►
From YouTube: IETF-EMU-20230111-1700
Description
EMU meeting session at IETF
2023/01/11 1700
https://datatracker.ietf.org/meeting//proceedings/
A
B
A
And
anybody
can
you
know
the
the
notes
are
collaborative
people
can
join
to
that
link
and
and
update
them
as
needed.
So
I
you
know
we're
just
this
is
ietf
interim
meeting
for
emu.
It's
under
the
standard
note
well
policies
what
we
wanted.
What
I
wanted
to
go
through
today
is
the
remaining
Errata,
the
two
5770
and
5775,
which
are
perhaps
a
little
bit
more
complex
than
some
of
the
other
ones.
We've
we've
gone
through
is:
are
there
other
I?
Think
that's
the
primary
topic.
A
D
D
D
A
One
of
the
things
that
I
think
May
complicate
it
and
I
mean
in
practice
it
may
not
because
it
probably
won't
happen.
But
what
happens
if
you
have
a
series
of
methods
right
and
in
each
iteration
of
a
method,
you
know,
has
the
potential
to
generate
an
emsk
and
an
msk
and
in
some
implementations
the
emsk
may
not
be
generated
and
some
it
will,
and
so
you
can
end
up
with
like
say
three
methods
which
may
or
may
not
be
a
good
idea
to
have
those.
A
But
like
you,
you
know,
the
the
one
party
uses
the
msk
for
all
of
those
and
the
other
party
uses
the
emsk
or
so
one
party
uses
the
mfk
for
all
this.
The
other
party
uses
the
msk
for
two
of
them
like.
Is
there
a
problem
with
like
combinations?
Do
or
do
we
just
say
like
because
you
well
I,
guess:
there's
only
two
options
and
you
because
like
do
you
have
to
keep
this
running
total
or
is
it
resolved
after
each
after
each
method,
execution?
You
know
which
msk
or
emsk
you
use
is
that
so.
D
The
this
value
of
s,
I
n
c
k
is
really
an
intermediate
result
used
to
derive
the
imck
and
what
the
text
says
is:
if
a
method
doesn't
produce
emsk
or
msk,
then
your
derived
imck
is
zero
right.
So
so
think
of
this,
this
sequence,
all
of
this
s,
stuff
in
the
middle,
is
thrown
away.
After
you
do
that
calculation,
the
only
output
is
that
final
imck,
which
is
either
zero
or
derived
from
this
calculation.
E
D
D
A
Because
you're
taking
these
values
and
then
you're
hashing
them
into
the
what
your
previous
result
was,
and
so,
if
you're
doing
something
that
doesn't
generate
a
key
you're
hashing
a
zero
buffer
into
that
versus,
and
then
you,
your
other
case,
is
well.
My
method
could
generate
an
mfk
or
emsk
and
that's
implementation,
dependent
and
so
yeah.
The
the
server
provides
two
up.
Well.
What
once
I
provide
the
server
provides
two
options:
you
know
if
it
has
them
and
its
policy
allows
for
that.
A
It
provides
two
options
so
that
the
client,
if
it
only
supports
one
of
them,
it
will
choose,
it
can
choose
one
and
you
can
interoperate
right
yes
and
then,
at
the
end
of
that
transaction,
you
then
have
chosen.
The
client
has
either
chosen
the
msk
or
the
emsk,
and
the
msk
could
generate
to
zero.
If
there
was
nothing
if
there
was
no
or
email
whichever
one
we
decide
would
degenerate.
D
D
A
D
C
A
B
A
You
know
it
there's
no
way
to
bind
anything
to
the
tunnel
because
there's
nothing
generated
I
think
we
had
some
discussion
on
the
list
and
from
you
know
my
memory
of
why
we
did
it.
This
way
was
just
to
kind
of
keep
the
implementation
simpler,
but,
like
certainly
you
know
whether
we
change
that
or
not
I.
You
know
I
think
we
could
change
it
in
the
revision.
