►
From YouTube: IETF115-STIR-20221108-1300
Description
STIR meeting session at IETF115
2022/11/08 1300
https://datatracker.ietf.org/meeting/115/proceedings/
A
A
B
B
D
B
D
D
F
F
B
F
F
F
B
G
G
G
I
moved
the
clarification
of
using
double
quoted
strings,
which
was
explicitly
noted
in
the
name
and
APN
section
to
the
parent
section,
because
it
really
applies
more
generally
to
how
we
calculate
digest
for
Strings
more
generally.
So
that
was
also
based
on
a
comment,
as
Jack
pointed
out
on
the
mailing
list.
Some
of
the
examples
had
the
wrong
double
quotes,
which
was
causing
issues
when
generating
the
the
digest
so
did
fix
that
which
was
a
good
catch.
G
G
G
There
was
some
confusion
over
compact
form,
as
there
generally
is
for
most
documents,
so
I
added
a
little
more
background
and
pointers
to
definitions
and
sections
and
documents
that
were
relevant
for
that
yeah.
The
the
further
information
associated
with
callers
it
was
sort
of
in
an
awkward
place
in
the
document
sort
of
like
in
the
middle,
even
though
it
talks
about
future
things
and
and
those
types
of
things
so
I
actually
moved
it
to
the
last
section.
Just
I
didn't
alter
it.
I
just
moved
it
essentially
next
page.
G
Yeah,
so
for
the
sip
specific
sections,
we
have
verification
and
authentication
procedures,
sections
that
are
General
to
rcd
passport
usage,
and
then
we
had
sections
that
are
specific
to
sip,
authentication,
Service
and
verification.
So
there
was
some
overlaps
in
some
of
the
descriptions
there.
So
I
tried
to
clean
that
up
and
I
took
two
paragraphs
that
were
in
the
zip
specific
sections
and
made
a
new
section
called
verification
using
third-party
rcd.
G
That
types
is
a
word
that
we
use
in
other
registries
already
as
well.
So
I
didn't
think
that
was
too
much
of
an
issue,
but
I
think
the
I
did
realize.
Rcd
claim
was
a
better
clarification
for
the
for
that
specific
registry
and
that
that's
all
that
I
could
find
that
was
Major.
Everything
else
was
mostly
editorial.
B
Okay,
I'm
actually
in
cutie,
so
pretend
I'm
from
the
floor.
This
has
been
the
one
question.
I
have
and
I
know
the
answer
to
this,
but
I
just
wanted
to
make
sure
we
mentioned
it
explicitly.
There
was
some
commentary
over
coming
up
with
some
explicit
way
to
tag
for
rcdi
when
you
were
looking
at
a
hashing,
the
field
itself
versus
dereferencing
the
field
for
the
hash
and
I.
Think
the
answer
is
we're
not
going
to
act
on
that
right.
C
G
Oh
yeah
yeah
we're
not
acting
on
that
point
right,
yeah,
the
potential
suggestion
of
adding
another
slash
or
something
yeah
I
tried
to
clarify
that
in
the
document
and
and
in
my
response
to
the
review
comment,
which
is
you
know,
there's
only
one
potential
JCL
is
the
only
one
that
reference
does
two
URI
references.
Everything
else
is
a
single
URI
reference.
G
H
I
mean
I,
I,
think
I.
Think
I
personally
felt
like
we
never
got
closure
on
the
threat
model
that
we
were
actually
trying
to
beat
with
some
of
this,
but
I'm
willing
to
gloss
over
this
at
this
point,
because
honestly
I
think
it
is
so
complicated,
no
one
will
ever
use
it
and
this
this
text
will
be
inert
in
the
document.
H
H
B
So
I
think
we've
seen
here
there's
a
number
of
minor,
primarily
clarification
and
organizational
type
changes.
Some
of
them
are
a
little
bit
normative
and
I
don't
see
anyone
jumping
up
objecting
to
any
of
them.
Remember
this
is
on
the
telechat
for
December
1st,
and
if
we
haven't
seen
any
objections,
you
know
in
the
next
few
days
for
this
we're
going
to
assume
that
everyone's
happy
with
it.
H
B
G
G
The
one
thing
we
already
talked
about,
but
I,
wanted
to
explicitly
include.
We
talked
about
it
on
the
list,
but
I
want
to
explicitly
included
here
was
clarifying
the
statement
that
we
added
around
provisional
sip
response
message
or
that
it's
the
or
final
response
message
that
I
think
was
the
the
discussion
point
that
was
based
on
comments
that
we
got
from
3gpp,
actually
so
just
added
that
it
was
actually
to
make
it
more
consistent
with
a
different
section
in
the
document.
G
G
G
G
B
E
H
So
I
mean
so
last
call
completed.
There
were
I
I,
all
all
the
Art
reviews
are
late,
except
for
art,
art
actually
came
in.
That
was
from
Claude
and
like
Claudio
it
was
fine,
there's
nothing,
there's
non-blocking
midi
stuff,
so
I
mean
when
the
other
reviews
come
in.
There
may
be
other
issues,
but
it
looks
to
me
from
what
we've
seen
so
far
from
last
call
that's
clean.
H
Because
I'm
I'm
going
to
be
taking
you
on
a
little
bit
of
a
rabbit
hole
of
a
wild
ride
here,
so
be
prepared
right.
So
where
did
this
start
with
so
way?
Back
in
the
day
after
RFC
4474
was
released
a
guy
by
the
name
of
John
Elwell
who
worked
for
Siemens,
then
gotta
be
in
his
Bonnet.
We
had
to
solve
this
problem
of
connected
identity,
and
partly
this
is
because
you
know
the
way
that
4474
was
originally
designed.
H
The
identity
header
could
only
be
used
in
requests,
some
very
good
reasons
for
that
I'm
going
to
talk
about
some
of
those
good
reasons
in
a
moment.
So
he
wrote
this
draft
that
introduced
a
new
Option
tag.
That's
called
from
change
to
be
used
in
concert
with
100
Rel,
and
it
would
allow
the
terminating
side
through
this
complex
mechanism
with
pracs
and
updates
and,
like
all
these
different
things,
be
able
to
say
the
party
you
ended
up
reaching
when
you
formed
this
session.
When
you
sent
this
invite
was.
H
H
We've
had
an
action
item
for
some
time
in
part,
I
think
this
is
mostly
inspired
by
the
Sip
Brandy
effort,
which
is
an
attempt
to
figure
out
a
way
to
build
a
full
security
stack
with
media
encryption
up
from
what
we've
built
from
stir,
which
is
a
very
laudable
goal.
