►
From YouTube: IETF-DRIP-20230614-1400
Description
DRIP meeting session at IETF
2023/06/14 1400
https://datatracker.ietf.org/meeting//proceedings/
C
D
C
C
C
B
A
D
C
B
D
G
G
E
G
G
F
B
G
G
E
G
E
Mean
yeah,
so
for
yes,
please
for
the
previous
one.
So
this
is
basically
to
see
that
yeah
we
have.
We
have
sent
deletion
statement
and
we
all
what
we
received
the
Knack
from
the
from
Phil
from
dstm,
and
we
hope
that
the
you'll
make
an
action.
So
we
set
the
the
deadline
for
the
next
July
by
then.
If
we
don't
receive
everything
we
say
any
any
follow-up
or
if
we
don't
have
any
concrete
actions.
E
H
F
C
D
C
B
B
We
got
a
thing
saying
that
it
would
be
up
within
the
week
and
then
yesterday
I
think
we
got
a
request
for
any
updates
to
our
registration
request,
and
this
morning
we
saw
some
back
and
forth
with
the
one
other
request
store,
who
needs
to
provide
some
information
that
that
you
know
we
had
already
provided
and
the
the
draft
of
the
specific
session.
Id
information
is
already
online,
although
it
is
online.
B
I,
don't
know
why
it
turned
itself
off
anyway.
The
the
specific
session
ID
thing
is
online.
I
do
not
believe
it
is
necessarily
online
with
the
interface
that
ultimately
will
be
provided
because,
right
now,
it's
just
a
link
to
a
Google
doc
or
something
like
that
with
a
spreadsheet
that
has,
you
know
a
header
row
and
two
more
rows,
one
of
which
is
our
specific
session,
ID
type,
which
it
shows
as
having
been
granted
back
in
January
of
2022,
because
it
was
in
fact
baked
into
the
f3411-22a
standard.
B
But
it
was
not.
Actually,
you
know
in
you
know
a
registry,
even
though
it
was
in
the
standards
document,
so
that
should
be
presumably
within
a
matter
of
days.
In
a
you
know,
a
public-facing
registry
view
of
some
sort,
and
then
what
I
have
not
seen
is
the
Sam
types,
and
those
of
course,
are
the
things
that
were
not
baked
into
the
standard,
and
then
we
need
to
get
assigned.
But
you
know
we
have
their
assurances
that
that
will
be
online
within
a
week
as
well.
F
That
came
from
Gabriel
Cox,
who
was
the
head
chair
of
the
f-34,
the
working
group,
not
the
chair
of
the
f-38
committee,
so
Gabriel
reached
out
to
us
to
make
sure
that
the
the
allocation
for
the
identifier
was
good,
and
then
that
was
how
we
learned
of
the
update
that
they
were
quickly
moving
forward.
So.
B
G
C
Be
fine,
I
mean
the
best
thing
would
be
to
get
a
liaison
statement
back,
okay
from
ASTM,
of
course,
because
it
fits
all
the
checks
and
blah
blah.
But
as
long
as
we
have
something
from
coming
from
sdma,
you
got
this
this
and
this
and
this
via
an
email
or
or
whatever
thing
right.
That's
perfectly
fine,
okay,
and
it
doesn't
need
to
be
the
form,
the
liaison
statement.
It
will
be
easier,
but
I
mean
let's
be
yeah.
E
C
G
E
F
F
F
F
How's
that,
for
you,
guys,
hey
better
all
right,
so
we've
just
talked
about
this
a
little
bit
the
updates,
that
is,
the
current
allocation,
naming
schemes
and
whatnot
for
the
session
ID.
A
lot
of
this
will
be
just
doubled
over
for
the
Sam
code
points
when
we
actually
get
them
in
I
guess
the
only
question
I
have
to
Eric
on
this
is
the
organ
name
is
marked
as
ietf
on
that
spreadsheet.
F
C
F
F
These
were
his
points
across
to
thing.
The
delegation
of
the
domains
is
a
request
from
the
ieb,
so
we
have
to
have
an
ionic
consideration
section
for
it
also
for
the
RR
type
that
we
were
going
to
have
at
the
time
the
RR
type
wasn't
actually
in
there.
