►
From YouTube: IETF98-STIR-20170330-0900
Description
STIR meeting session at IETF98
2017/03/30 0900
A
B
C
B
E
C
F
C
C
C
C
B
G
H
G
E
E
E
Our
agenda
today
is
much
shorter
than
our
allotted
time.
Like
about
seven
other
working
groups,
we
ended
up
with
an
hour
more
than
we
asked
for
I
do
not
expect
that
we
will
use
it.
In
fact,
several
of
us
have
made
plans
to
use
that
our
a
different
way
we're
going
to
start
off
with
our
discussions
about
our
documents
in
flight
and
talk
about
now,
managing
certificate,
freshness.
I
H
E
K
B
J
I
K
A
K
So
I'm
John
we're
gonna,
be
talking
today
about
the
three
documents
that
are
pretty
much
done
at
this
point.
Thankfully,
that's
our
secret
e47
for
this
passport
and
then
certs
are
seaboard,
corbis
and
passport.
They
kind
of
are
the
over
the
wire
bits
on
the
wire
component
of
stir
and
certs
is
what
we
think
we
need
to
do
to
try
to
articulate
how
protocol
interacts
with
trust
anchors
and
so
on
next
slide.
K
The
good
news
is
were
I.
Think
we're
pretty
much
done
with
these
things
in
the
sense
that
you
know
we've
been
working
on
for
a
long
time.
We
did
working
class
call,
we
got
them
through
the
isg,
and
now
all
developed
issues
are
clear:
there's
still
a
little
bit
ly
not
to
do,
and
some
of
that
cleanup
is
actually
on
certs
on
the
certs
draft.
So
we're
gonna
talk
a
bit
about
that.
K
But
basically
this
is
at
a
point
now
where
we
can
pull
the
trigger
and
these
when
you
feel
like
that,
we're
just
going
to
hold
certs,
at
least
for
a
little
bit
to
make
sure
that
we
get
this
stuff
taken
care
of
last-minute
fixes
yeah.
So
you
know
because
Chris
and
I
were
doing
this
separately
and
then
Sean
was
doing
some
passes
of
store
service
and
I
was
at
4474
bisque.
We
had
a
couple
of
synchronization
problems
across
the
drafts.
Oh.
K
Sure
so
one
of
the
main
synchronization
problems
we
found
anyway
was
just
about
the
bear
syntax,
especially
the
way
that
we
were
talking
about
telephone
numbers.
The
last
thing
we
wanted
to
do
when
we
embarked
on
this
mission
was
to
come
with,
like
yet
another
syntax
or
telephone
numbers,
and
that's
part
of
the
reason
why
4474
disc
took
this
approach
of
doing
canonicalization.
Instead,
we
basically
just
said,
burn
out
a
process
that
you
can
use
to
turn
telephone
numbers
as
they
are
rendered
through
formats
like
RC
3966.
K
H
K
Looking
at
what
the
original
of
turn
out
to
be
so
any
we
want
one
of
the
things
we've
come
up
with
on
this
that
has
been
on
the
list
recently.
Is
this
question
of
whether
or
not
p
NS
can
include
pound
or
star,
and
this
is
something
where
we
had
at
one
way
in
one
draft
by
the
way
in
other
graphs,
we
need
to
get
that
fundamentally
synchronized,
but
this
only
even
came
into
this
because,
in
addition
to
canonical
izing,
the
from
that
is
the
calling
party
number
we're
also
canonical
izing.
K
The
from
are
the
two.
The
called
party
number
and
the
called
party
number
in
a
lot
of
instances
can
end
up
with
markup,
like
this,
that's
messy
and
like
actually
discarding
that
markup
discards,
semantics
that
you
want
to
preserve,
and
so
it's
really
because
of
that.
You
know
kind
of
corner
case
that
we
ended
up
eventually
saying:
okay,
like
we'll.
Have
that
be
part
of
what
we
capture
in
the
search
document
as
well?
I,
don't
know,
is
mr.
hammer
in
the
Java
room
or
it's
not
in
the
room.
Is
he
think
I
see
him?
K
B
Guess
we
get
it
through
a
working
group
last
call:
we've
now
gone
through
ITF
last
call
with
the
pound
and
the
star
included.
Even
though
range
you
know,
when
you
have
a
number
that
has
a
pound
or
star
in
it,
you
say
and
19
consecutive
numbers
following
it
doesn't
necessarily
make
sense.
I,
don't
think
the
certificate
issuers
going
to
do
that
right.
K
J
B
K
That's
the
choice:
I
mean
I
like
I,
say:
I.
Think
it's
okay,
like
some
again
the
corner
of
a
corner
case
like
deep
down
in
this
we're
doing
this,
like
diversion
stuff
that
I've
been
looking
at
I,
can
maybe
see
cases
where
that
would
interact
with
this,
so
I
mean
I
I,
don't
want
to
dismiss
it
out
of
hand,
but
at
the
same
time
I
think
it
is
a
sense
you
could
do
reasonable
things
with
this
would
not
not
run
afoul
with
that.
So.
K
They
came
in
find
where
you
know
anybody
to
find
the
semantics
of
the
sudden
say
that
JSON
generally
could
be
utf-8
or
utf-16
or
GF,
3,
2
and
so
basically
said.
Okay,
fine,
we'll
put
a
restriction
and
ness
like
when
you're
registering
claims
your
passport.
They
ought
to
be
like
asking
right-
and
this
is
not
an
unreasonable
like
everything
is
in
the
JWT
registry
already
is
within
the
ascii
range
I.
You
know
again,
except
for
some,
like
internationalization
cases
where
people
want
to
have
really
weird
claim
names
for
that
I
guess:
I
could
conceivably.
K
K
K
The
tag
obviously
I
think
the
value
needs
to
be
internationalized
school
yeah.
So
we're
just
saying
it's
basically
like
a
Diana
constraint
for
us
when
you're
registering
the
tag
name
for
the
claim
name.
We
want
you
to
that
with
a
ski
for
this.
That's
a
yeah
emoticons
in
this
n
thumbs
up
Pizza
Pizza,
yes,
anyway,
we
also
tried
to
fix
the
date
text
a
bit
more
about
how
we
interact
with
the
I-80
and
passwords
to
the
date
in
the
sip
header.
K
That
was
a
comment
that
Ben
I
think
made
about
this-
that
we
wanted
to
get
cleaned
up
and
also
been
was
concerned.
I
think
justifiably,
it
sounded
too
much
like
we're,
trying
to
standardize
reason
phrases.
We
kind
of
had
some
text
and
there
was
too
strong.
