►
From YouTube: IETF-KITTEN-20230117-1700
Description
KITTEN meeting session at IETF
2023/01/17 1700
https://datatracker.ietf.org/meeting//proceedings/
A
A
A
Right
with
that,
this
session
is
being
recorded,
we
are
using
mitako,
which
is
online
web-based
platform.
We
have
notes
which
are
linked
here.
There
are
I
just
discovered
five
minutes
before
the
meeting
that
the
link
I
used
was
not
the
same
one
using
data
tracker,
so
I
added
a
redirect.
There
can
I
ask
somebody
to
take
notes.
This
doesn't
have
to
be
Blow
by
blow
discussion.
That's
just
main
points
when
there
are
discussions,
no
need
to
write
down,
slides
or
text
of
presentation,
just
basically
questions
answers.
A
Nadia
I
hope
that's
how
you
pronounce
your
name.
That
would
be
great
if
you
can
take
notes
again
just
keep
the
presentations.
If
there
are
any
questions
after
that
or
if
there
are
perfect
excellent
I
know
both
of
you
are
will
be
speaking
or
presenting
bits
so,
but
I
hope
you
can
cover
for
each
other.
So
thank
you
for
that.
A
A
Today,
I
will
basically
be
reviewing
various
stuff
around
so-called
social
too,
that
came
out
of
xmpb
software
Foundation
and
whether
there
is
enough
interest
in
doing
something
like
this
in
ITF.
So
it
just
does
that
doesn't
just
cover
xmpp,
but
it
can
be
used
more
generally,
I'll
do
a
quick
update
on
scrap
two-factor
authentication
draft,
we'll
talk
about
faster
authentication
mechanism
and
quick
update
on
OPEC
Sasol
mechanism.
A
Thank
you
so
for
the
social
2.
Actually,
there
are
two
presentations.
There
is
a
bigger
one
and
then
the
rake
asked
about
shared
key
derivation,
so
he
has
a
smaller
one.
So
I
know
it's
not
something
that
necessarily
was
discussed
in
xsf,
but
I
kind
of
group
them
together
because
they
seem
to
belong
together.
A
A
A
A
C
A
A
A
C
Yeah
so
as
Alexi
was
saying,
and
we've
been
working
on,
xmpp
sassel
2
stuff
over
at
the
xsf,
this
started
quite
a
while
ago
we
had
an
xmpp
Summit
I,
think
it
was
2016.
2017
and
Dave.
Quidland
wrote
up
a
bunch
of
stuff
that
we'd
been
thinking
about
and
invented
some
new
things,
basically
to
solve
a
whole
range
of
issues.
So
we'll
we'll
we'll
have
a
look
at
all
of
those,
so
xmpp
uses
Sasol
for
authentication,
that's
defined
in
the
core
RFC.
C
It's
pretty
much
the
same
as
any
other
protocol
using
Sasol.
We
just
do
a64
encoding
and
but
in
XMP
it's
wrapped
in
XML.
It's
basically
the
only
authentication
method
that
we
use
these
days.
So
it's
implemented
in
every
xmpp
server.
Every
xmpp
client
in
practice,
everyone's
using
scram,
Shell
One,
mostly
at
the
moment,
and
some
deployments
use
plane
for
reasons.
C
C
Dave
also
wrote
some
initial
implementations
and,
and
then
it
kind
of
sat
for
five
years
with
no
one
in
the
community
really
interested
in
it
and
then
in
2022
I'm,
not
sure
what
happened
this,
the
Stars
aligned
I
I,
got
a
grant
to
work
on
some
stuff
related
to
authentication
and
authorization,
including
two-factor,
authors
and
and
stuff
like
that,
and
so
I
immediately
Revisited.
This
extensible
Sasol
profile
and
I
thought.
C
C
But
we
have
all
these
things
around
it
now
sort
of
bolted
on
we've
tried
to
as
much
as
possible
keep
an
open
mind
as
to
whether
things
will
progress
at
the
ietf
and
therefore
you
know
be
adaptable
to
xmpp
again
it's
It's
Tricky,
so
there's
lots
of
things
to
talk
about
there.
So
I
think
I
think
we'll
have
to
have
a
discussion
about
that.
