►
From YouTube: IETF-PANRG-20220908-1500
Description
PANRG meeting session at IETF
2022/09/08 1500
https://datatracker.ietf.org/meeting//proceedings/
A
Good
morning
and
afternoon
everyone
can,
can
you
all
hear
me.
A
A
Sorry,
it's
a
bit
early
here
in
california,
I'm
visiting
the
mothership
this
week,
so
this
is
breakfast.
A
So
I
will
go
ahead
and
get
started
with
the
introduction
from
the
chair
hi.
I
am
brian
trammell.
I
am
one
of
the
two
co-chairs
of
pan-rg
jen
lenkova.
My
co-chair
was
unable
to
attend
today,
so
I
will
be
running
this
meeting
on
my
own.
A
I
will
be
sort
of
tracking
some
of
the
discussion
into
the
hedge
dock,
but
if
so,
it's
like
the
little
note-taking
tool
icon
on
the
thing.
If
there
are
other
people
who
are
in
attendance,
who
could
help
me
out
there?
I
would
very
much
appreciate
it
for
some
reason.
I
don't
have
access,
I'm
not
getting
the
actual
markdown
the
markdown
is
rendered
when
you
look
at
it
on
the
data
tracker.
That
is
possibly
a.
A
If
you
defile
with
the
tools
team,
but
we
will
model
along
so
today,
we
are
talking
primarily
exclusively
about
progress
on
the
the
scion
drafts
and
the
discussion
around
like
how
best
to
engage
with
that.
We
will
start
with
an
update
to
the
scion
component
analysis
draft.
So
this
we
discussed
in
philadelphia
and
remotely
and
in
the
interim
before,
and
then
we
will
dive
into
a
focus
on
the
pki
components
right.
So
if
you
recall
from
the
last
time
the.
A
The
feedback
from
the
last
meeting
was
there
seemed
to
be
three
major
components
here
in
in
scion
pulling
things
together.
Yes,
the
room
is
in
use,
pulling
things
together
like
trying
to
standardize
the
whole
thing,
as
once
is
not
going
to
work
very
well
in
the
ietf
context.
A
We
think
these
are
the
three
components
let's
actually
get
into
them.
So,
like
then,
we'll
talk
about
updates
to
that
that
draft
and
then
we'll
get
into
the
first
component,
which
is
sort
of
the
pki.
Are
there
any
bashes
to
the
agenda?
Anyone
like
to
talk
about
something
else.
A
A
You
hear
me:
yes,
I
can,
you
can
go
ahead
and
grab
the
the
presentation
tools.
C
C
All
right:
do
you
now
see
the
slides?
Yes,
take
it
away.
How
do
I,
okay
yeah?
I
was
missing
the
slides
and
somehow
they're
still
not
coming
up,
but
anyways
I'll
get
started
and
see
if
they
they
come
up
at
some
point,
let
me
see
it's
weird,
because
I
I
don't
even
see
the
slice
control
like
in
the
slides.
A
C
C
All
right
cool,
then,
let's
get
started
so
first
thanks
a
lot
brian
for
for
the
introduction.
So
this
is
nico,
I
guess
yeah.
You
already
know
me
from
the
previous
presentations
if
you
were
attending
so
in
this
session
we
are
presenting
updates
to
the
component
analysis
draft
that
brian
mentioned.
C
So
just
to
summarize,
where
we
stand
as
of
today.
Well,
we
started
bringing
more
of
scion
to
the
itf
in
general
back
in
vienna,
so
we
had
an
initial
discussion
at
idr
and
at
the
site
meeting
and
we
were
invited
kindly
by
the
chairs
at
panergy
to
also
bring
some
of
the
work
into
the
group,
and
this
is
why,
in
the
last
interim
that
we
had
back
in
june,
we
presented
an
initial
overview
draft.
That
is
meant
to
give
you
a
rough
idea
of
what
scion
is
what
it
does.
C
As
brian
mentioned,
there
were
many
questions
about
this
system.
We
wanted
to
decompose
the
system
into
components
and
that's
why
we
prepared
this
component
analysis
that
we
are
that
we
have
been
updating
and
in
the
end
as
mentioned
before,
then
we
will
look
at
one
of
the
component,
which
is
the
pki
I'm
kind
of
assuming
that
if
you
are
here,
you
already
heard
about
scion.
C
So
I
will
not
say
too
much
just
remember
it
is
this
past
aware
inter-domain
architecture,
its
focus
is
on
availability,
security
and
scalability,
especially
when
it
comes
to
having
adversaries
in
your
network.
It
is
deployed
in
production,
especially
here
in
switzerland.
We
have
the
banking
ecosystem
that
communicates
over
cyan.
C
C
C
Moving
on
to
the
components,
just
to
recap,
what
we
discussed
the
architecture
when
you
deploy
scion
in
an
autonomous
system,
you
have
three
fundamental
components
that
somehow
you
must
deploy
so
going
from
top
to
the
bottom.
We
have
the
pki
that
takes
care
of
authentication
certificates
and
so
on,
and
this
is
what
corrine
will
present
later.
We
have
the
control
plane
that
basically
explores
and
discovers
routing
information
and
disseminates
it
to
the
end
hosts
and
in
the
end
we
have
the
data
plane
that
does
the
actual
forwarding.
C
So
when
we
presented
a
system,
as
I
mentioned,
we
got
these
questions
about
what
the
key
components
are.
Can
they
be
decomposed?
Can
they
be
used
independently?
Are
there
any
protocols
that
are
reused
or
extended?
C
Why
or
if
they
are
not
reused
or
extended,
why
we
are
not
reusing
or
extending
them,
and
so
that's
why
we
took
the
initial
draft
and
we
tried
to
to
address
some
of
the
feedback
that
we
got
at
114
in
philadelphia.
C
So
I
think
first
of
all,
people
found
the
itf
presentation
a
lot
clearer
in
terms
of
structure
and
thought
organization
than
than
the
draft.
So
this
is
something
that
we
have
been
trying
doing,
especially
for
each
component.
We
have
been
trying
to
clarify
what
the
input
output
relationship
is
between
all
of
these
components.
C
In
addition
to
this,
I
think
some
of
the
content
related
to
existing
protocols
was
also.
I
think
there
was
need
to
clarify
that,
so
we
have
also
been
working
on
that.
C
So
when
it
comes
to
the
actual
draft,
what's
actually
changed
well,
first
of
all,
the
overall
structure
has
been
heavily
modified
and
we
try
to
take
a
more
component-specific
approach,
so
we
try
to
look
at
each
component
independently
and
then
for
each
one
of
them.
C
We
try
to
look
first
of
all
at
the
properties
that
are
provided
by
these
components
and,
second
of
all,
we
look
at
the
input
and
outputs.
So
we
call
these
input
dependencies
or
what
each
component
needs
to
be
able
to
function,
and
then
we
call
the
outputs
what
is
provided
to
other
components.
So
what
are
yeah
really
the
outputs?
C
C
C
It
requires
some
form
of
communication
between
the
pti
entities
and
it
requires
time
synchronization
so
that
you
can
verify
certificate
and
what
the
pki
does
is
that
it
provides
a
cryptographic
material
to
the
scion
control
plane.
This
is
manifested
into
two
main
things.
One
of
it
is
this
aes
certificate,
so
each
scion
autonomous
system
is
issued
a
certificate
that
is
then
used
to
authenticate
all
the
control
messages
and
pki
also
provides
a
roots
of
trust
that
is
manifested
as
a
trc
and
later
today
we
will
really
dig
into
the
details
of
how
this
works.
C
When
you
look
at
the
control
plane,
it
does
all
the
routing,
and
so
the
way
this
this
is
exposed
to
to
the
lower
layer,
which
is
basically
the
data
plane,
is
by
providing
these
authenticated
segments
and
in
addition
to
this,
there
is
also
a
somehow
error
management
protocol,
which
is
scmp,
which
is
somehow
similar
to
icmp,
but
it
is
extended
with
authentication,
and
this
is
used
for
some
kind
of
data
plane,
error
messages,
for
example,
reacting
to
link
failure
in
in
some
cases
and
in
the
end,
when
you
look
at
the
data
plane
itself.