Stephen
Farrell
certainly
thought
it
was
a
lot
of
enough
goal
that
he
dictated
that
we
go.
H
Do
this
and
me
and
Russ
and
Richard
Barnes,
and
a
bunch
of
other
people
got
stuck
with
that
task
if
I
recall
but
like
there
are
also
a
bunch
of
practical
attacks
that
can
Surface.
Unfortunately,
if
the
only
thing
you
sign
is
an
invite,
is
a
dialogue
forming
request
and
some
examples
of
this
like
in
the
mobile
space.
There
are
these
call
stretching
attacks
where
you
have
like
two
turning
sides
agree.
H
H
H
You
know
you
never
really
know
for
some
of
these
IP
calls
if
you're
actually
reaching
the
party
you
intended
to
reach
okay
now
this
was
never
in
the
original
RFC
7375
threat
model
for
sip,
our
first
error
and
like
we
had
to
do
some
work,
to
figure
out
how
to
get
the
charter
fixed
to
that.
The
charter
is
now
fixed
for
that.
So
next
slide
right.
Is
this
like
a
touch
screen.
B
H
B
E
H
This
contains
a
bunch
of
stuff
that
John
made
up.
This
is
very
different
from
what
John
Elwell
originally
put
in
RFC
4916.
It's
a
significant
departure,
and
it's
based
on
the
nation.
Why
don't
we
just
let
there
be
identity
headers
in
responses
in
provisional
and
final
responses,
and
so
at
a
high
level?
This
is
a
major
revision
that
you
know
says.
Let's
pivot
to
this
is
the
main
way
we
imagine
that
connect
identity
could
work.
For
start,
it
introduces
a
new
passport
type
that
we
call
RSP.
This
can
only
appear
in
responses.
H
It
was
actually
this
div
reflection
thing
that
gave
me
the
idea
for
doing
this
in
the
first
place
and
the
general
Practice
in
div
of
signing
the
desk
of
the
passport
rather
than
the
ridge
of
the
passport.
The
moving
pieces
of
that
have
come
together
into
this
RSP
concept,
but
I
will
say:
I
did
not
pull
all
of
the
4916
from
change
mechanism.
Out
of
this.
This
is
still
in
there
and
we
may
still
need
it
and
that's
something.
I
want
to
talk
about
today,
whether
we
still
need
it
or
not.
H
Yeah,
what
RSP
does,
as
I
said?
It's
basically
a
past
part
that
is
on
the
way
that
div,
is
you
assume
that
you
know
this?
A
call
has
reached
determining
party
the
tournament
party
may
or
may
not
at
this
point,
be
the
same
person
that
you
originally
intended
to
be
the
destination
for
the
call
diversion
could
have
happened
so
either
way,
though
you're
going
to
take
a
new
passport
you're
going
to
sign,
that's
going
to
be
populated
just
like
the
original
passport
was
with
the
same
Ridge
desk
and
so
on.
H
Right,
like
I,
mean
okay,
you
get
a
request
in
it
is
signed.
You
say
great
I'm
going
to
make
a
passport
looks
just
like
the
passport.
I
just
saw
we're
gonna
instead
sign
for
it
with
my
credential
instead
of
the
credential
that
originally
signed
for
the
passport
ship
it
out
and
what
a
X,
or
in
a
200.
and
like
for
the
basic
sip
Brandy
use
case,
where
what
you
want
is
protection
for
m
key,
that
is,
for
the
media.
H
H
H
On
the
originating
side,
you
know
I
can
kind
of
live
with
that
like
sometimes
this
is
going
to
work.
Sometimes
it's
not
by
the
time
there's
a
final
response
with
the
200.
Okay.
Has
you
know
the
the
proper
passport
embedded
in
its
identity?
Header
you
that'll,
be
authoritative,
for
the
call
real
problems
were
in
the
second
thing.
They
are
the
second
thing
they're.
H
Reject
sit
responses,
requests
you
can
send
401s
and
407s.
You
can
use
all
kinds
of
fancy
error
codes.
We've
defined
specifically
for
stir
to
be
able
to
explain
here
is
a
repairable
condition
you
could
fix
like
I.
Don't
support
your
trust,
anchor
or
I.
Look
at
those
passwords
and
I
spell
formed.
There's
like
all
these
things,
you
can
kind
of
communicate
back
as
feedback
that
it
would
be
really
nice
to
have
I
mean
honestly,
just
being
able
to
challenge
would
be
really
nice
to
have
right.
I
mean
our
assumption
in
stir.
H
Is
that
if
I
send
an
invite
up
to
an
authentication
Service
and
the
authentication
Service
you
know
needs
doesn't
know
who
I
am
needs
to
challenge
me
with
digest
or
something?
Oh
I,
get
it
your
JDR.
You
know
your
JDR
jdr.net
fantastic,
like
you
know
now,
I
know,
I
can
sign
for
you
on
on
your
behalf.
H
That
part
is
it's
it's
hard
hard
to
miss,
but
you
can
imagine
in
a
lot
of
cases.
There
are
reasons
why
that
request
got
forwarded
to
the
ultimate
endpoint.
That
is
responding
that
this
is
all
coming
from.
There
are
location
services,
and
so
on
that
are
you
know.
Pretty
much
can
figure
out
is
the
The
Entity
that
is
sending
this
response
in
the
backwards
Direction
the
right
entity
without
having
to
rely
on
digest
to
do
it
I'm
pretty
confident
that
that
stuff
works?
H
H
Maybe
the
vs
like
adds
a
via
that
will
be
for
the
as
it
goes
by,
and
you
know
in
practice,
though,
the
real
reason
why
I,
just
don't
care
anymore,
is
because
in
reality
all
this
sip
detail
about
how
via's
and
those
other
things
were
is
kind
of
immaterial
to
the
way
that
this
mostly
works
in
the
field
for
Star
shake
it.
How
does
this
actually
work?
There
is
an
SVC.
It
sits
on
the
edge
of
the
network.
C
H
H
If
you
do
want
to
be
able
to
reject
identities
in
the
backwards,
Direction
I
think
you
need
all
that
from
change
stuff,
all
those
updates,
all
the
things
that
are
in
RFC
4916.
It's
really
really
clunky
and
I
just
think
it's
too
complicated
for
people
to
implement,
which
is
what
motivated
me
to
look
for
something
simpler.
That
was
actually
just
going
to
get
the
job
done,
based
on
what
the
80
of
the
time
case
is,
and
that's
where
we're
going
with
this
next
slide.
