►
From YouTube: IETF-ALTO-20230530-1400
Description
ALTO meeting session at IETF
2023/05/30 1400
https://datatracker.ietf.org/meeting//proceedings/
A
A
I
think
we
can
get
started
and
so
welcome
to
Auto
intermitting.
So
this
is
our
fifth
interim
meeting
and
the
focus
will
be
the
deployment
card
list
and
security
privacy,
isolation
issues,
so
my
name
is
Qing
and
my
co-chair
Mohammed
and
we
are
more
moderated
this
discussion,
not
aware.
Probably
you
are
recorded
and
please
follow
the
code
of
conductor.
Rpr
rules
apply
note
where
and
please
feel
free
to
read
it,
and
this
is
a
general
purpose
for
today's
discussion.
A
So
we
have
two
topic
for
the
first
topic.
We
will
invite
a
uber
to
give
introduction
for
the
security
property,
isolation,
use
case
requirements
for
auto
protocol
and
then
the
so
the
the
presentation
will
be
limited.
20
minutes
we'll
leave
50
minutes
for
discussion.
The
second
topic
is
security
issue,
consideration
for
auto
development,
who
is
Will,
Lead
the
discussion,
and
we
will
limit
the
presentation
for
10
minutes
and
the
five
minutes
for
discussion
and
for
the
other.
A
A
The
current
status
of
China
work
Island
and
we
already
completed
the
working
laptop
or
transporter
Innovative
draft
and
for
auto
om,
and
we
just
started
the
second
working
law
school
and
so
probably
will
based
on
the
comments
from
the
second
working
last
call
make
another
revision
and
our
plan
is
complete.
The
write,
half
and
submit
the
Innovative
job
to
isg
in
a
second
week
of
the
June
any
agenda,
Bash.
A
B
B
The
major
part
of
my
presentation
today
is
the
different
ideas
that
we
prepared
on
how
we
can
bring
trust
into
the
alto
protocol
and
we'll
end
this
discussion
with
the
summary
we'll
have
some
times
for
some
discussion,
hopefully,
as
you
may
know,
so,
the
auto
protocol.
This
is
just
a
quick
overview
of
the
what
you
already
know
in
terms
of
with.
C
B
Alto
standard
and
the
different
possible
implementation,
so
the
auto
protocol
allows
internet's
client
to
obtain
information
related
to
network
priorities
or
on
paths.
This
information
can
identify
and
help
select
the
optimal
routes,
access,
useful
data
by
a
different
type
of
client.
So
what's
for,
what's
the
value
for
trust
for
what?
What
are
the
value
that
trust
can
bring
for
an
enhance
Network
decision
making,
especially
in
the
alto?
As
you
know,
so
trust
is,
and
we
have
been
already
established
following
the
side
meeting
that
we
had
in
ITF
Yokohama.
B
B
On
the
other
hand,
trust
can
help
assess
the
value
of
information,
product
and
entities
and
services
in
the
network.
Finally,
our
trust
can
help
evaluate
quality
of
different
interaction,
but
based
on
reputation
and
trustworthiness.
If
the
major
I
would
say
value
of
our
work
is
try
to
integrate
trust
into
Alto.
There
are
different
elements
that
can
benefit
from
bringing
trust
into
Alto
I'm
here
I
try
to
summarize
the
most
useful
one,
first
of
all,
first
of
all,
trustworthiness
Matrix.
B
If
we
include
this
as
part
of
Alto,
so
this
would
help
incorporate
just
within
us
metrics
into
Ultra
information
model.
Some
of
the
important
factors
that
need
to
be
considered
are
like
reliability,
security,
stability
and
also
performances
or
major
elements,
and
this
would
help
making
better
decision
and
how
the
decision
making
using
quantity,
quantitative
measurement
as
the
second
element,
which
is
trying
to
extend
the
cost
Matrix
so
incorporating
trust
factors,
would
help
expand
out
those
gross
metric
and
to
include
trustworthiness.
B
This
would
also
be
used
eventually
for
resource
selection,
so
different
application
can
consider
translated
factors
for
optimal
resource
selection
and,
obviously
the
outcome
from
that
it
possibly
enhanced
decision
making.
What
aware
trust
would
be
trust
integration
can
improve
routing
decision
and
resource
utilization.
Finally,
real-time
trust
update.
B
So,
by
continuously
monitoring
we
can
have
updated
value
for
trustworthiness
metrics,
and
this
will
help
for
making
adaptive
decision
making
for
the
application
on
the
second
aspect
and
then
on
the
other
element,
which
is
the
advantages
of
trust,
enhanced
Auto,
we
can
say
that
we
can
achieve
informed
decision
making.
We
can
have
an
enhanced
security
and
also,
hopefully
improve
performance
and
overall
quality
and
also
already
now
covered
is
used.
B
Is
you
use
to
improve
Network
performances,
reduce
Network
congestion
and
how
fully
offer
Network
a
better
user
experiences
once
we
bring
trust
into
Auto?
Basically,
we
try
to
the
element
that
we
want
to
focus
on
is
introduce
us
as
new
performance
metric
and
hopefully
improve
Network
trustworthiness
and
finally,
improve
user
Satisfaction
by
helping
assessing
the
value
of
information,
product
services
and
reducing
the
risk
related
to
lack
of
trust.
B
The
major
part
and
the
most
important
part
of
today's
talk
is
the
different
initial
ideas
that
we
brought
so
far
related
to
how
how
can
trust
can
be
implemented
or
integrated
as
part
of
the
alto.
