►
From YouTube: IETF99-STIR-20170719-1330
Description
STIR meeting session at IETF99
2017/07/19 1330
https://datatracker.ietf.org/meeting/99/proceedings/
A
A
B
So
I'll
just
get
started.
This
is
a
draft
I
submitted
mostly
for
the
purpose
of
reserving
passport
extension
name
and
claim
names
related
to
the
Addis
shaken
work.
I
have
some
slides
that
provide
some
details
about
the
specific
claims.
I
did
get
a
comment
directly
from
John
that
we
might
want
to
put
a
little
more
detail
in
there
for
specifically
at
a
test
and
Orage
ID
I'm
happy
to
go
through
that
detail.
I
can
either
quickly
go
through
it
or
I.
Don't
know
if
people
have
any
specific
questions.
B
Origination
as
well
as
intentional,
whether
it's
illegitimate
or
legitimate
spoofing
of
telephone
numbers,
so
these
three
categories
basically
represent
the
combination
of
all
those
criteria
into
what
the
originator
can
attest
to.
The
hope
is,
of
course,
that
we'll
cover
all
the
use
cases
long
term
and
everything
can
be
fully
attested
to
and
everybody
can
trust
the
identity.
That's
been
signed
fully,
but
this
is
sort
of
a
transitionary
approach
to
make
sure
we
cover
all
of
the
calls.
B
The
origin
is
a
concept
where
we
can
provide
an
opaque,
unique
identifier
to
a
given
originator,
that's
inside
the
service
provider
network,
so,
for
example,
a
wholesale
customer
or
a
trunking
customer
PBX,
and
this
will
help
the
service
provider
the
originator
to
identify
in
cases
of
illegitimate
activity
where
exactly
in
their
network
or
which
customer
may
be
the
source
of
that.
So
it's
a
lot
to
do
with
traceback
and
and
other
activities
could
also
be
potentially
used
as
a
spam
Association
tool
as
well.
B
A
A
C
C
Okay,
so
thank
you
to
the
chairs
and
we
took
opportunity
to
actually
present
the
0-0
draft
at
the
interim
call
that
was
held
on
June
16th.
It
proposes
a
passport
extension
to
convey
cryptographic
signed
assertion
of
the
authorization
for
communications
with
the
resource.
Priority
header
allows
the
authorized
service
provider
to
sign
verified
content
within
the
sip
message
to
support
of
such
services,
as
in
sap,
which
is
government
priority
services,
as
well
as
wireless
priority
services.
C
It
also
applies
to
all
the
other
namespaces,
so
civil
emergency,
as
well
as
Public
Safety,
the
mCP
TT
namespaces.
Several
comments
were
received
after
the
initial
submission,
and
these
are
reflected
in
the
stur
are
p800
draft
and
subsequent
after
the
interim
call.
This
was
accepted
as
a
work
item
document
on
June
30th
next
slide.
Okay,
so
the
the
comments
and
the
updates?
Okay,
so
clarification
of
the
user
priority
level,
and
so
in
section
3,
we
specify
the
our
pH
plain
includes
insertion
of
the
priority
level
of
the
user
to
be
used.
C
Syntactic.
There
was
identified
unnecessary
nesting
of
the
label,
and
that
was
corrected
clarified
that
there
was
only
one
Authority
per
claim.
Okay,
so
though
it
doesn't
exist
today.
In
theory,
you
could
have
a
one
of
the
DoD
namespaces
present
with
a
government
priority.
Namespace
present.
These
are
two
different
authorities,
and
so
therefore
any
given
namespace
there
will
only
be
one
Authority
associated
with
that.
Namespace
clarify
the
authority
of
the
credentials,
and
this
was
done
in
Section.
Three.
The
authority
must
use
its
credentials
associated
with
the
specific
service
supported
by
the
SIP
namespace
in
the
claim.
C
That
claim
then
goes
back
to
the
authority
so
on
and
so
forth.
Explicit
text
we're
only
using
the
full
form
of
passport.
So
we
had
to
text
to
clarify
that
just
make
reference
to
44
74
bits,
so
text
was
taken
out
and
the
section
was
simplified.
There
were
editorial
knits,
also
added
next,
okay,
so
post
doing
those
updates,
we
received
comments
from
Janek
gun
on
the
mailing
list
relating
to
inconsistent
text
reference
in
section
5
clarification
of
the
ionic
considerations.
C
We
responded
on
the
mailing
list
to
these
concerns
and
didn't
get
any
additional
feedback,
so
we
feel
that
we've
addressed
those.
The
proposed
resolution
of
these
would
be
to
update
text
in
section
5
related
to
the
definition
of
the
rph
claim,
in
section
6
related
to
the
IANA
registration
passport
types,
specific
request
that
the
Ayana
add
a
new
entry
for
registering
the
type
r
ph
and
then
passport
r,
ph
types
similar
for
the
single
value
of
off
for
authorizing
priority
services.
Next.
A
So
Robert
sparks
thanks
for
addressing
the
the
comment
that
I
had
made
about
multiple
authorities:
I'm
still
a
little
confused,
I
think-
and
it's
probably
just
confusion
on
my
part.
But
if
you
could
sketch
for
me
quickly,
you
have
a
call
that
comes
in
there
is
a
signature
passport
object,
it's
going
to
be
created
that
makes
the
base
at
a
stations
to
the
person
that
placed
this
call
has
authority
to
use.
This
number
is
that
same
passport
going
to
be
extended
with
the
rph.
A
C
Okay,
so
we
were,
we
were
initially
debating
on
having
a
single
signing,
because
you
know
in
in
essence
at
least
for
the
WPS
ETS
service,
you're
actually
authenticating
the
user,
because
they
have
to
enter
in
credentials
in
order
to
be
authorized.
So
that's
a
and
so
our
thoughts
in
the
beginning,
because
that
was
a
higher
level
of
authorization
that
it
would
take
precedence
over
the
fact
that
they
could
use
that
telephone
number,
because
it's
a
it's
a
service
designed
where
the
service
can
be
used
from
any
telephone
anywhere.
Alright.
C
So
the
fact,
the
phone
that
you're
using
the
number
you're
using
making
the
call
from
is
is
is
is
almost
irrelevant.
But
as
we
work
through
certain
use
cases,
we
figured
out
that
no
to
cover
them
all
we're
going
to
need
to
and
to
not
confuse
just
keep
them
separate,
separate
signing.
E
A
As
everyone
read,
this
can
see
who's
who's
who's
read.
This
draft
looks
like
we've
got
pretty
good
coverage
in
here
with
the
clarification
we've
just
made,
I
mean
how
how
are
people
feeling
about
how
cook
this
is.
Is
this
something
you
think
we
can
last
call
like
in
the
next
month
or
so
all
right?
So
I'll
watch
for
the
revision
from
you
Martin
and
please
do
try
to
try
to
reflect
this.
This
conversation
we
will
and
and
we'll
we'll
bump
it
into
into
the
last.
A
G
G
You
need
to
have
a
way
to
account
for
the
fact
that
sometimes
the
person
you
called
ends
up
not
being
the
person
you
reached,
and
it
would
be
nice
if
there
was
some
chain
of
cryptographic,
authentication
that
could
take
you
all
the
way
back
to
the
original
passport
was
created.
This
is
obviously
a
problem
very
similar
to
one
that
we
have
long
studied
in
sip
history
info
and
that
the
classic
diversion
header
provided
ways
to
kind
of
capture
the
places
you
had
gone
through.