C
Well,
that's
the
last
cyan
component
and,
of
course,
as
behind
below
the
data
plane,
you
also
have
applications
on
on
nhos
that,
in
the
end,
are
the
ones
that
are
leveraging
the
past
aware
secure
communication
that
that
is
provided
by
cyan,
and
so
this
is
something
that
that
probably
also
will
require
an
interface.
For
example,
there
were
some
discussions
at
tops,
I
think
about
how
to
expose
path,
awareness
to
the
transport
layer,
and
so
this
is
also,
I
think,
important
to
mention
this
in
in
this
draft,
because
it
is
an
important.
A
Diagram
that
sort
of,
like
you
know,
makes
it
very
clear
that
we
should
be
spending
our
time
talking
about
the
pki
a
little
bit
later,
like
the
agenda
is
correct.
Yay,
the
we
talk
about
sort
of
like
applications
on
the
end
host,
but
in
the
the
situation
where
you're,
using
sort
of
like
scion
for
network
engineering
sort
of
like
for
building
tunnels,
that
the
end
host
is
actually
a
tunnel
endpoint
right
or
the
application
is
the
tunnel
endpoint.
So
this
is
not
just
like
all
the
way
down
like
the
transition
mechanism.
A
C
Good
yeah,
yes,
to
be
honest,
we
usually
use
nhost
as
a
word,
but
the
way
that
we,
I
I
think
personally,
we
should
maybe
talk
about
endpoints.
I
I
think
I
like
the
word
better
and,
to
be
honest,
one
of
the
things
that
I
had
in
the
back
of
my
mind
is
also
at
some
point
to
look
at
the
vocabulary
of
properties
and
try
to
maybe
align
our
our
draft
to
that.
But
I
know
that
there
was
some
work
going
on
on
that
draft
as
well.
C
C
All
right
so
moving
on
yeah.
This
is
basically
a
summary
of
the
dependencies.
I
think
last
time
we
already
had
quite
a
discussion
about
that.
So
I'm
not
gonna,
repeat
myself.
I
do
have
some
slides
from
the
previous
discussion
as
well.
If,
if
we
wanna
dig
into
some
of
the
specific
topics
or
otherwise
yeah
you
can
get
to
the
draft
brian
sorry,
I
see
you're
still
with
your
hand,
raised.
C
Okay,
all
right
so
moving
on.
One
thing
that
I
mentioned
is
that
we
restructure
the
the
sections
that
regard
relationships
to
existing
protocols.
C
So
the
idea
there
is
to
mention
what
protocols
are
reused
or
how
cyan
plays
with
those
existing
protocols
and
in
the
cases
where
these
are
not
reused,
we
try
to
highlight
the
differences
or
the
motivation.
Why
why
some
protocols
are
not
reused?
So
when
we
look
at
each
component
individually,
starting
from
the
pki,
we
we
described
quickly
that
it
uses
x509.
So
this
is
somehow
reused
built
on
top
of
it,
but
on
the
other
hand,
we
also
discuss
why
existing
pkis
could
not
be
really
leveraged
without
losing
some
property.
C
C
We
moved
the
discussion
about
lisp
there,
because
there
are,
of
course,
some
similarities
and
differences,
so,
as
with
lis,
scion
is
separating
this
concept
of
an
host,
locator
and
endos
identifier
and
locator,
and
this
is
somewhat
similar.
But
then
the
way
things
are
implemented.
C
There
are
some
differences,
and
I
think
we
already
talked
about
that
a
bit
last
time,
and
we
also
mentioned
the
relationship
with
rpki
from
a
routing
perspective,
in
the
sense
that
some
of
the
scion
extensions
that
bridge
between
scion
and
ip
actually
build
on
top
of
our
pki
in
order
to
authenticate
prefix,
basically
prefix
origin.
When
it
comes
to
iprefixes.
C
When
it
comes
to
the
data
plane,
we
also
mentioned
how
it
interacts
with
intra
domain
forwarding.
We
also
mentioned
that
in
the
early
deployments,
scion
is
deployed
intra
domain
on
top
of
ipudp,
so
that
it
can
basically
leverage
the
existing
infrastructure
quite
easily,
and
in
this
section
we
also
moved
the
discussion
about
segment
routing.
I
think
there
was
a
topic
of
discussion
last
time.
C
We
did
not
have
time
to
look
deeper
at
how
they
could
be
possibly
combining
details,
but
I
think
that
the
concept
is
still
the
same
as
the
last
time.
The
two
technologies
could
potentially
work
one
on
the
intra
domain,
and
that
would
be
segment
routing
and
scion
on
the
inter
domain,
but
how
the
path,
awareness
properties
of
each
one
of
them
interact
is
still
an
open
question
that
we
have
not
investigated
in
detail.
C
So
we
would
be
very
happy
to
get
additional
feedback
also
on
the
draft
on
specific
parts,
whether
they
are
clear
or
not.
C
We
were
also,
we
would
also
like
to
start
a
bit
tasting.
What
is
the
mood
when
it
comes
to
potentially
doing
more
work
in
in
the
group
on
some
of
the
draft
so,
for
example,
on
adopting
it,
and
on
this
point
I
also
wanted
to
remind
that.
We
have
also
this
fire
and
overview
draft
that
we
presented
in
the
last
interim,
and
there
was
some
feedback
there,
but
I
feel
it
was
overall
not
specifically
on
the
draft.
It
was
more
about
focusing
on
this
component
analysis.
C
So
that's
why
we
decided
to
create
this
draft
that
I
presented
today,
but
that
draft
is
also
something
that
could
potentially
deserve
some
further
work.
For
example,
we
have
a
section
about
deployment
that
and
experiences
that
I
think
would
be
handy.
We
also
explain
a
bit
the
motivation
behind
science.
We
give
a
glimpse
of
what
the
components
are
so
yeah.
We
would
be
happy
to
get
some
feedback
from
the
group
and
eventually
being
able
to
push
some
of
the
the
draft
draft
further.
A
So
I
think,
on
that
point,
I'm
noticing
that
we
have
11
people
in
attendance
here
today,
which
is
actually
a
somewhat
smaller
group
than
we've
had
at
previous
meetings.
Talking
about
this,
so
I
think
I
would
want
to
take
the
question
on
adoption
to
to
the
mailing
list
and
also
the
question
on
just
sort
of
like
finding
reviewers
for
the
document
who
maybe
haven't
already
seen
it,
take
that
one
to
the
mailing
list
as
well.
A
Obviously,
people
who
are
here
in
the
room,
you
know
if
you
have
not
read
this
document,
please
do
and
some
comments
to
the
list,
but
I
want
a
few
more
eyeballs
on
it.
You
know
with
my
chair
hat
on.
I
want
a
few
more
eyeballs
on
it
before
we.
You
know
before
we
issue
a
formal
call
for
adoption
so
like.
Hopefully
we
can
get
a
little
discussion
going
on
the
list
between
now
and
london
and
we
could
put
that
question
on
the
agenda
for
london.
A
And
on
the
overview
draft,
I
don't
like
I,
I
think
the
sort
of
like
the
component
analysis
is
probably
one
that
we
probably
would
like
definitely
even
want
to
publish
right,
because
that
sort
of
like
sets
up
the
framework
for
here's,
how
we
think
you
would.
A
You
would
split
this
up
in
order
to
engage
with
it
in
the
ietf
and
that's
also
sort
of
like
a
work
example
of
how
you
would
do
new
architecture
development
in
the
idf
right
like
so
those
are
like
as
a
work
as
a
worked
example
of
how
to
do
this.
It.
It
actually
makes
sense
to
to
publish
as
an
rg
draft,
that's
an
individual
opinion.
I
want
to
also
discuss
that
either
here
or
on
the
list.
A
The
overview
document,
I
think,
is
probably
going
to
evolve
quite
a
bit
as
we
figure
out
how
to
engage
with
the
specific
components
right
like
so
things
that
we're
talking
about
putting
into
the
overview
doc
might
come
out
into
other
docks,
for
example,
so
like
that
would
be
maybe
one
to
adopt,
and
not
necessarily
not
necessarily
with
the
intent
that
we're
definitely
going
to
publish
this
in
rfc.
E
Yeah
I
mean
just
just
following
up
on
on
the
discussion
of
publishing
it
I
mean
we,
we
have
to
be
a
a
little
careful
because,
because
this
is
a
an
irtf
group,
so
we
can't
so
into
what
the
I
etf
should
be
doing,
a
a
components,
draft
that
talks
about
what
what
are
the
pieces
here,
which
are
the
areas
which
need
potential
further
research,
which
are
the
areas
that
seem
potentially
mature
enough.