C
C
We
changed
some
things
about
Dave's
original
draft,
rather
than
the
challenge
response
within
tasks
we
changed
to
bi-directional.
Any
site
can
speak
at
any
time
thing
which
we
may
or
may
not
want
to
keep.
The
reason
for
this
was
in
some
cases
we
had
the
client
waiting
for
the
server
to
say
that
authentication
could
proceed
and
in
other
cases
we
had
the
server
waiting
for
the
client
to
say
you
know
the
provide
some
information,
basically
so,
for
example,
in
SMS
code,
you
would
want
to
wait.
C
So.
The
other
thing
to
note
about
this
is
we
change
from
a
simple
base64
payload
in
the
tasks
to
just
structured
XML.
That
was
partly
because
I
found
I
was
trying
to
shoehorn
all
this
information
about
different
tasks
into
something
that
could
be
serialized
and
then
put
into
base64
and
all
this
structured
data,
just
it
really
fit
nicely
as
XML.
C
Obviously,
we
might
not
want
to
mandate
XML
for
use
in
other
protocols,
but
it's
definitely
something
to
think
about
how
we
could
represent
stuff
in
in
a
nice
way
inside
the
tasks
themselves
and
I.
Don't
know
whether
that's
you
know
something,
we
want
to
standardize
for
all
tasks
or
maybe
on
a
task
by
task
basis
and
just
say
what
the
the
payload
type
is.
C
So
the
other
thing
we
did
was
client
identifiers
and-
and
this
is
a
new
one-
we
added.
There
are
a
few
reasons
we
wanted
to
be
able.
So
we
have
things
like
we
have
questions
like
which
clients
are
trying
to
use
these
outdated
Satchel
mechanisms
like
digest,
md5
and
such,
and
we
didn't
really
have
any
kind
of
user
agent
pre
sassle
in
in
xmpp.
So
we
wanted
to
include
that,
along
with
the
initial
Authentication,
it's
it's
optional
from
the
client's
perspective.
C
So
it's
up
to
them.
You
know
what
what
information
they
give
and
the
second
one
was
a
stable,
unique
identifier.
So
this
is
a
uuid
or
something
like
that,
and
that
was
useful
for
knowing
for
the
server
to
know
which
which
tokens
to
compare
with
on
the
server
side.
So
I
think
we're
going
to
talk
about
that
a
bit
later.
This
is
using
the
Satchel
HT
yeah
I
I
yeah
I
I.
C
Note
that
browsers
are
trying
to
deprecate
user
agent
and
I've
tried
to
be
mindful
of
that
in
in
the
zep,
with
the
wording
like
regarding
privacy
and
so
on.
It's
not
quite
the
same
because
you
are
obviously
only
sending
it
to
the
party
that
you're
authenticating
to
and
so
on,
but
but
yeah
I
think
there
are
definitely
things
that
we
could
discuss
there.
C
So
one
of
the
other
things
that
we
used
the
tasks
mechanism
for
was,
as
I
mentioned
before
xmpp
is
very
much
stuck
on
scram
Shell
One
servers
have
been
storing
hashed
versions
of
credentials
for
a
long
time,
and
so
we
can't
simply
upgrade
on
the
server
side,
and
so
one
way
to
sort
of
upgrade
to
say
shell
256
is
to
ask
the
user
to
reset
their
password.
But
this
is
awkward.
C
We
I
think
we
do
have
a
spec
for
that,
but
the
user
experience
isn't
great
because
they're,
probably
just
you
know,
think
why
can't
I
just
enter
the
same
password.
That
kind
of
thing.
So
we
wanted
to
see
if
we
could
do
something
a
bit
more
automatic
with
the
cooperation
of
the
client,
and
so
we
worked
on
this
defining
these
upgrade
tasks,
and
this
has
mostly
been
the
work
of
tilo
who's
who's
on
the
call
foreign.
C
C
That's
so
that
after
the
credentials
are
verified,
the
server
knows
that
the
client
supports
this
upgrade
mechanism,
because
otherwise
it
might
because
the
tasks
are
mandatory.
