►
From YouTube: IETF98-SIPCORE-20170330-1520
Description
SIPCORE meeting session at IETF98
2017/03/30 1520
A
B
B
C
D
So
this
this
is
Han
all
right,
so
it's
320.
Let's
go
ahead
and
get
started,
walking
welcome
to
the
SIP
core
working
group
session,
I'm
Jean
Mahoney.
This
is
adam
roach.
B
May
be
hard
to
believe,
but
I
am
sitting
in
for
Brian
Rosen.
Who
is
your
new
working
group
chair,
as
he
pointed
out
when,
when
we
published
the
original
set
of
documents,
he
was
one
of
the
SIP
chairs,
so
he's
tickled
to
be
able
to
return
in
this
later
era
to
resume
that
that
role?
Unfortunately,
he
can't
be
here,
and
he
has
what
been
and
I
agree
is
the
most
awesome
excuse
ever,
which
is
that
he
is
serving
as
the
armorer
for
the
u.s.
fencing
team
in
what
what
is
Bulgaria
right.
D
B
D
Didn't
that's
right,
I
asked
him
for
a
picture
and
he
didn't
send
it
well
I'll
see
if
I
can
get
one
okay.
So
no
well,
no!
Well!
The
note
well.
D
We've
started
circulating
the
blue
sheets.
Lease
line
need
a
note-taker.
They
would
like
to
take
notes.
I
know
nobody
would
like
to
take
notes,
but
who
will
volunteer
anyway.
E
D
You
alright
here's
the
agenda,
so
I'd
like
to
tag
on
a
few
things
at
the
any
other
business
Roland
had
a
document
dispatched
this
Monday
to
sip
core.
So
he
would
like
to
say
a
few
words
about
that,
and
rifat
also
wanted
to
talk
about
the
digest
authentication
scheme
force.
It
is
for
fought
here.
Yeah.
Oh
alright,
great
well,.
D
D
Okay,
so
status
of
the
working
group,
you
have
a
document
status.
We've
got
an
RFC
for
dns
dual-stack.
Thank
you
to
the
authors
in
the
working
group
for
getting
that
done.
Last
call
has
ended
for
Henning
strath
the
support
status,
unwanted
we've
got
name
at
our
guidance
working
group
last
call
has
ended
for
that
and
then
Christers
draft
the
SIP
core
content
ID
is
in
working
group.
Flatts
call,
please
provide
your
feedback
by
april
13,
and
the
next
working
group
document
is
Colin
post
BAM,
which
will
be
presented
today.
D
Just
an
update
on
the
milestones
we've
completed,
one
with
the
request:
publication
of
DNS
lookup
of
procedures
for
dual
stuck
client
and
server
handling
of
secure
eyes,
we're
making
good
headway
on
the
rest
of
them.
The
first
status,
unwanted
call
info,
spams
content,
ID
whoa.
What
if
I
down
there?
We
go
the
name,
adder
guidance.
We
have
also
happy
eyeballs
now
we're
not
discussing
it
today,
but
that
is
definitely
on
the
milestones
yeah
so
recently
dispatched
from
the
dispatch
working
group.
D
Now,
since
we've
reach
our
turd,
we
can
now
handle
a
little
bit
more
like
self-contained
small
updates
to
sip.
So
we
have
the
Winterbottom
sub
core
luck.
/
am
draft
and
Roland
will
be
presenting
that
today
and
also
his
the
second
draft,
which
was
dispatched
on
Monday
and
he'll.
Be
talking
about
that
at
the
end
of
the
meeting.
Also
is
Miriam
o
Holly's
draft
on
AP
served
user
header
field
parameter
for
originating
seed
of
such
a
case
and
sip.
No
we're
not
discussing
that
today,
but
that
was
also
dispatched
to
the
working
group.
D
Now
recall.
Documents
that
come
from
dispatch
means
that
the
dispatch
working
group
thought
that
this
was
the
best
place
for
the
work
to
happen.
The
civic
or
working
group
can
still
decide
whether
or
not
to
take
that
work
on
yet
so
we
should
take
a
look
at
these
droughts
and
then
decided.
We've
got
the
energy
and
interest
for
them.
F
F
So
if
it's
a
scams,
but
then
we
have
particular
charity
called,
so
they
are
legal
in
the
United
States
to
landlines,
not
to
cell
phones.
That
came
out
of
the
notion
it
used
to
pay
for
incoming
calls
and
political
calls.
Surprise,
surprise.
Young
survey
calls
and
then
we
have
a
category
of
woble
calls
which
actually
wanted,
but
most
people
at
least
some
people
misunderstand
the
call.
They
think
it's
one
scam
call.
But
this
could
be
something
like
your
prescription
is
ready
or
a
school
was
closed
or
whatever
and
I.
F
The
perspective
of
ship
related
things,
we
have
a
holster
I've
heard
of
signing
cards
to
prevent
caller
ID
spoofing,
and
then
we
have
things
that
are
more
relevant
here
and
I
just
want
to
make
sure
that
don't
get
confused.
So
there
is
an
effort,
not
in
super
I'm.
Sorry,
oh
there
is
a
effort
called
bear
start,
which
simply
indicates
that
this
epoxy
has
validated
the
call
ID
I
do
store
I
in
now,
that's
done
in
3gpp
I.
F
Don't
think
we
have
anything
to
do
with
Adam
unless
I'm
missing
a
draft
I
men
more
depth
today
is
a
survey
hoy.
It
called
Type
Indicator
should
say
like
survey
that
allows
the
called
party
to
make
a
more
reasons
decision
as
to
how
to
handle
the
call
the
problem
and
I'll
talk
about
that
again
in
more.