E
That's
a
separate,
a
separate
standard
standardization
activity
could
happen
in
the
ietf
would
seem
would
seem
like
a
reasonable
discussion
so
to
set
the
scene,
for
you
know,
what's
what's
future
irtf
research?
What
and
what?
What
is?
What
isn't
in
need
of
future
research?
E
But
then
it's
up
to
the
ietf
to
decide
whether
that's
something
it
wants
to
standardize.
It's
not
something
where
we
can
say
you
go
go
ahead
and
standardize
this
we
can
say
we
think
this
is
mature
enough
for
potential
standardization.
That's
not
quite
not
quite
the
same
recommendations.
We
just
have
to
be
a
little
bit
careful,
but
but
yes
fundamentally,
I
think
I
agree
with
what
brian
said.
C
Yeah,
no,
so
I
think
I
think
that's
it.
For
from
my
component
analysis,
I
mean
I
have
similar
slides
to
the
ones
that
we
had
last
time,
but
I
think
we
had
a
discussion.
So
if
we
want
to
go
into
specific
topics
we
can
we
can,
but
I
mean,
in
terms
of
presenting,
I
try
to
focus
more
on
the
delta.
I
hope
that.
A
C
C
It
is
important
to
document
what
exists
today,
so
the
goal
would
definitely
not
be
aimed
at
in
the
short
term,
but
it
would
be
being
able
to
somehow
freeze
or
document
what
what
is
deployed
today,
how
science
works
in
in
the
deployment
that
are
around
today
and
then
I
think
this
could
be
used
for
future
work
as
standardization,
but
I
think
it
would
be
good
to
do
it
in
steps.
So
first
get
something
like
this:
it
could
maybe
even
be
an
independent
drafts
or
it
could
be
it
well.
A
A
So
colin
has
probably
jumped
in
to
give
the
advice
that
I
was
about
to
give.
So
I
will
let
colin
give
that
advice,
because
I've
been
talking
a
lot
so.
A
Yeah
so
like
the
documenting,
what
is
is
done
today
as
sort
of
the
basis
for
sort
of
future
standardization
or
future
work
in
in
a
research
group,
as
you
alluded
to,
is
pretty
much
exactly
one
of
the
functions
of
the
independent
submissions
stream
right
like
so,
it
seems
a
lot
like
if
so,
that
would
be
an
alternate
way
to
engage
with
the
overview
if
you
actually
take
the
overview
document
and
build
it
out
with
the
existing
component
overview,
not
with
a
with
a
an
eye
toward
decomposition,
but
with
an
eye
tour
just
like
here's,
what
we
built
and
with
the
deployment
models
and
experiences-
and
you
say,
like
you-
know,
eth
and
the
eth
foundation's
implementation
of
scion
right,
and
I
think
that
that
the
the
content
in
the
document
right
now
is
a
pretty
good
start
on
that
and
like
that
is,
is
pretty
well
established
practice.
A
That
is
one
of
the
things
that
the
iet,
the
independent
submission
stream
is
for
is
here
is
a
here
is
a
informatively
referenceable
thing
that
says
what
we
did
and
then
you
can
talk
about
deltas
to
that
in
any
of
the
changes
that
that
get
adopted
the
idf
or
that
we
adopt
his
research
here
in
in
panergy,
and
you
can
also
well
yeah
just
use
those
as
a
baseline
and
as
examples
of
in
future
idf
discussions
of
yes.
A
E
E
If
you
want
to
standardize
it,
the
itf
will
want
to
take
change
control
and
will
almost
certainly
make
make
significant
changes,
because
I've
never
yet
seen
the
itf
just
rubber
stamper
protocol
and
not
make
significant
changes
when
it
does
this-
and
you
know
so,
you'll
end
up
end
up
with
something
that
probably
looks
quite
different
by
the
time
the
itf
is
finished
with
it,
and
you
know,
on
the
irtf
side,
I
think
that
the
focus
would
have
to
be
identifying
the
areas
where
there's
there's
new
things
to
learn.
E
You
know
perhaps
to
make
it
scale
or
I
don't
know
you
know,
I'm
not
familiar
with
it
enough
to
know
exactly
what
those
would
be
and
we'd
be
identifying
the
the
areas
where
more
research
is
needed
for
the
irtf
side
of
things.
So
yeah.
A
Good
good
any
other
discussion
go
ahead.
Nichola.
C
Yeah,
just
following
up
on
that,
maybe
after
the
next
presentation,
when
we
look
at
one
of
the
component,
then
we
can
pick
up
this
discussion
and
I
would
have
a
question,
but
I
think
it's
better
if
we
answer
later
whether
it
would
be
whether
a
detailed
component
description
like
the
pki
would
be
a
better
candidate
for
any
submission
or
whether
it
would
be
more
the
component
analysis.
But
I
would
say:
let's:
let's
go
through
the
presentation
first
and
then
we
can
pick
this
up.
A
I
agree
that
sounds
like
a
good
idea,
so
I
think
with
that,
is
coding
going
to
do
the
the
next
presentation
excellent.
So
I
will
pass
slides
control.
A
B
Can
see
it,
and
I
can
also,
I
think,
yeah
go
to
the
next
slide.
Okay,
perfect!
So
welcome
everybody.
Thank
you
for
your
presentation
nicola
and
also
thank
penancy
for
inviting
us
again.
B
As
nikola
already
announced,
I'm
going
to
introduce
the
sign
control
plane
pki
a
little
bit.
I
mean
it's
a
bit
more
detailed
than
than
just
the
overview
of
all
the
components,
but
it's
also,
of
course,
not
not
very
detailed,
very
specified.
In
the
end,
it's
just
more
like
a
summary
of
the
draft
I
submitted
two
weeks
ago.
B
Oh,
I
can
go
here,
okay,
so,
as
nicola
already
said-
and
you
now
in
in
the
meantime
probably
already
know-
sign
is
inter-domain
internet
architecture
password
internet
architecture-
it
is
all
about
routing,
inter
domain
routing,
multi-path
routes
are
supported
and
when
routing
it
focuses
on
availability,
security
and
scalability.
B
But
the
question
is:
how
can
you
be
sure
that
science
routing
information
is
authentic
and
trustworthy
bertie,
because,
as
we
all
know,
the
internet
is
not
such
a
safe
place.
Parties
are
inherently
distrustful
yeah
how,
and
so,
how
can
we
be
sure
that
information
is
really
sign
information,
and
for
this
the
requirement
is
that
that
the
integrity
and
authenticity
of
the
control,
plane,
messages
and
path
segments
should
be
verifiable,
and
for
this
we
have
set
up
an
authentication
mechanism
which
is
based
on
the
public
key
infrastructure
and
the
purpose
of
the
sign
control,
plane.
B
So
now
I
have
to
oh
yes,
so
we
set
up
our
own
control,
plane,
pki,
and
when
doing
this,
we
try
to
meet
the
following
requirements.
B
B
B
So
what
would
be
ideal
would
be
that
the
trust
architecture
allows
allows
multiple
mutual
trusting
parties
to
form
their
own
trust
bond
bond
and
also
to
decide
freely
whom
they
want
to
trust
outside
of
this
truss
bubble.
B
And
another
requirement
is
also
that
the
whole
system
remains
highly
available,
so
the
pki
infras
of
architecture
should
work
also
without
being
dependent
on
communication
with
pki
servers,
and
this
requirement
is
there
to
avoid
cyclic
dependency
between
routing
updates
and
pki
operation,
and
with
this
in
mind,
bf
sign
has
has
this
isolation
domains
approach
where
they
which
they
think
can
tackle
these
issues
or
meet
the
requirements
we
I
mentioned
before
and
while
you
may
have
known
of
heard
of
them
now
in
the
meantime,
isolation
demands
domains
are
a
logical
grouping
of
a
s's
that
share
a
uniform
trust
environment
like
a
common
jurisdiction-
and
here
you
see
some
isds-
they
are
building
blocks
to
achieve
high
availability
and
scalability
support
for
heterogeneous
trust,
and
then
each
isolation
domain
is
administrated
by
several
core
asses.
B
Are
these
bytes
yeah?
What
is
its
circles
in
in
within
the
isds
and
these
core
isds?
