►
From YouTube: IETF115-LAKE-20221108-1630
Description
LAKE meeting session at IETF115
2022/11/08 1630
https://datatracker.ietf.org/meeting/115/proceedings/
C
A
D
A
A
Good
afternoon,
everyone,
this
is
the
lake
working
group
meeting.
My
name
is
militia
and
my
co-cherry
Stephen.
So
as
a
reminder,
this
session
is
being
recorded
and
it
is
covered
by
note
12..
All
the
contributions
are
covered
by
note
12,
as
this
is
an
ITF
meeting
next
slide,
please.
A
So
if
you
haven't
done
so
so,
please
sign
up
sign
in
using
the
online
Tool
because
to
keep
the
the
presence
logged
and
here
are
some
meeting
steps
for
joining
the
mic
queue.
If
you,
if
you
are
willing
to
speak
at
the
mic
next
slide.
A
Yes,
please
wear
masks
unless
you
are
actively
speaking
eating
or
drinking,
but
we
don't
encourage
you
to
do
so
at
this
time.
So
here
are
some
resources,
the
for
the
meeting
this
afternoon.
So
the
the
agenda,
the
remote
participation
link.
We
have
two
note
takers,
I
believe
Marco
and
David.
Yes,
thank
you
so
much
for
taking
notes.
So
I
guess
you
can
go.
You
guys
can
cover
each
other
when
Marco
is
speaking,
David
can
be
taking
notes
and
vice
versa.
A
If
David
is
speaking
on
the
mic
troublescribe,
we
will
be
keeping
track
on
rubber
from
the
church
side.
Next
slide.
Please,
yes,
in
terms
of
the
agenda,
so
we
are
in
the
administerial
part.
We
plan
on
going
over
the
working
group
last
called
comments
on
the
ad
hoc
specification
domain
chartered
item
of
this
working
group.
After
that,
Mark
will
be
presenting
a
report
from
the
hackathon
and
the
progress
of
the
traces
draft.
A
In
the
second
half
of
the
meeting
we
plan
on
going
over
the
Uncharted
items,
some
possible
future
work
that
we
would
like
to
discuss
as
an
introduction
to
retartering
Lake.
So
does
anyone
want
to
bash
this
agenda.
D
A
D
Thank
you
so
I'm
going
to
talk
about
the
last
latest
version,
and
the
working
group
last
call
comments
next
slide.
Please
so
Contrition
is
17,
which
is
a
small
update
of
16.,
and
that
is
also
a
fairly
small
update,
but
some
significant
changes
and
to
the
wire
form
which
which
was
caused
by
the
the
analysis
team.
So
we
had
two
significant
comments
from
the
security
analysis
teams
and
they
also
verify
the
updates
after
after
being
made.
D
So
we
also
had
to
update
the
traces
document
which
Mark
will
talk
about
after
this
presentation.
Next
slide
next
slide,
so
version
16.
We
already
talked
about
in
an
interim
meeting,
so
I'm
not
going
to
go
to
too
much
detail.
I
just
like
to
mention
the
wire
format
changes.
The
main
changes
were
that
transcript
hash.
2
is
now
used
as
salt
in
the
key
derivation
for
the
for
prk2e
and
the
credentials
are
greatest.
I
are
now
included
in
transform
test
three
and
four
next
slide
and
the
following.
D
D
The
other
text
is
on
their
awareness
for
message.
Four,
then
we
also
moved
the
key
update
function
to
an
appendix
because
that's
covered
by
other
functionality
in
in
a
core
document.
So
so
we
changed
from
recommended
to
optional
and
finally,
some
clarifications
in
in
the
appendix
on
handling
large
plain
text
too
looks
like
so
here.
Just
just
to
give
the
picture
I
had
to
do
this
for
another
presentation,
so
I
thought
I'd
anyway
share
it
here.
This
is
the
current
key
schedule
for
for
all
the
modes
next
slide,
please.
D
So
yeah
great
and
next
slide.
So
these
are
the
people
who
commented
on
the.
We
actually
got
some
more
comments
after
after
the
deadline
here,
but
these
are
the
comments
I've
counted
for
in
in
this
presentation.
D
These
are
implementers
and
security
analysis
teams
and
that's
excellent.
We're
really
happy
for
all
the
comments
we
got
here,
some
very
detailed
and
and
yeah
very
good
comments.
Thank
you
very
much.
There
is
also
a
last
call
comment
from
an
author
from
John
here
on
the
use
of
yeah
we'll
come
to
that
later,
so
so
that
I'll
try
to
cover
these
comments
now
in
in
the
remaining
time.
So
next
slide.
