►
From YouTube: CORE WG Interim Meeting, 2020-10-08
Description
CORE WG Interim Meeting, 2020-10-08
A
Oh
yes,
thank
you.
Thank
you.
So
we
have
the
usual
suspects,
so
welcome
everybody.
This
is
a
very
very
strange
week.
As
you
know,
I
don't
have
a
particular
introduction
to
to
the
unfortunate
passing
of
jim.
We
we
have
all
done
a
bit
of
mourning
by
now.
A
I
suppose
when
we
learned
the
news
and
we
have
the
memorial
in
cozy,
so
I
don't
know,
I
don't
think
we
should
have
anything
more
because
I
mean
the
gym
was
very
dear
to
all
of
us,
but
there
is
really
no
point
in
in
continuing,
but
if,
if
any
of
you
want
to
dedicate
some
words
or
something
like
we
please
feel
free,
we
can
spend
a
bit
of
time
on
that.
A
Okay,
okay,
so
then,
let's
start
the
section
for
today
so
for
today,
so
first
of
all,
let's
start
with
the
notewell.
As
you
know,
let's
be
nice
and
so
on.
We
all
are
very
senior
members
of
ideas,
so
we
all
know
what
what's
about.
For
today
we
have
the
the
two
topics:
state
list
and
resource
directory.
There
is
few
issues
left
and
michael
has
been
very,
very
nice
to
us
for
taking
a
bit
of
time
to
conclude
the
few
discusses
coming
from
isg,
so
we
are
going
to
go
through.
A
Those
first,
I
believe,
is
because
christian
was
setting
up
the
computer
and
everything,
but
since
you're
in
the
call
we
we
might
as
well
also
start
with
rd
whatever
you
guys
prefer.
A
Okay,
well
I
mean
I
have
already
this
light
open,
so
we
might
as
well
just
go
with
the
stateless
and
I
can
present
from
here
and
then
later
you
can
present
rd
on
your
machine
right
yeah.
That
will
be
largely
on
issue
tracker,
but
yes,
oh
okay,
then
I
can
also,
you
know
either
act
as
a
proxy
cool.
So
please,
michael
the
floor
is
yours.
C
Yeah,
so
the
big,
my
big
reason
for
doing
this
is
that
this
document
is
holding
up
this
cluster
310,
which
is
full
of
roll
and
six
dish,
documents
which
I
I'm
an
author
and
so
came
to
that.
So
that
link
goes
to
the
bunch
of
issues
that
I
pulled
out
and
there
are
four
pull
requests
relating
this
next
slide.
I
guess.
C
Oh
hit
the
hit
the
big
screens
button,
so
you
can
just
hit
down
you
hit
that
that
thing
on
the
side
there
you
go
yeah,
so
okay,
so
these
are
the
issues
as
cars.
This
is
carson's
summary
of
the
issues
the
simplest
ones
is.
These
are
the
ones
that
maybe
we
should
say,
don't
won't
fix
on,
and
I'm
perfectly
happy
to
do
that.
I
don't
know
if
that
will
fly
well,
I
think
number
nine
in
particular.
I
think.
C
That's
still,
I
think
we
should
just
leave
the
leave
the
text
as
it
is,
it
says,
look
ma
no
state
in
the
middle
and
I
think
that's
elegant
and
cool.
If
there's
disagreement
with
the
with
this
or
we
get
some
pushback
from
area
directors,
then
we
could
come
back
to
them
and
decide
that,
but.
C
Otherwise,
I
I'm
happy
to
go
with
that
list.
Maybe
some
people
need
to
look
at
them
and
convince
themselves
that
that
we
shouldn't
fix
them
next
slide,
let's
go
to
the
ones
that
we
will
fix.
C
So
basically,
what
I've
done
is
I've
clarified
that
the
aes,
the
suggestion
of
using
aes
gcm
is
a
suggestion,
so
it
was
in
the
word.
Uppercase
recommended
it's
now
in
lowercase
recommended
supposed
to
be,
and
I
see
it
there
still
is
recommended
uppercase.
Why
is
it
that
way?
It's
supposed
to
be
lowercase,
based
upon
the
fact
that
this
is
not
normative
so
yeah.
That
would
be
great
if
you
could
change
that.
Thank
you.
Now.
C
Click
on
the
lot
click
on
the
the
instead
of
instead
of
writing
that
click
on
the
the
icon.
Next
to
the
preview,
no
you're
in
the
right
place.
Click
there,
yeah,
plus
yeah
click
on
not
preview,
go
to
the
next
icon,
the
next
icon
after
preview
to
the
right
of
preview
that
one
yeah
now
change
it
to
say.
Lowercase.
C
And
hit
add
single
comment
that
changes
it
right
there.
So
so,
then
the
other
part
was
it
said.
May
I
wonder
if
I've
missed
pushing
some
code
here
and
didn't
get
it
right,
because
I
thought
I
did
this
already
so
basically
it
just
says
that
this
is
all
a
local
decision.
The
only
reason
use
aes
ccm
is
because
that's
what
you
have
in
hardware.
If
you
have
something
else
in
hardware,
then
you
should
use
that
and
then
the
biggest
con.
C
The
most
of
the
text
was
about
the
fact
that
if
you
can't
keep
track
of
the
nonces,
then
probably
you
should
just
generate
a
new
key.
If
you,
whenever
you
couldn't
keep
track
of
the
nonsense-
and
I
I
guess
that's
the
real
question
that
needs
to
be
thought
about
is
whether
or
not
these
responses
are
going
to
have
to
outlive
a
case
where
a
device
is
sleepy
and
doesn't
and
and
can't
keep
track
of
the
nonces
or
not.