G
One
of
the
things
that
makes
our
situation
a
bit
different
is
that
we
merely
need
to
have
a
signature
that
will
still
apply
to
whatever
the
canonicalized
result
is
of
the
identifier
x'
that
are
in
a
safe
message
and
consequently,
a
lot
of
the
like
really
minor
transformations
like
if
you
change
the
entire
domain
name
right
in
URI.
It's
a
big
deal
for
like
diversion,
but
if
the
user
part
is
cellphone
number,
it
is
completely
inert
to
us
and
we
can
still
use
exactly
the
same
regional
passport.
G
You
change
the
domain
name
57
times
and
transit.
That
is
very
interesting
property
of
the
way
that
our
canonicalization
stuff
works.
But
it's
also
an
explanation
for
why
we're
not
actually
using
things
like
history
and
fill
our
divergent,
but
instead
are
using
this
new
mechanism
and
it
may
work
for
things
like
sip
brandy
if
we
ever
do
that
next,
so
obviously
the
basic
idea
behind
this
is
that
when
a
sip
call
say
containing
a
passport
arrives
at
an
entity,
that's
going
to
do
a
retargeting
that
diverting
entity
has
its
own
authentication
service.
G
That
will
then
create
this
new
passport
and
this
entity
interesting
enough
when
it
creates
this
new
passport,
doesn't
sign
for
the
originating
number,
because
it
course
doesn't
doesn't
probably
own
the
originating
number
it
might,
but
that
would
not
be
a
safe
assumption
to
make.
Instead,
it
ends
up
signing
over
the
destination,
because,
presumably
it
has
authority
over
the
original
destination.
G
That's
why
the
call
landed
there
in
the
first
place
next
slide,
so
you
can
kind
of
get
a
sense
of
what
this
would
look
like
from
this
for
an
original
passport
that
has
kind
of
thought
the
first
target.
You
then
end
up
with
this
new
passport.
You
see
at
the
bottom
which
in
the
div
claim
down
there,
has
the
original
target
stuck
into
that
and
you
have.
Instead,
this
new
destination,
you
were
targeting
to
in
the
destination,
and
you
could
of
course,
then
reach
a
new
place.
G
Should
people
look
at
this
and
say
wait
a
minute?
This
thing
like
was
to
Eckhart,
not
me,
and
so
therefore
I
know
this
person
trying
to
impersonate
John.
Probably
that
is
the
idea
now,
of
course,
the
problem
is
retargeting
makes
that
very
complicated,
and
what
we're
trying
to
capture
here
is
a
way
that
you
could,
if
you
were
determined
to
go
back
and
look
through
these
passports
and
make
the
necessary
cryptographic
chain
next
slide.
G
You
know,
I
mean
this.
This
is
not
rocket.
Science
I
think
this
one.
You
know
you
create
the
new
passport
you
sign
over
the
dest.
It's
like
not
there's,
not
a
lot
of
like
secret
sauce
here
now.
One
question
that
has
come
up
and
I
know:
we've
discussed
this
a
bit
is:
do
you
need
give
me
a
recent
header?
G
This
is
interesting
because
in
mechanisms
like
history
info
and
diversion
you
have
a
way
to
represent
kind
of
why
it
is
that
this
call
has
a
new
target,
and
this
is
useful
for
the
application
intelligence
that
was
intended
to
consume
things
like
history
and
file,
the
how
I
felt
about
this
anyway
to
today
it
is
that
it's
not
so
useful
for
our
use
case
here,
right,
you're,
trying
to
prevent
this
class
of
impersonation
threats
and
to
prevent
that
class
of
impersonation
threats.
It
really
doesn't
matter
why
anything
got
retargeted.
G
H
Talk
about
this
right,
so
Mary,
Barnes,
so
I
think
we
do
want
a
reason
and
I
think
you
know.
History
info
captures
the
reason
code
and
it
also
captures
how
the
diversion
happened.
If
you
will
right
whether
or
not
it
was
just
math
to
register
contact,
etc
and
I
still
think
that
information
is
useful.
Well,.
H
H
G
G
H
G
H
H
G
I
Please
do
I
definitely
have
use
case
for
it
and
in
in
in
the
emergency
services
that
there
are
legal
things
that
happen
with
records
of
what
how
did?
How
did
a
particular,
not
only
one
call
get
handled
so
retargeting
happens,
often
failures,
other
reasons
and
you
need
to
know
in
a
provable
way
what
happened
but
to
this
particular
discussion.
We
do
use
reason
headers,
but
that's
a
diagnostic.
Why
did
it
happen?
Is
the
diagnostic
issue
and
we
don't
need
cryptographic
assertions
on
that.
Yeah.
D
C
Yeah
Martin
Dali,
so
we
actually
have
a
use
case.
We've
been
contacted
by
fairly
large
financial
institutions
where
call
a
number
you
go
to
an
IVR
and
then
the
IVR
eventually
forwards
to
the
desk
the
ultimate
destination
and
so
see
the
destination
see
not
only
wants
to
know
both
be
na
with
then.
So.
Therefore,
this
is
a
request
that
we've
already
been
getting
and
will
probably
get
more
similar
along
those
lines.
D
G
D
G
G
B
Went
yeah
so
to
be
clear
on
that
subject
you
have
identity,
headers
that
are
A
to
B,
B,
to
C
C,
to
D
and
if
you're
missing
B
to
C,
you
know,
there's
obviously
somebody
that
right,
so
we're
good
we're
we're
good.
From
that
perspective,
another
note,
cable,
abs
and
Comcast
sort
of
got
together
and
went
through
a
lot
of
these
use
cases
and
thought
of
other
potential
ways
of
doing
it,
and
we
sort
of
lend
it
back
to
what
John
has
proposed.
G
Alright,
that's
a
we
got
on
this
I,
don't
know
if
we
ate
drive-in
next
right,
like
a
next
step
slide.
Yet
no.
G
A
A
H
A
G
H
G
J
J
G
We
could
create
a
sub-element
right
of
div
and
like
do
it
that
way,
that
has
extensibility,
and
then
we
put
in
that
or
it
could
just
be
a
separate
thing
that
in
the
passport
right
so
okay,
now,
let's
talk
a
little
bit
about
our
CD.
That
is
my
I
promised
and
the
interim
call
we
had
in
June
that
I
would
rename
this
from
CNM
because
it
really
wasn't
helping
anyone,
including
me
so
I'm,
not
only
our
CD
I
think
rich
call
data
rich
call
data,
pretty
tasty.
G
And
right
now
it
defines
exactly
one
thing
which
is
now
as
a
possible
sub
element
to
it,
and
that
provides
a
key
value
pair
with
the
traditional
sip
display
name
to
do
the
kind
of
color
ID
appearing
I
approach
to
this.
But
the
idea
of
this
is
that
our
CD
is
something
it's
supposed
to
be
richer
than
simply
caller
ID.
We
want
to
be
able
to
put
anything
in
it
that
we
think
should
be
rendered
to
a
user
that
helps
them
to
make
a
decision
about
whether
or
not
to
pick
up
a
phone.
G
That's
what
we
mean
by
rich
call
data
in
this
instance,
and
that
scope
is
a
little
different
from
the
ways
that
I
know
a
few.
Other
organizations
are
studying
this
of
tried
to
cut
this
up
and
that
that
difference
is
intentional.