F
Definitely
in
a
minute
is
that
the
carriers
in
general,
because
of
the
spectrum
of
goodness,
were
robocalls
a
very
reluctant
to
get
into
a
call
filtering
business
because
they
afraid
they
filter
the
wrong
calls,
and
in
some
cases
it's
a
legal
problem
you're
not
supposed
to
do
that.
It
kind
of
maybe
early
versions
of
network
neutrality.
For
title
to
carriers
and
I:
secondly,
they
just
think
it's
bad
business.
F
If
a
do
that,
babe
there's
already
a
fair
amount
of
controversy,
because
they
do
filter
SMS
messages
in
order
to
go
to
SMS
spam
and
they
have
been
a
number
of
cases.
We
are
legitimate.
Organizations
have
complained
that
they
for
whatever
reason,
get
filtered
and
then
I
want
to
draft,
which
is
almost
done
besides
kind
of
a
last
call
revision.
Next,
so,
like
I
said,
some
carriers
will
want
to
leave
a
filtering
to
the
end
user
or
possibly
a
nap
on
the
end
user
device.
F
So
you
can
imagine
all
kinds
of
more
diversified
mechanisms
that
you
end
up
handling.
So
you
can
forward
voice
mail
instead
of
getting
bothered.
You
can
just
display
some
textual
information.
You
can
change
winging
behavior,
for
example,
I
in
the
Android
and
I
think
iOS
Do,
Not
Disturb
feature.
You
might
label
them
with
a
low
priority,
so
they
don't
wing
your
phone
features
by
weight.
You
might
have
a
local
app
like
I
mentioned.
You
might
consult
an
address
book,
maybe
you
put
them
in
there
as
a
whitelist
and
negative
going
through
make
it.
F
I'm
dave
dependent
all
kinds
of
fanciness
you
can
do,
but
unless
you
leave
/
call
in
some
way,
none
of
that
can
help
you
just
you
can't
build
I'm.
The
only
other
way
to
do
it
is
that
you
knew
a
query
to
a
third
party.
Are
you
to
say,
I
got
this
call
from
a
phone
number.
Do
something
tell
me
what
it
is
in
it,
but
that's
obviously
a
proprietary
and
B.
It
means
you
now
have
to
trust
a
third
party
and
they're.
F
Now
several
companies
hire
just
to
name
one
that
do
that,
but
you
now
have
to
trust
a
third
party
with
your
call
data.
We
talked
about
some
of
the
privacy
issues
that
we
have
in
stir
just
earlier
today,
I.
So
if
you
don't
want
to
do
that,
then
you
have
to
do
it
on
device
and
locally
way,
put
information
that
is
provided
by
the
entities
that
already
know
that
you're
being
called,
namely
the
carrier.
So
there's
a
privacy
aspect
to
that
as
well.
Next,
so
I.
F
Let
me
be
the
basic
idea
and
I
rearrange
the
sly,
should
we
arrange
for
slide
so
we're
basically
me
I'll,
tell
you
with
syntax
in
a
minute,
but
you
don't
remember.
The
most
significant
bit
about
is
a
labeled,
a
numerated
label
that
allows
an
entity.
Typically,
the
originating
or
terminating
carrier
to
label
is
according
to
a
number
of
categories,
but
it
doesn't
know
so
at
the
moment,
I
doubt
would
be
commonly
understood
and
usual
extension
mechanism,
so
it
last
time
when
this
is
discussed,
they
were
I
think
a
number
of
reasonable
concerns
that
were
expressed.
F
So
let
me
see
if
I
can
be
fair
in
summarizing
bows
and
maybe
give
you
my
perspective
on
those.
So
categories
are
somewhat
arbitrary,
unavoidable,
I
the
categories
aren't
completely
made
up.
You'll,
see
him
I.
So
there
are
a
number
of
categories
which
are
just
given
by
law
or
regulation,
at
least
in
the
US
and
many
other
countries
where
certain
sets
of
things
are
labeled
in
a
certain
one.
So
it
may
not
be
always
clear
what
a
survey
is
I
mean.
Is
your
bank
calling
you
but
customer
service?
Is
that
wine,
whatever
I?
F
But
there's
a
relatively
well
established
set
of
things
that
at
least
a
survey
taker
should
know
whether
they
fall
into
that
category
or
not
I'm,
assuming
they
don't
cheat.
Charities
are
well
defined
legally,
at
least
in
most
countries
is
not
for
profit
designations
and
so
on.
Political
calls
are
well
defined.
All
of
that
you
know,
and
I
also
have
what
turns
out
that
there
is
a
number
of
these
separate
third
party
apps,
and
this
is
queendom.
One
of
them.
I
owe
that
do
something
it
turns
out
to
be
very
similar.
F
F
So
that
seems
to
be
at
least
arguably
that
matches
deployed
reality
in
that
and
is
some
overlap,
not
not
a
whole
lot
with
the
old
ss7
calling
party
category
as
well
is
not
much
up
here,
because
most
of
them
operator
services
isn't
terribly
relevant
to
what
we're
trying
to
do
here
and
I
categories
are
somewhat
guesses.
So
how
do
you
get
to
the
category?
You
know,
and
there
are
two
ways
to
get
that
one
is
probabilistic
and
one
is
decorated
declarative.
So
if
a
probabilistic
one
is
something
like
that
we
have.
F
When
you
get
a
call
with
an
app
on
your
phone,
it
will.
You
can
basically
push
a
spam
button
and
if
you
like,
you
can
also
leave
/
call
afterwards.
You
can
do
that
in
the
address
book
or
you
can
do
it
after
I
mean
at
call
time
and
you
get
to
choose
among
those
type
of
categories
you
know,
and
so
you
can
imagine
a
scenario
where
the
likely
thing
would
be
in
order
to
minimize,
and
if
mislabeling
is
that
you
would
for
high-volume
over
callers
you're
likely
going
to
get
lots
and
lots
of
reports.
