►
From YouTube: CORE WG Interim Meeting, 2020-09-10
Description
CORE WG Interim Meeting, 2020-09-10
A
Everybody
then
we
start.
We
are
five
past
five.
We
have
about
an
hour
and
a
half.
I
think
we
will
have
enough
time
so
welcome
again
to
the
core
working
group,
the
interim
meeting,
the
first
one
after
the
summer.
I
hope
you
have
a
great
vacation,
I'm
jaime
and
marco
is
there
with
us
as
well.
We
will
be
sharing
the
session
as
usual,
and
you
already
know
where
the
minutes
will
be
taken.
I
think
they
haven't
copy
pasted
in
the
webex
and
in
the
jabber
bill.
A
A
So
you
know
it
guides
our
our
practices,
and
you
know
it's
also
about
not
so
much
not
only
about
the
ipr
or
or
other
legal
items,
but
also
about
the
general
behavior,
so
try
to
be
nice
to
each
other.
I
think
that's
it.
There's
no
more
slides
here.
A
A
If
you
go
to
the
core
github
repository
where
you
go
to
the
resource
directory
and
you
have
the
point-to-point
responses,
markdown,
which
is
very
detailed
and
contains
all,
has
been
discussed.
There
is
about
one
two,
three,
four,
like
a
dozen
issues
in
the
tracker
as
well,
but
at
least
I
recommend
to
go
first
to
the
markdown
christine.
Do
you
have
slides
for
the
presentation?
How
do
you
wanna
do
this
session?
Okay,.
B
The
way
I
would
like
to
go
about
this
is
to
go
through
a
mixture
of
issues
that
have
been
aggregated
from
the
from
the
comments
and
the
comments
themselves.
Now
I
I
would
like
to
say
I
have
been,
but
actually
I'm
I'm
there.
There
is
about
four
left
so
I'll.
I
hope
I
won't
miss
anything
important
there.
I
have
been
sorting
them
in
basically
by
the
the
level
of
feedback
that
I
would
hope
to
get
from
all
the
importance
of
feedback
that
I
would
like
to
get
from
the
working
group.
B
Feedback,
and
so
what
I'd
like
to
do
is
basically
count
down
from
them
and
see
whether
we
get
through
everything
and
by
the
time
we
reach
wgf,
three
or
two.
I
might
even
just
kind
of
flick
them
through
the
screen
and
if
anyone
sees
something
that
kind
of
hits
their
attention,
but
it's
it's.
Those
should
be.
Those
should
be
really
no
brainers.
A
B
A
B
But
you
just
see
what
I'm
seeing
if
you're
on
the
repository
I'm
just
pushing
this
here,
so
you
kind
of
literally
I'm
classifying
things
triaging
things
as
you
were,
introducing
the
note
well,
but
I
hope
I
know
well
what
should
be
there
so
without
further
ado,
let's
get
started
with
the
points
where
I'd
like
to
have
a
feedback
on
hold.
B
Oh
sorry,
so
the
camera,
do
you
see
my
video
screen
stream.
A
E
Showing
circle.
A
That
there
might
be
some,
I
get
a
warning
here
that
there's
low
bandwidth
on
on
your
computer,
on
that
which.
B
Yeah,
okay,
because
I've
in
other
setups
I've
seen
that
the
that
slides,
really
only
work
if
you
are
sharing
video,
don't
know
why
this
would
why
one
would
do
things
that
way.
But,
okay,
video
is
down
how
about
now
wait
a
minute.
It
says
it
says
it's
sharing
my
screen.
A
B
The
show
the
issue
tracker
and
list
the
and
click
into
the
wgf9
level,
because
that's
where
I'd
like
to
start.
B
I'll
try
reconnecting
here
once
if
that
doesn't
work
will
fall
back
to
me
asking
someone
else
to
share
sounds
good
I'll,
be
right.
B
B
Still
doesn't
look
like
it,
okay,
so
can
I
can
you
or
one
of
one
of
the
chairs,
be
my
yeah,
my
person?
No
problem?
Okay.
So,
let's
start
with
the
one
that
is
marked
wgf9,
that's
the
fault
backwards.
Four
security
model
click
in
there.
Please.
B
And
once
more
so
one
of
the
the
feedback
points-
and
we've
already
talked
about
this-
I
think
with
the
if
the
itf
proper
or
the
the
last
internature
is
that
we
should
have
at
least
something
that
we
can
recommend
people
to
implement
in
the
resource
directory
as
a
security
policy,
because
we
are
introducing
that
there
could
be
a
could
be
any,
but
that
seems
to
be
a
bit
too
abstract
for
for
people
to
work
from
so
the
one
on
the
two
contenders
here
are
the
first
come
first
serve
model
and
the
end
point
names,
so
the
endpoint
names
would
be
basically
what
lightweight
m2m
is
doing.
B
If
you
could
scroll
down
to
the
end
last
comment,
so
that's
I,
unfortunately,
I
haven't
managed
and
maybe
zoom
in
a
bit
or
make
the
screen
wider.
I
don't
know
so
the
what
I
what
I
would
like
to
put
in
there
and
it
would
if,
if
anyone
has
suggestions
of
how
to
do
it
differently,
it
would
be
helpful
to
have
them
now
otherwise
other
than
when
I
finish,
the
text
would
be
basically
this.
B
So
the
idea
members
who
registered
for
an
end,
who
registered
with
a
particular
endpoint
name
and
for
depending
on
what
the
credentials
are
on
the
client
side,
this
would
be
remembered
by
some
of
the
sub
by
an
identifier
derived
from
those
credentials
and
we'd
have
to
spell
out
for
each
and
every
way
of
way
of
authentication
how
this
would
be
done.
So
if
dtls
is
used
without
any
client
authentication,
then
the
registration
could
only
be
accessed
from
that
very
dtls
connection
or
possibly
a
resume
session.