The
server
should
only
send
back
upgrade
mechanisms
that
the
client
is
known
to
support,
and
you
know
actually
is
able
to
complete
foreign,
so
I'll
skip
through
most
of
these,
but
you
can
review
the
slides
if
you
need
to
so.
This
is
declined
executing
the
upgrade
task,
providing
the
information.
C
C
The
other
thing
that
we've
had
in
xmpp
is
we
had
scram
plus
widely
ish
implemented,
but
we
haven't
really
had
much
success
with
it
on
the
network.
I
think
it's
used
in
Pockets
around
and
about
because
largely
because
we
sort
of
introduced
it
just
as
TLS
1.2
was
going
away
and
we
had
standardized
on
the
TLs.
Unique
I
forgot
the
right
way
around.
That
was
only
defined
for
TLS
1.2
and
not
for
TLS
1.3.
C
So
implementations
have
started
now
supporting
TLS
exporter,
which
is
supported
in
TLS
1.3.
However,
because
scram
doesn't
include,
for
example,
in
the
mechanism
mechanism
name
or
any
advertisement
about
what
Channel
binding
methods
the
server
supports.
If
the
client
picks
the
wrong
one,
then
the
authentication
just
fails
and
the
client
doesn't
really
know
why
it
failed
and
doesn't
really
know
what
other
avenues
it
can
take
like.
Should
it
try
again
with
a
different
Channel,
binding
mechanism
or
what
so?
C
This
is
a
real
problem
that
we've
encountered
interoperability,
issues
between
clients
and
servers,
and
so
we
had
to
create
this
method.
Where
the
server
can
advertise
to
the
client
which
channel
binding
methods
it
supports,
and
this
can
change
per
connection
depending
on,
for
example,
if
the
client
connects
with
TLS
1.2
or
1.3.
C
C
B
B
Yes,
great
so
I
guess
we
sort
of
started
talking
about
this
in
the
chat
already,
but
when
we
were
doing
the
TLs
exporter
Channel
binding
type.
My
understanding
was
that
the
party
that
speaks
first,
which
I
think
is
the
client
here-
would
look
at
the
TLs
Channel
and
say
if
it's
TLS,
1.2
I
will
use
the
TLs
unique
Channel,
binding
type
and.
D
B
C
I
suspect
that
the
client
that
I
was
dealing
with
which
I
forget,
which
one
it
was
because
TLX
export
it
can
technically
be
used
on
1.2
I,
believe
I
think
that's
what
they
were
doing,
but
I
yeah
I'm,
not
I'm,
not
sure
I,
don't
remember
the
details.
This
was
at
some
point
last
year,
so
I
can
try
and
dig
that
up
for
you.
If
you
like
and
figure
out
exactly
what
was
going
on.
E
B
E
C
B
E
C
F
I
was
just
going
to
where
to
reiterate
the
that,
as
I
said
in
chat,
the
the
xmpp
community
has
used
Channel
binding,
quite
heavily
more
heavily
I,
think
than
most
other
communities
of
this
kind
of
nature.
I've
never
seen
it
in
email,
for
instance,
but
it
means
that
we've
experienced
cases
where
TLS
exporter
is
great.
F
That
came
out
of
the
xmpp
community.
Indeed,
there
is
some
use
of
of
the
endpoint
as
well,
and
that
is
often
the
only
thing,
that's
possible
if
you
have
early
TLS
termination-
and
we
also
have
plenty
of
experience
in
cases
where
you
can't
use
any
channel
binding
at
all,
because
the
the
client
is,
for
example,
a
web
client
where
there
is
no
Channel
binding
data
available.
So
I
think
there
is
a
need
for
negotiation,
even
though
it's
not
the
the
ideal
situation
in
a
in
a
purist
sense.
C
A
A
F
F
We
can
do
both
if
we
want
the
the
feature
successful
too,
but
the
extensibility
in
particular,
but
the
that
that
would
give
you
that
would
give
you
the
the
mechanisms
that
would
give
you
tasks
and
I
think
it
would
also
potentially
give
you
some
of
the
some
of
the
additional
parts
that
Matthew
and
Tila
have
added
like
client
identifiers
and
things
like
that.
Right.
A
Yeah
I
can
see
slides
now.