If,
if
you
understand
what
I'm
saying
tell
me
explain
that
more.
C
Okay,
so
let
me
let
me
maybe
just
start
for
everyone
at
the
beginning.
If
you
generate
a
key
and
you
keep
it
for
encrypting
your
state
and
you
go
to
sleep,
sorry
and
you
use
ccm
mode.
So
you
need
a
nonce
that
you
should
never
repeat
and
you
send
a
request
and
then
you
go
to
sleep
and
then
you
wake
up,
and
then
you
notice,
you
didn't
remember
the
nonce.
C
So
then
the
response
would
come
back
and
you
might
say,
oh
I'm,
going
to
I'm
going
to
generate
a
new
request
and
I'll
use
the
nonce
again.
So
the
issue
is
that
you
have
to
either
remember
the
nonce
when
you
go
to
sleep
so
put
it
in
nvram
or
something
like
that
or
each
time
you
wake
up.
C
You
have
to
generate
a
new
key
okay,
so
you
could
generate
the
key
once
at
boot
time
as
carson
suggests,
and
then
you
have
to
keep
track
of
the
nonce
that
goes
on
and
there's
lots
of
ways
to
get
the
knots
for
free.
C
If
you
have
a
clock
that
always
increments
or
something
like
that,
and
but
if
it
turns
out
that
you
send
a
request-
and
you
expect
the
response
before
you
go
to
sleep,
then
you
could
just
generate
the
key
each
time
you
don't
have
to
you,
don't
have
to
keep
track
of
any
of
that
across
sleepy
times,
whether
that's
appropriate
for
your
device.
I
don't
know
it's
hard
to.
C
A
Does
anyone
have
a
comment
something
to
comment
on
this?
I
don't
really
have
a.
B
My
take
on
this
would
be
if,
if
the
device
can
remember
the
key,
then
either
it's
it's
committing
that
to
to
some
more
even
more
persistent
memory
or
it
can
or
or
it's
keeping
it
in
nvram
as
well,
and
even
if
it's
committing
the
key
to
some
more
persistent
memory,
then
there's
ways
that
we're
using
earth
core
to
make
sure
that
even
in
an
uncontrolled
shutdown,
the
nonsense
are
not
reused.
Without
hitting
that
memory.
B
D
Do
people
go
ahead?
The
implementation
approach
is
like
this.
So
if
you
do
this,
for
instance,
based
on
the
sequence
number,
then
once
you
have
booted
you
see,
what's
the
old
sequence
number,
let's
say
that's
7
000.,
then
you
increment
the
sequence
number
to
eight
thousand
and
write
that
to
persistent
memory,
and
then
you
are
free
to
use
seven
thousand
two,
eight
thousand
in
your
current,
not
in
your
current
volatile
state
without
further
touching
the
the
persistent
state
and
once
you.
C
I
would
love
that
would
be
ideal
if
we
could
just
reference
that
that
would
that
would,
I
think,
be
even
better.
C
B11,
okay,
so
I'll
insert
a
reference
somewhere
to
best
practices
for
maintaining
the
nonce,
maybe
delete
something.
C
Okay,
so
I'll
revise
that
and
send
the
text
to
the
mailing
list,
and
oh
look
my
suggest,
I
have
my
suggestion.
I
can
see
my
suggested
changes
already
for
some
of
this.
It's
weird
so,
okay,
so
I
will
take
that
out.
Why
can't
you
see
them?
I
don't
need
to
reload.
C
No,
maybe
just
the
way
that
you're
looking
we're
looking
at
it
differently.
You
have
side
to
side,
and
maybe
it
doesn't
show
up.
If
you
go
the
the
maybe
it
doesn't
show
up
in
side
to
side,
because
you
have
side,
you
have
left
right,
diff
and
I
have
inc
inside
in
the
other
way.
No.
C
Online,
I
blame
dave
thaler
for
for
making
me
use
this,
because
we
it's
it's
much
easier
for
group
discussions
to
have
that
thing
projected
anyway.
So.
C
C
I
don't
know
until
like
did
you
did
you
meet
another
branch
or
no?
Maybe
they
don't
show
up
until
I
I
request
changes,
and
I
can't
I
do
that.
Let's
try
that
see
what
happens
hit
reload
on
or
hit
files
changed
again.
C
Now
it
appears
here
it
is
yeah.
Now
it
appears
there,
you
go
yeah
my
I
guess
it
was
private
to
me
because
I
hadn't
shared
it.
I
hadn't
committed
it
anyway
I'll
go
through
this.
If
that's,
if
that's,
if
the
rest
of
the
text
and
the
concept
is
okay,
then
I'll
go
through
and
create
a
final
diff
for
that
and
I'll
reference
that
that
piece
you
just
suggested
there.
The
os
core
part
sounds
good,
okay,
so
next
slide.
I
guess.
C
Okay,
so
next
yeah
one
more
slide,
so
that
was
eight
put
down
a
bit,
so
numbers
number
ten
and
number
eight,
so
it
did
generate
text.
For
that
I
I
think
it's
pretty
good.
The
the
question
was
why
60
minutes
and
it
was
arbitrary
and
I
don't
think
I
quite
captured
what
maybe
carson
had
in
mind
with
the
business
with
doing
something
like
the
act
timeout.
C
I
didn't
understand
that
at
first
now
I
do
understand
what
he's
suggesting,
but
I
don't
think
I
quite
I
quite
acted
on
that
right.
So
we
could
just
talk
about
that.
A
little
bit
I
think,
number
five
is
the
other.
One
is
just
fine.
C
The
issue
is
why
60
minutes
right?
What
was
it
based?