H
H
You
know
that
that
looks
great
I.
Think,
with
what
we've
stipulated
so
far
case
is
where
well
I'm
like
trying
to
reach
Cullen
but
like
it
actually
turns
out
that
you
know,
Yuri
is
the
one
that
is
responding
and
it's
Yuri's
connected
identity
that
is
coming
back
in
this
183
response
or
200k
response,
like
that's
a
little
Messier,
but
building
on
what
we
implemented
and
did
for
redirection
cases.
H
My
proposal
is,
you
collect
the
div
headers
that
resulted
in
this
call
going
to
Erie
anytime
the
target
changed
sufficiently
within
the
canonicalization
definitions
of
8224
that
a
new
Target
needed
to
be
signed
in
a
div
is
generated.
Let's
just
take
that
set
of
divs
with
the
RSP
passport
and
ship
them
all
in
the
backwards,
Direction
and,
in
fact,
there's
some
language
in
there.
Now.
H
That's
the
second
major
bullet
there
that
says
that
if
you
have
a
death
you're
going
to
put
in
RSV-
and
it's
not
the
desk
the
original
passport
that
was
forming
this
dialogue
with
an
invite,
you
must
not
send
it
unless
you
send
at
least
one
div
in
a
separate
identity
header
along
with
it-
and
this
was
actually
a
major
weakness
of
4916.
when
I
look
at
it
in
retrospect,
because
John
Elmo
was
really
concerned
with
making
sure
you
know
who
it
was,
you
ended
up
connecting
to
what
div
gives
you
is
cryptography.
H
Assurance
of
that
is
the
right
person
you
should
have
connected
to,
and
you
know
this
isn't
always
going
to
work
like
not.
Everybody
does
divs,
there's
a
surprising
amount
of
divs
that
are
I
actually
see
in
production
traffic.
At
this
point
now
that
we
have
enough
production
traffic
that
we
can
ascertain
what's
actually
out
there,
but.
E
H
For
the
cases
like
sip
Brandy,
where
you
know,
there's
criticality
around
it
and
you'd
really
want
to
tear
down
the
session
effectively.
If
I
was
trying
to
connect
to
someone
and
I
wouldn't
have
a
Secure
Media
connection
for
it
to
be
encrypted
and
so
on.
If
this
stuff
doesn't
work,
you
want
to
just
throw
the
entire
session
out
the
window.
H
That's
okay,
like
as
long
as
it
doesn't
result
in
a
security
failure
as
long
as
there's
not
a
case
where
I
think
I've
connected
to
the
right
person
and
I
have
media
security,
and
it's
it's
working
and
I
get
whatever
a
lock
box
or
something
in
my
UI
as
long
as
I'm,
not
putting
something
in
there.
That
can
permit
that
to
happen.
I
think
this
is
sufficient
to
address
the
super
ND
case
and
I'm
interested
in
Russia's
thoughts
about
that,
but
I
mean
I've
kind
of
I.
H
J
H
A
J
Think
it
would
really
work,
there
was
still
probably
race
conditions
and
all
kinds
of
stuff,
so
I,
like
I,
don't
think
backward
compatibility
or
support
for
that
is
relevant
in
any
way
and
I
certainly
agree
with
your
assessment
that
practically
speaking,
the
vast
majority
of
sip
is
over
TCP
a
lot
of
these
issues
about
reliability
or
not
that
relevant
anymore.
In
any
way,
the
2xx
is
really
all.
J
J
J
I
think
the
big
problem
you're
going
to
have
with
this
is
the
same
problem
we
had
with
independent
of
the
protocol
mechanism.
Is
that
there's
no
way
to
make
a
useful
decision
about
what
you
should
do
when
it
doesn't
match
and
it
isn't
going
to
match
all
the
time
like,
probably
more
often
it
won't
match,
then
it
will
match,
given
the
vagaries
of
the
mess
of
call
routing.
That
is
the
public
search
telephone
Network.
And
so
what
is
one
to
do?
J
And
the
answer
is:
there's
there's
no
way
to
differentiate
a
legitimate
mismatch
versus
a
non-legitimate
mismatch
from
the
sequence
of
divs
or
the
connected
identity,
and
so
no
way
to
even
inform
the
user
to
allow
them
to
like
I
can't
I
can't
construct
a
user
experience
that
will
be
useful
to
users
that
will
just
make
them
ignore
it.
So.
H
That's
my
bit
it'll
just
be
useless.
That's
my
biggest
pitch
about
this
and
I.
Have
this
in
another
slide,
I
think
the
pitch
is
that
we
establish
a
criticality
mechanism
for
it
for
those
cases
where
users
demand
criticality,
in
other
words,
like
first
hit
Brandy
great
example,
if,
like
my
only
interest,
is
having
this.
This
is.
This
is
an
intergovernmental
thing
that,
where
you
know
the
FBI
is
calling
the
CIA
about
something
and
like
if
they
would
push
the
criticality
button
for
this
and
say
for
these
calls.
H
J
I
mean
even
even
in
these
banking
cases,
given
all
the
different
ways
calls
get
transferred
around
like
they're,
not
going
to
match
all
the
time
and
it's
still
your
bag.
That's
that's
the
problem
and
humans
rely
on
other
things
in
the
natural
conversation
to
make
the
determination
about
whether
the
call
is
successful
or
at
it.
Now.
Of
course,
there
are
cases
of
some
malicious
guy,
stealing
calls
trying
to
fake
out
Fidelity
and
blah
blah
blah
and,
like
you
know,
I,
don't
think
this
is
gonna
fix
that
that's
that's!
J
H
Give
you
that
confidence
in
those
cases
and
on
the
cases
where
you
don't
have
it,
maybe
that's
when
some
kind
of
knowledge-based
application
or
like
think
about
this
way.
Fidelity
is
calling
you
and
they
want
to
decide
how
much
kba
they
need
to
do
when
they
reach
whoever
it
is
that
picks
up
the
phone
you
know
like
these
are
cases
that
I
think
it
might
have
some
applicability
too.
J
Yeah
I,
don't
like
I,
don't
think
it's
useless
enough
that
I'm
gonna
say
we
shouldn't
do
it.
Obviously
it's
been
adopted
as
a
working
group
item
I'm.
Just
like
you
know,
I'm
not
sure
I'll
get
that
much
use.
It's
on
my
like
hey
as
an
implementer,
which
I
am
like,
would
I
do
this
I
would
not
I,
don't
think
it's
gonna
really
work
generally
for
the
comic
Center.
C
E
H
There
are
possibilities
that
there
will
be
a
whole
separate
thing.