I
want
kind
of
what
appears
in
the
passport
here
to
be
the
stuff
that
either
an
application
acting
on
behalf
of
a
user
will
consume
and
do
something
useful
with
or
that
will
be
rendered
to
the
user
directly.
G
We've
had
gone
through
a
couple
categories
where
we
think
this
might
be
having
things
about
organizations
like
this
is
a
government
calling
use
a
bank
calling
you
Henning
is
fond
of
doing
things
like
this
with
color
info
and
so
on,
even
some
course
location
data,
social
networking
data.
Anything
like
that,
the
disc,
easy
ascends.
Oh
this
person
calling
you
you
know
there
are
three
people
in
your.
G
You
know
first
degree
network
that
this
person
is
friends
with,
so
these
there's
some
possibility
that
you
might
want
to
pick
up
the
phone
next
level,
the
basic
idea
as
well.
That
is
that
this
operates
in
two
modes:
kind
of
a
first-party
attestation
and
a
third
party
at
a
station
without
PPT.
This
is
just
something
you
can
like:
throw
in
right,
throw
in
the
RCD
element.
If
you
don't
even
keep
going
ago,
she
ation
if
the
entity
that
receives
it,
doesn't
understand
it.
G
G
That
applies
to
the
the
originating
number,
and
this
model
is
the
way
that
some
of
these
kinds
of
services
today
there
are
kind
of
two
ways
you
can
do
this
today,
either
you're
getting
first
party
data
from
the
originating
carrier
or
you're
getting
third
party
data
from
a
service.
Yes
and
full
disclosure.
My
company
operates
such
a
service
in
North
America
next
slide.
G
This
is
what
it
looks
like
without
a
PPT,
you
can
just
have
down
there,
the
RCD,
with
a
name
Ellis
Atlanta
same
as
the
display
name,
you
see
and
sip
it's
exactly
taken
out
of
the
front
header
field.
Of
course
we
also
make
noises
about
how
you
could
take
that
out
of
PS
or
did
identity
or
anywhere
else
who
happen
to
be
storing
that
kind
of
stuff.
G
In
a
message
next
slide-
and
this
would
it
looks
like
with
PPT
now
we
have
in
the
x5
you
a
different
entity,
that's
doing
the
signature,
but
otherwise
pretty
much
you're.
Looking
at
the
same
claims
here,
it's
just
they're
coming
from
a
different
entity.
So
in
this
case
you
have
reached
out
to
a
third-party
service
and
said:
hey
I
got
a
call
from
this
number.
What
can
you
tell
me
about
it?
What
get
back
is
this
passport
signed
by
that
third-party
entity?
That's
the
idea
next
slide.
B
B
K
G
G
G
It'll
look
at
the
signatures
on
those,
and
it
could
be
that
it
trusts
this
entity
right
who
signed
this
third
party
passport,
or
it
could
be
you
don't
that
they
vary
that
that,
and
he
doesn't
trust
them
and
really
that's
what
it
comes
down
to,
and
then
this
this
models,
though,
the
way
that
these
kind
of
third-party
services
work
today
like
if,
when
a
carrier
dips
us
for
CNN
data.
Today,
we
have
like
a
business
relationship
with
them
and
they
try.
For
that
reason
right
and
like
so
their
verification
service.
C
G
Another
dimension
of
this
you
know
is
that
I've
been
at
least
kicking
the
tires
on
you
know.
If
we
have
these
first
and
third
parties
kind
of
you
kinda
know
why
right
people
think
what
they
think
about
who
these
colors
are,
and
you
know
it
occurred
to
me
that
we
see
this
already
in
shaken,
like
in
those
attestation
fields
and
shaken.
There
are
cases
where,
if
you're
a
carrier
right,
the
person
you're
signing
for
is
your
direct
customer.
G
There
are
other
cases
where
you
have
a
reseller,
that
you
have
a
relationship
with
that
they
have
a
block
of
numbers,
and
maybe
you
don't
then
directly
assigned
to
specific
customers,
those
telephone
numbers
and
maybe
you're
just
getting
stuff
from
somebody
else
right.
That
is
why
there
are
those
kinds
of
attest
levels
and
shakin
and
I
suspect.
G
We
probably
need
something
similar
for
this
I,
don't
know
exactly
what
shape
that
needs
to
take
yet
I
think
if,
if
we
got
the
shakin
stuff
specified
in
the
ITF,
I
could
just
point
to
that
and
say
like
hey.
We
can
do
like
what's
in
that
so,
but
I
mean
I
think
we
need
to
understand
exactly
how
good
match
that
really
is,
and
in
some
cases,
I
think
we're
gonna
have
things
like
crowd-sourced
information
that
people
have
gathered.
G
So
once
we
start
getting
to
things
like
carrying
location
information
around
in
these
objects,
it
I
start
to
get
a
little
nervous
about
the
privacy
implications
of
that,
as
this
passes
through
the
telephone
network
necessarily
I
think
we're
gonna
start
having
to
develop
a
confidential
confidentiality
story
for
a
passport.
If
the
information
in
it
is
going
to
start
to
get
more
sensitive,
now,
I'm
saying
a
little
bit
more
about
confidentiality
in
the
out-of-band
deck,
but
I
have
I'm
starting
to
envision
what
a
story
for
that
might
look
like.
G
We
also,
of
course,
would
need
to
spec
what
the
interface
is
for
third-party
passport
acquisition.
I
suspect
that
we
probably
end
up
being
out-of-band
roughly.
We
can
talk
about
that,
but
we're
going
to
have
to
have
a
whole
kind
of
HTTP
protocol
that
you're
going
to
use
to
talk
to
the
CPS
another
band.
To
say:
hey
are
there
passports
for
this?
G
But
it's
so
famous.
Okay,
yes,
I
really
didn't
do
any
like
next
step
slides
for
this
next
steps,
there's
more
to
be
done
here
there
just
as
right.
This
is
still
relatively
hey.
I
think
we
need
this
hey
here's.
What
some
elements
might
be
we
might
want
to
plug
into
this
I
think
we
can
try
to
identify
like
the
minimum
subset
of
things
and
then
where
we
might
want
to
extend.
But
you
know,
I
think
this.
This
is
probably
gonna
have
a
few
more
revs
before
I'm
gonna.
L
Paul
Hoffman
and
looking
through
the
draft
I
had
two
things.
Just
reminding
me
of
old
crap
frumpy
kicks
came
to
mind
one
is
you
seem
to
be
assuming
when
you're
gonna
display
this
to
the
user
in
some
way
that
it's
text
so
that
the
canonical
example
for
P
kicks?
Was
the
logo
type?
You
know
the
picture
of
cat,
so
you
need
to
think
about
that
I'm.
Not
so.
L
L
N
N
Your
number,
which
will
get
us
everything,
I,
mean
even
in
one
place.
You
said
if
it's
not
available
for
the
name
that
you're
gonna
rely
on
the
attestation
for
the
number,
and
you
know
for
the
longest
time,
I'll
cite
the
US
regulatory
bodies.
We've
been
required
to
follow
every
detail
that
is
related
to
that
number
to
the
number
like,
for
example,
privacy,
privacy
of
name
has
to
follow
number.
We
don't
have
a
separate
privacy
label,
for
name
and
and
this
extends
to
any
additional
or
metadata
that
you
intend
to
present.
