►
From YouTube: IETF-EMU-20230111-1700
Description
EMU meeting session at IETF
2023/01/11 1700
https://datatracker.ietf.org/meeting//proceedings/
A
Looking
for
some
folks
to
cut
to
help
with
notes,
I
posted
the
link
to
the
notes
in
the
chat.
A
A
B
I
might
be
able
to
do
the
first
half
Joe,
but
by
The
End
by
the
bottom
of
the
hour.
I
need
to
not
be
doing
them.
Okay,.
A
Okay,
can
you
let
us
know
when
just
let
us
know
when
you're,
when
you're
heading,
when
you
can
no
longer
take
notes
and
then
one
of
the
chairs
may
be
able
to
kind
of
help
out
there.
A
And
anybody
can
you
know
the
the
notes
are
collaborative
people
can
join
to
that
link
and
and
update
them
as
needed.
So
I
you
know
we're
just
this
is
ietf
interim
meeting
for
emu.
It's
under
the
standard
note
well
policies
what
we
wanted.
What
I
wanted
to
go
through
today
is
the
remaining
Errata,
the
two
5770
and
5775,
which
are
perhaps
a
little
bit
more
complex
than
some
of
the
other
ones.
We've
we've
gone
through
is:
are
there
other
I?
Think
that's
the
primary
topic.
A
Are
there
kind
of
important
topics
that
we
would
want
to
talk
about
before
that
we
can
always
add
additional
things
when
we
get
through
those.
But
does
anybody
have
any
topics
to
to
supersede
those
two.
D
Yeah,
okay
screen
sharing,
let's
see
we
can
do
that.
D
D
The
secret
used
for
the
prf
is
emsk
and
then
the
text,
if
you
go
read
it
is
like
no,
no
really,
it's
sometimes
msk
and
there's
no
discussion
of
what
to
do.
When
you
pick
msk
versus
ensk.
D
The
definition,
so
it's
I
am
I,
am
sorry
typo,
but
imskj
use
the
word
secret
instead
of
e
m
s
k
and
that
solves
that
definition
problem
the
other
complexity
based
on
Alex's
suggestions
of
implementing
this
and
interoperating
there's
now
some
additional
text
saying
yeah
I
know
it
says
you
derive
s,
I
n
c
k,
but
in
fact
you
have
to
derive
two
complete
sequences,
one
of
which
is
msk
derived
and
the
other
one
is
emsk
derived
and
there's
the
the
latest
commit
there,
which
is
linked.
D
If
you,
if
you
go
to
GitHub,
you
can
see
that
so
in
the
end,
I
think
there's
a
lot
of
sort
of
technical
squinting
at
it.
But
the
solution
is
not
that
complicated.
A
One
of
the
things
that
I
think
May
complicate
it
and
I
mean
in
practice
it
may
not
because
it
probably
won't
happen.
But
what
happens
if
you
have
a
series
of
methods
right
and
in
each
iteration
of
a
method,
you
know,
has
the
potential
to
generate
an
emsk
and
an
msk
and
in
some
implementations
the
emsk
may
not
be
generated
and
some
it
will,
and
so
you
can
end
up
with
like
say
three
methods
which
may
or
may
not
be
a
good
idea
to
have
those.
A
But
like
you,
you
know,
the
the
one
party
uses
the
msk
for
all
of
those
and
the
other
party
uses
the
emsk
or
so
one
party
uses
the
mfk
for
all
this.
The
other
party
uses
the
msk
for
two
of
them
like.
Is
there
a
problem
with
like
combinations?
Do
or
do
we
just
say
like
because
you
well
I,
guess:
there's
only
two
options
and
you
because
like
do
you
have
to
keep
this
running
total
or
is
it
resolved
after
each
after
each
method,
execution?
You
know
which
msk
or
emsk
you
use
is
that
so.
D
The
this
value
of
s,
I
n
c
k
is
really
an
intermediate
result
used
to
derive
the
imck
and
what
the
text
says
is:
if
a
method
doesn't
produce
emsk
or
msk,
then
your
derived
imck
is
zero
right.
So
so
think
of
this,
this
sequence,
all
of
this
s,
stuff
in
the
middle,
is
thrown
away.
After
you
do
that
calculation,
the
only
output
is
that
final
imck,
which
is
either
zero
or
derived
from
this
calculation.
