►
From YouTube: IETF115-DISPATCH-20221107-0930
Description
DISPATCH meeting session at IETF115
2022/11/07 0930
https://datatracker.ietf.org/meeting/115/proceedings/
A
A
B
B
B
It's
great
to
have
you
feels
like
I've
got,
got
you
right
next
to
me,
even
though
the
chat
is
empty,
so
we've
got
a
pretty
full
dispatch
agenda
today
and
the
art
area
meeting
just
afterwards,
but
because
we're
the
first
meeting
of
the
week
we
like
to
go
over
some
of
the
admin
that
will
help
you
navigate
a
successful
ITF
in
terms
of
logistics
and
meeting
interaction.
B
So
if
we
go
through
the
slides
to
start
with,
please
note
the
note
well,
you
will
have
agreed
to
this
when
you
registered
for
this
meeting,
but
it's
just
a
reminder
to
you
that
all
of
these
various
policies
are
in
force.
This
includes
working
group
processes,
things
on
anti-harassment,
Code
of
Conduct
copyright
by
participating,
which
is
speaking
sending
emails
like
joining
in
meetings.
You
agree
to
follow
these
processes
and
any
such
contribution
is
covered
by
these
processes.
So
it's
really
important
that
you
note
the
note.
B
There's
always
going
to
be
teething
problems
in
the
first
week
here,
so
in
the
first
session,
if
you're
able
to
skip
the
slide
on.
Thank
you,
so
this
session
is
being
recorded.
You
can
find
it
on
YouTube
afterwards.
If
you
want
to
watch
yourself
back
for
those
in
the
room,
you
must
sign
in
to
the
session
using
the
meat
Echo
lights
client,
which
you
can
find
on
the
data
tracker
agenda
here.
B
B
If
you
are
not
using
the
on-site
version,
we
ask
that
you
keep
your
audio
and
video
off
to
help
us
go
through
as
smoothly
as
possible
and,
importantly
for
those
of
us
in
person
in
the
room,
you'll
see
we're
all
wearing
masks.
That's
not
because
it's
a
fashion
statement.
It's
our
mask
policy.
So
please
wear
your
masks.
Unless
you
are
actively
speaking
at
the
microphone
there,
you
have
the
option
to
remove
your
mask,
but,
as
I
am
clearly
demonstrating,
the
mask
does
not
inhibit
the
audio
in
any
way.
B
So
it
really
is
your
choice
for
remote
participants.
We
strongly
encourage
you
use
a
headset
if
at
all
possible,
okay,
let's
advance
so
here.
If
you're
coming
to
ITF
in
London
welcome,
you
can
tell
from
my
accent
that
I
am
British,
so
welcome
to
my
home
country.
You
have
the
agenda
all
the
stuff.
You
need
from
Meet
Echo
participation
and
technical
assistance
on
the
reporting
issues
page
there.
B
If
you
have
any
problems
during
the
session,
you
can
always
find
me
afterwards
to
ask
or
just
tap
the
person
next
to
you
and
see,
if
they're
willing
to
help
you
out
all
right
onto
it,
so
welcome
to
dispatch
another
hybrid
meeting,
it's
exciting
to
have
you
all
here
and
we
always
ask
for
people
to
head
over
to
note
taking
you
can
find
that
in
the
agenda
uploaded
to
the
session
for
dispatch
today,
here's
what
we're
going
to
run
through
so
we've
got
a
few
minutes
to
go
through
and
Bash.
B
The
agenda
anything
you
want
to
add:
we
have
some
Flex
time
and
aob
at
the
end,
but
first
we
have
four
things:
to
dispatch
slight
Flex
in
the
agenda
due
to
a
late
running
flight.
We
will
push
the
Deacon
replay
item
to
the
last
item
in
dispatch
just
to
give
one
of
the
presenters
a
chance
to
run
here
in
an
epic
last
minute,
Sprint,
but
either
way
decim
will
just
be
after
webrtc,
so
we
have
vcon
at
first
Sasol
authentication
for
sip
Deacon
replay
after
webrtc
and
then
in
the
art
area.
B
B
So
a
reminder,
we
have
the
mailing
list,
a
dispatch
and
art
topics
to
discuss
things
further,
as
well
after
the
session,
but
first
I'd
like
to
welcome
up
our
first
presenter
Thomas
Howe
to
present
on
vcon,
we'll
just
share
the
slides
for
you,
as
you
make
your
way
up
here,
welcome
Thomas,
first
ITF,
so
welcome.
Thank.
D
You
thank
you
Christy.
Thank
you
very
much.
Thank
you.
My
name
is
Thomas
and
on
behalf
of
me
and
Dan,
thank
you
for
your
time
today.
We
want
to
talk
about
the
Json
standard
for
for
carrying
conversations
and
why
that's
really
important
for
us
to
put
some
energy
into
that.
So
next
slide.
Please.
D
So
in
in
my
particular
field
of
communications,
which
is
real
time,
business
stuff,
the
rage
for
the
last
five
or
ten
years
has
been
conversational,
Commerce,
conversational
work,
machine
learning,
Etc
and
so
the
unit
of
exchange
as
a
conversation
has
become
a
a
real
Focus
for
for
us
and
when
I
took
my
new
job
just
about
a
year
ago.
D
I
realized
that
in
my
particular
company,
which
is
not
unusual,
we
have
about
a
million
conversations
a
month
a
year
with
customers,
and
we
record
them
like
most
agent,
which
most
companies
do
and
we
have
them
over
five
different
Services,
a
web
chat,
a
dialer,
an
inbound
queue,
a
phone
system
and
what's
happened,
is
all
this
data
that
we've
been
collecting
about.
D
Our
customers
is
siled
and
it's
splattered
all
around
my
company,
and
so
because
we
don't
have
a
a
general
definition
of
how
to
capture
a
container
a
capture,
a
conversation
I
don't
actually
have
any
standard
tools
by
which
I
could
measure
what's
inside
of
a
conversation
and
that
ends
up
being
really
important.
D
Not
only
spiritually,
but
legally
many
places,
as
you
understand,
have
right
to
be
forgotten
laws
where
customers
can
say
I
like
you
I,
like
my
data
back
and
what
you
have
of
mine,
I,
can't
answer
that
definitively
for
all
the
most
important
data
which
I've
captured
about
my
customers,
their
voices,
their
wants
their
faces,
and
it's
everywhere.
I
liken
it
to
the
days
before
the
relational
database,
and
we
had
all
that
data
on
all
of
our
workstations.
All
around
the
network.
D
It
was
ungoverned,
it
was
unusable,
it
was
unshareable,
it
was
a
mess
and
so
and
then
finally,
I
want
to
I
want
to
point
out
that
the
conversations
that
we
use
today
are
an
active
place
for
automations
for
insight,
for
sentiment
for
for
generating
models
for
providing
the
fuel,
the
food
for
artificial
intelligence
and
machine
learning,
and
we
have
a
an
oncoming
I
think.
Maybe
economic
disaster,
which
is
when
a
customer
asks
you
to
remove
their
data.
D
You
also
have
to
rerun
the
models
that
were
used
with
that
data
and
the
large
models
today,
on
average
cost
around
fifty
thousand
dollars
to
rerun,
which
is
approximately
the
amount
of
energy
contained
in
a
boxcar
full
of
coal,
and
if
we
have
to
be
doing
this
every
time
a
customer
says
forget
my
data.
We
better
be
really
careful
about
what
data
is
used
to
train
the
models.
Next.
D
Slide,
please
yep,
thank
you
so,
where
what
we're
suggesting
here
and
we've
we've
implemented
this
after
the
last
slide,
you'll
see
the
writing
code
that
we
have
that
we're
running
it
now.
We
believe
a
conversation
actually
has
four
parts
and
if
you
think
about
it
very
briefly,
you
might
think
a
conversation
might
be
an
MP3
file
or
a
transcript,
but
it's
really
not
sufficient,
but
it,
but
it's
necessary,
obviously,
and
we're
talking
about
every
part
of
a
conversation.
The
video,
the
audio
the
transcripts,
whatever
Mark
Zuckerberg
has.
D
Next
all
of
these
things,
all
these
things
which
you
can
capture
the
personal
details
of
you
are
important
to
manage,
but
but
something
else
which
is
also
important
to
manage
is,
of
course,
identity
and
we've
done
a
lot
of
work
in
stir
shaking
trying
to
fix
the
identity
problem.
We
believe
that
the
identity
of
a
conversation
can
be
just
as
important
as
a
conversation
itself,
and
so
we
believe
it's
time
for
a
real
upgrade
in
the
way
in
which
we
relate
identity.
D
Two
conversations
the
old
world
of
called
detail
records
is,
is
the
Old
World.
The
last
two
parts,
I
think,
are
really
the
juice
of
the
the
matter.
It's
easy
to
think
of
this
as
being
somewhat
you
know
innocuous,
because
what
what
is
a
conversation
and
an
identity,
but
the
last
two
are
simply.
What
are
the
the
analysis
of
this
conversation
that
goes
along
with
the
conversation
is
the
customer
angry
is:
are
they
are
they
lying
to
you?
What's
the
authenticity
of
what
they're
saying
are
there
translations?
D
Are
there
transcripts
that
analysis
should
be
paired
with
not
only
the
conversation,
but
the
context
of
the
conversation
for
my
company
we're
a
sales
company
we
have
leads.
The
leads
would
be
something
that
would
be
appropriate
to
capture
with
the
conversation
for
the
context
of
it,
but
it
might
be
the
PowerPoint
that
you
had
on
a
zoom
meeting.
It
might
be,
you
know
the
the
V
cards
or
the
participants,
it
might
be
the
vcon
that
you
use
to
make
this
thing
and
there's
the
new
v-con,
all
kinds
of
things
used
for
attachments.
D
So
the
Becon
standard
approaches
all
of
these.
These
points
we've
put
the
draft
in
and
what
we're
what
what
we're
asking
here
is
for
your
involvement
and
for
work
group
to
come
and
help
us
really
solve
this
problem.
While
it's
still
solvable.
D
This
is
not
something
that
the
vendors
are
likely
to
do,
because
it's
a
cross
vendor
problem.
Even
those
vendors
who
say
we
can
do
everything,
don't
do
everything,
and
even
if
I'm,
not
picking
on
them,
but
even
if
Genesis
said
we
can
provide
all
of
your
communication
stuff.
You
may
be
one
company
that
only
has
Genesis
there
isn't
one
because
Genesis
doesn't
do
web
chat
and
every
company
does
have
web
chat.
So
there's
a
there's
a
lot
of
stuff
here
and
I
guess
the
last
point
I
want
to
put
into
Beacon
standard.
D
Is
it's
really
important
that
this
is
a
definition?
It
allows
us
to
define
something
strongly
to
set
a
fact
and
for
us
to
be
able
to
set
a
fact
and
reproduce
the
fact
really
change
to
the
game,
for
interoperability,
for
safety,
for
security,
for
the
security
of
your
information
and
for
the
performance
of
our
networks.
So
this
definition
is
really
foundational
and
critical
to
the
next
generation
of
conversations.
Next.
D
D
One
of
the
very
interesting
things
is
the
data
packing
and
unpacking.
You
know
you
have
a
conversation,
it
can
be
very
large
and
so
that
conversation
can
be
carried
in
one
big
package
where
it
can
be
referenced
externally,
depending
upon
your
scenario
and
the
way
you
convert
between
the
two
it
should
be,
it
should
be
a
defined
thing
from
my
own.
You
know
my
professional
purposes
as
a
as
a
guy
who's
running
this
department.
D
You
know,
I,
have
a
responsibility
to
my
customers
to
protect
their
data.
I
have
responsibility
to
my
shareholders
to
give
them
the
Insight
that
they
that
they
need.
The
vcon
allows
me
to
manage
both
sides
of
my
responsibilities
and
in
in,
and
that
can't
be
more.
You
know
emphasized
here
that
this
is
really
where
we
sit
in
the
world
that
really
that
real
tension
between
the
intelligence
of
what
we're
trying
to
do
and
the
privacy
of
what
we
need
to
maintain.
So
next,
so
here's
the
status.
D
So
the
vcom
python
library
is
now
available.
It
does
life
cycle
support.
This
is
the
way
I
have
to
do.
Next,
we
have
to
work
on
the
life
cycle,
support
redaction
amendments,
but
otherwise
it's
a
fully
functioning
Library.
