►
From YouTube: CORE WG Interim Meeting, 2020-09-10
Description
CORE WG Interim Meeting, 2020-09-10
A
Everybody
then
we
start.
We
are
five
past
five.
We
have
about
an
hour
and
a
half.
I
think
we
will
have
enough
time
so
welcome
again
to
the
core
working
group,
the
interim
meeting,
the
first
one
after
the
summer.
I
hope
you
have
a
great
vacation,
I'm
jaime
and
marco
is
there
with
us
as
well.
We
will
be
sharing
the
session
as
usual,
and
you
already
know
where
the
minutes
will
be
taken.
I
think
they
haven't
copy
pasted
in
the
webex
and
in
the
jabber
bill.
A
A
A
A
If
you
go
to
the
core
github
repository
where
you
go
to
the
resource
directory
and
you
have
the
point-to-point
responses,
markdown,
which
is
very
detailed
and
contains
all,
has
been
discussed.
There
is
about
one
two,
three,
four,
like
a
dozen
issues
in
the
tracker
as
well,
but
at
least
I
recommend
to
go
first
to
the
markdown
christine.
Do
you
have
slides
for
the
presentation?
How
do
you
wanna
do
this
session?
Okay,.
B
The
way
I
would
like
to
go
about
this
is
to
go
through
a
mixture
of
issues
that
have
been
aggregated
from
the
from
the
comments
and
the
comments
themselves.
Now
I
I
would
like
to
say
I
have
been,
but
actually
I'm
I'm
there.
There
is
about
four
left
so
I'll.
I
hope
I
won't
miss
anything
important
there.
I
have
been
sorting
them
in
basically
by
the
the
level
of
feedback
that
I
would
hope
to
get
from
all
the
importance
of
feedback
that
I
would
like
to
get
from
the
working
group.
B
Feedback,
and
so
what
I'd
like
to
do
is
basically
count
down
from
them
and
see
whether
we
get
through
everything
and
by
the
time
we
reach
wgf,
three
or
two.
I
might
even
just
kind
of
flick
them
through
the
screen
and
if
anyone
sees
something
that
kind
of
hits
their
attention,
but
it's
it's.
Those
should
be.
Those
should
be
really
no
brainers.
A
B
B
A
A
B
A
B
B
B
If
you
could
scroll
down
to
the
end
last
comment,
so
that's
I,
unfortunately,
I
haven't
managed
and
maybe
zoom
in
a
bit
or
make
the
screen
wider.
I
don't
know
so
the
what
I
what
I
would
like
to
put
in
there
and
it
would
if,
if
anyone
has
suggestions
of
how
to
do
it
differently,
it
would
be
helpful
to
have
them
now
otherwise
other
than
when
I
finish,
the
text
would
be
basically
this.
B
So
the
idea
members
who
registered
for
an
end,
who
registered
with
a
particular
endpoint
name
and
for
depending
on
what
the
credentials
are
on
the
client
side,
this
would
be
remembered
by
some
of
the
sub
by
an
identifier
derived
from
those
credentials
and
we'd
have
to
spell
out
for
each
and
every
way
of
way
of
authentication
how
this
would
be
done.
So
if
dtls
is
used
without
any
client
authentication,
then
the
registration
could
only
be
accessed
from
that
very
dtls
connection
or
possibly
a
resume
session.
If
there's
a
self-signed
certificate,
that's
good!
B
That's
kept
as
a
as
the
identifier
for
that
name
again
until
that
that
registration
has
passed
if
the
registration
expires,
everything's,
fair
game
again,
the
resource
directory
might
remember
for
some
time,
but
it
doesn't
need
to,
and
if
a
client
comes
back
and
says
it
sees
that
their
preferred
name
is
taken.
This
is
about
random
names
anyway,
so
they
can
just
come
up
with
a
new
one.
B
B
I'd
need
a
bit
of
help
from
people
from
mind
related
with
ace,
whether
there
is
any
any
scope
or
any
claim
in
an
ace
token,
that
is,
that
can
be
thought
to
really
identify
the
client
because,
as
I
understand
his
doesn't
really
so
much
identify
the
client
as
in
assigns
a
precise
identity.
That's
exactly
that
client,
but
more
expresses
authentication
and
one
authentication
could
be
to
be
recognized
as
having
this
particular
identity.
If
there's
something
like
that,
we
could
use
it.