F
Hundreds
thousands
of
reports,
and
so,
if
that
number,
that
you
just
you
want
to
label
as
a
carrier
or
is
some
third-party
entity
alone,
we
call
path
is
almost
everybody.
Labels
is
as
a
political
call.
You
can
be
pretty
sure
that
that's
what
it
is
at
least
what's
what
people
perceive
it
to
be
in
terms
of
if
it's
kind
of
some
people
late
I
label,
it
is
survey,
summers,
political
cause,
some
as
I,
don't
telemarketer
I,
don't
know
what.
Then
you
may
not
want
to
label
at
all,
because
you're
likely
going
to
guess
more.
F
So
that's
a
more
probabilistic
type
of
mechanism,
which
I
suspect
will
work
mostly
well,
since
the
money
isn't
a
whole
lot
of
overlap.
In
some
cases,
like
I
said
you
could
I
say,
survey
and
political
intentionally,
because
there's
some
dispute
from
and
push
surveys
all
that.
But
the
other
thing-
and
this
came
up
a
little
bit
in
restore
context
as
well-
is
that
at
some
point
in
future
care
originating
carriers,
they
know
exactly
what
category
of
call
that
is
in
many
cases
you
go
to
list
it
also
and
slider
truck
I.
F
They
already
know
that
this
is
a
call
that
it's
been
placed
from
a
penitentiary
prison
call.
They
know
that
this
is
a
call,
that's
been
placed
by
a
financial
institution,
a
customer.
They
noted
the
government
agency
etc,
and
so
they
can
label
those
calls
and
in
order
to
prevent
spoofing
about
information,
I
be
longer-term
vision.
Is
this
would
be
turned
into
one
of
you
tags
that
you
can
sign
in
with
JW
te
that
you
would
have
in
English
mr.
framework
so
that
the
originating
carry
or
one
at
feast
it
can
be
caller
facing
care.
F
You
can
do
labeling
and
to
be
extent
that
you
can
believe
that
carrier.
You
can
I
mean
a
you.
Can
they
make
a
mistake,
then
am
I
intentionally
mislead?
Well,
you
presumably
figure
that
one
out
you
know
in
their
mind,
you're
terminating
Cal,
you
and
a
you
can
basically
I
my
best
part
in
statutes
and
everything
else
involved.
So
least
reputable
carriers,
presumably
won't
do
that
next
I.
F
So
the
parameters
get
more
into
syntax
is
for
things.
So
the
spam
probability,
which
is
really
kind
of
just
abay
rough
measure
of
uncertainty.
I,
don't
like
we
step
of
uncertainty,
night
measures,
because
it's
never
quite
clear
what
fifty
percent
actually
means.
It's
like
fifty
percent
chance
of
a
lane,
and
what
does
that
actually
mean?
It's
not
like.
F
You
have
to
alternate
realities
that
you
flip
a
coin
for
and
then
heads
or
tails
of
lanes
or
not
I,
but
it
gives
some
indication
to
extent
you
care
and
simply
I
use
that
because
email
spam
indicators
seem
to
do
something
like
that,
but
I
don't
think
it's
terribly
useful,
except
as
kind
of
a
I'm
almost
sure.
It's
not
spam.
I'm
kind
of
unsure
about
lots
of
people
reporting
it,
but
not
I'm
yellowish
in
that,
and
this
is
almost
definitely
spam.
This
is
unveiled
nobody
that
has
gotten
a
call.
F
A
minimal
has
not
reported
it
as
spam
or
all
the
indicators
arvest
is
spam
because
has
some
other
might
like,
for
example,
number
is
spoof
whatever
I
I,
so
you
can
be
almost
sure
this
turns
into
it,
and
indeed,
if
you
haven't
seen
that
in
the
newer
versions
of
Android,
we
may
actually
do
some
version
of
that.
So
when
you
get
a
call,
it's
either
your
normal
background,
color
or
background
color
of
your
dial
or
turns
red,
and
it
has
some
indicator.
F
This
is
a
spam
call,
the
type
of
call
I
talked
at
length
and
then
the
reason,
the
source
of
data.
This
is
just
this
is
not
a
structured
one.
This
is
simply
a
indicator
as
to
what
I
wear,
how
that
was
drive
for
debugging
and
other
similar
purposes,
so
I
bought
I'm,
spamassassin
headers,
which
indicate
as
to
which
filter
triggered
up
that's
most
likely
only
be
useful
in
the
pbx
type
of
context.
F
Well,
you
do
you
own
you
mind,
but
local
force
does
its
own
work
on
identifying
things,
and
you
want
to
log
as
to
why
you
got
there
later
and
then
the
sources,
the
domain
of
e
that
inserted
potatoes.
So
you
can
know
whether
it
was
done
locally
or
by
somebody
else.
So
looks
like
calling
for
header
I
usual
stuff.
F
Next
I
won't
go
through
Vacarro
categories,
reedom
their
definitions,
I
in
alphabetical
order,
Devi
usual
stuff
as
a
business
call.
So
I
emergency
Lloyd's
fought
a
health-related
information,
all
not-for-profit
asset
in
some
cases.
Obviously,
you
could
imagine
that
these
would
be
they're
meant
to
be
exclusive
in
that
now,
obviously,
a
fog
could
be
fraudulent
business,
but
you
wouldn't
do
that.
You
were
just
labeled
as
a
quad
as
opposed
to
a
business.
F
In
that
case,
next,
more
personal
call
I
would
expect
prison
calls
I,
that's
been
long
labeled
as
a
calling
party
category,
because,
typically
far
to
other
things
that
if
you
got
a
call
from
a
prison,
you
might
want
to
be
aware
of.
