►
From YouTube: LAKE WG Interim Meeting, 2021-01-28
Description
LAKE WG Interim Meeting, 2021-01-28
A
Good
welcome
to
the
lake
working
group
virtual
meeting,
I'm
stephen
farrell,
my
co-chair
is
militia,
say
hi
militia
hello.
Everyone.
A
A
Right
so
on
that
you
see
sure
names,
charter,
mailing
list,
jabber
room,
coordinates,
meeting
link
for
this
meeting
and
the
etherpad
we
have
notetakers,
garan
and
tim,
I
think,
have
agreed
to
take
notes
in
the
etherpad
thanks
for
that
we
can
keep
an
eye
on
the
jabber
room
or
ourselves
as
chairs.
I
guess-
and
we
have
the
no
well
so
this
is
the
pointers
to
various
bits
of
the
ietf
policy.
A
A
She
wasn't
expecting
to
be
here,
but
now
has
made
it
then
chairs,
but
ready
militia
and
karthik
will
talk
about
the
formal
analysis
and
uranus
john.
I
guess
will
run
us
through
our
open
issues
and
then
we'll
at
the
end,
just
kind
of
as
a
part
of
the
wrap-up
think
about
what
we
want
to
get
done
for
itf-110,
etc,
and
then
I
need
a
business.
A
A
Looks
fine,
okay,
good,
so
one
other
issue,
I
guess
we
should
have
put
in
the
slides.
We
didn't
if
you
in
the
webex
chat.
If
you
want
to
join
the
queue
to
grab
the
microphone,
we'll
use
the
usual
convention
or
what's
becoming
the
usual
convention.
Now
is,
if
you
type
plus
q,
if
you
want
to
join
the
mic
line
and
minuscu
to
leave,
if
whatever
you
wanted
to
ask,
has
actually
been
handled
already.
A
So
again,
please
use
the
jabber
room
for
general
chat,
mostly
use
the
webex
chat
for
joining
or
leaving
the
mic
line,
and
I
think
with
that,
we'll
move
on
to
the
second
set
of
presentations.
So
give
me
one.
A
A
A
C
Thanks
this
is
the
report
from
the
second
interoperability
testing
of
edoc
next
slide.
Please.
So
we
had
our
second
session,
the
22nd
of
january
of
this
month.
This
time
we
had
three
implementations
that
were
tested
against
each
other.
Last
time
we
had
two
and
thirteen
attendees,
which
is
much
more
than
last
time,
and
I
also
collected
some
detailed
notes
and
detailed
reporting
in
at
this
at
this
link.
C
Next
slide,
please,
the
more
in
details.
We
started
by
testing
the
do
testing
based
on
the
test
vectors
on
appendix
b1,
which
is
the
one
with
signature,
authentication
x509
certificate,
so
the
method
is
zero
and
the
selected
cipher
suite
that
was
used
by
the
implementers
is
also
zero,
with
the
algorithm
mentioned
here
and
differently
from
last
time.
C
So
that
was
really
really
great
and
next
slide.
Please,
and
we
also
started
the
last
10
minutes
or
50
minutes
to
test
on
a
test
vector
for
appendix
b2,
which
is
the
one
based
on
error.
Code
indicated
with
static,
difficult
monkeys
and
the
method
is
method
number
three
and
the
same
selected,
cipher
suites.
C
But
so
we
started
the
testing.
But
there
was
some
yeah
verification
failure,
and
so
we
stopped
there
and
we
didn't
even
manage
to
test
all
possible
all
possible
directions.
C
Blight
so
yes,
I
also
wanted
to
mention.
We
had
some
implementers
that
had
implemented
older
cypher
suites,
so
michelle
veget
has
provided
additional
traces
for
method,
0
cypher
suite
5.
So
if
anybody
has
that
has
implemented
that
cypher
suite
and
that
method,
they
can
also
compare,
and
it
will
be
interesting
to
hear-
and
also
we
got
again
good
feedback
from
the
implementers
that
should
be
incorporated
into
draft,
and
we
have
also
had
more
communication
with
other
implementers
that
are
interested
in
participating.
C
So
we
will
probably
continue
with
this
interoperability
planning,
testing
and
yeah
continue
appendix
2
and
then
other
methods
and
cypher
suites.
I
think
that
was
my
last.
D
Slide,
maybe
you
should
mention
there
were
yeah.