D
Please
here
are
the
specific
issues
which
is
just
a
subset
of
the
comments
we
got,
which
I
think
is
worth
bringing
up
here
and
there
are
I
think
there
are
10
issues,
so
let's
get
started
yeah.
The
first
comment
is
about
session
use
of
the
word
session,
key,
which
is
used
mainly
in
the
in
the
analysis
part,
whereas
in
the
rest
of
the
document,
when
we
describe
the
actual
functionality,
we
use
the
term
PRK
out,
which
is
the
session
key,
but
that
wasn't
really
matched
very
clearly.
D
This
comment
was
made
by
the
the
team,
Charlie
Chacon
and
his
team,
and
he
noted
that
this,
the
tech,
the
text
in
the
first
bullet
here
on
how
to
detect
changes,
wasn't
actually
correct
for
it's
correct
for
strongly
unforgible
signatures
so
that
you
can.
D
You
can
detect
changes
when
you
verify
the
signature
or
Mac
field,
but
it's
not
correct
in
general,
but
you
can
verify
it
at
this
stage,
but
you
will
instead
be
able
to
verify
it
in
the
next
message
so
that
this
needs
to
be
corrected
and
without
going
to
the
detail
of
the
different
properties
of
signature
schemes.
It's.
There
is
basically
proposal
updating
this
text,
which
has
been
checked
with
with
Charlene
and
his
team,
and
that's
that's
now
PR
356..
So
we
have
a
proposal
for
replacing
this
formulation
with
something
that
is
correct.
D
Here
was
a
comment
about
the
key
update,
so
the
key
update
function
has
been
described
and,
and
there
is
a
but
there
was
no
Associated
protocol,
and
that
was
a
question
or
a
comment,
and
since
we
now
have
more
or
less
deprecated
the
key
update
function
in
ad
hoc,
we
propose
to
not
Define
this
in
the
proper
call,
since
we're
using
a
mechanism
from
the
from
the
core
working
group.
Instead,
so
that's
a
proposal
and
interrupt
me
if
there
are
any
objections.
Otherwise
we
go
to
the
next
slide.
D
This
is
a
very
specific
comment
from
Marco
and
actually
from
Malaysia
as
well.
It's
about
how
should
we
encode
the
transcript
hash,
two
or
transportation
in
general,
so
transcript
hash
is,
is
the
output
of
a
hash
function?
So
it's
a
robot
string,
but
we're
stating
in
in
the
document
that
the
transcript
hash
is
a
c
bar
encoded,
byte
string
because
that's
what's
used
in
in
in
various
sieber
objects.
D
It's
either
a
seabor,
stable
or
sequence
or
or
struct,
which
is
it
has
a
cddl
Associated
to
it,
but
as
a
version
16,
we
also
use
th2
in
the
salt,
as
you
remember
so
in
this
case
it's
actually.
D
There
is
no
reason,
a
priority
to
use
Seaboard
here,
because
we
have
the
robot
spring
and
there
is
nothing
else
that
you
see
more
encoded
in
this
in
this
function.
So
for
traces
of
three,
we
used
the
raw
byte
string
in
in
this
location,
so
not
a
c
bar
item
and
then,
of
course,
the
statement
that
the
transcript
hash
is
a
c
board.
D
E
D
C
D
F
Speaking
I
have
exactly
the
same
opinion,
so
the
fact
that
this
is
sibo,
encode
string
is
is
obvious
one.
You
create
your
your
support
when
your
C
board
and
got
your
packets.
A
Okay,
so
it
seems
we
have
consensus
to
use
the
raw
byte
string,
but
let's
please
explicitly
specify
and
in
the
instances
where,
where
it
should
be
cboard
wrapped
that
that
it
should
be
done.
So
please.
D
Okay
and
for
sorry,
going
back
th3,
just
the
note
there
this
as
far
as
understand
history
is
only
used.
I
didn't
check
this
sort
of
I
think
the
history
is
only
used
in
in
the
seabor
objects.
So
so
we
we
don't
need
to
be
explicit,
and
the
question
is
then:
should
we
keep
this
formulation,
the
transcript
hash,
th2
and
the
transportation,
or
should
we
take
that
out
in
all
I
suppose
we
take
that
out
in
all
places,
any
any
disagreement
with
that
we
remove
this.
A
What
you
were
saying,
no,
that
that
is
in
agreement
with
what
I
was
saying
actually,
because
this
is
the
sentences
is
what
introduced
confusion
when
I
was
implementing
this
draft.
So
this
is
my
point
of
view,
so
that
would
be
my
third
head
of
opinion.
I,
don't
know
if
anyone
else
has
comments,
if
not
I
propose
we
remove
the
sentence
and.
D
So
here
is
another
comment
which
has
been
actually.
This
is
the
second
time
we
have
the
comment,
so
we
need
to
think
a
little
bit
carefully
if
we
really
should
this
disregard
it.
