
Let
me
know,
I.
D
Inserted
text
on
deterministic
ecdsa,
which
I
think
said,
use
it
if
you
have
it
because
it's
much
much
better.
If
anyone
objects
to
that
text,
please
do
so
otherwise
it.
C
D
I'm,
not
too
sure
it
says
the
second
okay.
That
is
a
true
statement,
because.
D
Somebody
asked
for
inclusion
of
p38,
for
as
they
should
in
the
document
on
the
basis
that
there's
a
large
amount
of
government
and
commercial
people
who
end
up
needing
this,
because
this
is
a
sweet,
be
protocol.
I
have
pushed
back
on
this
using
much
the
same
logic
that
I
put.
It
was
used
to
push
back
on
aes
192,
which
is
yes,
it's
there,
but
it's
not
really
something
that
we're
saying
is
if
it's
as
you
notice.
Let
me
rephrase
this
doing
so.
D
C
E
Doesn't
move
it's
okay,
so
we're
not
calling
it
CN
SI
by
the
way,
not
sweeping.
F
G
E
F
I
guess
Shawn
Turner
I
guess
it
just
seems
odd
that
we
do
have
this
group
of
people
who
might
be
the
largest
users
of
this
and
you're
saying
male
like
don't
put
it
in
there.
It
just
seems
weird
I
mean
they've
got
a
profile.
So
technically
you
could
leave
it
out
and
say:
yeah
I
know
we
don't
it's
not
part
of
the
base
standard,
and
then
you
know
that
the
people
that
need
to
go
by
can
go
whack
them,
but
it
seems
really
weird
that,
like
I
mean
really,
it's
I
mean
it's
usg.
F
E
D
B
D
Ok,
I
will
confer
with
we.
D
Last
one
is
sha
3,
I'm
at
this
point
in
time,
I'm
seeing
zero
real
support
in
the
IETF
for
doing
sha-3
on
anything
and
I'm
perfectly
willing
to
stay
with
that
position
on
for
this
document.
Is
there
anyone
who
thinks
that's
a
bad
position.
C
D
D
Ok,
so
we're
cleft
I
need
to
add
a
really
short
paragraph
on
padding,
which
says
you
know
you
may
want
to
think
about
it,
but
it's
not
probably
a
huge
issue
for
us
mime
it
per
se
and
I
need
to
regenerate
examples
and
try
to
get
some
verra
verification
of
them.
I'm
debating
just
stealing
some
Paul
Hoffman
examples
for
everything's
that
the
authenticated
date
is
so
that's
the
only
1i
have
to
generate
from
scratch.
D
If
anyone
thinks
that's
a
bad
idea,
let
me
know
if
anyone
is
willing
to
do
validation
of
these
things.
Let
me
know
awfulest,
so
I
can
send
them
to
you
and
say
they're
right.
I
think
I
can
probably
get
Peter
gottman
to
do
validations,
but
not
positive.
Yet
so.
F
D
A
A
Basically,
clarification
on
where
the
new
other
name
form
is
allowed
in
issuer
out
name,
so
it
is
allowed
without.
There
was
no
reason
to
disallow
it
disallow
wildcard
characters,
some
clarification
on
encoding,
byte
order,
mark
character,
unicode
characters,
disallowed
a
send
one
module,
some
oils
for
temporarily
allocated
and
then
deallocate
it
and
that
TBD.
So
this
will
be
resolved
by
anna.
C
So
since
I
happen
to
be
the
iono
expert
on
that
registry,
I
actually
made
that
allocation
so
that
if
anyone
implements
from
the
internet
draft
or
the
RFC
they'll
be
implementing
the
same
point,
I
thought
it'd
be
really
bad.
If
that
changed
yeah
like
that,
it
should
have
been
a
DVD,
but
he
didn't
do
that
and
so
I
right
I
saved
us
from
from
potential
early
implementers
doing
the
wrong
thing.
Yeah.
A
I
think
thank
you
for
that
I.
Did
it
explain
offline
to
a
way
that
I
n
allocations
typically
happens
later,
but
you
know
yeah
I
think
you
can
show
the
next
slide,
which
basically
says
I
think
we're
done.
I,
don't
know
of
any
open
issues.
There
is
no
TBD
in
the
document.
As
far
as
I
remember.
Does
anyone
want.
F
C
A
C
F
All
right
hi,
my
name-
is
Shawn
Turner
and
I'm
in
the
pink
box.
So
why
am
I
here?
I
asked
even
Farrell
280
sponsor
this
draft
and
he
said
that's
awesome.
Please
go
get
some
comments
go
to
lamps,
so
here
I
am
next.
All
the
links
actually
go
to
things.
So
what's
est
right,
so
he
is
T
is
an
enrollment
over
secure
transport.