There
were
actually
two
more
teams
represented
at
the
at
the
meeting
and
there
is
another
another
implementation
ongoing
as
well
so
and
other.
Yet
others
are
welcome
so
that
we
know.
C
I
mentioned
that
there
were
13
attendees,
and
some
of
these
attendees
were
also
also
had
other
implementations,
but
we
didn't
test
them
in
this.
A
That's
right,
actually
that
was
going
to
be.
My
question
was
the
discrepancy
between
3
and
13
was
a
was
a
puzzle.
So
it's
good
to
hear
and
thanks
everybody
for
doing
that.
I
I
do
have
francesca.
Can
you
talk
a
little
bit
about
just
the
the
setup
that,
where
people
in
different
time
zones,
how
did
you
get
it
to
work?
How
did
it
work
just
mostly
thinking
about
how
we,
you
know
how
we
can
improve
things
for
future
yeah.
C
A
And
were
people,
was
it
synchronous,
mixture
of
synchronous
and
asynchronous
in
terms
of
people
being
online
at
once
or.
C
Actually,
actually,
there
was
michael
was
also
in
the
in
the
thread,
but
he
didn't
manage
to
join.
So
I
was
saying,
like
everybody
is
in
the
same
time
zone
well,
except
one
who
didn't
manage
to
join,
but
otherwise,
yes,
we
were
all
online
at
the
same
time
and
we
were
all
testing.
C
So
we
were
let's
say
I
was
observing.
We
were
observers
while
the
implementers
were
testing
against
each
other,
and
we
were
also
gathering
the
feedback
as
authors,
but
yeah
it's
much
simpler
to
do
this
online,
so
all
at
the
same
time,.
D
All
right,
sorry,
so
yeah
I
mean
I
don't
know
if
that
was
what
you
were
asking
for,
but
basically
they
were.
They
were
pinging
between
pinging
and
then
running
co-op.
So
that
was
basically
how
the
and
that
advocate
on
top.
That
was
basically
how
it
was
set
up
and
and
and
poor
michelle.
He
was
in
canada
and
he
actually
didn't
go
got
the
round
to
test,
because
no
one
had
implemented
cypher
suite
five,
but
all
the
others
were
in
europe.
So
it
was
germany,
belgium
and
sweden.
I
think
was
testing.
A
So
I
guess
in
jabber
michael,
is
asking
or
he's
commenting
that
the
time
zone
was
okay,
but
he
did
his
code
wasn't
ready,
but
he's
he's
asking
to
maybe
try
and
plan
this.
I
guess
two
meetings
ahead
for
timing
purposes,
so
he
can
know
when
to
prioritize
coding.
C
A
Okay,
any
other
questions,
comments,
requests.
A
Great
stuff
and
thanks
everybody
for
the
words
good
stuff
so
we'll
move
on,
I
guess
malaysia
and
and
you've
got
slides.
I
think.
E
This
is
more
to
inform
the
working
group,
so
I
mean
I
will
leave
this
both
as
the
chair
and
the
the
participants
of
the
meeting
we
we
had
with
kathy
and
then
can
fill
me
in
if
he's
still
online,
essentially
as
shares
of
the
working
group,
we
want
to
ensure
that
the
that
the
specifications
that
we
produce
are
high
quality
and
since
we
are
in
the
security
area
we
do
want,
we
do
want
to
involve
the
academic
community
and
to
perform
formal
verification
and
analysis
of
the
protocol
that
we
are
standardizing.
E
To
that
end,
we
had
we
had
a
presentation
during
the
summer
itf
on
thermal
formal
verification
of
ad
hoc
of
an
earlier
version
of
ad
hoc,
using
the
summary
tool
in
the
symbolic
model,
which
means
essentially
that
the
crypto
or
crypto
is
abstracted
and
seen
as
a
black
box
and
then
the
the
the
protocol.
E
Several
issues
found
there
and
I
think
we
resolved
most
of
those
one
of
the
out
of
direct
outputs
of
this
analysis
is
that
we
added
message
for
optional
message
for
authors.