There's
no
context
for
why
60
minutes
on
what
the
issue
is,
and
I
I
guess
the
point.
C
The
point
is
that
if
you've
gone
to
find
out
what
the
extended,
what
the
extended
token
length
is
that
you
shouldn't
assume
that
it
has
a
value
that
it
still
has
that
value
many
minutes
to
hours
later,
particularly
if
it's
another
node
on
the
internet,
so
that
the
the
question
is
what
you
don't
want
to
go
too
often,
and
you
don't
want
to
go
too
less
often.
So
what
is
the
right
number?
C
So
whatever
your
dhcp
or
our
router
advertisement
lifetime
is
that's
how
long
you
could
cache
this
information
and
then,
if
it's
on
the
internet,
then
I
would
say
that
if
you
looked
it
up
with
dns,
then
whatever
the
time
to
live
for
the
dns
result
is,
is
a
good
upper
limit
on
how
long
you
can
wait.
How
long
you
can
cache
that
information,
because
you
can't
because
you're
not
if
you
don't
look
up
the.
C
D
So
my
suggestion
was
to
make
this
explicitly
a
parameter
using
the
parameter
mechanism
of
co-abs.
So
people
know
that
they
may
want
to
change
this
among,
together
with
other
things
like
act,
timeout
and
so
on.
If
their
network
has
some
some
specific
timing
requirements.
C
A
It
would
be
good
to
include
some
if
not
60,
minutes
some
reference
to
potential
usual
times.
So
the
ack
timer
sounds
like
okay
to
me
by
something
concrete.
C
Maybe
right
well,
no,
the
idea
isn't
that
it's
based
on
this
other
number.
It's
just
another
time
value
that
we
have.
We
can
configure,
and
I
don't
know
exactly
how
to
write
that
text
and
it
doesn't
seem
like
it
should
be.
It
belongs
in
the
well,
but
it's
in
section
two
two
two.
So
it
needs
to
create
a
new,
a
new,
a
new
value.
I
I,
it
seemed
loath
to
me
to
create
a
value
that
someone
has
to
figure
out
and.
A
C
C
So
minimum
and
maximum
is
also,
I
think,
important,
so
don't
ask
again
within
a
half
an
hour.
It
can't
change
within
the
half
an
hour,
but
after
a
day
you
should
chat.
You
should
do
it
again,
regardless
of
of
whatever
other
numbers
you
had.
That
would
be
my
suggestion
to
have
two
numbers
for
a
minimum
and
a
maximum.
If
you
don't
know,
if
you
did
get
it
from
dns,
then
you
know
after
that
dns
timeout.
You
should
ask.
C
Again,
I
don't
know
if
that
should
that's
highlighted
should
be
normative
or
not.
A
I'm
just
not
so
sure
so
some
endpoints
may
have
ip
addresses
if
it's
a
bb6
that
are
long
longer
than
one
day.
C
I'm
not
saying
that
that
I'm
not
saying
it
can't
be
longer
than
that,
and
if
and
if
you
have
a,
if
you
can't
tell
what
the
what
the
you
can,
you
might
be
able
to
guess
what
a
neighbor
is
by
your
own
lifetime
right.
But
if
it's
on
some
other
part
of
the
internet,
you
have
no
idea
how
long
the
addresses
are
valid
at
that
end,
and
the
concern
is
that
you
know
colon
colon
2
goes
away
and
is
replaced
by
a
new
colon,
colon
2,
which
has
a
different.
C
If
it's,
if
it's
in
your,
if
it's,
if
it's
an
adjacent
node
like
you're
in
the
same
subnet,
the
odds
are
it
has
the
same
lifetime
that
that
you
do
so.
If
you
have
three
week
lifetimes,
because
that's
what
you
got
are
you
know
year-long
lifetimes,
then
you
could
assume
the
neighbor.
Has
that
long,
a
lifetime
too?
C
There's
a
lot
of
logic
to
figure
this
out,
but
you
know.
On
the
other
hand,
you
could
just
check
every
half
an
hour.
It
probably
it
hurts
your
battery,
but
it
probably
better
than
getting
it
wrong.
I
I
don't
I
I.
I
don't
really
think
this
is
going
to
change
that
often,
but
I
think
it's
a
bit
of
a
boogie
man
and.
C
Yeah,
it
seems
reasonable
that
if
you
check
once
a
day
that
that
you
know
it's,
that's
enough,
the
guy
who's
going
to
have
this
problem
is,
god
is
in
a
lab
situation
and
he's
got
changing
his
equipment
every
every
hour
as
he
reboots
and
puts
new
code
out.
G
Yeah,
if
they're
actually
shaped
as
new
parameters-
and
they
find
here,
those
can
be
exactly
the
default
values.
C
Yeah,
so
I
don't
know
exactly
how
the
how
I
have
to
think
of
think
about
how
to
write
that
text
with
respect
to
like
ack
timeout.
I
don't
know
how
to
I'd
have
to
figure
out
how
to
do
that.
If
someone
knows
how
to
do
that
easily,
it
seems
to
be
it.
It
seems
you've
written
a
particular
way
to
call
out
that
these
are
co-app
values,
tunable
values.
C
Like
imagining,
you
really
want
to
bring
up
the
fact
that
this
has
to
be
a
number
sign
to
find
somewhere
in
the
code,
or
something
like
that
to
for
an
implementer
that
this
should
be
tunable.
A
C
A
Revision
for
for
proofreading
for
non-native
speakers,
sure,
okay,
so
next
item
I
will
make
up
okay,
so
go.
C
Ahead,
oh
yeah,
so
I
actually
60
minutes.
We
just
covered
that.
That's
what
we
just
discussed!
