►
From YouTube: IETF98-OPSEC-20170328-1640
Description
OPSEC meeting session at IETF98
2017/03/28 1640
A
A
A
So
we've
got
the
Java
scrub.
We
have
the
minutes,
take
care
the
note
whalum
by
now.
You
should
know
by
the
way
I'm
never
reading
them.
Personally
big
mistake
so
from
time
two
times,
please
be
sure
to
read
it
and
you
never
know.
But
basically
it
says
whatever
you
say
here
is
they
can
whatever
blue
sheets
you
in
turn
is
ticketing
them.
Don't
forget,
that's
pretty
important.
So
next
time
we
will
get
a
large,
bigger
room
right
because
we
need
it.
A
You
know
to
exact
in
the
planner:
I
could
be
sleeping
on.
Multiple
shares.
Anybody's
agenda
must
say,
usually
so
the
Animus
trivia
that
what
we
are
doing
and
you
will
notice
that
we
have
invited
speakers
to
talk
here,
even
if
their
draft
is
not
in
the
OPSEC.
The
reason
is
that,
quite
often
we
have
a
draft
that
are
doing
some
operational
and
security
issue,
even
if
they
are
not
in
the
OPSEC
working
group.
A
So
that's
important
that
operational
security
people
like
us
and
cpt
people
lack
as
provide
feedback
to
them
and
all
those
authors,
I
quite
agree
and
looking
forward
for
it.
So
we
do
it
with
Suzanne
Aires.
We
talk
about
no
basic
draft
with
mary
kay.
You
can
run
security
consideration
for
a
36
network.
We
continue
with
Bernie
about
oh,
we
can
secure
the
exchange
between
a
DHCP
relay
and
a
DHCP
server,
of
course,
Jehan
Francois.
A
We
took
all
we
can
signal
and
dos
attack
over
these
things
by
using
hop
by
hop
which
is
looking
at
the
fitted.
Some
people
in
the
room
is
interesting
proposal
and
then
we've
finished
with
which
advanced
explaining
quickly
this
automatic
certificate
management
environment,
also
known
as
Ahmed,
which
is
basically
used
by
a
let's
encrypt,
which
is
fundamental
change,
or
we
operate
securely
network.
In
my
opinion,
there
I'm
mr.
alia,
as
you
notice
by
the
email
volume,
the
the
meaning
list.
It's
a
quite
quite
working
group.
We
currently
have
only
two
active
working
group
document.
A
They
want
about
a
PD
six
essential
address
filtering
laughs
in
underground.
For
me,
it's
reach.
Quite
a
stable
state,
placed
a
lot
of
recommendation.
What
to
do
in
which
case
with
which
extension
headers.
My
understanding
is
Fernando
is
not
here,
but
it
would
be
nice
next
time
to
go
forward
with
it.
Mary
kay
will
present
the
apparent
security
later
today.
A
We
also
have
another
active
document
that
has
never
been
presented
to
the
working
group
about
munich.
Rpf
checks
improvement.
In
short,
it
has
mainly
been
discussed
on
the
grow,
a
working
group
because
that's
again,
something
which
is
crossing
to
working
groups
but
in
short,
is
about.
We
all
know
about
unicast
a
PF
check
in
strict
mode
and
one
in
loose
mode.
A
B
B
Well,
I!
Guess
that's
the
reasons
presented
here,
so
we
can
with
a
few
well
well.
So
it's
not
a
protocol
requirements,
but
only
about
the
environment,
so
visit
leads
providing
some
requirements,
some
attention
when
you're
willing
to
deploy
I
to
RS.
So
we
came
with
37
requirements
most
of
well.
We
can
divide
that
into
three
categories:
isolation
of
the
system,
management
and
the
remaining
of
stem.
B
B
B
So
well,
we
have
so
we
can
with
different
planes,
one
which
is
the
data
plane,
the
control
plane
and
the
manager
plane.
So
one
of
them,
some
of
the
requirements
are
but
to
isolate
all
this
plane,
and
this
is
what
I
mention
about
the
itrs
architecture.
So
you
can
have
multiple
applications
connected
to
one
client,
but
you
can
also
have
one
client
connected
to
multiple
agents.
B
So
when
some
of
the
requirements
are
because
you
can
well,
you
have
all
these
interactions,
so
some
of
the
requirements
are
which
application
are
buying,
to
which
I
trow
rest
client
and
so
on,
which
I
tour
is
lying
to
so
some
of
the
requirements
as
well.
If
you
clustering
all
these
applications
and
well,
you
should
cluster
them.
According
to
the
privilege
you
have,
if
you
have
multiple
applications
that
can
access
to
a
given
client
and
they
don't
have
the
same
kind
of
privilege,
then
you
can
easily
well.
B
B
B
B
So
so
how
would
provision
that,
as
far
as
part
of
the
management
and
so
I,
don't
I
don't
see
the
link
with
security
so
well?
Basically,
you
would
like
to
avoid
the
situation
where
110
anything
okay,
so
how
we
provision
so
is
the
question
how
we
we
maintain
that
the
different
tenet
remains
isolated
or
because
maybe.
D
D
And
general,
okay,
so
remember,
this
is
all
in
the
context
of
the
IRA
to
say
and
the
alternate
data
stores.