One
thing
that
occurred
to
me
is
that
actually
some
of
their
pre-authentication
stuff
can
possibly
be
done
by
from
Key
derivation.
If
we
had
a
facility
for
saying
that
you
know
an
extended
social
profile,
you
know
if
there
is
a
social
mechanism
that
satisfies
it
and
it
has
key
derivation
function
at
the
end
of
authentication.
It
can
be
used
for
your
authentication,
for
example,
and
I.
Think
correct
will
talk
about
other
cases
that
he
had
in
mind.
D
D
D
So
this
is
mostly
an
idea,
just
a
thought
that
came
up
with
Cecil.
We
usually
don't
use
the
security
layer,
but
that's
because
we
consider
it
encryption
when
it's
used
in
a
profits
and
force
I
think
that's
a
very
potent
possibility,
because
Sasol
protocols
usually
run
over
TLS
and
TLS
basically
does.
D
D
Usually
what's
being
done,
then,
is
to
look
for
some
entropy
to
mix
that
with
the
different
Helmet
Key
exchange,
so
that
you
get
something.
That's
at
least
also
needs
the
secret
to
be
known,
as
well
as
the
cracked
diffie-high
Cecil
usually
has
entropy
or
sorry
a
secret,
that's
shared
by
by
the
two
endpoints
already,
and
it
used
it
to
derive
authentication.
D
But
if
you
could
also
derive
a
key,
you
might
mix
that
with
whatever
you're
doing
at
a
transport,
for
example
your
TLS,
and
to
benefit
from
that,
and
one
place
where
this
came
up
is
when
I
looked
into
opaque,
which
has
a
great
possibility
for
extracting
key
material,
but
to
use
that
for
encryption
is
a
bit
silly
if
you
run
it
over
TLs,
but
to
use
it
for
all
sorts
of
other
purposes.
I
think
in
general
is
a
useful
purpose.
So
I
added
this
to
a
spec
that
I
wrote
it's
a
different
example.
D
It's
not
TLS
next
slide,
please.
This
is
realm
crossover,
basically
a
client
on
the
left
and
a
remote
domain,
which
is
their
domain
where
they
have
an
account.
They
they
exchange
a
key,
and
they
do
that
beforehand.
If,
with
that,
an
end-to-end
encryption
tunnel
can
be
set
up
and
S6
over
plus
does
exactly
that.
It
passes
plain
to
social
authentication
inside
the
tunnel.
The
client
program
will
pass
it
to
wherever
the
server
is.
D
Next
slide
please.
So
this
can
be
done
with
just
about
any
protocol.
It's
basically
just
Sasol
used
in
a
in
an
awkward
way
in
a
different
way
that
can
be
done
with
all
Sesso
mechanisms
and
basically
all
Sasso
protocols.
It
just
sits
in
between
this
is
one
of
the
most
wild
examples
that
that
I
have
thought
of
and
that
I
think
might
be
really
cool
to
use,
and
that
is
when
you
go
to
a
cafe
or
something
you
want
to
use
the
Wi-Fi.
D
Why
not
use
Satchel
to
log
on
to
it
extract
the
key?
Have
that
key,
delivered
back
alongside
with
the
diameter
stuff
and
use
that
to
have
your
local
Wi-Fi
connection,
secured
and
then
parcel
the
traffic
to
your
home
network,
where
you
have
an
RP
address
in
your
room
home
in
your
home
network,
so
that
nobody
really
is
bothered
by
oh
gosh
I'm
I'm,
giving
away
bandwidth
because
it's
not
within
the
RP
range
or
anything
scary
you
might
be
doing-
is
not
all
the
responsibility
of
the
IP
address
owner.
D
This
is
just
an
idea.
Just
a
possible
application.
I
think
there
are
many
more,
including,
of
course,
the
plane,
encryptions
security
layer,
stuff,
that's
sometimes
used,
but
in
general
I
think
the
entropy
that
we
have
in
the
secrets
that
we
share
with
Sasol
can
be
a
very
useful
benefit
in
a
time
that
we
have
quantum
computers
and
needs
some
form
of
entropy
to
be
able
to
derive
all
sorts
of
things.
So
that's
why
I'm?