Sorry
spoofed
response
last
issue,
so.
C
The
text
says
essentially
trying
to
say
that
it
might
be
that
integrity.
Protection
on
the
state
token
is,
in
some
rare
cases
unnecessary
and-
and
I
think
that
that
that
text
in
red
that
was
trying
to
say
that
confused
the
situation
and
so
that
I
rewrote
that.
D
Yes,
I,
like
the
the
gist,
the
statement
that
is
being
made
here.
Of
course
it
will
bring
up
the
question,
so
why
don't
you
make
it
a
must
then.
D
D
A
A
C
C
So
those
are
the
ones
that
I
thought
were
controversial
that
we
could
solve,
and
so
the
other
issues
were
don't
fixes
that
I
or
won't
fix-
and
I
need
some
some
review
for
people
to
say
to
agree
that
that
is
the
case
or
to
say
yeah.
Please
fix
it.
C
Okay,
so
I've
taken
up
half
an
hour
so
I'll
I'll
pass
to
whomever
is
next.
A
B
B
Can
I
share
the
screen?
Let's,
let's
see
if
that
works,.
A
B
A
Should
give
you
permission,
do
you
need
a
special
permission
at
the
moment,
or
can
you
yesterday
I'm
trying
so
looks
like
it
yeah.
B
Okay,
it's.
A
Not
yet
there,
okay,
and
it's
not
for
me,
it
says
I'm
sharing
the
screen
to
me
shows
is
starting
to
share
content.
A
Maybe
I
should
I
don't
know
if
I
can
make
you
presenter
or
something
like
that.
Oh
you
are
already
presented.
D
It's
just
that
we
have
the
usual
problem
that
when
the
presenter
changes,
the
stream
doesn't
get
set
up
properly.
Rest.
C
D
C
D
B
Okay,
does
it
help
if
I
do
this
in
a
new
session,
or
is
this
counterproductive.
A
B
Mister,
did
you
stop
sharing,
I
stopped
cheering
sorry,
I'm
messed
up.
C
B
Be
one
or
two
of
me:
do
you
hear
me
now
yeah
yeah
we
hear
you
will
okay
and
only
one
of
me
we
can.
B
Yes,
okay,
I'm
trying
to
share
here,
but
it
doesn't
really
look
like
it's
going
any
better.
Okay,
then
maybe
we
just
go
with
me.
Pasting
links
to
the
I
can.
B
Any
anyway
I'll
I'll
just
paste,
you
paste
over
links
when,
when
there's
somewhere
to
go,
and
if
you
could
follow
that
on
on
an
organizational
point,
I
unfortunately
didn't
still
didn't
manage
to
write
up
full
requests
for
all
the.
What
is
it
almost
2
000
lines
of
comment
processing
but
there's
a
few
points
where
I
actively
need
a
bit
of
assistance
and
I'd
like
to
go
through
those
and
other
than
the
last
time.
B
I'd
go
for
the
low
hanging,
fruit,
first
and
and
and
then
go
escalate
to
the
to
the
harder
ones.
So
there's
there's
one.
I
don't
have
really
on
the
issue
tracker,
but
we
got
a
comment
that,
on
on
the
paragraph
from
a
system
design
point
of
view,
the
ambition
is
to
design
horizontal
solutions
that
can
enable
utilization
of
machines
in
different
applications,
depending
on
their
current
availability
and
capabilities,
as
well
as
application
requirements,
thus
avoiding
silo-like
solutions
on
the
topic
of
this
being
buzzworthy
without
actually
saying
anything
now.
B
I
think
I
can
help
with
the
saying,
and
you
think
the
question
is
just
do
we
want
this,
this
level
of
possibility
buzzwordiness
that
I
do
agree
with
who
was
it
warren
kumari?
Is
there
do
we
want
to
keep
that
in,
or
is
this
really
just
something
that
happened
when
someone
was
coming
from
a
ceo
presentation.
B
If,
if,
if
we
have
any
reason
to
kind
of
keep
a
few
of
these
words
in
there
to
ensure
that
this
is
taken
up
well
by
by
some
target
community
that
I'm
currently
not
aware
of,
I'm
happy
to
keep
the
buzzwords
in
otherwise
I
just
at
least
there.
There
are
statements
in
there
that
I
think
are
valuable
on
that
that
contribute
to
why
we
are
doing
rd.
But
they
are
you,
you
have
to
know
the
buzzwords
to
to
get
through
them.
So
I
I
I
do
some
some
reverting
here.
A
C
B
D
To
change
the
next
sentence
because
it
says
such
design-
sure
okay,
I'm
still
trying
to
find
out
what
the
sentence
that
we're
deleting
was
trying
to
say.
So
I
don't
know
what
to
replace
such
design
with.
But
it's
something
like
like
evolvability
or
heterogeneity
or
and-
and
we
can
find
out.
B
Yeah
yeah,
so
so,
if
basically,
with
my
main
question
answered,
I
can
come
up
with
a
pull
request
that
that
we
can,
but
I
can
then
so
next
item
is
a
question
on
the
on
the
topic
of
dhcp
and
slack
one
is
it?
Is
it
crunched
slack,
I'm
not
sure
after
after
I
found
out
that
it's
not
cuddle
and
always
be
careful.
D
Some
people
still
like
cuddle.
It's
I
think
it's
I
give.