If
there's
a
self-signed
certificate,
that's
good!
B
That's
kept
as
a
as
the
identifier
for
that
name
again
until
that
that
registration
has
passed
if
the
registration
expires,
everything's,
fair
game
again,
the
resource
directory
might
remember
for
some
time,
but
it
doesn't
need
to,
and
if
a
client
comes
back
and
says
it
sees
that
their
preferred
name
is
taken.
This
is
about
random
names
anyway,
so
they
can
just
come
up
with
a
new
one.
B
B
I'd
need
a
bit
of
help
from
people
from
mind
related
with
ace,
whether
there
is
any
any
scope
or
any
claim
in
an
ace
token,
that
is,
that
can
be
thought
to
really
identify
the
client
because,
as
I
understand
his
doesn't
really
so
much
identify
the
client
as
in
assigns
a
precise
identity.
That's
exactly
that
client,
but
more
expresses
authentication
and
one
authentication
could
be
to
be
recognized
as
having
this
particular
identity.
If
there's
something
like
that,
we
could
use
it.
Otherwise,
there
won't
be
any
ace
oscar
profile
for
for
this
application.
C
C
B
Jim,
the
subject
claims
sounds
about
the
most
suitable.
So
maybe
it's
enough
if
we
put
that
in
there
on
the
on
the
psk
and
and
signed
cwt,
I'd
have
to
read
up
to
understand
what
that
actually
means.
F
B
This
is
this
is
configuration
is
this.
Is
this
is
really
not
not
a
full
application?
B
This
is
more
like
the
the
very
minimal
set
that
people
can
get
started
with
and
then
can
build
their
applications
on
or
release
a
proper,
a
proper
specification
for
something
that
encompasses
this
and
other
things,
and
I
suppose
that
it
could
even
allow
for
resource
for
rds
to
to
recognize
things
that
are
not
explicitly
in
there
but
like
if,
if
they
have
a
clue
of
how
to
identify
the
client
in
a
more
persistent
way-
and
they
are
sure
that
this
works
just
do
it.
But
it's.
B
F
F
B
I
don't
think
that
we
have
any
other
item
on
the
issue
tracker
with
feedback
level
9.
So
I'd
go
to
the
prima.
Please
switch
to
the
to
the
a
point-to-point
response
document.
E
So
I'm
I'm
not
yet
entirely
sure.
I
understand
this
list,
so
essentially
you
you
are
defining
some
default
comparisons
that
establish
that
the
identity
hasn't
changed.
Yes,
and
some
of
them
are
weird
like
certificate
fingerprints.
B
This
is
about
self-signed
certificates,
so,
if
you're
renewing
yourselves,
I'm
I'm
this,
this
is
kind
of
a
first
idea
and
I'm
perfectly
fine
if
it
turns
out
that
some
of
those
ideas
are
bad
and
should
not
be
done
that
way,
yeah
so
self-signed
certificate
would
maybe
preferably
say
signed
with
I
mean
what
can
change
there.
F
E
B
The
thing
is
with
for
okay,
so
so,
but
tied
to
the
key
would
mean
the
the
the
most
general
key
that
is
involved
there,
because
if
you're
doing
lake,
then
there
is
the
the
the
oscar
key,
but
that's
not
the
key
you're
tying
to,
but
the
oscar
key
was
derived
from
an
through
a
chain
from
another
key
and
you
go
for
the
most
general
key.
There.
B
B
B
Model
now
our
thing
is,
I
just
pushed
changes
in
there
and
there
should
be
sorry.
A
C
A
To
the
ip
address,
and
when
we
say
remember
things
is
that,
for
instance,
if
the
in
the
case
of
live
within
2m,
there
is
a
lot
of
observations
preset.
So
those
can
be
migrated
to
the
new
device.
Or
I
don't
know
the
term
if
it
is
migrated
or
something
else,
but
like
those
will
be
the
kind
of
thing
that
is
remembered
right.
B
No,
those
observations
would
be.
I
mean
that's
the.
B
B
Another
one
or
yeah,
that's
sorry,
just
I
just
need
a
moment
to
to
align
myself
with
you.
No
problem.
B
Okay
yeah
this
is
this-
is
this
is
something
up,
so
I've
brought
this
up
early
with
a
with
a
mail
in
a
different
form.
This
touches
on
the
topic
of
clients,
relying
on
links
and
whether
they
can
really
use
the
information
as
it's
coming
from
the
resource
directory
or
need
to
verify
it.
B
So
suppose
suppose
someone's
pull
someone's
using
a
path
describing
an
application
where
they
basically
use
the
clients
so
where
they
look
up
something
and
then
just
plain
post
there
are
we
generally
fine
with
using
links
from
a
resource
directory
there,
because
that
post
could
mean
the
the
intention
of
that
post
could
really
be
anything,
and
the
intention
and
the
interpretation
on
the
server
depends
on
on
what
they
advertise
as
link
properties.
B
So
naively
I'd
say
that
even
such
applications
and
this
could
be
used
as
an
example
to
put
in
there
would
need
to
check
back
if
they
sub,
if
they
kind
of
submit
a
form
in
an
in
a
curl
in
a
choral
document
that
winds
up
a
resource
restructure
or
something
like
that.
If
they
follow
such
a
form
they
or
or
post
something
based
on
a
resource
type,
they
should
probably
check
back
with
the
origin
server,
because
that
resource
directory
could
be
representing
them
unless,
of
course,
we're
trusting
the
resource
directory.
B
Where
are
we
with
respect
to
to
pull
to
doing
actions
with
one's
credentials
based
on
information
that
was
discovered?
That
is
really
more
of
a
hint
lap
and
a
hint
level.
B
And
I
just
see
that
you're
seeing
something
different-
and
I
see
so
I've
been
rambling
on
about
a
point.