So
we
rolled
that
back
again,
but
the
stuff
that
we
did
in
response
I
see
most
of
it-
was
like
small
small
stuff
like
this,
but
now
we're
gonna
get
into
some
of
the
more
substantial
issues.
K
K
K
K
Something
at
us
was
interested,
then,
when
ads
decided
to
migrate
that
to
a
claim
in
passport
instead
of
actually
having
in
syrup,
we
still
thought
it
would
be
useful
in
the
serve
to
be
able
to
provide
a
feature
that
would
let
you
say,
passports
that
are
signed
by
this
cert
can
are
constrained
only
sign
like
for
this
level
of
assurance,
for
example.
So
if
we
imagine
that
there
is
an
loa
claim,
that's
called
you
know
that
appears
and
pastures
called
loa
and
that
loi
can
have
three
values:
high
medium
or
low.
K
K
Nap
and
I
want
to
be
able
to
issue
you
a
sir
and,
let's
imagine
it's
an
individual
T
answered.
I
know
there
are
people
in
this
room
that
believe
that
there
is
no
such
animal
unicorn.
But,
let's
assume
that
exists
for
the
moment,
you
know
if
I
issue,
you
an
end
user,
sir,
and
it
has
this
scene
am
claim
that
suppose
represent
the
color
name.
I
could
put
one
of
these
gave.
You
give
your
key
claim
constraints,
and
it
says
you
know
if
Shawn
Turner
is
going
to
sign
any
passports
with
this.
K
If
seen,
em
is
present,
it
must
have
the
value
Shawn
Turner,
this
stray.
So
that's.
Basically,
the
concept
behind
this
russ
was
kind
enough
to
patch
this
up.
For
us,
we
we
ran
into
a
couple
of
problems
with
this.
Actually
in
is
key
review.
One
them
was
that
we
kind
of
first
grazed
it
like
it
was
both
a
blacklist
and
a
whitelist
like
okay,
we're
gonna
phrase
this.
So
you
know
if,
when
we
issue
a
sir,
we
can
list
here's
the
things
that
you're
allowed
to
use.
K
Here's
the
things
you're
not
allowed
to
use
well
I
mean
it
turns
out
that
those
having
both
the
wait
list
in
the
bad
list
ruins
all
these
good.
Like
additive
permissions
properties,
we
tend
to
like
in
designing
security
systems
like
this,
so
we
devolved
it
down
to
something
that
is
merely
a
white
less.
K
In
other
words,
if
jdid
claim
constraints
is
present,
then
if
it's
not,
then
there
are
no
constraints
you
can
put
whatever
claims
in
you
want,
but
if
its
present,
then
you
were
restricted
to
using
just
the
set
of
claims
that
it
specifies
now,
of
course,
we
do
assume
that
all
of
the
baseline
claims
that
are
defined
in
the
passport
specification
are
automatically
whitelisted.
So
this
is
really
for
extensions.
Like
seen
on
things
like
that,
that's
the
model
we
ended
up
with
I
think
this
works.
K
Sean
I
had
like
a
bad
merge
I'm
in
that
13
that
came
out,
so
we
we
put
into
for
that
still
had
some
exclude
text
in
it.
So
we
actually
managed
to
tear
all
that
out
now
in
the
version
we
just
issued
this
week.
I
think
this
should
be
clean.
This
is
exactly
right,
yet
so
there's
one
last
thing:
I
want
to
talk
about
here
and
people
feel
free
to
apply
in
on
this.
K
So
the
way
the
text
reads
now,
when
you
define
a
genuine
key
claim
constraint,
you
end
up
defining,
like
I,
said
both
the
claim
name
for
this
claim
name
like
seen:
em.
You
must
have
this
value
right,
a
sign
for
it,
something
like
you
know,
4cm.
It
has
to
be
Shawn
Turner.
It
strikes
me.
It
could
also
be
useful
to
have
a
JD
OT
claim
constraint
that
merely
authorizes
the
use
of
a
particular
claim
without
stipulating
any
value
for
it.
K
So,
in
other
words,
you
know
maybe
I
want
to
let
you
use
C
nams
when
you
sign
with
this,
sir
right
and
I,
don't
care
what
CM
value
you
put
in,
because
you're
like
colored
right,
you're,
an
enterprise
and
you've
got
like
10,000,
you
know
numbers
you
can
sign
for
there
and
you
might
have
different
scene
ends.
Prettyful
ones
of
those
I
want
to
have
to
give
you
10,000
different
search
for
these
see
names.
I
just
want
to
say
you
know
anything
that
Cullen's
enterprise
assigning
they
can
put
whatever
CNN
they
wanted
it.
K
The
syntax
day
doesn't
actually
allow
that.
So
what
we
could
do,
Russ
I'm
sure
you
know
how
to
do
this.
No
can
we
make
it
so
that
the
value
part
of
this
is
actually
optional
right,
define
g2g,
give
you
a
key
claim
concerns.
You
have
to
say
what
the
claim
is.
That's
like
mandatory
for
it,
but
the
value
part
is
something
that
we
either
can
include,
or
not
so.
B
The
way
it's
defined
right
now,
if
the
extension
is
not
there,
you're
not
constrained
in
any
way.
Right.
Second
thing
is:
if
you
put
a
constraint
in
your
providing
a
list
of
values
our
field
may
may
contain.
So,
in,
like
the
example,
that's
in
the
document
is
confidence
which
you
know
it's
allowed
to
have
high
medium
low.
You
could
tell
that
that
particular
issue
or
must
use
low,
that
issuer
of
JWT's
must
include
high,
so
that
you're
you're
only
authorizing
them
to
issue
tokens
with
high.
B
K
K
H
K
Can
tell
you
how
to
do
myself.
I
can
put
know,
is
my
David.
She
claimed
constrained
and
said:
that's
the
only
claim
that
you're
allowed
to
use
its
null
and
therefore
you
can't
use
CNM
or
divert
or
anything
else,
but
that
that
is
a
hack,
there's
a
workaround,
but
I
mean
the
point
is
putting
one
just
put
one
thing
into
the
claim
constraints
field.
Necessarily
you
can't
do
any
of
the
other
claims
right
that
no
you're
not
saying
anything
about
the
other
claims
supposed
to
be
a
white
last
right.
C
B
K
L
B
K
K
K
Yeah
I
mean
it
that
you
know
the
value
of
that
again,
because
we
can't
anticipate
possible
extensions.
You
know
we
wanted
to
have
something
to
look
more
like
an
additive
model,
but
what
we
want
to
avoid
is
a
model
where,
but
I
just
want
to
create
a
model
where
cas
can
ultimately
deal
with
entities
they're
generating
search
for
that
they
want
to
disempower
in
some
crucial
ways,
because
they
think
they
have
a
different
status
in
the
network
right
and
we
need
to
have
I
think
a
flexible
tool
on
it
unfortunate,
maybe
for
disempowering
people
heading.