B
It
a
long
air-
I
I
I
think
cuddle
is
cute
anyway
on
on
that
pretty
I
like,
I
linked
the
issue
in
the
chat,
so
if
you
could
just
open
that
up
on
263,
the
point
here
was
that
we
presented
slack
and
dhcp
as
mutually
exclusive
and
that
they
could
only
be
used
when
basically,
they
could
only
be
used
for
discovery
when
they
are
also
used
for
address
assignment,
and
the
point
was
that
this
is
not
the
case
and
the
pull
request
already
changes
it
to
say
that
when
vhtp
is
used
in
material
of
whether
it's
used
for
address
configuration,
what
I
don't
know,
because
I
don't
know
slack
and
dhcp
well
enough-
is:
does
this
go
the
other
way
around
as
well?
B
Do
we
need
to
say
when
slack
is
in
use
or
when
neighbor
discovery
is
away
available?
This
is
provided
by
the
rda
option,
or
is
this
something
that
can
stay
like
this
yeah,
or
can
the
paragraph
above
stay
like
that?
The
the
item
three.
D
D
C
Yes,
so
so
address
configuration
can
be
done
by
slack
or
dhcp,
but
in
the
case
that
it's
done
by
slack,
you
can
have
the
obit
set
and
you
can
also
have
dhcp
v6,
providing
a
an
option.
D
D
C
C
B
So
the
concrete
change
here
would
be
to
say
that
three,
the
the
resource
directory
address
can
be
provided
in
the
nrdao
option.
D
C
C
B
B
Now
I
did
there
is
a
pull
request
that
says
that
replay
protection
should
be
enabled,
but
the
the
way
we
usually
at
least
in
a
in
in
the
http
world
handle
possibly
conflicting
changes
is
to
ship
with
critical
up
with
updates,
where
we
really
want
to
ensure
that
we
are
on
the
same
page,
send
if
match
options.
B
Recent
representation
of
the
thing
we
are
updating,
so
let
us
say
even
if,
even
if
we
just
if
replay
protection,
is
disabled,
if
there
is
a
request
out
there
to
say,
delete
your
registration
and
that
request
was
blackholed
by
by
a
person
in
the
middle.
B
That
request
would
get
replayed
and
when
the
same
client
registers
again,
that
replay
that
thing
could
be
ejected
would
not
even
be
a
replay
and
because
it's
not
making
any
assertion
of
on
the
current
state
of
the.
B
Of
the
resource
directory,
it
would
pass
so.
The
the
actual
two
ways
of
mitigation
are
either
to
allow
us
to
use
if
match
or
to
introduce
additional
freshness
requirements
on
the
requests.
B
Those
are
probably
for
the
resource
directory,
not
too
important,
because
really
what's
the
things
that
we
can
change
in
registration,
but
we
might
want
to
consider
this
for
more
general
applications
that
we
describe
like
pubs
up
and
and.
D
D
B
No,
not
so
not
exactly.
This
happens
a
bit
in
all
score
as
well,
but
in
all
so
in
in
dtls,
it's
sufficient
to
swallow
a
message
and
then
it
will
be
retransmitted
as
a
new
dtls
message
and
that
will
be
responded
to
and
the
original
dtls
message
will
not
be
kicked
out
of
the
replay
window
with
oscoro.
This
doesn't
happen
until
the
complete
request
times
out
and
the
client
tries
again
with
a
fresh
request
with
a
with
a
new
sequence
number.
B
So
it's
it's
not
that
bad
in
all
score,
but
it
can
still
happen
there,
but
I
we
might
expect
that
oscor
that
that
the
case
where
a
complete
request
times
out
triggers
a
more
serious
re-evaluation
of
the
of
the
world
state
by
the
client
than
just
a
simple
re-transmission
that
is
eventually
successful,
as
it
happens
in
dtls.
B
Well,
because
none
of
the
requests
we're
sending
have
a
precondition
on
so
the
the
request.
The
responses
are
bound
to
the
request,
but
the
requests
are
not
bound
to
the
previous
state,
which
is
okay,
because
we
generally
expect
reordering
just
not
when
we
are
manipulating
resources,
where
we
in
other
cases,
have
an
image.
B
So
you
would
use
the
echo
option
using
the
echo
option
is
something
that
would
be
an
option,
but
for
that
really,
the
server
has
to
know
that
it
has
some
freshness
requirements
and
those
are
a
bit
hard
to
how
to
grasp.
B
Here
I
mean
yeah,
possibly
even
the
probably
the
echo
option
would
even
be
a
way
to
do
this,
but
if
it
can,
we
recommend
that,
because
that's
actually
solving
the
problem,
not
quite
because
in
echo
we
allow
that
the
client
at
any
time
may
forget
the
echo
value
in
order
to
avoid
the
misuse
of
echo
as
a
cookie,
and
in
that
case,
how
will
the
server
know
that
it's
that.
B
D
B
This
would
not
even
need
to
be
time
based.
This
could
be
event
based.
So
basically,
the
the
echo
value
is
an
echo
value
is
good
as
long
as
their
only
registration
updates
happen
like
a
plane.
Lifetime
refresh
has
happened,
and
only
when
the
value
is
actually
changed,
then
the
old
values
are
not
good
anymore,
so
this
would
be
really
really
a
more
counter
thing
than
than
a
time
based
thing.
B
B
I
mean
this
is
the
thing
is
for
resource
directory.
This
is
probably
not
as
critical
as
it's.
It
will
probably
be
for
for
other
for
other
core
applications
right,
so
I
can
sketch
this
up.
For
this
case.
It's
just
another
change
that
will
happen
without
that
will
happen
very
late
in
the
process
that
has
a
very
weak
attack.
B
C
B
Now
the
restoring
it
it
can
keep
a
registration
alive
for
some
time
unless
the,
unless
the
client
puts
it
it
puts
it
explicitly
deleted
and
the
other
way
around
the
attacker
can
delete
a
registration
that
has
previously
deleted
itself.