Otherwise,
there
won't
be
any
ace
oscar
profile
for
for
this
application.
C
B
F
B
This
is
more
like
the
the
very
minimal
set
that
people
can
get
started
with
and
then
can
build
their
applications
on
or
release
a
proper,
a
proper
specification
for
something
that
encompasses
this
and
other
things,
and
I
suppose
that
it
could
even
allow
for
resource
for
rds
to
to
recognize
things
that
are
not
explicitly
in
there
but
like
if,
if
they
have
a
clue
of
how
to
identify
the
client
in
a
more
persistent
way-
and
they
are
sure
that
this
works
just
do
it.
But
it's.
B
F
F
B
E
F
E
B
The
thing
is
with
for
okay,
so
so,
but
tied
to
the
key
would
mean
the
the
the
most
general
key
that
is
involved
there,
because
if
you're
doing
lake,
then
there
is
the
the
the
oscar
key,
but
that's
not
the
key
you're
tying
to,
but
the
oscar
key
was
derived
from
an
through
a
chain
from
another
key
and
you
go
for
the
most
general
key.
There.
B
A
C
A
To
the
ip
address,
and
when
we
say
remember
things
is
that,
for
instance,
if
the
in
the
case
of
live
within
2m,
there
is
a
lot
of
observations
preset.
So
those
can
be
migrated
to
the
new
device.
Or
I
don't
know
the
term
if
it
is
migrated
or
something
else,
but
like
those
will
be
the
kind
of
thing
that
is
remembered
right.
B
B
B
B
So
naively
I'd
say
that
even
such
applications
and
this
could
be
used
as
an
example
to
put
in
there
would
need
to
check
back
if
they
sub,
if
they
kind
of
submit
a
form
in
an
in
a
curl
in
a
choral
document
that
winds
up
a
resource
restructure
or
something
like
that.
If
they
follow
such
a
form
they
or
or
post
something
based
on
a
resource
type,
they
should
probably
check
back
with
the
origin
server,
because
that
resource
directory
could
be
representing
them
unless,
of
course,
we're
trusting
the
resource
directory.
B
B
B
A
B
So
the
target
attributes
that
are
kind
of
the
the
archetypical
hint
level
information
are
things
like
content
format
or
like
the
accepted
content
format.
So
when
you
discover
a
resource,
you
don't
have
to
go
and
try
posting
data
in
any
serialization.
You
could
come
up
with,
but
you
discover
that
this
is
accepting
sentiment
only
in
zebra
serialization,
so
I'll
make
my
request,
sentiment
plus
sibor
these
these
link.
Actually,
these
target
attributes
are
work
properly,
as
hints,
so
nothing
goes
wrong
if
someone
has
the
wrong
hint.
B
B
The
point
of
this
this
item
in
in
section
seven
two-
is
that
cl
applications
need
to
think
about
what
can
go
wrong
if
the
client
discovers
unsuitable
information
and
then
either
prescribe
that
yet
the
information
in
the
research
directory
must
be
limited
to
the
suitably
authorized
endpoints
that
put
it
in
there
or.
Alternatively,
they
can
say
that
the
that
the
end
point
must
verify
the
information,
for
example,
by
after
having
discovered
that
this
resource
is
there
asking
that
server
again,
whether
it's
really
a
resource
directory
and
not
maybe
say
a
port
scanner.
A
B
A
A
E
E
B
We
can
solve
because,
for
that
particular
point,
the
the
rules
would
come
into
play
where
the
rd
is
only
accepting
registrations
for
about
or
accepting
statements
about
links
that
the
registrant
is
actually
authorized
to
act
as
the
authority.
Server
of
so
the
credentials
that
are
presented
to
the
rd
must
be
as
good
as
they
would
need
to
be
to
just
get
to
do
a
get
on
their
wire
via
co-op
s,
in
for
especially
in
a
pki
setting.
B
B
B
So
if
you
rely
on
information
to
be
authoritative,
if
you
want
to
rely
on
information
from
the
rd
to
be
authoritative
about
the
resources
that
are
the
context
of
those
links
or
the
targets
possibly,
then
you
need
to
specify
that
in
your
security
policies
and
the
rd
must
only
accept
registrations
that
contain
data.
That
is,
that
is
from
that
certified
origin.
B
B
A
B
B
B
I
understand
the
point
and
we
have
been
a
bit
sloppy
about
this
in
earlier
versions,
even
with
respect
to
ayana
updates.