E
D
E
Get
set
in
the
sausage
yeah
like
your
secret,
is
zero,
not
the
s
I
m
c
k
is
zero.
D
I'll
have
to
double
check
the
text.
I
think
it
was
written
as
the
output
was
Zero
but
yeah,
so
it
probably
should
be
the
secret
and
I'll.
A
Because
you're
taking
these
values
and
then
you're
hashing
them
into
the
what
your
previous
result
was,
and
so,
if
you're
doing
something
that
doesn't
generate
a
key
you're
hashing
a
zero
buffer
into
that
versus,
and
then
you,
your
other
case,
is
well.
My
method
could
generate
an
mfk
or
emsk
and
that's
implementation,
dependent
and
so
yeah.
The
the
server
provides
two
up.
Well.
What
once
I
provide
the
server
provides
two
options:
you
know
if
it
has
them
and
its
policy
allows
for
that.
A
It
provides
two
options
so
that
the
client,
if
it
only
supports
one
of
them,
it
will
choose,
it
can
choose
one
and
you
can
interoperate
right
yes
and
then,
at
the
end
of
that
transaction,
you
then
have
chosen.
The
client
has
either
chosen
the
msk
or
the
emsk,
and
the
msk
could
generate
to
zero.
If
there
was
nothing
if
there
was
no
or
email
whichever
one
we
decide
would
degenerate.
D
A
Zero
and
that
gets
hashed
into
the
running
hash
of
what
which
I
I
think
it's
the
IMs,
Community
imsk
or
imck
or
I,
guess
the
imck
and
so
okay,
okay,.
D
So
yeah
I,
I
I
think
that
the
summary
there
is
is
the
input
here
is
msk
or
emsk
or
all
zeros
and
the
output
flows
from
that.
And
then
you
have
two
derivations
of
everything.
I
just
have
to
find
ways
to
explain
that
a
bit
better
but
yeah.
A
Was
there
also
part
of
this
one
or
is
it
part
of
the
next
one?
That
was
the
question
on
if
you're
generating
all
zeros,
which
is
it
ambiguous
as
to
which
Fields
you
put
it
in
in
the
protocol
message,
or
is
that
clear.
D
I
think
that's
clear,
there's
a
separate
one
about
crypto
binding
and
which
one
you
put
in,
but
there
there
is.
There
is
text
about
that,
so
yeah,
so
I,
I
I,
think
we,
you
know,
module
out
some
last
minute
fixes
I
think
we're
mostly
good
with
this.
C
B
A
Yeah
yeah,
it's
a
no-op
because,
like
zero,
you
always
know
it's
going
to
be
zero.
A
You
know
it
there's
no
way
to
bind
anything
to
the
tunnel
because
there's
nothing
generated
I
think
we
had
some
discussion
on
the
list
and
from
you
know
my
memory
of
why
we
did
it.
This
way
was
just
to
kind
of
keep
the
implementation
simpler,
but,
like
certainly
you
know
whether
we
change
that
or
not
I.
You
know
I
think
we
could
change
it
in
the
revision.
A
B
I
think
that's
a
good
point
for
the
we
should
separate
the
Errata
and
just
a
little
bit
I.
Don't
want
to
go
too
far
from
I'd
like
the
era
to
be
pretty
close
to.
What's
in
the
revision,
I
know
that
Allen
would
for
sure,
but
where
it
where
it,
if
we're
doing
something
that
doesn't
make
sense,
and
especially
if,
like
the
security
area,
is
going
to
throw
up
red
flags
and
vomit
all
over
all
of
us
over
this,
and
then
we
have
to
change
something.
B
A
Yeah
so
I
think
what
we
would
do
here
is
kind
of
you
know,
get
that
review
the
text
that
Alan
proposes
because,
like
it'll,
be
easier
to
to
review
like
the
concrete
proposal
versus
like
kind
of
unless
there
are
specific
things
we
want
to
talk
about.
But
I
think
that
the
thing
here
is
that
it's,
you
know
the
text.
Current
text
is
pretty
unclear,
and
so
we
just
want
to
have
text
that
clarifies
it
in
a
way
that
you
know
helps
implementers
Implement
to
what
most
implementations.