We
have
a
vcom
server.
We
call
it
the
con
server,
because
it's
funny
it's
basically
a
database
for
conversations.
You
can
put
a
conversation
there
and
get
it
back
later.
You
know
you
can
get
it
back
for
dacted.
D
It
puts
it
all
in
one
place,
we've
already
integrated
to
six
different
kinds
of
communication
services
to
prove
out
that
the
modes
work
between
the
two
places
from
from
cusing
to
chatting
to
to
email
and
we've
also
integrated
with
three
different
analysis:
engines,
open,
AIS,
whisper,
a
commercial
offer
by
Deep,
Graham
and
citigroup's
data
profiler.
We
did
that
in
the
the
the
hackathon,
so
we're
looking
for
comments
and
suggestions.
D
We
need
a
volunteer
to
chair
the
bar
buff,
you
don't
have
to
it
says
it's
a
Thursday
night,
I'm
sure
you've
heard
my
call
for
for
drinking.
Well,
if
you
are,
if
you're
the
volunteer
at
a
chair,
you
don't
have
to
pay.
So,
don't
don't
don't
worry
about
that,
and
so
we
do
have
some
current
discussions
going
on
around
is
Json.
The
right
type
I
think
actually
at
Json
is
absolutely
the
right
type
for
interchange
for
the
application
layer.
It's
really
the
big
thing.
D
If
you're
trying
to
draw
a
line
between
the
bottom
and
the
top
Json
is
the
thing
which
allows
us
to
draw
that
line.
Binary
formats
aren't
appropriate
for
application
web
app
guys.
So
that's
what
I
got.
B
Presenting
Thomas
and
sharing
your
work
with
us
here,
we've
put
this
slide
with
just
more
information:
there's
a
mailing
list,
but
I'd
invite
the
room
or
virtual
participants
as
well
to
join
the
queue
and
we're
looking
here
for
a
dispatch
outcome.
So
if
you
think
that
there
is
interest,
if
you
would
be
interested
in
working
on
this
problem,
if
you've
read
the
drafts,
you
have
any
questions
or
thoughts
about
where
it
should
go.
Yeah.
D
And
well,
I'm,
sorry,
one!
That's
interesting!
The
white
paper
that
we
have
a
reference
to
here
was
the
result
of
half
a
dozen
of
us,
putting
some
work
together,
trying
to
illuminate
the
the
opportunities
in
terms
of
privacy
and
AI
in
the
market.
It's
a
25-page
white
paper
and
it's
it's
really
deep.
If
you'd
like
to
really
understand
what
we're
looking
at
for
problems,
it's
a
good
place
to
start.
B
Great,
thank
you
so
much
so
in
the
virtual
queue
we
have
Ted
Hardy
who's,
also
in
person
as
well.
Hi
Ted.
E
Hello,
1030
Cisco,
thanks
for
the
presentation,
you're
welcome,
I
think
from
a
dispatch
point
of
view
that
this
would
have
to
go
to
above.
It's
a
chewy,
large
scale,
piece
of
work
and
I.
Think
at
that
buff.
We
would
probably
want
to
tackle
a
very
fundamental
question.
Well
before
do
we
do
Json
with
this
in,
and
that
is.
Is
this
the
right
Lego
piece?
E
Typically
in
the
ietf,
we
build
building
blocks
and
I
think
what
you're
actually
looking
at
is
something
that's
partially
built
from
other
building
blocks.
So
if
you
were
going
to
model
this
with
like
a
full
ontology,
you
would
say
this
is
actually
an
utterance,
and
this
utterance
has
those
identity,
properties
and
other
properties
that
you
were
describing,
and
the
linkage
of
different
utterances
into
either
a
Time
sequence
or
to
a
set
of
exchanges
is
what
you're
calling
a
conversation.
E
But
you
can
easily
imagine
this
set
of
utterances
being
used
in
a
different
kind
of
Corpus
right.
So
if
you
created
this
and
said
actually
what
I
want
to
do
with
this
is
to
see
all
of
the
utterances
by
this
particular
identity
across
a
series
of
conversations,
because
maybe
what
I'm
looking
for
is
an
analytical
pattern
of
harassment
or
something.
D
E
That
your
focus
on
the
conversation
is
I
think
useful
for
the
business
case.
You
you
put
forward
and
I
certainly
understand
why
you
did
it
that
way,
but
I
think
if
we're
going
to
build
building
blocks
here,
we
we
might
actually
have
to
go
back
a
step
and
say
what
are
the
building
blocks
that
actually
go
into
this,
so
that
you
have
these
set
of
utterances
that
can
be
either
exchanges
or
other
kinds
of
corpuses
and
go
from
there,
and
so
I
really
encourage
you
as
you're
as
you're.
E
Looking
at
this
to
kind
of
back
up
a
step
and
say:
if
we're
going
to
run
a
buff,
what
is
it
we're
actually
asking
people
to
build
and
how
many
pieces
are
there
because
I
think
some
of
what
you're
describing
if
you
take
it
from
that
perspective,
some
of
the
privacy
considerations
that
you
have
will
expand
a
good
bit
and
some
of
that
question
you
have
about
whether
or
not
the
identity
framework
is
suitable.
E
D
Thank
you
very
much,
I
appreciate
that
and
I,
and
you
know
I
I
I
I
thought
the
same
thing
too.
I
was
I
was
in
the
same
place
there
and
I
think
we
can
do
more
work
with
that
and
I
I
understand
that.
D
But
what
I
found
was
that
when
you
took
The
Primitives
that
we
already
have
the
the
stuff
we've
already
done
in
art,
they
roughly
represent
the
the
elements
that
are
the
composite
that
we're
putting
together
but
from
the
but
from
the
other
side,
if
you
think
about
it
from
a
system
diagram
that
actual
component
that
we're
thinking
about
is
externally
referenced,
not
from
the
application
layer,
but
from
regulations
from
the
vendor
side
from
the
bottom
to
the
top.
D
It
does
transform
ourselves
right
into
the
entire
ecosystem,
and
so
because
I
think
it's
we
do
have
a
lot
of
requirements
on
that
one
particular
component:
that's
what
brought
me
to
there,
but
I
think
I
I
agree
with
you.
I
I
thought
that
through
okay.
B
Thank
you
very
much,
just
a
reminder:
people
in
the
room,
if
you're
going
to
join
the
queue
please
join
on
the
meets,
Echo,
Lite
client
and
then
get
up
to
the
mic,
so
I'm
calling
from
the
virtual
queue
so
we're
all
in
order.
So
you
can
immediately
see
people
add
themselves.
Thank
you!
So
Jonathan
Rosenberg
you're
up
next.
F
That's
me:
I,
you
probably
need
to
put
yourself
in
the
virtual
queue.
If
you
want
to
speak
all
right,
I'm
happy
or
you
can
go
all
right.
Jonathan
Rosenberg,
I'm
from
five
nine,
actually
we're
a
cloud
contact
center
provider.
So
this
is
pretty
relevant
to
my
day.
Job
I
have
two
comments
for
you,
one
is
one
is:
should
go
to
a
buff
I.
Think,
there's
there's
a
lot
here.
F
The
second
thing,
I
would
say,
is
one
of
the
things
I
find
is
unclear
and
would
be
valuable
from
the
buff
is.
Who
is
this
meant
to
be
exchanged
between
like
what's
missing?
Is
the
system
diagram
of
like
oh
industry
problem
today?
Is
vendor
a
makes
product
a
and
vendor
B
makes
product
B
and
today
there's
no
standard
and
that
helps
qualify.
The
requirements
I.
F
Look
at
this,
for
example,
and
I
I
thought
it
was
maybe
trying
to
solve
a
different
problem
in
my
business,
which
is,
we
have
two
vendors
today
that
the
contact
center
provider,
that
has
the
calls
and
the
chats
and
the
quality
management
people
who
like
get
access
to
that
for
like
people,
listen
to
the
recordings
and
stuff,
and
this
format
is
insufficient
as
defined
today
for
that
exchange.
So
maybe
that's
not
the
problem.
You're
solving,
yeah,
I,
don't
know
what
the
problem
is
so
clarifying
the
scope
of.
F
D
You
JD
I,
appreciate
that,
and,
and
and
there's
the
white
paper,
the
25
page,
dense
white
paper
is
a
compendium
of
15
use
cases
and
I
think
the
challenge
is
exactly
that.
How
do
we,
how
do
we
boil
it
down
to
the
use
case
that
we
can
hang
our
Bob
hats
on.
G
Hello,
Robert,
stepanek
FastMail,
so
at
the
risk
of
bike
shedding
I
just
wanted
to
say
that
I
found
the
name
vikon
quite
confusing,
especially
since
you're
in
the
introduction,
referring
to
vCard
I'm
working
a
lot
with
these
formats,
and
they
they
have
nothing
to
do
with
Json
right.
So
I
found
it
very
I.
Had
this,
this
mental
gap
between
sure
thing
called
V,
something
and
then
coming
in
a
very
different
format
than
data
mode.
Yeah.
D
That's
a
good
comment
and,
and
it
by
the
way
it
started
as
a
joke,
we
were
designing
and
we
realized.
We
had
this
conversation
object
and
my
co-designer
said
too
bad.
We
don't
have
V
cards
for
conversations.
We
should
call
it
a
b
con
and
that's
that's
where
it
came
from
the
lot
from
The
Logical
level,
it's
like
a
v
card,
but
it's
for
Commerce
PDF
for
conversations.
That
was
the
idea,
but
you
I
think
I'll.
Take
that
comment
as
well.
If
you
have
a
better
name,
I'm
all
ears.
Thank.
H
Yeah
hi
I
have
no
opinion
the
name
on
the
process,
as
people
said,
this
needs
to
go
to
above
clearly
I.
Think
from
my
perspective,
the
requisite
for
a
buff
would
be
a
pretty
clear
problem
statement
document
and
use
cases
document,
not
a
requirements
document,
but
simply
talking
about
laid
out
this
problem
space.
H
So
people
understand
what
we're
trying
to
solve
protocol
is
fine
as
an
input
to
that,
but,
like
it's
very
harder
version
engineer
where
the
problem
statement
is
out
of
the
protocol,
so
I
think
the
Play
Store
would
be
that
and
I
think
you
know
just
just
to
just
to
preview
this.
The
standard
for
working
group
will
be
like
why
levels
of
interest
in
terms
of
doing
this
so
I
would
incur
I
would
strongly
encourage
you
on
once.
H
You
have
that
problem
statement
to
shop
it
around
to
people
who
other
vendors,
like
maybe
Jonathan
or
other
people
like
him,
who
might
be
interested
in
implementing
and
see
if
they
are
so
that
you
have
some
evidence
that
that
will
be
the
case.
Okay,.
I
Martin
Thompson,
when,
when
Ted
got
up
and
started
talking
about
ontologies
and
utterances
I'm
I'm
gonna
say
that
that
made
me
think
that
maybe
a
boss
is
not
exactly
the
right
place
to
do.
This
sort
of
thing
and
I
largely
agree
with
the
things
that
other
people
have
said
about
forming
this.
The
sort
of
constituency
around
this
and
working
on
making
sure
that
the
requirements
and
use
cases
are
very,
very
clearly
articulated,
but
I'm
going
to
suggest
that
maybe
the
w3c
might
be
interested
in
this
work.
D
I
Is
what
you're
looking
for
sure
I?
Don't
know
enough
about
the
details
to
to
really
be
able
to
say
that,
but
it
seems
like
there's
a
lot
of
work
that
that
is
very
much
at
a
higher
layer
tying
all
of
these
sorts
of
things
together
and
and
describing
things
like
data
models
and
and
those
sorts
of
other
things
on
top
of
it.
Whereas,
yes,
it
does
have
a.
D
B
Thank
you
very
much
what
a
memorable
phrase
just
kick
the
week
off,
so
we
have
next
in
the
queue
Helen
Jennings.
J
Colin
Jennings,
oh
so
dispatch
of
course
I've
been
on
dispatch
topic,
obviously
both.
But
what
I
want
to
say
is
this
above.
This
would
be
very
interesting
to
us,
particularly
in
the
use
case,
so
Colin
James,
with
Cisco
and
you're
very
interested
in
the
use
cases
that
help
us
manage
machine
learning,
data
that
we're
using
for
training
and
stuff
I
also
also
I'm
Cisco's
AC
rep
for
w3c,
so
fairly
familiar
stuff
with,
what's
going
on
there
with
semantic
web.