E
Please
please
correct
me
if
I'm
wrong
in
order
to
confirm
for
portico's
explicit
key
confirmation
in
the
absence
of
implicit
confirmation
through
application
tax,
continuing
the
discussion,
I
was
thinking
what
would
be
the
best
next
steps,
and
we
discussed
this
with
castiga,
who
is
leading
the
prosecco
team
within
india,
in
france,
who
specializes
in
formal
verification
of
protocols
and
implementation,
and
we
have
captic
and
his
team-
have
ongoing
plans
on
performing
an
analysis
of
ad
hoc
using
the
computational
model
and
the
crypto
very
tool,
which
would
essentially
give
us
probability
bounds
for
different
kinds
of
attacks
and
as
a
function
of
the
different
crypto
modules
that
are
used,
crypts,
algorithms,
that
are
used
and
their
probabilities
and
their
corresponding
probabilities.
E
So
this
is
something
that
kartik
and
his
team
plan
on
working
on
kartik.
Please
fill
me
in
if
I'm
taking
something
or
if
I
haven't
been
complete,
but
then
also
apart
from
the
protocol
itself,
we
do
want
to
ensure
that
the
implementation
that
we
produce
and
that
we
test
as
part
of
or
as
part
of
the
interrupt
testing
event
are
also
secure
and
what
that
means
is
in
to
this
end.
E
What
we
in
india
did
is
that
we
are
trying
to
formally
verify
the
c
implementation
using
the
f-star
language,
which
is
an
output
of
the
prosecuting
machinery
again
in
order
to
study
different
security
properties
of
the
implementation,
such
as
memory
safety,
functional
correctness,
etc.
E
So
to
this
end,
in
the
next
couple
of
months,
we
will
be
working
with
kartik's
team
on
modularizing
our
code,
the
implementation
of
ad
hoc
within
the
open
wsn
project,
in
order
to
make
it
ready
for
the
crypto
verification
using
f-star
and
at
the
end
of
this
process
we
hope
to
have
a
formally
verified
implementation.
E
F
A
A
Open
wsn
project,
and
just
from
my
understanding,
is
that
that's
not
that's
nothing
to
do
with
india
as
an
implementer
you're,
only
being
a
tester
in
that
role.
So
this
is
indriya's
implementation
that
timothy
is
leading
okay.
So
it's
a
it's
an
in-house
implementation
and
test
great
okay,
thanks
yeah.
Somebody
else
wanted
to
talk
again.
If
you
want
to
use
the
mic
line
to
feel
free,
if
we
don't
need
it,
if
there's
only
one
or
two
people.
G
I'll
just
do
a
small
clarification
on
on
the
goals
of
this
point,
two
here
at
least
from
my
viewpoints,
and
maybe
people
can
respond
to
that
as
well.
I
think
what
would
be
nice-
and
I
think
that
we
all
agree
in
the
working
group
more
or
less,
but
it's
worth
stating
this
out
clearly
is
at
the
end
of
the
process.
G
G
G
So
that's
the
basic
idea
between
these
two
different
projects
that
malisha
just
described
and
I'm
sure
there
are
if
we
could
get
interest
from
other
groups,
there
would
be
more
things
to
do
as
well.
But
these
are,
I
think,
within
these
three,
you
would
have
a
pretty
nice
coverage
of
all
the
specs.
Anyway,
that's
my
two
cents
and
please
ask
questions
and
comments.
F
Cortex,
could
you
please
repeat
which,
which
verifications
you
are
doing?
The
tamarind
was
one,
it's
just
for
note.
Keeping.
F
D
Tamarind
modeling
was
done
by
a
team
from
university
of
copenhagen,
kth
and
ericsson,
and
that
that
there
was
there
is
a
pre-print
available,
an
archive
and
they
have
I
talked
to
the
author
and
they
have
essentially
rewritten
the
paper
with
an
extended
analysis
and
that's
been
sent
to
a
conference.
It's
been
submitted
and
they
wait
for
a
response
for
that,
probably
in
march
sometime,
so
that's
the
status
of
and
that
they
actually
managed
to
cover
some
of
the
cases
which
they
didn't
cover
in
the
pre-print.
So
it's
it's
fairly
comprehensible.
D
G
No
that
I
didn't
have
much
else
to
add
to
that
the
so
the
tamarind
analysis.
Yes,
as
one
says,
it
has
already
been
done
or
is
in
the
process
of
publication,
but
it's
done
by
a
different
group.
We
are
proposing
to
do
a
computational
cryptographic
proof
using
crypto
verif,
which
is
a
tool
which
I
can
send
a
link
around
to
later.
Fdp
on
ether
pad
and
the
verified
implementation
will
be
done
using
f
star,
which
is
a
third
tool
which
focuses
on
verifying
code
or
interoperable
reference
code
in
c.