B
Just
in
terms
of
wording,
right,
I
think
it's
probably
also
good
to
mention
whether
you
know
just
just
to
reiterate
perhaps-
and
this
is
because
it's
a
bit
of
a
change-
that
when
we're
talking
about
inner
method,
it
could
be
an
inner
eat
method,
it
could
simply
be
the
execution
of
tlvs
I.
Think
is
what
we
said
correct
in
the
previous.
That
was
what
we
said
in
a
previous
erratum.
D
Yes,
that's
why
I
have
five,
seven,
six,
seven
there
it's
addressed
there!
We
can
get
to
that
after
seven,
seven,
zero
and
seven,
seven,
five,
okay.
B
Yeah
I
was
just
gonna
say
if,
in
as
much
as
we're
saying
that,
we
should
just
make
sure
that
it
may
need
to
be
reiterated
in
several
places,
just
in
the
Errata,
so
that
people
it
sinks
into
people's
heads
in
case
they
read
one
and
not
the
other,
for
instance,.
D
Yeah,
for
me,
you
know
you
using
all
zeros
I
mean
it's
a
choice.
Some
you
got
to
pick
something
I
I,
think
the
the
only
other
alternative
for
something
like
basic
password
is
use
the
the
password
here
as
the
secret
and
that
way,
you're
you're
you're
doing
some
level
of
crypto
binding
to
the
actual
password
that
was
sent
over.
D
That
would
really
be
the
only
other
choice
but
yeah.
We
can't
rev
keep
in
an
Errata
update.
B
A
And
and
we
can
discuss
using
password
the
reason
why
I
think
we
didn't
do
that
is
that
we
won
it's
not
clear
that
it
helped
anything
because
you're
still
sending
that
quantity
within
the
tunnel
right.
So
it's
it's
not
going
to
make
anything
better,
and
then
you
know
for
each
kind
of
method
that
doesn't
derive
a
key.
You
would
have
to
derive
you.
A
You
would
have
to
say
what
quantity
it
was
that
gets
and
how
it's
encoded
and
all
of
these
things,
and
so
it
seems
simpler
to
to
not
do
that,
but
and
there
might
be
more
considerations
around
hashing
in
a
password,
although
it
shouldn't
really
matter
because
all
of
this
is
you
know,
the
hash
function
is
you
know,
kind
of
generates
in
a
random
output?
So
it's
it's
shouldn't
be
too
big
of
a
deal
to
Hash
in
the
secret,
like
that.
B
A
A
I
I
think
we
should
include
that
in
in
the
text
for
7170
revision
and
what
I
want
to
do
is
have
the
text
for
7170
matches
close
to
the
Iran
those
texts
it
there
shouldn't
be
much
difference
to
them
unless
we're
making
some
sort
of
change
that
we
can't
make
into
Narada
right.
So
the
the
goal
here
would
be
to
align
those
two
things
and
have
that
explanation.
A
You
know
like
there's
like
I,
don't
say:
there's
clarification
and
terminology
and
all
of
those
things
some
of
it's
editorial,
some
of
it's
a
technical
clarification
but
I
think
we
could
put
those
together
in
one
section,
because
it's
just
we're
do
I.
Think
most
of
these
changes
are
contained
in
one
section,
so
like
it,
it's
one
or
one
Errata.
In
a
sense,
we
can
have
one
block
of
text
that
gets
replaced.
D
Okay,
I'll
see
what
I
can
do.
I'll
push
some
fixes
this
afternoon,
while
it's
fresh
in
my
head,
I
think
we've
covered
seven,
seven,
zero
modulo
changes
and
updates.
D
775
turns
out
to
be
relatively
straightforward:
there's
a
bit
more
to
it
than
this.
As
you
see,
there's
three
different
commands
here,
but
there's
a
definition
for
how
to
derive
cmkj,
but
not
cmk0.
So
we
add
some
text
in
which
is
that
and
then
make
sure
that
the
references
to
things
are
consistent.
D
There
is
the
the
original
attack
sort
of
assumed
the
reader
knew
what
was
meant
and
I've
gone
through
and
double
checked
references
to
cmk
and
all
this
to
be
sure
that
they
use
consistent
terminology
everywhere.
It
doesn't
change
any
of
the
technical
meeting
or
implementation,
but
it
does
make
it
easier
for
an
implementer
to
read
it.