It
was
just
a
placeholder.
That
said,
there
will
be
an
RR
type
defined,
so
he
pointed
us
to
what
we
I
would
need
to
do.
A
F
Yeah
it
was,
it
was
a
Nimble
problem,
section,
10
was
very
hand.
Wavy
Bob
pointed
him
to
the
DKI
draft
that
had
just
been
posted
at
the
time.
So
I
think
that
has
been
cleared
4.5.
He
wants
to
move.
He
said
it
should
be
moved
to
the
terminology.
Section
I
have
no
opposition
to
that,
and
then
he
pointed
out
that
there
are
some
terms
that
were
not
defined
and
should
be
added
to
the
terminology
section.
So
I'm
gonna
parse
through
the
document
in
dash
11
to
make
sure
that
that
is
done.
E
F
E
E
A
C
C
F
F
I
will
go
back
and
I
will
respond
to
the
email
more
formally
for
a
lot
of
this.
But
a
lot
of
his
text
cleanup
ended
up
in
dash
10,
the
latest
version,
but
I
need
to
go
back
and
make
sure
that
I
caught
all
of
the
text
clinics
he
me
and
Bob.
The
reason
we
talked
was
because
the
DKI
document
had
just
came
out
and
we
were
trying
to
Grapple
as
two
authors.
F
What
goes
in,
what
bucket
and
a
lot
of
this
is
just
to
remove
Iko
delegations
to
a
minimum
just
so
that
the
process
is
not
as
hard.
We
know.
Iko
is
a
big
organization
has
193
members,
so
it
is
not
easy
for
them
to
just
stand
up
and
say.
Yes,
we
can
do
something
for
you
there's
a
lot
of
stuff
that
needs
to
go
on
in
the
background,
some
of
which
we
don't
have
the
time
for
so
we're
trying
to
do
that.
B
F
B
F
F
I
haven't
seen
that
go
over
the
email,
I'm
gonna
go
look
for
it
after
this
meeting,
because
I
didn't
see
it,
but
there
were
four
major
things
in
that.
First
off
section
5.3
was
under
specified.
5.3
is
basically
us
saying
there
needs
to
be
a
name
server
of
some
kind,
but
we
don't
give
any
details
on
how
to
do
that.
But
I
make
the
note
in
the
document
that
the
people
that
will
probably
be
reading
this
document
are
USS
vendors.
F
They
are
not
DNS
maintainers,
they
don't
know
how
to
run
DNS
servers,
so
we
probably
need
some
sort
of
language
in
there
to
help
them,
along
which
the
upster
agreed
with
100
percent,
and
also
you
made
a
comment
that
the
resolution
is
of
the
uas.
Ids
and
DNS
is
potentially
life
critical.
So
we
have
to
take
that
into
consideration.
F
Got
it
section.
6.1
was
hard
to
parse
for
him.
I
agree.
I
was
working
on
dash
10
before
his
review
came
in,
and
that
is
one
of
the
major
fixes
is
section
6.1,
so
it
will
need
a
re-review
by
him
section,
seven.
He
he
I
think
he
was
saying
it
was
incomplete,
I'm,
not
quite
sure,
but
he
was
pointing
out
that
the
key
management
problems
should
be
elucidated.
So
we
need
to
look
at
that
section.
F
Section
seven
is
about
the
the
lookup,
the
differentiated
access
process
and
then
finally,
section
eight
he's
like
Iko
domain
sound
like
a
type
of
TLD.
It's
an
action
of
I
can.
If
we
are
doing
such
a
thing
and
then
other
DNS
related
items
should
be
done
with
the
DNS
SME
like
DNS
Turk,
which
we
had
already
gone
through.
So
that's
good.
F
E
B
E
You
there
is
also
the
review
from
the
security.
It
was
personally
disappointed
because
I
was
expecting
to
have
more
I
would
say
deep
review
on
some
of
the
aspects
that
are
in
the
document,
but
the
reviewers
basically
see
that
we
are.
The
document
is
just
defined
an
error
type
and
there
are
no
major
stuff
to
to
say.