It's
the
last
RFC
that
came
out
of
pickax
leave
the
joke
up.
H
F
Ca
certs
there's
one
for
doing
simple
enrollment,
which
is
tens
and
sevens
simple
rien
rolls
the
same
thing.
Server
key
gen
allows
you
to
generate:
ask
the
server
to
generate
you,
the
public/private
key
pair
full
CMC,
which
is
another
interface
to
do.
You
know
the
full
CMC
dance
that
you
could
do
and
then
their
csr
attributes,
which
was
added
to
allow
the
DST
server
to
provide
something
to
the
client
they
can
then
use
to
include
in
one
of
the
enrollment
requests.
So
an
example
of
essentially
is
https.
F
You
know
example.com
well
known,
/,
EST
and
then
like
this,
the
service
name.
So
what
do
I
want
to
do
stand
all
the
protocols
you
give
me
a
framework
and
I
do
some
stuff,
so
I
want
to
extend
it.
The
key
point
here
is
this
an
extension?
It's
not.
It
updates
I,
don't
think
that
every
EST
server
that's
out
on
the
planet.
There
are
a
few
need
to
do
all
of
these
things.
It's
just
some
additional
services
and
some
people
could
adopt
them.
So
I
have
actually
talked
with
some
people.
Dan
Harkins
is
not
here.
F
He
he
thought.
Some
of
it
was
a
little
interesting,
some
of
it
actually
implemented
in
Yokohama
like
on
the
fly
fairly
quickly,
so
that
was
nice
and
panels
at
Cisco,
I
guess
I
also
talks
to,
unfortunately
butcher
his
last
name,
so
I
won't
try
it.
He
said
some
of
it
was
good,
as
some
of
that
he
meant
me
so
I'm
completely
understand
that
not
all
the
services
are
universally
loved
by
everybody,
but
I
think
that
if
you
put
them
enough
of
them
together,
I
got
enough
use
cases
that
they
could
be
used.
F
So
next,
so
first
thing
I
want
to
do
is
extend
the
existing
server
key
gen
in
three
ways.
The
first
thing
I
want
to
do
is
that
there
are
some
additional
CMS
content
types
that
allow
you
to
return
to.
Allow
you
rap
rap
key
packages
in
additional
thing,
so
one
of
them
essentially
is
right.
Now
you
could
do
naked,
which
is
essentially
just
returned
in
a
Kiki
over
TLS,
which
is
good
for
most
scenarios,
but
not
for
those
that
are
slightly
more
paranoid.
The
next
thing
is,
you
can
use
cryptid
dated
or
envelope
data.
F
Well,
there's
this
RC
760
32,
which
is
encrypted
key
package.
So
that's
useful
if
you
want
to
do
this
thing,
called
CMS
content
constraints
which
you
can
put
in
a
certificate
to
limit
the
person,
that's
allowed
to
authorize
or
originate
these
packages
what
they
can
do.
So
the
idea
is
that
you
would
like
essentially
link
the
two.
The
next
thing
is
that
actually,
because
we
also
have
a
way
to
return
receipts
and
errors
we'd
like
to
have
the
ability
to
return
these
back
to
the
server.
F
So
the
idea
is
that
when
you
give
them
a
package
you
can
say
you
know,
please
return
this
receipt
with
an
attribute.
If
there's
an
error,
hey
guess
what
you
post
back
the
receipt
or
air,
and
you
do
that
with
a
post
and
well
I
had
to
figure
out
a
way
to
someplace.
To
put
this
so
essentially,
what
I
did
was
I
extended
the
syntax
from
server
key
gen
to
someplace
called
return.
So
it's
generic,
because
it's
post
receipts
and
errors.
F
I
could
have
had
one
for
each,
but
I
figured
since
it's
one
thing:
it's
a
post.
You
would
just
go
there
and
the
one
thing
that
both
I
think
dan
and
panels
like
was
actually
returning
it
to
kcs
12.
We
love
that
everyone
would
use
the
standard
formats
that
we
came
up
with,
but
keep
pkc
s12
is
still
used
and
so
we're
just
going
with
the
flow.
It's
just
add
another
one
that
actually
be
used.
F
So
you
know
we
tried
our
best
and
everybody
was
like
hey,
that's
really
great,
but
p12
is
kind
of
what
gets
used
so
I'm
given
up
so
next
and
then
all
of
the
new
services.
So
the
idea,
essentially,
is
this
pal
thing,
and
this
is
where
I'm
going
to
duck
it's
an
XML
formatted
file
that
essentially
is
a
flat
file
with
a
bunch
of
entries
that
are
included.
There's
a
iono
registered
type,
there's
a
name
for
the
thing,
there's
a
pointer
in
it
and
a
date
and
a
size.