That
is
not
this
one.
B
I'm
I'm
sorry
dev
I've
been
through
this
document
the
last
two
days
and
I've
seem
to
make
some
things.
Please
give
me
a
second
I'll,
be
right
back
with
focus.
A
I
only
see
the
two
wgf
nine
yeah
item
show.
B
So
that's
that's
the
that's
the
one
that
I
was
talking
about,
okay,
so
the
the
quest
the
question
that's
being
posed
here
is
when,
when
an
application
is
developed,
how
much
should
the
developers
lean
towards
not
trusting
the
res
not
requiring
a
trusted
resource
directory
and
thus
asking
the
application
to
verify
everything
they
got
from
the
rd
from
the
origin
server
as
far
as
it
affects
the
semantics
of
the
request
that
it
will
lay
to
be
sent
versus
just
relying
on
a
trusted
rd
and
specifying
that
the
rd
must
only
contain
content
that
can
later
be
acted
on,
even
if
that
means
that
the
rd
will
effectively
gain
the
privilege
gain
the
privileges
of
the
well-known
core
resource
of
every
device
around.
A
B
So
the
target
attributes
that
are
kind
of
the
the
archetypical
hint
level
information
are
things
like
content
format
or
like
the
accepted
content
format.
So
when
you
discover
a
resource,
you
don't
have
to
go
and
try
posting
data
in
any
serialization.
You
could
come
up
with,
but
you
discover
that
this
is
accepting
sentiment
only
in
zebra
serialization,
so
I'll
make
my
request,
sentiment
plus
sibor
these
these
link.
Actually,
these
target
attributes
are
work
properly,
as
hints,
so
nothing
goes
wrong
if
someone
has
the
wrong
hint.
B
B
B
I
think
we
have
this
example
of
starting
starting
a
port
scan
on
another
device,
and
you
could
trigger
this
by
basically
posting
something
some
some
document
to
that
port
scanners
scan
resource
and
if
a
device
is
misinformed
and
thinks
that
at
that
very
resource
there
is
something
more
benign
or
more
harmless,
then
it
could
be
triggered
to
that
it
could
trigger
a
port
scanner
because
it's
it
thinks
it's
talking
to
a
resource
directory.
B
The
point
of
this
this
item
in
in
section
seven
two-
is
that
cl
applications
need
to
think
about
what
can
go
wrong
if
the
client
discovers
unsuitable
information
and
then
either
prescribe
that
yet
the
information
in
the
research
directory
must
be
limited
to
the
suitably
authorized
endpoints
that
put
it
in
there
or.
Alternatively,
they
can
say
that
the
that
the
end
point
must
verify
the
information,
for
example,
by
after
having
discovered
that
this
resource
is
there
asking
that
server
again,
whether
it's
really
a
resource
directory
and
not
maybe
say
a
port
scanner.
A
I
don't
know
if
nobody's
commenting
anything,
but
my
first
feeling
about
it
is
that
maybe
we
are
specifying
too
much
on
the
already.
Is
this
something
that
is
really
really
about
the
rd
interfaces.
B
A
Well,
I
mean
it's
my
first,
I
need
to
think
more
about
it.
I
would
like
other
people's
comments,
but
that
was
my
first
thought
about
it.
I
don't
know
if
all
this
have,
because
I
mean
the
assumption
is
that
the
application
knows
how
to
work
with
links
right
and.
A
Yeah,
so
you
should
know
that
how
to
understand
the
link
attribute
and
what
it
actually
means
or
how
to
or
I
mean
anything
really
on
the
on
the
link.
I
don't
know
I
mean,
maybe
so
this
will
go
on
the
security
section
right:
seven
policies,
yeah,
yeah,
okay,
I
don't
know
any
other
opinions.
E
Please
so
that
there
are
several
things
that
come
to
mind
here
and
one
is.
There
is
another
aspect
of
trustworthiness
that
we
might
talk
about
for
resource
directories,
which
is
that
the
resource
directory
does
not
suppress
registrations.
E
Yes,
so
whether
you
trust
that
or
not
is,
is
maybe
an
important
consideration
and
for
the
veracity
of
the
registrations.
Another
important
question
is:
trust
implies
liability.
So
how
can
the
resource
directory
be
sure
that
what
it
got?
What
what
it
is
presenting
is
actually
the
truth
that
I
think.
B
We
can
solve
because,
for
that
particular
point,
the
the
rules
would
come
into
play
where
the
rd
is
only
accepting
registrations
for
about
or
accepting
statements
about
links
that
the
registrant
is
actually
authorized
to
act
as
the
authority.
Server
of
so
the
credentials
that
are
presented
to
the
rd
must
be
as
good
as
they
would
need
to
be
to
just
get
to
do
a
get
on
their
wire
via
co-op
s,
in
for
especially
in
a
pki
setting.
A
That's
a
good
restriction
because
I
mean
because,
with
the
when
you
register
from
other
endpoints,
I
mean
you,
you
don't
know
who
is
the
owner
of
that
uri
or
that
domain?
B
B
Models,
this
is,
this
is
general
guidance
on
when
to
apply
this
particular
security
model.
B
So
security
model
7.2
is
about
entered
resources,
and
this
is
precisely
about
this
is
describing
to
implementers
when
this
security
policy
would
be
relevant.
Oh.
B
So
if
you
rely
on
information
to
be
authoritative,
if
you
want
to
rely
on
information
from
the
rd
to
be
authoritative
about
the
resources
that
are
the
context
of
those
links
or
the
targets
possibly,
then
you
need
to
specify
that
in
your
security
policies
and
the
rd
must
only
accept
registrations
that
contain
data.
That
is,
that
is
from
that
certified
origin.
B
Yeah
sorry,
so
this
this
would.