So
Malaysia
again,
this
was
a
while
we
had
the
previous
time
asked.
Why
don't
we
have
a
state
machine
for
for
describing
airdog
and
he
was
referencing
TLS
and,
as
John
is
flying
here,
that
adult
doesn't
really
have
the
kind
of
states
that
TLS
103
has
but
he's
not
against
having
a
figure.
D
So
our
proposal,
the
author
team,
proposed
that
yeah.
We
should
sketch
an
appendix
and
see
how
this
figure
looks
like
and
then
we
can
decide
if
that's
if
that
is
useful
or
not-
and
we'd
like
to
have
volunteers
here
or
at
least
some
ideas
of
how
this
would
look
like,
because
we
can't
map
directly
from
from
appendix
a
in
RFC
8446
and
if
the
rest
of
the
proposals,
then
the
authors
will
do
it
we'll
do
it
basically,
but
I'm
happy
to
do
or
yeah
any
inputs
here
would
be,
would
be
very
good.
A
So
yes,
I
had
to
implement
one
for
the
for
my
implementation,
so
I'm
happy
to
provide
feedback,
but
we
should
also
run
this
against
the
security
security
guys
who
did
the
reviews
because
they
had
their
own
models
as
well.
So
we
should
be
a
team
effort,
but
I
am
happy
to
volunteer
to
provide
some
feedback
on
this.
Let's
know
this
in
as
in
action
items
for
for
myself,.
B
A
F
's
speaking
I
think
maybe
you're
a
bit
optimistic
because
State
machine
are
like
pseudocode
and
usually
implementers.
Don't
read
the
text
and
just
look
at
the
pictures
and
if
your
step
machine
is
not
perfectly
aligned
with
the
specification,
it
may
cause
problems.
D
B
D
D
So
we'll
talk
more
about
the
the
extent
the
external
authorization
data
in
the
later
presentation,
but
the
ad
processing
is
this
disjoint
from
from
ad
hoc.
So
the
question
from
Marco
in
this
case
was
how
do
I
apply
the
general
rule
here?
If
an?
D
If
you
have
a
an
EAD
item-
and
you
have
a
failure
in
that
when
you
process
that
this
doesn't
mean
that
ad
hoc
is
going
to
send
an
error
message
and
the
the
general
rule,
as
stated
at
the
top
there
is
that
if
any
processing
fails,
responder
must
send
a
network
message
back,
but
then
we
also
have
a
security
considerations.
Section
8
7,
stating
specific
conditions
where,
for
example,
in
our
service
reasons,
when
you
would
not
send
an
error
back.
D
So
that's
already
a
little
bit
leeway
for
exactly
when
you
need
to
send
an
error
message.
But
apart
from
that,
we
think
that
we
should
just
clarify
that
it's
the
EAD
specification
that
he
finds
when
you're
sending
and
what
you're
sending
and
then
ad
hoc
is
adapting
to
that.
That's
our
proposal
would
that
make
sense
to
you
Marco.
E
Yes
makes
sense
to
have
the
specification
defined
in
the
ID,
defining
relative
and
the
error
message
or
not
exactly,
but
then
it's
also
better
to
clarify
the
general
rule,
then
to
exclude
from
that
any
processing,
specifically
the
processing
of
the
idea
items
right.
D
D
D
They
are,
they
are
byte
screens
no
bite
strings
and
typically
encoded
as
Seymour
byte
strings,
except
in
the
case
when
they
happen
to
be
the
core
encoding
over
one
byte
integer,
one
byte
board
encoding
of
an
integer,
and
that's
in
that
case
it's
it's
just
left.
It's
basically
represented
as
that
as
that
data
string.
D
So
the
current
text
is
speaking
is
is
formula
as
you
see
the
old
and
the
new
here.
The
current
text
is
using
Seaboard
diagnostic
notation
to
express
this
and
and
Mark
was
proposing
that
we
should
actually
not
use
seabo
diagnostic
notation,
because
we
are
talking
about
an
object
which
is
a
robot
string.
So
that
means
that
instead
of
H
21,
we
should
use
0x
21.
D
D
D
We
had
two
comments
about
reference
to
the
security
analysis
and
the
current.
The
only
thing
we
we,
the
only
reference
we
make
today,
is
the
sentence
in
the
first
bullet,
which
is
basically
listing
two
analysis
made
previously
and
now
we
have
three
more
analysis
that
is
in
in
where
there
is
the
analysis
is
made,
but
there
is
no
nothing
to
reference,
I
mean
there
is
preprints
or
or
or
they
are
not
even
available.
D
We
just
know
that
the
analysis
is
made,
and
in
that
case
we
will
definitely
need
to
update
this
sentence,
but
the
question
is:
if
we
should
do
more.