A
B
I
think
that's
a
good
point
for
the
we
should
separate
the
Errata
and
just
a
little
bit
I.
Don't
want
to
go
too
far
from
I'd
like
the
era
to
be
pretty
close
to.
What's
in
the
revision,
I
know
that
Allen
would
for
sure,
but
where
it
where
it,
if
we're
doing
something
that
doesn't
make
sense,
and
especially
if,
like
the
security
area,
is
going
to
throw
up
red
flags
and
vomit
all
over
all
of
us
over
this,
and
then
we
have
to
change
something.
B
A
Yeah
so
I
think
what
we
would
do
here
is
kind
of
you
know,
get
that
review
the
text
that
Alan
proposes
because,
like
it'll,
be
easier
to
to
review
like
the
concrete
proposal
versus
like
kind
of
unless
there
are
specific
things
we
want
to
talk
about.
But
I
think
that
the
thing
here
is
that
it's,
you
know
the
text.
Current
text
is
pretty
unclear,
and
so
we
just
want
to
have
text
that
clarifies
it
in
a
way
that
you
know
helps
implementers
Implement
to
what
most
implementations.
B
Just
in
terms
of
wording,
right,
I
think
it's
probably
also
good
to
mention
whether
you
know
just
just
to
reiterate
perhaps-
and
this
is
because
it's
a
bit
of
a
change-
that
when
we're
talking
about
inner
method,
it
could
be
an
inner
eat
method,
it
could
simply
be
the
execution
of
tlvs
I.
Think
is
what
we
said
correct
in
the
previous.
That
was
what
we
said
in
a
previous
erratum.
D
D
Yeah,
for
me,
you
know
you
using
all
zeros
I
mean
it's
a
choice.
Some
you
got
to
pick
something
I
I,
think
the
the
only
other
alternative
for
something
like
basic
password
is
use
the
the
password
here
as
the
secret
and
that
way,
you're
you're
you're
doing
some
level
of
crypto
binding
to
the
actual
password
that
was
sent
over.
B
A
And
and
we
can
discuss
using
password
the
reason
why
I
think
we
didn't
do
that
is
that
we
won
it's
not
clear
that
it
helped
anything
because
you're
still
sending
that
quantity
within
the
tunnel
right.
So
it's
it's
not
going
to
make
anything
better,
and
then
you
know
for
each
kind
of
method
that
doesn't
derive
a
key.
You
would
have
to
derive
you.
A
You
would
have
to
say
what
quantity
it
was
that
gets
and
how
it's
encoded
and
all
of
these
things,
and
so
it
seems
simpler
to
to
not
do
that,
but
and
there
might
be
more
considerations
around
hashing
in
a
password,
although
it
shouldn't
really
matter
because
all
of
this
is
you
know,
the
hash
function
is
you
know,
kind
of
generates
in
a
random
output?
So
it's
it's
shouldn't
be
too
big
of
a
deal
to
Hash
in
the
secret,
like
that.
B
A
A
I
I
think
we
should
include
that
in
in
the
text
for
7170
revision
and
what
I
want
to
do
is
have
the
text
for
7170
matches
close
to
the
Iran
those
texts
it
there
shouldn't
be
much
difference
to
them
unless
we're
making
some
sort
of
change
that
we
can't
make
into
Narada
right.
So
the
the
goal
here
would
be
to
align
those
two
things
and
have
that
explanation.
A
You
know
like
there's
like
I,
don't
say:
there's
clarification
and
terminology
and
all
of
those
things
some
of
it's
editorial,
some
of
it's
a
technical
clarification
but
I
think
we
could
put
those
together
in
one
section,
because
it's
just
we're
do
I.
Think
most
of
these
changes
are
contained
in
one
section,
so
like
it,
it's
one
or
one
Errata.
In
a
sense,
we
can
have
one
block
of
text
that
gets
replaced.