Basically,
it
could
be
very
useful
to
use
that
and
think
about
key
extraction
mechanisms
for
Cecil
methods.
F
I
put
this
in
the
in
the
chat
anyway,
but
when
you
say
defi
Hellman
I
assumes
we
really
mean
elliptic
curve
if
he
heldman,
probably
yeah.
Possibly
the
screen
algorithm,
definitely,
which
ironically,
is
slightly
more
secure
against
Quantum
Computing
as
I
as
I
recall,
probably
because
it's
bigger,
but
there
are
other
diffie-hellman
possibilities.
I
know
that
there
was
I
know,
that's
been
at
least
one
Quantum
proof
version
thrown
around
based
on
lattices
by
no
cryptographer.
F
D
D
I
still
believe
that
in
general,
since
we
have
the
entropy
available,
or
at
least
the
secret
available,
that's
shared
between
two
parties,
Crypt
of
cryptographically
beneficial,
to
be
able
to
extract
key
material
from
that,
especially
with
something
like
opaque.
That
is
so
very
good
at
doing
that,
but
that's
yeah.
A
Yeah
my
as
I
mentioned
quickly,
my
use
case
is
a
bit
different
is
for
the
authentication
you
can
extract.
If
you
have
key
derivation
in
both
scram
and
OPEC,
then
you
just
say
created
authentication
token
using
key
derivation
and
you
say
it's
in
direct
generic
way
and
then
the
authentication
mechanism
can
be
used
with
eight
of
them.
Basically,
that's
that's.
That's
the
benefit.
I
see
so
kind
of
glue
that
can
be
used
for
multiple
things.
A
I
will
quickly
do
update
on
on
scram
to
factor
authentication
I've
just
done
it
last
week,
Simon
so
initially
I
added
gltp
that
was
basically
stolen
from
Dave
krillin's
zap.
So
thank
you
for
that
and
then
Simon
Josephson
said
well
what
about
Fighter,
2
or
Fido
stuff,
for
you
know,
working
with
USB
devices,
NFC,
Bluetooth,
low
energy
and
stuff
like
that,
so
basically
I
think
he
mentioned
it
last
summer.
It
took
me
a
couple
of
months
to
actually
go
through
various
specs
to
figure
out
what
it
was
all
about.
A
Returning
authentication
token-
and
basically
there
is
an
attribute
for
this
and
then
this
authentication
token
can
be
used
directly
with
HT
subtle
mechanisms
without
any
protocol
machinery
for
requesting
them
explicitly
and
then
basically,
if
client,
so
server
will
return.
One
of
these,
if
clients
wants
to
do
quicker,
authentication
recognize
this
extension.
It
will
use
the
token
and
then
we'll
use
HT
making
this
one
after
that,
so
yeah
have
a
read.
Let
me
know
what
it's
understandable.
If
you
want
to
cut
and
paste
the
text
to
any
of
your
documents
feel
free.
A
A
Can
you
imagine
that
every
time
you
reconnect
you
get
a
prompt
to
for
SMS,
this
will
drive
you
as
crazy,
so
I
think
the
idea
here
is
once
you
authenticated
and
did
two-factor
authentication.
You
can
get
re-authentication
token,
and
then
you
will
do
quick,
reauthentication
mechanism
that,
firstly,
it
will
be,
it
will
bypass
the
fact
authentication
and
second,
it
will
be
just
one
round
trip,
so
it
will
be
quicker
to
do
and
probably
will
be
less
CPU
intensive
than
the
full
scram
or
or
pack
Exchange.
D
Yeah
first,
first
of
all,
lovely
developments,
I'm,
always
a
bit
afraid
of
re-authentication
we've
seen
as
delicious.
It's
very
difficult
to
do
it
well,
and
then
it
becomes
a
problem,
but
I
have
on
another
path.
I've
tried
to
embed
social
in
HTTP
as
you've
tried
before
and
I'm
now
trying
and
yes,
it
drove
me
mad
to
have
to
log
on
with
every
different
page
or
with
every
TLS
connection
draw
because
there,
of
course,
it
might
happen
anytime
that
you
need
to
set
up
a
new
connection
so
yeah.