G
G
I
certainly
am
NOT
presuming
to
dictate
what
the
policy
is
for
which
one
of
these
you
accept
and
why
right
I
think
that's
going
to
depend
on
all
kinds
of
things
about
who
your
trust
relationships
are
with,
and
so
I
mean
it's
not
I,
guess
I,
guess,
I'm
I'm,
saying
I,
don't
think
we
need
to
be
prescriptive
about
that.
I
could
imagine
a
profile
like
shaken
right,
our
profile
developed
at
Addis,
taking
this
mechanism
and
saying
for
the
North
American
use
case.
G
N
Okay,
so
it's
open,
but
from
a
practical
point
of
view,
you
do
recognize.
I
mean
if
you're
aware
of
what's
going
on
right
now
in
the
display
framework
back
in
the
US.
There
are
a
lot
of
parameters
and
variables
that
are
coming
in
to
be
analyzed
before
you
make
a
decision
as
to
whether
to
display
a
warning
or
not
to
search.
F
G
N
I
I
It
is
not
provided
by
the
sort
of
the
origination
carrier-
it's
not
provided
by
the
termination
carrier,
it's
provided
by
a
third
party,
so
the
third
party
has
to
be
able
to
supply
the
information.
That's
where
caller
ID
comes
from
in
three-quarters
of
the
cases
today
it
does
not
come
from
the
origination
carrier.
It
doesn't
actually
come
from
the
termination
carrier.
It
comes
from
a
contractual
agreement
between
the
termination
carrier
and
the
third
party,
but
the
third
party
is
the
one
that's
supplying
the
data
absolutely.
N
I
No,
no
we're
trying
to
do
a
cryptographic
assertion
that
the
name
is
correct
for
this
number.
That
assertion
is
coming
from
a
third
party.
It
is
not
coming
we're.
Not
asserting.
This
claim
does
not
assert
that
the
caller
was
a
particular
number.
It's
saying
that
the
name
associated
with
a
number
really
have
to
be
the
one.
That's
in
the
origination
by
the
name,
yeah.
G
L
B
Went
maybe
look
at
it
from
so
Comcast
contracts
out
to
Company
A
for
calling
name
services
does
Comcast
want
to
be
legally
liable
for
what
name
comes
back
or
do
we
want
to
have
like
a
B
attestation
that
states
you
know
where
subscribe
to
a
service
you're
getting
what
you're
getting,
but
we
don't
we're
not
populating
AT&T
gets
customers
names
and
guaranteeing
that
we
know
for
an
absolute
fact
that
that
is
in
fact
their
name.
G
I
said
this:
this
is
not
a
policy
matter.
We're
gonna
set
here.
I
could
imagine
a
framework
like
shaken
Attis
framework.
This
is
going
to
take
the
just
building
blocks
that
we
specify
here
and
say
in
North
America.
This
goes
like
that,
but
we
are
not
in
the
business
of
setting
policies
for
how
carriers
trust
what
and
why?
That's,
not
what
the
ITF
does.
Ok,.
N
G
I
mean
it's:
if
you
know,
then
you
include
that
stuff.
Maybe
customers
tell
you
this
and
trust
you
to
share
it
with
other
people.
It's
not
I,
don't
I
mean
how
do
you
know
this
in
any
case,
out
of
these
are
just
these
are
just
data
elements
that
may
or
may
not
be
useful
for
various
use
cases.
This
is
not
something
that
I'm
saying
Martin.
You
need
to
go
out
and
learn.
Whoever
use
Facebook
gets.
This
is
not
like
a
mandate.
This
is
just
a
Swiss
Army
knife
yeah.
B
G
G
L
Named
you
know
if
you're
getting
name
from
third-party
third-party
is
also
going
to
say
and
here's
their
LinkedIn
ID,
and
all
of
that
I
was
assuming
that
you
know
ten
years
from
now
when
this
is
all
happening
and
we
start
snarfing
is
off
and
seeing
how
are
they
populated?
None
of
them
will
be
populated
by
first
party
they'll,
all
be
populated
by.
G
Don't
know:
okay,
not
none
so
few,
where
we
are
today,
as
Brian
said
as
a
world
where
a
lot
of
third
party
attestation
for
this
right
or
how
you
get
names
today,
some
of
the
rest
of
this
stuff
like
location,
though,
for
example,
I
mean.
Maybe
that
is
something
that
the
originating
carrier
is
in
a
better
position
to
point
you
to
the
right
list,
right
or
whatever
so
I
mean,
and
it
could
be.
That's
the
way
to
implement
location
is
the
points
when
to
list
so.
L
B
A
A
You
anticipate
this
being
used
when
there
is
a
single
authority,
you'll
end
up
with
a
single
signature,
one
identity,
header
and
that
entity.
Any
header
means
both
that
we've
verified
that
the
person
that's
placing
this
call
has
the
authority
user
egg
and
that
the
binding
from
that
a
rigged
number
to
that
name
is
is
valid.
Fact.
If
you
flip
to
the
second
one
now
rust,
the
one
with
with
okay
got
it
sorry.
A
This
is
a
second
signature.
There's
a
first
signature
that
talks
about
the
person
making
the
call
has
and
determined
to
be
Authority
has
the
authority
to
use
the
call.
The
second
signature
speaks
only
to
the
Association
of
that
number.
With
that
name.
Just
the
thing
I
want
to
the
case
that
that
I
think
it
would
be
worth
reading
through
the
spec
and
probably
adding
text
is
considered
the
attack
that
they
removed.
A
The
first
day
and
any
header,
this
is
the
only
one
you
get
I-
can
easily
see
some
implement
or
making
the
mistake
that
a
well
there's
this
thing
here.
That's
got
this
a
rig
in
it.
That
looks
like
a
base
passport
thing
to
me.
So
that
means
that
that
name,
that
number
has
been
determined,
be
you
know,
authoritative,
lis,
connected
to
that
caller
and
I
think
we
need
to
get
the
words
and
to
make
sure
that
no
implement
will
make
that
mistake.
You're
right.
I
G
J
Yeah,
gentlemen,
exciting
I'm,
not
so
deep
on
the
specific
details
of
the
syntax
here,
but
it
seems
like
some
way
of
claiming
not
I.
You
know,
since
actually
I
say
this
is
the
origin,
but
you
know
I
say
you
know
this
name
corresponds
to
this
origin,
something
so
something
syntactically
different.
That
says,
you
know
the
input
to
my
process.
Was
this
or
aghhhh
you.
G
Yeah
yeah
and,
like
you
know,
we
did
that
and
maybe
I
don't
know,
maybe
there's
a
lot
of
options
like
that.
I
definitely
welcome
feedback
on
this
on
the
list,
though
this
is
something
that
we
got
to
figure
out
like
I,
said
I'm
not
presenting
this
as
something
I
think
it's
particularly
baked
at
this
point,
but
it's
getting
a
little
closer
I.
I
Would
like
to
encourage
him
to
go
forward.
This
we've
talked
about
this.
We
and
we
pushed
it
off.
We
said
we're
going
to
deal
with
this
for
a
long
time
were
the
the
basic
surra
mechanism
is
going
it's
now
the
time
to
do
this,
absolutely
I
think
this
is
going
in
the
right
direction.
We're
bringing
you
know
as
we
look
at
the
I
mean.
You've
got
an
actual
example
here,
and
we
can
look
at
it
and
say:
okay.
Is
that
what
we
really
want
to
see?
I
Well,
you
know
a
lot
of
it
is
yes,
I
mean
I.
Think
this
first
part
third
party
thing
is
exactly
what
we
want
to
have
I.