If
you
didn't,
if
it
wasn't
somebody
you
knew
who
was
in
that
unfortunate
situation.
F
I
spam
call
is
everything
else
and
trusted
I,
which
is
an
entity
that
has
like
a
electric
utility
or
something
that
at
least
as
an
entity
can
be
trusted
next,
like
that,
an
amazing
feature
capability
indicator
that
allows
you
to
until
we
have
signing-
and
this
is
really
an
intermediate-
a
kind
of
an
interim
step
I,
so
that
if
you
get
one,
you
want
to
be
sure
that
was
inserted
by
your
local
trusted
entity.
Otherwise
anybody
concert'
anything,
and
so
there
is
this
mechanism.
A
user
agent
is
supposed
to
ignore
it.
F
Unless
it
has
gotten
a
set
calling
for
spam
indicator
when
registering
meaning
that
the
local
saqqaq
see
will
insert
those
and
we
move
any
ones
that
it
did
not
insert,
one
I've
always
has
reason
to
trust
for
some
kind
of
media
trust
relationship
that
it
has
established
separately
and
not
so.
This
is
a
like
I
said
it
should
be
part
of
a
passport
claim
the
future
and
not
right.
I'm
hoping
I'm
get
I'm,
not
a
skald
feature
capability
experts.
F
So
if
somebody
who
does
that
more
frequently
nosy
people,
for
example,
if
that's
who
I
label
tell
me
if
it's
not
okay,
next
one
think
that's
pretty
much
it
that's
it.
It's
that's
it
so
I'm
again,
I
I
wanted
to
get
some
feedback
on
both
go
wall
approach
discussed
at
some
length
before
and
also
in
terms
of
just
more
mechanics
to
see.
If
there's
anything,
I
I
need
to
change
to
make
it
sufficiently
useful.
B
G
Absent
so
I'm
yeah,
John,
Peterson
I
think
if
our
golf
dispatch
all
I
said
was
this
point
about
putting
into
passport
right
in
the
sense
of
like
having
this
be
a
secure
indication?
Having
be
sign
actually
seems
kind
of
important
to
this
right
in
the
sense
of
this
is
exactly
the
kind
of
thing
that
I
would,
if
I
were
spammer,
would
log
be
able
just
get
call
infos
in
there.
G
That
say,
the
source
of
this
is
the
thing
you
trust
and
everything
else
and
then
not
have
to
be
signed
right,
and
so
it's
I
wonder
you
know
I
mean
knows
it
has
no
value
right
without
signing,
but
definitely
I,
think
having
it
be
incorporated
into
passport.
Certainly
tremendously
strengthens
the
value
of
the
my
question
and
that's
why.
F
I
put
in
this
intermediate
step
for
my
kind
of
the
step
in
previous
one.
We
are
you
supposed
to
be
mu
strip
it
unless
you
know
that
it's
inserted
by
the
pbx
or
by
your
local
trusted
carrier
in
that,
and
so
to
be,
extend
that
you
minuses
at
least
a
consenting
adults
type
of
Fang.
We
are,
unless
you
get
a
register
response
back,
it
says
I
assure
mine,
I
will
protect
you
against
what
you
said.
F
Then
you
should
ignore
it
or
any
and
ignore
it
anyway,
because
that
seems
to
again
I
can't
prevent
that
somebody
doesn't
do
what
they
claim
to
do.
But
certainly
the
idea
is
that
in
the
pre
passport
phase,
which
will
be
a
puppy
little
man
that
we
can
at
least
use
it
in
the
model
that
the
terminating
carrier
can
consult
its
database
and
do
its
thing
and
I
can
be
reasonably
sure
that
I'm
not
going
to
be
hoodwinked.
H
F
Let
me
answer
it
before
you
get
on
to
the
next
question.
Let
me
answer
that
question.
So
we
do
not
call
registry
was
designed
at
a
time
when
people
selling
newspapers
was
a
scourge.
You
might
remember
those
days
if
you
are
sufficiently
age
I,
so
we
are
white
works.
Is
you
register
as
a
consumer?
You
register
your
mobile
or
your
landline
number
and
I
actually
doesn't
really
mobile.
You
don't
really.
This
is
was,
as
I
said.
F
We
do
not
call
is
for
commercial
calls
in
general,
not
robo
calls
specifically
I'm,
because
what
were
called
some
mobile
number,
generally
speaking,
not
allowed
unless
you
signed
up
for
them,
I
said
so.
What
you
register
for
is
your
number
and
a
telemarketing
company
is
by
law
in
the
US
and
I.
Believe
it's
two
in
Canada
as
well
is
obligated
to
check
the
list
and
not
call
you
I
now.
F
Needless
to
say,
if
you're
committing
fraud
and
extortion,
you
don't
worry
about
getting
a
do,
not
call
violation
ticket,
it's
kind
of
like
what
said
the
bank
robber
doesn't
necessarily
worry
about
it,
but
parking
meter
just
ran
out
I
and
so,
but
do
not
call.
This
prevents
called
legitimate
us
space
in
the
u.s.
us-based
entities.
It
has
essentially
has
not
just
sense.
It
has
no
effect
on
the
people
that
we're
talking
about
Hugh,
namely
a
two
categories:
evil
ones
that
a
criminal
or
close
to
it
and
they
may
not
be
coming
on
me.
F
We
do
not
call
violation
our
civil
violations
and
not
it
you.
Unfortunately,
you
can't
put
jail
for
making
mobile
calls
unless
you
do
something
else
like
extortion
I,
but
you
can
get
fined
FD
mount
I
as
a
civil
violation
and
the
ones
which
are
legitimate
cause
in
the
sense
we're
not
illegal.