The
artists
agent
is
a
dynamic
control,
plane
that
that
uses
net
compressed
comp
and
so
our
initial
protocol,
that's
doing
general
provisioning
talks
to
a
piece
of
software
on
the
router
or
the
device,
and
it
basically
says
do
these
things.
So
that's
a
provisioning
agent
which
you
can
think
of
just
like
netcom
press
comp,
because
we
are
using
our
protocol
to
use
his
rest
comp.
D
Our
data
models
are
data
models,
but
they
can
exist
in
a
new
data.
Plane
called
a
from
it's
in
the
revised
data
stored
data
plane.
It's
a
control,
plane
data
plate.
So
when
you
see
that
you'll
see
several
times
itrs
the
security
piece
here
is
the
okay.
So
when
you
have
that
protocol
agent
just
like
when
you
have
a
net
comp
server,
that's
sitting
on
a
box,
that's
actually
an
implementation,
and
that
implementation
has
some
extra
things.
But
that's
how
you
actually
implemented
it.
D
This
is
what
we
think
you
want
to
do
when
you
write
on
it.
They're
written
is
requirements
in
the
draft,
but
there
really
a
suggestion
of
helpful
things
that
you
requirements
in
the
sense
please.
These
are
good
things.
If
you
want
to
make
sure
things,
don't
have
security
problems,
they're,
not
the
type
of
requirements
like
you'd
have
on
the
restaurant
protocol.
That's
a
whole
other
spec.
This
is
just
these
would
be
really
good
things
if
you
think
that
we
should
release
restate
them,
as
these
are
general
really
good,
good
ideas,
we
can
respond
it.
E
A
Ask
for
hammer-
maybe
death
more
discreet
right,
so
I
would
ask
the
question
twice.
Of
course,
first
one
who
thing
it
was
useful
to
get
this
kind
of
discussion
here
and
would
think
it's
a
waste
of
time
just
to
be
brutal
right
here.
Knowing
so,
let's
go
for
the
hem
who's
saying
that
this
kind
of
presentation,
specifically
this
one,
it's
useful,
please
am
now.
A
G
Hello,
so
this
is
a
draft
that
the
three
of
us
erica
kk
myself
started
about
four
years
ago
and
part
of
it
was
because,
with
the
v6
security,
all
of
the
the
recommendations-
and
you
know
what
you
have
to
consider
was
in
about
a
hundred
different
RFC's.
So
we
decided
probably
better
to
create
one
single
document
so
that
if
somebody
was
looking
at,
how
do
you
secure
v6
and
what
are
the
considerations
that
you
had
one
document
to
look
at
and
we
created
a
synopsis.
G
So
that's
kind
of
the
the
impetus
of
why
this
workout
started.
We
are
at
revision,
10
and
I
just
want
to
show
some
of
the
latest
updates.
There
was
some
considerable
review
done
by
some
folks
from
the
v6
ops
community
and
so
we're
very
grateful
and
thankful
for
that.
So
there
was
some
threads
june
of
last
year
and
so
that
led
to
a
bunch
of
fixes,
primarily
it
was
fixing
grammar
issues
and
spelling
errors,
adding
links
to
provide
more
explicit
references,
also
being
consistent
with
uppercase
and
lowercase
cases
used
for
acronyms.
G
We
corrected
a
reference
in
some
sections
and
we
updated
all
the
references,
because
some
of
the
graphs
keep
getting
updated,
obviously
or
some
that
turned
into
our
seas
in
the
four
years
that
we've
been
working
on
this
document,
and
we
also
finally
added
some
explicit
language
to
replace
some
of
the
dvds
and
so
specifically,
then
the
extension
header.
So
we
added
some
text
on
on
how
to
handle
on
what
to
what
considerations
are
should
be
for
extension,
headers.
The
first
bullet
point,
I
think,
is
really
important
right.
G
There's
a
herd
mentality
in
terms
of
drop
every
packet
that
has
an
extension
header
that
is
not
practical
and
so
I
want
to
make
that
statement
offhand.
So
we
added
explicit
texts,
show
that
extension
headers
are
used
in
operational
networks,
and
so
you
really
need
to
think
about.
You
know.
Are
you
do
you
need
them
right
and
you
have
to
think
about?
Should
you
be
dropping
some
of
them
or
or
not?
And
then
what
else
can
you
do?
G
So
we
first
list
some
operational
aspects
and
primarily
it's
the
ipsec
either
a
hosp
extension
headers
or
fragmentation
that
you
really
need
to
think
carefully
about
power,
whether
or
not
there
are
utilized.
We
talked
about
order
and
repetition
on
the
hop
by
hop
extension
header,
which
has
some
dost
eagles
aspects
for
consideration
and
then
the
fragmentation
extension
header,
because
some
specific
fragments
could
cause
stateless
filtering
bypass.
G
So
we
also
added
language
works
to
external
security
considerations,
so
specifically
a
language
to
address
current
work
in
progress
for
extension,
header
filtering
as
well
as
a
new
language
in
that
specific
draft.
So
we
have
the
reference
for
the
draft.
It's
actually
a
draft
in
this
working
group,
I'm
not
going
to
read
the
text.