So
if
a
device
always
deletes
its
registration,
when
it
goes
to
deep
deep
sleep,
then
one
of
those
deletions
could
be
stored
and
used
later
to
kill
the
registration
right
after
it
came
up
that
that's.
C
Actually,
more
more
more
of
an
issue
than
putting
the
you
know,
a
node
that
just
disappears
dies
and
doesn't
renew,
and
so
it
maybe
expires,
and
then
the
attacker
can
restore
it.
Let's,
it
seems
a
weird.
I
don't
know
what
the
attack
is
but
being
able
to
delete
the
registration.
A
Yeah
and
and
actually
reviving
a
registration
does
it
also
revive
or
bring
back
existing
all
the
other.
I
don't
know
like
observations
from
the
in
the
case
of
lightweight
with
them
too,
for
instance,
the
server
and
rd
are
collocated.
No,
it
wouldn't
bring
anything
back
right.
It's
just
a
registration
entry.
B
So,
at
least
not
if
the
resource
directory
is
in
in
some
way
used
as
it's
intended.
It
might
do
something
like
this
for
for
light
with
m2m,
but
but
observations
surviving
ip
address
change
is,
is
something
very
particular.
A
And-
and
you
mentioned
that
it
would
also-
or
maybe
I
didn't
get
that
right-
it
would
also
prevent
similar
registration
from
my
from
from
the
previous
endpoint
or
not.
A
B
Yes,
it
can,
yes,
it
can
so
so
the
the
attacker
cannot
steal
the
the
identity,
steal
the
identity
or
get
any
additional
permissions
it
just.
It
can
just
replay
things
that
the
the
endpoint
earlier
said.
So
probably
the
worst
thing
they
can
do
is
is
inject
the
delete
again.
C
Is
a
real
big
deal,
I'm
just
trying
to
think
about
the
other
case.
Where
and
and
and
so
if,
if
there
was
a
half
solution
that
made
deletes
not
replayable
but
made
ads
are
playable.
So
so,
if
if,
if
some
node
deletes
its
entry
and
then
goes
into
a
deep
sleep
and
some
an
attacker
puts
the
entry
back
in.
B
But
there's
there's
a
third
class
of
changes
that
we
don't.
We
can't
say
much
about
yet
because
we
don't
have
them.
That
is
changes
to
registration
attributes,
so
the
registration
attributes
we
have
now
are
pretty
tame
because
either
they
can't
be
changed
like
endpoint
and
sector
or
there
are
things
like
lifetime,
which
is
probably
changed.
Rarely
just
as
well,
but
any
registration
up
attribute
update
could
have.
This
could
suffer
the
same
fate,
but
for
lack
of
entries
in
that
registry
we
don't
we
can't
anticipate
yet
what
what
the
effect
will.
B
Things
replay
protection
doesn't
catch,
this
really
replay
protection.
This
is
just
even
easier
because
you
don't
have
to
swallow
the
request
and
wait
for
the
re-transmit
to
go
through
and
only
have
as
many
attempts
as
you
swallowed,
but
you
can
just
replay
and
replay
and
replay.
So
this
is
worse.
If
replay
protection
is
off
and
it's
worse
in
dtls
than
it
is
north
core,
but
it
can
still
happen.
It
just
gets
gradually
harder,
as
you
can
go
from
dtls
without
replay
protection
to
oscore.
C
C
That
may
be
worth
making
more
clear.
B
Things
I
I
don't-
I
don't
mention
this
in
here
yet
because
I
wasn't
sure
how
how
brave
the
problem
is
perceived
really
and
what
other
mitigations
we
might
have,
and
certainly
just
having
dtls
replay
protection
is
something
we
want.
As
we
discussed
last
time,
we
want
to
have
enough
in
co-op
anyway,
because
nobody
is
aware
that
this
is
off
by
default.
B
So
so
I
think
this
this
change
can
probably
stand
on
its
own.
The
thing
is
just
what
do
we
make
of
the
bucket.
D
C
B
D
B
E
Think
I
wrote
the
last
mail
and
perhaps
I
should
have
written
it
differently.
It
wasn't
straightforward
to
answer
so
that's
probably
why
he
hasn't
okay
answered
so
yeah.
We
need
to
get
back
to
him.
I
think.
B
Okay,
but
I
think
we'll
see
a
bit
more
when
I've
put
this
into
text
that
I'll
mail,
the
ma
about
the
pr
to
the
list,
because
this
is
something
that
really
affects
more
than
just
rde.
And
I'd
like
to
have
a
few
few
eyes
from
outside
the
usual
group.
On.
B
This
so
if
there's
no
more
questions
or
points
on
this,
then
there's
there's
one.
One
point
that
I
think
is
is
a
bit
easier
again.
That
is
the
topic
of
commissioning
tools.
So
we
had
a
comment
on
the
or
a
question
really
about
whether
the
this,
whether
the
actions
of
commissioning
tools
are
a
one-time
event
or
or
happen
more
often,
and
I
do
agree
that
we
the
way
it's
phrased.
It
looks
a
lot
like
those
commissioning
tools,
act
in
the
original
setup
phase
and
then
go
completely
away.
B
C
My
understanding
is
that
the
commissioning
tool
arrives
with
the
installer
of
some
kind.
It
may
be
attack
his
phone
or
maybe
attached
to
their
phone,
and
then
it
leaves
never
to
return
yeah.
That
would
be
bad,
so
I
don't.
I
was
surprised.
I
didn't
know
this
text,
so
I
was
surprised
to
see
that
it
would
have
to
do
some
kind
of
a
a
keep
alive
or
something
is
what
you're
saying.