The
first
idea
is
working
on
trusted
IP
based
geolocation
for
entities
in
the
alto
architecture.
The
second
one
is
defining
trust
as
one
of
the
possible
cost
measurement
to
be
used
within
Alto.
The
third
one
is
considered
trust,
enhanced
property
map
and,
finally,
multi
domain
settings
and
Trust
as
part
of
Alto.
B
This
idea
should
contribute
to
enhanced
or
swadiness
and
Trust
aware
decision
making
within
the
outdoor
architecture,
also
by
approach.
Rising
such
aspect
outdoor
can
provide
application
with
more
reliable,
secure
and
trustworthy
information
for
optimizing
resource,
selection,
routing
and,
hopefully,
policy
reinforcement.
B
So
now
we
try
to
give
more
details
about
each
of
these
different
ideas,
so
the
first
one
there
is
some
context
which
is
related
trusted
IP
based
your
location,
so
the
accurate
geolocation
of
network
entities
such
as
clients,
servers
and
resources
have
been
established
that
this
would
be
play
crucial
role,
making
our
own
resource
selection.
However,
traditional
education
methods
are
lacks
in
the
in
this
in
terms
of
accuracy,
and
they
present
some
vulnerabilities.
B
However,
in
terms
of
deployment,
we
need
so
with
us
still
some
few
open
questions
in
order
where,
where
we
can
best
put
such
mechanism
into
practice
as
part
of
output,
so
the
first
part
is
it
within
with
possible
integration
within
the
auto
server.
So
we
need
to
ask
how
to
include
robust
geolocation
as
part
of
Auto.
Server.
Which
element
would
benefit
the
most
from
trusted
geocaching
and
also
how
to
share
trusted
output
without
a
client
if
we
consider
the
elements
related
to
the
alto
client.
B
So
the
question
to
be
asked,
the
answer
is
how
to
use
the
inputs
receipt
from
the
alto
server
and
also
what
is
the
expected
impact
on
performances
and
the
user
experience.
And,
finally,
is
it
possible
or
useful
to
through
trans
measurement
within
the
auto
client
or
just
keep
it
integrated
as
part
of
the
auto
server?
We
also
we
open
to
other
suggestions
in
terms
of
for
using
third
parties
or
like
content
providers
like
developing
other,
a
translated
element
outside
of
the
of
the
the
alto,
but
these
are
we
might
have
be.
B
It
might
have
a
good
like
a
direct
impact
on
the
behavior
and
the
performance
is
achieved
within
trust
style
too.
So
here
we
need
to
focus
on
the
resources
and
also
maybe
focus
on
the
paths
between
client
and
resource,
so
how
to
talk
about
how
to
select
the
most
trusted
path
between
client
and
content.
The
second
element,
which
is
trans
as
a
customer
measurement
in
Alto,
so
since
currently
Alto
as
far
as
I,
know,
use
only
a
cost
measurement
to
quantify
the
performances
or
quality
of
of
network
or
and
resources
the
expected
outcome
for
this.
B
We
can
see
that
an
auto
server
would
offer
the
quality
of
trust
as
it
costs
new
non-renewable
cost
metric.
This
cost
metric
would
convey
high
level
measurement
for
quality
of
trust,
depending
on
the
part
between
the
source
and
the
destination.
The
higher
values
with
indicate
higher
preferences
for
traffic
to
be
sent
from
source
to
destination
using
the
selected
path
and
I
can
see
that
also
a
service
provider
may
enter
internally
decide
they
have
the
opportunity
or
the
chance
to
decide
on
the
specific
factors
and
their
respective
ways
for
computing
quality
of
trust.
B
B
Let's
move
now
to
the
third
idea
related
to
trust
enhanced
property
map.
Currently
there
are
four
major
property
maps
that
Network
maps
and
programs
that
are
currently
available
within
Alto,
so
the
network
map,
The
Entity
property
map
and
the
cost
Map
There's
the
ontcoin
and
the
point
cost
map.
Basically,
we
are
suggesting
to
maybe
introduce
the
new
one
Focus
distance,
this
time
on
trust,
enhanced
property
map.
B
Why
why
we
try
to
provide
trust,
focused
measurement
for
each
a
e
that
would
allow
trust
based
decision
making
and
if
you
can
see
the
structure.
This
is
how,
where
we
can
imagine
such
an
entity
and
I
guess
further
discussion
would
be
needed
and
this
would
basically
align
with
some
of
the
ideas
that
will
be
brought
later
on
by
Lewis
in
his
presentation,
and
we
do
need
some
more
discussion
in
order
to
evaluate
the
the
potential
use
cases
for
such
for
such
idea.
B
Finally,
the
the
the
the
the
final
idea
is
relevant
to
multi-domain
and
Trust
as
part
of
L2,
so
exposing
multi-domain
Network
information
to
support
emerging
use
cases
introduce
issues
to
be
considered
in
the
current
Auto
design.
One
of
these
issues
related
to
security
and
privacy.
We
can
also
say
that
information
will
buy
provided
by
Alto
protocol
is
considered
for
now
very
like
a
broad
and
cross-grained.
B
So
this
such
Network
information
is
exposed
as
abstract
Maps
such
as
Network
map
and
so
on,
and
the
benefits
is
of
abstract
map
include
protection
of
information,
privacy
and
approach
copy.