A
Right
and
the
way
it
works
you
know,
server
can
decide
that
it
will
allow
the
authentication
for,
like
so
many
times
so
for
a
certain
period
of
time
and
then
at
some
point
it
can.
It
can
reject
and
then
it
will
force
the
client
to
re-authenticate.
You
know
using
the
original
mechanism
or
similar
mechanism,
so
yeah
it's
another
component
in
the
toolbox.
A
F
F
If
someone
obtains
that
token
there's
been
a
number
of
of
HTTP
based
session
token,
stealing
attacks
recently
Circle
CI
and
last
past
were
both
at
that
later,
I
believe,
and
so
obviously
you
you,
there
is
a
lot
of
risk
in
in
these.
These
tokens
I
think
it's
very
important
that
those
that
the
token
issuing
is
also
combined
with
the
token
listing
and
and
other
token
management
and
token
revocation
solutions
for
that
are
available
to
the
user.
F
Now
I
know
that
the
original
designs
around
around
HT
that
Florian
did
maybe
Florian
can
talk
about
them
more
around
ISR,
for
instance
in
the
xmpp
world,
also
included
the
ability
to
to
track
which
device
it's
already
used
by
the
by
the
user,
which
which
had
a
token
I
believe
that
was
all
part
of
it
and
I
think
that's
a
lot
of
the
driving
force.
Maybe
Matthew
and
T
Logan
will
correct
me,
but
I
think
there's
a
lot
of
the
driving
force
behind
having
device
identifiers
in
in
the
newscastle
too.
G
G
Okay,
okay
I
can
only
checks
this
pre-selected,
slides
Okay,
so
hello,
I'm
Florian,
thanks
for
having
me
and
I
think
I
have
to
continue
with
the
tradition
of
disappointing
Dave
by
saying
that
the
is
Eric
step
actually
has
no
mechanism
for
tracking
or
managing
tokens,
but
I
agree
that
something
like
that
would
be
nice
to
have.
Certainly
with
that
I'm
going
to
talk
about
the
mechanism.
G
G
So
initially,
HT
mechanism
was
part
of
this
ISR
specification
and
I
think
it
was
Dave
who
encouraged
me
to
out
Factor
the
sussel
parts
into
an
extra
ID
and
to
put
it
into
the
kitten
working
group
for
review
and
comments
and
of
course,
I'm
always
happy
about
feedback
says.
The
current
state
of
the
ID
is
a
working
draft
and
it's
there's
probably
many
things
that
can
be
improved.
G
So
what
is
Cecil
HT?
It's
a
very
simple
set
of
mechanisms
for
Bureau
tokens
and
the
basic
idea
is
just
to
be
a
little
bit
better
than
using
Sasol
plane.
So
you
you
obfuscate,
the
actual
token.
By
using
an
hmax
to
construct,
you
can
borrow
some
IDs
from
scram
to
get
Mutual
authentication
and
if
you
mix
in
Channel
binding,
that's
always
a
good
idea.
G
G
So
the
idea
was
to
to
don't
have
multiple
sassal
round
trips
because
we
want
fast
or
instant
authentication.
Basically,
so
the
current
situation
is
the
is
Eric's
app
and
by
set
I
also
mean
the
HT
mechanism
was
written
before
GLS
1.3
was
standard,
standardized
and
backsense.
There
was
a
lot
of
Buzz
about
TLS
1.3
early
data
and
when
I
looked
at
it,
it
appeared
as
a
good
fit
for
Cecil
hd's.
G
First
message
to
show
off
this
message
into
TLS
early
data,
but
I
think
it
was
Nadia
ever
pointed
out
that
TLS
requires
that
early
data
requires
the
usage
of
a
pre-shade
gear,
pre-shared
key,
so
the
ID
currently
talks
a
little
bit
about
early
data,
but
I
basically
think
that
it's
not
really
what
you
want
to
do.
If
you
want
really
fast
re-authentication,
you
could
also
think
about
using
TLS,
PS
key
and
maybe
sussel
external
I'm,
not
sure
if
it
would
work
I'm,
not
absolutely
sure
if
it
would
work
on
a
technical
perspective.