G
H
G
That's
great
so
there's
one
question
that
still
comes
up
when
we
are
doing
this
kind
of
analysis,
which
is
in
terms
of
what
is
I
mean?
Is
there
a
documented
target
security
level
for
ad
hoc?
Like
I
mean
if,
for
example,
we
if
you
wanted
to
say
that
okay
cipher
suit
0
should
provide
128
bit,
security
2
should
provide
80
bit
security
and
so
on.
G
Then
there
is
something
to
also
check
during
a
computational
analysis,
which
is
because
that
you
can
actually
check
the
concrete
security
bonds
and
make
sure
that
each
of
these
cypher
suits
meets
its
desired
security
level
and
currently
looks
like
I
don't
know
what
exactly
the
current
understanding
for.
I
guess
this
also
is
inherited
a
bit
from
oscore
because
we
use
short
tags
and
so
on.
So
there
must
be
some
target
security
level
that
we
are
aiming
for.
H
A
So
on
that
karthik,
I
I
think
it's
a
good
idea
to
create
a
thread
on
the
list.
With
that
discussion,
it
would
seem
to
me
that
there's
nothing
special,
particularly
about
lake.
In
that
that's,
you
know
if
we
do
reach
consensus
in
the
working
group
on
let's
say
128
for
confidentiality
and
64
for
integrity,
it's
probably
worthwhile
bringing
that
up
on
the
security
area
list
in
the
itf,
because
presumably
the
same
thing
will
apply
in
other
working
groups
that
are
concerned
about
constrained
devices.
G
A
Okay,
any
religion.
A
Great
stuff:
okay,
do
you
want
me
to
present
slides
for
the
next
one,
or
do
you
want
to
take
over.
A
Happy
to
do
that
yeah,
so
if
it
helps
I
can
at
any
point
I
can
kind
of
pop
up
the
issue
tracker.
If
you
want
me
to
do
that,
just
say:
okay,.
H
H
Yep,
so
this
is
presenting
the
changes
and
close
and
open
issues
in
version
zero.
Four,
we
submitted
version
zero
four
yesterday
and
take
next
slide.
H
So
main
changes
is
that
we
are
based
on
developer
feedback.
We
are
more
or
less
going
back
to
the
solution
in
zero
two,
but
completely
changing
this.
The
description
of
it.
We
it
raised
concerns
that
we
were
associated
with
the
source
cipher.
Now
we
described
it
it
as
we
using
hkdf
expand
as
an
ad
binary
additive
stream
cipher.
H
According
to
our
understanding,
this
provides
better
confidentiality
than
asctr,
which
actually
is,
is
a
permutation
that
don't
really
do
well,
but
I
have
more
details
slide
on
this
later,
so
we
have
specified
message
four
as
option
to
support
as
discussed
so
far.
We
have
not
specified
any
signaling
instead
making
key
confirmation
mandatory,
then
the
cypher
suitable
has
been
discussed
for
long
term.
Now
we
have
implemented
the
suggestion
from
stephen
from
last
meeting
that
one
and
two
should
be
implemented
by
more
non-constrained
and
more
constrained
devices
should
implement
one
of
them.
H
H
H
Yeah
then
move
next
slide.
I
think
so.
Here's
closed
issues,
so
we
don't
specify
airdoc
as
a
cam.
It
didn't
work
out
really.
H
Then
we
have
sold.
Hopefully
the
services
issues
psk
this
the
name
is
psk
each,
but
the
issue
is
really
lightweight
forward
secrecy
that
has
now
been
implemented
in
the
ad
hoc
re-key
fs
function.
I
think
this
will
need
more
work
later
and
interaction
with
core
no
resumption
shaken
kmac
is
done.
Cyphysis
with
high
security
is
done
and
we
have
added
a
reference
to
the
co-cc
board
certificate
work.
We
have
got
done
several
requests
to
provide
test
vectors
for
seaboard
certificates
and
also
for
their
encoded
certificates,
which
will
come
later.
D
Sorry
can
I
just
interrupt
for
a
second
renee,
please,
on
the
previous
slide.
I
saw
that
apparently,
so
what
is
instead
of
fishing
512
versus.
H
D
Really
discussion
in
december
that
512
would
not
really
be
supported
right
by
most
advisors,
so
how?
How
are
we
going
to
get
to
interoperability?