D
D
D
There
is
the
the
original
attack
sort
of
assumed
the
reader
knew
what
was
meant
and
I've
gone
through
and
double
checked
references
to
cmk
and
all
this
to
be
sure
that
they
use
consistent
terminology
everywhere.
It
doesn't
change
any
of
the
technical
meeting
or
implementation,
but
it
does
make
it
easier
for
an
implementer
to
read
it.
No,
you
know,
I
go
I,
know
exactly
what
to
do
here,
foreign.
D
D
D
D
C
B
A
hold
for
update
because
Alan
you
shouldn't
have
to
worry
about
you,
know
essentially
trading
through
the
document
and
trying
to
redesign
their
their
criminology.
That's
especially
since
we're
going
to
come
out
with
a
new
document
very
soon
I,
wouldn't
I,
wouldn't
I
would
just
hold
for
updated
if
you're.
Okay
with
that.
D
Moving
on
there
are,
let
me
see
here,
issues
so
I,
don't
know
if
we
want
to
go
through
the
issues
in
detail.
I
opened
up
a
few
based
on
comments
on
the
mailing
list,
so
where
I
could
address
things,
comments
on
the
mailing
list,
I
put
them
into
the
document
where
I
couldn't
I
opened
up
an
Errata,
so
it
was
tracked.
A
D
A
D
D
B
A
A
Mean
you're
right,
it's
it's
just
like
we,
we
had
there's
the
whole
definition
of
the
function.
Signature
for
a
prf
is
like
was
not
well
defined
in
in
t
or
we
didn't
stick
to
a
consistent
function,
signature.
So
it's
pretty
confusing.
Sometimes
we
have
a
length
and
sometimes
that
link
means
you
mix
the
length
in
and
sometimes
it
doesn't
so.
I
wanted
to
just
kind
of
clear,
clear
make
those
clear
and
and
not
change
the
function,
signature
that
TLS
is
already
defined.
C
B
A
E
B
E
D
Do
we
want
to
keep
it?
Do
we
what
I
mean
I
I
would
almost
suggest
leaving
it
in
to
minimize
the
the
edits
of
the
document,
but
just
add
a
note
saying:
oh
God,
nobody
implement
this.
We
don't
know
what
it
does
and
we
don't
deliver
it
because
yeah,
if
nobody
implements
this,
maybe
it's
time
to
rip
it
out.
D
A
A
B
E
The
problem
with
the
pad
I
think
there
was
an
out
of
bound
provisioning
idea,
so,
like
people
could
go
around
with
USB
sticks
and
say
right,
this
is
provisioning
machine.
So
you
install
this
blob
on
the
machine
and
that's
how
you
hook
up
it's
not
just
a
case.
You
wouldn't
be
able
to
it's
like
you,
wouldn't
be
able
to
even
connect
in
the
first
place,
because
that
files
no
longer
being
sent
or
used
I
think
that
was
one
of
the
use
cases.
E
A
B
A
Yeah
and
we
can
look
into
what
the
impact
is,
if
because
in
some
ways,
it's
attractive
to
kind
of
remove
stuff
that
that
we
don't
need.
But
if,
if
it's
going
to
cause,
you
know
if
nobody
implements
it
and
we
think
it's
a
useless
idea,
then
we
can't
I
think
we
can
remove
it
just.
But
we
need
to
be
a
little
bit
careful
that
it's
it's
not
going
to
cause.
E
E
A
If
somebody
did
Implement
pack,
would
they
is
there
a
recovery
option
here
like?
Would
they
just
able
to
say
I,
don't
support
it
and
go
into
a
full
handshake
if
that
method
was
available
like
obviously,
if
they
only
have
pack
way
of
bootstrapping,
something
that
that
might
not
work,
but
is
there
kind
of
I
haven't
looked
at
in
a
while
is?
Is
there
a
reasonable
thought
like
if
I
don't
support
pack
is
that?