No,
you
know,
I
go
I,
know
exactly
what
to
do
here,
foreign.
D
D
D
Hearing
no
concerns
there,
I
think
it'd
be
good
to
move
on
to
5767
as
Elliot
was
mentioning
the
text.
This
was
a
bit
bigger
one
in
terms
of
edits.
The
original
text
was
playing
fairly
fast
and
loose
with
inner
eat
method,
where
it
meant
inner
Eep
authentication
method.
D
In
other
places,
it
referred
to
eat
method
where
it
really
meant
Eep
or
basic
password
and
then,
as
Alex,
was
pointing
out
or
vendor
specific,
so
rather
than
trying
to
put
weasel
words
everywhere,
because
there
were
some
where
it
said:
eat,
method
or
basic
password,
but
that
wasn't
consistent,
so
I've
defined
something
new
at
the
top
of
the
document.
D
In
the
terminology
section
saying
there
is
a
new
term
inner
method
which
is
wave
your
hands
vigorously,
whatever
happens
inside
the
tunnel
for
Authentication,
which
is
an
Eep
authentication
method,
username
password
or
vendor
specific,
and
then
all
of
the
text
can
refer
to
Inner
method
and
then,
as
a
side
effect
of
that
the
Eep
sequences
section
simply
becomes
an
Eep
section,
because
there
can
be
a
little
bit
of
text
before
that
saying,
oh
by
the
way
you
can
mix
and
match
inner
methods.
D
However,
you
want-
and
so
some
of
the
sequence
stuff
in
that
deep
sequences
section
goes
away
and
then
the
Eep
authentication
section
becomes
inner
Eep
authentication
method,
which
is
a
little
long.
But
it's
only
used
in
that
one
section
and
only
a
few
times.
A
For
updates,
since
it's
mostly
an
editorial
Errata
I
mean
I,
think
we
can
include
a
note
with
the
with
the
resolution
that
could
maybe
explain
what
what
will
be
done
in
the
revision
but
like
I,
don't
think
this
is
something
we
would
publishing
around
before.
C
B
A
hold
for
update
because
Alan
you
shouldn't
have
to
worry
about
you,
know
essentially
trading
through
the
document
and
trying
to
redesign
their
their
criminology.
That's
especially
since
we're
going
to
come
out
with
a
new
document
very
soon
I,
wouldn't
I,
wouldn't
I
would
just
hold
for
updated
if
you're.
Okay
with
that.
D
No
I
think
that's
good,
so
heck
yeah
I'll
make
some
notes
for
for
my
updates
for
that
about
pulling
the
64
octets
from
TLS
prf.
D
Moving
on
there
are,
let
me
see
here,
issues
so
I,
don't
know
if
we
want
to
go
through
the
issues
in
detail.
I
opened
up
a
few
based
on
comments
on
the
mailing
list,
so
where
I
could
address
things,
comments
on
the
mailing
list,
I
put
them
into
the
document
where
I
couldn't
I
opened
up
an
Errata,
so
it
was
tracked.
D
Do
we
want
to
go
through
that
in
in
detail?
There's
only
a
yep.
A
D
A
D
Yeah,
so
there
is
a
separate
section
now
in
the
document
which
says
oh
by
the
way,
if
you're
doing
Eep
Ms
chap
it
is
the
Eep
fast
Ms
chat
variant,
as
defined
by
this
link,
which
means
that
the
there's
260
octet
fields
which
get
swapped
so
that
is
explicitly
called
out
now.
D
That
I
believe
so,
yes,
okay,
yeah.
D
D
The
other
one
don't
lose
track
of
verified
errata
I.
Think
we'll
leave
that
pack
I
think
is
either
tls13
changes
or
TV2
I
I,
don't
know
what
else
to
say
about
that.
Let
me
open
5128
Ellen.
B
I
think
what
I
I
think
the
coverage
on
the
list
if
I
understand
correctly,
that's
one
where
essentially
my
read
is
that
I
was
the
only
person
who
said
oh,
let's
dump
it,
but
and
since
I'm
I
don't
mind
being
the
odd
man
out,
you
can
just
close
it.