They
negotiate
a
trust
policy
or
a
contract
which
is
called
the
trust
root
configuration
and
which
is
valid.
For
this
specific
isd,
and
also
important
to
mention
is
that
the
certificate
authentications
authorities
in
an
isd
can
only
create
certificates
for
the
asses
in
this
respective
isd.
B
And
we
think
that
the
sign
control
plane
makes
a
difference
if
you
compare
it
with
other
pki
models,
because
we
have
no
omnipotent
trust
route
or
certification
authority,
and
what
is
also
quite
special
is
that
the
cost,
this
trust
contract,
which
is
valid
for
one
isd
and
its
updates
must
be
approved
by
some
a
special
voting
mechanism,
which
includes
more
than
one
voting
party.
So
this
prevents
one
single
party
to
compromise
the
entire
isd,
and
it
also
enables
multilateral
governments.
B
He
also
hope
that
it
enables
trust
agility,
because
users
are
free
to
select
an
isolation
for
internet
service
provider,
which
is
an
as
a
nas
which
uses
sine
is
part
of
an
isolation
domain,
and
so
because
of
this
users
can
select,
say
the
internet
service
provider.
They
they
want
to
join,
and
they
in
a
way
can
then,
with
this
select
which
route
they
trust.
B
B
So
I
already
mentioned
this
trust
root
configuration
this
kind
of
trust
contract.
This
is
the
trust
anchor
of
the
isolation
domain
and
because
it
holds
the
root
certificates
of
the
isolation
domain's
chain
of
trust.
It
also
facilitates
the
validation
of
bindings
between
as's
names
and
public
keys,
and
it
bootstraps
authentication
within
an
isolation
domain,
and
this
happens
in
a
special
signing
ceremony
where
the
initial
the
base
trust
root,
configuration
is
created,
and
it
also
is
a
means
to
efficiently
revoke
compromised
routes
of
trust.
B
B
Then
it
also
includes,
like
the
trust
policy,
in
a
way,
the
the
parameters
that
set
the
trust
policy
of
the
isolation
domain
like,
for
instance,
the
validity
period
of
this
trust
root
configuration
the
grace
period,
which
is
the
periods
during
which
two
trust
root
configurations
are
valid,
which
are
the
it
sets
the
core,
as
is
of
the
trust,
no
not
to
thrust,
but
the
isolation
domain
and
several
more
parameters.
B
B
How
do
you
say
these
certificates
are
used
to
verify
these
other
certificates,
but
the
corresponding
private
keys
are
used
to
sign
these
certificates,
so
the
root
private
key
is
science
to
ca
certificate
and
the
ca
private
key
is
used
to
sign
the
as
certificate
and
then
the
other
way
around.
The
public
keys
are
used
to
verify
these
certificates
and
then
the
asses
they
signed
the
control
plane
messages.
B
B
It
is
scoped
on
isd
level
and
it
transforms
in
a
way
that
potential
distrust
or
possible
distrust
among
different
parties
into
a
mutually
accepted
trust
bond,
and
it
is
important
to
mention
that
not
all
member
members,
member
asses,
do
need
to
trust
each
other,
but
they
shouldn't
trust
the
core
assets
of
an
isd,
the
isd's
certification
authorities
and
the
voting
ass-
and
here
you
see
also
graphically
this.
This
function,
graphically
displayed
like
inputs,
are
these
policy
parameters
and
the
required
keys
and
certificates.
The
function
is
in
a
way,
the
bootstrapping
and
then
later
on.
A
Yeah,
I
did
so
pop
back
to
the
the
last
slide,
real
quick.
So
like
the
thanks,
the
there's,
the
set
of
entities
that
need
to
be
trusted
by
any
member
as
these
entities,
don't
necessarily
each
have
their
own.
A
Might
this
structure
doesn't
necessarily
have
to
overlay
the
organizational
structure
of
how
all
of
this
is
set
up
right
like
because
there's
the
there's
the
cryptographic
question
of
like
who
has
the
material
to
be
able
to
sign
a
thing,
but
then
there's
also
sort
of
like
the
organizational
structure
of
who
can
tell
the
people
to
sign
things
right
like,
and
how
does
do?
Do
we
get
into
like
the
question
of
what
the
organizational
structure
would
have
to
look
like
in
order
to
make
the
the
the
passive
trust
work?
B
It
is
not
as
in
detail,
it
is
not
part
of
this
presentation,
but
it
is
the
cas,
especially
they.
How
do
you
say
it?
They
can
be
asses
which
are
a
member
of
the
of
the
isd,
but
they
can
also
that
can
also
be
outsourced.
A
Right
because,
like
when
you,
when
you
get
into
sort
of
like
you
know
specifying
how
this
is
going
to
work,
if
you
compare
this,
for
example,
to
the
rpki
right,
the
rpk
has
a
set
of
protocols,
but
it
also
has
a
set
of
practices
and
procedures
at
the
irs,
and
those
are
also
important
for
the
general
trustworthiness
of
the
arrangement.
So
that's
probably
a
different
document.
I
just
wanted
to
to
raise
it.
B
There
is
there
is,
especially
in
the
draft.
There
is
a
bit
more
in
more
detail
described
how
this
signing
ceremony
should
be
set
up,
and
but
there
is
also
a
sign
also
explicitly
at
least
members
of
the
isd,
some
freedom
in
how
they,
how
they
organize
how
they
set
this
up,
and
also
yeah
yeah,
how
they?
How
do
you
say
this?
Who,
who
are
the
voting
asses,
who
are
the
core
asses?
That's
something
they
have
to
isds-
have
to
make
this
up
among
themselves.
A
B
Yes,
so
that's
can
I
continue
okay,
good
so
well
about
the
certificates
they.
As
I
said
already,
they
are
x,
509
version,
3
format
and
base
of
this
rfc
5280,
and
you
already
saw
there
are
three
kind
of
control:
plane,
certificates,
roots
certificates,
ca
certificates
and
as
certificates,
and
they
built
the
verification
chain.
B
Then
separate
of
this,
there
are
the
voting
certificates,
you
have
regular
voting
certificates
and
they
are
used
to
verify
a
regular
periodic
updates
of
trcs
without
important
changes
in
core
entities
or
policies.
B
So
this
is
more
like
if,
if
a
root
certificate
or
a
voting
certificate
expires
and
has
to
be
replaced
by
a
new
one,
but
in
case
there
are
really
yes
changes
in
the
set
of
core
asses,
for
instance
of
or
if
one
root
key
is
compromised.
That
must
that
it
can
be
possible
to.
There
might
be
a
sensitive
update
where
you
really
replace
a
specific
certificate,
and
this
is
called
a
sensitive
update
and
for
this
unity,
sensitive
voting
certificate
and
these
details
are
all
again
described
in
the
draft.
B
And
this
is
very
shortly
how
a
compromise
certificate
in
sign
can
be
revoked
for
the
root
certificate,
voting
certificate
or
core
as
certificates.
This
happens
through
updating
the
trc,
and
if
too
many
certificates
of
this
kind
of
certificates
are
compromised,
it
is
even
possible
that
a
trc
trust
reset
may
be
needed,
and
this
I
come
back
to
this
a
bit
later
on,
but
ca
certificates
and
also
the
non-core
as
certificates.
They
are
in
a
way
automatically
revoked
because
they
are
short-lived
certificates
which
only
live
for
11
respectively
three
days,
and
then
they
are
reissued
again.
B
B
And,
of
course,
nth
hosts
or
points
are
not.
They
do
not
only
communicate
with
asses
in
their
own
isd,
but
they
also
communicate
with
other
asses
or
maybe
are
even
also
part
of
other
isds,
so
they
need
to.
They
need
access
to
all
these
trcs
of
all
the
entities
in
isds
they
they
communicate
with,
and
the
question
is,
of
course,
how
do
they
get?
B
How
do
they
obtain
these
rs
trcs
of
these
neighboring
isds
or
relying
parties,
and
at
the
moment,
in
the
real
life
implementation
this
happens
manually,
so
the
operators
of
an
isd
they
really
receive
can
receive
new
or
updated
to
us,
these
trcs
through
multiple
channels,
like
really
out-of-band
mechanisms,
but
also,
maybe
that
they
discover
updated
trcs
via
pass
exploration
and
what
they
do
is
that
they
add
these
new,
updated
trcs
in
the
trust
store
manually,
but
we
hope
in
the
future
to
implement
an
automatic
discovery
mechanism
which
again
is
based
on
science,
past
exploration
and
resolution
method.
