►
From YouTube: IETF97-TRANS-20161115-0930
Description
TRANS meeting session at IETF97
2016/11/15 0930
A
C
Can
you
hear
me
we
do
know
so
I
think
it.
You
know,
there's
the:
how
do
we
technically
do
this
and
I
think
the
other
half
is
understand
you
know,
should
we
do
this?
I
mean
I,
know,
there's
been
a
lot
of
question
about
what
part
should
be
redacted,
and
you
know
because
this
is
also
the
previous
slide
suggests.
This
is
just
looking
at
subject
alternative
names
and
be
NSA's,
but
it's
also
been
brought
up.
You
know
that
subject
names
frequently
end
up
with
your
personal
information
in
them
and
I.
C
Well,
I'm
saying
it:
it
half
addresses
it
because
it
allows
the
blog
to
reject
the
request
to
log
a
personal
cert,
but
it
doesn't
I
mean
if
the.
If
the
objective
is
to
log
all
search
that
are
reasonably
usable
on
websites,
I
mean
what
do
we
do
when
when
there
is
a
website
that
has
say
a
first
name
and
last
name
in
a
certificate.
A
E
C
I
think
the
other
one
that
has
there's
been
suggestions
are
changing.
The
best
documents
to
a
movie,
techno
constrained,
option
arm
or
my
beloved
section
or
I
think
the
concern
there
is
there
is
also
even
at
the
base
domain.
Their
third
question
is:
do
we
handle
you
know
the
buying
the
binding
of
just
knowing
that
Ed
short
of
a
cert
is
to
a
different
domain
can
be
automatic,
especially
in
the
kind
of
enterprise
CA
scenario
or,
however,
you
want
to
put
it
because
simply
knowing
that
you
know,
example,
corpse
CA
is
issued
for
new
thing.
B
D
A
I've,
it
looks
like
Rob
straddling
isn't
in
the
media
meeting
here,
but
I've
spoken
with
him
and
I
know
that
he
forcier
TSH.
It
would
like
to
see
a
REST
API
that
would
be
standardized
for
services
like
that,
and
my
personal
opinion
again.
This
is
Ryan.
Hurst
is
that
that
is
the
this
particular
API
is
an
example
of
something
that
belongs
inside
of
a
broader
query:
API.
Instead
of
just
a
bolt
on
to
the
log
infrastructure.
B
B
B
So
then
we
get
to
do
the
two
new
items,
new
work
that
were
on
the
agenda.
One
is
the
log
monitoring,
API
I'm,
not
sure,
if
just
anyone
here
that
wants
to
talk
about
that,
but
otherwise
we
can
just
keep
that
discussion
on
them
on
the
list
for
now,
because
there
definitely
seems
to
be
an
interest,
and
the
other
item
is
the
expect
CT
TLS
header,
which
will
be
discussed
later
in
the
HTTP
piece
working
group
on
thursday.
B
Okay,
so
so,
jumping
back
to
to
the
other
documentary
self
open,
just
a
threat
analysis
document,
which
we
have
two
people
that
are
sort
of
conflicting
their
opinions
and
the
document
has
been
stuck
for.
You
know
half
a
year
now.
So
what
we're
really
looking
at
this?
Maybe
someone
who's
willing
to
become
an
editor
on
the
document
so
that
we
can
just
fix
the
last
issues
about
the
duel
CA
attack.
I
move
this
document
into
working
group
last
call.
So
is
there
anyone
who
would
like
to
volunteer
to
do
that
task?
F
D
F
I
mean
one
of
the
problems
we've
been.
Having
is
that
we've
been
getting
absolutely
no
feedback
from
the
mailing
list
when
we
raise
this
question
and
it's
made
it
impossible
to
to
move
on.
So
if
anybody
does
have
any
opinions
idea
that
you
know
time
to
raise
them
here,
if
you
like,
and
if
not
we'll
just
you
know,
appreciate
Aaron
having
volunteered
to
to
Daniel's
out
and
and
then
I'm
really
shopping
for
that
one.
So
as
soon
as
it's
done,
I'll
get
it
a
write-up
Dunham
through
the
process.
G
F
G
There's
walls
of
text
in
multiple
different
directions
and
there's
complaints
in
different
directions
and
I
found
myself
stymied
by
you
know
it
wasn't
even
like
everyone
was
agreeing
on
what
they
were
trying
to
do
in
the
discussion,
so
I
kind
of
threw
out
my
hands
and
I
was
like
I
like.
I
can't
I
don't
know
how
to
unpick
all
of
that
in
terms
of
specifically
describing
the
duel
CA
attack
I
felt
like
the
text
that
was
there
that
was
describing
the
attack
was
correct.
G
Believe
that
the
Texas
in
the
latest
version
of
the
document
it
that,
but
this
is
what
I
mean
the
discussion
around-
that
text
was
like
well
there's
this
other
text,
thats
related
to
the
duel,
CA
attack
that
isn't
the
fault
of
CT.
That
shouldn't
be
present
there
and
I
write
is
this.
Is
this?
Is
my
memory
of
it?
G
I
haven't
looked
at
it
recently
because
I
don't
want
to
reach
Rama
ties
myself,
but
but
when
I,
when
I
believe
it's
the
most
recent
version,
I
believe
that
the
Texas
in
there
does
actually
describe
the
duel,
CA
attack,
that
least
stuff.
That
is
talking
about
the
duel
CA
attack.
Now,
whether
that's
the
fault
of
CT
or
not,
or
whether
that's
an
acct
can
fix
or
not.
I
don't
know,
I
don't
believe
that
CT
actually
resolves
that
issue.
G
It's
arguably
it's
an
issue
with
the
with
the
our
inability
to
effectively
revoke
but
there's
just
like
so
many
different
moving
parts
that
it
makes
it
very
difficult
to
come
in
and
say
yes,
this
is
good
because
the
arguments
are
like
well.
This
there's
other
pieces
that
are
associated
with
it.
That
aren't
actually,
maybe
necessarily
appropriate
and
I.
Don't
know.
I
didn't
know
how
to
resolve
any
of
yeah.
F
G
B
G
H
B
H
It's
all
talk,
my
as
those.
If
you
look
at
recent
chromium
and
mozilla
mailing
security
mailing
lists,
you
know
what
is
two
different
cas
is
pretty
much
like.
What's
an
np-hard
kind
of
problem
to
solve
these
days,
so
I
think
describing
the
attack,
we
can't
do
it
if
only
because
we
can't
determine
if
this
CA
is
actually
different
under
different
administrative
control
than
the
other
CA
and
the
MOOC
last
call.
G
This
is
dkg
I'm,
not
actually
sure
that
administered
control
is
relevant
to
the
doula
CA
attack
right
I
mean
I.
The
dual
see
attack
is
that
there's
two
different
particular
public
keys
that
are
associated
with
two
different
cas,
whether
they're,
administratively
different
or
not,
is
irrelevant
to
the
particular
attack.