So
if
you
compare
with
with
DLS
appendix
a
there
is
a
more
or
less
a
security
properties
listed
and
reference
is
made
directly
to
two
different
analysis,
Publications,
which
is,
of
course,
a
larger
effort
to
make,
and
we
have
already
a
security
document
which
is
listing
the
properties
and
yeah.
There
might
be
overlaps
as
well,
and
so
I'm
not
really
sure
how
to
handle
this.
D
The
simplest
way
is
just
to
add
the
references
and
and
then
be
done,
but
more
ambitious.
Setting
here
is
to
try
to
pinpoint
exactly
what
each
analysis
is
contributing
to
to
the
document,
so
I
I'm
open
for
for
input
here
and
in
particular,
if
someone
is
interested
in
writing
this.
D
Update
them
later,
yes,
so,
let's
start
there,
and
unless
there
are
other
opinions,
then
we'll
go
for
that.
B
C
I
can
take
it,
so
this
was
just
pointing
out
that
this
was
an
option
missed
when
this
was
discussed.
It
has
been
discussed
several
points
in
the
before,
but
so
when
we
discussed
using,
for
example,
AES
CTR,
we
discussed
either
using
asttr
or
using
CCM
with
a
plain
text
as
an
input
and
then
do
remove
the
tag.
C
But
the
easy
way
to
do
this
is
to
do
like
today
and
derive
a
key
stream.
So
you
have
you
do
encrypt
with
your
aadm
only
zeros,
and
then
you
swore
the
beginning
of
that.
The
key
stream
or
ciphertext
with
the
with
the
plain
text,
but
I.
Don't
really
think
myself
that
we
should
do
this
but
yeah
for
the
to
make
an
issue
to
have
it
that
we
have
discussed
it.
A
So
a
clarifying
question
John
or
would
it
during
this
change-
affect
the
security
analysis
being
on
that
that
are
already
done.
C
I,
don't
think
so.
No,
it
would
make
it
things
a
little
bit
more
complicated.
You
would
need
to
derive
derive
keys,
but
you
would
derive
keys.
The
only
benefit
I
can
see
is
that
it
would
make
us
nist
comply,
and
this
has
some
role
that
you
cannot
use
your
key
derivation
functions
to
derive
like
other
random
data.
That
has
been
he
criticized
a
lot,
but
by,
for
example,
crab
joke.
C
C
C
Another
benefit
for
this
would
be
that
you,
you
would
get
rid
of
the
appendix,
with
large
streams.
B
A
A
B
So
what
is
so
assuming
everybody
assuming
when
we
send
a
mail
to
the
list
with
the
minutes
of
nobody,
changes
their
minds?
What's
the
likely
timing
on
the
update?
Do
you
think,
roughly.
A
B
So
please
be
aware
that
if
you
are
going,
if,
when
they
post
some
text
about
the
state
machine
yo,
one
of
the
options
is
not
not
to
include
that
text
and
and
be
done
quicker,
but
we'll
see
if
we
see
what
we
see.
Okay.
A
So
the
next
one
in
the
line
is
Marco
with
the
hackathon
report
and
the
update
on
the
traces
graph.
E
Hi
this
is
Marco.
This
is
an
update
from
the
akaton
testing
activities
and
on
the
electricity
draft.
Next
slide,
please,
on
the
lake
traces
draft,
we
submit
a
new
version
before
the
cutoff.
E
So
a
lot
changes
changed
at
the
end
of
the
day.
Next
slide,
please,
right
before
submitting
this
new
version.
Malaysia
was
able
also
to
confirm
the
correctness
of
the
second
Trace
with
this
implementation.
So
that's
the
trace
with
732,
using
CCS
as
credentials,
identifiers
and
static
static
and
whether
there
are
additional
test
vectors
from
Marek,
also
covering
the
same
surface
Suite,
but
also
with
meta
zero,
and
they
are
available
online
and
yeah.
E
Next
slide,
please.
So
that
was
about
the
the
traces
draft
about
the
testing.
We
had
quite
a
lot
of
testing
during
the
hackathon
Malaysia,
both
with
implantations
up
to
date
again
to
version
17
of
eddock.
We
basically
tested
first
of
all
the
same
thing
we
tested
at
the
previous
hackathon,
so
considering
the
same
setup.
E
You
can
just
see
from
this
figure
that
yeah
we
successfully
interrupt
and
again
we're
highlighting
that
this
is
the
exact
setup
where
you
can
achieve
the
smallest
possible
size
for
message
to
45
bytes
next
slide,
please,
and
for
the
first
time
we
managed
to
test
the
same
configuration,
but
we
swapped
edoc
rows.