O
L
O
B
O
B
B
J
K
L
J
K
Tn
auth
Lestrade
provides
the
property
already.
This
is
a
telephone
number
for
which
yeah
right,
yeah,
so
I
mean
it
think
about
it.
It's
like
similar
to
that
yeah
we're
just
trying
to
find
ways
that
we
can
a
flexible
extensible
mechanism.
We
can
use
to
say
we
want
to
put
other
restrictions
on
what
passports
signed
by
the
certificate
or
allowed
to
a
task.
So
it's
very
similar
to
jan
was
kind
of
our
starting
case
for
this
right.
This
is
a
attempt
to
genera
size
that
yeah
I
mean
to.
L
K
That
the
former
again
was
would
be
things
like
loa.
I
guess
that
right
where,
if
L
away
is
gonna,
be
present,
you
know
you
for
you.
You
can
only
issue
always
of
love
yeah,
that's
that's
that
that
was
the
that's
where
we
started
on
this
right.
So
they
said
this.
Is
you
know
this
was
the
attempt
to
take
that
and
turn
it
into
something
that
would
be
useful
for
other
extensions.
We
anticipating
other
than
ly.
That's.
O
I'm
still
not
quite
well,
you
mentioned
Christine
I'm
an
example
as
one
possible
we
went
to
enforce
that
they
commit
you're
in
this
particular
sub
case
way.
Understand
requirement
is
want
to
enforce
a
plane
or
Cena,
but
you
obviously
don't
know,
for
example,
exactly
which
value
this
thing
is
going
to
have
some
possible.
What
is
the
value?
O
K
I
think
you
have
to
imagine
again
an
instance
where
something
more
like
an
enterprise
right
where
you're
delegating
Bureau
carrier
I
have
a
business
relationship
with
you
know
Cullen's
enterprise,
and
so
if
Collins
enterprise
starts
emitting,
bizarre
or
seniors,
like
our
business
relationship,
compensates
fat
right
in
some
way,
but
I
have
I've
explicitly
delegated
the
authority
for
selecting
that
to
Cullen,
but
I
don't
want
to
do
that
for
Adam,
so
I,
don't
trust
Adam
right!
So
an
issue
Adam
shirts
I
want
the
search
to
say
he
can't
do
see
now
put
any
values
of
that.
O
O
K
K
K
K
We
knew
that
there
might
be
some
interaction
here
over
in
the
SIP
Randy
working
group,
which
is
not
meeting
this
week.
We
actually
need
to
use
connected
identity
because
we
want
to
have
both
of
the
end.
The
end
points
of
a
call
be
acting
as
the
authentication
service
and
verification
service
roles
of
our
secret
474
bez,
and
that
does
require
a
kinetic
identity
to
work
for
reasons
I
can
get
into
their
kind
of
complicated.
K
But
Adam
rightly
pointed
out
that
the
this
led
to
necessarily
some
fixes
we
needed
to
text
about
retransmissions.
That's
in
4474
best
the
notion
you
could
retry
a
request
that
had
failed.
I
think
this
is
a
somewhat
useful
property.
You
know
I
think
we
originally
decided.
We
wanted
to
do
this
when
the
earliest
networks
that
we
try
to
send
any
of
you
sign
request
through
bounced
it
because
the
date
was
being
written,
and
so
we
said,
okay
well.
K
What
we'd
like
to
be
able
to
do,
then,
is
to
move
from
the
compact
for
a
passport
full
form,
a
passport
in
those
instances,
so
that
the
date
can
be
recovered
from
IT
by
the
blowing
party,
and
that
led
you
us
introducing
all
this
text
about
ways
you
redrawing
a
retransmission
and
repairable
errors.
All
that
is
really
good.
The
text
gets
complicated,
though,
because
of
precise
ways:
thats,
if
does
loop
detection
and,
moreover,
detects
this
condition
called
spirals.
K
When
you
do
suspension
for
king
when
kind
of
things
go
through
proxy
server
and
sit
end
up,
looking
back
to
you
and
go
somewhere
else,
we've
done
a
ton
of
work
and
set
to
try
fix
that
over
the
years.
There
are
other
RCS
or
we
address
this
behavior,
and
so
basically,
what
I
did
is
added
some
4474
bist
text
that
said,
pay
attention
to
that.
K
Here's
the
places
where
you
can
run
into
this
there
is
a
should
and
thirty
to
sixty
one
in
particular
that
we're
kind
of
overriding
in
this
and
saying
OK
and
since
you
probably
don't
have
to
do
what
that
should
says,
because
otherwise
you
might
think
this
is
a
loop
when
it's
not
there
really
is
it
Scott
its
kind
of
down
in
the
weeds?
What
that
is
so
I'd
say
we
read
the
text
you're
interested,
it's
all
in
those
sections
about
retransmission
in
authentication,
service
and
verification,
service,
behavior.
K
Discussion
went
where
you
wanted
it
to
okay,
yeah
I
think
we
got
this
one
I
think
we
got
it
and
if
we
did
and
we'll
fix
it,
not
48
it's
10.
Next,
that's
all
done.
I
think
right
I
mean
for
Archie,
4474,
forbis
and
passport
I
think
we're
stable,
but
those
tweaks,
which
is
good
some
of
the
tweaks
again,
and
if
you
had
to
change
things
in
store
search
for
them
as
well.
K
K
On
the
next
I
was
going
to
do
these.
All's
like
separate
powerpoints
originally,
but
then
I
just
was
like
I
read
the
agenda
and
realized.
It
was
just
believe
me,
so
just
one
PowerPoint
next
leg,
so
this
document
got
some
attention.
Ian
is
year.
Do
you
for
folks,
like
Steve,
Farrell
surly,
professor
at
trinity,
college
or
something
I,
think
we
have
those
blocking
points
now
resolved
and
actually
made
some
very
good
points.
These
are
important
things
for
us
to
address
in
dixon
us
there
is
one
thing
still
outstanding.
K
I'm
Becker
wants
to
have
some
better
text
in
there
about
tea
and
range
arithmetic
boundaries.
He
has
sent
me
that
taxed
and
we
will
get
it
into
a
14
or
do
it
in
or
48
it's
it's
just
like
a
one-sentence
tweak
that
we
need,
but
there
are
some
other
major
changes
that
are
still
warrants
and
review
and
discussion.