So
my
first
question
here
is:
are
we
aware
of
any
implementations
that
that
are
out
in
the
wild
that
post
that
do
simple
registration
and
do
that
on
well-known
core,
as
opposed
to
say
a
newly
minted,
well-known
rd.
B
B
B
So
on
level
eight,
so
let's
stick
with
that
document.
Just
go
for
eight!
That's
a
weird
thing
that
came
up
in
the
comment,
and
it's
probably
me
it's
possibly
only
weird,
because
I
was
not
familiar
with
the
details
of
co-op
dtls.
So
we
don't
have
video,
but
can
I
have
an
imaginary
show
of
hands
who
thinks
that
who
would
expect
their
dtls
implementation
in
co-op
s
to
do
replay
protection.
B
B
So
I
looked
it
up
and
in
dtls
it's
optional
and
co-op
and
rfc
7252
doesn't
say
anything
about
that.
It's
mandatory
to
use
in
this
connections
context,
so
I
was
a
bit
taken
aback
when
I
read
that
comment
and
found
out
that
he's
perfectly
right
and
that
if
we
are
describing
this
application
as
securely
usable
over
co-op
s,
we
should
say
something
about
why
it's
okay,
which
is
basically
that
every
operation
except
those
particular
ones,
in
which
case
you
should
our
long-term
idiom
potent
anyway,
so
replays
won't
have
any
ill
effect.
B
And,
yes,
the
ending
or
registration
is
something
that
could
be
replayed.
So
the
alternatives
would
to.
That
would
be
to
say
that
co-op
servers
that
run
a
resource
directory
must
have
replay
protection
and
co-op,
as
enabled,
and
the
third
option
would
be
to
come
up
with
a
very
quick
update
to
co-op,
to
say
that
hey,
if
you're,
using
co-op
over
dtls,
then
turn
on
your
replay
protection
or
else.
A
E
B
A
And
then
hope
that
it
gets
picked
up
in
a
cool
piece,
and
what
I
understood
from
you
is
that
the
the
replay
protection
is
optional
right,
not
that
it's
not
present.
It's
not
it's
optional
yeah,
but
that
means
that
no
one
can
rely
on
it
unless
they
yeah
yeah.
Maybe
some
comment
there,
but
maybe
this
is
also
feedback
to
be
sent
well
elsewhere,
as
well.
A
A
B
Yeah
there's
so
so,
maybe
that's
a
good
point
to
talk
about
odd
examples.
We've
received
a
few
comments
about
things
that
are
in
the
examples
that
honestly,
I
only
skimmed
over
on
the
list
in
the
more
recent
revisions,
because
it's
been
the
same
all
the
time
and
some
of
those
are
this
very
long
example
of
what
what
lightweight
m2m
is
doing
and
there's
something
similar
in
the
other
example,
and
those
contain
terms
that
no
one
is
explaining
that
are
probably
not
even
relevant.
A
B
B
A
This
stuff,
this
stuff
on
the
object,
ids
and
base
uri
resource.
I
think
that
could
create
confusion
to
the
people
that
are
only
interested
in
the
resource
directory.
If
they
want
to
know
about
the
law
with
the
term
registration,
they
can
go
to
the
level
that
don't
spec.
I
I
tend
to
agree
with
that,
but
I
don't
know
who
wrote
that
anymore.
A
E
B
A
A
A
B
A
A
B
E
F
B
B
B
Yeah
I
put
this
at
this
high
level
because
I'm
just
not
too
familiar
with
all
the
six-man
and
neighbor
discovery
thing.
Would
it
be
okay
to
just
update
the
text
to
say
that
the
rda
always
always
in
router
announcements,
because
every
commenter
that
came
back
to
this
seemed
to
think
that
it
should
be
the
way?
But
it's
just
said
it's
just
not
set
anywhere.
C
B
B
E
E
B
So
it
would
be
an
additional
source,
so
basically
the
text
is
right,
but
it
just
should
not
just
be.
It
should
not
be
limited
to
if
the
address
configuration
is
performed,
but
if,
when
the
hcp
is
used
yes
or
is
in
use,
I
probably
would
say
yes
right:
that's,
then
that
should
be
an
easy
fix.
Thank
you.
B
E
E
A
E
B
E
Easily
find
so
the
the
problem
is
that
the
actual
documents
that
people
have
written
all
were
trying
to
get
some
existing
patent
claim
in
as
an
essential
component.