B
I
I
do
not
go
in
details
very
much
into
this
past
exploration
and
razor
resolution,
past
resolution
methods.
Now
this
will
be
part
of
the.
If
there
will
be
another
draft
about
the
control
plane-
and
you
can
also
it's
a
bit
more
explained-
also
in
the
draft-
so
what
is
a
trc
life
cycle?
B
First,
we
have
this
bootstrapping
of
trusts
in
an
isd
where
you
yeah,
the
first
initial
based
trc
of
an
isd
is
actually
created.
This
is
an
in-person
signing
ceremony
and
the
participants
are
a
representative
of
the
is
the
voting
ass,
a
ceremony
administrator
and
a
neutral
witness,
and
they
have
in
advance
of
this
signing
ceremony.
B
They
have
to
agree
upon
these
parameters,
which
are
which
sets
the
policy
the
trust
policy
of
an
isd
they
also
have
to
agree
and
on
the
set
of
route
certificates
and
of,
of
course,
also
what
you
were
talking
about,
brian
also
in
itself
on
the
organization
of
this.
This
publicly.
B
This
infrastructure
in
itself,
so
who
is
who
will
be
voting,
will
be
voting
as
who
will
be
a
a
certification
authority
core,
as
a
thing
like
that
that
that
is,
it
is
assumed
that
this
is
how
results
negotiated
in
advance
before
this
bootstrapping
of
trust
ceremony
ceremony.
B
What
happens
in
the
very
first
designing
ceremony
is
that
also
the
number
of
the
isd
is
selected,
and
then
there
are
four
phases
of
this
ceremony.
First
is
that
the
certificates
which
are
part
of
the
trc
are
exchanged?
B
Then
the
parties
which
are
present
present
sign
the
trc,
and
then
it
is
validated,
and
if
this
all
of
this
has
been
has
been
passed,
then
it
is
distributed
out
of
band
throughout
our
isd,
and
so
it
is
also
like.
This
is
not
something
which
is
really
fixed.
Every
isd
can
set
up
this
ceremony
itself
like
the
way
they
they
like
it,
but
of
course
it
should
be
more
or
less
along
these
lines
and,
of
course,
the
trc
itself,
how
it
should
look
like
is
defined.
It's
also
written
in
this
draft.
B
So
in
the
the
output
of
this
ceremony
should
be
a
valid
trc
and
then
also
for
tlc
updates,
especially
sensitive
updates.
You
can
it's
up
to
the
isds
whether
they
will
create
another
in-person
ceremony
or
if
they
do
this
automatically.
These
aspects
are
a
bit.
We
give
the
isd
a
little
bit
freedom
in
how
they
do
this.
B
First,
they
are
usually
updated
as
already
said
that
when
a
root
or
voting
certificate
certificates
expires
and
is
replaced,
so
just
a
regular
update
and
then
it
can
also
be
necessary
to
update
tier
c
when
a
one
root
key
is
compromised
or
when
there
is,
for
instance,
a
change
in
core
asses,
but
if
in
very
very
catastrophe,
situations
or
really
serious
situations,
when
more
than
so
many
keys
are
compromised
that
it
is
not
possible
anymore
to
vote
for
an
updated
trc,
it
must
might
be
pos
needed
to
really
totally
revoke
on
trc
and
reset
it.
B
This
is.
This
is
called
trust
reset,
and
this
is
also
something
which
I
an
isd
or
the
members
of
the
isd
have
to
decide
in
the
beginning
already
whether
they
allow
this
or
not
so
it
can
be.
You
can
set
as
one
of
the
parameters.
You
can
define
a
no
trust
resets.
What
is
it
parameter
and
and
really
explicitly
say
we
do
not
want
to
have
to
have
a
truss
reset,
because
it's
it's
too
much
of
a
hassle
and
too
much
of
risk
risk,
but
suppose
it
happens.
B
Then
a
new
base
trc
is
created
and
because
this
is
really
across
resets,
it
cannot
be
verified
with
certificates
which
were
in
the
previous
trc.
So
this
again
this
first,
this
new
base
tlc,
must
be
actually
axiomatically
trusted
and
then
it
also
must
be
distributed
out
of
bands.
B
B
There
is
a
new
trc
which
is
signed
by
a
number
of
votes
defined
in
the
previous
trc,
and
then
this
the
number
of
this
new
trc,
the
ids
of
this
new
trc,
is
announced
in
science
control,
plain
messages
and
even
ais
then
discovers
that
it
does
not
have
this
new
trc,
because
the
trc
it
has
that
the
number
is
is
lower
than
the
one
of
the
new
one.
It
can
fetch
it.
It
can
ask
for
it.
B
It
can
ask
them
how
to
say
the
a
s
that
sent
a
control
play
message
to
get
the
new
trc
and
through
this
mechanism,
the
new,
the
new
trc
with
the
new
truss
roots,
propagates
quite
rapidly
through
the
network,
so
really
within
minutes
or
yeah
in
maybe
in
a
bad
case
in
hours.
But
this
is
this
goes
very
fast
or
relatively
fast.
Maybe
I
don't
so
now.
I
have
like
explained
a
little
bit
in
theory
how
how
this
works,
but
it's
not
only
a
theory.
It
is
really
also
already
deployed.
B
We
have
already
two
industry-grade
implementations
in
switzerland.
One
is
so
this.
The
control
plane
pica,
is
in
in
use
by
the
main
financial
infrastructure
and
service
provider
of
switzerland,
the
sixth
group,
and
if
you
click
on
this
link,
it
goes
to
a
page
of
six
where
they
explain
how
they
use
it.
And
then
there
is
another
implementation
which
is
based
on
the
hashicorp
hashicorp
vault
and
the
design
implementation
company
anapaya
has
also
a
website
where
they
explain
how
this
works.
B
So,
if
you
I
don't
know
the
the
slides
are
available,
I
think
afterwards
and
people
who
are
interested
in
this.
They
can
then
click
these
links
and
have
a
look
at
it.
How
it
works.
B
Yes-
and
there
is
also
an
open
source
implementation
in
our
so-called
sign
proto.
What
is
it
open
source?
Yes,
sign,
lab
installation,
and
there
you
can
also
there.
You
can
also
have
a
look
and
there
you
can
also
see
how
how
it
is
implemented
there.
So
it
really
it.
It
is
really.
It
works.
A
We
have
like
three
different
implementations:
do
these
interoperate
with
each
other,
like,
as
I
understand
it,
sort
of
like
the
the
like
the
scion
lab
and
the
industrial
code
bases
are
not
yet,
or
at
least
the
last
I
I
I
looked
were
not
yet
sort
of
aligned
with
each
other.
Are
these
implementations
of
the
same
protocol
or
they
worked
examples
that
this
approach
to
doing
trust
root
configuration
works
like
could
I
connect?
A
C
So
as
far
as
I'm
aware,
I
think
the
general
that
this
player
is
incorporable,
but
I
think
there
might
be
some
extensions
that
are
not
part
of
the
core
pki
that
are
not
equally
deployed.
So
some
of
the
extensions
are
only
deployed
on
the
experimental
research
network
in
lab,
but
not
on
the
productive
one.
C
A
B
Yeah
so,
but
it's
in
it's
an
interesting
point.
Definitely
I
mean
okay,
so
so
now,
I'm
already
coming
to
the
end
of
the
presentation
which,
as
I
already
said,
is
very
really
some
some
summary
of
of
what
is
explained
in
the
drafts-
and
I
also
I
mean
nikola
also
also
said
it,
and
I
was
already
even
already
in
discussion
that
yeah
we
have
now
these
three
active
drafts
and
and
yeah
we
were.
We
are
just
thinking
how.
How
can
we?
B
What
would
be
the
next
steps
into
the
possible
adoption
process
and
well,
we
already
discussed
this
a
bit
so
yeah.
Maybe
now
that
you,
I
don't
know
if
anybody
has
seen
the
draft
itself,
I
mean
this
was
only
the
presentation
but
yeah
this.
This
could
maybe
also
be,
for
instance,
something
which
could
go
in
the
independent
submission
stream.