If
what
are
we
doing
now?
What's
the,
what
is
the
normative
text
I
couldn't
find
it.
H
The
new
normative
it's
in
zero.
Four,
I
don't
know
it
says
that
you
should
once
episode
is
as
before,
eddisa
it's
it's
basically.
Half
of
the
comments
were
gotten
is
that
ed
dsa
is
the
way
to
go
people
like
that
they
can
use
threshold
and
they
have
no
problem
implementing
it.
The
other
half
is
saying
we
can
only
support
chart
256
with
ecdsa,
so
there
is
no
changes
to
the
cypher
suits.
The
normative
text
is
that
you
should
support
both,
but
if
you
cannot,
you
can
choose
one.
H
Your
text.
D
Yeah
rene,
please
please,
okay,
so
that
too
or
stephen,
if
you
could
flip
back
two
slides
or
three
there.
Thank
you
so
bullet
three,
that's
the
normative
text
and
the
reason
for
should,
instead
of
shall
was
that
there
was
an
input
from
michael
richardson
last
meeting
that
if
we
really
want
to
nail
down
all
the
the
mandatory
to
implement
not
only
related
to
cipher,
suites
and
and
then
we
should
make
it
in
a
separate
draft,
and
this
draft
should
only
contain
the
recommendation
yeah.
D
So
I
said
list
I,
as
you
probably
recall,
I
had
a
presentation
at
the
december
18
interim
right
and
at
the
time
and
as
I
looked
up
in
the
minutes,
it
was
also
suggested
to
to
support
that
which
I
have
not
seen
before
before
the
raffle
yet.
But
I
sent
an
email
to
the
list
about
the
best
current
practice
about
mandatory
to
implement
algorithms,
and
I
think
that
would
be
good
guidance
for
getting
to
conclusion
on
that
right.
E
Yes,
I
remember
the
email
this
was
just
before
the
holidays.
If
I
recall
correctly
so
essentially,
you
are.
You
are
not
happy
with
the
current
phrasing
I
mean
of
having
two
algorithms
proposed
and
which
should
implement
both
of
them.
If
the
device
is
less
constrained,
am
I
hearing.
D
I
think
if,
if
you're
you're
going
standard
strike
right
so
and
then
I
think
it
should
foster
interoperability
of
devices
and
also
use
implementations
that
patients
that
foster
interoperability
in
a
low
cost
way
right.
D
So
what
is
your
proposal?
Rene
proposal
is
to
support
sha
256,
which
is
supported
by
most
hardware,
as
at
least
as
I
know,
as
far
as
I
know,
and
not
go
for
a
scythe
suit,
zero
and
two,
because
there's
essentially
a
zero
and
four
f,
five
twelve,
which
is
not
supported
by
lots
of
devices.
I
just
checked
it
on
a
new
github
web
page
as
well
right
so
but
john
mentioned
that
we
have
a
problem
with
the
the
community.
D
Some
of
split
time
in
two
parts
where
one
part
is,
is
targeting
eddsa
only
and
the
other
part
is
targeting
ecdsa
only,
and
how
do
we
solve
that
yeah?
So
I
I
might
have
is
that
I
have
not
seen
any
discussion
since
december
18
on
this
particular
topic
and
now
suddenly
it's
it's
marked
as
closed
where
it
bears.
D
Just
marked
by
michael
richardson,
but
that's
not
necessarily
a
working
consensus.
A
D
A
Yeah,
I
think
this
is
probably
also
one
to
bring
to
the
list.
I
mean
probably
an
incredible
mind,
but
I
think
in
this
case
there's
yeah.
There
may
be
people
who
are
on
the
mailing
list
who
are
not
active
in
github
who
have
an
opinion
here.
So
let's
do
this
one
on
the.
E
Okay,
so
let's
then
move
on.
We
have
20
minutes
23
minutes
left
in
the
meeting,
so
I
propose
we
move
on
with
the
with
the
issues.
E
H
So
here
is
encryption
of
message:
two
based
on
developer
feedback.
So
basically
we
have
the
current
zero
four
is
more
or
less
reverting
back
to
zero.
Two
technically
it's
the
same
solution,
but
the
label
is
different.
It's
key
stream
instead
of
k
and
the
description
of
how
it
works
is
quite
different,
but
technically
it's
the
same
same
the
candidate.
H
The
other
two
solution
has
been
not
been
favored
by
implementations.