However,
many
asps
dislike
the
disclosing
such
detailed
information
about
the
network
because
of
the
the
the
risk
factors.
B
Therefore,
autoportical
is
designed
for
now
to
offer
likely
to
information
about
esp's
Network
architecture
too
peer-to-peer
application
vendors,
or
this
new,
like
possible
extent
mentioned
I
like
need
to
be
designed
to
provide
fine-grained
Network
information
to
the
application
using
these
extension
services
for
multi-domains
a
scenario
to
raise
new
security
and
privacy
concerns.
So
basically,
in
this
element,
we
try
to
bring
together
these
different
Factor,
how
trust
how
to
and
the
multi-domain
setting
can
be
brought
all
together,
as
previously
mentioned.
B
So
trust
is
very
important
and
also
especially
in
multi-domain
system,
where
some
data
exchange
or
information
exchange
and
it
would
be
required
in
the
case
of
Auto
protocol
and
in
multi-domain
settings.
Trust
between
different
domains
can
facilitate
the
exchange
of
network
information
and,
if
we
think
about
different
domains
of
different
domain,
trust
that
their
Network
information
will
be
used
appropriately.
So,
and
this
would
have
like
multi-domain
will
entities
will
have
a
more
will
be
more
inclined
to
share
some.
B
The
the
call
for
actions
related
to
today
is
a
presentation
and
materials,
and
from
this
entire
meeting,
the
question
that
I
would
ask
is
related
to
the
relevance
of
this
topic
to
the
outer
group.
So
if
the
answer
is
yes,
what
are
the
aspects
that
should
be
prioritized
as
part
of
the
chartered
item?
What
are
the
most
valued
expected
outcome
for
each
for
each
idea
and
who
need
to
be
involved
and
also
who
wants
to
be
included
and
in
order
to
implement
this,
the
others?
B
The
other
question,
because
of
the
nature
of
trust,
the
subjective,
Natives
and
the
complexity
of
this
trust
as
a
topic
should
we
also
think
later
on
maybe
a
later
time
offline
to
in
terms
of
relevance
to
other
work
groups.
So
if
the
answer
is
yes
within
the
ietf,
so
ritual
groups
and
what
are
the
cross
sections
with
the
alto
protocol
and
who
are
the
relevant
people
that
need
to
be
contacted
and
I
will
stop.
My
presentation
here
and
I
will
be
more
than
happy
to
answer
any
of
the
questions
that
you
might
have.
A
Okay,
thanks
for
introduction,
it's
very
interesting
proposal,
and
so
ayoko
can
you,
you
know,
share
your
slides
again
and
before
open
flow
to
the
audience.
Actually,
I
want
to
make
some
quick
comments.
I
think
you
know
you
discuss.
Four
aspects
actually-
and
you
know
in
my
interpretation
actually
I-
think
these
four
aspect
more
related
to
how
trans
information
can
be
measured,
how
the
trust
information
can
be
transported,
how
transformation
can
be
connected
and
how
transit
information
can
be
exposed
using
Auto
protocol.
A
So
I
think
you
know
go
back
to
the
question
you
want
to
ask
I
think
you
know
currently
Auto
working
Google
more
focused
on
you
know
how
trans
focus
on
you
know:
Auto
interface
between
the
auto
client
and
auto
server,
and
also
we
in
the
previous
interview
meeting,
we
discussed
how
to
integrate
different
data
sources.
This
is
related
to
the
interface
between
Auto
server
and
network
info
structure.
A
So
my
impression
you
know
for
how
the
trust
information
can
be
measured
or
can
be
transported
currently
is
not
in
a
scope
of
Auto
working
group,
and
so
my
suggestion
is
for
for
aspects
that
I
expect.
You
know
my
my
impression.
Some
of
the
you
know
aspect
maybe
really
the
auto
protocol
extension,
but
if
you
can
reformulate
into
some
kind
of
use
case
and
the
requirements
that
will
help
people
better
understand
and
houses
can
be
fitted
into
the
auto
Channel.
D
D
We
are
oftentimes,
for
example,
if
I
do
have
multiple
servers.
I
am
a
client
I'm
trying
to
download
from
one
of
multiple
out
of
one
multiple
servers
which
can
give
me
content
and
then
sometimes
I
do
have
a
policy
constraints,
for
example,
if
I
download
this
content
one
and
from
from
client
one
and
maybe
for
example,
client
one
is
from
Europe
and
they
therefore
I
want
to
make
sure
I
download
from,
for
example,
the
European
server
and
also
the
whole
routing
from
the
server
to
the
client.
D
I
will
not
go
outside
of
Europe,
for
example,
and
something
similar
by
Clan
2
and
also
has
corresponding
server
two.
So
therefore,
also
the
whole
path
would
be
somehow
go:
go
through
a
given
a
policy
domain
right
because
you
don't
want
to
go
set
up
policy
domain.
Otherwise,
they're
going
to
have
some
kind
of
policy
violations,
I
think
that
can
be
useful,
but
I
want
I'm
kind
of
curious
about
a
little
bit
details
doing
such
a
number
to
be
a
vector,
or
this
one
would
be
a
like
a
filter
constraint.
So
what
do
you
envision?
B
Thank
you.
Thank
you,
Richard
for
your
question.
It's
very
very
relevant
question
to
this
until
the
possible
use
cases
related
to
the
cost
measurement
as
part
of
the
alto
the
difficulty
here.
Basically,
it
aligns
with
different.