Now
the
Malaysia
supported
also
the
respond,
the
role
and
again
successful,
interrupt
with
same
nice
in
Twilight
about
myself.
E
Next
slide,
please
so
I'm
aware
of
other
people.
Updating
their
implementations,
especially
Marek
from
us
employee,
should
have
his
implementation.
It
was
from
17
ready
and
we
were
planning
to
interrupt
already
for
the
academ.
Then
we
ended
up
having
conflicting
schedules,
and
now
we
are
going
to
reschedule
anytime
soon,
but
we
will
have
those
tests
and
also
David
is
working
on
implementation.
We
should
be
able
to
test
and
we
actually
started
during
the
academic
without
being
able
to
complete
a
full
protocol
execution.
E
So
more
tests
will
come
on
the
actual
traces
draft.
We
think
it's
table
and
ready
in
principle
for
working
request
code,
but
it's
actually
better
to
be
sure
that
adopt
is
in
turn,
really
stable.
First
So,
the
plan
is,
if
there
is
not
going
to
be
any
change
on
the
on
the
wire
for
a
dog
anymore
following
its
working
group,
let's
go
I
think
we
can
consider
this
version
three
of
the
traces
for
working
group,
Lost
Code
as
well.
E
If
there
is
any
change
on
the
wire
for
Red
Oak
instead
well
we
produce
new
test
vectors
and
submit
the
new
version
of
traces
for
that.
So
it's
been
staying
home
for
a
few
weeks
or
so
I
guess
yes,.
A
So
before
doing
before
doing
the
working
rule
plus
call
I
believe
we
need
to
validate
Trace
number
one
with
another
implementation,
that's
for
sure
and
I.
It
would
be
ideal
to
ship
first,
that
hook,
so
that
we
know
that
it's
frozen
so
out
of
the
working
group,
at
least
so,
to
fit
to
publish
this
new
version
of
Adcock
to
and
then
to
go
for
working
group
last
called
once.
We
are
sure
that
there
are
no
changes,
so
that
would
be
my
opinion.
Sure.
B
A
So
now
we
are
going
ahead
with
non-trusted
items,
so
the
presentations
of
possible
future
work.
So,
first
the
presentation
is
by
yoran
on
lightweight
authorization
for
ad
hoc.
D
D
So
it
has
been
requested
in
this
working
group
that
we
should
give
more
detailed
examples
of
how
we're
using
the
external
authorization,
data,
EAD
fields
and
that's
an
integration
point
in
ad
hoc,
where
you
can
support
authorization
of
peers,
and
that
typically
involves
the
trusted
third
party.
So
there
are,
we
will
see
several
examples
here.
D
Next
slide,
please
just
a
few
reminders
about
what
Eads,
what
the
adult
specification
is
saying
about
EAD,
so
it's
defined
in
section
three,
eight.
There
is
more
details
in
appendix
e
on
on
using
ads
and
there
is
some
text
in
security
considerations,
and
all
these
three
are
are
have
a
lot
of
warning
signs.
Indiana
registration
procedure
for
Ed
items
is
specification
required
and
that's
what
this
draft
is
doing.
It's
specifying
one
one
of
these
use
cases
next
slide,
please.
D
So
if
we
look
at
the
an
onboarding
device
onboarding
setting,
we
have
a
device,
we
have
an
onboarding
node
and
we're
gonna
run
this
over
a
constrained
link,
and
then
they
have
one
or
more
multiple
third
parties
that
are
available
from
the
onboarding
node
point
of
view
over
internet,
for
example,
or
some
unconstrained
Network,
and
the
typical
way
to
do
this
is
that
you
start
with
the
handshake
the
egg
protocol,
and
then
you
run
one
or
more
authorization
protocols
in
sequence
and
that's
Illustrated
here
with
the
blue
and
red
box,
and
the
there
are
potential
inefficiencies
here.
D
Another
thing
is
that
you
can
collect
the
data
which
is
carried
over
the
constrained
link
multiple
times
and
perhaps
not
send
them
multiple
times,
and
the
third
thing
you
can
do
is
that
you
could
use
the
unconstrained
Network
to
get
the
information
that
the
onboarding
node
needs
without
transporting
backup
and
forth
in
our
constraint
link
excellent.
D
So
in
the
particular
example
which
this
draft
is
containing,
there
is
a
voucher,
retrieval
protocol.
So
now
the
red
box
from
the
previous
slide
is
moved
into
the
the
black
box,
which
is
the
ache
in
this
case
ad
hoc,
which
is
three
messages
and
the
red
protocol
is
carried
in
the
EAD
Fields.
So
you
have
in
this
case
there
is
a
voucher
info
going
in
in
day,
one
which
the
responder
turns
into
a
voucher
request
for
the
authorization
server.