It's
they
see
it
as
complicated,
so
and
01
was
not
dropped
because
it's
insecure
it
was
dropped
because
at
least
the
description
of
it
raised
comments.
I
think
the
developers
are
happy
with
this
current
solution.
As
far
as
we
have
seen,
and
that
is
to
use
hkdf
expand
as
a
binary
address
stream
cipher
that
fulfills
all
the
requirements
that
I
can
see.
H
H
This
message
is
very
simple:
it
basically
only
contains
a
mac
and
then
a
correlation
identifier,
it's
optional
to
to
implement
an
optional
to
use
it's
basically,
the
current
id
in
ad
hoc
is
that
you
rely
on
application
protocol
to
get
key
confirmation
to
the
responder
and
correct
me
if
I'm
wrong,
but
I
think
that's
the
idea
in
tls
1.3
also.
H
It
was
pointed
out
that
carl,
that
not
all
all
app
users
might
use
an
application
protocol
at
all,
and
now
we
have
added
a
error
message
for
that
basically
replaces
sending
an
application
that
your
protocol
like
or
score,
and
you
can
use
that
if
you
use
authentication
only
or
maybe
if
you
use
only
one-way
application
protocol,
it
was
discussed
earlier
that
this
should
be
some
signaling.
That
could
then
be
in
message
one
or
message
three.
H
H
Just
a
comment:
yeah
next
slide,
then
issue
is
sure
there.
All
the
other
messages
have
accelerated.
Data
should
be
accelerated.
Data
in
message.
Four
and
yeah
open
question
adds
complexity,
but
only
for
message.
Four,
which
is
optional,
makes
it
look
like
the
other
messages,
but
so
far
nobody
has
expressed
that
they
need
this
either.
H
B
H
H
H
Then
we
have
clarified
that
the
intention
that
all
error
messages
are
fatal.
They
close
down
the
the
the
protocol,
but
also
that
they
are
not
authenticated.
So
if
you
send
them,
you
know
this
is
fatal.
If
you
receive
them,
you
you,
it
might
be
an
attacker
something.
You
should
consider
that
then.
The
other
thing
is
that
the
basically
there,
when
suit
r
suits,
are
included.
It's
meant
for
the
ad
hoc
application.
H
When
you
use
this
text
string
and
if
suits,
are
not
included,
then
it's
a
diagnostic
mestic
meant
for
human
readable.
It
should
be
logged
mainly
used
for
some
engineer.
Debugging
we
have
a
now.
We
have
a
mandatory
that
this
needs
to
be
a
basically
a
debugging
error
in
english
has
further
been.
H
I
think
this
this
fulfills
all
the
requirements
that
the
developer
opening
this
issue
had
also
been
further
discussion,
whether
the
diagnosis
messages
would
need
to
be
standardized,
could
have
standardized
text
strings
or
you
could
have
standardized
codes,
but
there
has
not
been
a
clear
requirement
on
that.
Yet
that's
still
up
for
discussion.
I
think
the
the
text
would
still
need
some
more
guidance
on
when
to
send
the
error
message,
but
basically
the
idea
is
if
anything
goes
wrong.
It's
fatal
and
you
send
an
error
message.
I
I
The
question
is:
is
there
going
to
be
a
human
who
looks
at
these
diagnostics
and
and
does
different
things
based
on
different
values
of
these
messages,
and
is
not
a
software
engineer
that
that
is
actually
debugging
the
thing
right
now,
but
does
does
that
ever
come
up
in
operational
context,
and
if
you
have
an
operational
context
where
it's
important
to
actually
distinguish
different
kinds
of
diagnostics
like
the
the
key
is
expired
or
whatever
kinds
of
specific
diagnostics
that
that
an
operational
person
might
want
to
act
on.
I
Oh,
I
I
have
to
renew
some
certificate
or
whatever.
Then
it's
actually
that
then
it
actually
may
be
useful
to
to
standardize,
not
necessarily
diagnostic
messages,
but
at
least
categories
of
diagnostic
messengers,
so
that
the
user
interface
can
give
you
a
chinese
message.
I
H
H
Help
could
be
a
good
guidance
for
what
kind
of
messages
could
be
concerned.
D
H
H
I
think
this
needs
some
more
consideration.