How
can
we
Define
the
like
a
subject
because
trust
as
it
as
by
its
Essence
is
very
subjective?
So
how
can
we
Define
the
I
would
say
measurable,
metric
for
measuring
trust
and
this
it
will
be
a
use
case.
B
E
B
What
the
our
aim
is
basically
to
provide
like
standard
way
of
computing
trust
value
or
different
Pro
service
provider,
like
tweak
only
the
numbers
on
the
weights
parameters
related
to
obtaining
the
final
cost
measurement,
and
then
the
this
cost
measurement
will
be
only
helping
like
as
decision
Vector
for
decision
for
making
decision.
Okay,
so
either
to
so,
though,
then,
if
you're
asking
how
to
implement
it,
Proto
like
in
terms
of
final
use
cases
for
the
as
part
of
the
alto
it
will.
B
The
answer
it
will
be
depend
on
the
the
final
use
case.
Are
we
put?
Are
we
talking
here
only
about
the
client
or
the
we're
talking
about?
It
can
be
used
basically
to
judge
the
the
trustworthiness
of
the
the
content
itself
or
the
path
you
know.
So
there
are
very
different
ways,
as
you
can
see
different
ways
of
like
explaining
this.
D
Okay,
yeah
they're
a
bunch
of
details,
but
I
guess
I'm
going
to
first
I.
Think
I
see
your
point
so,
depending
on
the
use
case,
I'm
going
to
probably
offline,
and
we
can
talk
about
the
details
because
I
do
say.
Potentially
a
complexity
in
terms
of
you
know
encoding
the
trust,
information,
input,
I
think
it
doesn't
have
to
be
totally
subjective.
For
example,
policy
can
be
actually
subjected,
it
can
be
objective
right.
Do
you
go.
D
F
Yes,
for
the
presentation,
one
person
that
was
coming
to
my
mind
is
the
following:
so
okay,
the
the
server
can
offer
this
quality
of
trash
or
distrust
metric,
but
should
we
somehow
also
protect
the
client
from
the
from
the
fat
of
the
server
keeping
track
of
the
selection
of
the
client?
So
maybe
it's
a
sensible
information
as
well
to
to
let's
say,
not
keep
track
or
not
keep
any
register
or
what
the
client
is
selecting
based
on
the
information
provided
by
yard.
So
that
should
be
also
a
point
to
to
consider.
B
It
is
definitely
a
point
to
consider,
because
when
we
talk
about
trust,
the
Privacy
like
inclination
or
the
privacy
and
related
issues
coming
from
that,
it's
very
a
very,
very,
very
serious
application.
In
order
to
answer
that,
there
are
two
ways
of
considering
it
here:
there
are
there
if
we
implement
the
trust
measurement
as
part
within
the
alto,
so
the
client,
if
we
want
to
you,
need
to
trust
like
that
to
server
in
order
to
be
able
to
like
interact
with
the
server.
B
However,
there
is
a
possibility,
if
you
can
see
here
that
maybe
is
it
possible
to
use
a
third
party
like
in
order
to
gauge
the
trustworthiness
of
a
client
rather
than
sharing
personal,
like
identifiable
information
related
to
the
client
once
again,
here
the
use
case
that
will
the
final
use
case
will
help
decide
or
identify
which
path
to
follow
in
order
to
implement
this
practically
okay,
understood.
Thank.
F
E
E
You
thanks
to
you
for
your
presentation,
I
understand.
There
are
several
Dimensions
to
this
topic
of
past,
because
I
saw
Trust
of
information
that
is
provided
for
us.
Also
a
client
is,
can
can
you
trust
the
client
trust,
and
then
there
is
another
dimension
which
would
be
that
the
trust
of
path
on
the
past.
So,
as
Richard
mentioned,
there
is
also
the
aspect
of
how
secure
is
the
path
and
also
how
robust
is
surpassed.
B
Thank
you
very
much
Sabine
for
your
comment.
It's
very
very
important.
The
element
that
you
identify,
because
this
is
what
we
found
in
terms
of
the
challenge,
basically
studying
this
topic.
We
do
need
to
have
like
a
wide
understanding
of
the
topic
before
specific,
like
identifying
specific
use
cases
so
we'll
be
we're
very
you're.
Very
much
welcome,
basically
to
join
us,
and
we
will
definitely
come
back
to
to
see
some
some
of
the
support
from
the
Auto
Group.
B
In
order
to
move
forward
with
like
a
formal
definition
of
trust
as
a
cost
measurement
in
general,
then
we
can
identify
the
possible
I
would
say
at
least
these
three
elements
is
it
the
client
I
would
say
that?
Is
it
the
client
trust
measure
for
the
client?
Is
it
just
for
the
server?
Is
it
for
the
content
provider
or
is
it
for
the
person?
There
are
four
angles
actually
that
we
are
considered.
E
G
G
Is
that
part
of
the
goal
of
this
or
just
or
the
goal
of
this
is
just
to
provide
mechanisms
to
to
extract
this
information
from
the
network
and
and
convey
to
from
the
from
the
server
to
the
client?
So
do
you
expect
that
we
will
also
get
out
that
this
work
should
also
get
into
defining
what
trust
is
or
and
I
think
this
is
connected
with
Matt's
question
in
the
chat
you
know
that
we
should
connect
with
ipdm.
B
You
thank
you.
Let
me
start
with
the
first
part
related
to.
How
can
we
implement
this?
There
are
different
ways.
Is
it
a
new
map?