This
would
practically
require
some
platform
of
of
certificate
based
authentication,
where
the
registrant
provides
provides
credentials
that
it
would
usually
use
in
a
server
capacity.
B
It's
yeah,
it's
present,
it's
it's.
The
certificate
becomes
part
of
the
of
the
link
setup.
B
A
B
Yeah,
yes,
I
have
a
lot
of
other
points
and
this
would
probably
make
a
good
candidate
for
postponing
to
to
further
discussion
on
the
mailing
list.
Yeah,
I
think
so
so,
if
you're,
so,
if
you
could
skip
to
the
other
wdf9
point.
B
That's
a
that's
a
pro,
hopefully
easier,
one,
I'm
not
sure
whose
comment
that
was
right
now.
This
is
yeah.
Ben's
comment
he's
not
really
happy
with
the
basically
with
us
assigning
additional
behavior
to
an
existing
well-known
resource.
B
I
understand
the
point
and
we
have
been
a
bit
sloppy
about
this
in
earlier
versions,
even
with
respect
to
ayana
updates.
So
my
first
question
here
is:
are
we
aware
of
any
implementations
that
that
are
out
in
the
wild
that
post
that
do
simple
registration
and
do
that
on
well-known
core,
as
opposed
to
say
a
newly
minted,
well-known
rd.
B
That,
basically,
the
two
options
here
are:
yes,
go
with
it
or
give
him
at
least
any
reason
why
we
are
doing
this
here
and
not
in
a
newly
minted
one
and
right
now
I
can't
come
up
with
one,
so
I'm
leaning
towards
saying
that
yeah,
let's
just
pick
another
well-known
resource
and
not
overload
well
non-core.
E
Maybe
I
don't
understand
the
question
so
rain
on
call
is
the
safe
description
of
the
device.
B
Indeed,
weird:
okay!
Okay,
if
if,
if
you
say
it's
weird,
I
was
expecting
that
if
anyone
that
you
would
defend
the
choice
of
women
go
here
as
you
don't
I'll,
if
no
one
else
speaks
up
I'll
just
make
the
changes
and
let's
take
well-known.
E
Rd
yeah,
I
would
probably
add
a
note
that
previous
versions
of
this
document
used
when
on
the
call
for
this
and
implementations
may
want
to
do
what
they
need
to
do.
B
Would
probably
is,
I
think,
the
normative
language
that
we
should
use
in
that
case
yep
fine
with
me.
Thank
you.
B
So
on
level
eight,
so
let's
stick
with
that
document.
Just
go
for
eight!
That's
a
weird
thing
that
came
up
in
the
comment,
and
it's
probably
me
it's
possibly
only
weird,
because
I
was
not
familiar
with
the
details
of
co-op
dtls.
So
we
don't
have
video,
but
can
I
have
an
imaginary
show
of
hands
who
thinks
that
who
would
expect
their
dtls
implementation
in
co-op
s
to
do
replay
protection.
B
So
I
looked
it
up
and
in
dtls
it's
optional
and
co-op
and
rfc
7252
doesn't
say
anything
about
that.
It's
mandatory
to
use
in
this
connections
context,
so
I
was
a
bit
taken
aback
when
I
read
that
comment
and
found
out
that
he's
perfectly
right
and
that
if
we
are
describing
this
application
as
securely
usable
over
co-op
s,
we
should
say
something
about
why
it's
okay,
which
is
basically
that
every
operation
except
those
particular
ones,
in
which
case
you
should
our
long-term
idiom
potent
anyway,
so
replays
won't
have
any
ill
effect.
B
And,
yes,
the
ending
or
registration
is
something
that
could
be
replayed.
So
the
alternatives
would
to.
That
would
be
to
say
that
co-op
servers
that
run
a
resource
directory
must
have
replay
protection
and
co-op,
as
enabled,
and
the
third
option
would
be
to
come
up
with
a
very
quick
update
to
co-op,
to
say
that
hey,
if
you're,
using
co-op
over
dtls,
then
turn
on
your
replay
protection
or
else.
A
E
B
A
And
then
hope
that
it
gets
picked
up
in
a
cool
piece,
and
what
I
understood
from
you
is
that
the
the
replay
protection
is
optional
right,
not
that
it's
not
present.
It's
not
it's
optional
yeah,
but
that
means
that
no
one
can
rely
on
it
unless
they
yeah
yeah.
Maybe
some
comment
there,
but
maybe
this
is
also
feedback
to
be
sent
well
elsewhere,
as
well.
A
A
B
So
christian
yeah
just
next
level,
eight,
please.
B
Yeah
there's
so
so,
maybe
that's
a
good
point
to
talk
about
odd
examples.
We've
received
a
few
comments
about
things
that
are
in
the
examples
that
honestly,
I
only
skimmed
over
on
the
list
in
the
more
recent
revisions,
because
it's
been
the
same
all
the
time
and
some
of
those
are
this
very
long
example
of
what
what
lightweight
m2m
is
doing
and
there's
something
similar
in
the
other
example,
and
those
contain
terms
that
no
one
is
explaining
that
are
probably
not
even
relevant.
A
Those
reference
actually
the
all
of
the
parts
related
to
sms.
They
are
not
that
relevant
anymore.
I
maybe
I
can
share
the
version
1.2
of
the
oma
spec
and
and
we
can
or
I
can
check
it
and
send
something
to
you
or
how
it
looks
like
now.
B
We
we
can
run
this
by
the
spec,
but
I
think
the
more
relevant
question
is:
what
of
this
is
really
relevant
to
resource
directory,
because
I'm
pretty
sure
that
if
even
if
I
am
an
sdn,
I
was
still
part
of
the
current
library
mdm
specification.