F
And
so
basically
you
have
this
file,
and
you
can
just
you
would
you
get
pointed
at
it
through
some
a
priori
syntax
and
you
would
essentially
just
walk
through
this
file
to
know
all
the
things
to
get
so.
The
first
thing
you
would
get
is
like
your
ca
certs.
Then
you
can
maybe
get
firmware
tam
stuff.
If
that
wasn't
interested,
then
you
could
get
some
CR
l's
and
then
he
get
some
skip.
F
Do
your
enrollment
and
you
can
do
all
these
things
in
at
the
end
of
the
day
after
you've
walked
through
this
whole
file,
you're
ready
to
go
you're
pretty
much
ginned
up
and
you
can
start
communicating
you
off
like
guess
what
the
next
step
is.
So
there
might
be
some
other
way
to
do
this,
but
this
is
the
part.
The
dan
implemented
kind
of
on
the
flop
fairly
quickly
so
distribute
I
have
some
slides
later.
F
If
we
have
time
which
we
might
or
if
you're
bored,
we
can
just
get
them
and
you
can
read
them
later-
distribute
EE
certs.
So
this
this
service
would
allow
you
to
essentially
say:
hey
I
know
that
these
devices
are
really
along
going
to
talk
to
a
couple
of
people,
so
just
distribute
certs
that
you
know
that
the
device
is
actually
going
to
talk.
F
It's
just
already
got
them
so
when
it
goes
to
communicate,
it
can
use
that
it
can
use
them
to
just
verify
or
decrypt
stuff
crl
zan
day
or
else
I
know,
there's
a
way
that
you
can
do
that
that
you
can
just
straight
up
pull
the
cl's
and
ariel's
from
cas,
but
you
could
also
just
use
this
mechanist
ribbit
symmetric
keys.
Again,
it's
another
key
format
that
we
defined
in
the
IHF
and
the
idea
is
that
hey,
it
might
be
good
to
actually
you'd
be
able
to
use
this
est
thing
to
distribute
them.
F
So
the
idea
is
that
essentially,
the
the
client
would
connect
to
the
server
and
the
server
would
say:
hey
look
here,
all
these
symmetric
keys
that
you
could
use
in
battle
with
download
them
and
again
it's
CMS
wrapped
and
you
can
encrypt
sign.
There's
a
whole
bunch
of
you
know
various
ways
that
you
can
wrap
these
things
to
provide
various
levels
of
security.
None
if
you
want
or
a
whole
bunch
and
then
we
get
a
more
fun
ones
like
firm
or
it
is
an
RFC
standard,
actually
people
that
use
it.
F
So
the
idea
is
that
we'd
like
to
be
able
to
support
those
people
that
could
use
it
damps
another
one
and
then,
of
course,
all
of
these
things
that
we,
you
know
require
that
my
TF
protocols
do
like
return,
receipts
and
errors.
We
included
those
and
for
completeness,
were
like
all
right.
So
we
need
to
be
able
to
support
returning
those.
So
that's
where
this
you
know:
service,
name,
/
return
with
posts,
so
the
difference
is
all
the
ones
on
the
left
or
gets
the
ones
on
the
writer
posts.
Sean.
C
F
Could
be
used
so
the
idea
is
if
they
were
to
set
up
their
servers
to
be
able
to
go
pull
this
thing
you
could
you
could
see
that
that
could
be
a
solution,
interesting
and
back
up,
and
this
is
just
kind
of
more
if
you
want
to
go
to
the
next
slide.
It
just
shows
you
the
format
of
the
pal
and
again
I
duck
because
it's
XML,
but
it's
basically
you
know
it's
a
pal
with
a
bunch
of
messages.
F
It's
got
a
type
and
it's
from
an
eye
on
a
registered
thing,
which
is
we
have
on
the
right
and
there's
a
whole
bunch
of
them.
So
we
kind
of
broke
it
down
the
ones
that
I've
been
using.
You
know
because
the
PAL
could
be
like
a
million
long.
Maybe
you
don't
want
it
a
million
long.
You
can
clip
it
and
make
it
short.
F
A
F
It's
a
manifest.
Basically,
it's
not
there's
not
a
standardized
manifest
format,
but
it
is
a
what
you
don't
want
to
use
Jason
yeah,
so
I
need
you
guys
say
so.
I
need
somebody
who's.
Gonna.
Ask
me
that
yeah,
that's
where
all
the
cool
kids
are
doing
now:
yeah
I'm,
not
apparently
I'm,
not
she
bore
I'm,
not
cool
and
I'm.
Getting
older
did
it
in
XML.
This
is
obviously
not
the
newest
hang
on
the
planet.