Is
it
like
just
I
would
say
an
extension
of
already
existing
map?
I
think
that
we
need
to
assess
the
two
possibilities,
but,
let's
start
with
first
of
all,
trying
to
include
trust
us
just
not
pneuma,
but
like
a
next
element
like
a
measurement,
cost
measurement,
a
new
cost
measurement
and
see
the
value.
B
If
this
provide
value,
we
can
decide
to
move
forward
and
maybe
evaluate
the
usefulness
of
including
a
new
complete
map,
but
here
I'm,
just
having
these
proposals
in
terms
of
ideas
and
I
would
ask
basically
for
the
your
inputs
in
order
to
help
the
site
which
one
is
the
most
I
would
say
relevant
and
which
one
is
the
most
timely
and,
most
importantly,
which
one
is
the
most
needed.
If
it's
not
so
in
terms
of
proposal,
if
it's
not
needed,
it's
not
not
like
useful.
B
D
Yeah
very
quick
question
so
I
think
one
thing
which
is
quite
a
different
potential
I
say
from
your
architecture
is
Auto.
Right
now
is
mostly
is
a
client
server
protocol,
where
the
server
somehow
quote
unquote
owns
the
information
that
it
can
potentially
distribute
to
the
cloud
so
if
I'm
server,
if
basically
I'm,
representing
an
ICP.
So
therefore,
all
information
I
talk
about
I
own,
so
therefore,
I
mostly
would
have
the
authority
to
distribute
information
or
not
I,
think
one
quite
a
new
dimension
from
your
work.
D
For
example,
look
at
item
number
one
you
want
to
go
to
your
trust.
Ip
is
somehow
you're
talking
about
a
potentially
Network
word,
distribute
be
able
to
distribute
information
which
the
network
doesn't
potentially
fully
own
or
doesn't
own
or
fully
owned.
For
example,
the
location
of
an
IP
address
somehow
is
owned
not
only
by
the
network
actually
owned
by
The
End
by
the
third
party.
Not
the
auto
Clan,
not
other
server
is
third
party.
D
So
therefore,
if
I
see
the
overall
with
architecture
right,
you
might
need
someone
to
be
able
to
manage
The
Trusted
or
the
management
of
the
information
distribution
of
the
information.
For
example,
now
the
device
owns
IP
address
might
need
to
have
a
say
to
talk
about
what
kind
of
information
I
want
to
really
distribute.
That's
actually,
a
major
missing
piece
in
Auto
also
doesn't
have
such
capability
to
do
management
of
the
essential
information
disclosure.
So
do
you
Innovation
such
entity
will
be
added
into
the
system
or
not,
or
maybe
their
third
party.
D
B
You
thank
you
very
much
for
this
important
question.
There
are
actually
two
ways
of
seeing
this.
You
can
see
it
as
a
standalone
solution,
as
you
said
in
terms
of
the
so
that
the
alto
server
will
handle
all
the
repercussion
coming
from
uncovering.
Like
trust
related
element.
However,
there
are
some
limitation
of
what
the
auto
server
can
do.
This
is
how
I
would
say
we
can
move
to
the
second
approach,
which
will
be
using
a
third
party
or
an
external
interface,
not
just
like
third-party
can
be
like.
We
can
think
about.
B
A
Okay
and
actually
I
have
a
some
other
comments.
You
know
I,
you
know
regarding
transit,
information,
distribution,
Maybe
yeah.
We
need
to
consider
some
of
distributed
approach
or
centralized
approach,
and
maybe
we
have
a
third
party
to
maintain
this
kind
of
transfer
information.
So
so
the
one
question
come
to
the
my
mind
is
how
this
transfer
information
management
related
to
the
identity
management.
We
already
have
some
kind
of
directory,
maybe
used
ldap
or
some
protocol
to
get
access
to
this
kind
of
identity
information.
A
B
I
think
there's
aligned
with
the
comment
well
previously,
thank
you
very
much
and
for
the
comment
coming
from
Richard
in
the
sense
that
it
can
be
trust,
focused
Services
as
part
of
the
alto
service
layer.
This
is
one
way
of
seeing
it,
but
I
guess
we
do
need
to
further
discussion
in
order
to
decide
which
is
the
best
way
of
approaching
this.
A
Okay,
one
more
comments
is
you
know
for
your
purpose
of
this
trust
a
little
bit
like
a
buzzword.
You
know
you
really
need
to
break
down
into
you
know.
Maybe
some
attribute
related
to
the
trust,
and
so
we
talk
a
lot
about
you
know
just
the
metrics,
so
this
may
be
related
to
the
ippm
working
Google
and
Define
the
concrete
magic
and
then
come
back
to
the
auto
working
group
to
to
see
how
this
can
be
represented
in
Auto
protocol
and,
in
addition,
we
need
to.
A
You
know,
consider
how
this
Transit
can
be
measured.
You
know,
there's
some
other
relevant
worker
in
rats
working
focused
on
remote
adaptation,
provided
you
know
trustworthy
for
the
device
during
the
put
a
stage
and
also
there's
some.
You
know
other
work
in
the
security
area
like
jio
privacy.
This
working
has
already
concluded,
but
I
think
it's
more
relevant
regarding
the
you
know,
trust
Information,
Management
also
in
security
area,
or
maybe
application
error.
There's
a
privacy
preservation,
management,
working
group,
and
so
this
is
a
you
know,
a
more
relevant
worker.