I
think
you
can
read
it
for
yourself,
but
we
added
that
to
be
more
explicit
and,
of
course,
up
to
date
with
all
the
current
work
and
considerations
that
you
need
to
think
about
in
securing
v6
networks.
G
So
next
steps
we
want
to
thank
Marcus
and
Fred
who
provided
extensive
information
and
comments
back
in
June
2016,
and
we
would
like
to
ask
the
working
group
whether
or
not
this
document
is
ready
for
last
fall.
Those
pictures
were
taking
at
eight
in
the
morning
when
we
met
for
breakfast
to
finalize
these
slides
and
going
are
we
done
yet
and
on
those
of
you
that
might
know
me
is
I'm
not
a
morning
person
at
all,
so
I
am.
G
E
A
F
H
F
G
We
have,
as
the
authors
do
I
mean
we
had
some
life,
you
know
happen,
but
it's
it's
an
and
we
didn't
even
really
plan
to
all
three
be
here
at
this
meeting,
but
it
just
so
happened,
and
so,
but
we
do
feel
like
it's
ready
for
last
call.
We,
you
know
it's
a
document
where,
as
new
things
come
up,
it
can
last
forever,
but
we
feel
like
right
now,
its
current
to
the
state
of
where
things
are
now
and
so
yeah
as
office.
We
feel
it's
very
for
last.
Call:
okay,.
F
A
J
Alright,
so
this
a
draft
is
actually
in
the
DC
working
group
and
basically
it
updates.
Let
me
go
to
the
next
slide.
It
updates
some
of
the
text
in
some
of
the
existing
documents,
because,
during
on
the
ice
iesg
review
of
RC
78
39,
they
raise
some
issues
because
of
the
nature
of
the
data
that
was
being
exchanged.
They
were
you
know,
they're,
holding
up
this
document,
which
just
added
some
new
relay
options
and
we
kind
of
said
well.
J
You
know
this
isn't
fair
to
really
block
this,
because
there's
a
lot
of
other
relay
options
that
have
similar
problems,
and
you
know
we
don't
really
have
any
strong
security
between
it
and
typically,
you
know
this
isn't
usually
in
an
operational
inside
operators
network
where
there
hopefully
protecting
it.
You
know
their
their
internal
networks
in
good
ways,
I
mean
if
people
can
snoop
the
relay
traffic
and
you
know
relate
to
server
communication.
J
They
can
probably
some
other
things,
so
we
got
them
to
to
let
us
proceed
but
I
agree
to
take
on
the
work
of
improving
the
security
between
the
relay
agents
and
the
dhcp
server,
and
just
as
a
background,
RC
2131,
which
is
the
gcp
v4
specification,
doesn't
have
any
mechanism
for
security.
Rc
33
16,
which
is
the
dhcpv6
specification,
does,
but
it's
only
a
you
know,
it's
not
a
must
or
anything
like
that.
It
says
you
you
can
use
it.
However,
it
also
doesn't
provide
any
authentication.
J
Sorry
any
and
encryption
for
the
communication,
it
just
sort
of
says
you
know
you
don't
need
it
because
most
of
the
data
isn't
that
that
important
to
secure.
Obviously,
things
have
changed
since
that
was
written,
so
this
draft
proposes,
and
then
you
know
it's
now
as
you'll
see
it's
with
the
isg
must
use
IPSec
for
DHCP,
v4
and
dhcpv6
relay
to
relay
or
real
age
a
server
communication.
J
You
know
if
this
stuff
is
out
there,
so
it's
not
a
big
deal
for
us
to
require
this,
and
we
also
require
encryption
as
well,
so
that
it
really
changes
from
the
dhcpv6
specification
really
changes.
The
you
may
use
it
into
a
must
and
also
adds
the
encryption.
So
you
know
here
are
some
of
the
IPSec
details.
They
must
use
it,
they
must
use
encryption,
we're
also
well
well,
we
say
you
can
use
manually
configured
keys.
We
really
prefer
people
to
use.
J
The
current
status
is,
it
has
passed,
the
working
group
last
call
it
was
sent
to
the
iesg
technically,
the
IETF
last
call
is
ended.
There
were
two
reviews
by
jen
art
and
the
security,
and
it's
scheduled
for
tell
a
chat
on
the
413
call
and
the
iesg,
so
hopefully
it
will
get
approved.
But
if
people
have
comments,
questions
or
concerns,
you
know
you
can
let
let
the
ad
in
the
room
know
or
let
let
me
know,
and
we
can
work
on.
A
J
You
know
you,
there
is
the
ability
to
configure
multicast
addresses
for
the
relay
forwarding,
addresses
or
potentially
anycast
address
or
whatever.
Obviously
there
there
may
be
some
and
if
we
don't
really
mention
those
issues
in
the
draft,
if
you
you
know
you
make
use
of
some
of
those
things.
If
you
don't
have
those,
you
know
if
you're
using
pre
shared
secrets
or
whatever
mesa
continue
to
work,
but
you
know,
depending
on
what
you're
using
there
may
be
some
issues
and
it
is
maybe
I
didn't
get
your
phone,
but.
A
J
Typically,
typically,
the
most
people
don't
use
the
multi
casting
or
the
any
casting
capabilities
for
real
a
communication
I
mean
most
of
the
operators.