E
I
personally,
disagree
with
him,
because
there's
a
lot
of
aspects
in
this
document
that
are
really
required,
I
would
say
serious
reviews
from
the
security
people
to
make
sure
that
we
are
really
doing
something
we
share,
which,
which
is
I
would
say
good
from
from
a
security
standpoint.
So
I
was
easy.
Thank
you
to
reply
to
that.
To
that
review
and
to
request
another
I
would
say
Security
review,
but
finally,
I
didn't
meet
it
because
I
I
appreciate
that
people
they
took
their
time
to
review
the
documents
and
to
share
it.
E
E
B
B
F
G
E
B
G
I
Yeah,
so
so
the
and
I'll
let
solo
volunteer
as
much
as
he
wants.
In
that
regard,
I
mean
I
mean
the
the
red,
the
registrar
from
what
I
could
tell
on
execution.
I'll
say
this
from
an
outside
perspective.
To
Ako
I
mean
it
appears.
The
the
operation
of
the
Porto
is
imminent,
I've
been
talking
with
the
individual.
That's
been
working
on
on
deployment
of
it
and
getting
it
working
and
from
what
I
could
tell
that.
It's
it's
going
to
be
imminently
up,
probably
within
a
few
days.
I
would
expect
okay.
G
I
Show
me
a
demo
of
it
operating
and
stuff
like
that,
and
so
there
was
just
a
little
final
there's
little
final
tweaks
that
was
made
in
some
of
the
verbiage
and
things
like
that.
That
was
being
done
over
the
last
day
or
so
and
I
think
he's
seeking
out
some
final
approvals
to
go
live
solo.
If
you
want
to
add
to
that
that
that's
my
impression
so
far,.
H
G
I
Do
the
review
on
the
inbound
and
so
I've
already
prepared
Iko
that
are
the
first
customer
of
the
systems
probably
going
to
be
ietf
is
the
day
it's
launched,
they're,
probably
going
to
have
the
first
things
coming
in
and
I'm
going
to
be
prepared
to
do
a
same
day,
review
and
and
and
I
expect
to
authorize
them
as
I
already
know.
What's
coming
so
I
expect
to
authorize
them
as
soon
as
they
come
in.
I
So
that's
that's
what
I'm
expecting
so
I
we
we've
got
like
the
the
the
SLA
that's
going
to
be
in.
There
is
going
to
be
like
a
one
month.
Sla
is,
is
going
to
be
like
the
guarantee
time
or
something,
but
but
I
know
you.
You
guys
have
some
urgency
around
that
and
and
it
and
it's
I,
don't
think
any
of
them.
Gonna
are
gonna
take
a
month.
I
G
D
F
I
But
if
you
see
this
as
kind
of
a
fire
and
forget
you're
going
to
do
this
this
time
and
and
you
know
what
you're
going
to
do
with
the
range
of
numbers
you're
going
to
do,
I
I,
don't
know
why
I
would
spend
a
lot
of
time.
Setting
up
Liaisons
I
mean
it's
just
going
to
be
a
transactional
process
and
that
and
those
numbers
will
be
assigned
indefinitely
yeah
to
ITF
once
they're
granted.
C
So
if
you
allow
me
to
speak
with
my
area
director
head
on
this
one
and
they're
real,
you
are
perfectly
right,
so
we
don't
need
an
official
liaison
people
or
liaison
between
iatf
and
accio
istm.
For
this
simply
an
email
or
web
page
or
whatever,
very
informally
or
just
you
say,
buy
and
forget,
is
completely
enough
for
the
ATF
side
of
it.
D
This
might
play
out
on
the
Ikea
side
of
things.
I
mean
I've
seen
this
situation
happen
in
another
international
organization,
I
won't
see
which
one,
but
the
reaction
was.
Who
are
these
ITF
people
they're?
Not
even
members?
Why
are
we
talking
to
them?
Who
the
hell
do?
They
think
they
are
so
I'm
trying
to
avoid
that
potential
scenario
maybe
occurring
it
shouldn't
happen,
given
the
fact
that
a
close
relationship
with
Salvo
and
his
colleagues
but
I
was
just
trying
to
think
along
those
lines
in
case
that,
like
we,
have
a
bit
of
problems.