K
Yea,
though
this
talk
about
this
in
the
past,
like
four
months
I'm,
looking
at
you
like
Mary
over
there,
you
add
us
people
well,
this
like
OC
ends,
speeds
alts
bids,
lots
fault.
Yes,
so
so
we
kind
of
you
know
as
Addis
figured
out-
and
this
is
your
problem
right
like
what
and
OC
n
is
they.
These
are
all
identifiers.
Is
there
specifically
to
telephone
network
that
you
use
to
identify
who
carriers
are
there
not
ITF
identifiers
and
there's
this
organization
called
nikka
right.
K
The
carrier
group
that
yeah
neca,
that
does
this,
they
assign
them
and
their
format
as
define
these
out
of
specifications
and
like
they're,
really
important,
though
for
us
in
the
sense
that
we
do
want
to
be
able
to
have
the
basically
the
subject
of
a
certificate
that
we
issue.
Could
this
be
the
carrier's,
an
identifier
of
the
carrier
that
is
responsible?
We.
H
K
Through
a
million
iterations
of
us
trying
to
figure
out
what
the
right
way
to
do,
that
was
eventually
lighted
on
OC
ends,
but
then
people
started
asking
harder
questions
well:
okay,
networks,
sure
like
North,
America
right,
but
like
what
do
you
actually
do
for
this?
You
know
in
Europe.
What
do
you
do
for
this
and,
like
each
specific?
And
after,
like
a
lot
of
going
around
that
particular
maypole
yeah,
we've
introduced
new
concept.
It's
called
service
provider
codes.
This
came
out
of
at
us.
K
Basically,
this
is
just
like
a
ASCII
string
and
reassume,
probably
for
the
shakin
profile
that
it
will
conform
to
OC
ends
and
with
a
lot
like
Lucy
ends
do,
but
we
want
to
leave
the
door
open
to
other
profiles
of
sep
other
poster
they're
going
to
use
these
identifiers
to
specify
something
else.
It's
a
bit
of
a
blank
check
in
the
sense
we
really
are
saying
somebody
else
has
to
do
to
work
for
this,
but
we
left
in
some
text
indicating
it's
probably
something
like
ocms-
that
we're
dealing
with
a
senate.
O
O
That's
not
an
issue
landline
space,
just
nothing
seems
to
have
yeah.
So
there
are
two
issues,
namely
one
is.
Is
there
ever
a
possibility?
Because
it
is
not,
despite
the
physician
ocn
that
we
wander
into
whatever
canadian
or
mexican
territory
accidentally
and
now
what
you
thought
was
a
nico
or
CN
is
now
something
else,
something
you
don't
recognize,
but
it
is
a
money
look
at
distances.
I
think
this
is
a
whatever
talion
carrier
code
and
no
it's.
K
K
O
K
O
O
The
closest
to
me,
international
namespace,
as
as
we
got
old
document
said,
is
actually
the
pseudo
kill
you
so
don't
actually
have.
Wireless
operation
is
getting
these
ones
because
best,
if
you
do
yeah
I
so
I,
don't
know.
If
that's
aI,
don't
think
we
could
boy
about
it
now,
but
at
some
point,
I
suspect
that
it's
actually
a
helpful
thing,
particularly
because
of
what
wireless
roaming
and.
K
Mean
I
guess
a
screw
gpp
picks
this
up.
Obviously
it
which
I
understand
they
are
I'd,
be
happy
to
work
with
them
to
make
sure
that
I
mean
the
only
thing
and
maybe
maybe
Christopher
you
know
right
I
mean.
Are
we
going
to
run
afoul
of
anything
by
making
it
just
asking
I
mean?
Is
there
anything
that
would
be
in
that
inner
fire
space
that
we're
not
thinking
of
right
that
that
might
be
outside
that?
You
don't
think
so.
Yeah
I
got
it
too.
So.
O
O
K
I
think
I
think
the
gist
mayor,
whoever
I
will
be
signing
for
the
you
know
the
mobile
codes
for
that
right
and
in
it
there
will
be
some
different
entity.
That
is
the
trust
anchor
for
it.
I
think
that
has
to
be
the
differentiator
but
you're
you're
right
to
point
out.
We
should
put
that
in
the
stack
so.
H
K
H
H
K
K
K
K
So
a
lot
of
the
concerns
that
we've
heard
about
to
get
freshness
in
particular
here
are
about
the
data
that
we're
potentially
revealing
when
we
perform
real-time
status,
checks,
associated
certificates
and
Stephen
had
a
number
of
points
of
discussion
about
this,
but
the
main
one
was
ocsp
and
I'll
have
some
diagrams
to
explain
is
being
a
bit?
It's
a
protocol
to
use
kind
of
in
real
time
for
relying
party
to
be
able
to
verify
that
it
should
be
is
still
valid
when
you
get
it
score.
K
Certificates
compromise
like
all
these
things
can
happen
to
them
and
because
we
are
doing
things
with
tiens
they're
kind
of
fancy
telephone
numbers.
We
made
some
further
tweaks
to
ocsp,
and
unfortunately
I
mean
those
tweaks
do
make
the
information
that
ocsp
reveals
more
interesting,
especially
to
the
purpose
actors,
as
we
call
them
to
too
pervasive
monitoring
systems.
There's
kind
of
eavesdropping
on
the
internet.
K
You
can
gather
a
lot
of
metadata
from
that
and,
although
there's
some
text
about
using
OCS
being
confidentiality
like
you
can
apparently
do
it
over
HTTP
and
thus
do
it
over
to
us
that
might
help
a
bit.
There's
still
a
ton
of
bed
idiots
that's
revealed
by
bath
itself,
so
we
can
and
should
be
better
slide.
K
But
you
know
I
really,
don't
know
that
we
know
how
to
yeah
and
so
after
a
lot
of
deliberation.
What
we
basically
done
is
fun
to
this,
the
text
about
freshness.
We
have
a
little
bit
of
discussion
and
there
about
yours
approaches
it's
important
to
do
it,
but
I,
don't
think
we're
ready.
Yet
without
some
operational
experience,
and
maybe
some
further
thinking
about
it-
to
stipulate
that
any
one
true
way
to
do
this
anyway.
K
So
this
is
by
far
the
largest
change
to
the
store
shirt
stocking.
The
came
out
of
eyes
to
your
view.
We
removed
a
lot
of
tax
that
used
to
be
in
there.
That
explained
exactly
how
you
do
with
this
with
ocsp.
That's
now
all
in
a
separate
document
we're
gonna
talk
about,
but
you
know
people
should
know
that
you
should
be
cool
with
that.
People
think
is
desperately
important
that
we
do
is
to
forget
freshness.
At
this
stage.