This
is
being
airlifted
on
top
of,
in
which
case
those
do
address.
Some
very
particular
like
that
call
stretching
thing.
I
was
talking
about
attacks
that
people
are
losing
enough
money
on
right
that
it's
worth
worth
it
for
them
to
do
something.
Yeah.
J
A
Yeah
Jonathan
Lennox
on
the
question
of
having
a
div.
If
you
put
a
you
know,
response
doesn't
match.
I,
don't
I
mean
just
addressing
this
from
a
very
sort
of
abstract
user
experience.
If
I,
you
know,
try
to
call
Cullen
and
I
get
something
that
says.
No.
A
critical
Collins
phone
I
get
things
that
no
you
reached.
Jonathan's
phone
and
I
have
a
cryptographic
Assurance.
This
is
Jonathan's
phone
I.
Don't
see
why
it
makes
a
difference
to
me
whether
I
have
cryptographic
assurances.
Somebody
else
has
thrown
Network
thought.
H
I
H
G
B
Ben
Campbell
pretending
to
be
on
the
floor.
I
just
wanted
to
refer
back
to
the
comment
about
you
know
everyone's
TCP
these
days.
In
fact,
I
hear
from
some
of
the
U.S
carriers
that
a
lot
of
their
interconnects
are
still
UDP
and
still
had
fragmentation
problems.
But
honestly,
this
is
at
least
to
their
problems.
If
that's
the
case,
well,
they're
they're,
yeah
they're,
getting
around
that
too
and
it'll
be
really
interesting
to
see
how
they
want
to
do
all
of
this
out
of
bounds.
B
D
It's
just
going
to
say:
I
I,
like
this
I
sort
of
jumped
up
when
Jonathan
said
that,
like
the
majority
of
cases,
this
might
not
work
I,
don't
think
I
really
agree
on
that.
I
I
think
the
vast
majority
of
cases
I
actually
care
about.
This
has
a
high
degree
of
working
on
and
it's
going
to
be
call
center
cases
where
it
fails,
which
mostly
I
don't
want
those
calls
anyway.
So
it
doesn't
bother
me
and
that,
but
so
like
outbound
calling
to
call
centers.
D
H
D
Of
other
stuff,
no,
so
whatever
I'm
not
sure
I
agree
with
John's
on
this
I
mean
I.
Think
we
agree
on
that.
We
both
agree
on.
This
is
a
good
thing,
but
I
I,
think,
and
the
other
thing
too
is
like
the
banking
cases
in
particular.
No
that's
exactly
the
people
they're
just
gonna
go
make
all
this
stuff
work
like
if
it
doesn't
work
in
their
call,
centers
they're
going
to
get
call
center
equipment
that
does
work
for
us.
They
really
are
it's
too
important
for
them.
D
So
I
think
that
even
for
incoming
calls
to
bank
call
centers.
This
is
going
to
work
just
fine
because
they
will
go
make
it
work,
but
but
others
won't
so
I
I.
You
know
I
I
just
want
to.
You
know
on
individual
to
individual,
calling
or
company
to
company
or
B2B,
calling
the
vast
majority
of
of
calling
where
you
care
about
this
stuff.
It
probably
will
work
I.
Think
it's
going
to
be
a
very
high
success
rate.
So
I
like
the
idea.
H
I
mean
it
is
because
so
much
of
this
really
is
just
spcs
or
Edge
elements
and
networks
that
are
requiring
both.
You
know
all
legs
of
the
call
to
Hairpin
through
them
at
all
times,
and
it's
really
not
much
of
a
change
their
apis
to
just
be
able
to
go.
Get
these
things
signed
that
that's
what
gives
me
confidence
that
practically
if
we
convince
people
to
do
this
like
it
will
not
be
a
heavy
lift
for
those
networks
to
just
start
having
identity
of
hearing
responses,
yeah
code's.
D
H
Yeah
I
mean
the
div
case.
Is
it's
it's
going
to
be
touch
and
go
man,
I
mean
I,
don't
know
how
much
we're
gonna
get
that
to
work,
but
I
want
a
story
for
how
it
could
work.
But
it's
it's
sunny
day.
Cases
are
like
90
of
the
cases
and
in
most
banks
may
not
even
care
if
there's
a
div,
how
good
our
cryptography
is
right.
They
want
that
to
be
the
Sunday
decades
or
they're
not
going
to
be
confident.
Who
You,
Are.
H
H
H
I
believe
the
20th
anniversary
of
sip
is
upon
us
that
it
became
the
law
of
the
land
that
you're
instead
doing
this
matching
up
the
tags
that
are
hanging
off
they're
from
in
200
field
values,
and
so,
as
a
consequence
of
that,
you
know
the
way
that
from
change,
if
we
look
at
it,
I
think
can
be
different
in
a
couple
of
respects.
One
of
the
main
ones
is
actually
in
a
sub
bullet
there.
A
lot
of
people
actually
sign
this
up.
H
H
The
the
connected
identity.
If
you
force
this
to
come
in
an
update
message
like
it
is
possible
for
you
to
send
401s
and
four
or
sevens
and
validate
the
proper
users
behind
them
in
this
instances,
in
some
of
the
mid-call
cases,
where
there's
like
transfer
or
something,
and
so
you
want
to
send
an
update
to
say,
hey,
there's,
actually
a
new
identity
on
the
other
side
of
this,
like
there's
reasons
why
you
might
want
to
have
something
like
from
change
work
in
those
instances.
H
But
at
the
end
of
the
day,
if
the
problem
is
that
when
you're
signing
a
buy,
your
Ridge
does
not
match
the
from
header
field
and
you're
signing
a
Buy
in
the
backwards
Direction
in
a
dialogue,
terminating
request,
I
guess
my
question
is
so
what
right?
If
we
assume,
because
yeah
I
guess
I'd
put
it
this
way,
the
real
the
subtext
under
everything
I'm
proposing
here
is
that
previously
stir
shaking
is
pretty
stateless
right.
You
send
an
invite.
H
We
have
not
explored
to
date
on
this,
and
so
I
don't
want
to
sweep
it
under
the
rug,
but
I
guess
I'm,
just
not
that
concerned.
If
somebody
signs
a
buy
and
the
ridge
does
not
match
you're
from
header
field
and
that
by
I,
you
know
I'm
not
that
worried,
because
in
a
lot
of
places,
PSR
identity
is
actually
what
you're
signing
rather
than
the
problem
in
the
first
place,
and
it
doesn't
have
to
have
any
resemblance
to
the
front.