I
don't
I
don't
know,
but
so
this
is
something
we
are
really
you.
You
realize,
because
also
nikola
had
this
question.
We
just
are
figuring
out
how
we
can
continue
from
now
on.
B
Yes
and
thank
you
very
much
for
for
your
attention
and
if
there
are
questions,
I'm
very
happy
to
answer
them,
maybe
first
on
on
the
pki
itself,
the
control,
plane,
pki
and,
and
then
also
maybe
we
can
discuss
a
bit
further
these
these
things
we
already
discussed
with
nikola,
okay,.
D
Yeah-
this
has
already
been
said
just
not
by
me.
The
word
adoption
here
is
is
really
confusing
and
there
are
very
different
things
that
that
can
be
done
by
an
adoption
and
in
a
research
group.
Adoption
essentially
means
that
the
research
group
thinks
this
is
interesting
stuff.
It
doesn't
mean
that
anything
is
good
or
works,
or
it
could
be
the
basis
for
for
a
major
engineering
effort.
It's
just
interesting
research,
so
I
I
wouldn't
get
my
hopes
up
just
because
this
research
group
thinks
this.
This
is
interesting
stuff.
D
I
said
that
the
proof
will
be
in
the
pudding
in
the
end,
so
I
I
think
that
the
the
fact
that
that
penergy
hasn't
been
talking
about
anything
for
a
few
years
for
a
few
months
already
is
an
indication
that
cyan
is
is
interesting.
So
we
have
already
generated
that
and
how
we
actually
handle.
The
specific
documents
depends
on
what
we're
trying
to
do.
The
ise,
independent
submission
part
is
good
for
one
actor
just
going
ahead
and
describing
what
they
did.
D
Looking
at
this,
this
pki
stuff,
there
are
certainly
models
that
could
be
applied
for
describing
what's
going
on
in
this
pki
draft,
and
it
would
be
useful
to
to
see
how
these
these
models
describe.
D
B
Yeah,
that's
a
very
good
point,
because
the
draft
I
also
we
submitted
is
really
a
very.
It
was
a
really
very
first
version
because
we
were
asked
to
submit
some
submit
something
and
we
had
not
so
much
time.
So,
like
things
like
this,
we
definitely
want
to
have
a
section
where
we
do.
You
know
some
kind
of
glossary
where
we
define
all
these
terms,
which
is
now
you
are
totally
right.
B
Yeah,
I
think
you
also,
I
mean
the
point
is
also
that
we
we
have
this
very
broad
question,
because
we
are
just
a
bit
like.
I
think
we
we
are
just
a
bit
trying
to
find
out
in
what
can
be
yeah.
How
can
we
proceed
because
in
the
end
we
have
10
drafts
or
something
and-
and
you
know
we
should-
we
want
to
try
to
continue
in
a
way
with
some
of
the
things
we
we
started
now.
Yeah.
A
As
as
an
individual,
I
will
well
second
carson's
point.
I
think
that
talking
about
terminology
is
something
that
we
do
very
well
here,
and
we
can
do
quite
a
lot
of
it.
Actually,
we
need
to.
I
was
reminded
today
that
we
need
to
get
back
to
our
our
path
properties
vocabulary
document
because
it
expired,
so
that
will
also
be
on
the
agenda
in
london.
A
A
I
I'm
not
sure
how
to
do
this,
but
the
group
of
people
who
sort
of
showed
up
in
panergy
at
the
beginning
because
of
like
the
work
that
started
off
at
the
beginning
were
were
very
transport
protocol,
oriented
people
and
we
kept
doing
things
like
scheduling
against
routing
working
group
things,
and
that
was
not
great
and
and
now
we
do
have
people
from
the
routing
area
looking
at
things,
but
digging
into
I'm
not
sure
that
the
people
who
are
in
the
room
right
now
like
so
who
generally
are
you
know
engaging
on
the
panoramic
list
and
showing
up
in
the
meetings
as
well
as
the
interims,
are
necessarily
of
a
security
bent
to
like
really
have
the
the
the
most
useful
input
on
the
terminology.
A
The
looking
at
the
draft
as
it
is
right
now
like
so
like
it's.
It's
sort
of
a
description
of
what's
there.
I
I
think
if
we
go
the
route
of
of
you
know
adopting
it
and
working
on
this
draft
a
bit
more
in
the
research
group
before
we
send
it
somewhere,
it's
going
to
turn
into
a
very
different
draft
right,
like
it's
going
to
be
generalization
of
this
approach,
because
there's
a
lot,
that's
very
specific
about
right.
A
So
I
think
the
draft
makes
the
case
very
well
about
why
you
can't
just
sort
of
lift
and
shift
the
rpki
into
like
a
scion-like
network.
Right
like
this
idea
of
isolation.
Domains
is
fairly
fundamental
and
that
comes
with
sort
of
different
ceremonies
and
existing
pkis.
It
comes
with
different
actors:
you're,
using
a
lot
of
the
same
sort
of
presentation,
layer
and
application
layer
concepts
where
you're
using
x509
three
you
have
like
the
the
the
formats
are
are
interoperable
things
that
we
already
have.
A
We
already
have
experience
with,
but
the
arrangement
of
the
components
is
different,
so
yeah.
I
think
that,
like
focusing
on
bringing
this
into
the
research
group
and
and
talking
about
sort
of
like
terminology
and
generalization
seems
quite
interesting,
I
want
to
have
a
discussion
on
again.
We
have
11
people
here
right
now.
A
I
want
to
have
a
broader
discussion
on
the
list
and
then
revisit
this
on
the
agenda
in
london,
but
we
really
would
have
to
get
some
security
people
interested
in
coming
coming
and
hanging
out
with
us
to
help
with
that
work.
B
E
Yeah,
I
think
I
think
I'd
agree
with
that.
I
think
that
there's
there's
definitely
scope
for
an
interesting
discussion
about
the
different
security
models
and
how
that
and
how
to
interoperate
between
the
different
models
and
what
are
the
trade-offs
and
so
on,
and
I
think
there's
a
bunch
of
interesting
research
questions
there.
E
I'm
not
sure
that's
what
this
this
current
draft
is.
This
seems
more
of
a
description
of
what
what
is
implemented
now
and
I
think
how
to
proceed
that
I
think,
really
depends
on
what
your
goal
is.
If
your
goal
is
to
document,
what's
what
exists
now
as
a
set
of
rfcs,
then
you
know
the
independent
stream
would
seem
like
the
right
way
to
do
it.
E
You
develop
a
standardized
version
and
perhaps
to
understand
which
pieces
you
know
how
to
you
know
incorporate
some
of
the
trust
models
that
exist
in
the
current
internet
and
how
to
interact
with
them
and
standardize
it
and
and
bridge
that
into
the
scion
world.
Then
you
possibly
want
some
combination
of
the
itf
work
and
the
irtf.
B
That
would
be
almost
academically
like
research,
really
about
more,
like
how
you
say
that,
then
you
don't
think
any
more
about
how
it
is
implemented
now.
But
you
you
are
more
like
it's
more
like
almost
on
a
philosophical
level,
not
not,
of
course,
but
more,
like
really
talking
about
models
and
comparing
them
and
seeing
how
they
yeah.
E
I
I
think,
if
you,
the
sorts
of
things,
a
research
group
would
do
would
be
more
on
the
academic
side
she
wants.
You
know,
obviously
it
this
seems
like
something
that
could
be
mature
enough
to
standardize
and
that
would
involve
taking
it
to
the
ietf
and
letting
them
take
change
control.
And
I
would
guess
that
one
of
the
questions
they
would
ask
is
well.
E
How
can
we
interwork
the
the
security
model
of
scion
with
the
security
models,
or
lack
thereof,
that
we
have
in
the
internet
and
there's
going
to
be
some
things
which
are,
I
think,
clear?
How
to
do
it
and
the
standards
world
could
can
advance
that,
and
there
are
probably
some
some
questions
which
would
be
more
on
the
research
side
and
you'd
end
up
with
a
a
bit
of
activity
in
both
the
ietf
and
the
irtf.
E
But
again
that
would
be
evolving
what
you
have
if
in
a
particular
direction
versus.
Are
you
just
publishing
what
you
have
now
as
a
record
of
the
existing
system.
C
E
B
That's
where
you
want
to
summarize
what
has
been
said,
the
the
two
documents,
the
overview
document
and
and
the
cppi
are
really
describing.