I
know
configure
unicast
addresses
for
that
communication,
okay,
and
they
can
do
that
because
the
relay
agents
have
the
ability
to
forward
it
on
to
multiple
destinations.
J
J
Maybe
there
is
something
that
that
will
need
to
do
to
address
that
issue
or
question
or
put
the
restriction
on
that.
You
know
if
you're
going
to
use
certain
things,
you
cannot
use
the
multicast
or
any
casting
I
mean
any
casting,
might
still
work
I've.
You
know
I'm,
not
a
hundred
sure
that
what
the
issues
there,
okay,
okay,.
A
L
L
So,
of
course,
there
is
a
real
different
purpose
than
in
Z
working
with
adults
for
the
signaling
part,
with,
for
example,
check
the
dtls
for
communicating
as
a
reason
attack,
and
what
we
propose
is
not
a
purely
a
signaling
mechanism.
We
want
to
position
our
press
as
a
kind
of
backup
mechanism,
because
these
achieve
your
energy
us
attack.
Maybe
you
network
is
congested
and
you
want
to
pass
a
signal
to
send
a
signal
that
you
are
enjoy
that
but
cannot
go
because.
L
Yes,
simply,
your
network
is
a
congested,
so
our
idea
is
that
we
would
like
to
benefit
from
already
existing
and
foreign
packet
into
the
network
to
embed
some
information
about
that.
So
it's
like
when
you
are
put
the
sss
message
in
the
bottle
in
the
senator
ocean,
so
it
means
that
basically,
we
will
not
necessarily
XD
a
regular
cross
between
the
can't
server,
but
we
try
to
benefit
from
we
get
also,
if
you
look
that
further
I'm
glad
prospective
less
random,
random
wall
can
graph,
and
so
we
want
to
exist.
L
Oxy
are
mechanisms,
so
we
want
to
impact
occur
in
the
first
instance
of
the
attack
we
are.
Colleagues
are,
observers
are
still,
some
packet
are
adult
to
be
forwarded,
and
we
want
to
take
this
in
vintage
to
put
information
and
we
we
are
saying
that
using
the
hop
I
of
mechanism,
Africa
physics
can
be
a
good
solution,
because
it
means
that
we
try
to
basically
replicate
this
information
into
not
all
but
many
abuses
packet
data
format.
L
So
it's
kind
yes
of
what
you
say
it's
in
comp
artistic
manner,
because
we
will
not,
for
example,
when
we
initiate
the
process,
will
not
put
information
from
a
package
that
goes
to
the
key
into
a
server,
but
from
package
that
and
basically
goes
well.
If
you
ain't
on
also
point
is
the
network
and
so
on.
Okay,
it
would
be
just
replicated
at
some
point
but
yeah,
just
maybe
a
figure
2
to
explain
so
why?
What
we
have
a
year.
We
have,
of
course,
okay,
Anthony
servers.
L
We
also
get
windows
so
gateway
to
be
very
brief,
is
kind
of
intermediate
that
the
clan
can
use
between
the
are
you
thinking
it
can
use
before
contacting
the
server,
so
the
idea
that
the
giant
wants
to
connect
aces
several
directly
as
a
gateway.
Ok,
this
is
the
common
basis
that
we,
you
have
tried
to
add
no
adults
and
then
what
we
on
the
network
we
we
propose
to
have
some
kind
of
a
capable
Roger
power
option,
so
meaning
that,
of
course,
it
has
to
be
initially
initiated
by
the
client.
L
The
client
will
embed
information,
some
ecosys
are
doing
packet
or
maybe
create
some
at
the
begin
of
course,
the
spaghetti
laughs
we
lives
on
their
own
and
then
this
week,
coaching
uses,
but
then
for
each
also
packets.
A
good
go
for
example,
on
as
you
can
see
for
when
arise.
A
capital
Ritter
also
packet
that
pass
by
can
be
then
also
marked
with
this
information.
So
basically
this
capital
richer.
We
just
start
kind
of
information
regarding
the
US
the
attack
and
will
encapsulate
this
information
to
the
world.
So
that's
a
principle.
Ok,.
M
M
Yeah,
so
you
said
it
utilizes,
the
ipv6
hop-by-hop
app
should
header
RFC
2460.
This
header
has
the
advantage
to
be
fully
inspected
by
all
network
devices.
It
is
the
first
header
in
the
ipv6
extension
headers.
So
I
think
that
assertion
is
unlikely
to
be
held
true
since
I'm,
unaware
of
any
basic
based
router,
that
honors
hot
by
hop
options
by
default.
L
L
L
And
also
ok,
our
assumption
is
that
first
you're
already
on
those
so
I
think
you're
gonna
be
yeah.
M
You
think
I
cannot
be
more
dust
because
that
absolutely
happens
to
me
every
day,
which
is
that
I
get
some
and
then
I
get
some
more
and
after
that,
I
get
more
so
yeah
I
think
anything
that
actually
increases.
My
costs
of
processing
packets
when
I'm
under
attack
is
definitely
putting
me
in
a
worse
situation.
Yeah.
L
K
M
L
M
M
M
N
While
I'm
not
told
enough
or
on
kamari
so
I
have
similar
concerns,
if
I'm
not
really
careful
and
I
don't
strip
these
out
on
sort
of
my
edge
or
gateway
I'm,
now
going
to
be
signaling
to
everybody
that
hey
I'm
under
attack
and
I'm
also
not
really
careful
and
don't
filter
them
on
ingress.