I'm
gonna
make
an
argument
that
I
think
certificate
freshness
matters,
I,
don't
think
it
matters
so
much.
K
We
can't
go
forward
with
the
store
sort
sake
without
it,
though
I
mean
I.
Think
this
really
is
something
that
we
can
go
out
and
do
some
useful
implementation
work.
If
we
don't
quite
understand
this
perfectly
yeah,
so
provided
no
one
in
here
is
going
to
be
it
up
and
cry
and
say
that
if
we
don't
get
this
right
now
we
shouldn't
proceed.
That
is
our
plan.
K
We
did
as
well
leave
in
this
approach
of
providing
a
TN
off
list
by
reference
instead
of
doing
it
by
value
within
the
cert,
and
that
actually
gives
you
a
lot
of
the
same
properties
to
prep
this
freshness.
In
other
words,
you
get
a
cert
and
rather
than
having
like
this
literal
block
that
says,
okay,
the
use
of
the
spcs
for
its
the
circuit
is
valid.
You
could
instead
have
a
this
URL
right
that
will
be
signed
by
the
CI.
So
you
know
it's
good,
URL
and
you'll
be
an
HTTPS
URL.
K
H
K
Unfortunately,
that
has
exactly
these
kinds
of
properties
that
in
some
ways
steven
is
worried
about,
because
the
relying
party
is
the
one
that
will
be
doing
this
and
go.
It
will
reveal
some
metadata
kind
of
about
who
is
receiving
calls
and
who
they're
talking
to
you
because
of
it,
depending
on
exactly
how
this
is
architected.
There
still
is
useful
metadata
that
can
be
mined
from
that.
K
Think,
okay
yeah,
so
we
have
two
new
documents:
that's
always
fun
right.
Yes,
when
we
thought
we
were
done,
we
have
two
more
asserts
related
documents,
so
I
mean
the
most
important
thing,
I
guess
to
communicate
about
why
we're
in
this
predicament
and
why
freshness
is
important.
First,
our
is
the
idea
that
once
we
especially
be
started
talking
about
tiens
themselves
being
effectively
the
subjects
or
certificates
and
especially
range
it's
blocks
of
TNS.
K
Suddenly
you
enter
into
a
new
world
where
it
really
matters
to
relying
parties,
whether
or
not
assert
is
valid
for
a
particular
TN,
and
you
know
we've
since
the
start
of
this
kind
of
agonized
over
this
and
approached
it
in
a
bunch
of
different
ways
how
we
kind
of
resolve
the
problem
of
when
you're
relying
party
and
receive
a
call.
It's
been
signed
for
a
particular
TN,
and
this
doesn't
apply
so
much
I.
Think
to
the
spc
side
of
this.
K
You
know
how
do
I
know
in
real
time
whether
or
not
that
number
hasn't
been
ported
or
or
you
know
whether
it
has
been
some
other
structural
change
that
I
need
to
be
aware
of,
and
that
it
requires
some
some
some
either
means
of
expiry
or
some
means
of
real-time
status,
verification
that
is
going
to
let
you
know
that
the
telephone
numbers
still
within
the
scope
of
the
authority
for
for
that
certificate-
and
you
know
again,
if
you're
only
doing
spco
addis
for
the
moment
is
only
address
pcs.
I
think.
K
K
So
there
there
are
a
bunch
of
ways.
We
can
enumerate
your
approach,
certificate,
freshness
that
are
familiar
in
the
industry.
There
are
things
like
crls,
there's
protocols
like
SCDP,
which
is
not
used
like
at
all
I.
Think
if
you
want
to
talk
about
crls,
move
approaches
to
crls
you're,
welcome
to
write
a
draft
but
I
think
the
main
approaches
I'm
interested
in
focusing
on
anyway,
our
jest
ocsp
and
short-lived
certs.
K
Initially
we'd
say
these
have
very
different
kind
of
privacy
properties,
kind
of
the
stevens
point,
but
actually,
I
think
once
we
delve
in
and
look
at
them
a
bit
more.
There
are
ways
to
skin
both
of
them.
They
sort
of
look
very,
very
similar
in
terms
of
what
information
they
leak
and
how
that
all
comes
together.
I,
don't
have
I,
think
a
strong
preference
myself
or
other
of
these.
K
Yet
so
I'm
not
here
to
give
you
a
recommendation,
actually
I
think
but
I'm
here
to
say
is
we
probably
need
to
go
down
both
these
paths
a
little
bit
more
and
actually
do
some
specification
work
and
understand
them
a
bit
more
before
I
be
prepared
to
make
a
recommendation
and
definitely
want
to
see
this
get
out
in
the
field.
People
do
something
with
it
before
we
make
a
recommendation
around.
Neither
of
these
next.
K
So
I
mean
the
classic.
Real-Time
credential
validation
story
looks
something
like
this,
and
this
is
my
typical
stir
in
band
picture
where
there
are
signers
there
at
that
intermediary.
You
can
imagine
that
intermediary
and
the
left
is
in
Norfolk
and
authentication
service.
It
is
ultimately
gonna
emit
signed
requests
that
have
the
headers
from
our
secret
person
before
bits
and
passports
inside
of
them,
and
then,
when
those
requests
to
make
it
down
to
the
verification
service
or
potentially,
two
end
points,
there
is
going
to
be
the
staff.
K
M
M
Yeah,
I
mean
so
so
like
in
the
web
on
getting
gear
HTTPS
connection,
and
you
really
would
like
to
check
whether
the
certs
been
revoked
before
you
accept
the
TLS
capture
to
do
that.
Check
you
cross
with
choc
SP,
server
and
you're
blocking
at
TLS
connection
and
the
HTS
a
request.
Why?
All
that
ocsp
can
ensure
bizzle
and
I
can
get
the
Firefox
staff.
Look
like
these
things
fail
like
some
of
the
double-digit
percent
of
the
time
sharp.
M
Multiple
seconds
and
like
OCS
Peter
small,
the
web
pki
infrastructure
has
not
been
able
to
deploy
a
CSP
servers
that
are
significantly
performance.
Do
you
have
validation,
please?
Okay,
so
look
like
if
you're,
if
you
have
tolerances-
and
you
can
build
your
ocsp
infrastructure
good
enough,
like
maybe
yeah
this
is
this
is
in
principle
workable,
but
in
practice
of
the
rod,
but.
K
But
you
know
least
agree.
This
is
the
picture
at
least
the
intended
architecture
of
Rosie
SP
and
how
it
is
supposed
to
work
with
this.
Yes,
I'm
going
to
show
the
stapling
architecture
like
two
slides,
but
this
is
the
classic
notion
of
how
the
stuff
is
supposed
to
work
right.