Think
the
discussion
that
that
the
the
questions
you
raised
early
about
you
know
being
able
to
do
reputations
on
third
parties
and
other
things
very
important
to
get
in
the
text
and-
and
this
discussion
that
we
just
have
is
also
important
to
get
in
the
text.
However,
we
end
up
with
syntax
check.
F
A
A
O
Hello,
my
name
is
Shawn
Turner.
You
may
have
seen
me
earlier
today,
great
great
time,
so
we're
here
to
talk
about
really
the
requirement
for
certificates
to
have
a
freshness,
speken
ism,
to
ensure
that
you
know
that
there's
an
operation
mechanism
and
right
now
we
really
got
kind
of
two
drafts
or
kind
of
there
there.
O
There
are
two
drafts
that
we
have
in
basically
in
point,
so
one
is
certificates,
OCSP
and
really
what
that
was
was
the
stuff
that
got
peeled
out
of
the
base,
the
dirty
good,
strap
and
split
into
its
own
draft,
and
this
other
idea
this
tersh,
it's
short
lived,
which
came
out
of
a
I
she
basic
discuss.
So
that's
basically
we're
talking
about
it
now.
So
next
so
yeah
we
got
reel-to-reel
pass
like
regardless
of
what
we
do.
We
need
to
understand
some.
O
O
We
pretty
much
know
that,
like
looking
at
the
analysis,
we're
just
not
gonna
do
those
so,
let's
just
take
them
off
the
table,
so
it's
basically
like
we're
kind
of
blowing
them
out
of
the
water.
So
the
end
of
the
day,
we're
gonna
have
two
real
choices,
which
is
OCS,
B
and
roll
of
certs
and
there's
kind
of
trade
offs
between
the
two
and
I
should
be
I'm.
A
O
So
the
fact
that
it's
dead,
like
doesn't,
really
hurt
my
feelings,
I've
written
a
lot
of
our
C's,
no
care,
think
we've
been
exploring
both
paths
a
bit
and
basically
we're
mostly
here
to
talk
about
Charlotte
service
cuz.
That
really
seems
to
be
the
way
going
forward.
It's
kind
of
how
would
we
do
those
so
next,
so
sure
love
certs
right
really.
The
idea
is
essentially
that
you've
got
people
that
are
making
the
calls
and
they
they
talk
to
an
intermediary.
O
Who,
though,
the
the
interaction
between
the
the
end
point
in
the
intermediary
earn
sign
and
the
intermediary
can
get
a
cert
that's
short-lived
and
they
can
sign
thing
and
off
they
send
it
and,
if
you're,
either
between
an
actual
between
the
tweeter
meters
between
the
PBX
to
the
intermediary.
So
the
idea
is
that
if
they
get
the
person
who's
doing,
the
signing,
which
is
the
intermediary
or
the
PBX,
can
actually
get
a
cert.
O
O
So
you
can
really
issue
these
certs
for
Yuval
TMS,
and
you
can
basically
pick
the
expiry
point.
Like
you
can
say
it's
like
I
said
it's
an
hour
two
hours,
four
hours
whatever
you
want,
though
it's
not
necessary
that
actually
just
be
for
intermediaries.
You
could
actually
extend
it
in
your
mind
to
actually
be
for
in
for
actual
signers
of
the
call.
So
it's
it's
if
that's
the
the
really
great
part
is
that
we
can
kind
of
decide
how
to
hang
ourselves
based
on
how
much
we
want
to
make
complex.
O
It's
our
and
the
first
point
I'm
at
the
beginning
is
like
trying
to
limit
it
and
they
kind
of
expand
out.
It's
one
of
the
good
points
about
the
whole
thing
and
the
idea
is
basically
saying
we're
really
only
attesting
for
the
the
signer
of
the
call
for
this
call,
which
is
really
great,
but
it
also
introduces
a
bunch
of
other
complexities.
So
again,
so
the
real
question
is
like
what
a
short
live
really
mean
right
hours
days,
I,
don't
know.
O
Maybe
we
actually
don't
have
to
specify
that
here
we
can
leave
that
up
to
some
other
group.
We
could
just
say
here's
how
you
do
it
and
then
North
American
red
number
registry,
whatever
whoever
it
is
fix.
The
number
to
the
South
American
people
in
Europe
say
well
for
us
it's
a
week.
We
still
the
people
it's
three
days.
Whatever
you
could
put
those
in
that's
great.
O
The
really
hard
part
is
to
get
a
new
cert,
because
the
end
of
the
day
like
doing
these
attestation
is
like
super
easy,
but
like
certificate
management
is
like
a
pain
in
the
ass
right.
So
at
the
end
of
the
day,
it's
like
how
do
we
do
this
and
Colin's
not
calling
here
Mike's,
not
here
so
he's
got
a
PhD
and
apparently
he
couldn't
figure
out
how
to
get
a
sir
out
of
like
a
well-known
provider
and
was
kind
of
like
a
joke,
but
it
was
kind
of
serious
if
there's
some
magic.
O
That
needs
to
happen
so
to
solve
that
problem.
Next
we
got
a
P,
so
the
whole
idea
is
apparently
I'm
talking
apparently
I'm
talking
to
choir
here.
So
the
a
in
acne
is
automated
whoo-hoo.
So
the
idea
is
you,
take
it
out
kind
of
the
hands
of
the
user.
Actually
try
to
do
these
things,
and
that's
really.
The
point
is
the
idea.
O
The
receiving
of
the
relying
party
can
actually
get
it,
heydo
validate
it
magic
happens
and
it's
actually
magic,
and
you
know
what
this
stuff
is
deployed
and
it
works
scary,
awesome
next,
so
really,
there's
there's
also
two
drafts
of
acne
right
now
that
they're
talking
about
is
the
sake
telephone
number
or
the
search
provider
stuff,
and
really
that
it
shows
that
essentially,
that
acne
can
be
used
for
this
kind
of
stuff.
It's
just
not
that
hard
to
do.
It's
there's
not
rocket
science.
O
P
O
O
What
would
it
name
being
assert,
but
how
would
you
do
that?
You
know
what
there's
plenty
of
ways
we
can
stick
values
in
assert.
That's
really
the
awesome
part
about
the
certificate
is
infinitely
flexible,
thanks,
Russ
and
one
of
the
things
that
we
can
do.
It's
come
up
with
a
way
ways
to
do
this
thing
and
like
if
we
need
to
come
up
with
a
special
name
like
the
way
we
do
it.
We
can
kind
of
do
all
that,
and
it's
all
kind
of
like
not
not
a
big
thing.
G
So
it's
it's
it's
open-ended,
basically,
which
is
good
and
bad
yeah
John
Peterson.
So
actually
you
know
Martin
had
a
comment
on
the
list
about
this.
I
still
replied
you
this
your
budget,
but
why
we
didn't
stick
spc
into
the
subject
name
or
some
other
field
like
that
exists.
I
mean
the
short
answer
for
me.
G
If
these
two
that
has
always
been
that,
if
I
having
the
Tia
Nautilus,
contain
this,
this
bundle
of
both
the
Surfrider
codes,
which
in
North
America
would
be
like
Oh,
CNS
or
whatever
and
tiens-
is
that
the
two
identifiers
are
the
one
way
kind
of
interchangeable
right
like
if
you
you
know
if
you
can
even
interrogate
the
NPAC
and
ask
it
like.
You
know
what
is
the
oceans
associated
with
this
TN
and
vice
versa?