I
And
that's
a
good
point
too,
and,
and
so
ASTM
has
has
given
instructions
to
IKEA
and
in
in
terms
of
how
the
the
requests
are
approved
and
and
absolutely
there's
no
requirement
for
like
an
Iko
membership
or
something
like
that
for
them
to
make
an
approval.
If
that
were
to
happen,
then,
when
then,
then
we
would
have
found
a
KO
to
be
the
wrong
choice
for
a
register
registrar.
We
would
have
to
go
find
another
one,
but
the
and
in
fact
there's
not
an
ASTM
membership
requirement
either.
I
If
you
didn't
fill
in
the
information
you're
required
to
fill
in
there's,
there's
some
Fields
you
got
to
fill
in
and
they
they
have
a
kind
of
a
a
form
that
needs
to
be
properly
filled
and
if
it's
not
filled
in
or
something
or
most
things
are
left
blank,
there
might
be
a
reason
for
them
to
reject
it,
but
outside
of
that,
it
wouldn't
be
following
I,
wouldn't
be
following
the
letter
that
we
sent
to
KO
so
I
I.
Don't
expect
that
to
happen
in
this
case.
G
I
I
and
and
I
I
just
wanted
to
probably
a
just
ex
Express
that
the
acknowledge
and
express
that
the
frustration
of
how
long
this
has
taken
is
understandable
and
and
also
the
the
reality
of
what
these
things
takes
are
in
how
much
time
they
take
and
and
particularly
on
more
so
on
the
Diplomatic
side.
It
does
on
the
the
technical
implementation
side.
D
H
A
Okay,
yeah
I
I
think
Jim
was
going
Beyond.
This
ASTM
AK
Iko
to
items
that
that
Adam
was
getting
ready
to
talk
about
in
a
larger
Iko
and
I.
Also
point
out
that
I
ietf
does
have
a
place
on
the
Iko
trust
framework
panel,
and
that
may
be
some
of
how
we
maybe
get
some
of
the
rest
of
this
work
done.
Maybe,
but
that's
all
I
wanted
to
say
and
yeah.
F
Do
we
want
to
continue?
Thank
you
or
I
left
the
offer,
all
right,
zoom
zoom,
zoom
zoom.
This
is
where
we
left
off
all
right.
So
these
are
the
working
items
for
the
registry
stuff.
So
this
is
stuff
that
I'm
currently
working
on
and
is
currently
going
through
some
flux
in
the
document
and
especially
in
10.,
so
in
10,
in
discussions
with
Bob,
which
we
will
forward
into
the
list
and
have
more
discussions
on.
But
this
is
a
first
cut,
the
ra
allocations
or
pre
definitions.
F
I
guess
is
a
word
we
could
use
so
the
justifications.
The
Iko
process
is
long
because
it
needs
to
be-
and
that's
fine,
so
we
want
to
try
to
predefine
what
we
can,
so
that
ietf
and
other
things
can
just
catch
up
later
and
make
stuff
move
forward.
So
for
this
reason
the
Raa
space
has
been
carved
up
the
Apex.
So
you
can
see
here.
This
is
the
breakdown
of
all
the
the
numbers
of
all
the
Reas
and
you'll
notice.
F
We
have
two
new
ones:
two
things
areas,
ISO
numeric
codes
and
manufacturer
code
authorities
along
with
experimental,
and
we
make
it
so
that
the
RAS
are
allocated
in
groups
of
four
to
keep
on
nibble
boundaries.
This
is
for
DNS
data
delegation
because
we
split
the
nibble
in
half,
and
that
was
a
dumb
mistake
and
that's
on
me,
I
was
the
one
that
chose
that
and
I
kicked
myself
and
I
will
continue
to
kick
myself
until
the
end
of
time,
because
I
did
that.
F
So
that's
what
this
is.
So
the
iso
numeric
codes
Bob
had
an
epiphany
while
working
with
the
DKI
and
the
IIT
iatf
the
trust
framework
stuff,
that
there
are
ISO
codes
for
countries
and
we
were
going
to
have
caas
run
raas.