D
He
gets
back
a
voucher
in
the
voucher
response
and
that
is
passed
back
to
the
initiator
with
the
message
too.
So
after
message,
two
you
could
the
initiator
can
authenticate
and
also
authorize
the
responder
and,
if,
if
not
authorized,
aboard
the
protocol,
so
this
is
addressing
that.
The
issues
with
mentioned
in
the
previous
slide
thanks
a
lot.
D
So
here
is
the
details
of
the
protocol
or
some
of
the
details,
and
this
first
we
look
at
what
are
the
trust
relationships
we
assume
between
these
nodes
for
some
reason:
we've
given
the
nodes,
names,
U,
V
and
W.
That's
so
mapping
from
the
previous
picture.
That's
slightly
confusing,
because
we
already
have
letters
for
the
initiator
and
the
responder,
so
U
equals
I
and
V
equals
r.
So
we
think
about
that
to
the
next
version,
but
U
is
not
assumed
to
have
a
relationship
with
v.
D
D
So
U
has
a
a
trusted
public.
If
a
hell
monkey
of
the
of
w
and
that's
used-
that's
pre-provision
in
Factory,
for
example,
or
or
at
some
some
warehouse
and
that's
used
to
encrypt
the
the
message
going
from
U
to
V
in
the
voucher
request.
D
D
The
voucher
request
contains
information
from
message:
one,
for
example,
the
hash
of
the
message,
one
as
a
session
identifier.
There
is
a
selected
Cipher
Suite,
which
is
comes
out
of
the
sweet's
eye
field
in
ad
hoc,
which
is
the
same
Cypher
Suite
being
used
between
U
and
W
as
u
and
v
in
this
version
of
the
draft
and
the
FML
key
from
also
from
Adam
and
from
the
EAD
fields,
we
take
the
encrypted
identifier
of
you
and
a
proof
of
possession
of
the
public
key
of
V.
D
Okay,
so
that's
good
I'm,
because
I'm
done
so
this
is.
We
have
already
got
very
good
comments
from
Marco
and
we'll
make
a
new
version
and
we're
implementation
in
progress
or
in
plan
planning,
and
if
anyone
is
welcome
to
join,
there
is
open
source
adult
libraries
to
use.
Thank
you.
A
B
You,
if
you
can
do
this
in
about
eight
minutes,
that
would
be
fantastic.
G
So,
where
do
I
yes
passes
you,
the
slice,
control
Perfect,
all
right
hello!
Thank
you
for
having
me
I'm
Yusuf,
Abdul,
halik
and
I'm
gonna
talk
about
certificate,
revocation
in
resource
constrained
environments,
and
this
is
a
master's
thesis
and
the
idea
is
that
we're
leveraging
ocsp
and
ad
hoc
to
achieve
this
certificate
revocation.
So,
let's
Dive
In.
G
The
idea
here
is
we're
considering
a
communication
scenario
where
we
have
a
constrained
node
as
ad
hoc
initiator,
and
we
have
a
non-constrained
node
as
responder,
and
now
there
is
one
more
step
of
authentication
required
from
the
responder
as
the
initiator
also
wants
certificate,
revocation
information
and
just
very
quickly
when
a
private
key
is
compromised,
certificate
is
revoked
and
you
need
to
tell
the
network
somehow
about
this
or
else
there
is.
G
So
how
can
we
achieve
this
in
a
constrained
environment?
How
can
a
constrained
node
get
this
information?
The
idea
is,
or
was
to
look
into
transporting
this
information
via
a
lightweight
key
exchange
protocol
adhof.
G
How
can
a
constraint
node
acquire?
There
are
some
ways:
we're
gonna
look
through
them
very
quickly.
There
are
certificate,
revocation
lists,
but
the
idea
is.
These
are
too
large,
we're
talking,
sometimes
unlimited
size,
so
you're
not
gonna,
have
a
constrained,
node
download
these
and
cross-reference
ID
cred
with
them
to
see.
If
if
the
certificate
is
revoked,
that's
not
going
to
happen
so
that
completely
removes
crls
out
of
the
equation.
G
Then
we
go
to
ocsp
online
certificate
status
protocol
and
the
idea
here
is:
we
can
have
the
initiator
query.
The
revocation
status
of
the
responder
certificate
doing
an
ocsp
request,
but
now
you're
saying
that
at
the
initiator
or
the
constraint
initiator
has
to
support
a
library
to
perform
an
ocsp
request,
meaning
it
knows
yes
and
one.
It
knows
the
AR
encoding.
G
So
again,
it's
maybe
it's
asking
too
much
of
it,
and
also
you
want
it
to
have
a
connection
with
an
ocsp
responder
again,
maybe
too
much
so
what's
better,
then
the
better
thing
is
that
we
try
to
leverage
all
CSP
stapling
and
then
we
remove
the
whole
load
from
the
constrained
node.