Like
the
survey
political
charity
type
of
calls,
but
many
people
prefer
not
to
receive
you
know,
and
so
she
says
is
in
no
way
solves
the
same
problem
is
we
do
not
call
us?
Would
you
do
not?
H
F
F
F
This
is
a
government
agency
in
this
case,
that's
what
the
prevalent
one
and
so
that
they
increase
the
chances
that
somebody
will
believe
that
they
are
actually
Oh
from
a
government
agency
as
opposed
to
somebody
who's
trying
to
swindle
them
out
of
a
paycheck,
I
and
Babel
label.
It
will
get
signed
at
some
point,
and
so
initially,
like
I
said
earlier,
is
that
won't
happen?
It
will
be
based
on
data.
That's
available
by
be
terminating
care.
You
or
third
parties
contracted
by
determining
Kennedy.
Is
it
most
of
us?
F
I
didn't
know
that
is
a
fairly
booming
business
of
data
companies
that
are
used
by
on
primarily
financial
institutions
to
label
calls
that
are
placed
to
financial
institution
for
fraud
prevention,
so
they'd
use
all
kinds
of
databases.
I
should
make
to
indicate
as
to
who
the
caller
is,
as
by
name
I
category
I'm
a
day
when
claimed
to
be
how
likely
they
are
fraudulent.
All
of
that,
so
it
actually
is
today
and
then
it'd
be
like
I
mentioned
earlier.
The
human
feedback
mechanism
I.
F
Currently
this
is
one
missing
piece
that
we
don't
quite
have
yet
is,
ideally
what
I
showed
under
higher
feedback.
You
should
be
able
to
send
that
back
with
the
unwanted
response
as
well.
I
haven't
done
not
yet
so.
The
same
response
categories
would
also
eventually
should
flow
back.
I
haven't
touched
that
yet
until
we
get
the
other
pieces.
I
I
J
F
I
F
Mean
if
I
do
take
a
look,
do
take
a
look
at
the
drafts
just
make
sure
I
didn't
screw
that
up,
because
I
copy
pasted
and
probably
I
could
well
have
miss
copy
pasted
because
I
just
said,
I'm
I
couldn't
quite
admit.
I
had
trouble
when
I
looked
at
the
registration
information
for
that
particular
registry
to
know
exactly
what
I
was
supposed
to
do,
it
kind
of
seemed
to
be
going
in
circles.
So
if
somebody
has
done
with
3gpp
type
of
stuff
is
I
directly
took
as
our
3gpp
style
future.
I
F
K
F
D
F
I
F
So
the
assumption
is,
it
would
be
the
entity
you're
registering
work,
so
this
would
be
your
an
IMS,
your
your
local
carrier
and
in
a
commercial
in
a
enterprise.
It
would
be
your
poxy
I'm.
Sorry
you
a
PBX
or
your
sip
trunking
provider,
whatever
it
happens
to
be
so,
the
assumption
is
that
that's
the
only
entity
you
have
any
reason
to
trust
I,
and
so
we,
the
idea,
is
that
you
would
I
do
what
it
says,
I'm
to
prevent
exactly
what
promise
I
said.
F
F
F
D
J
Yeah,
thank
you.
My
name
is
Roland
jessica
from
deutsche
telekom,
and
I
am
presenting
this
draft
here.
This
was
already
presented
in
dispatch
at
the
last
proc
meeting,
which
is
about
one
and
a
half
years
ago,
that
was
James
who
presented
it
and
it's
along
nearby
the
same
presentation,
since
nothing
heavily
has
been
appeared
with
regard
to
that.
It
was
only
to
be
dispatch
to
Sakura
due
to
the
fact
that
the
stuff
is
now
ready.
Let's
say
it
in
that
way:
what
does
what
does
a
draft
described
is?
J
So
this
field
will
indicate
which
entity
has
added
the
gay
location
had
a
field,
and
this
is
needed
to
allow
the
service,
at
least,
which
is
the
emergency
service
for
Europe,
to
indicate
which
entity
is
at
least
trustful
or
which
entity
is
to
be
taken
to
use
the
location
so
that'sthat's
at
least
the
issue.
What
what's
described
next
hell?
So
who
bonds
it?
Yes,
it's
etsy,
there's
a
project
for
93
which
defines
the
emergency
call
for
Europe.
J
So
this
is
a
issue
where
regulators,
vendors
and
operators
are
within
and
they
have
put
this
location
header
field
as
a
information
within
their
specification
and
at
least
that
that's
the
last
bit
which
is
missing.
They
want
to
get
ready
for,
let's
say,
find
the
proof
love
their
document
and
now
it's
missing
to
have
this
sick
element.
So
next
one.
So
so
the
question
is
how
to
proceed
now.
J
So
my
question
is
how
to
proceed
now
because,
from
my
point
of
view
and
what
I
get
from
the
comments,
it's
ready,
could
we
start
as
soon
as
possible,
working
group
last
call
or
do
we
have
to
go
further
for
other
procedures
or
with
the
possibility
to
have
a
ad
sponsorship,
so
there
are
possibilities.
Thank
you.
Thank.
D
You
who
has
read
the
document
I,
see
three
hands
for
hands:
okay,
so
I,
and
we
had
discussed
the
maybe
a
ad
sponsorship
here,
although
since
it
was
touching
updating,
64
42,
we
were
hoping
for
more
eyes
on
this
draft.
C
D
Okay,
so
you
volunteers
to
to
take
a
look
at
it
review
the
document.
F
J
D
B
F
F
Yeah
I
assume
you
have
the
same
problem
that
we
dis
just
discussed
I'm
talking
about
it.
I
right
but
I
mean
I.
Just
seems
me.
Oh
I.