G
So
this
is
something
one
has
to
figure
out,
but
I've
looked
at
various
TLS
psk
implementations
and
their
apis
and
I
think
it
looks
promise
promising
and
doable.
But
if
those
ingredients
are
not
available,
not
every
TLS
library,
May
Provide
support
for
psk,
then
you
can
always
fall
back
to
performing
a
Cecil
HT,
which
should
always
work
because
it
doesn't
require
anything
from
from
the
TLs
library
and
from
the
TLs
layer.
If
you
don't
do
Channel
binding
so
well,
more
or
less.
Unfortunately,
my
instant
screen
resumption
zap
did
not
catch
on.
G
However,
we
see
current
there's
currently
much
traction
in
the
xmpp
community
for
an
alternative
sap.
That's
accept
fast
by
messian
tilo,
and
that
also
uses
Sasol
HT
and
whatever
gets
us
fast.
Reconnects
is
what
we
should
do,
because
that's
something
mobile
xmpp
users
certainly
suffer
from
so
the
set
I.
Thank
you
for
your
attention.
B
B
G
B
B
Yeah,
your
server-side
implementation
would
be
a
little
bit
complicated
to
you
know,
hook
the
pieces
together
where
you're
looking
to
your
database
of
issue
tokens
in
the
TLs
layer
as
the
pre-shared
keys,
but
I
think
that
most
implementations
would
at
least
give
you
the
Rope
to
build
that.
Even
if
it's
a
bit
clunky
to
to.
G
G
E
No,
you,
you
generate
a
random
token
store
that
on
the
server-
and
this
is
the
first
TLS
connection,
so
this
generates
the
psk
for
the
second
connection,
using
early
data
and
then
in
this
early
data
you
just
sent
over
the
random
token.
The
client
and
server
agreed
upon
in
the
first
connection
and
this
I'll
take
authenticates
the
client
to
the
server
in
the
second
connection.
B
A
Okay,
sorry
can
I
can
I
I'm
just
mindful
that
there
are
two
minutes
left
and
some
people
will
disappear
at
the
end
of
this.
That's
a
great
discussion.
I
wish.
We
have
more
time,
can
I
move
to
the
last
slide.
I
just
want
to
kind
of
figure
out
what
the
next
steps
are,
whether
we
want
another,
you
know
meeting
you
know,
etc,
etc.
A
C
I
can
say
that
the
two-factor
Earth
in
scram,
well
clever,
probably
doesn't
satisfy
my
requirements,
as
is
I,
don't
know
I
I,
it
does
tie
us
to.
Obviously
it
doesn't
tie
us
specifically
describing
the
same
thing
can
be
done
and
repeated
in
other
mechanisms,
but
it
does,
for
example,
roll
out
using
plane
and
then
using
two
factors
which
you
know
some
deployments
in
xmpp
definitely
do
have
playing
and
like
I,
can't
see
that
changing
anytime.
A
Soon,
I
I
think
I
propose,
will
kind
of
pursue
both
for
people
who
couldn't
wait
for
social
to.
There
is
an
example
how
to
do
this
with
scram
and
it
works
for
OPEC
as
well,
because
of
the
same
syntactic
structure,
but
I'm.
Definitely
up
to
working
on
the
you
know,
two-factor
within
the
social
2
framework.
A
B
Yeah
I
think
I'm
in
a
similar
boat,
where
you
know
the
scrim
dedicated
to
factor
Roth
is
potentially
useful
for
some
cases,
but
I
would
prefer
to
have
the
two-factor
support,
be
sort
of
more
generic
dropped,
and
so
the
bits
about
doing
a
slimmed
down
sassle
to
you
that
would
include
two-factor
stuff
seems
a
little
bit
more
appealing
to
me.
Okay,.
A
Yes,
Dave,
we
can
always
layer
another
thing
on
top
of
another
layer.
Another
thing
all
right,
thank
you
all.
Nadia
I'm.
Sorry,
we
kind
of
ran
out
of
time
for
OPEC.
Would
people
be
interested
in
another
in
three
meeting
in
a
couple
of
months
or
should
I
start?
Shall
we
start
with
adoption,
calls
first
for
other
authentication
mechanisms,
for
example,
foreign.