D
B
D
Okay,
oh
I,
didn't
know
it
offline,
I
think
five,
one
two
eight
exactly
this
is
all
adding
the
output,
lengths
and
updating
everything
to
say
this
derivation
is
the
first
and
octet
of
whatever
so
I
believe
that's
been
updated.
A
A
Mean
you're
right,
it's
it's
just
like
we,
we
had
there's
the
whole
definition
of
the
function.
Signature
for
a
prf
is
like
was
not
well
defined
in
in
t
or
we
didn't
stick
to
a
consistent
function,
signature.
So
it's
pretty
confusing.
Sometimes
we
have
a
length
and
sometimes
that
link
means
you
mix
the
length
in
and
sometimes
it
doesn't
so.
I
wanted
to
just
kind
of
clear,
clear
make
those
clear
and
and
not
change
the
function,
signature
that
TLS
is
already
defined.
A
So
that's
what
this
one's
about
and
I
I'll
I'll
look
into
what
what
you've
changed.
C
D
Okay,
next
erad
I
believe
this
was
Alex's
comments
on
the
list.
B
A
E
B
I
think
wpa's.
B
E
D
Do
we
want
to
keep
it?
Do
we
what
I
mean
I
I
would
almost
suggest
leaving
it
in
to
minimize
the
the
edits
of
the
document,
but
just
add
a
note
saying:
oh
God,
nobody
implement
this.
We
don't
know
what
it
does
and
we
don't
deliver
it
because
yeah,
if
nobody
implements
this,
maybe
it's
time
to
rip
it
out.
D
A
Well,
I
I
think
we
could
potentially
but
I'm
just
if
it's
going
to
causing
we'd
want
to
do
it
in
such
a
way.
If
we
can
that
it
minimizes
the
chance
of
causing
an
interrupt
issue.
A
So,
but
definitely
we
can
I
think
we
can
add
a
note
that
says
hey.
This
is
a
candidate
for
removal
in
the
next
revision,
because
people
haven't
implemented
it
I.
B
E
The
problem
with
the
pad
I
think
there
was
an
out
of
bound
provisioning
idea,
so,
like
people
could
go
around
with
USB
sticks
and
say
right,
this
is
provisioning
machine.
So
you
install
this
blob
on
the
machine
and
that's
how
you
hook
up
it's
not
just
a
case.
You
wouldn't
be
able
to
it's
like
you,
wouldn't
be
able
to
even
connect
in
the
first
place,
because
that
files
no
longer
being
sent
or
used
I
think
that
was
one
of
the
use
cases.
E
A
B
A
Yeah
and
we
can
look
into
what
the
impact
is,
if
because
in
some
ways,
it's
attractive
to
kind
of
remove
stuff
that
that
we
don't
need.
But
if,
if
it's
going
to
cause,
you
know
if
nobody
implements
it
and
we
think
it's
a
useless
idea,
then
we
can't
I
think
we
can
remove
it
just.
But
we
need
to
be
a
little
bit
careful
that
it's
it's
not
going
to
cause.
E
This
is
to
describe
people
trying
to
implement
it
today,
like
that.
We've
already
got
existing
implementations
out
there
and
if
new
people
are
joining
the
party
I
don't
know
if
the
the
RFC
7170
describes
enough
that
someone
else's
back.
E
If
you
remove
this,
the
impact
would
be
new.
Implementations
would
not
have
like
hypothetically
I,
don't
know
what
the
lot
actual
practical
loss
would
be
right.
A
If
somebody
did
Implement
pack,
would
they
is
there
a
recovery
option
here
like?
Would
they
just
able
to
say
I,
don't
support
it
and
go
into
a
full
handshake
if
that
method
was
available
like
obviously,
if
they
only
have
pack
way
of
bootstrapping,
something
that
that
might
not
work,
but
is
there
kind
of
I
haven't
looked
at
in
a
while
is?
Is
there
a
reasonable
thought
like
if
I
don't
support
pack
is
that?
A
Is
it
an
optional
enough
part
of
the
protocol
that
you
could
just
say
no
and
continue
on
with
the
main
part
of
beep
fast?
If
you
support
the
full
Authentication.
E
E
Spec
seems
to
say
that
it
does
say
include
your
pack
if
you've
got
one,
but
if
you
haven't
you,
you
haven't
I'm
thinking
this
documents,
I
sort
of
aim
to
describe
what
we
see
out
there
in
the
wild,
and
we
can't
describe
what
someone
else
might
have
done
with
their
pack
or
what
they
should
have
done
with
their
pack
tlv
implementation
and
how
to
use
a
pack
file.