What
what
is
there
now
so
you
this
would
be
more
appropriate
for
the
I,
the
independent
ise
stream
over
is
its
submission
or
and
what
the
the
draft
of
niklas
draft
is
a
bit
more,
maybe
a
bit
more.
How
do
you
say
it?
B
E
Yeah
I
mean
the
draft
you
have
for
the
pka
now,
for
example,
looks
to
me
as
someone
who
doesn't
really
understand
pkis.
It
looks
to
me
like
a
perfectly
reasonable
protocol
spec
and
if
what
you,
if
your
goal,
is
to
document
what
you
have
now
then
publishing
that
that,
as
an
independent
stream
document
would
seem
like
a
reasonable
thing
to
do
right
now,.
B
E
Independent
stream
has
done
that
in
a
bunch
of
occasions.
You
know
company
x's
protocols
do
why
if
the
goal
is
to
bring
it
into
the
ietf
and
turn
it
into
a
set
of
standards
documents,
then
that
might
be
a
starting
point
for
that
process.
But
what
you
end
up
with
might
look
quite
different
after
the
itf
process
is
run.
E
If
the
goal
is
to
see
some
research,
then-
and
I'm
not
sure-
that's
quite
the
right
document,
because
it's
focusing
on
what
you
have
rather
than
what
are
the
open
questions.
D
Yeah,
I
just
wanted
to
point
out
that
this
is
not
an
alternative
right.
You
can
go
for
an
ic
publication
of
of
what
you
have
today
and
still
go
to
the
research
group
and
and
ask
for
help
putting
this
in
into
a
more
general,
understandable
framework
and-
and
I
haven't
read
the
document-
so
I
don't
know
whether
it's
it's
ready
for
for
ise
publication,
but
I
think
that
might
be
a
quite
attractive
approach
and
you
can
even
pursue
this
in
in
parallel.
D
E
And
it
may
even
be
that
it
may
even
be
that
all
three
of
these
happen
in
parallel
in
the
you
know,
publishing
what
you
have
now
on
the
independent
stream
while
simultaneously
saying
okay,
there
are
these
bits
which
are
standardizable,
which
we
should
try
and
take
into
the
ietf.
And
there
are
these
open
research
questions
which
we
should
bring
into.
B
E
You
know
yeah
that
it's
a
question:
what
are
your
goals.
B
C
Thanks
all
right,
sorry
we're
in
nothing
room
so
so
yeah.
I
think
the
goal.
What
what
colin
mentioned
makes
a
lot
of
sense.
So
the
goal
is
definitely
to
somehow
document
what
is
existing,
especially
because
because
of
the
existing
deployments
that
I
mean
as
we,
for
example,
before
we
mentioned,
there's
different
pkis.
Some
basically
is
interoperable,
but
some
extensions
are
not
so
clearly
defining
a
boundary
there.
What
is
let's
say
the
per
minimum
would
be
very
beneficial
for
for
those
initial
deployments,
so
that
would
be.
C
I
think
it
would
be
beneficial
to
go
through
the
isc,
but
as
mentioned,
this
does
not
exclude
continuing
the
research
part,
because
there
is
still
a
lot
of
research.
I
mean
also
here
at
ath.
There
is
a
lot
of
research
and,
besides
that,
there's
also
other
people
that
sometimes
join
discussions
here,
mostly
at
banerjee,
but
also
at
other
groups,
because
there's
a
lot
of
research
on
many
aspects,
for
example,
transition
mechanisms
and
so
on
and
of
course,
moving
into
the
itf
for
a
bigger
standardization
work.
C
I
think
this
would
also
be
beneficial
because
there
are
some
engineering
challenges
that
I
mean.
Some
of
them
are
already
addressed
with
the
early
deployments,
but
I'm
sure
there
are
more
where
so
far
things
are
not
very
clearly
defined.
So
I
think
this
would
also
be
very
beneficial,
but
perhaps
at
the
later
stage.
So
I
hope
that
adds
something
to
what
we
discussed
before
I'll
leave
it
to
the
next
in
the
queue.
A
Great,
so
it
it
seems
like
there's
four
documents.
This
is
just
me
thinking
aloud.
This
is
not
me
with
my
chair
hat
on.
It
seems
like
there
are
four
documents
that
should
go
to
the
ise
there's
the
overview,
there's
the
pki,
there's
the
control
plane
and
then
there's
the
data
plane
right
like
so
those
four
specifications
and
those
would
be
sort
of,
like
you
know,
a
an
exposition
on
the
existing
deployments
of
the
scion
internet
architecture
right
and
that
that
set
of
four
documents
would
be
would
form
the
basis.
A
I
think
of
everything
else
that
that
you
all
want
to
do
in
this
space
right
like
so
that's
you
have
a
published
thing.
You
can
point
to
it.
You
have
like
a
a
you're
engaging
with
the
outer
community
and
say
these
are
the
things
that
work.
These
are
the
things
that
didn't.
This
is
how
we
why
we
built
this.
The
way
that
we
did,
those,
I
think,
are
going
to
be
very
useful.
A
Regardless
of
what
like
nicolas
said
like
there
are,
there
are
engineering
challenges
that
would
be.
That
would
be
useful
to
address
in
a
in
a
form
like
the
ietf.
Those
are
all
going
to
push
toward
building
sort
of
like
interoperable
components
like
in
the
component
analysis
where
you
could
actually
sort
of
like
you
know.
I
mean
build
this
into.
You
know
the
actual
next
internet
right,
which
is
the
the
long-term
goal.
A
I
agree
with
with
everything
that
colin
and
carson
said
here
that,
like
you,
don't
have
to
pick
one,
but
I
would
also
say
you
have
a
finite
amount
of
time,
and
I
think
probably
the
place
to
put
the
time
now
would
be
in
refining
the
documents
for
ise
publication
like
getting
something
there
that
you
can,
like.
You
know,
stick
a
pin
in
the
sand
and
say
this
is
where
we
are
starting.
A
At
the
same
time
with
you
know,
my
pan
rg
chair,
head
on
I've,
heard
a
few
things
mentioned
here.
That
would
be
documents
that
you
could
start
in
parallel
and
start
a
discussion
within
this
research
group.
One
is
like,
let's
actually
explore
the
space
of
of
pkis
and
architectures,
that
look
like
scion.
One
is
developing
a
vocabulary
that
is
more
precise
for
dealing
with
with
trust
and
authorization
in
pathway
networks.
A
B
Thanks
this
is
really
very
helpful.
I
think
I
mean
for
me
yeah.
Thank
you
very
much,
and
I
also
for
me
it's
also
very
clear.
Now
I've
cleared
the
different.
What
is
it
the
the
difference
between
this
ise
and
also
what
what
you
in
your
group
would
like
to
to
see
and
discuss?
B
That's
so
definitely
the
the
the
ones
the
overview
and
the
control
plane.
Pke
are.
How
do
you
say
it's
much
to
play
in
a
way
for
for
for
your
group,
I
mean
it's,
it's
just
descriptive
and
and
not
how
do
you
say
it's
not
not
so
much
food
for
salt.
You
know
like
yeah,
yep,.
A
So
I
think
that
that,
like
something
that
I've
seen
and
I
see
the
queue
growing,
but
I
am
going
to
address
this
one
first,
sorry
chairs
prerogative,
a
thing
that
I've
seen
in
the
the
three
meetings
that
we've
done
so
far
talking
about
sort
of
scion
in
general.
Is
that,
like
every
time
we
have
an
overview
there?
Are
people
engaging
in
this
room?
Saying
that's
an
interesting
research
question.
That's
an
interesting
research
question!
That's
an
interesting
research
question!
A
I'm
I'm
not
sure
it
makes
sense
to
have
sort
of
like
the
development
of
these
ise
documents,
be
a
thing
that
happens
in
the
research
group
right
because
they're
like
it's
for
a
different
thing,
but
I
would
like
to
see
sort
of
periodic
updates
within
pan
rg
on
here's.
What
we're
working
on
right
now
because
like
when
that
gets
presented
in
this
forum
like
every
time
you've
brought
something
here,
you've
gotten
like
feedback
that
I
think
is
useful
to
the
research
community
and
useful
to
yourselves
right
like
so.
A
I
think
this
is
that
part
of
this
this
this.