G
Don't
know
if
it's
the
same
search
that
elongation
in
a
gentle
kiss
the
G.
Okay,
if
you
actually
like
you
know,
follow
this.
Yes,
URL.
The
reason
why
you
trust,
what's
in
their
side
of
it,
is
because
you
trust
the
trust
I
car
that
pitch
yes,
you're
right,
I
mean
it's
like
so
it's
very
different
once
you're
transposing
this
to
somewhere,
where
there's
some
crypto,
that's
telling
you
who
you're
talking
to
and
getting
the
info
from
you
just
saying
this
in
a
flat
head
where
it's
like,
hey
I,
was
a
source
of
us,
some
yeah.
G
I
mean
honestly
the
reason
why
you
should
trust
this
rice,
because
you
trust,
what's
on
the
other
side
of
that
URL
or
if
it's
in
a
CID,
that
the
object
net
CID
should
be
signed
or
something
right,
and
you
trust
it
because
you
trust
to
sign
that
so
I
mean
okay,
I,
guess
that
maybe
the
beg
for
the
question
that
gave
what?
What?
What
do
you
think?
What?
What
do
you
do
differently
right?
G
J
F
J
F
Be
attacked
both
of
us
are
coming
from
is
way
two
kinds
of
things.
One
is
purely
for
diagnostic
purposes.
We
are
you
want
some
indication
as
to
who
is
insert,
or
so
if
it
works
wrong,
you
can
blame
somebody,
but
you
don't
have
a
plat
model.
In
a
sense,
you
don't
have
an
adversary,
who's
trying
to
fool
you,
but
one
that
we
are
concerned
about,
as
in
the
previous
case
is.
If
somebody
wants
to
spoof
their
location,
they
can
pretty
well
figure
out
which
locks
oyes
is
going
to
make.
F
You
believe
that
location,
even
if
it
was
generated,
we
use
our
quick
reminder,
was
generated
whatever
I
they
will
put
in
whatever
achieves
day
on
the
failures
goals.
So
they
have
not
looked
at
security
conservation
intersection,
but
it
seems
like
this
is
not
adding
any
security
itself
unless
signing
part,
in
which
case
you've
already
solved
that
problem.
So
sorry.
M
J
J
K
G
N
The
premise
in
this
is
it
more
than
one
thing
may
ants
may
put
stuff
in
and
they've
got
a
list,
that's
an
ordered
list
at
the
consumer
and
that
ordered
list
will
say
which
one
they
bother
to
look
at
they're
all
trusted,
but
some
are
some
are
more
preferable
to
use
than
others.
I
think
is
the
use
case.
O
J
G
J
N
All
right,
so
let
me
restate
that
question:
why?
Why
do
you
need
that
to
be
readable,
like
that?
Why
is
that?
Just
not
a
vlog
you're
going
to
be
comparing
these
in
the
end
to
a
list
that
you're
keeping
any
anyhow.
So
why
isn't
just
a
a
string
of
random
bits
that
also
occur
in
your
list?
Your
answer
to
that
as
well,
it'd
be
nice
if
it's
readable
right
for
diagnostic
person
purposes
right,
but
the
the
jumping
all
the
way
to
a
domain
name.
N
And
I
hope
this
isn't
just
wasted
breath,
but
you
you
you
through
inspect
e
to
the
question
about
security
right
and
if
that's
going
to
be
the
answer,
then
I'll
just
sit
down
right.
If,
if
moving
past
spec
t
is
not,
is
not
something
to
put
on
the
table,
if
it's
just
a
speck,
T
draft,
then
you
know
not
I'll
go
back
to
go
back
to
sleep,
but
the
solution.
N
The
thing
that
they
were
talking
for
you
don't
need
that
local
source
thing
at
all,
just
tie
in
what
your
source
is
to
you
that
URL
verify
that
the
URL
comes
in
with
the
thing
that
your
lists
will
look
at
will
be
the
information
that
they
get
back
from.
You
know
the
domain
name
out
of
that
URL
at
that
point,
which
I
guess
then
gets
back
to
me
to
John
to
you
know.
G
G
So
if
you
want
to
do
it
like
I
want
to
flag
that
this
geolocation
came
from
a
less
high
resolution
sources
and
they
have
that
semantics
be
President,
it's
not
sure
what
adding
a
domain
name
in
this
adds
to
that,
and
yes,
of
course,
I
have
nothing
but
contempt
for
using
suspect
e
to
make
this
seem
like
it
is
actually
not
going
to
just
be.
You
know,
arbitrarily
populated
by
you
ever
wanna.
F
The
other
concern
that
I
have
is
Miss
goes
to
the
domain
name.
Issue
is,
if
you're,
sorry
henning
speaking
I.
If
we
issue
is
that
you
want
to
do
that
in
an
inter
domain
in
tight
mr.
formain
context,
and
primarily
the
distinction
you
care
about
is:
was
it
inserted
by
the
user
equipment
or
the
carrier,
or
maybe
a
vocation
service
of
some
sort
for
recipient,
the
public
safety
answering
point
or
terminating
carrier,
whatever
it
happens
to
be,
is
those
labels
are
completely
meaningless,
I'm,
not
even
sure
what?
F
after
main
I
know
what
my
naming
scheme
is
all
about,
so
if
you're
trying
to
functionally
label
it
as
opposed
to
blame
my
figure
out
which
box
to
kick
within
the
same
administrative
domain,
it
seems
like
a
functional
designation,
namely
this
was
inserted
by
use
and
equipment
by
Bakary
irvine.
Whatever
our
compactive
would
seem
to
be
more
helpful
I.
As
always.
What
do
I
know?
Is
it
downstream
keria
how
you
name
your
boxes,
no
idea
and
I.