E
If
we
describe
something
and
Hammer
in
a
nail
somewhere
in
the
ground,
someone
if
someone's
different
we've
already
created
an
interrupt
which
I
think
we're
all
worried
about.
But
by
let's
say
we
just
remove
that
whole.
The
whole
pack
section
from
here
say:
hey
you.
Might
you
might
see
a
pack
on
the
wire,
but
just
ignore
it
for
new
implementations
this,
when,
when
someone
writes
a
new
implementation,
let's
say
to
talk
to
a
vendor,
we
don't
know
of
that.
E
Vendor
might
have
implemented
it
in
a
way
which
any
of
our
interpretations
of
this
RFC
we're
not
going
to
come
with
we're
not
going
to
be
able
to
meet
in
the
middle
I.
Think
someone's
going
to
be
just
looking
at
the
output
of
Wireshark
and
keep
poking
it
or
looking
at
a
debugger
until
they
can
figure
out
how
to
talk
to
this
other
vendor
I.
Don't
know,
though,
yeah.
E
A
I
think
it's
worth
you
know
trying
to
see
if
we
can
just
remove
it
and
because
it
sounds
like
well,
if
you
don't
support
pack
you're,
just
gonna,
there's
this
kind
of
corner
case
of
out-of-band
provisioning.
Where
somebody
might
you
know,
there's
some
bootstrapping
that
you
couldn't
do
but
I
think
it's
unlikely
that
people
have
really
implemented
it.
I
think
the
person
maybe
to
check
with
is
is
Oleg
from
Cisco,
but
if
Elliot
said
that
they
didn't
implement
it,
you
know
I
think
it
was
probably
implemented
for
Epass,
but
I
would
be
surprised.
E
A
E
I
didn't
do
any
interrupts
anywhere
else,
so
for
this
also.
A
Yeah
and
we
might
be
able
to
get,
you
don't
need
a
comment
if
he
would
lose
sleep
if
we
removed
pack.
A
D
Yeah
I
don't
know
that
there
are
any
actual
shipping
implementations,
cheap
supplicants
using
host
AP.
Typically,
you
know
that
goes
into
Android
and
the
tip
code
is
relatively
new.
D
I
haven't
seen
anywhere
that
Android
actually
exposes
this
anywhere
I
suspect
in
park,
because
the
code
is
new
and
as
soon
as
anyone
looked
at
it
they
went.
You
know,
oh
gosh
here
be
dragons
and
said.
Well,
let's
not
do
that.
D
A
C
Some
Linux
distributions
may
have
well,
they
have.
They
are
using
WPS
applicant,
Ubuntu
and
Fedora,
so
they
may
have
it
because
they
are
using
WPS
applicant
I
haven't
checked
so
I
can
check.
If
there
are
any
of
the
recent
Linux
distributions.
Have
it.
C
So
that's
besides
Android,
so
that
this
one.
So
let's
say
that
the
Linux
Distributors
are
one
user
of
WPS
applicant.
E
Until
very
recently,
WPA
supplicant
wouldn't
even
talk
TP
anyway,
because
I
mean
well
Ms
chap
it
was
using
the
non-fast
version,
the
keys
the
msk
flipped
over,
so
that
wouldn't
have
worked
full
stop
and
it
wouldn't
of
authenticated
against
Windows
either
various
reasons.
So
I
don't
know,
even
if
the
team
shipped
it
wouldn't
be
usable
in
the
state,
it
is
until
a
patch
I
think
was
added
within
the
past
month.
I
think
yeah.
D
Okay,
so
is
there
at
least
rough
consensus
that
pack
is
perhaps
irrelevant
and
then
whether
or
not
we
remove
it
from
the
document,
I
think
would
have
to
take
that
to
the
list
and
have
a
bit
longer
discussion
about
that.
C
Oh
yeah,
so
I
want
to
comment.
If
I
can,
the
tip
or
RFC
still
has
this
session
ID
based
resumption?
So
if
somebody
wants
to
have
a
quick
TLS,
handshake
I
think
that
option
Still
Remains.