So
I
think
there's.
There
are
significant
deployments
where
that
that
is
a
non-issue.
H
But
that's
that's
the
case
for
why
we
keep
it.
The
two
bullets
at
the
top
are:
can
I
get
a
sense
from
the
room.
I
think
I
already
heard
Jonathan
everybody
else.
Do
we
want
to
keep
the
from
change
stuff
in
this
document?
We
could
kick
it
to
another
dot
too,
for
this,
like
special
case,
where
you
actually
care
about
this
stuff
and
then
have
like
this
document
be
the
place
where
we
do
connecting
identity.
H
Yeah
I'm,
sorry,
the
question
is:
do
we
want
to
fix
the
4916
mechanism?
There's
still
work,
I
need
to
do
to
do
that
mind
you
right
like
there's
like
examples
and
stuff
that
can
be
reformulated,
that
don't
use
the
old
identity
info
header
anymore,
and
things
like
that
like
they're,
it's
like
actual
work,
which
is
why
I'd
rather
pose
the
question
before
I.
Do
that
like
actual
work,
so.
H
G
A
D
G
G
Is
it
relevant
that
the
use
cases
we're
talking
about
the
security
is
associated
with
folks
that
generally
don't
use
P
asserted
ID
and
that's
a
separate
use
case
and
I,
don't
know
just
thought
I'd
bring
that
up.
That's
the
thought
that
came
to
my
head-
and
you
know,
I'm
sort
of
thinking
that
having
this
as
a
separate
mechanism
that
we
attack
once
we
understand
the
problem
better
is
is
a
better
idea,
but
a
couple
thoughts.
There's.
E
F
H
H
As
this.
This
goes
in
that
we
can
look
at
that.
I
am
kind
of
interested
in
what
new
route
hijacking
attacks
would
look
like
against
this.
In
other
words,
assume
that
this
is
the
law
of
the
land.
How
would
I
synthesize
divs
and
then
rest
past
words
to
make
people
think
that
they
reach
the
right
thing
and
I
think
there's
a
whole
Vector
of
those
that
I'd
like
to
look
at
that
I
think
we
need
serious
security
considerations
to
be
able
to
discuss
this
option.
Tag
for
criticality
of
connected
identity.
H
I
think
that
this
answers
part
of
the
question
of
what
the
user
experience
around
this
needs
to
be.
There's
already
some
text
in
there
that
actually
talks
about
the
existence
of
like
directories
that
you
can
imagine
people
would
publish.
You
should
get
connected
entity
from
me
like
Fidelity
Investments
could
have
some
place
and
this
is
starting
to
get
into
D
markish
territory
and
where
you're,
like
you
know,
if
you
don't
get
connected
for
me,
there's
a
problem
and
like
you
should
not
do
this,
does
anybody
actually
do
paid
in
responses
today?
H
H
I
also
when
I
was
mulling
this
over
before
I
submitted
it
I
was
like.
Should
we
be
using
opt
for
this,
and
for
those
of
you
that
don't
know
opt
is
something
that
we
created
for
diversion.
Initially,
that
was
a
way
that
you
could
embed
a
passport
in
another
passport
and
I
looked
a
bit
at
the
value
of
okay.
Do
we
want
the
original
passport
that
is
being
received
on
the
terminating
side
to
be
embedded
in
the
rest
passport?
H
That
would
be
sent
backwards,
so
you
have
the
original
signature
and
you
have
a
correlation
function.
That's
more
direct
from
my
original
mull
of
that
I
couldn't
figure
out
a
threat
that
beat
it
seemed
like
the
kind
of
thing
there
must
be
a
threat
that
that
could
be,
but
then
I
couldn't
really
think
of
anything,
but
I
think
we
might
want
to
talk
about
it.
So
another
there's
a
laundry
list
of
stuff
like
this
I
think
we'd
still
need
to
figure
out.
If
we
want
to
go
in
this
direction,
it
sounds
like
we're.
H
H
H
All
right,
so
obviously
we
are
not
going
to
go
for
working
with
a
group
last
call
or
anything
like
that
at
the
moment,
but
I
think
I'm.
Taking
away
from
this
permission
to
go,
make
this
real
I
mean
I
actually
did
put
in
quite
a
bit
of
text
about
it
already,
but
there's
just
there's
just
a
lot
that
is
going
to
need
to
be
done
and
cleaned
up
and
thought
through
to
get
it
there.
But
this
has
been
sitting
around
forever
like
without
any
appreciable
work
on
it
and
I
feel
like.
B
So
from
the
chair
perspective,
just
wanting
to
be
explicit
here,
this
is
an
update
to
what
was
already
a
working
group
document.
It's
a
substantial
change
from
it.
I
have
not
heard
anyone
complain
that
we
need
to
go
through
the
adoption
process
with
this
again
so
I'm
going
to
assume
that
we
don't.
If
anyone
wants
to
complain
about
that,
do
it
now
or
hold
your
peace.
G
H
H
Yeah
I
have
like
one
slide
about
Ativan
I.
Think
we
can.
We
can
have
this
discussion
very
simply.
There
exists
a
service
provider
at
a
band
draft
I'm,
not
aware
of
anything
that
needs
to
be
done
for
it
in
order
for
it
to
advance.
This
is
something
that
is.
It
builds
on
8816
89,
16,
88
16,
which
is
the
original
out
of
band
framework
and
architecture
that
generally
outline
ways
that
you
could
share
passports
when
whatever
reason
for
whatever
reason
sip
was
not
available.
H
And
this
is
frankly,
it
is
descriptive.
This
is
not
prescriptive.
This
is
descriptive
of
emerging
things
that
are
being
used
in
the
Enterprise
space
for
starshaken.
I
would
say
fairly
widely
at
the
moment,
ways
that
enterprises
are
able
to
get
these
tokens
put
into
places
where
terminating
networks
can
use
them
to
make
sure
that
in
particular,
Enterprises
actually
place
the
calls
that
are
showing
up
in
terminating
networks.
It
is
kind
of
an
end
run.
H
B
H
Yeah
and
just
because
feet
between
the
way
that
we
approach
this
and
Addis
has
our
I
guess.
I'll
say
threefold:
I
mean
I.
Think
the
address
use
case
is
really
primarily
concerned
about.
You
know,
there's
an
ipn
and
I,
and
it's
fast
and
carriers
are
connected
to
it,
and
then
there's
like
these
little
satellites
of
like
TDM
that
exist
on
the
periphery
of
this,
and
it's
looking
at
how
to
build
an
adapter
right
for
those
particular
use
cases
to
allow
those
TDM
providers
to
still
get
passports
signed
and
get
them
out
into
the
ipni.