Let's
talk
about
ocsp
stapling.
G
So
now
going
back
to
our
previous
structure,
we
have
the
constraint
node
as
ad
hoc
initiator
again
same
thing,
but
now
we
have
an
all
CSP
responder
in
the
equation
here
and
the
idea
is
that
we're
to
perform
stapling
the
constraint
node
in
we're
gonna
see
how
exactly
right
now,
but
it
somehow
tells
the
responder
to
not
only
give
its
certificate,
but
also
please
staple
an
ocsp
response
onto
that
certificate
and
that's
the
idea
of
stapling
the
staple
is
the
ocsp
response
on
top
of
the
responder
certificate.
G
The
idea
is
in
ad
hoc
message:
one
in
aad1,
the
constrained
initiator
generates
a
staple
request
and
we're
gonna
see
what
that
looks
like
right
now,
but
the
idea
is,
we
know
that
e81
or
EAD
is
a
sequence
of
Ed
items
and
we're
looking
at
Ed
value
here.
The
Ed
value,
we're
gonna,
call
here
staple
request.
G
It
contains
responder
ID
list
and
fresh
responder.
Id
here
refers
to
trusted
ocsp
responder
ID,
and
the
idea
is
that
the
responder
must
respect
this
list,
and
this
is
taken
from
staple
request
in
TLS.
It's
the
same
idea
that
there
is
the
responder
must
respect
this
list
and
give
back
an
ocsp
or
contact
an
ocsp
responder
from
that
list,
because
that
is
the
only
way
that
the
initiator
can
then
verify
the
signature
of
the
response,
because
well,
yes,
that's
the
trusted
responder
and
accordingly,
in
the
trust
store.
G
G
A
Minutes,
sorry,
so
we'll
have
to
wrap
up
in
two
minutes.
Okay,.
G
Okay,
yes,
then
we
go
to
the
ocsp
request.
So
now
we
understand
can
perform
the
ocsp
request
after
it
got
the
staple
request
just
very
quickly
here,
ocsp
request.
When
we
get
it,
we
get
the
1600
bytes
response
which
doesn't
really
work.
There
is
no
possibility
to
re-encode,
because
on
the
the
initiator
needs
the
response
to
be
signed,
it
doesn't
trust
the
responder.
We
have
gone
through
this
so
accordingly,
the
thesis
proposes
a
tiny
version
of
the
ocsp
response.
But
how
do
we
ask
for
this
tiny
version?
G
We
use
the
preferred
signature
algorithms
to
Signal
a
tiny
request
in
ocsp
request
now
going
back
here
now,
the
the
responder
has
received
the
response
in
ad2
as
a
staple,
and
the
responder
sends
this
as
it
is,
including
the
staple
tiny
ocsp
response.
Let's
look
at
how
that
looks,
and
this
again
here
this
will
be
in
ed2.
This
is
staple
responses.
G
The
value
and
inside
is
Tinus
SP
response,
and
this
is
a
profile
which
allows
to
achieve
the
functionality
of
acquiring
the
revocation
information,
but
still
be
within
the
security
considerations,
but
because
of
short
time
we
won't
go
through
that
very
quickly.
Now,
to
complete
the
structure,
the
initiator
receives
the
stable
response
it
can
verify
produced
at
to
see
if
it
works
with
its
own
time,
it
can
verify
ID,
cred
R
and
then
it
can
get
the
certificate
status
and
accordingly
decide
whether
to
continue
or
discontinue
other
talk
very
quickly.
Here.
G
This
new
ocsp
response
give
83
percent
reduction
compared
to
using
normal
ocsp
and
then
the
idea
is
it
to
remove,
sign
or
cert
and
also
removes,
of
course,
the
rnas
and
one
structure,
meaning.
G
Yes,
great
then,
yes,
this
was
showing
the
transport
overhead
and
ad
hoc
just
the
implementation.
Soon
there
will
be
two
pull
requests
both
to
open,
SSL
and
Stefan
ristosov's
us
score,
you
ad
hoc
Library,
and
that
is
that.
Thank
you.
Okay,.
E
This
is
a
possible
additional
topic
for,
while
reviewing
and
implementing
over
the
last
two
years,
I
ended
up.
Thinking
of
a
number
of
side
points
that
I
believe
rightly
are
out
of
scope
for
the
actual
adult
protocol
were
left
out
of
the
adult
specification,
but
still
I
believe
in
implementos
has
to
face
them
when
implementing
Edo
network
library,
whatever
and
yeah
I
think
guidelines
would
be
useful.
I
started
to
think
of
three
areas
to
start
with.