So
why
not
use
those
and
then
map
them
into
the
Rea
space?
So
we
took
the
numeric
codes
and
we
came
up
with
a
conversion
which
you
see
here
on
the
screen
to
allocate
ranges
of
raas
four
of
them
per
each
CAA.
F
There
are,
we
were
already
using
ISO.
We
wanted
it
for
text
abbreviations,
so
this
just
naturally
is
an
extension
upon
that
and
we
can
jump
start.
The
deployments
and
Bob's
DKI
draft
gets
a
little
bit
into
this,
of
how
this
jump
start
can
happen
and
an
example.
Two
examples
are
on
the
bottom,
one
for
an
encode
and
one
for
a
decode.
F
There's
more
in
the
document
as
well
to
explain
what
the
iso
codes
are
and
how
densely
packed
it
is
the
manufacturer
code
authorities.
So
this
is
because
we
want
manufacture
each
manufacturer
code
from
anti-cta
to
have
to
have
the
potential
for
an
HDA
associated
with
it
in
just
one,
but
there's
one
million
three
hundred
and
thirty.
Six
thousand
three
hundred
and
thirty
six
different
combinations
of
a
four
character
base
34
code.
F
F
F
F
The
upper
four
that
we
are
in
this
range
are
for
the
drip
working
group
to
temporarily
hand
out
to
a
business
say
like
Google,
who
wants
to
run
an
Raa
and
test
to
make
sure
their
stuff
works
before
they
go
and
get
an
Raa
value
or
allocation
in
the
actual
space,
and
so
that's
what
this
area
is
about.
The
new
resource
record
type
was
added
at
least
a
very
rough
cut
of
it.
We're
thinking
about
it
being
C
bore
encoded.
F
It's
basically
a
derivation
of
the
hip
resource
record,
just
with
new
Fields
added,
the
abbreviation
the
URI,
the
endorsement,
an
active
flag
and
the
serial
number
there's
some
questions
on
how
the
endorsement
gets
marked
as
expired.
I
think
it's
just
the
whole
record
gets
marked
as
expired
and
then
I
make
a
statement
claim
here
that
all
other
endorsements
or
x509s
or
insert
records
in
the
DNS.
F
F
F
So
this
last
section
this
is
my
last
slide.
Actually
so
section
6.1
had
a
rework.
This
was
even
before
the
hopster
review,
so
I
cleaned
up
a
lot
of
the
text.
I
made
subsections
for
each
of
the
different
Mo
supported
scenarios
that
we
would
want
I
added
figures,
and
then
there
is
some
overall
debate.
How
does
this
fit
in
the
DNS?
Where
is
the
Apex?
Who
runs
the
Apex?
F
A
And
I'll
take
over
I
was
working
with
draft
09
to
try
to
get
some
test
stuff
up
and
I
couldn't
for
resale
go
to
here
and
the
next
slide
kind
of
gives,
where
I
ended
up
being
next
slide,
we're
at
the
political
level
or
are
we
maybe
higher
at
the
religion
level
as
I'll
be
getting
to
these
are
old
discussions.
This
is
from
Carl
Malmo
with
Stax
books,
I,
don't
know
Eric
if
you
had
an
encounters
with
with
Carl
back
in
the
early
days
anyway.
A
A
There
are
no
open
tools
for
creating
endorsements
and
note
their
understanding
of
what
the
contents
of
these
resale
records
and
there's
no
way
to
do
it
except
me,
so
I
had
to
learn
some
python.
So
if
you
see
what's
up
there
in
GitHub,
if
it
looks
kind
of
snaky,
please
do
better
anyway.
So
now
we
have
something
and
Jim
was
kind
of
the
test
set
up
a
testing,
DNS
environment.
A
This
exposed
some
serious
delegation
requirement
a
need
for
the
the
assignment
and
delegation
procedure
in
the
end.
Iko
cannot
be
expected
to
step
into
this
in
time.
If
we
want
to
do
this
for
people
who
want
to
test
in
the
next
couple
of
months,
we
have
to
be
honest
with
with
the
Iko
process
and
so
going
to
the
drip.
Registries
authors
wanted
the
simple
reverse:
nibble
I'd,
be
six
output
structure.