Okay,
so
that
that's
why
they
all
died.
That
doesn't
mean
that
the
the
approach
is
wrong.
Yeah.
We
just
never
got
anyone
to
document,
one
of
the
the
less
dangerous.
B
E
A
A
B
B
B
A
So
in
the
again
from
my
own
limited
knowledge,
I
know
that
one
of
the
the
ikea
trucks
fee
was
using
live
weight
interest
and
therefore
it
was
using
some
resource
directory,
and
that
could
be
one
example.
I
don't
know
if
sigbit
dot
dot
uses
co-op.
I
think
he
used
to,
but
I
don't
know
if
he
uses
rd
or
co-op
anymore.
A
Maybe
other
people
more
familiar
with
ocf
with
other
sdos
or
other
real
life
scenarios
can
provide
more
info,
if
not
maybe
some
vision
on
how
it
could
be
for,
but
this
is
the
for
the
case
of
home.
I
don't
know.
Actually.
This
is
very
broad
because
home
and
building
automation
is
pretty
big.
Yes,
the
yeah,
maybe
some
was
someone
from
phillips
on
the
philipp
lightning
or
something
like
that.
I
don't.
A
E
E
B
B
B
We
use
examples
that
don't
use
registered
for
that.
You
don't
have
that
use
resource
types
and
other
registration,
other
things
with
obligatory
registration
that
are
not
actually
registered.
I
can
defend
some
of
them,
especially
the
ones
where
we
are
picking
stuff
from
6690
that
used
values.
It
didn't
define
us,
for
example,
but
we
are
taking
over
those
examples
and
we
are
using
some
that
I
won't
try
to
defend
and
just
replace
with
examples.
B
B
A
B
B
A
B
B
A
B
B
I
think
I
have
a
good
response
in
saying
that
do
we
support
networks
that
don't
support
multicast
well
means
that
they
don't
support
it
efficiently
or
conveniently
or
there
might
not
at
all.
There
might
be
any
other
reason
why
they
don't
support
it
well,
but
I'm
not
a
big
expert
there.
So
if
there
is
anything
better
to
say
it
would
be
helpful.
B
B
Yeah,
so
the
the
question
comes
back
about
the
comes
again
back
to
to
those
to
those
uris.
We
are
exposing
them.
We,
even
though
they
are
not
helpful.
I
think
of
the
so.
This
is
especially
in
the
in
the
endpoint
lookup,
I
think
of
them
as
useful
as
identifiers,
but
do
have
to
admit
that
it
could
be
done
completely
different
as
well.
Do
we
have
anything
in
in
defense
of
offering
those
those
your
eyes
as
kind
of
the
anchor
points
for
information
about
the
registration
that
I
should.
B
A
B
B
B
So
maybe
to
to
to
explain
this
also
with
the
last
paragraph
here,
if
we
did
a
resource
directory,
for
example,
in
coral,
the
rde
might
choose
not
to
tell
the
you
tell
the
names
of
the
registration
resources,
but
just
say
that
there
is
a
resource,
and
that
has
these
in
those
properties
and
choose
not
just
tell
the
name
in
link
format.
We
don't
have
that
option.
B
B
B
A
B
B
B
B
This
is,
this
is
one
of
the
of
the
other
parts
where
there
are
examples
in
there
that
are
the
dot
in
this
case
in
the
luminary
part.
Yes,
you
can
so
we
what
we're
describing
there
is
that
the
release
that
the
luminaries
that
are
part
of
the
system
ask
look
up
groups
by
their
res
basically
and
decide
by
their
resources
whether
they
should
join.
That
group.
B
Now,
that's
something
that's
not
completely
fundamentally
broken,
provided
that
they
check
additional
properties
of
those
links,
but
it's
not
really
something
that
I
would
recommend
and
put
in
the
examples
that
we,
even
though
we
don't
explicitly
say
this
is
how
it
should
be
done.
I
mean,
if
it's
in
the
example
section
often
of
a
document,
then
this
kind
of
speaks
a
bit,
and
this
was
asked
about
explicitly
now
whether
this
is
really
what
is
going
on
here
and
I'll.
B
D
D
A
B
B
A
B
That's
neither
okay
yeah,
yes,
that
as
well
so
above
there
is
that
part
where
the
and,
where
the
end
point
joins
it
automatically
by
having
discovered
the
group
and
then,
alternatively,
the
ct
can
communicate
and
that's
by
the
way-
and
I
didn't
notice
and
no
other
reviewer
did.