G
Okay,
I
got
the
associate
and
like
what
are
the
set
of
TNS
are
associated
with
that
so
I
kind
of
view
them,
because
that
you
can
do
things
like
this
delegation
right
or
if
I
can
get
a
Serb
and
we
identify
a
token
format.
That's
sufficiently
generic
to
be
able
to
say
things
like
you
know,
as
the
authority
signing
for
this
ocn,
this
SPC
I
say
it's
kosher
for
you
to
delegate
this
TN
to
this
particular
user,
which
we
think
can
then
do
through
Starr.
There's
it's
the
Acme
star.
G
That
is
just
like
all
kinds
of
mechanism
that
we're
gonna
be
building
over
there.
That
will
work
for
this
Livi
awesome.
I.
Think
most
of
this
is
most
of
that
part
like
how
you
explain
what
the
SPC
is,
and
this
I
mean
it's-
it's
pretty
much
baseline
to
either
stir
certs
or
do
these
documents
now
and
exactly
so
I
think.
O
Fair
enough-
and
that
really
was
all
about
the
last
point.
So
next
slide.
Oh
look,
hey
got
sure,
love,
certs,
look
yeah,
just
not
that
hard.
It's
already
being
worked.
It's
based
on
a
use
case,
which
was
possibly
argued
but
was
least
legitimate,
so
homework.
It
will
go
with
that
point
and
allows
the
the
the
name
owner
to
delegated
name
and
quickly
resolve
it.
So
that's
pretty
much.
G
John
Peterson
again,
we
we
do
need
star
to
be
a
little
more
generic
than
it
is
I.
Think
to
view
flickable
to
this
case,
because
star
contains
this
language
like
about
like
dno
domain
name
owners,
things
like
that'
minutes,
it's
really
specific
to
the
lark
problem.
Space
I
think
you
could
make
it
a
more
generic
mechanism
that
would
be
applicable
to
this
and
rich.
You
can
expect
me
to
be
attack
me
to
talk
about
that
on
Friday
right.
O
So
the
only
thing
that
I
would
add
to
that
is
basically
like
one
of
the
things
that
was
the
problem
was
it
was
trying
to
figure
out
like
how
to
narrow
down
these
cases
and
my
my
theory.
What
for
why?
Lurked
it
and
go
for
it
was
the
fact
that
it
was
kind
of
like
broad.
We
couldn't
figure
out
what
it
was
here.
If
you
actually
said
that
here's
what
we're
gonna
use
it
for,
you
could
narrow
it
down,
and
you
could
maybe
say
we
could
do
this
and,
like
we
solve
a
problem.
E
Rich
sauce
acne
co-chair,
we
actually
split
up
the
star
stuff
into
renewable
short
term
automatic
renewals
and
then
the
delegation
is
a
separate
thing.
So
you
know
cuz
that
everybody
agrees
and
renewables
is
good.
E
O
Cool,
so
that's
four,
that's
really
great
and,
like
I
said
I
could
week,
I
really
think
that
we
could
kind
of
adopt
it
if
we
narrowed
it
down.
I
think
it
wouldn't
be
a
super
stretch
to
say
that
it
would
fit
for
this
particular
use
case
and
we
can
adopt
it
and
work
on
it
as
opposed
to
like
having
a
like
a
well
do.
We
need
to
have
a
buff
to
figure
out
what
we're
gonna
do.
You're
like
it's,
it's
easier
to
narrow
it
down
and
decide
about
sorry.
P
O
O
The
shortlist
role
of
stuff
would
really
kind
of
like
work
out
in
the
long
run,
and
I
actually
think
that
if
we
have
an
audit,
so
the
big
concern
was
we
don't
have
a
way
to
get
certs
so
be
able
to
sign
this
stuff,
and
if
we
have
a
way
that
we
can
do
this
quickly
and
actually
get
the
certs
and
be
able
to
verify
them
like
we're,
it's
like
a
win.
So
why
wouldn't
we
do
this,
and
so
my
basic
theory
is
like:
why
don't
we
just
do
this
drop
the
OCSP
stuff
for
posterity?
O
O
This
is
a
really
was
okay
great.
How
do
you
do
PGI
based
stuff,
because
the
long
initially
when
they
came
out
and
signed
stuff
right,
they
duffed
it.
So
when
the
signature
was
valid
back
in
the
day,
but
your
current
time
clock
was
past
that
date,
it
would
show
it
is
invalid.
So
eventually
they
had
to
be
like.
Oh
that's
not
actually
how
it
works.
The
signature
was
good
back
and
then
the
time
is
different,
but
it
was
good
back.
Then.
I
O
Document
that
explains
so
I
I
think
it
would
be
like
security
consideration
number
one
by
the
way,
a
signed
phone
call
is
good
for
a
validity
period
of
this.
Based
on
that,
you
can
keep
using
assert
if
you'd
like,
but
the
the
call
won't
be
good
anymore
and
the
call
is
still
also
good
in
the
past.
Its
and
I
seem
positive
right.
Yes,
yes,
absolutely
so
you
can.
You
can
narrow
it
down
to
that.
Yes,.
L
E
L
Well,
no,
but
that's
actually
a
really
important
point,
so
that's
security
considerations,
number
one
security!
Consideration
number
two
is
what
kind
of
CAS
do
you
trust
and
I
think
it's
worthwhile
just
because
I
for
those
you
don't
know,
I
work
at
ICANN
and
we
have
a
whole
bunch
of
different
CPS's
now
for
things
that
we
do,
which
actually
aren't
all
aligned
based
on.
Is
there
a
no
CSC
OCSP
responder
for
this
CAS?
Are
there
you
know?
Do
we
publish
this
yet
so
I
think
saying
there
is
no
expectation
for
OCS,
PSC,
VP
or
even
CR.
L
L
Actually
put
us,
but
I
would
say
this
document.
You
know,
security
considerations
is
to
say
CPS
for
the
CAS
who
might
do
the
short
lived.
Certs
are
not
expected
to
do
and
list
the
things
that
that
an
outside
person
who
is
used
to
see
peas
from
the
web
trust
world
would
expect
because
we're
just
getting
hit
really
badly.
With
that,
we.
B
B
O
O
G
John
Pierce
can
so
interesting,
like
one
of
the
use
cases
for
that
was
if
you're
someone
who
owns
like
a
large
block
of
numbers,
but
you
don't
want
to
reveal
what
that
block
is.
You
know,
you'll,
you
could
get
a
short-term
cert
for
just
a
single
number
right
for
the
purpose
of
placing
a
single
call
and
basically
every
time
you
meet
a
call,
you
could
get
a
different
search
for
it
now
it
you'd
have
you
pretty
paranoid
right,
be
concerned
about
your
data
being
collected
and
so
on
in
that
way.
But
if
you
were
this.
O
Would
allow
yeah
so
that
that's
one
of
the
concerns
we
had
initially
was
like.
Oh
look,
you've
got
a
block
of
numbers
and
you
want
to
expose
it
in
your
your
cert
by
saying.
I
am
authorized
for
all
of
these
things.
You
just
say
do
one
at
a
time
you
again
you'd
have
to
be
pre
super
paranoid
and
also
have
a
pretty
good
infrastructure
to
support
the
fact
that
you
could
actually
issue
all
those
circuits.
J
O
O
G
G
O
G
O
F
O
O
O
O
L
O
O
L
O
Hey
we
thought
about
this:
we
publish
it
for
information.
Go
look
at
this
other
draft
because
actually
that's
the
way
to
go.