I
think
the
initial
idea
of
ad
hoc
was
that
you
would
not
use
that
that
this
would
be
sold
by
the
lower
layers,
but
and
I'm
not
sure
if
there's
something
missing
or
if
the
implementation
thoughts
in
addock
is
not
aligning
with
how
people
would
like
to
implement
this.
I
think
this
needs
to
be
analyzed
and
considered
further,
and
maybe
there
will
need
some
addition
to
the
messages
or
guidance
how
to
distinguish
them.
A
So,
just
as
a
time
check
we're
10
minutes
from
the
end,
I
guess
we
have
about
six
slides
left.
I
I
think
probably
perhaps
the
best
thing
to
do
is
if
people
are
okay
running
over
five
or
ten
minutes.
Try
and
get
to
the
end
is
that
okay.
H
Next
so
length
values
when
using
an
exporter.
This
was
open
one
two
weeks
ago
by
marco.
So
yes,
right
now,
when
using
ad
hoc,
the
lengths
of
the
key
and
the
salt
you
export
are
fixed.
The
length
of
the
key
is
the
key
length
of
the
aad
used,
but
all
score
is
deriving
keys
from
this
master
key,
so
this
could
potentially
be
longer
and
then
the
master
salt
is
set
to
eight
bytes.
This
could
potentially
be
shorter
if
you
have
a
longer
key
or
longer.
H
If
you
more
want
more
randomness,
it
was
compromising
a
trade-off
and
marquis
is
suggesting
that
these
number
are
made
defaults
instead
of
being
required
and
that
an
application
two
parties
can
agree
on
other
things,
and
this
would
this
would
this
would
definitely
work
would
maybe
somewhat
lower.
Interoperability
would
add
flexibility.
J
Yeah
just
to
clarify,
I
think
they
are
good
default
values
by
the
way,
but
there
are
chances
they
can
get
them
through
other
protocols,
for
instance,
a
possible
edo
oriented
profile
base
with
an
authorization
server
mediating
and
knowing
the
preferred
values
for
the
for
the
responder,
essentially
at
its
registration
time
and
then
synchronizing
the
initiator
later
on
during
the
ace
workflow
as
an
example.
But
there
can
be
many.
J
H
Okay
next
slide,
please
please
discuss
all
these
things
on
on
the
list
or
on
github.
There
are
issues
for
everything
there,
then
passing
information
to
application
is
an
issues.
The
the
current
document
says
that
if
there
is
error,
you
should
not
pass
everything
to
the
application,
but,
of
course,
in
the
case
of
an.
H
Error
in
the
case
of
an
error,
you
probably
want
to
send
basically
the
whole
message
stream
as
a
debug
message
for
locking
diagnostic.
H
H
Not
really
as
a
ordinary
error
message
as
it
should
be
locked
which
not
forbid
you
know
to
to
load
this
information
for
the
banking
yeah.
Next,
some
more
ways
here
there
was
has
been
several
requests
to
add
real
certificates,
for
example,
both
cbo
certificates
and
experience,
509
they're
encoded.
H
H
C
But
yeah
these
were
the
additions
that
were
done
to,
or
that
came
from
feedbacks
from
the
interrupt,
both
the
first
and
the
second
one,
and
we
have
started
doing
some
of
this.
For
example,
we
obsoleted
the
test
vectors
and
we
started
the
adding
the
th4
output
and
export
and
export
exporter
outputs
to
the
test
vectors.
But
to
to
do
the
rest
of
this,
we
we
have
to
like
regenerate
new
test
vectors
and
change
the
values.
C
C
Yeah
and
then
other
additions
will
be
adding
c
board
certificates
and
possibly
later
asn
one
or
their
certificate
encoded
certificates
and
then
more
cypher
suites.
H
Recent
issue:
yeah,
there's
a
question
recently
open
issue:
question:
why
why
we
restrict
the
number
of
parameters
in
the
cosy
key
discussed
it
shortly?
This
is
not
strictly
necessary,
I
think,
but
on
the
other
hand,
if
we
allow
all
parameters
we
need,
they
need
to.
H
H
And
yeah
these
have
not
been
discussed.
This
was
recently
very
recently
open.
So
I
don't
have
so
much
comments,
except
that
there
are
newly
opened
issues
next
slide.
Unless
anybody
have
comments.
D
Okay,
so
summary,
just
adding
one
word
here
is
that
the
I
mean
we
are
going
back
now
somehow
to
to
things
that
are
looks
very
much
like
version
zero,
two
of
the
draft,
so
it
should
be,
and
the
changes
we
make
are
only
changes
that
will
will
impact
test
vectors.