The
relying
parties
when
they
receive
requests
in
this
case
signed
requests.
They
go
out
and
check
in
real
time.
Hey
got
this
request
signed
by
the
cert.
K
In
our
case,
we've
added
the
wrinkle
of
TNS
to
it
rights
that
say:
okay
I
got
this
request
for
this
calling
party
number
and
I'm
going
to
look
and
see
if
the
third
say,
okay
is
that
telephone
number
and
the
scope
of
authority
of
the
circle
sign
correct,
and
you
do
this
kind
of
as
a
dip
at
this
point.
Yes,
exactly
so.
L
O
We
have
a
slugging
late
problem
legally
for
mobile,
called
Commission's
name.
Lead
is
a
big
problem.
Legitimate
mass
follows
think
bank
pretty
college
electric
utilities
I
want
to
tell
you
that
unless
you
pay
up
your
lights
are
going
to
go
out
that
type
of
stuff
right.
They
have
a
problem,
I'm
people,
don't
they
gave
them.
People
get
permission
to
be
called
at
some
point.
They
change
their
phone
number,
they
block
have
people
calling
plan
whatever
happens
to
be,
and
then
they
call,
and
then
the
unwitting
next
Oh
know
about
my
shoulder.
O
That
number
gets
really
upset
because
they
get
is
fun,
and
so
there
is
a
emerging
and
something
existing
real-time
infrastructure
that
is
essentially
pub/sub.
When
we
would
talk
pops
up
here,
I
essentially
tells
people
when
the
last
time,
one
way
to
last
instant
that
this
number
was
reassigned
to
somebody
else
doesn't.
L
O
Who
has
it
just
simply
says
they
were
as
a
transfer
or
entity
seen
ama
send
in
effect,
then
I
to
that
number.
So
wonder
if,
in
practice
where
carrier-based
validation
doesn't
work
for
so
bad
information
is
available
or
two
masks,
haulers,
obviously
and
carriers.
They
have
exactly.
There's
a
pimply
consortium
of
entities
and
major
failures
of
you.
I
L
O
K
O
O
K
O
K
I
think
I'm
one
hundred
percent
in
agreement,
but
let
me
talk
about
shortlist
search
because
they
also
have
side
effects.
Poppies,
I
think
are
significant
that
are
different
from
this,
so
I
mean
I
wouldn't
go
as
far
to
say:
I,
don't
think
we
need
to
be
concerned
about
freshness,
because
of
that,
because,
again
I
think
we
look
at
the
short-lived
search
approach
when
I
get
to
that
in
a
couple
slides,
we'll
talk
about
properties,
it
has
I
think
are
also
useful
for
reasons
that
are
that
are
not
covered
by
that
and.
L
O
L
or
something
like
that
that
avoids
many
of
use
privacy
issues
because
it
removes,
is
no
Colin
commission
at
that
point,
it
is
simply
a
whoever
had
it.
The
number
no
longer
does,
which
tells
you
essentially
nothing
yet
you
know,
because
viewing
or
pension
funds
and
I'm,
given
that
we
operate
in
an
environment
which
is
different
in
the
web
environment,
then
leave
a
number
verifying
parties
is
orders
of
magnitude.
Smaller.
We
don't
have
browsers
doing
at
the
moment.
Yeah
then.
O
But
I
mean
forward
for
the
next
you
I
there.
A
time
frame
is
validation
at
scale
will
happen
where
you
care
about
the
liability
in
real
time,
and
all
of
these
other
things
we
have
a
failure
is
not
an
option
is
if
you
operate
attend
a
second
step
length
scales
is
a
pub
sub
model
or
acol
might
actually
be
quite
far
more
effectively.
Fizzer
muy
avoids
be
real
time
aspect
in
it.
I'll
have
to
worry
about
it,
don't
have
a
privacy
platform
and
all
you
have
date.
K
Yep
I'm
round,
like
I
said
I
could
imagine
there
being
a
draft
which
I've
not
written
yet
that
would
be
about
serials
for
this.
Yes,
it
would
work
again
kind
of
like
the
crew
model
good
for
this.
You
just
assume
that,
because
we're
creating
so
much
venue
operation
environment
around
this,
especially
to
deploy
poor
shaken
that
yeah
you
could,
you
could
define
a
centralized
kind
of
crl
push.
That
would
probably
incorporate
not
just
that
it
you
referring
to
you
but
I've
added
some
other
data
as
well.
K
K
K
This
is
valid
for
this
particular
number,
which
this
call
is
being
placed
and
because
of
that
you
know
if
I,
just
if
I'm,
Cullen
and
I
have
my
10,000
numbers,
my
enterprise
I
can
just
randomly
choose
the
times
that
I
go
acquire
my
staples
for
these
every
three
days
or
whatever
stagger
it
out.
So
there's
absolutely
no
metadata
that
can
usefully
be
gathered
from
that
other
than
that.
You
know.
Cullen
Cullen
owns
these
numbers
and
even
that
we
could
probably
eliminate
by
just
doing
this
over
over
TLS
as
well.
K
So
what
that
so,
what
one
thing
I
would
say
about
that
if
we
were
going
to
do
that,
we
would
probably
actually
need
a
way
and
sip
to
carry
the
staple.
That's
not
something
we've
defined
today,
so
it
would
be
like
some
of
our
new
protocol
work.
We
probably
need
to
add
a
head
or
I.
Imagine
that
would
actually
to
carry
the
staple
along
with
a
lot
with
this.
K
We
don't
have
that
now
and
that
might
actually
be
something
that's
useful
to
do
for
sip
in
general
or,
like
some
other
applications,
do
that
use
certs
around
sip.
So
next
slide.
You
know
what
that
looks.
Like
is
much
more
like
this,
like
you
know
again
the
authentication
service
side,
it
goes
and
just
gets
its
staple,
and
it's
a
short-lived
thing
right.
K
These
staples
you
get
them
that
to
be
valid
for
some
very
limited
period
of
expiry,
and
you
use
that
and
somehow
carry
that
along
with
the
signed
request
and
then
nothing
needs
to
happen
on
the
terminal
side.
Nobody
takes
any
performance
hits
privacy
problems
really
seem
to
go
back
next
slide,
so
short-lived
credentials
like
sort
look.
Certificates
of
course
begin
to
look
exactly
like
this
okay.
This
gets
down
to
the
core
we've
now
skin.
K
Like
the
two
approaches,
this
they
end
up,
looking
more
or
less
identical
ones
going
to
do
is
see
stapling
pretty
much
you're
doing
the
same
thing
you
do
when
you
do
short
left
certs,
which
is
the
authentication
service
side,
is
going
to
go
out
and
acquire
from
biological
authority.