B
Okay,
thank
you.
So,
just
noting
time,
I'd
encourage
anyone
to
join
the
queue.
If
you
think
a
buff
is
not
the
way
forward.
After
some
clarification
and
problem
statements
and
use
case
drafts
put
together,
possibly
with
the
liaison
on
w3c.
So
if
you
strongly
disagree
with
that
looks
like
where
the
dispatch
is
going,
so
please
join
the
queue.
If
you
disagree,
Jonathan
Rosenberg
you're
up
next
yeah.
F
Jonathan
Rosenberg,
five,
nine
again
I
I,
wouldn't
I.
Don't
think
that
w3c
thing
makes
sense
just
in
terms
of
venue
largely
because
this
is
like
telephony
stuff.
A
lot
of
the
folks
who
are
here
are
familiar
with
the
type
of
problems.
There's
been
a
lot
of
historic
work
at
five.
Nine
on
like
call
detail,
records
and
stuff
of
which
this
is
a
successor
in
many
ways,
so
I
think
ITF
is
fine
and
it
should
be
a
buff.
So
thank
you.
B
B
C
K
Hello,
this
is
something
I
ran
into
recently
on
a
crossroad
of
two
sorts
of
work.
I
was
doing,
and.
K
This
is
something
I
ran
into
on
a
crossroad
of
two
lines
of
work.
I
was
working
on
and
it
looks
like
it's
very
general
and
might
in
general
be
useful
for
other
purpose
as
well,
so
I'm
here
basically
to
bounce
off
the
question.
Is
this
valuable
enough
to
put
into
a
specification
into
formalize
so
if
I
could
have
the
first
line?
K
So
normally
what
I'm
doing
is
trying
to
get
mechanism
for
realm
crossover,
meaning
some
domain
owner
States
user
identity
under
under
this
domain
and
other
domains
anywhere
in
the
world
can
find
a
trust
relationship
based
on
the
DNS
again
that
sort
of
thing
to
get
to
the
identity
provider,
get
the
user
out
and
use
it
in
their
own
protocol
as
an
authenticated
identity.
So
that's
what
I
call
realm
crossover
and
it
just
ends
up
being
a
user
domain
name
sort
of
identity.
K
So
it's
all
pretty
much
in
line
with
ITF
standards
and
I
always
try
to
adhere
to
those
as
much
as
possible.
We
hardly
have
to
make
changes
next
slide.
Please
and
the
sense
of
the
the
integration
of
Realm
Grove
with
Cecil
is
actually
the
most
most
likely
to
be
used
just
anywhere,
because
it's
assassins
isn't
part
of
so
many
protocols.
There
are
a
few
where
it's
a
bit
painful
that
it
doesn't
have
such
so.
One
of
them
is
HTTP,
for
which
I
will
be
proposing
a
social
embedding
next
Friday.
L
K
Hpbs
group,
but
for
sip,
which
inherits
most
authentication
mechanisms
from
HTTP.
It
may
also
make
a
lot
of
sense.
So
this
was
a
general
idea
that
I
had
and
it
might
actually
help
a
lot
because
the
authentication
mechanisms
can
be
flexibly
selected,
so
they're
not
as
rigid
as
as
digest
alone,
for
example
in
sip,
and
it
can
do
things
like
Channel
binding.
That's
a
bit
special
is
it,
but
this
can
be
very
useful.
K
I
can
do
things
like
Mutual
authentication,
which
might
be
very
useful
in
telephony,
because
you
want
to
know
the
caller
and
the
colleague
they
both
need
to
be
authenticated
and
there
are
mechanisms
in
Sasol
that
do
that,
like
Kerberos
and
recently,
opaque
was
defined
or
it's
being
defined
at
this
moment,
and
you
might
have
something
you
have
shared
credentials
for
authentication
many
of
the
mechanisms
and
they
allow
you
to
derive
symmetrices
that
might
be
integrated
with
DV
homework
key
exchange.
K
K
So
this
isn't
the
first
approach
to
authentication
or
security
intercepts,
so
I
need
to
look
at
the
context.
Digest
is
the
the
standard
mechanism
means
sip,
it's
pretty
much
a
minimum
solution,
but
you
always
need
to
have
a
password
in
two
places.
So
it's
not
going
to
work
if
you're
going
to
call
someone
in
another
domain,
like
a
user
at
a
domain
name
somewhere
else-
and
you
haven't
talked
to
them
before
TLS
is
an
often
seen
suggestion.
K
Dls.
However,
IN
Zip
is
only
half
functional
because
it's
only
sip
is
passed
route
from
from
proxy
to
proxy
and
only
the
the
step
The
Hop
between
two
proxies
is
being
protected
by
TLS,
so
it
can't
do.
End-To-End,
cryptography
and
especially
they'll
derived
end-to-end
keys
with
the
best
privacy
possible
stir,
might
be
an
opportunity,
but
stir
limits
itself
to
phone
numbers.
K
So
the
passport,
sister
or
certificates
that
only
Register
phone
numbers
and
certificates
in
general
tend
to
be
very
flexible
in
terms
of
data,
but
they
are
very
static
in
terms
of
protocols.
So
you
can't
have
new,
flexible
Innovations
in
cryptography,
like
using
oblique
prf,
for
example.
You
can't
have
that
when
you
use
certificates
and
they
tend
to
be
public
key
based,
so
they're
also
slightly
dangerous
when
it
comes
to
Quantum,
crypto
Quantum
computing.
K
Also,
many
of
these
Solutions
are
specific
for
ship.
Then,
and
it
means
you
can't
have
one
credential
that
can
be
used
over
many
protocols,
which
is
one
of
the
things
we
are
trying
to
do
as
well,
and
if
you
have
Sasol,
you
can
use
the
many
protocols
and
you
can
use
the
same
identity
provided
for
the
same
user
and
domain
name.
Our
next
slide.
Please.
K
So
the
other
I
said
this
was
work
on
a
crossroad
I'm
working
on
something
else.
That
brings
us
up
actively
suddenly
as
I'm
trying
to
use
sip,
which
is
for
session
initiation.
It's
normally
used
for
media
sessions,
but
I'm
using
this
for
why
I
got
because
why
God
sends
encrypted
packets
of
UDP
and
perfectly
suitable
to
set
up
UDP
internals
as
standards
for
that
and
basically
what
you
do.
K
Is
you
set
up
a
UDP
or
UDP
word
instead
of
RTP
saavp,
for
example,
you
give
a
port
number
and
then
you
give
a
man
type
that
could
in
this
case
be
application
vnd.wireguard,
you
can
give
parameters
which
might
involve
a
public
key
of
a
party
you're
talking
to,
and
it
might
include
something
that
refers
to
public,
appreciate,
key
derivation
method
and
that's
particularly
interesting,
because
why
a
guard
is
very
good
with
diffie-hellman
stuff.
K
That's
where
the
public
key
is
there,
but
it
can
also
mix
in
appreciate
key
to
thwart
quantum
computers
and
to
be
a
to
be
Quantum
proof.
So
that's
a
very
desirable
method.
But
of
course
you
don't
want
to
quote
the
key
there.
You
want
to
State
a
method
and
what
I'm
interested
in
is
putting
something
there
that
says
derivative
key
from
assessable
authentication
using
whatever
credentials
were
used
in
there,
so
that
both
ends
know
nobody
in
between
knows
it.
So
this
is
where
the
crossroads
Junction
is,
could
have
the
next
slide.
Please.
K
So
this
is
what
HTTP
sensor
looks
like
that's
what
I
will
be
presenting
next
Friday?
Basically,
you
get
a
401
or
a
four
or
four
or
seven
error.
It
has
a
WWE
authenticate,
a
header,
and
it
mentions
that
realm,
of
which
log
and
that's
just
like
with
that.
Gs2
basic
authentication
and
it
lists
a
number
of
magnets
for
Samsung,
and
it
might
include
a
token
that
allows
state
to
be
passed
back
and
forth
with
protection
of
course.
K
And
then,
when
the
client
answers
it
will
send
author
authorization
with
a
mechanism
Choice
serve
to
server
token,
and
if
it
already
has
a
trying
to
surface
token,
it
will
add
a
c2s
feel
as
well,
and
they
can
can
go
back
and
forth
through
a
few
bounces
and
that's
how
you
can
embed
Sasol
in
HTTP
and
the
sips.
Hustle
is
just
a
derivative
from
that,
because
sip
inheritance
authentication
from
HTTP
next
slide
please.
K
So
there
are
a
few
things
that
differ
with
HTTP,
Central
and
zip
cycle,
and
one
of
them
is
that
both
the
from
and
the
two
identity
will
have
to
be
validated
at
least
the
address.
K
So
you
want
to
have
mutual
authentication
mechanisms.
Well,
Satchel
offers
several
of
those.
K
If
possible,
you
want
to
derive
end-to-end
Keys,
that's
not
something
currently
done
is
as
early
in
Social
stencil
security
layer
and
in
general
there
can
be
all
sorts
of
things.
So
this
can
be
defined.
K
Encryption
is
the
common
option
that
sort
of
deprecated
nowadays,
but
key
derivation
in
general
I
think
has
a
great
a
great
future
ahead
of
it
is
in
light
of
quantum
computers
coming
up
you,
we
want
all
the
entropy
we
can
have
right
and
especially
when
it's
end-to-end
entropy
Channel
binding,
is
a
nice
nice
feature
here
and
you
would
use
that
to
bind
in
the
sdp
contents
that
contain
the
public
key
as
well
as
the
preset
key
and
then
automatic
automatically.
K
You
know
that
you're
trusting
the
right
public
key,
so
it's
like
an
instant
certificate
and
well
not
all
Sasso
mechanisms
are
suitable
because
TLS
protects
one
Trend,
one
hop.
It
gets
decrypted
and
passed
on
in
encrypted
format,
so
the
intermediate
value
should
be
safe
for
anyone
who's
sitting
there
in
the
middle.
So
you
can't
use
Cecil
mechanisms
that
are
not
safe
to
pass
over
plain
text:
plain
text
login,
for
example,
with
a
plain
password,
but
again
Sasso
offers
choices.
There.
K
No
problem,
so
is
that
an
excellent
I'm,
not
sure
anymore,
no
I,
don't
think
so.
So
there's
the
idea
that
I
came
across
from
a
background
of
Realm
crossover
running
into
the
idea
of
using
ship
for
work.
Why
it
got
set
up
and
I
realized.
Hey
Sasso
for
ship
might
be
a
very
good
idea.
I'd
like
to
hear
opinions
about
that.
B
B
L
First
of
all,
welcome
thanks
for
presenting
this
I
think
it
was
probably
about
10
years
ago.
I
think
somebody
did
Pitch
this
I'm,
pretty
sure
for
sip,
then,
and
I
mean
you
know
for
better
for
worse,
we've
kind
of
come
up
with
a
set
of
security
Primitives.
We
think
work
for
sip
at
this
point,
except
like
because
of
the
commercial
imperatives
of
the
people
that
are
doing,
you
know
HTTP
and
TLS,
primarily
as
the
security
things
we
can
get.
L
Operators
to
do,
we've
kind
of
had
to
like
you
know,
cook
with
the
ingredients
we
have
and
stir,
is
a
great
example
of
how
we
kind
of
cook
with
the
ingredients
we
have
and
of
the
things
that
you've
identified
here
is
kind
of
the
gaps
in
sip
security
that
Sasol
might
Rectify
I.
Think
we've
actually
managed
a
couple
most
of
those
together
with
stir
at
this
point,
so
it's
kind
of
a
tough
sell,
I
think
at
this
point
to
like
look
at
something
like
this.
B
L
K
Yeah,
if
there
is
documentation,
Awards
was
discussed
10
years
ago
without
me.
Knowing
then
I
would
very
much
like
to
see
that
if
you
could
send
me
an
email
or
something,
it
would
be
greatly
appreciated.
H
Error,
prescola
I
I
make
several
points,
but
I'll
open
with
the
dispatch,
which
is
no
action.
I
do
not
think
this
is
going
to
go,
but
now
I'll
make
some
actual
substantive
points.
So
first,
as
I
mentioned
in
my
email
to
you,
the
place
I
would
start
with.
Does
anyone
want
to
do
this?