B
A
Well,
I
mean
so
as
again
to
my
knowledge,
because
I
don't
know
the
whole
co-op
ecosystem
out
there,
but
to
my
knowledge,
live
within
2m
folks
are
using
resource
directory,
or
at
least
some
flavor
of
it,
even
if
it's
just
a
registration
interface
and
that's
what
is
on
the
text
at
the
moment
from
what
I
can
see
just
a
registration
interface,
foreign
version,
1.0.
B
Why
don't
we
just
say
that
oma
lightweight
m2m
is
using
these
and
those
parts
of
the
resource
directory
in
appendix
10.2
and
possibly
illustrator
request
and
response?
We
currently
don't
and
and
be
done
with
it,
because
we're
talking
here
about
this
object
so.
A
This
stuff,
this
stuff
on
the
object,
ids
and
base
uri
resource.
I
think
that
could
create
confusion
to
the
people
that
are
only
interested
in
the
resource
directory.
If
they
want
to
know
about
the
law
with
the
term
registration,
they
can
go
to
the
level
that
don't
spec.
I
I
tend
to
agree
with
that,
but
I
don't
know
who
wrote
that
anymore.
A
E
B
B
I
mean
I
understand
this
to
be
to
be
an
an
illustrative
edition
and
it
might
even
make
sense
in
something
like
core
interfaces,
although
this
really
not
the
style,
I
would
recommend,
but
one
might
attempt
to
recommend
something
like
this.
A
A
We
have
in
the
call,
I
think,
thomas
you.
You
also
joined
the
oma
avenue
and
then
maybe.
A
A
Because
the
rest
of
the
text,
from
from
the
I
mean
from
the
beginning
of
the
example
onwards,
is,
is
correct
as
it
is,
but,
like
christian
is
saying
that
maybe
what
is
the
point
of
showing
there
the
object
model
of
life
within
2m?
Is
this.
B
Example,
I
think
I
think
the
the
the
the
best
part
of
relevant
part
is
10
to
2.
Lightweight
m2m
defines
the
registration
interface.
The
registration
uri
is
specified
as
slash
rd.
That's.
A
A
B
E
F
B
There
is,
there
is
one
more
thing
in
this
in
this
section:
okay,
now,
let's,
let's
go
through
this
just
by
the
numbers.
Next
number,
eight.
B
B
Yeah
I
put
this
at
this
high
level
because
I'm
just
not
too
familiar
with
all
the
six-man
and
neighbor
discovery
thing.
Would
it
be
okay
to
just
update
the
text
to
say
that
the
rda
always
always
in
router
announcements,
because
every
commenter
that
came
back
to
this
seemed
to
think
that
it
should
be
the
way?
But
it's
just
said
it's
just
not
set
anywhere.
C
B
Oh
no,
this
I'm
I'm
talking
about.
What's
on
the
screen
on
the
share
screen
highlighted
there.
B
A
No
sorry,
just
let
me
know
which
one
pick
any
that
hasn't
been
addressed
before
just
okay,
I'll.
B
Just
go
to
the
next
in
the
row:
there
you
go
okay,
so
I
don't
know
a
lot
about
stateless
configuration
and
dhcp.
If
someone
with
more
familiar
familiarity
could
have
could
come
up
with
text
to
address
this.
E
I
think
the
the
whole
point
is
that
in
in
the
bullet
list
on
page
16
you
you
say
that
the
the
we
say
that
the
address
configuration
if
the
address
configuration
is
done
using
dhcp.
E
E
Yes,
we
don't
have
to,
but
the
the
if
there
is
some
some
dhcp
going
on
for
some
reason.
If
that
is
not
providing
the
address
configuration,
we
can
to
supply
the
dhcp
option
and
that's
a
v6
thing.
V4
cannot
do
that.
As
far
as
I
know,.
B
So
it
would
be
an
additional
source,
so
basically
the
text
is
right,
but
it
just
should
not
just
be.
It
should
not
be
limited
to
if
the
address
configuration
is
performed,
but
if,
when
the
hcp
is
used
yes
or
is
in
use,
I
probably
would
say
yes
right:
that's,
then
that
should
be
an
easy
fix.
Thank
you.
B
So
the
next
one
we
already
had
so
wrap
around
please.
B
B
So
should
we
just
add
a
bit
of
an
explanation
and
like
respond
without
additional
information
there,
that's
what
I'd
go
for
so
just
say:
yeah
sleepy
notes
are
a
complex
thing
and
we
don't
put
anything
more
there
because
there
isn't
currently
a
document
that
gives
more
details
or
have
sleepy
has
the
topic
of
sleepy
nodes
was
slapped
in
so
deeply
that
we
would
remove
the
references.
B
A
Problem
in
here
comes
from
the
reference
saying:
the
remote
server
usually
used
to
provide
proxy
access
to
the
endpoint,
so
you
can
just
remove
that
and
get
done
with
that.
E
Reason
that
we
don't
have
a
sleepy
node
document
is
that
essentially,
all
approaches
that
you
can
use
there
have
some
patentlicans
around
them.
Have
some
what
patent
thickens?
E
Oh
no
get
stung
pretty
badly
and
the
the
the
approach
that
probably
is
safest
in
that
regard
is
to
use
a
proxy
and
have
the
sleepy
node
alert
the
proxy
in
some
form
when
it
wakes
up
and
then
the
proxy
can
can
forward
requests
that
that
it
stored.
E
While
waiting
for
for
the
sleepy
note
to
come
up,
there
are
tons
of
other
approaches,
and
I
I
even
have
a
t2g
document
that
describes
another
approach.
But
this
is
probably
the
most
basic
approach
and
now
I'm
trying
to
find
out.
A
E
B
There
some
reference,
basically,
if
any,
if
any
of
the
sleepy
notes
document
where
selective,
I
would
just
add
a
reference.
For
example,
as
described
in
now,
they've
been
they've
run
out
of
steam
around
2014,
the
latest
at
least
the
ones
with
sleepy
and
the
title.
I
could.