This
seems
like
an
ideal
thing
for
people
to
happily
insert
into
the
packets
when
they're
sending
me
now
think
you
really.
L
Need
to
be
careful
on
the
policy
well
yeah
or
what
Jack
said
was
young
ingress.
Perfect.
That's
for
sure
this
is
the
basic
ed
Caesar,
so
points
that
you
are
no
addressing
Robin,
it's
a
practical
consideration.
If
you
want
to
deploy
such
solutions
and
as
well
as
oh,
yes,
we
present
here,
we
wouldn't
it's
a
six-man
as
well
to
add
more
feedback
really
so
yeah.
We
know
that
about
option
is
really
an
issue
for
a
practical
perspective.
So
then
we
that's
y
and
z.
L
Mailing
list
ask
if
real
experiments,
if
people
really
experiment
it
in
there
are
some
feedbacks
on
other
proposals.
Accuse
abaya
fiction
is
a
success
on
that.
So,
yes,
we
are
people
to
get
all
those
this
kind
of
feedback,
but
Anya
borrowed
wealth,
but
also
dwells
I
tried
to
use
and
that's
apparently
face
so.
L
Yes,
I
will
continue
okay,
so
then
we,
of
course
you
have
to
we
will
not
mark
all
packets.
You
have
to
kind
of.
You
need
some
decision
about
the
brackets
for
mark
this
is
you
are
proposing
something
simple
in
zagreb
but
of
course,
is
asked
to
be
defined
by
its
as
a
user.
I
mean
house
GOP
writers.
All
package
should
be
marked,
of
course,
I
used
to
mark
all
in
the
first
instance
of
the
attack
to
add
more
chances
and
decrease.
L
A
F
A
A
Yet
this
one
point
number
four:
that's
no
way
you
can
detect
whether
the
destination
is
any
caste
or
not.
It's
said
by
very
specific
configuration
because
there
is
no
difference
between
anycast
address
in
the
unicast
address,
so
you
need
to
get
the
configuration
that
tells
this
unique
address
is
actually
the
new
cast
and
so
on,
and
so
on
not
a
big
deal,
but
just
beware
of
this
right.
Thank
you.
L
L
All
the
information
is
option,
so
nothing
special
here
so
maybe,
as
an
example
cross
me
encanta
different
types
of
information,
the
server's
you
want
to
reach
or
for
triggering
the
mitigation,
some
information
about
the
attack,
which
is
a
toast
which
is
a
victim,
the
pot
which
is
under
attack
and
son.
Okay,
everything
will
be
should
be
included
in
CR
in
the
option.
Of
course,.
L
So
regarding
no
deployment
consideration,
as
you
have
already
discussed,
yeah
I
very
attractive,
because
yeah
I'll
buy
option
is
usually
what
we
arrived
that
so
the
idea
is
that
our
place.
Our
rationale
is
that
this
optionally,
used
by
another
I,
mean
every
everybody,
but
really
under
kind
of
for
a
circle
of
trust
between
some
client
and
server.
Maybe
all
of
them
open,
operated
by
the
same
authority.
L
And
of
course
we
don't
because
in
the
dots,
as
already
some
scenarios
that
we
described
with
different
domains,
we
are
not
targeting
where
we
have
intel
demean
corporation
you're,
really
focusing
and
frightening,
because
we
don't
believe,
that's
your
so
gently
yeah
adult
respect,
riders
from
Pinocchio
each
other
to
another.
So
yeah,
that's!
So
we
will
leave
me
to
this
a
use
case,
basically
and
okay.
L
So
then,
of
course,
you
need
to
modify
some
kind
of
treatment
that
you
have
to
be
done
is
already
KN,
tell
z,
which
are,
of
course,
so
we
need
that
capybara
Turzai
able
to
extract
and
starts
on
information
in
order
to
rincon
silicates.
It
is
otherwise
it
kind
of
works,
and
also
from
the
server
perspective.
You
have
to
be
captured
information
and
from
Scott
to
Z,
I'd,
say
application
a
year,
so
we
get
something
back
that
that
it
can
be
considered
a
dub
relation
which
will
not
do
that.
L
L
Okay
and
so
I
think
you
have
followed
some
conversation
and
the
mailing
list
with
Xia.
Should
we
offer
eyes
on
that
finger
in
section
it
is
considered,
can
be
considered
as
I'm
full,
so
it
has
to
be
done
in
a
very
careful
mud,
as
we
also
discuss
already
bit,
you
can
use
encapsulated
mode
or
in
our
case
as
I
say
we
should
I
will
target
basically
in
fredonia.
L
So
at
least
we
should
say
that
in
the
Lexington
ISIL
networks,
you
should
know
what
RZR,
possibly
you
can
do,
for
example
regarding
MTU
and
so
on,
and
should
should
be
able
to
to
select.
If
you
can
on
earth,
let's
say
insert
data.
Of
course,
all
the
deployment
push
nice
and
also
sakr
of
the
world.
The
work
arduino
on
the
on
all
main
thinking
now
to
address
them
properly
and.