H
It
has
a
security
model
that,
rather
than
having
the
CPS,
be
like
logically
located
in
a
terminating
service
providers
network.
Instead
there
is
a
federation,
a
global
Federation,
or
at
least
a
national
ipn,
in
an
Iowa
Federation
of
cps's,
which
are
required
to
share
state
with
each
other.
In
other
words,
any
passport
that
is
going
to
be
pushed
to
any
CPS
has
to
be
broadcast
to
all
of
those
cpss.
In
order
for
this
to
work,
and
that
is
that.
H
From
an
but
but
the
issue
is
that
there
is
a
and
I
I,
don't
want
to
speak
to
the
commercial
realities
of
the
Sierra
and
the
IP
ITF
and
really
I
should
be
characterizing
like
addis's
proposals
in
the
ITF.
This
is
a
little
little
dirty
pool
for
me,
but
you
know
the
reality
is
that
I
think
there
are
great
disparities
between
the
number
of
calls
and
passports
that
are
processed
by
the
different
entities
that
are
participating
in
the
potential
CPS
infrastructure
for
this,
and
you
know,
as
with
any
peering
Arrangement.
H
H
Think
I
think
those
are
the
fun
like
here
and
they
actually
have.
Those
will
all
be
Show.
Stoppers,
like
everything
I
just
said,
would
be
right.
So
this
is
my
attempt
to
look
at
this
again.
That
is
descriptive
of
what
I
see
people
doing,
especially
in
the
Enterprise
space
for
out
of
band
that
isn't
like
the
Big
Ten
model
of
oh,
my
God,
there's
only
there's
big
cps's
in
the
sky
and
nobody
trusts
anybody
providers,
don't
trust
them.
H
This
is
more
than
I
wanted
to
say
about
this
draft,
but
next
next
slide.
So
basically,
this
is
just
a
maintenance
update.
I
mean
there
are
customers
for
this.
It's
not
at
US
Open
it
that
way
right
there
right.
There
are
other
service
providers,
especially
internationally,
they're,
very
interested
in
being
able
to
do
this
places
that
have
a
lot
of
Legacy
TDM
that
see
tremendous
value
in
it
and
you
know,
as
Addis
is
kind
of
North
American
specific
and
the
ietf
is
not
I.
H
Think
we're
looking
at
this
from
that
more
International
perspective
here,
but
I,
don't
know
what
more
I
need
to
do
on
this.
To
be
honest,
I
mean
I
know
that
we
have
one
issue
which
is
because
we
normatively
point
to
8816.
We
would
need
a
down
ref.
An
ITF
last
call
to
incorporate
some
of
its
mechanisms,
but
that
procedural
thing
aside
I
see
no
reason
why
we
don't
Advance.
This
and
I
would
like
somebody
to
come
forward
and
say
what
they
think
more
needs
to
be
said
in
this
than
what
the
draft
says
already.
B
F
B
H
E
H
Is
yeah
I
mean,
let's
see,
yeah
exactly
yeah,
so
we're
going
to
do
one
deck
for
two
drafts
here
and
again
just
to
give
the
general
introduction
to
what
we're
trying
to
accomplish
here,
freshness,
first
or
certs,
something
we
know
we
want
to
have.
Obviously
star
shirts
have
expiries
today
from
what
I
see
in
the
field
for
shaken
I
feel
like
a
year.
Yeah
a
lot
of
them
are
are
a
year
seems
to
be
the
expiry.
H
Obviously
we
think
it
would
be
great
if
we
could
get
faster
expiry
and
more
of
our
expiry.
That
is
focused
on
a
slightly
different
scope
than
the
shaken
scope.
I
mean
increasingly,
we
know
now
that
the
ocns
that
have
been
used
in
issuing
certificates
for
shaken
have
started
to
give
way
to
a
few
variants
that
are
focused
on
getting
non-carrier
entities
more
tightly
associated
with
the
shaken
ecosystem,
which
I
think
is
great
and
a
long
long
time
been
needed.
H
But
really
I'm
going
to
get
down
to
TN
auth
list
is
when
we
start
to
ask
hard
questions
about
freshness.
So
if
you're
going
to
have
a
tianopolis
that
contains
a
bunch
of
TMS
TN
ranges,
for
example,
rather
than
ocms
things
start
to
get
a
little
complicated,
because
the
inherent
dynamism
in
number
assignment
a
carrier
might
have.
You
know
this
set
of
numbers
this
day,
but
then
there
might
be
an
acquisition
or
they're
like
reporting
and
there's
like
all
these
different
things
that
can
kind
of
complicate
anytime.
H
We
try
to
kneel
down
exactly
what
the
TNS
associated
with
the
third
are
now
back.
When
we
did
8226,
we
put
in
big
patches
passages
about
doing
telephone
numbers
by
reference
rather
than
by
value,
so
you
would
be
able
to
put
like
an
AIA
into
the
cert
and
there
would
be
a
URL
there.
You
could
reference
that
URL
and
you
would
get
the
absolutely
current
list
of
what
the
telephone
number
resources
are
that
are
associated
with
this
particular
server.
H
The
problem
with
that,
though,
you
got
a
lot
of
telephone
numbers,
so
you
know
if
this
is
like
you
know
thousands
and
thousands
of
telephone
numbers.
Oh
yeah,
millions,
millions,
potentially
telephone
numbers
like
you
know
you
probably
a
don't
necessarily
want
to
share
with
relying
parties.
This
is
the
exact
set
of
telephone
numbers,
the
entirety
of
my
inventory,
I
control
that
could
become
a
hunt
list
for
the
marketing
of
your
competitors
if
they
can
just
acquire
that
from
a
cert.
H
These
are
basically
public
information
and,
moreover,
it's
just
cumbersome
to
maintain
and
we'd
have
to
come
up
with
a
whole
change,
control
system
and
deltas
and
ways
to
make
it
efficient,
especially
if
this
is
very
Dynamic
and
depending
on
like
how
real
time
we
want
it
to
be.
So
it
seems
like
there's
just
a
lot
of
hassle
around
that.
So
we
started
looking
at
a
couple
of
approaches
to
mitigate
this
ocsp
and
using
very
short-lived
certificates.
Potentially
certificates
on
an
individual
TN
basis
were
the
two
winners
of
our
beauty
contest
for
this.
H
So,
there's
a
choice
to
make
an
ocsp,
and
this
has
reflected
the
the
two
drafts
that
we
get
shoot
down.