A
I
wanted
something
more
grouping
off
of
an
apex
structure
and
with
the
infrastructure
stuff
going
this
infrastructure,
it
would
still
be
under
our
book
impulsive
challenges,
finding
the
management
entity
it
doesn't
matter
like
which
way
you
try
to
cut
it.
It's
still
the
magic
entity
back
a
little
bit
still
Daniel.
He
was
a
little
too
fast
for
me
and
I'm
going
to
go
with
with
the
ip6
arpa,
but
with
reservations,
because
it
just
flies
straight
in
the
fast
of
problems
with
the
IPv6
ip6
delegation.
Next
slide.
C
A
The
reason
why
is
we've
been
using
Iko
and
I
think
that
that
gets
too
political.
We
need
something
else
there
and
and
and
do
so.
Let's
use
h.
I
t
since
that's
what
I
call
the
thing
and
that
maybe
what
we
may
end
up
doing
is
called
hhit
for
the
for
the
Apex.
So
that's
I
have
Apex
in
the
thank
you
Eric,
we'll
start
we
will
be
working
our
nomenclature
accordingly,.
A
Yes,
I
mean
thank
you,
Salo
love
working
with
you,
I
know
what
you're
up
against,
and
so
we
gotta
be
careful
using
Iko
in
our
documents.
So
the
trust
in
key
handling
everything
I've
been
talking
since
19,
since
2019
has
had
three
levels
of
endorsements
and
it's
flawed.
It's
flawed,
because
the
HDA
needs
to
frequently
sign
the
UA
debt
endorsements
and
that's
a
major
security
risk,
and
this
is
why,
in
in
x509
pkis,
we've
always
had
an
intermediate.
D
A
A
So
as
a
result
of
this
I
released,
we
need
to
clear
designation
endorsement
types
and
Hiking
with
three
labels
and
authorization
endorsement
and
issuing
endorsement
and
an
operation.
In
endorsement,
that's
explained
in
the
introduction
section
of
this
document.
What
these
three
are:
the
authorization
issuing
is
the
new
risk
mitigation
piece.
I
move
the
frequent
science,
something
called
issuing.
If
it
needs
to
be
reissued,
it
doesn't
kill
things
if
the
authorization
got
compromised
or
would
that
be
painful.
A
I
also
talk
about
how
these
things
can
actually
be
done,
how
to
do
the
risk
mitigation
and
how
to
do
this.
Signing
process.
I
have
lived
of
x509
signing
I've
I've
talked
to
people
who
had
had
the
Auditors
on
site.
Doing
this
I
want
to
try
to
avoid
that
and
make
it
a
virtual
operation,
so
I've
been
looking
for.
You
know
looking
at
at
lessons
learned
in
the
past
25
years
how
to
do
this
without
the
pain
this
does
impact
the
broadcast
grid
trust
chain.
A
A
And
then
we
come
down
to
the
missing
Apex
that
you
just
talked
about
there
Eric
what
entities
to
function
as
the
drip
Apex
and
it
came
out-
don't
look
Tire
kale
to
easily
step
into
this
role
in
a
timely
frame
and
I'll.
Give
you
the
lessons
learned
that
the
iatfpki
has
a
bridge.
Ca
doesn't
exist
yet
the
FAA
and
Euro
control
want
to
get
on
with
the
swim,
testing
and
moving
forward.
They
are
crossed.
They
have
cross-certified
they're,
not
waiting
for
a
bridge
to
be
brought
up
because
they
have
business
to
do.
A
Why
do
I
think
that
we'd
be
able
to
be
more
successful
than
them?
We
need
an
alternative,
so
there
are
three
Alternatives
which
are
discussed
in
the
draft.
A
trustless
of
raas
I
recommend
this,
but
a
little
issues
on
how
to
distressless
and
no
Apex
in
off
Transmissions.
As
a
result,
once
you
got
this
list
distributed,
another
way
is
to
to
the
RAS
to
cross
indoors.
Much
like
what
FAA
and
Euro
control
are
doing.
A
It
has
an
n-squared
scaling
problem,
but
can
be
acceptable
for
initial
testing
or
an
RA
Bridge
as
what's
in
the
iatf
pki,
but
then
back
to
who
runs
the
bridge.