H
Not
do
you
want
to
do
it,
but
is
anyone
who
actually
operates
a
real
system
want
to
do
this,
and
if
the
answer
is
no,
then
it
doesn't
matter.
Technology
is
simply
irrelevant
to
this
question.
K
I
wouldn't
mind
working
on
this,
no
I'm
already
doing
for
HTTP
and
I
think
it's.
H
H
H
Okay,
when
you,
when
you're,
when
you
have
a
protocol,
yeah
and
you're,
producing
a
protocol
that
is
fits
into
a
deployed
infrastructure,
the
question
is:
do
people
actually
have
that
deployed
infrastructure
want
it
and
if
they
don't
it
doesn't
matter
how
good
the
protocol
is?
And
so
my
question
is:
does
anybody
who
operates
a
does?
Anybody
operates?
A
big
wire
guard
system
is
any
anybody
who
operates
want
to
use
sip?
Does
anybody
operates
a
big
sip
to
left
any
system
want
to
use
Cecile?
H
K
H
Yeah
but
you're
I'll
try
one
more
time,
you're
making
a
merits
case,
but
I'm
saying
something
different.
Let's
say:
I'm
asking
a
market
question:
okay,
you're,
making
a
case
that
this
is
good,
which
is
fine,
but
my
question:
is
anybody
want
it
because
we
don't
standardize
things
that
people
don't
want?
And
so
my
question
is:
does
anybody
who
operates
wire
guard
or
a
basic
system
want
this.
K
H
Right
yeah
for
me
now,
but
take
this
question
with
you.
That
is
a
preparatory
question
to
doing
any
work
here
on
the
technical
side.
I
think
this
actually
misunderstands
the
security
situation
around
sip
someone,
the
as
John
says
we
have
cobbled
together
a
set
of
mechanisms
which
work
and
largely
rely
on
Hapa
hyper
encryption,
followed
by
end
to
end
message:
Integrity
via
signatures,
which
was
star,
is
obviously
and
so
to
the
center,
which
one
is
to
satisfied
with
the
types
of
identities
which
stir
provides
I.E
phone
numbers.
H
The
right
way
to
do
this
is
to
extend
those
identity
sets
by
providing
credentials
that
mapping
into
the
signature
system
that
would
go
along
with
stir
not
by
not
by
replacing
with
entirely
new
set
of
mechanisms.
K
You've
mentioned
on
the
the
main
list.
It
would
be
very
nice
to
store,
were
extended
to
domain
uses
and
I
think
that
would
be
another
venue
that
might
be
very
interesting
right.
H
H
Said
domain
names
sure
and
then
once
again
I'll
simply
say:
does
anybody
who
operates
a
sip
system
want
you
to
have
domain
names.
B
J
Okay,
Colin
Jay's
good
I
I,
one
of
the
things
that
this
is
a
technical
comment
about
it.
One
of
the
levels
when
you're
talking
about
end-to-end
security
with
SIP
is
inherently
a
hot
by
hot
protocol.
That's
used
to
set
up
an
inbuyan
thing,
and
your
VPN
in
this
case
is
the
End.
By
end
in
thing,
you
may
actually
want
to
do
the
level
of
authentication
you're
trying
to
achieve
in
the
security
you
want
on
top
of
the
the
VPN
layer,
instead
of
on
top
of
the
Hop,
inherently
hot,
by
hop
thing.
J
K
Okay,
thank
you.
I
was
starting
from
wireguard
and
trying
to
make
the
best
out
of
that,
and
what
you're
saying
is
maybe
why
God
needs
some
work.
Then
I.
J
M
Hi
Anthony
Somerset
liquid,
we
operate
a
large-scale
voice,
Network
I'm
a
little
bit
confused
about
what
we're
trying
to
solve
we're
trying
to
fix
authenticating
caller
ID
versus
the
from
and
the
two
or
the
actual
caller
is.
M
You
know
this
is
a
person
on
this
endpoint
and
they've
been
authenticated
because
they're,
two
they're
two
different
things
with
two
different
mechanisms
to
manage
and
as
the
as
Cullen
was
saying,
it's
hot
by
hop
on
sip,
because
you
have
to
make
routing
decisions,
which
means
you
have
to
know
that
data,
so
it
can
kind
of
the
Privacy
gets
a
bit
murky,
so
I'm
just
struggling
to
understand
what
are
we
trying
to
solve
here
and
I
do
want
to
Echo.
You
know
authenticate
the
network
layer
as
much
as
you
can.
M
First
before
we
have
to
deal
with
getting
into
it.
That
being
said,
I'd
be
very
interested
in
seeing
an
alternative
to
digest
because
it
is
more
secure
in
terms
of
authenticating.
An
endpoint
might
be
difficult
from
a
network
to
network
interrupt
perspective,
though.
K
Yeah,
what
I'm,
what
I'm
into
here
is
making
cross
domain
calls
possible
with
authentication
end-to-end,
so
the
from
and
the
two
identities
are
the
things
I'm
concerned
about.
But
what
you
are
saying
is
instead
of
digest.
You
might
register,
for
example,
settle
and
that's
the
second
idea
I
have
had.
That
might
be
a
general
use
case.
So
thank
you
for
stating
that
you
would
like
to
see
a
replacement
for
Digest.
L
Again,
just
I
wasn't
really
going
to
go
into
the
technical
details,
but
I
will
just
a
little
bit
just
so
I
think
we're
clear
about
what
the
Baseline
is
of
sips
existing
security
features
so
stir
is
by
no
means
limited
telephone
numbers.
Actually
it
solves
for
user
at
domain.
Just
as
well,
that
was
true
of
its
predecessor.
Spec
RFC
4474,
as
well
stir,
negotiates
Keys
end
to
end.
It
has
an
m
key,
parameter
and
passport
that
lets.
L
It's
the
the
sizzle
security
model
is
is
fundamentally
misaligned
with
the
things
sip
security
actually
needs.
If
you
want
to
be
able
to
authenticate
things
like
the
from
and
two
and
yes,
there
is
even
a
mutual
authentication
feature
there
first
for
store
now
as
well.
So
I
mean
it's
unclear
to
me
what
features
this
would
offer
us
beyond
that.
This
realm
crossover,
obviously
the
ability
to
do
this
working
with
other
things,
but
people
have
looked
at
like
oauth
for
that
as
well.
L
So
and
digest
is
not
the
only
thing
that
people
use
by
any
means
to
figure
out
how
to
authenticate
yourself
to
your
local
domain,
but
when
it's
that
question
of
how
you
figure
out,
who
the
to
and
from
are
like
having
interoperable
layer
for
that,
that's
going
to
be
cross
domain,
I
I
think
we
got
that
I
think
we
probably
got
that
as
fixed
as
it
can
be.
First
up
now,.
K
K
B
Will
I
will
look
into
that?
Thank
you.
Thank
you
for
the
feedback,
just
in
the
interest
of
time
I'm
going
to
cut
the
cue
shortly
and
just
to
relay
a
comment
from
Jabba
from
dkg.
Why
God
deliberately
avoids
any
fancy
authentication
mechanisms
for
the
sake
of
Simplicity
and
points
are
identified
by
raw
public
keys.
I
suspect
why
our
guard
itself
will
never
adopt
fancier
Earth
schemes
and.
B
Yeah
wire
guard
deliberately
avoids
any
fancy.
Authentication
mechanisms
for
the
sake
of
Simplicity
endpoints
are
identified
by
raw
public
keys.
I
suspect
that
wireguard
itself
will
never
adopt
fancier
authentication
schemes.
Just
relaying
a
comment
from
I
mean
you
don't
have
to
respond
to
it.
It's
just
yeah.
H
So
I
think
it's
probably
important
to
distinguish
between
two
different
settings
here.
One
setting
is
authenticating
the
client
to
the
SIP
server
which,
which
is
I
think
like
the
situation
which
sassoles
canonically
been
used
for
authenticating.
You
know,
you
know
I'm,
not
clients
to
iMac
servers
and
that
kind
of
thing
on
the
other
is
end
end
for
the
reasons
like
John
laid
out.
H
H
So
I
think
to
this
end,
to
which
you
know
just
just
from
from
noting
that
you're
also
presenting
about
Sasol
HTTP
I
sense,
is
that
you,
like
Cecil,
if
you're
interested
in
having
Sasol
and
sip
I,
would
focus
on
the
question
of
how
to
think
the
simpler
question
of
how
do
they
get
a
client
a
server
if
there
are
any
gaps
in
such
an
area.
K
Yeah,
okay,
well,
there's
a
very
big
line
here
of
looking
into
the
other
ways
of
of
doing
things,
I
need
to
organize
what
is
actually
needed,
and
if
this
is
the
solution
for
that,
that's
very
clear
feedback.
Thank
you.
Okay,.
B
Thank
you.
That's
the
end
of
the
queue,
so
thanks
Rick
for
your
time
and
sharing
your
work
with
us.
The
outcome
from
dispatch
is
the
work,
should
not
go
forward
and
as
current
form,
so
we're
looking
down
next
to
the
agenda
enough
after
heroic
Sprint
from
the
airport
and
we've
actually
got
Deacon
replay
back
in
its
original
slot.
So
it's
over
to
way
to
present
virtually
and
Bron
who's
with
us
in
the
room
to
field
any
questions
you
may
have
so
over
to
you.
N
Hi,
let's
see
if
I
can
control
the
slides.
N
Credit
all
right
all
right
good
morning,
everyone,
my
name,
is
Roy
Trang
I'm
from
Google
I'm,
presenting
dcom,
replay
problems
and
possible
solutions
with
Brian
gondwana
from
FastMail
next
slide,
so
email
authentication
is
defined
by
two
standards
from
the
ITF
RFC
6376,
which
is
a
mechanism
to
sign
and
authenticate
emails.
N
Another
important
standard
for
this
is
our
SPF,
which
is
RFC
7208,
which
is
a
mechanism
to
authenticate
the
sending
mail
server
replay
was
described
in
the
dkem
RFC
in
section
8.6,
as
a
message
that
can
spam
message
that
can
be
sent
through
a
decom
signer
that
leverages
the
reputation
of
that
signer
and
then
that
message
can
then
be
resent
to
many
victim
recipients.
N
Next
slide,
please
so
to
describe
the
mail
flow
problem.
It's
important
to
characterize
it
in
terms
of
some
of
the
flows
that
we
would
see
so
here
in
this
diagram.
We
have
a
sender
that
is
sending
a
message
through
a
decom
signer.
The
top
line
is
going
to
be
a
message:
that's
directly
sent
to
some
recipient.
In
that
case,
we
would
expect
to
see
potentially
a
deacon
pass
and
an
SPF
pass
and
they
can
be
aligned.
The
receiver
would
see
that
as
and
can
characterize
as
a
message.
N
There
can
be
also
an
indirect
flow
on
the
bottom,
where
the
message
is
being
forwarded
through
potentially
a
mailing
list,
a
bulk
sender
and
those
are
benign
cases
or
it
could
also
be
an
instance
of
Decon
replay,
which
is
malicious,
and
here
the
receiver
would
see
a
message
that
would
be
potentially
a
deacon
pass,
potentially
also
a
decim
sorry
SPF
passed,
but
not
aligned
or
an
FP
of
fail,
and
the
problem
from
the
receiver's
point
of
view
is
very
hard
for
it
to
tell
the
benign
cases
from
the
Deacon
replay
case
next
slide.
N
N
And
then
they're
going
to
then
potentially
take
that
message
potentially
modify
the
message
within
the
balance
of
what
geekim
allows
and
then
broadcast
that
out
to
many
many
recipients,
because
they're
leveraging
the
high
reputation
signer,
they
can
get
their
spam
to
get
through
the
spam
filters,
and
this
is
a
classification
problem.
A
kind
of
false
negative
next
slide.
N
And
the
consequence
of
that
is
that
these
spam
messages
are
going
to
be
seen
by
the
spam
filter,
and
then
it's
going
to
cause
the
reputation
of
that
sign
or
to
drop
potentially
causing
a
deliverability
issue
for
good
mail,
that's
being
sent
by
that
signer
and
we're
going
to
see
a
kind
of
false
positive.
Now.
N
We
saw
this
a
large
increase
of
Deacon
replay
attacks
late
in
2021,
and
while
it's
trying
to
die
down
due
to
a
number
of
mitigations
folks
are
putting
out
there
in
the
ecosystem.