E
What
did
you
have
to,
for
whatever
reason,
invalidate
a
network
session
or
invalidate
application,
Keys
derived
out
of
another
execution
for
the
format
that
may
be
I
expect,
typically
because
of
authentication
credentials
expired
or
revoked.
The
latter
case
is
trickier
and
adult
per
se
is
fine.
The
session
is
fine,
but
application.
Keys
have
become
invalid
to
use,
for
instance,
because
you
embraced
the
crypto
limits
or
whatever.
What
did
you
run
agical
together,
you
run
a
lighter
key
update.
Can
you
still
do
that?
E
If
the
attack
session
was
not
persisted,
whatever
was
not
simply
run,
Standalone
might
even
more
complex
context
like
as
an
access,
control,
framework,
execution
and
analog
session
is
bound
to
Access
Control
credentials.
That
scenario,
the
second
area
is,
you
are
fine,
with
trusting
authentication
credentials
you're
storing
already,
they
might
have
been
provided
by
a
translator
party
out
of
them
or
whatever.
But
what
do
you
do
about
credentials
that
are
new
for
you
that
you
can
learn
in
principle
on
the
Fly
is
transported
by
value
in
credits?
E
E
Believe
again,
that
rightly,
the
other
specification
focused
on
what
I
call
here
core
edit
processing
already
saying,
all
in
all
that
in
some
spots
you
may
have
to
divert
from
the
main
processing
to
take
care
of,
for
example,
validating
credentials,
processing
the
ad
items,
and
sometimes
the
ladder
influences
the
former.
It
is
just
it
very
generically.
Oh
give
those
things
up
to
the
application
for
their
processing.
E
You
can't
exactly
go
all
the
way
out
to
the
application
or
grouped
up
getting
back,
so
you
need
some
careful
there's
another
consideration
to
do
that
in
a
callback
fashion.
So,
to
say,
and
believe
me,
the
the
big
box
with
the
ABC
Point
can
be
in
turn.
Exploded
with
with
the
sort
of
State
machine
which
is
not
trigger
to
think
about
next
slide,
please
and
that's
the
the
last
one.
This
is
just
what
I
thought
so
far.
E
My
plan
was
to
propose
an
informational
document
to
give
this
kind
of
guidelines,
but
but
first
of
all,
I
take
the
opportunity
to
ask
to
the
group
to
the
chairs
if
this
is
in
scope
and
appropriate
for
Lake
in
the
first
place,
if
anything,
more
should
should
cover
and
a
draft
of
Google
come
to
considerator.
D
E
B
Sure,
okay,
so
I
think
we
have
yeah.
So
we
have
like
four
minutes
left,
I,
I,
I
gotta
suggest
that
probably
might
want
to
do
is
when
we
get
to
hit
the
publication
requested
for
ad
hoc,
then
maybe
schedule
an
interim
meetings
where
we
can
accept
suggestions
for
work
like
this,
and
you
know
with
a
bit
more
time
to
allow
them
to
be
discussed.
B
Does
that
kind
of
make
sense
to
people's
with
me
so
I'm
guessing
that
would
be
either
just
before
the
holidays
or
just
in
the
new
year,
or
something
like
that?
Maybe,
and
so
we
can.
You
know
we
can
ask
people
on
the
list
to
make
suggestions
in
the
lead
up
to
that,
but
I
think
yeah.
If
we
can,
if
we
can
get
the
publication
requested,
put
and
hit
first,
that's
probably
a
safer
thing
to
do.
A
Yeah,
so
we
focus
on
strategizing,
of
course,
but
what
crossed
my
mind
is
like
what
we
were
discussing
about
the
finished
statement
about
the
state
protocol.
State
machine
could
as
well
go
into
the
draft
that
Marco
was
proposing
on
implementation
guidance
so
that
that
would
be
I
think
also
an
appropriate
kind
of
home.
E
Yeah
about
that,
if
the
other
class
covered
an
estate
machine
at
all,
it
will
probably
be
limited
to
to
what
I
call
core
add-up
processing
anyway,
because
that's
what
that
draft
defines
it.
A
So
yes,
so
let's
discuss
this
and
at
the
interim
beginning
of
December
or
mid-December
well,.
B
So
I
I'll
suggest
I'm,
suggesting
that
we
first
hit
the
publication
requested
and
then
schedule
the
intro
sounds
good
because
otherwise
people
will
get
carried
away.
Okay
is
that
okay
yep.
That
sounds
good
for
me,
okay,
so
so
so
so,
basically
we're
we're
going
to
try
and
get
ad
hoc
to
hand
it
off
to
the
area
director
for
his
review,
and
then
we
can
discuss
in
more
detail
future
work
items
and
things
people
would
like
to
do.