L
Yeah
I
think
I
mean
and
then
of
course,
yes
be
able
to
see
page
consideration
in
the
grass
off
need
to
kind
of
checking
that
C
key
and
she's
really
offer
I
ski
and
to
do
so
as
we
stayed,
we
should
limit
who
can
first
initiate
the
process
by
creating
the
first
packet
and
okay.
We
have
a
do
some
signature
that
should
use
and
verify
the
identity
at
the
server
side.
Then,
and
basically,
that's
it
first
critical
such
a
battle
main
focus
here
is
marble
or
we
can
actually
practically
deploy
it.
L
H
And
genuine
cover,
actually
I
like,
when
people
trying
to
find
useful
applications
for
extension,
campus
right,
we
need
a
killer
up,
so
people
start
using
them.
However,
I
do
have
concerns
here.
First
of
all,
it's
been
side.
You
already
admitted
us,
your
dragon
traffic
and
you
insert
and
header
which
increase
the
probability
of
this
traffic
to
being
dropped
right
because
the
measurements
we've
done
shows
that
routers
do
drop
packets
with
this
extension
header
right.
So
basically,
you
making
the
situation
for
the
traffickers
and
second
concern
about
us.
H
H
L
H
I'm
not
sure
this
particular
router
might
not
be
actually
under
those
right.
What
we're
doing
when
just
a
problem,
probably
since
the
scenario
here,
but
we
have
a
client
which
is
under
the
doors,
then
it's
sent
packet
and
the
fake
it
might
probably
not
necessarily
going
through
overloaded
router
and
the
router,
probably
practicing
this
packet
and,
for
example,
hope
leave.
It
is
now
0
right,
so
we
need
to
send
icmp
black.
Oh,
we
need
to
send
icing,
they
become
some
other
ISM
and,
let's
assume
router
does
have
resources
to
do
this
because
he
has
otherwise.
H
L
Yeah,
thank
you
crazy
cause.
If
you'd
like
I,
think
yeah
regarding
you
yeah
first
mention.
I
think
it's
always
the
same.
Should
we
regarding
resources?
Should
we
just
maybe
ok,
we
know
that
if
we
provide
some
all
right,
that's
for
sure
I
mean
we
are
not
even
sit
in
the
bath.
We
know.
But
yes,
I
did
that
we
try
to
find
a
solution
that
charbel
to
to
send
your
signaling
before
you
cannot
let
her
do
and
then
it's
for
it
late.
So.
H
H
H
A
And
the
question
comes
around
Oh
anything
by
the
way
job
I,
don't
know
whether
you
know
the
in
situ
Oh
am
working
group,
which
is
doing
kind
of
things
vaguely
related.
You
may
want
to
go
to
insecure
iom,
but
ok,
next
speaker
is
switch
advance.
We
will
talk
without
slides,
which
is
quite
unusual
in
the
idea,
but
I
think
it's
a
good
performance
about
acne
exfilling.
What
is
it
the
architecture
and
then
actually,
on
this
my
opinion
very
important
protocol.
O
O
Okay,
so
I'm
directing
my
my
vision
to
you,
so
we
had
this
problem
in
the
web
for
a
while,
where
you
know
we
want
to
get
all
the
websites
encrypted,
but
in
order
for
having
a
website
to
be
encrypted,
it's
got
to
have
a
certificate
to
prove
its
identity
and
for
ages
the
process
of
getting
a
certificate
and
provisioning.
It's
a
web
server
was
an
entirely
manual
or
mostly
manual
process.
O
So
acne
was
an
effort
to
automate
the
provisioning
certificate
within
the
management
of
certificates
so
that
we
could
have
automated
certificate,
provisioning,
stuff
and
scale
up,
but
the
encryption
of
the
web.
So
this
is
the
technology
that
underlies
let's
and
crepes
that
was
kind
of
the
first
use
case
for
it.
O
So
the
primary
use
case
that
acne
addresses
is
this
case
of
DNS
based
certificates.
So
you
know
websites
authenticate
their
domain
names
and
so
I
acne
provides
mechanisms
for
the
an
applicant
for
a
certificate
to
first
request
a
certificate
in
show
up
at
the
CIA
and
say:
I
would
like
a
certificate
with
this
collection.
Two
main
names,
the
server
/
CA
respondent,
says.
O
Okay,
you
need
to
prove
to
me
that
you
own
those
domain
names,
because
that's
what
CH,
2
and
then
acne
provides
it
a
few
different,
automated
mechanisms
by
which
the
applicant
for
certificate
can
prove
that
it
owns
a
given
domain
name.
You
know
it
can
set
up
an
HTTP
HTTP
server
that
responds
to
certain
structured
query.
They
conversion
some
dns
records
in
a
TLS,
basse
dance
things
like
that.
The
idea
is
that
the
applicant
does
configure
something
under
that
domain
name.
O
The
ca
does
a
probe
to
see
if,
if
that,
if
that
thing
had
been
successfully
set
up-
and
if
so
consider
is
that
the
applicant
to
have
proven
he
owns
that
domain-
and
you
know
once
this
dance
has
been
completed
for
all
of
the
names
that
are
requested
and
certificate,
see.
I
can
issue
the
certificate.
So
nice
thing
about
acting.
So
that's
kind
of
the
basic
flow
requests
of
certificate.