This
interaction
is
working
very
well
and
I'd
like
to
see
that
continue.
So
maybe
it's
focus
a
bit
on
the
ise
stuff
now
but
give
presentations
about
it
here
and
then
we
continue
having
like
I.
I
hope
that
next
time
we
have
like
slightly
more
attendance
for
the
interim,
I'm
I'm
a
little
surprised
that
we're
only
10
today,
but.
A
A
That's
super
interesting
right,
but
I
I
think
we
need
to
cast
the
net
a
little
bit
wider.
Maybe
in
london
try
to
do
a
very
fast
presentation
on
this
in
this.
What
the
security
area
open,
sag.
B
Based
on
what
you
say,
I
think
there
will
be.
There
are
two
type
two
horizons.
We
have
the
the
documentation
of
what
is
really
there
and
also
implement
it
so
so
like,
and
then
there
is
the
what
is
this,
the
stream
or
what
it?
What
how
do
you
say?
B
It's,
the
the
part
where,
where
we
have
the
more
theoretical
discussion
which
can
be
held
in
penalty-
and
I
I
guess
this
can
also
be
very
interesting-
maybe
I
don't
know-
I'm
really
just
thinking
loud
now
for
phds
or
or
yeah
like
people
who
who
really
do
research,
so
we
should
discuss
it
with
adrian,
of
course,
yeah
how
how
we
can
streamline
or
organize
this.
A
You're
welcome
nicola
go
ahead.
Let
me
catch
up
on
the
notes.
C
Yeah,
I
I
think
I
think
you
already
partially
answered
my
question,
so
it
was
really
about
the
expectations
from
panergy
and
yeah
how
it
should
track.
So
I
think
that
is
somehow
clear
regarding
your
next
point.
You
you
mentioned
maybe
presenting
this
somewhere
at
the
security
area
or
how
would
this
work
if,
if
we
are
also
perhaps
developing
something
with
a
independent
stream,
would
it
be
just
presenting
hey.
A
A
There's
this
document
which
we're
doing
to
the
ise,
but
we're
having
discussions
about
research,
questions
that
this
document
throws
up
right
like
so,
and
we
noticed
that
panergy
is,
is
basically
transporting
routing
geeks
and
we
need
some
security
geeks
in
there
right
like
so
that's
you
know
you
can
send
that
out
to
the
to
the
mailing
list
as
well
right
like
so
the
and
the
idea
is
that
you
get
some
you
get
some
more.
You
get
some
more
eyeballs
on
the
drafts
that
are
going
to
the
ise
right.
A
Like
I
mean
those
drafts
are
still
they're
still
internet
drafts,
anybody
can
read
them
right,
but
you're
being
very
clear
that
hey
no!
This
is
not.
This
is
not
the
start
of
a
standardization
process,
it
might
be
the
basis
of
future
standardization.
This
is
us
documenting
this
for
the
benefit
of
future
research
and
future
standardization.
But
but
you
know
here
are
the
documents,
and
we
talk
about
research,
questions
that
might
pop
up
around
this
in
panargy.
A
Please
join
us
right.
It's
a
little
bit
like.
I
think
you
want
to
send
that
to
the
list
first,
because
I'm
going
to
be
like
very
adamant
that
we
don't
schedule
pan
energy
on
friday,
and
I
think
sag
is
always
on
thursday
afternoon
right
like
so
that
the
timing
might
not
line
up
right,
but
yeah
I
mean
you
can
also
like
I've
done
it
before.
Where
I
go
to
like
tsp
area,
I'm
like
hey,
you
just
missed
a
great
meeting.
Please
join
us
in
the
mailing
list
right.
This
is
like.
D
So
if
we
find
something
here
that
really
can
be
or
should
be
spin
spun
out
to
something
that
that
is
focusing
on
on
security
and
authorization
and
so
on,
we
probably
want
to
discuss
this
in
a
larger
irtf
context.
I
mean
the
result,
could
be
that
we
say:
okay,
that's
still
fine
to
do
in
penergy,
but
that
should
be
the
result
of
a
discussion
and
not
just
the
presumption.
A
Panergy,
I
am
mortally
offended
by
the
the
idea
that
there
are
other
research
groups,
but
I
agree
wholeheartedly
with
you
yeah.
I
think
that
that
yeah-
I
I
don't
want
to
say.
Yes,
we
need
to
bring
everybody
into
pan
energy.
I
I
want
to
say
more:
we
need
to
make
sure
that
we
get
this
in
front
of
the
right.
The
right
eyeballs-
and
I
am-
I
am
happy
again
tear
hat
on
for
this-
to
be
the
default
form
for
those
things,
but
but
yeah.
A
I
think,
actually,
I'm
going
to
call
karsten
or
I'm
going
to
call
call
into
the
microphone
to
answer
the
question
of
sort
of
like
the
best
way
to
engage
irtf
wide.
With
this.
E
E
I
think
right
now.
If,
if
we
tr,
we
try
and
move
move
it
to
a
different
home
or
scatter
the
work
too
widely,
then
we're
going
to
dilute
the
efforts
and
yeah
we're
not
currently
over
overflowing
with
people
in
this
group.
D
Custom-
I
I
wasn't
talking
about
moving
so
that
the
the
interesting
thing
about
all
these
groups
we
have
in
in
the
iitf
is
that
they
are
all
very
virtual,
so
it's
more
like
pulling
in
other
groups
and
and
making
sure
their
specific
expertise
on
on
some
aspects
of
this
could
be
used.
Obviously,
the
the
the
actual
model
of
of
players
and
and
actors
and
objectives,
and
so
on,
is
very
pathway
specific,
so
so
pen
will
always
be
an
anchor
for
this
activity.
I
was
just
pointing
out.
A
Notetaker,
at
the
same
time,
so
I'm
curiously
typing
over
in
the
corner.
I
will
continue
catching
up
on
that
and
publish
some
minutes
at
the
end,
but
I
went
to
before
you
know,
going
off
and
doing
the
closing
and
giving
everybody
32
minutes
back.
Ask
if
there
are
any
other
points
of
discussion
or
questions
that
people
would
like
to
raise
or
any
other
questions
that
the
presenters
would
like
to
ask
the
room.
A
C
So
maybe
just
in
view
of
london,
I
guess
we
would
just
polish
a
bit
the
draft.
So
if
there's
any
feedback,
maybe
also
if
people
want
to
share
it
on
the
mail
as
well.
I
think
this
could
be
a
thing
and
we
could
perhaps
provide
a
short,
updated
panel
tree
just
to
check
and
yes,
but
I
think
more
than
that
it
would
be
difficult.
We
were
also
thinking
to
maybe
organize
some
something
into
hackathons,
so
people
could
get
their
hands
dirty
but
yeah.
C
A
C
A
That
actually
the
way
things
are
going
in
the
the
ietf
now
you're,
you
might
be
more
successful,
attracting
security
geeks
to
come
and
have
a
look
at
this
by
having
a
hackathon
table,
then
by
showing
up
at
sag
right,
like
so
there's
a
lot
more
a
lot
more
energy
over
in
the
hackathon
side
of
things.
So
I
think
that
is
like
very
good
advice
to
yourself.
C
B
Yeah,
brian,
yes,
I
was
not
sure,
but
did
I
did
you
say
what
did
you
say
that
the
penalty
meeting
is
prob
likely
on
friday
in
london?
No.
A
Wait
if
I
can
make
it
to
london,
which
is
actually
not
certain
right
now,
then
I
have
to
leave
on
thursday
and
I
wouldn't
be
able
to
attend
remotely
friday
in
any
energy.
B
A
Yeah,
I
will
I
we
don't
actually
have
the
the
the
request
in
yet.
Actually
one
of
the
things
I'm
going
to
do,
as
I
give
everybody
30
minutes
back,
is
take
some
of
that
time
for
myself
to
actually
go
make
that
happen,
and
I
will
be
you
know
I'll
put
the
please
please,
please,
please,
please
don't
put
due
friday
on
there,
because
I
would
very
much
like
to
be
able
to
go
cherry.
A
Thanks
to
the
presenters
thanks
to
thanks
the
participants,
I
will
send
the
minutes
out
as
soon
as
I
finish
remembering
what
was
said
when
I
overran
them
and
we
will
see-
hopefully
many
or
all
of
you
in
london
thanks
a
lot.
Everyone
have
a
great
day.