I
mean
it's,
so
it's
so
I'm.
So
again,
Paul
I'm
actually
perfectly
frigging
happy
with
that,
because,
like
one
less
thing,
I
gotta
track,
so
maybe
maybe
I
mean
to
the
chairs.
Let's
can
we
do
that?
Is
that?
Okay,
if
we
a
call
for
adoption
for
the
stroller
shirt
stuff,
what
did
we
yeah.
A
A
F
Max
wanna
give
elapsed.
It's
just
there's
more
question.
The
adoption
of
the
Charlotte
certificates
will
prevent
people
from
using
longer
lead
certificates
and
using
no
CSB,
or
is
that
an
option
that
we
say
never
going
to
be
supported?
Don't
do
it
so
that
that's
the
reason
why
we
might
publish
the
SSB
as
an
informational,
if
someone's
to
do
that
or
I.
Think.
A
I
B
A
K
O
Correct
that's.
My
theory
is
that
we
provide
a
mechanism
to
indicate
it
and
we
can
give
oh,
we
might
give
some
kind
of
like
it's
we're
not
talking
about
years,
we're
talking
west
and
then
some
other
group
can
say
rake
some
other
group,
ie
regulators
can
say
for
North,
America,
Europe
Japan
pick
this
or
industry
group
can
actually
get
up
and
say
like
look
we're
gonna,
do
it
for
another
week
or
two
days
or
whatever
and
like
leave
it.
So
other
bless
means
naughty.
B
G
G
So
I'll
do
this
myself.
Next.
G
Just
a
brief
reminder
of
why
we're
here,
so
somebody
told
me:
I,
had
this
figures
been
going
around
that
in
North
America
at
least
like
50
percent
or
over
50%
of
all
landline
calls
are
now
gonna,
be
sip
calls
or
something
like
this
year
as
the
projection,
which
is
pretty
cool.
If
you
told
me
that
in
1999
that
it
would
only
take
us
18
years
to
get
to
that
point,
I
am
alright.
G
It
might
not
broken
out
the
party
hats,
but
here's
the
problem,
not
everything
is
yet
and
then
SEP
and
we
just
we
need
to
have
a
story
if
we're
serious
about
putting
a
dent
in
robocalling,
but
how
this
is
gonna
work
just
for
pots
calls
cuz,
there's
a
lot
of
calls
there,
just
like
cell
phone
to
cell
phone
calls
today,
and
that
is
what
has
motivated
what
we
call
here
at
a
band
which
is
basically
taking
out
of
band
of
Sep.
We
get
passport
objects
from
an
original
authentication
service,
determining
verification
service
that
I'll.
G
Let
you
know
that
the
calls
legit
next
slide.
This
is
all
based
on
its
metaphor,
something
we
call
a
CPS.
We've
just
been
talking
about
CPS
and
CPS
is
a
different
kind
of
CPS
here.
This
is
a
call
placement
service
and
the
idea
is
that
you'll
have
endpoints
that
are
in
some
ways:
smart,
we
kind
of
assumed
what
it
means
to
be
smart,
for
this
purpose
is
that
you
have
an
internet
connection
and
a
PSTN
connection.
Typically,
you
will
store
at
the
CPS
a
passport
you'll
make
a
passport.
G
Just
like
you
would
an
ordinarily
for
a
sip
call.
You
stick
it
up
at
the
CPS
and
then
a
pots
call
happens
when
the
pots
call
reaches
its
destination,
whoever
lands
on
that
side
and
my
smart
phone
we
could
mean
a
gateway.
We
could
mean
an
enterprise,
we
could
mean
an
iPhone,
we
could
mean
all
kinds
of
things.
It
goes
out
and
retrieves
the
passport
Martin
already
you
have
an
issue.
Please
no.
C
G
G
The
first
is:
how
do
you
find
a
CPS
and
if
we
assume
there's
like
one
CPS
in
the
universe,
well,
that
that
began
di
I
would
love
to
operate
one
for
you
somehow
I,
don't
think
that's
how
this
is
gonna
work
out,
though,
probably
there's
going
to
be
all
kinds
of
different
CPS
as
being
run
by
different
people
and
there's
gonna
have
to
be
a
service
discovery
component
of
that
there
are
a
couple
of
like
weaselly
words
about
this
right
now
in
the
specification,
but
I
don't
know
is
that
the
short
answer?
G
G
So,
let's
talk
about
what
I
think
is
a
second
important
problem
with
this,
which
is
how
do
we
make
sure
that
the
right
parties
are
storing
and
retrieving
these
things
from
the
CPS,
because
otherwise
this
is
just
one
massive
purpose
target
like
we're
just
creating
this
like.
Please
tap
this
or
or
if
I
am
the
one
entity
in
the
universe
gets
to
operate.
It
I
could
monetize
this
data
so
successfully,
and
it
would
just
be
so
awesome
to
have
all
this
data
pass
through
it.
So
how
do
we
minimize
that?
G
What's
the
best
story,
we
can
come
up
with
to
make
this
work?
That's
what
I
like
to
work
on
a
dead
next
slide.
This
question
of
who
gets
to
store
passports
is
interesting
for,
among
other
things,
this
use
case
I
mean
you
can
imagine
like
designing
a
CPS
in
such
a
way
that
you
require
the
originating
user
agent
to
kind
of
authenticate
itself.
You've
got
a
serve
certificate
anyway,
right,
you're
signing
passport,
so
presumably
the
authentication
service
could
just
authenticate
itself
to
the
CPS
and
say
by
virtue
of
that.
G
G
G
What
ekor
was
going
to
talk
about
here
be
dead.
Today
was
one
of
his
fancy
ideas
for
how
how
we
could
do
that.
There
are
things
you
can
do
where
by
minimizing
your
interaction
with
the
kind
of
the
CPS,
the
instances
in
which
you
have
to
authenticate
yourself,
where
you
could
get
like
tokens
in
advance
and
then
kind
of
spend
those
tokens
as
you
upload
passports
to
it
in
a
way
that
won't
actually
be
tybalt.
G
Intial
that
you
used
to
authenticate
yourself
to
the
cps,
this
would
be
fancy
and
we
get
scared
and
we
have
to
do
fancy
things.
Something
fancy
like
that
probably
would
be
necessary
to
lick
that
DDoS
staying,
provided
that
we
don't
want
to
have
you
just
authenticate
to
the
CPS.
If
we
have
you
just
authenticate
directly
the
CPS,
what
we
lose
our
two
things,
one,
the
privacy
component,
the
CPS
knows,
who
you
are
knows
your
IP
address
is
tied
to
that
telephone
number
pretty
much.
G
The
second
thing
we
lose
is
the
Gateway
case
right,
because
the
Gateway
won't
possess
the
certificate
that
allows
you
to
upload
passports,
for
that
given
number
and
so
weighing
this
I
think
we're
gonna
come
up
with
something
along
those
lines
to
do
it.
I'm
not
gonna.
Try
to
do
justice
to
this
myself.
Macker
can
do
that
a
little
later,
but
next
slide.
G
So
that's
the
the
upload
side,
so
they
kind
of
to
summarize
the
good
news
of
upload.
Is
you
know
that
the
the
authentication
isn't
as
much
of
a
problem
as
you'd
think
because
the
passport
itself
right
has
a
signature
in
it
and
it's
not
going
to
be
accepted
as
valid
by
anyone?