Prove
you
on
the
names
get
the
certificate.
That's
about
the
entirety.
O
The
protocol
there's
a
revocation
thingy,
so
you
can
ask
cursor
to
no
longer
be
valid,
but
that's
a
different
part
of
the
life
cycle.
Nice
thing
about
acne.
Is
it's
extensible
in
a
couple
ways,
so
it
was
built
with
an
extensible
identifier
space,
so
you
can
define
acne
for
other
types
of
identifiers.
If
you
care
about
mac,
addresses
or
IP
addresses
or
telephone
numbers,
we
have
the
drafts
right
now
for
telephone
numbers
for
stir
and
for
IP
addresses
for
something
I
don't
know
why
they
won't
use
it.
O
But
in
general
you
can
define
a
new
class
of
identifiers
for
acne,
but
then
you
also
have
to
define
some
new
ways
to
prove
you
own
those
identifiers.
So
the
telephone
number
draft,
for
instance,
defines
a
way
you
can
prove
you
own,
a
telephone
number
using
an
sms-based
interaction.
It's
fun!
You
put
this
content
in
an
SMS
and
you
respond
to
it
then
didn't
put
you
in
the
phone
number
so
yeah.
This
has
gotten,
obviously
a
fair
bit
of
usage
in
the
web.
O
I
think
what's
encrypt
is
issued
like
15
million
certificates,
with
it
there
now
the
number
15
or
20
or
so
CA
in
the
world
by
usage
they're.
The
number
one
CA
in
the
world
by
number
of
certificates,
hoping
that
a
lot
more
ca's
will
use
this
and
it's
getting
using
a
couple
of
different
rewinding,
but
even
in
the
context
of
Watson
crept,
there's
been
some
interesting
uses
for
in
serving
Betty
cases,
so
in
web
cases,
even
in
a
web
case,
has
been
kind
of
interesting.
O
It's
gotten
into
kind
of
embedded
operational
stuff,
a
lot
of
that
major
growth.
Those
in
you
know
six
and
seven-figure
numbers
have
come
from
hosting
providers
that
have
integrated,
let's
encrypt
support
into
their
hosting
platforms.
So
like
dreamhost
right
now,
if
you
show
up
you
spin
up
host
on
green
hose
literally,
you
can
take
one
box
and
they'll:
do
HTTPS
so
state
using
acne
to
talk
to
lots
and
Crips
to
get
the
certificates
to
do
the
HTTPS.
So
there's
been
a
few,
those
sightings
of
deployments
in
the
web.
O
My
other
favorite
example
is
that
free
the
ISP
in
France
has
been
using
acne
to
provision.
Let's
encrypt
certificates,
there
set-top
boxes
so
supporting
HTTPS
interface
there.
It
was
slightly
more
complicated
setup
where
you
know
the
set-top
box
talk
to
so
central
controller
that
owns
the
DNS
zone,
from
which
the
names
are
provisions
for
those
devices.
O
But
basically
you
know
there's
a
little
proprietary
internal
dance
between
the
set-top
box
and
central
control
and
then
the
central
controller
does
the
a
comedians
with
the
CA
and
provides
the
cert
backs
the
set-top
box.
So
there's
some
interesting,
embedded
applications
kind
of
starting
to
come
up
that
are
slightly
broader
than
the
web
case,
but
one
it's
a
sort
of
you
know,
throw
that
out
because
I
know
you
guys
are
you
know
more
in
the
operational
space
and
have
some
probably
different
use
cases
for
the
stuff
beyond
just
the
general
web.
O
So
that's
the
overview,
QA
questions
comments.
Oh
I,
ETS
status,
wise.
We
just
finished
working
group
last
call
and
we'll
be
talking
on
Thursday
morning
or
afternoon
whenever
the
acne
meeting
is
on
the
schedule
about
whether
to
hold
the
draft
to
get
some
some
more
implementation
of
the
current
revision
or
I
go
ahead
and
send
if
the
iesg,
but
anyway
it's
it's
basically
stable
and
done
ietf
last
call
coming
soon.
So
you
know
any
last
comments
announces
time.
Any
questions
comments.
P
Jeff
with
Cisco,
this
is
just
a
brain
storming
out
of
the
blue.
I'm,
not
gonna
live
with
thee,
but
the
protocol
be
provided
a
good
description
of
it.
Just
curious
I
mean
because
it's
automated
I
love
that
part
Security's
always
been
hard
work.
You
can
automate
it
as
awesome
what
about
using
it
to
help
automate
tnx
of
DNS
SEC
deployments,
or
things
like
that
or
that's
too
far
fetched
this
DNS
SEC
is
still
very
limited
in
deployment
around
the
world,
so
yeah.
O
I
think
it's
solving
a
slightly
different
problem
right
because
you're
imagining
you
securing
kind
of
updates
to
the
zone
that
within
get
security
in
a
sec,
yeah
I
think
they're
your
kind
of
presuming
that
someone
has
a
way
to
authenticate
that
they're
authorized
to
make
those
changes
here,
you're
kind
of
starting
in
the
acne
case,
you're,
starting
out
from
kind
of
zero
presumption.
You
know
some
client
walks
in
off
the
street
that
the
server
has
no
prior
relationship
with
and
the
prize.