We
think
that
they're
still
a
weakness
in
the
standards
that
we
would
like
to
see
fixed.
N
The
other
thing
just
to
reiterate
again
is
that,
from
a
receiver's
perspective,
being
able
to
tell
the
difference
between
benign
flows
and
malicious
flow
is
very
difficult
from
from
a
receiver's
point
of
view.
Next
slide.
N
So
we
helped
put
together
a
deacon
replay
birds
of
a
feather
session
at
MOG
56
in
Brooklyn.
Recently
in
October,
there
were
four
drafts
discussed
at
that
buff
one
by
kutral,
one
by
Truong,
myself
by
Bradshaw
and
gondwana.
N
The
outcome
of
that
buff
was
that
we
should
try
to
characterize
the
problem
in
a
draft,
and
then
we
wrote
up
a
problem
statement
draft
that
tried
to
characterize
some
of
these
complex
voiding
flows
that
characterize
modern
male
and
then
the
other
thing
that
we
did
was
we
tried
to
put
these
drafts
and
potential
other
Solutions
into
a
taxonomy
and
I'll
present
that
next
next
slide.
N
So
the
first
solution
set
of
solutions
is
trying
to
put
the
envelope
recipient
into
the
signature,
and
this
was
proposed
in
three
of
the
drafts
to
try
bratra
and
chuang,
and
essentially
the
difference
between
these
drafts
are
that
they're
going
about
putting
that
signature?
The
the
recipient,
the
envelope
recipient
in
the
future
in
different
ways,
so
one
would
have
it
implicitly
done,
is
without
having
to
change
the
message
itself.
N
Another
bride
trial
would
take
that
hash
of
the
recipient
and
put
that
into
a
new
header.
In
the
message,
and
then
the
draft
by
Truong
would
instead
have
the
recipient
either
explicitly
disclosed
with
the
payload
headers,
like
the
qcc
or
in
some
new
header.
That
would
then
be
hashed
and
then
part
of
the
signature.
N
Now
these
approaches
do
avoid
the
amplification
problem
that
was
described
earlier
in
the
example
and
solved
the
replay
problem
that
way.
However,
they
do
run
potentially
into
some
problems
where
they
may
prevent
indirect
mail
flows,
much
like
SPF
or
if
they
don't
so
the
first.
You
have
that
issue
where
I
think
they
would
be
impacted
by
in
direct
flows.
The
third
draft
the
trunk
draft-
would
solve
that,
but
would
do
so
at
increased
complexity
and
that
will
be
described
later
next
slide.
N
The
second
approach
in
this
taxonomy
is,
you
could
count
the
number
of
signatures
and
then
filter
above
a
certain
threshold,
and
this
was
mentioned
by
Yahoo
and
the
birds
of
feather
session
as
the
technique
they're
using
to
great
effect.
However,
this
will
run
into
issues
with
mailing
lists.
You
know
Exploder,
aliases
or
even
large,
number
of
bccs
as
a
potential
of
essentially
false
positives.
That
will
get
a
cut
if,
above
that,
threshold
next
slide.
N
A
third
class
of
solutions
could
be
to
potentially
strip
off
these
detail
signatures.
So
essentially
these
decom
signatures
would
be
you
know,
SMTP
transactional
only
so
basically
signed
an
outbound
and
then
stripped
on
inbound.
It's
a
straw
man.
We
don't
know
of
anyone
using
it.
It
does
have
the
problem
that
is
going
to
have
SPF
like
Behavior
again,
and
you
could
have
a
malicious
Mill,
Forward
or
that
could
get
in
the
way
too
next
slide.
N
The
fourth
solution,
potentially,
is
to
gather
perhaps
signatures
and
also
specify
the
next
hop
destination
domain,
thereby
these
flows
are
going
to
be
much
harder
to
replay,
because
you
know
a
replayer
is
going
to
have
a
hard
time
harder
time,
taking
a
message
and
then
re-injected
back
in
either
that
or
they
basically
identify
themselves
as
part
of
the
flow.
N
Now
this
of
course
tolerates
voiding,
but
it
does
have
additional
signing
overhead
and
two
of
the
graphs
discuss
this
particular
technique:
the
drawing
draft
and
the
gun
water
draft.
This
requires
that
all
messages
of
all
hops,
I
should
say
of
a
mess.
A
message
path
is
going
to
have
to
participate
in
this
protocol
either
that
or
the
message
may
be
identified
is
going
outside
of
a
path
but
messages
going
outside
of
the
path.
N
It
won't
be
possible
to
determine
whether
or
not
the
message
is
being
Deacon
well,
being
replayed
or
or
some
benign
flow.
The
other
thing
I
should
point
out
the
difference
between
these
two
drafts
is
the
trunk
draft
uses
Arc
as
infrastructure.
N
So
what
should
we
do?
Well?
The
proposal
here
is
that
this
work
should
be
spun
up
in
a
new
ITF
working
group
for
email
authentication.
The
goals
would
be
to,
of
course,
authenticate
email,
but
also
mitigate
this
replay.
We
think
that
this
you
know
these.
These
authentication
methods
should
be
able
to
tolerate
multi-hop
forwarding,
because
that's
what
modern
male
does
these
is.
It
should
also.
N
There
should
also
be
a
potential
discussion,
at
least
of
some
of
the
other
problems
that
forwarding
has
such
as
mailing
list
body
modifications
in
particular.
The
gondwana
draft
proposes
some
new
ideas
there
and
then,
in
the
appendix
of
this
slide
deck
there's
a
number
of
draft
Set
in
the
that
have
also
discussed
how
to
solve
those
types
of
problems.
N
Thank
you
for
your
time
and
I
look
forward
to
your
feedback
and
also
bronze
there
on
stage
that,
and
he
can
also
help
take
some
questions.
Thank
you.
B
B
That's
okay,
I'll
I'll
one
time
allow
it
yeah.
Okay,
so
Murray
asked
the
question:
is
anyone
using
any
of
these
yet
I.
P
Q
Tried
any
of
this
yet
Yahoo
are
using
their
solution,
which
is
basically
to
count
the
number
of
messages
that
have
identical
headers,
identical
dkim
signatures,
and
if
they
get
hundreds
of
thousands
of
those,
then
they
know
that
the
message
is
a
replay.
The
difficulty
is
that
there
is
an
edge
case
where
a
message
has
gone
to
a
mailing
list
and
has
that
same
header
going
to
thousands
of
users,
and
so
it
becomes
a
heuristic
guess.
It's
not
a
perfect
solution.
B
Okay,
thank
you
just
with
the
mic
tool,
malfunctioning,
Barry
Leiber.
Let
me
go
next.
O
Hi
thanks
Barry
Lieber,
our
former
D
Kim
working
group
chair
where
we
discussed
this
issue
a
lot
in
the
original
dkim
design
decided
for
various
reasons
that
we
couldn't
resolve
it.
We
now
have
more
information.
We
have
operational
experience,
that's
important
in
this.
We
know
what
the
priorities
are
and
we
have
all
the
information
to
to
debate
the
pros
and
cons
of
of
these
different
proposals
and
perhaps
others
that
come
up
so
I
think
it's
important
to
look
at
this
and
I.
H
First,
let
me
say,
like
I'm,
just
watching
this
and
being
like
Oh
god.
Clearly,
however,
with
that
said
clearly,
the
working
group
was
the
right
place
to
do
this
and
it
sounds
like
there's
enough
energy
and
interest
to
do
that.
So
I
don't
think
we
need
a
Bob
I
think
we
could
spin
up
a
working
group
with
a
charter
like
approximated,
this
stuff.
You
know
pretty
much
now
thanks.
R
Hi
Jim
Fenton-
this
was
as
indicated
by
the
by
the
RFC.
This
is
definitely
something
that
was
considered
in
the
design
of
dcam,
one
of
the
one
of
the
aspects
of
of
email.
That
I
think
wasn't
mentioned
in
the
slides,
at
least
it
might
be,
it
might
be
in
the
other
drafts
is
that
the
requirement
for
confidentiality
of
BCC
recipients
in
the
same
domain,
both
both
as
as
bcc's
and
also
on
on
a
mailing
list?
You,
don't
you
don't
disclose?
Who?
R
Who
all
is
you
know
when
you
get
the
recipient
of
a
of
a
mailing
list?
Email
does
not
have
access
to
who
else
in
their
domain
might
have
gotten
that
email,
so
I
think
this
is
an
interesting
problem
to
solve.
I
have
severe
questions
about
whether
this
is
a
solvable
problem
within
all
of
the
constraints,
without
breaking
something
that.
Q
Specific
question
is
answered
in
a
couple
of
the
drafts,
and
the
answer
is
that
you
split
it,
so
you
send
an
individual
message
to
each
person,
so
each
basically
say
recipient
can
only
see
their
own
address,
not
any
other
BCC
recipient's
address
and
that
solves
it.
What
it
does
do
is
it
explodes
the
number
of
copies
you
need
to
send
20
years
ago?
That
might
not
have
been
as
easy
to
do
these
days.
Q
R
So
so
I'm
sure
Gmail
has
enough
capacity
to
handle
the
additional
incoming
mail.
I
mean
this
is
also
a
burden
on
mailing
lists
that
are
not
necessarily
the
big
providers
that
need
to
now
split
out
that
meal
and
do
a
lot
of
individual
transactions.
A
lot
of
it's
already
happening.
S
West
herricker
uscisa
I'd,
like
to
Second
ecker's
Ugg,
you
know,
is
every
time
we
try
and
bet
all
these
problems,
things
get
worse
and
worse
and,
to
me,
I
think
one
of
the
things
missing.
So
for
me,
dispatch
wise
this
is,
you
know,
fairly
obvious,
it's
a
large
enough
problem
that
it
needs
a
working
group
of
its
own,
because
it'll
consume
an
entire.
You
know
two-hour
slot
every
meeting
for
a
while.
S
So
that's
a
no
doubt
the
thing
that
I'm
thinking
of
is
more.
What
does
this
look
like
long
term
in
a
lot
of
other
places
in
the
ITF?
We
have
Ops
groups
that
last
a
long
time,
because
you
need
to
measure
and
see
how
well
these
things
are
doing
over
time
and
I.
S
Think,
given
the
fact
that
you
know
we're
coming
back
in
to
DCM
and
SPF
and
stuff
over
and
over
and
over,
and
some
of
these
solutions
that
were
proposed
in
particular
like
some
of
the
Accounting
Solutions
with
thresholds
and
stuff,
really
requires
continual
discussion.
And
you
know,
is
this
working
or
do
we
need
to
shift
to
something
new
and
that
that
seems
to
me?
Like
a
longer
term,
maintenance
working
group
might
be
needed
as
well.
Q
Yeah
I
I
agree
that
it's
probably
time
in
the
next
couple
of
years
to
talk
to
the
area
directors,
about
consolidating
the
multiple
email
groups
into
a
maintenance
group
and
then
specific
groups
that
hand
their
work
back
to
that
maintenance
group
over
time,
hello
area
directors.
Do
you
want
to
pop
up
and
comment
on
that.
P
Yeah
we
have
talked
about
that.
A
related
concern
is
that
there's
a
lot
of
these
sorts
of
drafts
that
are
heading
for
the
ISE,
because
there's
not
a
maintenance
working
group
and
the
isgu
is
a
little
bit
reticent
to
create.
Well,
we've
got
some
feedback
from
from
some
very
experienced
email
people
that
that
may
not
be
a
good
idea
or
it
can
turn
into
ocean
boiling.
So
we
need
to
control
it
appropriately,
but
the
conversation
is
happening
thanks.
P
So
Christy,
you
can
correct
me
if
I'm
wrong,
but
it
sounds
like
people
are
okay
with
creating
a
working
group,
no
need
for
a
bath
okay.
So
if
anybody
wants
to
share
it,
please
let
me
know-
and
we
can
start
working
on
all
that
process.
Okay,.
B
J
No
I
that
wasn't
actually
what
I
I
heard
I
heard
that
there's
a
lot
of
people
in
the
room
who
don't
believe
this
problem
solvable
and
that
a
boss
would
be
a
great
place
to
see
if
people
think
that
there
is
a
workable
Solution.
That's
that's
solvable
right,
so
I
I'm,
not
I'm,
not
like
saying
one
way
or
another,
but
I'm
saying
it
wasn't
as
obvious
to
me
that
a
boss
would
have
the
purpose
of
trying
to
like
we've
tried
to
solve
this
problem
many
times
before.