Unless
that
signature
is
valid
and
it
doesn't
matter
who
you
know,
delivers
it
to
you,
you
could
find
it
as
I'm
fond
of
saying
written
on
a
piece
of
paper
in
a
bus.
Stop
right,
provided
the
signature
valid,
a
stand.
G
That
is
a
valid
passport,
and
so
you
know
you
don't
have
to
worry
that
much
about
authentication
again,
provided
you
can
then
lick
this
DDoS
problem
so
now
they're
retrieval
side,
and
this
is
what
we
have
in
the
draft
today.
The
draft
spends
a
lot
of
time
discussing
this.
There
are
three
semantics
we
consider
for
kind
of
what
the
question
is.
You
ask
when
you
receive
a
call
so
put
yourself
in
the
verification
services
choose
here.
A
pots
call
has
just
come
in
you're,
seeing
a
calling
party
number
in
it.
G
You
know
your
telephone
number,
you
and,
let's
just
say
for
the
sake
of
argument.
You
know
how
to
find
a
CPS
that
there's
only
one
in
the
world,
we'll
assume
that,
for
the
sake
of
this
argument,
what
do
you
ask
the
CPS
and
this
a
lot
of
this
question
comes
down
to
what
information
do
we
want
to
try
to
keep
from
the
cps
and
what
information
do
we
want
to
try
to
reveal
to
it?
And
so
we
have
three
potential
semantics
we
discuss
in
the
draft
today.
C
Martin
Dali,
so
I
think
I
haven't
read
the
strap,
but
looking
thinking
of
the
use
case
just
based
on
your
figure,
the
originating
ue
nor
the
originating
network
will
know
at
the
time
where
they
would
potentially
do
signing
of
whether
you're
going
to
hit
a
PSTN
gateway
and
go
through
the
scenario
that
you're
talking
about.
And
so
so
potentially
you
could
have
a
situation
whereby
you
know
you're
you're
going
to
get.
G
G
I
mean
so
I
want
to
qualify
it
a
little
bit
because,
of
course,
there
could
be
multiple
entities
right
that
are
involved
in
the
creation.
You
know
of
identity
headers
for
this,
and
so
I
with
that
caveat,
I,
wouldn't
alike,
rule
out.
That's
one
end
you
might
have
used
the
CPS
and
one
put
it
through
sip
signaling,
but
the
basic
idea
is
yeah.
If
you
receive
the
passport
through
sip
signaling,
it
would
have
best
be
redundant
right
to
go.
Look
in
the
CPS.
G
B
G
We
want
to
have
some
mechanism
like
that,
with
the
following
caveat
next
line,
encryption
helps
so
if
they're
just
encrypted
blobs
right
that
are
in
the
CPS
ya
know
it
doesn't
matter
if
you're
the
right
guy
asking
for
it,
you
can
say
give
me
things
that
are
associated
with
this
culper
T
number
and
provided
the
CPS
is
clever
enough
to
always
be
willing
to
give
you
an
encrypted
blob.
Whether
or
not
there's
a
call
in
progress.
G
And
you
can
imagine
how
tricky
you
could
get
with
this
right?
If
you
wanted
to,
you
could
have
a
retrieving
side.
Ask
the
CPS
for
passports
when
there
are
no
calls
to
make
sure
that
the
CPS
has
no
idea,
whether
in
fact,
you
have
a
call
at
any
given
moment.
You
can
you
in
try
to
generate
a
lot
of
kind
of
bogus
traffic
like
that,
specifically
to
thwart
purpose
or
metadata
collection
or
things
that
are
monetizable
in
this.
G
These
the
kind-
and
this
is
what
we
need
to
resort
to
it-
raised
architectures
like
this
to
make
this
even
remotely
attractive
all
but
yeah.
The
key
point
of
this
is:
you
need
to
be
able
to
decrypt
the
passports
to
get
any
value
from
the
retrieval
now
this
this
is
tough.
Let's
not
you
know,
let's
not
disguise
the
problems
with
us.
G
Unless
we
do
something
special,
unless
we
make
some
special
provision
for
how
to
do
out
of
bandwidth
divert,
which
is
what
we
will
have
to
do
to
get
this
to
work,
I
think
there's
a
further
problem
of
encrypting
to
who,
because
you
know
there
can
be
a
carrier
there
can
be,
then
they
gave
sundar
mr.
reseller
and
then
that
reseller
sold
up
noon
enterprise
and
the
enterprise
Dell
get
them
down
to
individuals.
G
All
of
those
entities
could
have
certificates
and
so
you're
kind
of
making
a
decision
when
you
encrypt
these
about
who
specifically
you
encrypt
it
to,
and
there
are
two
cons
to
that.
First
of
all,
you
need
to
be
able
to
discover
their
certificates
and
second,
you
then
need
to
make
the
set
of
encrypted
blobs.
You
need
to
to
get
this
to
be
successful,
and
it
may
be
very
difficult
for
you
to
anticipate
which
one
of
those
potential
relying
parties
is
going
to
end
up
consuming
the
stuff
you
put
in
CPS.
G
G
So
what
this
means
is
on
the
retrieval
side,
the
entity
is
asking
for
passports
is
saying:
hey.
Has
anybody
sent
any
passports
to
this
key
at
this
time
and
therefore
you
won't
get
all
the
blobs
if
they're?
If
you,
the
the
store,
had
to
stick
in
blobs
for
the
carrier
and
the
reseller
and
the
enterprise
and
the
user
and
yours,
the
user
right,
you
have
the
users
key.
You
go
to
the
CPS
and
say
give
me
blobs
for
the
user.
B
G
No
I
mean
so
again.
The
alternative
is
that
you
are,
you
know
going
to
so
when
you
say
calls
in
progress.
You're
gonna
get
all
calls
that
are
in
the
process
of
being
set
up
for
the
lifetime
that
these
blobs
exist
in
the
CPS
at
this
time.
So,
if
you
are
dealing
with
10,000
calls
a
second
for
your
number
block,
you
will
be
asking
every
second
for
all
the
passport
blobs
that
are
associated
with
that.
J
G
Still
yes,
so
it
is
a
professed
target
again,
insofar
as
we
have
to
assume
that
you
know,
if
any
of
these
only
ask
for
keys
at
such
a
time
as
they're
placing
calls.
Yes,
professor
guess,
if
you
create
dummy
traffic
right
of
various
kinds,
where
you're
just
constantly
asking
for
keys
for
different
things,
then
it
becomes
much
harder
to
guess
who's,
calling
it
the
other.
J
Concern
I
somewhat
have,
is
you
know,
often
the
reason
why
I'm
using
PSTN,
rather
than
you
know
the
internet
when
I
have
both
is
because
my
internet
is
really
crappy
right
now
so
I'm
just
concerned,
if
I
have
to
you
know,
you
know,
take
a
calling
out
to
query
for
a
key.
You
know
get
it
down.
Do
the
crypto
upload
it
that
may
well
take
longer
than
it
takes
the
PSTN
call
to
go
through,
and
so
the
when
the
when
the
called
party
queries
there's
nothing
there.
J
G
A
S
R
G
Think
there's
many
there's
going
to
be
a
service.
It
may
be
adjacent
to
the
CPS
in
some
way.
I
think
that
we
might
be
able
to
do
some
things
with
CPS
integration
of
this.
Actually
that
are
not
insane
but
as
to
Jonathan's
point
this.
This
becomes
yet
another
purpose
target
and
it's
it's
own
whole
thing
this.
So
next
slide.
That's
right!