But
it's
so
we
haven't
really
changed
the
the
actual
protocol
in
the
in
the
large
in
the
long
time
now,
which
I
think
is
good
but
yeah
more
more
issues
pop
up
and
we
try
to
try
to
resolve
them.
D
But
the
main
discussion
has
been
on
on
github,
so
if
people
have
only
followed
the
the
email
is,
then
that
that
wouldn't
have
given
the
fair
view
of
what
has
actually
been
happening.
So
I
encourage
people
to
look
at
issues,
but
we
can
also
bring
things
to
the
mailing
list,
as
as
people
like.
A
A
Great
thanks
and
yes,
I
mean,
I
think
you
know
I've
encouraged
people
to
discuss
things
on
github.
I
mean
obviously
clearly
think
that
you
know
finally
evaluating
working
with
consensus
is
something
that
will
happen
based
on
drafts
on
the
list,
but
and
for
example,
with
the
cypher
suite
shoulds
and
muslims
are
we
we
might
wanna
we'll
try
and
get
that
pinned
down
on
the
list
soon.
Okay,
any
other
issues
on
these
ad
hoc
status
and
issues
are
with
fat.
Four.
A
So,
michael
is
saying:
we
need
the
github
to
mail
in
the
summary
configured.
It
is
I
I
guess
it
is
configured.
I
believe
I
see
those
mails
on
sunday
mornings
can
somebody
else
confirm
that.
K
A
Yeah,
so
I
I
did
the
github
issue.
Mail
goes
to
this.
I
believe
everybody's
seeing
it,
but
if
not,
that
would
be
good
to
know
know
if
it's
enough
to
be
particularly
useful.
E
D
A
A
There
is
a
weekly
mail
generator
that
I
think
I'm
displaying
one
on
the
screen
there
from
last
sunday
as
malaysia
says,
if
there's
no
change
on
github,
there's
no
mail
and-
and
I
personally
don't
find
that
mail
particularly
informative.
A
A
Maybe
we
might
get
to
that
later,
but
just
with
the,
I
think,
with
the
you
know,
issuing
drafts
that
the
interoperability
is
on.
I
think
we're
doing.
Okay,
for
now,
with
the
exception
of
that
issue,
renee
raised,
which
we
will
bring
to
the
list,
is
that
okay
for
everyone.
A
Yep
great
okay
and
we're
trying
to
finish
in
a
couple
of
minutes.
The
other
thing
we
had
on
the
agenda
was
itf-110
again.
I
think
this
might
be
almost
a
no-up.
I
had
two
questions.
One
is
whether
the
people
implementing
are
okay
to
kind
of
coordinate
with
these
all
the
changes
that
they
expect
between
now
and
the
next
time
they
do
it
a
hackathon
event
or
something
around
itf-110
or
if
they
need
the
working
group
to
have
kind
of
a
draft
five
produced
that
they'll
implement
too.
A
J
A
D
So
I
think
just
adding
from
from
the
interrupt
people
had
implemented
version
two,
and
I
mean
the
natural
step
now-
is
actually
to
move
to
version
four,
because
because
this
yeah,
as
we've
talked
about
it's,
it's
basically
aligning
with
version
four.
So
that
would
be
the
next
step.
A
Great,
that's!
Okay!
If
the
implementers
are
all
fine
with
that,
that's
great
just
wanted
to
check,
and
then
second
thing
I
had
for
icf110
is:
have
we
got
any
specific
goals
or
issues
that
we'd
like
to
try
and
close
off?
We
don't
need
the
answer
right
now.
We
can
do
that
on
the
mailing
list,
but
just
yeah.
A
What
are
our
goals
for
itf-110,
any
specific
things
people
want
to
bring
up
now
to
say
we
really
should
sort
this
one
out
in
that
time
frame
or
is
it
okay
to
just
keep
as
we've
been
doing
and
letting
the
editors
figure
out
which
of
the
issues
that
are
worth
trying
to
pin
down.
A
I'm
kind
of
hearing
nothing,
so
that's,
let's
go
so
I
think
that
that
says
for
itf-110
we'll
proceed
as
as
in
this
meeting
and
previously
we'll
let
the
editors
say:
here's
the
list
of
issues
and
here's
the
ones
we
want
to
try
and
talk
about,
pin
now.