J
B
Okay,
so
just
before
Barry
joins
I,
don't
think
anyone's
mentioned
a
buff,
but
that
doesn't
mean
that
that's
not
the
sentiment
of
the
room.
So
just
Barry
over
to
you.
O
J
B
Okay,
so
apart
from
Colin
I
haven't
heard
anyone
raise
the
need
for
a
bath.
If
you
believe
that
a
buff
is
needed,
please
hurry
yourself
to
the
queue
or
else
I'm
going
to
say
that
the
majority
of
us
think
just
a
working
group
on
its
own
is
is
fine
and
that
those
problems
will
be
sorted
out
in
the
working
group
itself.
B
Much
for
presenting
both
of
you
and
we
like
to
welcome
up
our
final
dispatch
draft
for
today
on
web
Sergio
right.
Take
it
away.
T
That
I
did
when
presented
with
to
this
part,
so
a
webrtc
still
the
best
media
transform
protocol
for
real-time
streaming.
It
is
even
if
there
are
other
protocols
that
are
being
discussed
right
now,
for
example,
but
I
mean
whether
this
is
irrelevant
in
this
space.
However,
we
don't
have
any
standard
protocol
that
we
can
use,
alongside
with
it,
I
mean
see
if
an
NPP
are
mainly
focused
on
conferencing
and
a
rtsp
is
not
very
well
suited
for
using
with
a
webrtc.
T
So
as
a
consequence,
all
the
webrtc
streaming
services
are
doing
their
own
custom
implementation
of
the
signaling
protocol
and,
as
a
consequence,
there
is
no
interoperative
between
either
the
service
install
fund
players
and
even
in
between
different
services.
So
why
is
web
needed?
I
mean
it
is
a
the
the
main
driven
for
web.
Probably
is
the
interior
interoperability
between
webrtc
services
and
product,
and
it's
like,
and
lately
we
have
been
seeing
a
trend
about
being
able
to
have
like
a
avoiding
vendor
lock-in
but
being
able
to
have
like
a
backup
solutions
for
webrtc
streaming.
T
T
You
can
move
to
a
different
service
provider
without
being
impacted
in
in
your
in
your
customers,
or
even
you
can
have
multiple
webrtc
providers
to
be
able
to
load
balance
or
decide,
because
someone
works
better
in
a
region
than
others
so,
and
this
is
becoming
very
important
in
webrtc,
also
a
probably
in
a
bit
lower
priority
than
that.
The
first
one
is
that
we
could
start
by
using
a
player
server
that
is,
can
you
can
easily
be
integrated
in
in
in
your
service?
T
T
T
The
web
artist
is
stuck
in
JavaScript,
for
example,
division
or
iot
when
having
a
been
able
to
just
provide
a
simple
interface
for
playing
web
stream
is
much
easier,
that
just
provided
the
full
JavaScript
and
customizable
API
and
on
them,
and
the
last
scene
is
the
integration
that
it
would
be.
We
have
been
discussing
with
the
impact.
Does
the
passive
group
about
integrating
stdp
does
playback
with
with
webrtc?
T
So
you
could
have
like
a
an
integrated
player
where
you
can
be
both
having
a
live
stream
coming
through
webrtc,
but
you
could
also
be
using
a
hdb
dashboard
going
backward
in
times
and
start
watching
one,
even,
for
example,
for
for
the
beginning
of
the
of
the
of.
T
Of
the
event,
instead
of
having
just
the
the
live
feed,
so
that's
a
lie.
Thank
you.
So,
as
I
said
before,
we
bang
web
are
very
similar
in
the
scope
and
Technical
solution,
but
the
egress
part
of
the
of
the
of
the
of
this
protocol
is
a
explicitly
out
of
a
scoreboard
with
a
working
group,
but
also
a
web.
T
At
least
the
drops
I
have
I
have
created,
reduce
almost
all
the
mechanics
that
I
we
have
put
in
place
for
Whip,
and
the
draft
is
basically
just
a
replacement
of
for
whip
to
whip
and
Ingress
for
regress,
and
so
they
are
really
really
similar
so
and
also
a
week
and
web.
Both
protocols
can
be
used
together
to.
G
T
Service
center
with
their
availability,
so
I
think
that
it
should
make
sense
to
register
the
they
will
say
working
group
to
include
also
a
great
signal,
and
not
also,
and
not
only
English,
so
necess
like
this.
So
just
a
very
quick
look
up
of
how
the
the
web
protocol
works.
It
is
essentially
the
same
as
as
what
a
whip
does
is
just
say,
the
web
player.
We
will
create
a
make.
An
HTTP
boss
request,
with
the
sap
offer
there
to
the
end
to
the
weapon
point.
T
Then
the
the
weapon
will
return
an
sdp
answer
in
the
in
the
response.
The
I
say:
nandi
and
dtls
will
be
set
up,
and
then
we
will
have
an
HTTP
API
to
provide
other
functionalities
like,
for
example,
the
teardown
of
the
session
or
the
IC
restart,
and
and
check
the
lights
that
it
is
also
shared
with
sweep
so
necess
slide.
T
So
really
quick.
This
is
just
to
show
that
we
could
just
use
a
a
weapon
web
to
be
able
to
interpret
into
to
create
interiority
between
different
Services
because,
as
they
just
share
the
the
an
HTTP
base
with
mechanism
with
sdp
or
financial
exchange,
it
will
be
really
easy
to
just
create
gateways
that
could
allow
us
to
to
interoperate
different
and.
E
T
Endpoints
and
weak
with
clients
with
web
employees
and
web
clients,
so
this
is
late
yep,
so
the
what's
missing
in
the
in
the
draft.
Well,
the
whip
is
say
already
or
is
going
to
be
in
working
group
last
call
and
during
this
week,
so
the
the
protocol
is
quite
mature
and
web
has
same
reduce
most
of
it.
So
it
should
be
quite
close
to
to
have
something
that
it
is
doable.
But
web
has
a
bit
more
requestment
that
the
in
terms
of
functionality
didn't
whip.
T
T
B
B
Okay,
someone
said
they
can't
work
out.
Colin
Jennings
I
can't
think
I
had
to
get
on
the
Queue
anymore,
but
plus
one
to
reach
out
to
the
wish
working
group
to
do
this.
T
We
are,
it
is
in
the
agenda
for
the
for
this,
for
this
Thursday
I
think
we
try
to
present
it
in
a
in
the
in
the
last
meeting
in
the
last
ITF
meeting,
but
as
it
was
in
not
in
the
scope
of
the
of
the
working
group,
we
only
have
like
five
minutes
and
we
couldn't
present
it
very
very,
very
well.
So
it
is
easier.
I
mean
discussing
something
that
it
is
not
in
the
in
the
scope
of
the
chart.
T
U
Yeah
hi
Sean
Turner,
Sarah
Whip
or
wish
all
confused
in
any
in
any
event,
yeah.
So
last
time
we
had
about
five
minutes
to
talk
about
it.
This
time
we're
gonna
have
about
30..
This
is
kind
of
just
jumping
the
gun
right.
So
at
the
end
of
the
day
we
know
it's
not
in
Charter.
So
if
we're
going
to
do
it,
we're
either
going
to
reach
out
or
you're
going
to
do
working
group.
There's
no
objection
at
this
point
to
re-chartering
so
just
kind
of
like
basically
priming
the
gun
here
so.
B
B
Okay,
so
that
brings
us
to
the
end
of
the
ditch
Dispatch
session
part
of
this
meeting.
B
So,
as
you
know,
we
combine
this
meeting
with
the
art
area
meeting
as
well,
so
just
to
recap
our
dispatch
outcomes
before
we
move
into
the
art
portion
of
the
meeting
we
heard
on
the
topic
vcon,
so
the
dispatch
result
was
to
create
a
draft
of
the
use
case,
a
problem
statement
to
clarify
the
scope
and
take
it
to
a
buff
I've
been
asked
to
mention
that
the
vconf
is
on
Thursday
at
3
30
till
4
30
in
Richmond.
B
Six
on
the
second
piece
of
work,
authentication
for
sip
do
not
proceed
with
this
work
in
its
current
form
for
dkim
replay,
we
are
forming
a
new
working
group
without
a
buff
and
for
web.
We
are
holding
and
letting
the
session
in
wish
progress
to
see
if
a
re-charter
is
appropriate.
B
P
Foreign
from
this
time
from
this
microphone,
one
just
one
quick
announcement,
Francesca
you've
probably
seen
announcement-
is
returning
to
her
duties,
so
she
will
be
taking
back
over
supervision
of
the
working
groups
that
she
normally
looks
after.
This
is
our
third
area
director,
by
the
way,
if.
P
I
think
she
can
hear
us
all
right
if
I've
been
looking
after
stuff,
while
she
was
on
maternity
leave.
If
there's
anything,
that's
supposed
to
be
in
my
queue
that
I
haven't
acknowledged.
Please
message
me:
I'll
still
take
care
of
things
while
she's
coming
ramping
back
up.
Otherwise
I'm
things
are
going
to
be
drifting
back
to
her
control.
I
think
my
cue
is
empty,
except
for
one
document
from
one
of
my
own
working
groups,
but
if
I've
missed
something,
please
let
me
know
and
I
think
that's
all
I
wanted
to
say
today.
B
Okay,
thank
you
so
yeah.
We
always
put
this
up.
B
To
highlight
some
Buffs
and
side
meetings
coming
up
and
other
interesting
meetings,
the
dispatch
meetings
as
I'm
sure
you
find
are
very
interesting
because
you
get
the
first
look
at
a
lot
of
work
coming
into
the
ietf.
So
it's
a
good
place
to
be
the
IAB
open
meetings
always
interesting
and
the
RFC
editor
future
development
program
always
draws
a
crowd.
A
couple
of
side
meetings:
vcom
we've
mentioned
an
ebpf
which
we're
going
to
hear
about
in
a
moment
and
then
the
boss,
as
listed
at
the
top
there
as
well,
okay,
but
without
further
Ado.
B
V
Hey
good
morning
so
I
think
that's
why
it
kind
of
says
it
already.
There's
a
it's
a
funding
scheme
for
people
who
want
to
do
open
source
work,
for
you
know
in
small
chunks
of
money.
So
next
slide.
V
So
if
you're,
you
know
if
this
is
turns
out
relevant,
you
can
talk
to
me.
You
can
talk
to
my
colleague
Kerry
we're
going
to
hang
around
in
one
of
the
side
meeting
rooms
to
say
this
evening
in
case
people
want
to
talk
about
it
or
there's
links
there
for
applying
for
the
money
next
slide,
foreign.
V
V
This
is
kind
of
a
bunch
of
weird
terminology
here.
So
ngi
sounds
like
this
kind
of
grand.
You
know
next
Generation
internet
thing,
but
actually
it's
it's
a
funding
mechanism
and
ngi.
Zero
is
a
subset
of
that
and
we're
involved
with
kind
of
helping
out
that
most
of
this,
the
ngi
zero
Things
Are,
driven
by
nlnet,
Foundation
Michael
leaner,
is
there
and
they
have
about
9.6
million
to
give
out
over
the
next
few
years
in
these
kind
of
smallish
chunks.
So
we're
helping
with
that
we're,
not
part
of
selecting
who
gets
funded.
V
So
we
can
kind
of
talk
to
people
about
whatever
they
want
to
talk
about
and
part
of
our
you
know,
part
of
what
we're
doing
there
is
to
try
and
help
some
of
those
projects
want
to
bring
things
to
the
ITF
and
so
we're
there
to
try
and
help
them
do
that
or
try
and
convince
them
not
to
try
and
not
to
even
bother
if
that's
the
right
answer
and
I
think
that
might
be
the
last
slide.
It
was
the
next
one,
oh
yeah,
so
there's
a
there's,
there's
basically
current
funding
schemes.
V
There's
a
guide
for
applicants
there
for
the
main
one
and
for
those
people
who
are
funded
there's
a
review
thing
which
allows
them
to
ask
for
support
if
they
want
to
get
like
Security
review
or
a
review
about
how
accessible
their
their
technology
is
for
people
with
disabilities
or
vision
problems
whatever.
V
So
it
seems
like
a
reasonable
scheme
and
I
think
that
is
the
last
slide.
Is
it
next
one
yeah?
So
any
questions?
This
is
basically
just
an
announcement
that
I
think
what's
different
about
this
game.