D
Okay,
any
other
comments,
questions
feedback
all
right.
Well,
thank
you.
Roland
I
guess
you've
been
given
some
feedback
to
chew
on
so
all
right.
Okay,
thanks,
alright!
So
next
up
is
45.
H
P
So
the
idea
of
the
draft
is
to
try
to
and
delegate
the
application
of
the
user
and
authorization
to
a
third-party
entity
to
allow
the
user
later
on
to
register
without
the
set
pay
for
the
SIP
network,
and
so
the
user
will
use
some
in
on
Sept
credentials.
Do
that
and
later
on
be
able
to
register.
Typically,
this
is
we
want
to
use
that
for
single
sign-on,
a
top
of
feature
where
the
user
expected
typically
to
use
some
one
set
of
credentials
to
get
access
to
sip
and
non-slip
services.
So
next
slide
please.
P
So
how
is
this
the
draft
different
from
that
previous
support
raft?
So
the
previous
worth
draft
was
trying
to
be
very
generic
framework
for
authenticating
authorization
and
authorizing
sip
services,
so
we
had
very
long
discussion,
John
iron
and
another
on
the
main
less
than
we
killing
agree
into
it.
Couldn't
get
to
an
agreement
on
that.
So
this
new
draft
is
a
scaled-down
version.
It's
trying
to
focus
on
on
that
I
only
came
the
user
and
just
allowing
that
user
and
that
user
agent
later
to
just
register
to
the
same
network.
P
So
that's
that's
that
the
extent
of
this
draft-
okay
next,
like
so
a
defines
two
types
of
clients,
actually
talking
about
a
client's
and
in
general.
In
our
case
the
client
is
running
on
an
ass
accuser
agent.
So
there
are
two
types
of
clients:
a
confidential
client,
which
is
a
client
that
in
it
secures
that
the
credentials
that
collects
from
the
user,
whether
its
credentials
or
tokens
and
a
public
client
which
doesn't
do
that
for
it.
So
typically
like
the
public
line,
just
collect
that
in
credentials
and
gave
it
to
that
to
the
core.
P
So
we're
gonna
see
some
these
cases
that
use
those
two
types
of
fake
lines.
Next
slide.
Please
so
that
first
cases
say
talk
about
a
public
user
agent
over
32
I.
So
there
are
some
some
you
guys
have
very
limited
and
user
interface
in
this
case
we're
talking
about.
They
are
a
user
or
a
user
agent
that
has
virtual
I
so
that
the
user
agent
it
tries
to
register,
get
3d
redirected.
Yes,
so
in
this
case
we're
talking
about
30
to
it
could
be
something
else
it
could.
It
could
be.
P
400
is
something
we
can
discuss
a
that.
The
user
agent
then
goes
to
the
authorization
server,
which
is
an
out
of
the
scope,
vest
draft.
This
is
just
using
HTA
or
off
mechanism,
and-a
authenticates
the
user
and
gets
a
code
and
access
code
and
then
registered
without
your
authorization
code
right
that
the
proxy
then
uses
that
code
to
exchange
it
for
token
and
then
allow
that
a
registration
complete.
So
that's
one
users
use
case
right
next
slide.
Please
this
use
case
for
a
public.
P
So
he
will
that
user
will
use
a
browser
to
a
connect
to
the
authorization
server
authenticate
and
get
an
an
access
code,
which
is
our
a
numeric
Xcode
that
it's
a
is
a
limited
time
and
and
then
in
the
user
agent
collect
that
code
from
the
user
and
send
that
to
in
the
registration
and
the
proxy
exchanges
that
that
code
with
a
token
and
allows
that
in
the
registration
complete
next
slide.
Please.
P
So,
in
this
case
we're
talking
about
confidential
you
a
with
the
rich
you
I
in
this
case
the
UA.
It
directly
goes
to
the
authorization,
server
authenticate
and
obtains
tokens
directly
and
then
uses
those
tokens
to
register
with
that
with
the
asa
proxy.
So
a
the
register
will
have
that
access
token.
The
proxy
could
could
the
user
and
an
introspection
step
to
go
back
to
the
other
server,
and
then
it
complete
that
registration
next
line?
Okay,
so
you
wanna
crystally,
want
to
talk
about
the
some
ims.
K
K
This
registration
is
the
only
thing,
even
though,
when
we
had
the
previous
draft.
This
is
the
only
part
that
was
ever
used
by
by
ims
so
that
the
fact
that
scaled
down
do
not
really
affect
ims
usage.
We
still
have
what's
needed,
so
this
is
just.
If
you
have
heard
about
the
terms
that
I
a
misuse
is,
they
have
something
which
is
called
Vickie,
which
is
client.
They
have
a
ww
SF,
which
is
a
web,
basically,
the
web
server,
and
maybe,
most
importantly,
in
this
context,
it's
a
WAF
which
is
basically
the
authorization
service.
K
This
could
be
I
mean
where
that
issues
two
tokens.
This
could
be
owned
by
the
MS
operator.
It
could
be
a
third
party
like
or
like
Facebook
or
something
like
that.
The
way
oath
works
in
general
so
next
slide
please
so
this
is
just
very
simply
used
is
how
it
works
from
my
ms,
you
have
the
vehicle,
application
and
I'm
dynamics
user
is
the
resource
owner
and
there's
resources
that
you
know
I
am
a
subscription.
So
so
the
application
wants
to
have
access
to
their
due
today,
grey
ims
application,
so
it
does.
K
The
authorization
request
gets
grant
since
its
territorial
education
server
gets
the
token
and
the
token
is
then
sent
in
the
registration.
This
number
five
is
the
zip
register
request,
which
is
sent
to
ims
network
so
yeah,
that's
it
and
then,
of
course,
there
are
diam
is
network
Majesty's,
with
with
the
ims
user
credentials.