So
these
are
discussed
in
the
draft.
Please
review
them
and
I'm
going
to
move
forward
with
with
the
trust
list.
For
now
this
simplify
the
ra
assignment
process
that
Adam
just
spoke
about
using
the
the
iso
3166-1
numbers.
Surprise,
surprise:
I,
went
digging
and
found
out.
A
There
is
an
official
un
numbering
for
each
of
the
nation
states
and
we
have
the
CTI
codes
that
we
can
get
to
an
official
manufacturer,
our
HDA
allocation,
and
it
is
the
test
raas,
but
I
know
there
will
be
others,
because
there
are
Regional
agencies
involved
as
well.
I've
mentioned
Euro
control
twice.
Where
would
Euro
control
potentially
fit
into
this?
A
The
Apex
needs
to
be
non-political
to
get
this
done
and
if
Iko
is
really
not
the
is,
can
we
set
up
a
very
good,
well
architected
environment
such
that
I
am
or
I
can
do
this?
This
is
why
I
want
to
take
this
discussion
into
the
DKI
which
can
take
time
to
resolve
and
let's
get
Registries
done
next
slide.
A
Also,
there
are
some
in
the
aviation
that
really
really
want
x509
certificates.
They
do
not,
like
my
nice
tight
endorsements
that
our
team
has
developed.
So
how
to
do
this
as
a
backup
to
the
DKI
and
as
light
as
possible
and
you'll
see
two
different
models:
two
different
profiles
for
x509
in
the
document
and
Note
and
notice
about
that.
The
peak
kicks
certificate
certificate
requests
is
come
here
for
your
call
for
the
debt
registration.
A
This
gets
to
section
10
interrupt
Registries
and
I
will
need
to
sort
that
out.
There's
another
item.
I
have
in
there
section
five
in
the
pki
and
that's
why
I
talk
about
actual
integration
with
the
IQ
iatfpki,
and
this
could
be
a
major
move
forward
grip
because
it
will
get
us
involved
in
general
aviation
or
having
our
x509
pieces
in
the
iatfpki.
A
So
I
am
thanks
to
Salo,
having
brought
me
into
the
to
be
able
to
do
it
so
now.
In
conclusion,
this
document
grew
out
of
filling
gaps
in
Registries
and
part
of
this
document
now
be
sliced
out,
because
now
it's
in
Registries
is
every
so
it's
not.
The
question
is
now:
is
everything
now
addressed
in
both
documents?
F
So
I'll
just
say
one
thing
on
this,
and
this
is
kind
of
why
I've
been
working
a
little
bit
with
tandem
with
Bob
privately
on
this,
because
when
the
DKI
was
presented
to
me,
my
immediate
major
concern
privately
was:
if
we're
doing
this
Registries
needs
to
be
very
technical
in
nature
and
decal
needs
to
be
very
political
and
process
focused
in
nature
and
the
DKI
or
not
the
DKI.
The
Registries
should
be
technically
broad
enough
that
anything
we
want
to
do
in
DKI
can
be
done
so
that
is
kind
of
the
back
and
forth.
F
That's
kind
of
been
happening.
I
think
we've
reached
a
good
middle
ground
on
that
I.
Don't
think,
there's
anything
in
Registries
that
causes
DKI
not
to
do
something
correctly,
but
then
again,
DKI
can
just
update
Registries
and
go
yeah.
There
needs
to
be
a
new
process
here.
It
is
right
or
new
way
to
do
thing
something
here.
It
is
so
I
I,
don't
think.
There's
I,
don't
think.
There's
any
problems.
I
just
wanted
to
point
that
out
that
that's
where
I'm
coming
from
with
this.
A
Like
how
do
I
create
debts
that
use
ecdsa,
Point
compression
RC
9480
do
I
have
to
put
something
in
Iana
considerations
for
that
to
happen
and
put
that
in
in
the
DKI
document
that
I
don't
have
the
answer
to
yet.
But
it's
one
of
the
things
which
I'm
looking
that
I
may
have
to
do
for
the
crypto
agility
portion.