O
The
server
has
to
verify
any
authorization
that
it
grants
to
the
client
so
in
scituate
enemy.
Few
there's
some!
If
you
squint
your
eyes
hard
enough
and
use
your
imagination,
there
might
be
some
other
applications
like
that,
where
you
want
to
kind
of
build
up
authorization
but
I'm
not
immediately
seeing
how
that
might
apply
to
be
in
a
sec.
Thank
you
sure.
K
Hi
Doug
Montgomery
nest,
so
does
the
security
considerations
section
talk
about
this
issue
that
I
have
an
outsourced
dns?
I
assume
the
proof
of
ownership
is
by
inserting
its
empirical,
its
empirical
yeah
right.
So
can.
Can
you
talk
about
that
issue?
Is
that
if
I'm
using
an
outsourced,
DNS
provider?
Well,
you
could
say
that
you
know
they
can
always
screw
me
over
in
the
dns.
Now
they
can
screw
me
over
and
provide
a
certificate
that
makes
it
look
like
I'm
securely
screwed
over
yeah
yeah.
O
The
security
considerations
addresses
in
general,
the
the
vulnerabilities
that
arise
from
the
verification
channel.
So
if
you
kind
of
have
the
abstract
view
of
this,
like
there's
kind
of
two
channels
by
which
the
CA
and
the
applicant
communicate,
they
communicate
over
acne
over
https
channel
and
then
there's
some
alternate.
O
Some
non
acme
thing
that
the
ca
does
to
verify
that
the
applicant
has
the
main
aim,
and
you
know
whether
it's
that
kind
of
by
assumption
has
no
security
to
it,
that
verification
channel
and
so
you're
open
to
things
along
the
path
doing
you're,
claiming
that
authorization.
So
there's
some
tools
in
the
that
we
describe
the
document
for
making
that
job
harder
for
the
attacker
there.
O
But
you
know
we
recommend
things
like
doing
dns
resolution
for
multiple
in
multiple
vantage
points,
but
there's
still
that
issue
of
you
know
it's
someone
attacks
you
at
the
registry
or
the
registrar,
then
yeah,
there's
not
much.
You
can
do
with
anything
that
is
empirically
based.
N
O
Yeah
this
is
in
large
part.
All
that
acne
is
doing
is
automating
existing
practices
of
CAS.
It's
a
marginal
incremental
benefit
because
there's
a
lot
of
validation.
That
is
not
even
empirical
to
the
degree.
Acne
like
a
lot
of
validation
is
done
by
sending
email
to
the
registered
contacting
who
is
rich,
you
know,
is
a
different
set
of
vulnerabilities,
but
you
know:
there's.
O
Direct
tie
to
the
technology
so
yeah
that
several
of
the
mechanisms
we've
got
an
acne
are
kind
of
built
out
of
things
that
are
already
in
use
in
the
pre
acne
pki
I
have
some
small
degree
of
pride
in
that
some
of
the
mechanisms
that
we've
got
an
ACME,
the
analogous
things
and
other
cieza
de
ployed
have
had
some
vulnerabilities
that
we
managed
to
catch
in
acne
and
we've
gotten
some
analysis
from
from
inria
and
karthik
the
guys
to
do
formal
model
in
it.
So
we
have
some
confidence.
K
O
Have
that
draft
is
about
48
hours
old,
it's
a
work
in
progress,
I
I
think.
Basically,
what
they've
proposed
is
well
I
think
they've
proposed
to
reuse
some
of
the
HTTP
and
TLS
options
that
they
defined
a
new
one,
I'm
forgetting
what
that
new
one
was,
but
they
snouted.
You
could
also
reproduce
that
we
do
the
HTTP
into
law
space
things
here,
except
you
just
connect
to
an
IP
address,
instead
of
connecting
to
a
domain
name
using
those
protocols.
O
Dykes
inside
this,
your
usg
I
associate
with
us
G
want
the
other
thing
you
could
you
could
envision
you
all
right.
One
other
thing:
you
can
envision
heroes
things.
If
you
wanted
to
do
this
for
like
provisioning,
you
could
define
like
an
email
identifier
type
and
do
some
verification,
or
perhaps
some
have
some
authority.
They
could
prove
the
thought
they
could
grant
authorization
use.
Email
addresses
again,
there's
a
few
unexplored
use
cases.
Here
we
solve
one
big
one.
It's
all
we've
addressed
one
big
one,
but
there
may
be
others
anything
else.
One
quick.
H
O
Yeah
I
think
the
idea
is
that
you
know
a
CA
has
to
run
multiple
services
in
order
to
kind
of
make
the
whole
thing
work.
In
addition
to
doing
issuance
and
education,
you
know
interactions
with
the
applicant
or
owner
or
certificate.
It's
got
to
have
interactions
like
a
CSP
or
issuing
crls
with
relying
parties.
O
O
F
B
H
F
Of
inspiration,
which
was
neat
from
time
to
time
so
again,
thank
you,
Joe
and,
at
the
same
time,
would
also
like
to
welcome
Warren
here.
You
know,
as
the
new
shepherding
ad
for
the
working
group
he's
familiar
with
the
work.
You
know
you
together
with
me.
So
knows
you
know
where
you
know
where
we
can
bring
all
this
stuff
yeah.