Ocsp
can
either
be
implemented
as
a
terminating
side.
Query,
in
other
words
a
verification
service
when
it
gets
a
call
signed
by
assert
grabs.
The
cert
can
look
at
the
osv
URL,
that's
in
them.
Every
certain
new
star
issues
has
a
URL
in
it
already.
That
shows
our
ocsp
service,
where
you
can
go
like
download
the
stuff
and
query
it
to
say.
Is
the
certificate
still
valid
now?
H
What
we
added
in
the
Baseline
storage
certificates,
ocsp
draft
is
an
extension
and
I
I'm,
not
actually
talking
about
the
extension
here
today.
I
I
just
realized
because
of
course,
that
I'm
thinking
past
that
at
this
point,
but
what
this
extension
permits
is
for
you
to
ask
as
part
of
an
OS
ocsp
extension.
Is
this
certificate
still
valid
for
this
particular
telephone
number,
and
this
particular
telephone
number
is
presumably
the
calling
number
of
something
that
is
shown
up
in
your
verification
service?
It's
what
in
is
in
the
ridge
field.
C
H
H
Next
slide,
so
I
mean
this
just
kind
of
shows
what
the
main
issue
is:
I
guess,
with
ocsb
validation
on
the
terminating
side,
you
pay
an
rtt,
in
other
words,
when
a
call
shows
up
on
the
verification
server
side,
the
classic
way
ocsp
works
is
while
I'm
validating
that
cert
I
find
that
ocsp
URL
in
it
I
do
a
dip.
I
ask
it:
hey.
Is
this
number
in
scope
for
this
certificate
right
now
or
not
I
get
back
a
response.
H
Yes,
it
is
great
fantastic
check,
mark
ship
it
to
the
user
endpoint
that
cost
is
paid
and
I
I
think
these
distinctions
are
really
important.
That
cost
is
paid
at
a
time
around
when
alerting
starts
right,
like
you,
could
start
alerting
the
phone
and
do
this
dip
and
probably
get
the
information
pushed
to
the
user.
That
says
whether
or
not
this
was
valid
before
a
user
could
react
to
that
and
look
at
their
device
and
see
what
the
the
number
and
the
check
mark
and
so
forth
on
it
set.
H
E
H
Stapling,
we
think,
makes
this
better.
It
doesn't
make
it
it's
not
perfect,
but
we
think
it
makes
it
better.
Do
we
have
a
new
draft
about
it?
Our
proposal
is
that
we're
going
to
carry
the
Staple
in
the
passport
we
looked
at
Alternatives
like
the
staple
could
maybe
be
in
an
identity,
staple
header
that
would
go
with
SIP
the
reasons
I
don't
want
to
do.
J
C
H
Yeah
I
mean
it's:
the
holder
of
the
certificate
is
the
As
and
the
stir
model
right,
as
opposed
to
the
server
in
the
web
model,
which
is
why,
yes,
I
can
see
that
okay,
but
but
I
think
it's
it's.
It's
basically
the
same
thing
right,
it's
a
sense.
The
person
who
needs
who
who
needs
this
at
a
station
to
be
available
to
relying
parties
is
the
one
who's
on
the
hook
to
go.
Get
this
correct
the.
But
this
thing
where
I
have
remember
at
the
bottom
here.
H
H
Where
yeah
I
mean
whoever
We
Do
It,
you
know
you
either
pay
the
cost
of
having
that
rtt
on
the
ASI.
When
a
call
comes
in
for
a
number,
if
you
don't
have
a
staple
pre-cached
already
you
pay
an
rtt,
then
get
the
scaffold,
build
it
into
your
passport
ship
it
across
the
BS
or
you
get
all
Staples
for
every
potential
TN
you
could
sign
for,
even
if
you
only
use
0.001
of
those
on
any
given
day
right.
H
G
So
I
think
and
and
I've
sort
of
talked
to
John
a
little
bit
about
this
I
think
the
way
certificate
authorities
have
been
implemented,
they're
generally
very
closely
associated
with
the
authentication,
Solutions
I
think
we
should
be
very
Progressive
here
and
not
have
a
fragmented
set
of
solutions
and
just
go
right
to
Staples
per
TN.
Staples
I
I
think
it's
good
to
bring
up
all
the
caveats
and
all
those
things,
but
I
think
you
know
getting
to
the
point
where,
even
in
real
time,
you're
creating
certificates
for
calls
is
not
unrealistic.
B
H
C
I've
made
my
piece
with
never
going
to
a
restaurant
again,
so
you
cannot
tempt
me
here
what
I
put
in
the
in
the
chat,
which
is
that,
even
if
you
don't
do
all
this
prefetching
and
you
have
the
as
do
an
rtt
over
to
an
ocspect
at
call
time,
like
you're,
still
getting
a
privacy
benefit
in
that
case,
so
ocsp
sucks
for
two
reasons
like
one
is
the
rtt
and
two
is
that
it
reveals
who's.
Calling
you
know
totally
agreed
yeah.
C
H
J
Cool
all
right,
Jonathan,
Rosenberg,
five,
nine,
so
I
was
what
I'll
just
restate.
What
I
sat
sitting
down
is
practically
speaking.
As
you
know,
most
of
the
time,
the
as
on
the
originating
side
is
making
an
HTTP
query
to
some
third-party
vendor
who's
namings
with
an
N
or
something
like
that,
and
they
return
assigned
passport.
I
mean
you're
already
paying
the
rtt
to
get
the
passport
on
the
ASI.
So
getting
the
cert,
stable
cert
doesn't
seem
like
it's
not
actually
going
to
add
an
additional
round
trip
unless
I'm
missing
something
right.
H
H
H
E
G
H
Yeah
I
mean
honestly
I
I
didn't
make
the
same
marketing
about
service
provider,
OSP
OB,
but
really
you
can
right,
like
I
mean
if
the
AOS
function,
for
this
is
already
a
cloud
function
that
you
know
effectively.
You
know,
rcps
is
like
adjacent
to
our
as
and
like.
Actually
us
sending
a
passport
back
is
the
same
instance
as
us,
putting
it
in
our
CPS.
So
like
it's
our.
B
H
H
H
If,
if
you
want
this
to
work
as
intended
and
like
so
I'm
gonna
have
to
write
a
bunch
of
stuff
about
that
I,
don't
think
the
interactions
look
complicated
but
like
it's
just
got
to
be
done.
There's
been
some
talk
over
on
the
outer
side
and
I
do
I.