E
Easily
find
so
the
the
problem
is
that
the
actual
documents
that
people
have
written
all
were
trying
to
get
some
existing
patent
claim
in
as
an
essential
component.
Okay,
so
that
that's
why
they
all
died.
That
doesn't
mean
that
the
the
approach
is
wrong.
Yeah.
We
just
never
got
anyone
to
document,
one
of
the
the
less
dangerous.
B
E
Yeah,
let
let
me
take
that
as
an
action
that
I
supply
a
pull
request
for
that
particular
paragraph.
I
I
think
we
can
fix
that.
A
A
B
A
I
think
that's
what
he's
asking
like,
because
I
think
he's
the
the
comment
is
about:
how
can
you
provide
access
to
an
endpoint
that
is
not
connected,
and
maybe
what
we
need
to
clarify
is
that
we
are
not
providing
access
to
the
endpoint
but
to
the
latest
resource
representation
stored
somewhere.
B
B
On
the
on
the
yeah,
the
home,
building,
automation,
it's
it's
a
bit
vague.
Does
anyone
have
a
better
idea
than
just
spring,
pointing
out
more
precisely
where,
where
to
where
an
rd
could
be
deployed?
In
those
cases.
A
So
in
the
again
from
my
own
limited
knowledge,
I
know
that
one
of
the
the
ikea
trucks
fee
was
using
live
weight
interest
and
therefore
it
was
using
some
resource
directory,
and
that
could
be
one
example.
I
don't
know
if
sigbit
dot
dot
uses
co-op.
I
think
he
used
to,
but
I
don't
know
if
he
uses
rd
or
co-op
anymore.
A
Maybe
other
people
more
familiar
with
ocf
with
other
sdos
or
other
real
life
scenarios
can
provide
more
info,
if
not
maybe
some
vision
on
how
it
could
be
for,
but
this
is
the
for
the
case
of
home.
I
don't
know.
Actually.
This
is
very
broad
because
home
and
building
automation
is
pretty
big.
Yes,
the
yeah,
maybe
some
was
someone
from
phillips
on
the
philipp
lightning
or
something
like
that.
I
don't.
A
B
B
My
take
here
is
that
the
resource
directory
doesn't
need
to
know
because
the
resource
directory
just
provides,
and
it's
up
to
the
clients
to
ask
for
us
to
to
only
accept
an
rd
if
it's
somehow
indicating
that
it
provides
those
things,
and
that
would
typically
be
because
it's
explicitly
configured
but
as
this
is
possibly
a
bit
more
controversial
topic.
E
Know
yeah
that
that's
a
classical
authorization
problem,
so
I
cannot
really
trust
anything
until
it's
authorized
for
being
trusted
and
the
the
source
of
that
authorization,
of
course,
is
not
not
defined
here.
E
So
the
the
fact
that
we
can
authenticate
an
rd
in
in
some
way
doesn't
tell
us
what
it
is
useful
for
and
the
the
thing
itself
saying
or
that
is
useful
for
us-
is
not
really
useful.
We
need
some
some
third-party.
E
B
B
B
Yeah,
so
eight
is
clear
on
the
issue
tracker
that
brings
us
to
the
level
7
items.
That's
the
first
so.
B
We
use
examples
that
don't
use
registered
for
that.
You
don't
have
that
use
resource
types
and
other
registration,
other
things
with
obligatory
registration
that
are
not
actually
registered.
I
can
defend
some
of
them,
especially
the
ones
where
we
are
picking
stuff
from
6690
that
used
values.
It
didn't
define
us,
for
example,
but
we
are
taking
over
those
examples
and
we
are
using
some
that
I
won't
try
to
defend
and
just
replace
with
examples.
B
The
ones
in
the
middle
are
the
interesting
ones
that
is
core
dot,
a
and
co
dot
p.
They
have
been
used
in
examples
all
around
in
earlier
in
in
different
drafts,
because
core
interfaces
used
to
be
a
prominent
thing
that
was
kind
of
expected
to
go
through
at
some
point.
B
I
don't
think
that
this
future
is
clear
enough,
that
it
justifies
having
those
code
points
here,
but
then
again
it
limits
the
recognizability
of
the
examples,
so
any
better
suggestions
than
replacing
those
with
example,
dot,
cor.a
or
something
like
that,
or
example.
Actuator.
A
Another
comment
on:
if
the
examples
have
to
be
real,
do
we
have
the?
U
equals
kelvin,
for
example,
the
unit
as
well.
B
That's
that's
complete.
That's
completely
fine,
because
there's
all
target
attributes
and
those
target
attributes
are
not
generally
related
there.
I
can
advertise
any
possible
any
things
that
I
would
like
to
see
as
I
see
fit.
Okay,
at
least
from
from
from
a
registration
point
of
view,.
B
B
Yes,
but
I'll
take
that
up
as
bycatch
from
the
comments.
Thank
you.
A
Was
k
not
for
kelvin
in
cinema?
Yes?
Well,
then
they
are
at
least
the
ones
you
have
seen
in
the
draft.
B
I
think
that's
the
only
one
anyway,
okay,
next
next
seven.
B
B
Yeah,
it's
not
so
much
a
question
but
more
point.
There
appears
to
be
a
more
broad
document
on
your
eyes
that
can
be
used
to
that
are
kind
of
bearer
tokens.
I'd,
say
yes
and
I'm
just
stressing
that
those
your
eyes
that
we
are
we're
having
here
are
not,
and
it's
supposed
to
be
that
way.
A
Christian,
have
you
checked?
That
document
is
something
relevant
that
we
should
check
as
well,
so.
B
B
I
think
I
have
a
good
response
in
saying
that
do
we
support
networks
that
don't
support
multicast
well
means
that
they
don't
support
it
efficiently
or
conveniently
or
there
might
not
at
all.