C
D
B
B
An
issue
in
github
on
this
question
not
yet
because
I
it's
kind
of
just
occurred
to
me,
while
processing
those
okay.
C
If
you
write
an
ish,
if
you
write
an
issue
and
assign
it
to
me
and
peter,
I
will
we'll
we'll
I'll
make
sure
that
peter-
and
I
answer
this
question
because
I've
been
through
this
process
with
him
as
well
on-
and
I
see
this
is
lighting
so
yeah
and
maybe
we'll
get
esco
as
well
to
have
an
opinion.
B
Okay,
that
brings
me
to
two
remaining
points.
One
is
the
one
where
I've
stuttered
around
a
lot
in
the
last
meeting
on
the
topic
of
author
of
how
do
we
bind
authorization
to
resources
and
given
that
this
has
come
up
implicitly
in
one
of
the
comments
this
I
I
now
have
a
better
example
for
this,
unfortunately,
still
without
without
much
text
here.
But
if
you
go,
could
you
go
to?
Where
is
it
the
discover,
the
uri
discovery,
and
basically
just
above
section,
five.
B
Yep
so
one
thing
that
we
have
in
the.
B
E
B
B
Discovery
not
limit
the
set
yeah,
so
what
what
we
have
been
allowing
for
some
time
is
that
the
that
in
discovery,
basically,
you
are
directed
to
a
directory
some
at
some
other
host
now
in
connection
with
all
the
authorization
that
we
now
more
explicitly
prescribe
to
happen
where
the
end
point
verifies
that
the
credentials
of
the
rd
are
good
to,
for
example,
keep
its
links
secret
to
some
to
some
to
be
defined
group
there.
The
client
relies
on
the
resource
to
be
actually
be
a
direct
resource
directory.
B
So
imagine
a
case
where
you
have
a
border
router
that
is
queried
for
discovery
and
that
border
router
has,
in
its
well-known
core
a
link
to
the
actual
resource
directory.
This
would
this
would
be
aligned
with
the
with
the
lookup
recommendations
and
the
other
border.
Router
would
say
there
is
at
co-op
colon,
slash,
rd.example.com
rd,
there's
a
resource
directory,
and
then
the
client
connects
to
that
host
verifies
that
the
host's
credentials
are
good
to
be
a
trustworthy
resource
directory
and
post.
These
links
there
so
far
is.
B
B
B
If
the
border
router
now
put
into
this
discovery,
step,
not
example.com
rd
but
motd,
the
client
would
just
as
well
go
to
the
same
host,
verify
the
host
credentials
but
post
its
data
to
a
resource
where
it
would
be
sent
out
to
whoever
happens
to
be
around.
B
Who
did
something
wrong
there
or
what
went
wrong
there?
And
this
is
happening
here
in
discovery,
because
we
don't
protect
the
discovery
steps
because
we
say
that
discovery
doesn't
need
protection,
because
that
later
the
rd
will
be
authorized
we'll.
We
will
have
its
authorization
checked,
but
it
seems
not
to
quite
cut
it
and
the
same
problem
is
showing
up
again
when
people
are
when
people
want
to
trust
links
found
in
the
resource
directory.
B
B
If
I
establish
an
ace
context
with
it,
then
I
get
a
token
that
then
I
get
a
token
and
with
that
token,
build
up
an
oscar
context
and
I
could
easily
be
allowed
to
post
to
motd
in
the
last
code
context.
So.
B
B
C
You
see
we're
not
alone,
so
so
you
know
in
the
ola
space,
the
answer
is:
don't
have
don't
have
resources
with
different
kinds
of
authorization
on
the
same
host.
You
should
just
make
up
some
more
names
and
put
them
in
different
places,
and
you
know
doctor
it
hurts
when
I
do
this.
So
don't
do
this,
but
I
guess
it's
just
spelled
out
that
you
that
this
is
a
problem,
because
I
think.
B
I
mean
that
that
basically
shifts
the
the
that
basically
shifts
things
that
we
in
all
our
co-op
examples
treat
as
hosts
into
or
treat
as
resources
and
entry
points
for
services
into
into
dedicated
hosts,
which
means
that
that,
for
example,
we
need
to
maintain
much
more.
We
might
need
to
maintain
many
more
oscar
contexts
than
we
probably
than
we
naively
would
have
to.
B
That
is
that,
if,
if
a
client
relies
on
any
properties
of
a
properties
of
a
resource
for
for
something
that
matters
and
phrasing
that
will
be
the
hard
part,
then
it
will
have
to
verify
that
information
by
looking
it
up
from
the
well-known
core
of
that
host
again.
So
this
is
a
place
where
we
could
put
the
attributes
in
a
way
that
the
client
may
trust
them
in.
B
In
the
concrete
example,
that
would
mean
that
the
client,
after
having
found
the
link
to
what
it
thinks
of
as
the
resource
directory
to
go
to
the
host
will,
which,
which
it
authentic,
which
it
authenticates
query
it's
well-known
core
file
for
just
that
very
single
record,
possibly
even
without
getting
more
than
a
few
bytes
as
a
response.
If
we
phrase
that
adequately
and
then
rely
on
the
information
which
is
now
authoritative
in
the
application
of
the
resource
directory.
C
Probably
so
it
was
just
said
that
so,
if
you
made
up
new
host
names,
you'd
have
to
establish
more
os
core
contexts.
Now,
I'm
trying
to
imagine
a
situation
where
there
were
some
other
credential.
I
don't
know
what
carson
has
in
mind
exactly
here.
That
was
on
a
per
resource
basis
and
there's
you
know
things
above
co-app
can
do
that.
But
wouldn't
that
still
mean
that
you'd
have
multiple
contexts.