A
B
A
A
H
A
F
H
F
You
so
yeah
well
I
would
like
to
cover
a
number
of
security
aspects
coming
from
the
from
the
idea
or
the
experience
that
we
have
had
in
the
iteration
of
Alto
in
in
telefonica,
CDN
plus
other
use
cases
that
we
have
in
mind
some
other,
let's
say,
ideas
that
are
not
yet
being
implemented
at
all,
but
so
how
we
are
considering
then
for
for
for
future
work.
Let's
say
so,
as
a
background
probably
is
interesting
to
highlight
the
fact
that
there
are
a
number
of
security
issues
highlighted
or
identified
so
far
right.
F
So
we
have.
There
was
a
high
level
discussion
of
security
Altos
in
security
issues
in
Alto
for
the
program
statement,
but
also
for
the
requirements
document.
These
words
on
how
the
Baseline
of
the
further
development
of
Alto
and
so
how
we
have
also
security
concerns
in
that
respect,
then
issues
related
to
Alto
server,
Discovery
and
identified
cases
in
out
of
the
deployment
as
well
and
for
sure,
further
security
considerations
in
the
remaining
narrasses,
which
are
more
specific
to
the
concrete
topic
to
the
specific
topic
of
that
RFC.
F
But
everything
is
orbiting
around
Security
in
Alto.
What
I
will
commend
is
a
list
of
situations
or
issues
that
can
generate
security
problems
in
from
the
an
operational
perspective,
so
departing
from
the
idea
of
the
disintegration
of
Alto
and
telephonica
for
the
integration
of
the
CDN,
and
so
we
have
address,
we
have,
let's
say
foresee,
and
we
identify
some
potential
security
issues
complemented
as
well
for
some
other
work
in
progress
that
we
are
considering
for
future
use
cases,
future
integration
with
other
applications
in
telephonica.
F
So
the
approach
that
I
have
taken
has
been
the
following:
I
consider
I
have
considered
the
alto
server
as
the
central
part
of
the
alto
framework.
This
does
not
mean
that
there
are
other
security
concerns
in
other
parts
for
sure
there
are,
but
somehow
the
storyline
is
focusing
on
the
server
on
the
auto
server.
Then
talking
about
the
the
security
concerns
that
could
appear
in
the
retrieval
of
information,
so
the
interaction
with
the
network
with
the
network
controller
and
so
on
so
forth.
F
So
it
will
be
somehow
the
solvent
interface
of
the
of
Alto
and
then
commenting
some
other
issues.
Another
considerations
that
could
come
from
the
exposure
of
the
information
with
this.
We
are
linking
as
well
with
some
other
aspects
from
the
alto
client,
so
the
alto
client
is
in
the
Northbound
interface
from
the
auto
service
and
somehow
apply
to
both
sides
of
of
that
interface.
The
security
considerations
that
I
will
comment.
I
left
apart
a
security
considerations
about
the
the
information
to
be
processed
by
Alto
I.
F
Think
that
probably
this
is
internal
and
not
a
matter
to
be
a
standardized
or
to
we
explore
in
Delta
working
group,
but
whatever
needs
to
deal
with
interoperability
with
other
elements,
level,
elements
or
other
client
could
be
worth
it
to
to
work
on
on
it
right.
So
in
the
next
slide,
what
what
I
will
address?
I
classify
the
the
topics
that
I
will
recommend
as
a
risk
and
as
a
potential
properties.
The
rigs
identify
potential
issue,
a
security
concern
in
that
interaction,
either
in
the
Northbound
or
in
the
southbound
and
as
a
potential
property.
F
What
they
identify
could
be
additional
information
that
Alto
could
provide,
and
this
information
is
related
to
security.
So
somehow,
in
the
first
case,
in
the
risk,
we
are
addressing
the
security
concerns
of
of
the
alto
components.
Let's
say
in
the
second
case,
what
we
are
doing
is
comment
about
possible
use
cases
that
Alto
could
enable
from
the
security
perspective
so
providing
security
information.
So
how
this
second
case
would
be
a
common
would
be
similar
to
the
what
iuf
has
commented,
but
I
will
provide
some
other
potential
use
cases,
let's
say
so.
F
I
will
move
for
the
next
slide.
So,
regarding
the
information
retrieval
a
number
of
risks,
a
number
of
issues
could
be
considered
the
first
in
the
interaction
with
the
network,
in
enabled
sense
so
with
the
network
elements,
but
also
with
the
controllers.
So
essentially,
the
the
point
here
would
be
that
the
the
separate
connection
to
the
network,
to
enable
elements
or
to
the
controller
or
to
the
controllers,
it
must
be
secure,
so
probably
I
mean
we
need
to
enforce
all
these
secure.
F
The
second
point
is
the
second
issue:
consideration
is
that
to
have
some
robustness
again
new
parameters
or
stations
that
could
come
from
that
Protocols
of
their
mechanisms,
use
it
used
for
retrieve
retrieving
the
information,
for
instance
augmentation
or
new
nlris
for
the
bgpls
new
generation
that
could
come
with
the
models
and
so
on.
Playing
with
that,
augmentations
could
crash
the
retrieval
of
the
information
and
so
how
we
need
to
secure
Alto
server
from
that
potential
issues
right.
The
third
case
will
be
to
100
very
frequent
Network
updates
that
can
stress
the
alto
server
processing.