P
G
P
G
P
D
You
so
who,
who
has
read
this
draft
it
okay,
more
hands?
Well,
you
more
so
I
I
know
that
there
was
interest
in
this
draft.
Is
this
something
to
take
on
as
a
milestone
right
now
or.
K
D
I
guess
I'd
seen
seeing
who's
interested
so
hum
if
the
working
group
should
take
this
on,
say
working
group
item
right
hum.
If
you
think
that
this
should
not
be
a
working
group
item
that
we
shouldn't
work
on
it,
Oh.
O
D
All
right,
so
that
was
the
end
of
the
previously
published
agenda
but,
as
I
mentioned
other
was
the
very
recently
dispatched
doc
that
was
dispatched
on
Monday
and
also
rifat
wanted
to
talk
about
the
digest
so
Roland.
Why
don't
you
come
up
and
talk
about
the
the
850,
the
murder?
D
J
J
Thank
you
on
Monday
I've,
presented
in
dispatch
a
addition
to
the
reason
header
which
will
or
should
at
a
location
parameter
which
has
nothing
to
do
with
that.
What
I
present
it
before,
because
that
is
the
Q
850
location,
that
is
the
location
within
the
PS,
then
I
stand
network
where
a
call
is
released
and
due
to
the
fact
that
we
are
currently
have
hybrid
networks
where
we
have
PS,
then
last
sip
networks
in
work.
J
We
have
identified
that
we
need
this
kind
of
location
with
regard,
for
example,
the
busy
case.
It's
a
difference
if
a
user
is
busy
or
if
we
have
sand
the
busy
cause
value
from
the
network
and
and
there
we
have
different
service
behavior
and
that's
described
within
that
draft
and
I
would
like
to
proceed
to
work
here
with
in
zip
core
okay.
D
I'm
put
your
slides
from
dispatch
up
so
get
your
a
review
the
locations,
and
why
so?
Okay
and
I
was
you
know
as
an
individual?
You
know,
looking
at
this
I
thought
that
this
seemed
to
pretty
straightforward
and
a
small
small
bit
of
work.
So
who
has
read
this
draft?
Okay,
yep,
all
right,
so
I'm
any
interest
in
this
it
taking
it
on
as
a
working
group
item.
Okay,
awesome
sound
hum
if
there
should
be
a
working
group
item.
M
C
M
E
H
C
P
Okay
next
slide,
please
okay
and
knows
that
and
if
I
is
broken
so
next
slide,
please
so
I
RFC
76
16.
It's
a
that
latest
HTTP
digest,
so
it
updated
that
the
algorithms
that
are
supported
with
a
HTTP,
a
shot
of
56
that
the
default
a
512
to
fixes
56
as
a
backup
and
me5
as
pulled
backward
compatibility.
The
changes
also
requires
the
use
of
GOP
a
parameter,
and
there
is
a
new
iono
registry
for
new
algorithms.
So
that's
what
happened
in
an
HTTP
group
next
slide,
please.
P
It
currently
that
that
in
the
draft
is
talking
about
when
a
message
is
forked,
a
multiple
proxies
from
multiple
downstream
service
could
reply
and
challenge
that
request
and
and
the
endpoint
is
expected
to
kind
of
reply
to
a
multiple
of
those
so
wanted
to
get
your
thoughts
on.
But
that
makes
sense
or
do
something
else.
So.
N
What
you're
talking
about
is
the
subject
matter
of
the
very
first
draft
I
wrote
for
the
IETF
okay
got
rolled
into
3261,
okay,
to
change
that
behavior
you're
talking
about
opening
up
3261
in
redefining
the
way
proxies
deal
with
aggregating
responses.
Okay,
is
this
needed?
That's
a
question
systems
that
were
designed
that
expected
this.
The
expected
this
behavior
out
of
proxies
it's
what's
currently
defined.
How
big
those
deployments
are
at
this
point,
I
don't
know,
but
it
is
what
the
specs
says.
Okay.
N
E
E
E
E
P
O
Commenting
on
the
previous
slide
just
be
I
did.
This
is
just
to
think
it
probably
is
right,
but
we
should
just
make
sure.
I
know
that
when
stunned
/
turn
long-term
credentials
were
designed
to
be
able
to
use
the
same
databases,
it
says
a
sip
turn
this
or
I
guess
the
second
son.
This
is
defining
how
to
use
the
something
basically
HTTP
digest.
So
we
should
make
sure
that
those
are
aligned.
O
E
O
K
P
So
so
the
question
was
regarding
forking
right:
I
was
thinking
if
that
is
needed
in
the
first
place
or
the
whole
process
of
a
Penta
gating.
Multiple
downstream
servers
can
be
simplified
somehow
and
not
requiring
that
that
proxy
to
aggregate
that
challenges
back
to
the
client
and
the
client
to
reply
to
all
of
those
right
go
ahead,
so
I
it
again.
P
K
P
You
know
the
question
is:
is
that
is
that
needed?
Is
there
a
use
case
that
would
require
em
with
a
multiple
end
or
downstream?
Proxes
will
will
challenge
a
request,
and
then
then
put?
Is
that
ok
yeah?
So
that's
that's
answer.
Ok,
so
that's
I
was
looking
for
a
reuse
case
that
that
needs
this
right.
Ok
does
that
make
sense,
Mike
sure
show
and
Makoto
compass,
yeah
John.
G
P
G
G
P
J
J
G
P
D
I
got
not
answer
all
right.
Okay,
anybody
have
anything
else.
Blue
sheets.
Is
everybody
slaying
the
blue
sheets
right,
no
I
think
we're
done
well.
Thank
you.