You
wouldn't
be
reducing
the
number
of
contexts
at
all.
B
You
might
so
if,
if,
if
we
had
a
situation
where,
for
example,
the
the
authorization
information
about
the
host
says
not
that
this
horse
is
generally
trusted
to
serve
a
re,
serve
as
a
resource
directory
as
a
confidential
resource
directory,
but
this
particular
resource
on
that
host
serves
as
a
resource
as
a
as
a
trustworthy
resource
directory.
Then
the
client
would
get
the
information
when
it
obtains
the
authorization
information
and
see
the
mismatch
and
bail.
D
Yeah
so
essentially
the
authorization
information
for
the
host
would
say
you
can
trust
this
host
to
publish
a
valid,
well-known
call,
and
then
the
host
would
say,
oh
by
the
way
that
resource
is
a
resource
directory
and
then
the
client
would
be
able
to
use
that
information
to
provide
details
to
the
authorization.
B
B
B
That's
just
not
how
things
work
right
now
I
think,
but
maybe
we
can
make
them,
or
at
least
I
mean
this
is
probably
not
something
we
will
solve
for
rd,
but
at
least
to
kind
of
find
the
pain
points
and.
B
Okay,
that
that
gives
me
a
way
forward
here
and
the
last
item
is
again
something
that
I'd
like
to
look
over
with
you
from
from
the
issue
tracker.
Let's
pull
request
258
if
that's
faster
to
to
navigate
to.
B
And
if
you,
if
that's
probably
best
dude
as
files
changed
with
the
with
the
changes
below
each
other
yeah,
so
that's
the
that's
the
text
I
came
up
with
for
the
for
the
that
default
policy.
We
talked
about
last
time.
B
So
there
is
still
a
bit
more
language
about
particular
certificates
in
there
than
I
would
like
to
have.
But
for
me
this,
this
should
be
this.
For
me,
this
should
roughly
capture
what
I
think
is
a
good
is
a
good
default
policy,
especially
on
on
the
topic
of
the
the
the
different
subject-
alternative
names,
I'd
like
to
have
this
this
reviewed
again,
because
I
think
so
so
we
talked
about
this,
but
I'm
not
sure
I
captured
it.
A
I
I
haven't
fully
read
the
whole
thing
in
principle:
it
looks
good.
Maybe
we
can
show
a
fans
of
those
who
would
volunteer
to
have
a
look
to
this
part
rather
soon,
or
sooner
rather
than
later,
feel
free
to
just
comment
on
the
chat
or
just
say
something.
A
Well,
I
will
have
a
look,
and
maybe
one
more
would
volunteer
to
have
a
look,
maybe
by
tomorrow
or
at
latest
on
monday,
so
that
you
can
so
christian
can
move
forward.
B
So
that,
for
me,
that
concludes
the
big
open
issues
where
I,
where
I
know
that
I
would
where
I
needed
active
input,
I
might
still
come
up.
Something
might
still
come
up
when
I
process
the
rest,
but
I
think
I
can
make
everything
of
of
everything
of
the
comments
into
either.
We
do
it
like
this
because
or
into
a
pull
request,
and
I've
already
started,
merging
pull
requests
as
well
to
get
things
into
a
more
consistent
shape
again.
B
So
my
plan
for
action
would
be
that
unless
something
is
like
this
really
really
something
where
I'm,
where
I'm
very
unsure
about
whether
it's
the
right
thing,
I'd
go
about
merging
things
in
over
the
next
few
days,
then
send
the
send
a
message
to
the
to
the
group
that
this
is
something
I'd
submit,
along
with
the
point-to-point
responses
and
a
few
days
later,
upload
and
and
mail,
the
main
mail,
the
commenters,
what
the
status
is
now,
if
one
of
those
so
there's
we,
we
do
have
two
items
that
might
take
a
bit
longer.
B
Those
probably
that
is
the
the
echo
mitigation
and
the
topic
of
authorization.
I
probably
won't
merge
them
in
there,
but
they
don't.
They
don't
pertain
to
right
on
point
to
particular
comments
that
we
got
either
so
at
least
we
can
have
a
version
that
addresses
the
comments
that
came
up
and
then
still
let
them
know
that
there
are
things
that
we
are
pondering,
that
that
might
be
good
to
include
or
see
what
the
status
is
by
then.
A
What
was
the
tentative
dates
that
you
were
thinking
of
before,
but
I'm
talking
about
uploading
to
the
github
repo
like
next
week.
B
So
the
the
version
in
the
github
repo
was
something
that
I'd
like
to
have
on
kind
of
tuesday
or
so
so.
I've
gotten
into
this
whole
writing
process.
Now.
I
think
I've
spent
yeah
quite
a
bit
time
yesterday
and
today
on
on
processing
this.
So
I
think
I'm
I
should
be
through
by
the
weekend.
A
Very
it's
very
good,
okay,
so
and
from
the
meeting
today,
there
were
a
few
items
that
I
think
people
could
probably
provide
feedback
if
they
prioritize
it
by
monday
at
latest,
and
then
maybe
we
can,
by
the
end
of
next
week
optimistically,
we
could
submit
the
new
version.
If
not,
then
the
next
one,
I
suppose.
B
A
A
A
Should
we,
because
not
everybody's
in
the
meeting
a
few
have
left
right
now?
Maybe
we
should
send
a
comment
on
the
mailing
list
later.
D
So
why.
A
G
A
Okay,
so
thank
you
guys
for
the
time
again
and
see
you
next
week.
No,
not
again,
don't
see
you
next
week
see
you
in
a
couple
of
weeks.
Some
of
you
maybe.