F
So,
in
some
cases
there
will
be
timers
being
specified
like
could
be
in
the
case
of
bgp
or
or
this
will
result,
I
mean
not
new
updates
from
BJP
good
results
for
this
in
the
network.
That's
on
how
are
modulated
by
the
timers
of
the
IDP,
as
this
is
another
case
could
not
be.
The
situation
could
not
be
like
that.
So
somehow
we
need
to
protect
the
the
to
secure
the
ultra
server
from
very
frequent
Network
updates,
so
that
will
be
related
for
the
the
interaction
with
the
network.
F
A
second
set
of
risk
identify
could
be
about
the
integration
with
additional
data
or
additional
metrics
or
sources
providing
data
or
metrics.
Let's
say
so
in
in
region
before
would
be
a
secure
retrieval
of
information
from
external
components,
and
these
components
could
be
props.
Maybe
for
measuring
the
the
performance,
metrics
management
system
for
retrieving
information
related
to
the
characteristic
properties
of
the
nodes
inventory
systems
we
can
collect.
F
We
need
to
collect
information
from
the
inventories,
for
instance,
the
the
location
could
be
one
of
them,
etc,
etc,
and
the
fifth
one
could
be
mechanisms
for
can
be
financially
and
secure.
Interchange
of
information,
for
instance
the
metrics,
so
we
need
to
expose
or
sorry
we
need
to
collect
this
information
in
a
secure
manner
in
order
to
avoid
that
others
can
take
this
information
and
and
yeah
use
this
information
with
malicious
purposes.
F
So
we
need
also
to
find
secure
ways
of
interchanging
the
PID
of
interest
between
the
alto
client
and
the
alto
server
so
either.
If
we
go
to
randomization,
for
instance,
we
need
to
ensure
that
that
communication
is
secure
between
the
client
and
and
the
server,
because
we
need
to
yeah
to
to
know
what
is
the
PID
that
the
the
alpha,
so
a
client
is
requesting
is
interested.
The
second
case
will
be
Associated
to
Performance
metrics
that
can
permit
malicious
parties
to
produce
targeted
attacks.
F
So,
for
instance,
if
we
are
revealing
that
we
have
an
exceptional
performance
in
in
a
given
link
or
path,
maybe
some
attackers
could
try
to
to
do
something
in
order
to
create
problems
in
that
path.
So
we
need
to
essentially
yeah
protect,
also
that
information
to
obfuscate
that
information
that
cannot
be
taken
by
malicious
parties
and
the
final
set
of
requirements
here
will
be
about
the
Direction
with
the
auto
clients,
so
that
the
client
server
interface
can
suffer
attacks
for
malicious
clients.
F
So
maybe
we
can
consider
publish
And
subscribe
mechanisms
in
such
a
way
that
we
can
separate.
We
can
isolate
the
client
from
the
auto
server.
The
second
one
will
be
about
denial
of
service
because
of
two
frequent
client
requests
or
situations
where
we
can
create
tcp0
Windows
situations,
so
in
such
a
way
that
we
cannot
answer
as
fast
as
the
as
we
have
the
request
from
the
client
millions
and
the
final
opponent
here
will
be
the
secure
transport
of
client
request.
So
especially
some
initial
data
should
be
interchained,
as
could
be.
Maybe
the
this
idea.
F
A
F
One
minute
yeah
I,
will
speed
up
too
much
so
regarding
the
information
is
pressure,
so
the
the
issue
here
will
be
the
disclosure
to
other
clients
of
information
that
is
relevant
only
to
one
of
the
clients.
So
we
need
to
preserve
information
among
clients,
so
I
have
it
in
every
avoiding
this,
maybe
a
filtering
and
so
and
then
thinking
on
properties
are
not
risk
to
potential
usage
of
enabling
security
cases
that
could
be
the
augmentation
of
math
present
in
security
related
properties.
F
It
could
be
the
the
the
information,
for
instance,
about
the
encrypted
path.
That
could
be
that
the
client
could
use
for
delivering
the
traffic
or
even
providing
additional
information
about
security
at
Kobe,
for
instance,
keys
for
a
particular
communication,
the
very
last
slide,
so
the
proposal
for
action
will
be
essentially
to
overview
the
General
Security
considerations
already
existing
in
Alto
working
group
in
the
different
nfcs
and
probably
document
new
security
considerations
for
reader.
A
Thank
you
always
for
introduction,
so
I
want
to
have
a
quick
comment
for
this
security
consideration.
You,
you
know,
consider
two
aspects.
One
is
our
information
retriever.
The
second
is
auto
information
exposure.
So
do
we
expect
you
know
we
need
to.
You
know,
provide
a
more
secure
mechanism
to
for.
For
this.
You
know,
information,
Retriever
and
information
exposure.
F
Yeah
I
I
think
so,
as
mentioned
for
this
as
a
case,
the
Publishers
case
will
be,
for
instance,
something
sensible
trying
to
decouple
the
client,
the
interaction
of
the
client
with
the
server
we
can
find
a
way,
and
this
is
way
of
of
protecting
the
server.
That
could
be
an
example
and
for
the
retrieval
and
the
information
the
same
noise.
We
need
to
go
through
other
systems
like
management
system
inventories,
and
so
we
need
to
also
to
protect
that
communication.
That
could
be
two
examples
so
making
the
answer
brief.
A
F
Could
be,
or
as
a
property
of
the
path
to
communicate
or
to
suppose,
if
the
path
has
inclusion
capabilities,
maybe
this
could
be
relevant
for
the
client,
maybe
using
an
encrypted
path
instead
of
a
path
that
does
not
incorporate
this
increasing
capabilities.