A
short
lead,
cert
use
that
and
turn
to
sign
the
request.
It
would
probably
have
to
then
stick
that
short-lived
certain
some
fashion
into
the
SIP
traffic
that
goes
across.
We
know
how
to
do
that.
K
P
Q
K
Next
slide,
the
idea
for
this
is
issuing
search
begins
that
expire
soon.
We
you
know,
it's
probably
worth
saying
what
we
think
short-lived
means
in
this
again:
I
think
it
probably
means
hours
or
days,
not
months
or
years.
Probably
we
would
need
to
wrap
something
more
specific
around
that
that
would
be
part
of
the
work
that
we
would
do
and
I
mean
really.
This
seems
like
a
no-brainer
right.
K
But
these
days
some
people
are
giving
this
some
thought-
and
we
have
this-
this
acme
snake
oil
that
barnes
and
people
like
that
are
selling
these
days-
that
all
the
cool
kids
are
using
things
like,
let's
encrypt
generating
tens
of
millions
of
certs
doing
this
in
that
right
and
yeah
I
mean
so.
This
is
just
based
on
the
notion
you
kind
of
think
about,
like
if
you're
the
authentication
service
you're
acting
as
an
acne
clan.
You
have
like
an
account
with
your
CIA.
K
The
CIA
knows
all
of
the
names
for
which
you
are
authorized,
for
you
shoot
certificates,
and
you
can
you
know
you
kind
of
prove
to
them
how
you're
authorized
to
do
that
and
I
that
could
involve
neca.
If
we're
talking
about
the
way
carriers
approach
this,
and
if
we're
talking
about
weaker
certs
that
are
intended
to
cater
to
end
users,
there
could
be
weaker
proofs.
We
have
some
preliminary
thinking
about
what
some
of
that
might
look
like
that
we
have
begun
to
circulate
next
one.
K
The
really
interesting
thing
about
this
approach,
I
think,
is
that
it's
not
like
Justin
end
user
approach.
This
this
is
I,
think
they've
been
the
cause
of
the
most
confusion.
When
we
talk
about
shirtless
turrets,
we
talked
about
having
search
screen,
dude
individual
tiens.
In
this,
the
whole
idea
behind
Acme
that
you
is
in
administrative
entity
can
have
an
account
right
with
your
CI
basically
and
have
a
a
set
of
names
right
for
which
you
are
authorized
to
be
issued.
K
Certificates
that
you
can
just
request
as
needed
means
that
even
if
you're
a
carrier
with
millions
and
millions
of
numbers
under
your
authority,
you
can
go
as
you
need
them
and
get
these
short-lived
search
for
just
like
one
number
like
on
a
per
call
basis.
That's
what
how
you
want
to
do
it
right,
and
so
what
a
cert
for
an
individual
TN
means
is
not.
This
is
a
cert
for
an
end
user.
It
merely
means
I,
don't
want
to
reveal
anything
else
to
you
other
than
that.
K
This
is
a
cert
valid
for
this
one
number
right,
I
don't
have
to
if
I
don't
feel
like
revealing
my
SPC's
or
anything
I
don't
have
to,
and
I
constantly
hear
from
carriers
who
are
looking
at
this
man.
You
know
I
really
don't
want
people
to
do
like
analytics
after
the
fact
be
able
to
ascertain
like
what
my
number
ranges
and
things
like
that
looked
like
like
this
system
is
designed
to
provide,
carries
precisely
that
property.
K
All
of
those
sorts
of
you
know
carrier
business
privacy
concerns
about
your
network
in
your
utilization,
I
think
that's
a
really
useful
property,
even
for
shakin,
like
networks
and
the
fact
that
it
gives
you
all
this
freshness
kind
of
stuff
straight
up.
You
know,
I
think
this
is
a
really
powerful
and
compelling
approach
and
I
think
we
should.
We
should
try
to
build
it
outta
bed
and
then
specify
the
bed,
and
it
dovetails
with
other
things.
K
K
K
That
so
RC
4474
bits
already
has
a
way
to
tell
you,
here's
the
sir
I'm
using
to
sign
this
request
right
so
into
if
you're,
asking
in
terms
of
distribution,
how
you
get
the
search,
relying
parties,
it's
using
the
standard
meknes
since
they're
in
4474
pets,
so
I
I
think
that
I
think
we
that's
pretty
ill.
It's
unlike
ocsp
ocsp.
We
would
actually
need
you
to
find
like
a
new
header.
It's
like
how
do
I
carry
this
staple.
K
M
H
K
Q
Halogens
I
mean
no,
in
fact,
I
think
it's
quite
the
opposite,
even
though
they
might
be
very
similar
or
OC,
because
we
might
be
even
slightly
better,
technically
speaking,
I
think
from
a
pragmatic
way
of
what
people
are
willing
to
implement.
You
have
to
implement
shortland,
sir.
You
have
to
implement
a
lifetime
on
the
certs
anyway,
and
what
that
lifetime
is
doesn't
change
your
code
and
we
used
to
end
up
with
shortly
of
search,
be
much.
O
H
H
M
L
K
B
D
B
Sure
so
I
guess
the
sense
of
the
room
that
we
want
to
get
is.
Do
people
want
to
proceed
with
ocsp,
short-lived
sorts
or
something
else?
So
if
you
think
that
the
short-lived
certs
is
the
right
way
forward
come
now,
if
you
think
ocsp
is
the
right
way
forward
hum
now
and
if
you
think
something
else
is
that
we
don't
know
what
is:
is
the
better
way
forward
hum
now?
B
Okay,
so,
while
John
was
talking,
I
tried
to
throw
a
quick
syntax
together
that
would
solve
what
I
heard
is
the
evolved
requirements.
It's
one
slide,
so
you
mail
this
to
the
list
and
the
guts
of
the
slide.
I
just
mailed
to
the
list
for
the
remote
attendees,
because
I
don't
think
the
one
slide
has
been
posted
yet
11.
B
B
The
part
at
the
top
has
two
pieces,
both
of
which
are
optional
and
the
coop
under
it
says
one
of
the
optional
things
must
be
present
or
you
shouldn't
have
done
this.
Ok,
so
the
first
part
is
must
include,
and
so,
if
that
is
present,
you
must
include
iat
orage
guest
and
whatever
else
is
listed
there.
If
it's
absent,
you
still
have
to
include
iat
orgy
desk.
B
Okay,
I
think
that
is
what
I
heard
is
the
varmint
for
the
first
part
and
the
all's,
it
is,
is
a
sequence
of
I,
a
five
strings
that
name
the
claim
names
that
must
be
present.