Do
distantly
hear
this
chatter,
like
you
know,
through
various
spies
and
emissaries
about
what
the
interaction
and
coexistence
of
this
is
with
crls
I.
E
H
Think
my
my
intuition
about
this
is
is
that
it's
orthogonal
in
the
sense
of
crls
exist
in
the
way
that
the
STI
ba
has
you
know,
operated
and
the
way
the
stics
under
its
governance
operate,
so
I,
don't
think
they're
going
to
go
away
as
a
result
of
anything
that
we're
doing
here.
I
do
just
always
want
to
seize
on
this
one
small
point,
which
is
that
getting
back
an
ocsp
response
because
of
our
extension
that
says
merely
this
telephone
number
is
not
in
scope
for
this,
so
you
get
back
a
no.
H
G
H
Mean
to
me
this
is
an
attempt
to
replace
TN
by
value
or
TMI.
Reference
in
8226
was
something
that
behaves
in
a
way
that
is
much
more
lightweight,
doesn't
have
all
those
State
Management
delting
and
everything
else
problems
and
doesn't
have
the
Privacy
revealing
problems
like
that
that
that's
that's
the
job
and
if
it
tells
you
anything
about
certificate
livelihood,
that's
just
like
gravy.
F
H
F
G
I
Building
so
Jack,
are
we
worried
about
like
normal
ocsp,
not
actually
solving
the
like
Tien
by
ref
privacy
issue,
because
you
could
just
go
through
and
enumerate
all
of
the
phone
numbers
which,
while
there
are
a
lot
of
phone
numbers,
probably
wouldn't
be
too
hard?
Because
you
probably
have
quite
a
good
idea
of
roughly
what
number
they
have.
H
H
Yeah
I
mean
I
worry
about
that
I
mean
there
are
mitigations
for
that.
That
I
think
we
could
probably
implement,
but
I
mean
so
I'm
on
the
fence
about
that
to
be
blind,
I
mean
I,
think
having
something
that
works
as
close
to
traditional
ocsp
works
is
probably
valid
in
the
sense
that
you
know.
Like
I
said
we
ship
an
ocsp
URL
and,
like
every
Shake,
insert
that
we
issue
today,
right
and
like
we
have
infrastructure
that
supports
it.
H
I
mean
I
could
be
persuaded,
though,
that
really
the
the
risks
are
too
severe
does.
Does
it
actually
mitigate
the
risk,
though,
to
push
it
to
the
as
side
in
the
sense
of
like
there's
still
an
ocsp
service?
You
can
still
hit
it
with
these
queries,
I
mean
unless
there's
an
allow
list
for
what
the
set
of
a
s's
are
that
are
allowed
to
acquire
Staples.
I
G
H
Well,
are
people
basically
so
let's
go
through
this
operationally?
Are
people
cool
with
the
passport
size
increase
that
staple
entails,
because
this
you
know
we're
adding
new
staple
elements
going
to
be
a
base64
encoded
element,
I
assume
that's
going
to
be
in
the
passport.
Do
who?
Who
here
would
know
what
the
rough
size
estimate
is
that
that's
adding
to
a
passport
like
how
big
is
a
staple
Russ.
F
J
J
K
Minutes
John
I
just
want
to
know
your
thoughts
about
the
scenario
because
you
mentioned
that
TN
apartian
right
or
the
OSB
right
that
party
and
verification.
So
if
that
telephone
number
is
not
the
real
telephone
number
and
then
there
is
something
right
which
translates
how
that
use
case
will
be
covered.
K
Them,
for
example,
right
that
I
use
a
different
telephone
number
right,
where
they
call
terminates
right,
but
what
it
shows
that
to
to
outside
that.
Okay,
that
is
the
telephone
number.
That's
not
exactly
the
telephone
number,
which
translates
to
a
new
number.
So
is
it
that
expectation
that
the
verifications
are
service
will
have
that
translation
and
then
that
sort
will
be
issued
with
that
number
or
the
original
number.
What
is.
H
H
J
H
Called
but
I
mean
the
point,
is
yeah
I
mean
when
you
so
you're
asking
if,
when
it's
stapled
well
again,
all
you're
looking
at
when
it's
stapled
is
the
original
telephone
number,
not
the
desk
right,
and
so
it's
orthogonal,
because
the
ridge
never
changes
the
desk
can
change,
because
the
portability
or
translations
are
forwarding
are
like
a
whole
host
of
things
like
that.
But
if
the
ridge
ever
changes,
you've
got
a
new
call
in
your
hands
right.
That
needs
a
new
password
real.
B
J
H
H
H
What's
the
point
so
I
mean
the
difference?
Is
you're
either
all
right
we'll
take
our
last
minute
to
discuss
this
so
I
mean
either
the
ca
right
actually
synthesizes.
A
a
single
TM,
sir,
for
like
every
TN,
is
possible
for
this
particular
customer
to
sign
for
and
pushes
them
or
you
query
for
them
as
needed
and
sign
with
them.
These
have
to
expire.
H
You
have
90
seconds,
and
these
certs
do
and
then
they're
gone,
that
that
is
identical
to
stapling
it,
the
the
work
cryptographically
of
creating
that
cert
and
then
pushing
it
to
the
as
you
have
the
as
execute
the
you
know,
the
signature
over
the
passport
with
it
computationally
it
might
be
1.5
times
x
what
it
costs
to
generate
a
staple
from
a
validation
perspective.
It
might
again
like
on
the
on.
F
H
You
have
an
Acme
like
thing,
that's
doing
a
gap,
but
but
you
save
it
on
the
terminating
side,
because
the
terminating
side
doesn't
have
to
validate
both
the
signature
on
the
passport,
correct
and
the
staple
that's
right.
So
again,
there
is
a
trade-off,
but
like
exactly,
but
these
are
computational
trade-offs.
These
are
not
never
trade-offs.
These
are
not
differences
in
rtts
that
are
cause
postal
delay.
These
are
marginal
computational
differences.
All.
H
Well,
and
we
can
wrap
that
short-lift
rap.
Somebody
else
read
it.
Somebody
tell
me
what
you
think
right
like
I
mean
it
could
be
that
that's
really
the
answer
if,
if
I
felt
more,
like
Acme
had
been
adopted,
more
for
issuing
certs
overall
I
feel
much
more
comfortable
about
short-lived,
because
Acme
Acme
has
Acme
star,
they
have
like
whole
systems
that
are
designed
just
for
this
delivery.
The
fact
that
we
have
not
seen
that
much
uptake
of
the
acne
protocol
makes
me
a
little
nervous
about
doing
short-lived
certs,
and
this
is
probably
better.