But
you
just
did
that
part
by
the
way
is
being
ripped
out
of
this
being
removed
from
that
experimental,
rfc
and
not
part
of
the
group
companies
anymore,
because
nobody
implemented
it
yeah.
A
B
D
B
Yes
good
point,
but
I
still
want
to
go
through
this.
I
have
no
idea
what
is
meant
by
this
purse
network.
So
if
anyone
has
a
suggestion
on
what
to
say
there
instead
or
how
to
just
explain
what
it
is,
please
do
so
otherwise
I
my
tendency
would
be
to
rephrase
this
not
to
save
this
birth.
If
no
one
can
explain
what
it
means.
F
A
B
I
know
that
there's
a
lot
of
things
going
around
here,
yeah
and
on
six
man.
I
don't
have
text
here,
but
basically
there
was
this
question
about.
Have
we
talked
about
this
with
six
months
and
as
I
understand
we
haven't,
and
I'm
not
too
familiar
with
the
six-month
procedure,
so
I
can,
of
course,
just
go
over
there
and
send
them
a
mail
and
ask
what
they
think
of
it.
But
if
anyone
around
feels
more
qualified,
especially
due
to
prior
experience
with
six
men,
I'd
appreciate,
if
someone
could
take
this
over.
B
A
E
A
B
B
So
if
I
may
have
some
of
the
remaining
minus
one
and
a
half
minutes
I'd
like
to
use
everyone's
attention
to
just
point
out
that,
because
I
think
it's
kind
of
relevant
to
the
group
and
I've
been
asked
about
it,
I've
started
running
a
few
services
at
coop.unders.com
and
the
link
is
in
the
minutes
and
especially
that
is
running
a
resource
directory
that
I,
for
the
foreseeable
future,
intent
to
keep
operational.
That's
roughly
working
on
the
first
come
first
serve
base
base
that
basis.
B
That
will
that
I'm
writing
the
text
for
and
if
someone
comes
in
unauthenticated,
then
everyone
could
impersonate
them,
but
that's
kind
of
part
of
the
model.
Here
it's
also
running
a
cross
proxy,
that's
not
crossing
over
to
hdp
but
crossing
between
the
co-op
plus
tcp,
a
co-op
non-tcp,
and
especially
now
the
core
plus
web
sockets
protocols.
B
That
can
run
a
few
demos,
so
you
can
explore
a
bit
more.
Possibly.
This
would
also
be
a
good
thing
to
link
from
corp.me
or
any
of
the
other
things
just
basically.
My
me
hope
me
hoping
to
get
a
bit
of
feedback
from
you
here,
because
this
is
some
so
because
having
publicly
running
rds
was
something
that
was
requested
before.
A
Yeah,
and
actually
we
didn't
find
remember
when
we
were
looking
on
through
showdown
and
other
tools,
we
didn't
find
so
many
so
I
guess
you
will
be
carson-
is
managing
co-op.technology.
I
guess
a
link
could
be
added
to
this
to
the
tools
right.
Yes,
maybe
you
already
did.
Actually
I
don't
know,
oh,
I
need
to
do
that.
Okay,
this
is
the
first
public
mention
of
this
here
so,
and
I
think
I
mean,
as
I
mean,
I
think
this
could
be
very
interesting
for
the
main
list
as
well.
B
B
A
B
B
A
B
A
Yeah
yeah
and
then
we
need
to
cc
every
now
and
then
that's
it.
I'm
wondering
another
thing:
do
you
need?
I
mean
we
have
it
still,
the
other
interim.
We
don't
have
a
list
of
topics.
Another
option
was
to
use
the
link
sometime
for
din
link
discussion,
but
we
could
continue
in
the
next
session
in
the
next
aim
and
just
wrap
up
all
the
issues.
B
A
I
would
be
happy
if
it
is
something
I
mean
it
doesn't
have
to
be
long.
It
could
be
just
a
wrap-up
session
like
okay,
perfect
and
then
the
rest
of
the
session.
We
can
do
link
unless
actually
I
take
the
time
now,
if
somebody
has
a
suggestion
for
the
next
interim.
Now
is
a
good
time
to
suggest
and
if
not,
I
think
we
can
do
rd
and
link
dim
link.