A
second
case
could
be,
for
instance,
the
a
for
the
for
the
map,
also
to
provide
for
a
given
session
the
some
keys,
for
instance,
the
public
key
for
encrypting
the
traffic
in
in
a
particular
session.
A
D
Yeah
sorry,
music,
okay,
Luis
I
think
this
is
a
very
good,
very
complete
survey
of
the
whole
security
and
and
Trust
Central
workflow
I'm
curious.
If
you
might
even
go
for
example,
for
this
document,
you
might
even
consider
even
a
little
bit
more
in
particular
if
I'm
thinking
about
the
whole
security
or
information
management,
for
example,
one
use
I
guess
let
me
use
the
case
of
bgp
one
of
the
classical
examples
in
bgp,
which
is
actually
the
security
compromise
of
the
DDOS
compromise.
D
Is
one
alternative
system
wouldn't
ask
okay,
my
bdp
pass
to
everyone
is
zero
right
and
everyone
was
sending
traffic
to
this
guy
and
then
essentially
would
crash
whole
internet.
So
for
that
I
don't
have
that
security
issue
or
the
DDOS
issue,
and
so
on
and
it's
a
bug.
Would
you
consider
some
kind
of
Integrity
of
the
information
into
your
framework
or
into
this
exposure
in
a
sense
of
cracking?
Yes,
the
information
channel
is
secure,
it's
all
authenticated,
but
what?
If
an
auto
server
says?
Okay,
my
cost
to
the
information
totally
wrong.
D
I
was
given
locations.
So
therefore,
then
the
client
with
total
means
misled.
Do
you
think?
There's
some
way
we
can
integrate
such
an
integrated
check
or
essential
unit
test
into
the
system.
For
example,
clients
say:
hey
I
really
know
the
cost
from
A
to
B.
It
should
be.
You
know
it
should
be
five
and
here
you're,
giving
me
10,
which
means
you're
wrong.
Instead
of
embedding
some
kind
of
unit
test
into
an
auto
system.
F
Yeah,
it
could
be
interesting
as
well.
There
is
on
some
discussion
about
integrity
in
some
of
the
rfcs.
The
the
one
regarding
out
to
deployments,
if
I
not
run
so
certainly
Integrity
of
the
information
is,
is
something
already
addressed
or
commented
in
previous
services,
and
certainly
the
case
that
you
mentioned
it
provides
total
value.
So
I
am
my
short
answer
will
be
yes,
this
is
something
that
we
can
consider
as
well.
A
Yeah,
okay,
any
other
comments,
I
I
think
I
want
to
make
another
comments.
You
know
we
in
Auto
working.
We
already
have
Auto
development
of
C.
It
is
now
outdated.
Maybe.
Do
you
expect
that
we
need
to?
You
know,
make
a
piece
for
the
auto
deployment,
and
so
what
do
you
expect?
The
outcome
for
this
purpose.
F
In
this
case,
certainly
in
the
there
are
some
discussion
in
the
alto
deployment,
but
the
focus
is
not
entirely
on
security,
so
I'm,
not
so
sure.
If
the
outcome
could
be
honest,
a
revision
of
that
previous
document
or
something
much
more
specific
focus
on
on
security.
Probably
it's
something
that
we
I
mean.
We
will
realize
what
will
be
the
proper
outcome
to
to
have
once
we
start
exploring
all
the
all
the
previous
information
I
mean
all
all
these
issues
already
identified,
probably
after
that
would
be
more
clear.
What
could
be
the
potential
outcome.
A
Yeah
so
I
think
in
the
past,
with
this
cancer
you
know
you
know,
for
the
auto
information
when
we
distribute
this
kind
of
information,
maybe
exposes
some
sensitive
information,
so
one
purpose
is
to
use
Jose
to
carry
the
auto
information.
So
maybe
you
know,
as
you
the
example
you
gave.
Actually
maybe
we
can
to
make
a
we
can
ask
in
order
server
to
indicate
to
the
Canada
weather
we
use
the
wholesale
or
use
some
information
mechanism.
A
This
could
be,
you
know
additional
property,
but
not
so
many
properties,
because
I
I
really
think
you
know.
If
we
introduce
too
many
security
attributes,
maybe
we'll
you
know
damage
the
manual
performance
when
you
distribute
the
auto
information,
so
we
really
need
to
look
for
the
balance
between
security
attribute.
We
introduce
and
then
another
performance.
We
when
we
distribute
information.
A
C
The
basic
comment
here
is
that
to
say
that
yeah
we
as
we
are
closing
the
the
remaining
document
from
the
working
group
and
we
we
have
already
received
some
feedback
from
the
participant
about
the
the
future
of
the
working
group.
I,
think
that's.
It
will
be
really
good
to
revive
that
discussion
so
that
we
can
sum
up
and
canalize.
C
We
and
the
interview
there
to
design
what
would
be
the
I
would
say
the
better
next
step
for
the
working
group,
so
we
are
seeking
to
have
more
I
would
say,
follow,
requests
to
the
to
the
current
text
that
we
can.
We
can
filter
out
it
and
I
would
say,
sort
out
the
items
that
are
candidate
to
the
to
be
considered
for
eventual
with
Theory
Charter
of
the
working
group,
and
but
all
of
this
will
be
dependent
on
discussion
that
you
will
have
also
in
with
with
our
area
director.