F
My
kind
of
theory
is
that
I
need
to
do
XML,
and
so,
if
other
people
want
to
do
JSON,
that's
great.
If
somebody
can
tell
me
how
to
allow
both
but
not
require
one
and
allow
the
client
to
request
what
they
get
returned
would
be
great.
But
if
we
get
into
this
MTI
thing,
I'm
gonna
lose
my
mind
because
I
just
need
to
return
this
format
and
if
it's
JSON
or
XML
I,
really
just
don't
care
or
the
next
thing.
I
just
need
I
need
XML
there.
Other
people
might
like
JSON.
Is
there
safe?
F
A
F
You
have
to
support
all
of
them,
or
so
the
way
I
wrote
it
in
sense.
There's
none
of
them
are
required,
so
they're
all
optional.
So
the
idea
is
that
if
you,
if
you
didn't
want
to
do
the
pal,
you
could
just
skip
the
path
you
just
want
to
do
the
e
search.
You
just
add
it.
So
you
as
a
client
which
is
no,
if
you
were
to
go,
go
to
connect
to
it.
If
you
didn't,
if
you
didn't
get
to
that
thing,
you
get
an
error.
Basically,
so.
F
Get
an
area-
it's
not
awesome,
I
mean
so
there.
There
is
some
grander
schemes
where
we
could
do
some
like
service
discovery,
kind
of
thing
and
a
lot
stuff.
That's
just
a
bridge
too
far.
I
think
for
basically
what
I
need
to
do,
which
is
like
here's,
some
more
stuff.
You
could
get
here's
a
list
of
things
point
to
it,
go
get
it!
You
go
back.
Two
sides:
Sean
gets
skewered
by
the
CMC
author,
two
slides.
F
Get
whatever
is
just
hot
air
to
know
what
everything,
so
it's
not
any
root
is
not
a
new
directory
query
mechanism,
it's
a
mechanism
which
the
ca
who
knows
a
priori
you're
going
to
talk
to
these
people
here
are
some
certs
that
you
might
like
there
they
go.
So
it's
not
a
query.
Mech
to
be
like
hey,
I
need
search
for
so-and-so,
it's
the
it's!
The
EST
server,
giving.
F
D
After
this
meeting,
I'm
going
to
go
to
a
core
meeting
core
me
and
EST
is
showing
up
in
core.
Really,
though
yeah
it's.
F
F
F
G
Shot
Sean
Leonard,
so
yeah
just
too,
although
it
sounds
like
some
of
this
XML
versus
JSON,
vs
zebra
or
whatever
was
a
little
facetious.
This
exact
same
issue
of
a
type
negotiation
has
come
up
in
net
comp
and
yang
and
they
have
an
approach
of
negotiating
internet
media
type.
So
I
would
say
that
so,
but
you
know.
A
F
A
F
C
F
The
next
slide
is
kind
of
more
of
a.
This
is
all
in
the
draft
right.
So
it's
an
eye
chart.
So
basically
this
is
you
know
what
you
could
do
if
you
have
the
pile.
So
essentially
you
do
a
get
to
get
the
PAL,
and
then
you
were
just
like
I
said:
walk
through
the
whole
thing,
so
I
just
provides
you
more
information
about.
You
know.
What's
in
the
get
and
all
the
fields
and
it's
it's
basically
like
an
eye
chart
and
it's
in
the
draft.
F
F
Wasn't
clear
to
me
whether
I
had
to
do
that
via
Standish
track
or
informational,
so
I
just
kind
of
did
it
and
put
it
in
a
standard
track
and
said
man
cuz
I'm,
not
updating
the
draft
me
obviously
I
would
prefer
to
go
standards
track.
Everyone
loves
it
to
go
standards
track.
If
you
tell
me,
I
don't
actually
have
to
and
I
can
go
informational
and
that's
prob.
Okay,
I.
F
F
F
C
F
One
of
the
points
I
guess
is
that
like,
if
you
think
that
I'm
with
the
biggest
idiot
on
the
planet
like
now,
would
be
a
good
time
to
hear
that,
because
I
think
the
problem
with
a
lot
of
times
with
a
be
sponsored
drafts
is
right,
is
that
Steven
goes
great.
I'm
going
to
sponsor
this.
Is
there
any
discussion
right
and-
and
like
do
you
want
to
know
like?
Is
it
like
the
stupidest
thing
on
the
planet?
C
F
C
Okay,
we
went
through
that
very
quickly
again.
Working
group
last
call
on
the
eai
document
will
start
this
week.
I
was
planning
to
do
a
two
week
working
group
last
call
anyone
have
objections
to
a
two
week.
Working
group
last
call:
okay,
Jim.
When
you
said
you
have
one
thing
to
discuss
on
the
list
and
then
update
your
doc.