A
E
E
If
we
describe
something
and
Hammer
in
a
nail
somewhere
in
the
ground,
someone
if
someone's
different
we've
already
created
an
interrupt
which
I
think
we're
all
worried
about.
But
by
let's
say
we
just
remove
that
whole.
The
whole
pack
section
from
here
say:
hey
you.
Might
you
might
see
a
pack
on
the
wire,
but
just
ignore
it
for
new
implementations
this,
when,
when
someone
writes
a
new
implementation,
let's
say
to
talk
to
a
vendor,
we
don't
know
of
that.
E
Vendor
might
have
implemented
it
in
a
way
which
any
of
our
interpretations
of
this
RFC
we're
not
going
to
come
with
we're
not
going
to
be
able
to
meet
in
the
middle
I.
Think
someone's
going
to
be
just
looking
at
the
output
of
Wireshark
and
keep
poking
it
or
looking
at
a
debugger
until
they
can
figure
out
how
to
talk
to
this
other
vendor
I.
Don't
know,
though,
yeah.
E
A
I
think
it's
worth
you
know
trying
to
see
if
we
can
just
remove
it
and
because
it
sounds
like
well,
if
you
don't
support
pack
you're,
just
gonna,
there's
this
kind
of
corner
case
of
out-of-band
provisioning.
Where
somebody
might
you
know,
there's
some
bootstrapping
that
you
couldn't
do
but
I
think
it's
unlikely
that
people
have
really
implemented
it.
I
think
the
person
maybe
to
check
with
is
is
Oleg
from
Cisco,
but
if
Elliot
said
that
they
didn't
implement
it,
you
know
I
think
it
was
probably
implemented
for
Epass,
but
I
would
be
surprised.
E
A
A
D
D
A
C
C
E
Until
very
recently,
WPA
supplicant
wouldn't
even
talk
TP
anyway,
because
I
mean
well
Ms
chap
it
was
using
the
non-fast
version,
the
keys
the
msk
flipped
over,
so
that
wouldn't
have
worked
full
stop
and
it
wouldn't
of
authenticated
against
Windows
either
various
reasons.
So
I
don't
know,
even
if
the
team
shipped
it
wouldn't
be
usable
in
the
state,
it
is
until
a
patch
I
think
was
added
within
the
past
month.
I
think
yeah.
C
A
D
D
Oh
okay,
when
how
do
you
know
that
the
new
session
ticket
is
the
pack
and
not
a
TLS
session
ticket?
So
there's
some
incentives,
you
know
what,
if
we're
going
to
do,
teach
stuff
that
goes
into
plvs.
If
we're
going
to
do
SSL,
stuff
or
TLS
stuff,
that's
TLS,
stuff,
I!
Think
the
only
real
difference
between
the
pack
of
the
new
session
ticket
is
that
you
can
begin
a
a
new
TLS
session
and
authenticate
using
the
pack
or
is
the
new
session
tickets?
Are
really
one
use
only
or.
C
D
D
D
A
A
A
A
A
If
there
are
no
other
issues
and
I
think
we
could
adjourn
for
today,
we
do
have
a
meeting
scheduled
for
next
Wednesday
as
well.
I'm,
not
sure
that
we
need
that
one
I'll
keep
it
on
the
schedule
for
this
week,
but
if
we
don't
seem
to
be
having
any
need
for
it,
I
will
cancel
that
one
so
that
we
get
some
time
back
and
then
it
does.
We
need
at
least
a
week
to
schedule
an
interim
and
preferably
two
weeks
to
give.
You
know,
make
sure
that
we
can
get
time.
C
A
A
A
All
right:
well,
everybody
have
a
good
day
good
evening
and
we'll
see
on
the
list,
and
we
have
scheduled
some
time
in
Yokohama
for
this,
for
emu
and
in
particular
this
topic-
and
we
may
be
kind
of
getting
this
document
off
at
that
into
the
isg
at
that
point
in
time.
But
it'll
give
us
a
chance
to
meet
and
resolve
any
additional
issues
that
have
come
up.