There
might
be
any
other
reason
why
they
don't
support
it
well,
but
I'm
not
a
big
expert
there.
So
if
there
is
anything
better
to
say
it
would
be
helpful.
B
I
might
also
add
that
the
sequence-
the
the
ranking
I
did
here,
I'm
I'm.
I
won't
try
to
defend
the
the
sequence
of
priorities
here.
It's
just
something
that
hopefully
allows
us
to
go
through
the
important
parts
without
while
skipping
the
obviously
unimportant
ones.
Okay.
Next,
please.
B
Yeah,
so
the
the
question
comes
back
about
the
comes
again
back
to
to
those
to
those
uris.
We
are
exposing
them.
We,
even
though
they
are
not
helpful.
I
think
of
the
so.
This
is
especially
in
the
in
the
endpoint
lookup,
I
think
of
them
as
useful
as
identifiers,
but
do
have
to
admit
that
it
could
be
done
completely
different
as
well.
Do
we
have
anything
in
in
defense
of
offering
those
those
your
eyes
as
kind
of
the
anchor
points
for
information
about
the
registration
that
I
should.
B
A
Reading
the
question,
so
the
intelligent
does
expose
it.
What
does
it
mean
that
the
rd
does
not
need
to
make
them
accessible
when
the
rd
answers
they
look
up?
It
provides
us
use
of
links.
Yes,
but
that's
basically.
B
Because
we
that's
basically
because
we
can't
represent,
because
that's
the
best
structured
data
format
we
had
available
at
the
time
we
started
working
with
resource
directory.
So
originally
they
were
even
kind
of
self
links
that
didn't
expose
the
resources.
B
B
So
maybe
to
to
to
explain
this
also
with
the
last
paragraph
here,
if
we
did
a
resource
directory,
for
example,
in
coral,
the
rde
might
choose
not
to
tell
the
you
tell
the
names
of
the
registration
resources,
but
just
say
that
there
is
a
resource,
and
that
has
these
in
those
properties
and
choose
not
just
tell
the
name
in
link
format.
We
don't
have
that
option.
B
Possibly
if,
if
the,
if
the
names
are,
are
come,
if
the
rd
comes
up
with
the
names
in
a
way
that
is
neither
random
nor
deterministic
from
the
end
point
for
from
the
visible
attributes,
then
we
might
have
an
information
disclosure
problem.
B
So
maybe
we
should
give
a
bit
of
guidance
to
the
rd
what
they
better
not
put
into
the
your
eyes.
However,
they
shape
it.
B
B
Well,
if,
if
no
pushback
comes
comes
from
from
from
the
response
that
I'll
send
to
bury
in
this,
then
then
I
think
we'll
be
good
with
this.
So.
A
By
the
way
there
is
this
use
case,
link
catalogues.
A
B
I
think
there
will.
There
is
one
point
on
on
that
in
in
the
the
comments
to
come,
that
is,
but
but
the
link
catalog
is
more
about
registered
links.
Isn't
it.
B
B
B
This
is,
this
is
one
of
the
of
the
other
parts
where
there
are
examples
in
there
that
are
the
dot
in
this
case
in
the
luminary
part.
Yes,
you
can
so
we
what
we're
describing
there
is
that
the
release
that
the
luminaries
that
are
part
of
the
system
ask
look
up
groups
by
their
res
basically
and
decide
by
their
resources
whether
they
should
join.
That
group.
B
Now,
that's
something
that's
not
completely
fundamentally
broken,
provided
that
they
check
additional
properties
of
those
links,
but
it's
not
really
something
that
I
would
recommend
and
put
in
the
examples
that
we,
even
though
we
don't
explicitly
say
this
is
how
it
should
be
done.
I
mean,
if
it's
in
the
example
section
often
of
a
document,
then
this
kind
of
speaks
a
bit,
and
this
was
asked
about
explicitly
now
whether
this
is
really
what
is
going
on
here
and
I'll.
B
D
I'm
thinking
also
about
that.
Maybe
the
text
that
is
intended
now
in
the
resource
directory
document
is
not
really
about
finding
out
your
membership,
but
the
membership
you
are
supposed
to
have
actually
considering
the
reasons
you
are
trying
to
export.
D
A
May
I
ask
so:
the
sector
information
is
added
automatically
based
on
the
resource
characteristics.
Is
that
what
you
said
or
no?
The
sector
doesn't
come
into
play
here
at
all.
B
Sorry
this
is,
this
is
just
a
resource.
A
resource
sees
a
resource
directory,
looks
at
the
groups
that
are
registered
there
and
sees
that
one
group
is
so
similar
to
itself
that
it
might
just
as
well
make
itself
a
part
of
it.
B
Example:
yeah
yeah:
that's
why
it's
referring
to
the
odd
examples
text,
so
my
preference
here
would
be
to
remove
that
part
of
the
example.
The
rest
is
largely
good,
but
this
particular
piece
could
be
a
bit
disturbing.
A
Yeah,
to
be
frank,
the
slash
co-op
group-
I
I
just
have
never
used
it.
Actually,
I
don't
know
how
people
are
using
it
or
what
they
think
about
it.
That's
the
one
you're
talking
about
right.
B
That's
neither
okay
yeah,
yes,
that
as
well
so
above
there
is
that
part
where
the
and,
where
the
end
point
joins
it
automatically
by
having
discovered
the
group
and
then,
alternatively,
the
ct
can
communicate
and
that's
by
the
way-
and
I
didn't
notice
and
no
other
reviewer
did.
But
you
just
did
that
part
by
the
way
is
being
ripped
out
of
this
being
removed
from
that
experimental,
rfc
and
not
part
of
the
group
companies
anymore,
because
nobody
implemented
it
yeah.
A
B
B
D
Since
christian,
you
added
some
more
points
in
any
other
business.
Just
to
be
sure
you
you
cover
them.