Is
that
typical
EU
funding
it
takes
like
a
year
to
get
the
money
and
you
have
to
get
a
whole
Consortium
together
to
get
the
money,
whereas
this
is
yeah
calls
every
two
months
for
small
amounts
of
money
suitable
for
people
working
on
open
source
projects
so
yeah.
V
B
C
Right
next
slide
meeting
announcement,
so
it
was
actually
interesting
at
the
hackathon
ebpf
showed
up
on
a
bunch
of
slides,
which
kind
of
you
know
surprised
me
in
a
good
way.
C
So
recently,
an
ebtf
Foundation
was
formed
underneath
the
Linux
Foundation
as
a
sort
as
a
home
for
open
source
and
I'm
in
the
leadership
of
both
ebpf
foundation
and,
of
course,
ietf
and
so
I
get
to
do
the
rage
between
the
two
So
for
anybody
that
doesn't
know
evvf
and
I'm,
giving
the
same
presentation
by
the
way,
an
INT
area
which
hopefully,
will
cover
most
of
the
relevant
people
between
the
two
areas.
C
The
best
way
to
summarize
ebpf
in
case
you're
new
to
it
is
it's
a
cross-platform
technology.
It
actually
came
from
originally
the
Linux
kernel
and
is
was
derived
from
BPF,
which
came
from
the
BSD
kernel
before
that
cross-platform
technology,
the
current
sandbox
programs
to
extend
a
privilege
system
component,
and
if
you
ask
what
it
stands
for
the
answer,
is
it
no
longer
stands
for
anything
next
slide?
C
C
This
is
an
example
of
how
it's
organized
in
the
Linux
kernel,
which
is
the
most
dominant
use
of
evpf
other
uses,
would
be
we're
making
it
work
on
Windows,
there's
various
Nik
Hardware
cards
that
actually
support
it,
so
you
can
offload
stuff
into
your
neck
and
so
on.
This
is
the
Linux
kernel
example.
So
you
have
ebtf
program.
That's
written
in
some
particular
language
of
your
choice.
C
rust
go
whatever.
C
It
gets
compiled
into
a
particular
byte
code
format
and
then
an
application
can
then
load
that
into
the
kernel,
and
so
it's
red
there,
because
it's
considered
untrusted
until
it
hits
the
box,
that's
labeled
verifier.
That
does
a
formal
proof.
Basically,
it's
a
static
analysis
verifier
that
if
it
can
prove
that
it's
safe
in
terms
of
executing
within
a
conceptual
sandbox,
then
it
can
be
jit
compiled
into
native
code
and
run
and
interact
and
extend
in
this
example
in
OS
kernel
right
and
then
it
can
communicate
back
with
user
mode
things
through
shared
memory.
C
That's
called
Maps.
Okay,
just
so
you
understand
some
terminology.
So
this
is
what
ebpf
is
using
the
Linux
kernel
example.
So
there's
a
bunch
of
yeah
next
slide.
Please
there's
a
bunch
of
different
categories
of
things
that
people
would
like
to
see
standardized
in
some
place.
Okay,
so
there's
a
list
of
things
that
are
up
there.
C
You
can
see
there's
a
bunch
of
different
categories,
so
next
I'm
not
going
to
walk
through
those
right.
You
can
see
the
list
if
you're
familiar
with
BTS
with
BPF,
then
you'll
recognize
some
of
the
terms
and
stuff
there,
but
hopefully
you
can
figure
them
out
from
the
previous
slide
next
slide.
So
the
purpose
of
the
side
meeting
is
to
figure
out
whether
it
makes
sense
to
actually
have
a
buff
is
ietf
actually
the
right
place
for
it
or
not
right?
Okay,
because
it
can
be
argued
both
ways
right.
C
My
initial
impression
was
no
ietf
is
not
the
right
place,
but
there's
enough
using
the
ietf
that
maybe
something
might
be,
and
so
that's
why
we're
going
to
have
a
side
meeting,
there's
a
bunch
of
ebfpf
users
that
are
here
at
ietf.
So
let's
get
them
in
a
side
beating
and
decide
where
we
want
to
take
stuff
and
the
evpf
foundation.
Here's
the
four
possibilities
that
we've
discussed
the
bottom
one
is
the
scope
of
the
side.
C
Meeting
okay,
the
evpf
foundation
could
just
say
as
an
open
source
organization
we're
going
to
publish
you
know:
Standard
specs,
even
though
we're
an
open
source
organization,
we
could
do
that.
We
could
take
that
and
then
take
it
and
get
an
ISO
number
afterwards,
like
some
other
small
seos,
do
we
could
publish
as
an
independent
stream
RFC
or
an
IIT
frfc
okay.
So
the
purpose
of
side
meeting
is
not
the
technical
discussion.
It's
the
which
SEO
was
the
right
place
to
to
actually
put
the
documents.
C
B
C
Will
mention
that
evpf
is
often
used
to
extend
networking
functionality,
but
it's
not
just
for
networking
people
use
it
to
extend
security,
observability
and
so
on.
The
on
the
bottom
bullets
of
the
seven
possible
standard
stuff.
Some
of
those
were
networking
specific
when
it
says
cross-platform
program
types
and
cross-platform
map
types.
That's
really.
The
only
thing
that
you
could
say
is
specifically
about
networking
is
those
bottom
two
bullets
there's
some
subsets
of
that
is
okay,
I,
see
comments.
B
W
Oh
yes,
sorry
I'll
eat
the
mic
with
the
mask
I
at
first
I.
I
generally
was
of
the
opinion
that,
like
ITF,
shouldn't
standardize
apis,
but
then
we
kind
of
gave
up
on
standardizing
apis
and
then
apis
haven't
changed
in
decades,
and
you
know
for
a
lot
of
things
like
look
at
sockets
like
hello.
Does
anyone
have
a
pulse?
Can
we
make
this
thing
better
anyway?
All
that
to
say,
I
really
think
this
is
important.
This
is
useful.
Having
it
standardized
is
really
great.
W
If
we,
you
know,
if
you
manage
to
make
your
analogy
with
JavaScript
work,
that
would
be
amazing,
so
I
think
the
ITF
would
be
a
good
place,
because
I
know
that
we
have
a
pulse
and
we'll
get
stuff
done.
I,
don't
know
the
other
organization.
They
could
be
good
too,
but
I
think
this
would
be
a
good
place.
So
I'd
I'd
be
very
supportive
of
seeing
this
work
here.
Okay,.
C
I'd
encourage
you
to
come
to
the
side
meeting
and
between
those
seven
bullets
that
were
back
there.
It's
arguable
whether
any
of
them
are
actually
apis.
The
bottom
two,
you
could
argue,
might
be
abstract
apis
in
the
same
census.
Like
some
other
working
groups,
do
abstract
apis,
I
guess
you
know
maybe
taps
or
before
that
the
the
security
one.
C
C
It
no
longer
stands
for
that,
because
it's
not
limited
to
networking,
and
so
the
P
implies
packet,
yeah
of
course,
and
so
the
ebpf
foundation
even
before
that
right,
it
said
no
longer
stands
for
things
because
they
don't
want
people
to
limit
their
view
to
say
this
is
just
for
networking.
It's
not
applicable
to
me
right.
So
it's
like
KFC.
H
So
yeah
yeah,
so
so
I
mean
this
is
good
stuff,
I
I
think
the
analogy
actually
draws
to
wasm
more
than
to
JavaScript,
but
whatever
I
I
guess
I
am
I
would
like
to
see
it
on
somewhere.
I'm,
like
less
I,
think
excited
about
having
an
ITF
merely
for
for
probably
cultural
and
Technical
reasons,
which
is
that
designing
the
isas
for
this
kind
of
thing
especially
requires
really
understanding
how
jets
work.
H
It
requires
a
feminine
understanding
about
Dynamic
languages
and
what
only
mechanical
language
fast
don't
make
verification
work,
none
of
which
is
expertise
which
is
really
found
in
this
Arena.
And
so,
if
you
look
at
what
wasm
did
they
formed
a
Wes?
H
So
JavaScript,
of
course,
is
done
in
tc39
and
and
plasm
is
done
in
the
w3c
wising
community
group,
followed
by
w3c,
was
a
working
group
now
I
will
say
that
that
at
least
in
in
my
senses,
in
both
those
areas
they
just
sucked
in
a
bunch
of
compiler
like
people
and
like
which
people
did
that
work.
H
But
my
sense
is
that
that
might
not
work
here
and
in
particular,
the
working
mode
that
those
screws
tend
to
have.
Is
very
intense
and
very
like
and
answer
culturally,
very
different
from
the
working
mode
we
have
and
so
well,
I
think
there's
a
I
do
want
to
emphasize
I
think
this
is
exciting,
work
and
I'm
glad
it's
happening.
I'm
less
excited
about
having
it
here.
H
I
think
that
people
would
find
it
frustrating
to
be
here
and
work
with
us
and
have
frankly
and
in
particular,
I
think
they
would
find.
You
know
how
should
I
phrase
this
to
sort
of
drop
in
tourism
that
we
often
get
very,
very
irritating
in
in
design
of
these
I,
say
very,
very
technical
features
which,
as
I
say,
really
requires
anyhow,
have
just
work
and
how
processors
work.
C
Yep
by
commenters
that
this
is
widely
deployed
and
not
standardized,
and
so
there's
a
bunch
of
people
already
out
there
in
the
community
that
do
those
things
but
they're,
not
necessarily
iatf
people
to
ecker's
point
yeah.
A
number
of
them
will
be
on
the
side
meeting,
because
the
side
meeting
is
a
hybrid
meeting
and
the
zoom
meeting
and
a
bunch
of
them
will
be
remote
and
I
would
like
to
encourage
more
interaction
between
the
two
communities,
regardless
of
which
one
of
the
which
one
of
the
standardization
places
it
goes.
So.
H
I
guess,
oh
yes,
the
other
thing
I
would
say
is
the
fact
that
it
is
so
widely
deployed.
I
think
requires
a
certain
amount
of
care
in
terms
of
care
and
feeding,
and
you
know
having
been
through
this
process
multiple
times,
and
you
know
the
itf's
attitude
about
like
well,
it's
just
like
make
everything
a
little
Indian
if
it's
a
big
Indian
or
vice
versa,
and
all
that
and
I
wish,
like
renumber,
all
the
instructions
in
the
VM
just
because
we
don't
like
the
way.
H
C
Not
only
is
it
mature,
it
is
actually
still
evolving
right
and
so
there's
obviously
some
concern
about.
How
fast
can
the
ietf
keep
up
with
things
and
what's
the
right
documentation
process,
as
you
do
extensions,
and
so
that's
from
the
ebpf
community,
that's
classically
not
evpf
that
some
of
their
questions
and
so
getting
everybody
in
the
same
room
to
be
able
to
discuss
those
sorts
of
things
to
will
actually
help
inform
where's
the
best
place
to
do
it.
Okay,.
X
And
listening
to
the
presentation,
if
I
had
substituted
wasn't
for
epbf,
it
would
have
been
almost
identical.
Have
what's
the
what's
your
perception
of
the
relationship
between
this
and
wasn't
and
this
developer
community
and
there
wasn't
there.
There
were
Pokemon.
C
It's
a
good
question:
I
do
not
know,
wasn't
enough
to
give
you
a
definitive
answer
myself.
So
there's
probably
other
people
who
might
have
to
compare
notes
with
to
give
you
something.
I
don't
know
if
wasm
is
typically
used
in
kernel
space,
whereas
evpf
is
widely
used
in
kernel
space,
and
so,
if
so,
I've
only
heard
of
it
being
used
in
user
space.
I,
don't
know
if
there's
kernel
space,
you
just
have
to
ask
somebody
here.
H
So
my
sense
is
that
you
know
both
these
are
growing
metastasizing.
H
You
never
would
you
want
to
choose,
and
that
was
in
this
is
going
downwards,
and
this
is
growing
upwards.
I'm
surprising,
of
course
started
in
browsers
and
is
now
moving
towards.
You
know,
depending
Cloud
infrastructure.
You
know
because
I
don't
I
mean
I
think
at
some
level.
Of
course,
these
are
competitors
analogies
in
the
same
way
like
the
Java
VM
is
a
computer
technology,
but
I
think
you
know,
there's
like
room
for
more
than
one
V
one
jitted
VM
thing.