The
second
part
is
the
permitted
values.
If
this
part
is
present,
it
does
what
the
current
constraint
does.
It
says
the
named
claim.
B
P
C
B
P
O
O
O
K
J
K
B
K
Okay,
good
one
last
thing
for
me,
and
then
we
can
do
whatever
else
we
need
to
do
here,
so
people
keep
telling
me
that
we
need
a
way
to
do.
Scene
am
and
to
do
diversion
for
call
forwarding,
and
this
I
have
some
graphs
about
this.
They
have
not
generated
a
ton
of
this
discussion,
but
if
regulators
and
people
like
that
are
saying
that
we
need
them,
we
should
probably
do
them.
K
So
yeah
I'd,
like
I,
mean
I,
think
we'd
have
some
kind
of
charter
ish
discussion
here
in
a
minute
you
know
I
the
charters
old.
The
milestones
are
really
old.
There's
things
in
the
milestones
that,
like
we
said
we're
going
to
do.
We
never
did
and
stuff
like
that.
I
think
we
should
adopt
some
stuff
like
this
and
do
whatever
process
structures
are
required
to
get
these
things
adopted,
because
people
seem
to
need
them.
K
E
Any
comments
on
that
anybody
want
to
rush
the
mic
in
all
right,
so
we
also
had
agreement
at
that
time
to
add
whatever
we
needed
to
do
to
the
Charter
beat
milestones
or
text
that
this
group
would
work
on
passport
extensions.
We've
reviewed
the
Charter
turn
in
between,
and
we
believe
that
we
can
do
that.
Just
with
milestones
that
we
don't
need
to
do
charter
text
surgery
to
do
the
passport
extension
stuff,
though
it's
our
intent
to
just
start
to
work
with
the
80s
to
lay
down
milestones
to
do
passport
extensions
as
they
come
up.
E
E
If
you
think
this
is
a
good
idea,
let
me
just
put
and
turn
this
into
a
sense
of
the
room
home.
If
you
think
it's
a
good
idea,
we
start
working
on
this
as
a
group.
Now,
if
you
think
we
shouldn't
come
now,
so
we
will
work
with
the
80s
to
straighten
out
the
milestones,
get
rid
of
the
Croft.
Add
what
we
just
talked
about.
If
you
don't
see
that
happen
in
the
next,
you
know
two
or
three
weeks.
Please
make
some
noise
on
the
list
so.
K
K
For
this
I,
you
know,
I
mean
I,
think
that
we
were
helped
us
put
on
our
plate
and
by
degrees
at
the
time.
A
new
charter
there's
like
that.
This
looks
like
the
kind
of
things
and
with
your
privacy
meiosis
up
I
might
suggest
that
we
just
try
to
find
somebody
help
we'll
get
this
to
do.
That.
I
have
a
couple
people
I'd
like
to
guests,
for
that
so
I
mean
it.
You
know
so
brother
that
rather.
K
O
In
the
spirit
of
things,
but
I
won't
do
recently,
there's
been
a
lot
of
interest
or
concern.
I
should
say
about
emergency
calls:
roofing
issues,
location,
screw
frame
rate
of
things,
but
Amelia
locations
were
paying,
particularly
as
mg
and
the
one
starting
to
take
off
so
I
wonder
if
there's
any
interest
in
discussing
up
today,
but
it's
informing
and
possibly
so,
people.
O
Interested
in
looking
at
how
we
can
solve
our
old
location,
signing
our
location,
trust
problem
exploit
without
michaleen,
but
with
more
than
well-liked,
latest
novel
type
of
things
I
in
this
context,
so
that
you
had
to
bite
or
signed
location
provided
Lee,
some
alternate
approximate
location
or
the
purported
emergency
call
it
so
I'm
curious.
If
is
any
interest
enforcement
yeah.
O
K
We
look
at
this
a
little
bit
and
yeah
yeah.
This
is
that
this
is
a
classic
case,
where
I
think
you
do
a
pass.
/
extension,
probably
a
more
structured
extension
right.
They
would
allow
you
to
capture
the
necessary
location
fields
and
so
on,
but
I
think
it's
similar
to
see
down
like
imagine
it.
In
raid,
you
read
actually
be
the
CM
graph,
there's
kind
of
a
first
and
third
party
story.
K
The
words
there's
a
story
for
how
you
generate
the
passport
object
when
first
part
is
a
testing
the
color
name,
and
then
there
is
a
way
to
do
it
as
well.
Third
party,
a
station
to
generate
a
password
for
that
I.
Think
look.
You
should
be
very
similar
right.
You
probably
probably
have
both
so
you've
got
a
list
of
games
offline.
Do
what
he
hath
you,
the
generating
the
third
party
at
station,
so
I
think
we've
pretty
straightforward.
L
Chris
mine
yeah-
that
was
a
great
idea.
I
have
another
issue
that
we're
starting
to
look
at.
That
I
think
might
be
valuable,
just
going
to
get
some
feedback
on
it.
It's
it
is
more
service
provider
specific,
but
it's
the
problem
of
validating
a
service
provider,
validating
telephone
numbers
coming
from
the
customers
that
I
know
that
we
service
provider
themselves
providing
credentials
so
I
may
provide
some
Sexton
on
that.
I
E
Right
when
we
charted
this
working
group,
we
identified
a
couple
of
large
chunks
of
work
that
we
would
want
to
attack
and
we
had
in
the
Charter
text
a
strict
ordering
on
them
being
banned
in
the
out-of-band
n.
Man
has
been
shipped
out
of
the
group
modulo,
the
small
things
we've
been
talking
about,
out-of-band
still
stands
in
front
of
us.
E
A
K
A
Q
E
E
E
K
I
think
this
is
the
main
part
of
work.
We
have
lab
right,
it's
to
do
out
of
them.
There
are
technical
problems
in
that
we
go
house
all
what
we
need.
Realistically,
you
know
this
is
an
interrupt
right,
he's
a
virtual
interim
to
accurately
big
into
this
for
a
day
between
now
and
and
I.
Think
we
do
that
will
come
out
of
that
with
an
entry
good
shape
to
have
a
good.
K
H
K
E
Believe
we've
exhausted
what
we
had
on
the
plate
for
today,
unless
somebody
runs
to
the
mic
I'm
going
to
declare
the
meeting
closed.
Thank
you
for
your
time.
Investment
you've
got
a
little
bit
of
time
between
knowing
and
any
lunch
meetings
you
might
have.
If
anybody
wants
to
get
together
and
move
some
of
the
things
that
we
just
talked
about
forward.
Please
do.