A
D
D
Oh
okay,
when
how
do
you
know
that
the
new
session
ticket
is
the
pack
and
not
a
TLS
session
ticket?
So
there's
some
incentives,
you
know
what,
if
we're
going
to
do,
teach
stuff
that
goes
into
plvs.
If
we're
going
to
do
SSL,
stuff
or
TLS
stuff,
that's
TLS,
stuff,
I!
Think
the
only
real
difference
between
the
pack
of
the
new
session
ticket
is
that
you
can
begin
a
a
new
TLS
session
and
authenticate
using
the
pack
or
is
the
new
session
tickets?
Are
really
one
use
only
or.
C
D
Uses
shall
we
say,
but
yeah
I
I,
think
generally,
if
you
want
fast
session
resumption,
that's
what
discussion
ticket
is
for.
Is
that
and
otherwise
do
fully
offensive
motion
foreign.
D
Okay,
so
the
one
remaining
thing
is
pkcs:
seven,
let's
see
what
is
I
think
this
is
Alex's
comment.
D
A
A
D
A
Yeah
so
I
think
we're
we're
getting
to
a
point
where
most
of
the
technical
sort
of
changes,
or
at
least
have
a
first
pass
into
the
document
that
we
are,
we
think
we're
happy
with,
and
so
we'll
want
to
have
some
pretty
decent
review
of
folks
kind
of
taking
a
look
at
the
document
as
a
whole
with
those
changes
and
make
sure
it
holds
together.
A
But
I
think
we'll
maybe
resolve
that
pack
issue
first
and
then
see
if
we're
well
in
this
pkcs7
issue
and
then
maybe
we'll
be
ready
for
a
working
group.
Last
Call
on
it
might
be
aggressive,
but
I
I
think
it
leaves
getting.
A
A
A
If
there
are
no
other
issues
and
I
think
we
could
adjourn
for
today,
we
do
have
a
meeting
scheduled
for
next
Wednesday
as
well.
I'm,
not
sure
that
we
need
that
one
I'll
keep
it
on
the
schedule
for
this
week,
but
if
we
don't
seem
to
be
having
any
need
for
it,
I
will
cancel
that
one
so
that
we
get
some
time
back
and
then
it
does.
We
need
at
least
a
week
to
schedule
an
interim
and
preferably
two
weeks
to
give.
You
know,
make
sure
that
we
can
get
time.
A
So
we
can
schedule
and
an
additional
one
later
say,
maybe
in
February
to
kind
of
go
through
any
additional
issues,
but
I'll
hold
off
on
that
for
right
now.
A
So
I'll
leave
the
current
meeting
for
next
week
on,
but
I
will
send
a
note
to
the
list
if
we
cancel
it,
probably
by
the
you
know
during
the
weekend,
if
there's
no
additional
things.
C
A
Okay
and
then
the
goal
is
to
kind
of
get.
You
know
technical
issues
resolved.
So
please,
if
you
have
remaining
issues
post
them
in
in
the
GitHub
on
the
document
to
the
issue
section
or
you
can
suggest
a
PR
and
then.
A
And
then,
if,
once
we
have
all
of
those
issues
resolved,
then
we
can
move
to
kind
of
a
working
group.
Last
call
phase.
Where
we'll
do
a
working
group
last
call
and
collect
comments.
A
There'll
probably
be
some
revision,
and
perhaps
another
last
call
after
that,
but
we'll
we'll
be
nearing
the
end
of
the
you
know,
getting
the
document
published
and
at
the
same
time
as
we're
going
through
the
issues
we
can
also
I've,
been
starting
to
post,
suggested
Errata
to
the
resolutions
to
the
list
and
just
want
to
make
sure
that
we
get
those
aligned
with
the
revision
and
then
we
can
send
those
to
the
ad
for
resolution
of
the
errata
and
that
you
know
we
can
do
and
it'll
be
published.
A
All
right:
well,
everybody
have
a
good
day
good
evening
and
we'll
see
on
the
list,
and
we
have
scheduled
some
time
in
Yokohama
for
this,
for
emu
and
in
particular
this
topic-
and
we
may
be
kind
of
getting
this
document
off
at
that
into
the
isg
at
that
point
in
time.
But
it'll
give
us
a
chance
to
meet
and
resolve
any
additional
issues
that
have
come
up.