H
One
thing
I
will
say
is
that
eliasm
does
not
appear
to
have
the
proof
stage
that
this
has
Verizon
is
is
correct
by
construction,
rather
than
being
you
know,
rather
than
being
proved
the
way
this
is
I
mean
a
particular
I.
Don't
know
EPF
well,
but
the
I
assume
part
of
the
proof
is
about
verifying
that
you
can't
like
reference
outside
your
own
outside
of
the
map
sandbox.
Among
other
things,
the.
H
Same
with
a
knackle,
for
instance,
was
yeah,
and
so
like
I
say
why
ISM
does
this
is
last
name
is
like
pure
compute
and
then
you
have
to
provide
affordances
to
do
anything
outside
of
wasm.
So
I
think,
like
you
know,
I
think
it
might
I
mean
it
might
be
worth
trying
to
see
if
there's
Quest
pollination
between
the
community
to
see
like
they're
cool
things
to
be
stolen.
But
but
my
sense
is
that
that
the
the
aspirations
are
different
enough.
H
You
know,
Wiseman
is
really
for
like
a
long
running
process
like
for
very
like
a
long
running
process,
very
long
execution
processes,
because
otherwise
you
just
kind
of
run,
JavaScript
and
and
high
compute,
where
it
sounds
like
it's
low,
compute
and
lightweight.
So
that's
my
sense.
Yep.
C
Thank
you
that
that
that
all
makes
sense,
I
have
a
vague
recollection
that
there
was
a
presentation
somewhere
recently,
maybe
at
Linux
plumbers
or
open
source
Summit
that
actually
did
have
both
of
them.
The
same
presentation
made
that
same
analogy
that
wasm
is
kind
of
at
the
top
working
its
way
downwards,
and
ebpf
is
the
bottom
working
its
way
upwards
and
there's
kind
of
this
fuzzy
area
in
between
I
thinking.
C
B
All
right,
thank
you
very
much
Dave
and
thanks
everyone
for
your
input.
Just
a
reminder
that
side
meeting
is
on
Thursday
at
6,
00
PM,
so
further
views,
please
add
them
there.
Okay,
it's
our
last
item
on
the
agenda
today.
This
is
in
the
art
area.
Part
of
the
meeting,
still
we're
looking
at
a
testable
HTTP
so
over
to
hey.
Y
Yeah
cool.
Thank
you.
Yes,
hello.
This
is
Heinz
Bryant
joining
from
Intel
and
I'll
quickly
talk
about
the
future
possibility
to
initiate
building
trust
for
the
modern
internet,
and
please
go
to
the
slide
one.
The
next
slide,
all
right
cool.
So
following
end-to-end
principle,
we're
proposing
an
L7
protocol
to
help
achieve
trustworthy.
Web
services
called
the
testable
HTTP
or
attack
or
httpa.
Each
GPA
is
simply
an
HTTP
extension
for
binding
remote
adaptation
messages
to
http
headers
and
it
establishes
trusted
communication
for
web
services,
running
Insider
trusted
execution,
environment
or
tea
or
tea.
Y
Y
This
can
not
only
be
used
for
unilateral
agpa,
but
also
Mutual
to
for
for
Mutual
agpa
to
build
L7
trusted
end-to-end
communication
next
slide.
Please.
Y
Y
In
addition,
a
great
example
is
T,
which
is
an
emerging
technology
that
protects
data
in
use,
and
it
is
a
reasonable
endpoint
for
HTTP
message,
exchanges
t
as
an
emerging
resource
for
web
application
to
leverage,
and
there
is
a
need
for
unifying
remote
annotation
using
te
for
Hep
protocol
and
next
slide.
Please.
Y
Y
Software
or
hardware
for
finer,
granularity,
Authentication,
httpa
workflow,
includes
four
major
transactions,
including
PreFlight
transaction,
a
test,
hidden
shape
transaction,
a
test
secret,
provisioning
transaction
and
the
trustage
communication.
Transaction
and
httpa
can
stand
alone
to
build
its
own
secure
communication.
Y
We
call
this
secure
communication
on
the
attested
Node
trusted
communication
for
some
strong
T
users
can
only
trust
the
web
service
itself,
even
without
the
need
to
trust
the
CSP
to
use
the
web
service
for
their
sensitive
data,
even
though
the
middle
box
at
the
middle
point
in
between
such
as
an
application,
Gateway,
is
compromised
due
to
something
like
TLS
termination
or
maybe
something
else.
The
information
is
still
protected
and
because
the
protect
information
can
only
be
decrypted
inside
the
teeth.
Y
If
you
want
to
encrypt
every
bit
of
the
message,
you
can
also
use
hcbba
over
TOs.
However.
Httpa
doesn't
rely
until
as
to
build
secure
communication
with
httpa
users
can
regain
the
right
to
verify
security,
assurances
inside
the
hardware
and
software
and
the
freedom
to
choose,
who
or
right
to
trust
or
and,
most
importantly,
to
regain
the
control
on
their
own
data.
Y
H
Eric
Escuela,
so
just
to
look
at
this
diagram,
there's
still
a
little
puzzled
by
something
how
much
of
the
web
server
is
running
in
the
T.
All
of
it.
Y
Oh,
that's
a
good
question,
so
in
this
use
case
we
simply
demonstrate
one
but
I
think
you
are
asking
the
scalability.
That
is
another
implementation
details
here,
but
this
in
this
case
is
one.
H
No
sorry,
that's
right.
What
I'm
asking
is
is
the
web
server?
Is
the
entire
web
server
running
in
the
T
or
is
only
a
tiny
bit
of
the
web
server
writing
of
the
T.
H
Z
It's
a
clarifying
question
in
the
form
of
I
want
to
understand
how
this
works.
Okay,
so
hi
Alex,
surehowsky
I
mostly
was
curious.
What
why
we
are
doing
this
rather
than
doing
a
testable
TLS.
So,
like
my
mental
model,
for
how
normally
you
use
these
things
is
that
you
perform
a
remote
attestation
using
your
credentials
to
some
sort
of
maybe
centralized
service
in
order
to
get
an
unlock
key
for
a
certificate,
and
then
you
could
use
our
certificate
for
mtls
or
maybe
an
oauth
assertion
or
something
else
which
would
let
you
centralize.
Z
The
number
of
services
would
have
to
be
worried
about
the
attestation,
and
then
you
could
sort
of
use
more
existing
Primitives
that
we
have
today
in
terms
of
the
existing
authentication
Frameworks.
In
order
to
have
you
know,
presented
a
delegated
Trust
of
you
know
something
already
verified
this
assertion
that
you're
talking
to
something
trusted
and
I'm
sort
of
wondering
what
we
get
as
a
benefit.
Y
Yeah,
so
so
they
so
that,
so
the
key
motivation
is
to
build
the
trust
inside
the
T.
So
we
don't
want
to
trust
any
things
outside
of
T.
So
they'll
hope
that
the
group
decryption
all
the
process
can
happen
inside
the
T
and
the
best
way
to
do
that
is
to
implement
this
at
the
high
level,
like
L7
level,
for
the
protocol,
rather
than
need
to
trust
something
else
that
where
the
decryption
happens
outside
the
T
and
I
think
basically,
that's
the
intuition.
Y
Yes,
you
could
and,
however,
in
that
sense,
you
have
to
Implement
all
those
tall
things
inside
the
probably
the
application
Gateway.
However,
if
you
do
that
to
your
some
application
web
services
behind
in
the
back
end
and.
N
Y
That
would
be
hard
to
realize
in
the
modern
in
Cloud
infrastructure,
because
it
would
be
hard
to
to
have
the
application
Tail
as
tunneling
directly
back
into
the
into
the
web
service.
Y
Y
Those
routing
can
happen
that
that's
fine,
because
we
hdba
does
not
prohibit
that
from
happening.
That's
true
can
happen,
but
what
we
care
about
is
the
sensitive
information
inside
the
HTTP
message
which
don't
want
to
protect
it,
make
sure
the
confidentiality
or
the
Integrity
of
the
message
is
protected.
Y
O
B
Dave
Taylor
You've
joined
the
queue
okay,
we
just
have
one
more
slide.
So
if
you
want
to
go
just
to
your
last
slide
hands
and
then
we
can
start
the
queue
properly.
Y
Yeah,
so
here
we're
just
thinking
about
where
do
we
go
for
this
work
and
I
hope
that
we
have
a
protocol
application
Level
protocol
to
allow
people
to
use
T
resources
in
the
future
for
their
application?
That's
it.
C
Dave
Taylor,
among
other
things,
chair
of
the
teeth
working
group,
which
is
on
the
slide
and
also
currently
the
technical
advisory
Council
chair
in
the
confidential
Computing
instruction
that
deals
with
tees
I've,
seen
at
least
five
different
proposals
in
CCC
meetings
around
people
doing
a
tested
TLS.
So
this
is
following
up
on
Alex,
who
said
a
bunch
of
what
I
was
going
to
say
at
least
five
five
different
proposals
for
doing
it.
C
I
think
all
of
them
were
doing
HTTP
over
the
top
of
it,
and
so
they
were
basically
doing
what
Alex
was
saying.
Five
different
ways
and
the
feedback
was
get
some
unification
and
then
take
the
drafts
and
bring
them
to
iitf
and
so
I
think
some
of
those
drafts
will
be
mentioned
in
the
rats
working
group.
C
Steve
working
groups
here,
I,
would
say:
I,
don't
think
tip
is
the
right
place,
because
that's
for
provisioning,
as
opposed
to
the
actual
communication
here,
attested
fill
in
the
blank
rats,
is
a
good
working
group
to
review
it.
Rats
by
itself
does
not
do
protocols
under
the
current
Charter.
What
it
does
is
it
can
just
like.
You
know
the
DHC
working
group
does
not
do
all
possible
DHCP
options.
Other
groups
can
right
so
they
would
review
stuff,
but
it
wouldn't
necessarily
be
there.
C
That
is
the
best
home
to
take
the
discussion
to
right
now.
So
yes,
for
for
taking
it
there,
they
might
say
do
it
in
a
different
working
group
or
maybe
TLS
or
whatever,
but
as
far
as
putting
stuff
in
the
tee
to
what
Alex
is
saying,
I've
seen
a
bunch
of
people
actually
using
stuff
in
deployment
right
now.
The
way
that
Alex
was
saying
with
HTTP
over
the
top
of
a
tested
TLS.
So
thanks.
I
This
item
is
on
the
agenda
for
SEC
dispatch
later
this
week.
It
was
on
this
agenda
for
five
minutes.
We've
already
blown
well
past
that
one
I
suggest
we
take
this
discussion
to
that
other
meeting
where
we
have
a
group
that
is
much
better
suited
to
answer
the
questions.
B
AA
For
it
so
hi
this
is
Hank.
Despite
what
they've
said,
the
Reds
working
group
may
do
protocols
if
it's
not
feasible,
to
use
existing
protocols.
AA
So
then
that's
okay,
which
would
for
me
initiatively,
say
Go
to
http.
Definitely,
first
and
if
you
have
had
a
stable,
remote
accession
questions,
then
real
Reds
in
but
but
the
HTTP
part
should
be
the
first
gateway
function.
I
guess
yeah!
That's
all.
B
Okay,
thank
you,
there's
no
one
else
in
the
queue
so
we'll
just
say.
Thank
you
very
much
Hans
for
presenting
this.
As
we
said,
it
is
on
the
agenda
for
sex
dispatch
and
https.
It
was
presented
here
just
to
share
and
make
sure
more
people
are
aware
of
it.
So
that
is
the
end
of
everything
we've
run
through
in
dispatch
before
you
run
off
and
enjoy
some
coffee
just
to
say
thank
you
to
our
presenters,
each
and
every
one
of
you
and
your
input
from
the
community.
B
That's
what
makes
dispatch
dispatch
I'd
also
like
to
thank
the
co-chair,
who
is
not
here
in
person
but
has
been
doing
a
stellar
job
behind
the
scenes.
So
thanks
to
shipping
and
finally,
thanks
to
Murray
our
area
director,
who
has
done
a
stellar
job
in
covering
Francesca's
maternity
leave.
So
thanks
everyone
for
your
participation
today
and
enjoy
the
rest
of
ITF
any
speakers.
If
you
want
to
come
up
and
chat
to
me
after
about
next
steps,
I'm
very
happy
to
do
so
enjoy
the
rest
of
ITF.