If
you
want
to
today.
B
Yes
good
point,
but
I
still
want
to
go
through
this.
I
have
no
idea
what
is
meant
by
this
purse
network.
So
if
anyone
has
a
suggestion
on
what
to
say
there
instead
or
how
to
just
explain
what
it
is,
please
do
so
otherwise
I
my
tendency
would
be
to
rephrase
this
not
to
save
this
birth.
If
no
one
can
explain
what
it
means.
F
B
Yeah,
okay,
but
I'll,
take
those
comments
happily
by
mail,
just
as
well
yeah.
Next
one,
please.
A
B
I
know
that
there's
a
lot
of
things
going
around
here,
yeah
and
on
six
man.
I
don't
have
text
here,
but
basically
there
was
this
question
about.
Have
we
talked
about
this
with
six
months
and
as
I
understand
we
haven't,
and
I'm
not
too
familiar
with
the
six-month
procedure,
so
I
can,
of
course,
just
go
over
there
and
send
them
a
mail
and
ask
what
they
think
of
it.
But
if
anyone
around
feels
more
qualified,
especially
due
to
prior
experience
with
six
men,
I'd
appreciate,
if
someone
could
take
this
over.
B
A
E
Well,
I
used
to
twin
meetings,
of
course,
but
this
is
really
about
getting
a
code
point
from
them,
so
I
would
be
polite
to
present
this
at
some
point
and
we
just
need
to
do
the
registration
request.
E
A
B
B
Okay
enough,
okay,
then
I'll,
basically
I'll
I
can.
I
can
do
that
and
if
anything
comes
back,
that's
good.
We
have
something
to
say
to
the
comment,
and
at
least
the
experts
would
be
will
be
alerted
and
that's
a
registration
from
us.
B
So
if
I
may
have
some
of
the
remaining
minus
one
and
a
half
minutes
I'd
like
to
use
everyone's
attention
to
just
point
out
that,
because
I
think
it's
kind
of
relevant
to
the
group
and
I've
been
asked
about
it,
I've
started
running
a
few
services
at
coop.unders.com
and
the
link
is
in
the
minutes
and
especially
that
is
running
a
resource
directory
that
I,
for
the
foreseeable
future,
intent
to
keep
operational.
That's
roughly
working
on
the
first
come
first
serve
base
base
that
basis.
B
That
will
that
I'm
writing
the
text
for
and
if
someone
comes
in
unauthenticated,
then
everyone
could
impersonate
them,
but
that's
kind
of
part
of
the
model.
Here
it's
also
running
a
cross
proxy,
that's
not
crossing
over
to
hdp
but
crossing
between
the
co-op
plus
tcp,
a
co-op
non-tcp,
and
especially
now
the
core
plus
web
sockets
protocols.
B
So
if
anyone
wants
to
play
around
with
them,
feel
free
to
use
that,
and
also
in
the
minutes,
I've
linked
to
now
existing
very,
very
minimal,
I'm
hoping
still
still
working
to
get
it
flashed
out
co-op
over
websockets
client
and
server
implementation.
B
That
can
run
a
few
demos,
so
you
can
explore
a
bit
more.
Possibly.
This
would
also
be
a
good
thing
to
link
from
corp.me
or
any
of
the
other
things
just
basically.
My
me
hope
me
hoping
to
get
a
bit
of
feedback
from
you
here,
because
this
is
some
so
because
having
publicly
running
rds
was
something
that
was
requested
before.
A
Yeah,
and
actually
we
didn't
find
remember
when
we
were
looking
on
through
showdown
and
other
tools,
we
didn't
find
so
many
so
I
guess
you
will
be
carson-
is
managing
co-op.technology.
I
guess
a
link
could
be
added
to
this
to
the
tools
right.
Yes,
maybe
you
already
did.
Actually
I
don't
know,
oh,
I
need
to
do
that.
Okay,
this
is
the
first
public
mention
of
this
here
so,
and
I
think
I
mean,
as
I
mean,
I
think
this
could
be
very
interesting
for
the
main
list
as
well.
A
Yeah,
I
will
also
share
it
internally
and,
let's
give
it
a
try,
does
it
accept
lightweight
and
registrations.
B
Perhaps
or
some
form
of
it
won't
accept
lightweight
m2m
registrations
because
it
doesn't
implement
this
rd
resource
and
especially
it
has.
It
picks
paths
that
might
help
to
expose
client
misbehavior.
B
But
it's
probably
a
good
idea
to
add
in
slash
rd
to
add
slash
id
as
kind
of
a
fallback
resource.
Yeah
good
point
I'll,
add
that
and
then
maybe
it
just
works.
A
B
B
So
if
I
need,
if,
if
I'm
really
blocked,
if
I
get
blocked
on
something
I'll,
just
mail,
the
list
or
see
or
ask
people
on
the
issue,
I
think
chairs,
are
you
on
the?
Are
you
automatically
mentioned
on
the
issue
tracker.
A
B
A
Yeah
yeah
and
then
we
need
to
cc
every
now
and
then
that's
it.
I'm
wondering
another
thing:
do
you
need?
I
mean
we
have
it
still,
the
other
interim.
We
don't
have
a
list
of
topics.
Another
option
was
to
use
the
link
sometime
for
din
link
discussion,
but
we
could
continue
in
the
next
session
in
the
next
aim
and
just
wrap
up
all
the
issues.
B
A
I
would
be
happy
if
it
is
something
I
mean
it
doesn't
have
to
be
long.
It
could
be
just
a
wrap-up
session
like
okay,
perfect
and
then
the
rest
of
the
session.
We
can
do
link
unless
actually
I
take
the
time
now,
if
somebody
has
a
suggestion
for
the
next
interim.
Now
is
a
good
time
to
suggest
and
if
not,
I
think
we
can
do
rd
and
link
dim
link.