►
From YouTube: IETF-ACE-20230508-1300
Description
ACE meeting session at IETF
2023/05/08 1300
https://datatracker.ietf.org/meeting//proceedings/
A
C
B
Oh
I
understand
so
next,
so
the
first
item
on
the
agenda
is
revoke
token
notification.
So.
D
Hi,
this
is
Marco
yeah,
just
a
few
words
I
confirmed
since
itf116.
We
added
a
submission
addressing
the
reviews
from
the
working
group
last
call
and
we'll
reply
to
those
on
the
mailing
list.
So,
from
the
author's
point
of
view,
we
think
we
are
down
for
now,
and
the
next
step
should
be
the
shepherd
review
and
write
up
as
in
the
slide.
B
Okay,
so
next
is
website
profile.
D
I
can
say
a
few
words.
Almost
two
yeah
there
was
a
private
exchange
between
the
chairs
and
the
authors.
Seek
them
mostly
don't
have
time
to
to
check
on
this
yet
I
I've
had
a
full
reading
on
the
whole
draft
and
with
sigdan
we
are
going
to
have
later
in
May.
First
discussions,
some
outstanding
open
points
in
the
meanwhile
I'll
do
my
best
to
start
already
addressing
uncontroversial
editorial
points
on
the
GitHub,
but.
E
D
Probably
will
have
more
in
terms
of
progress
already.
The
next
interim
depends
a
lot
on
Signal
foreign.
D
To
have
a
first
yeah
discussion
about
authors.
D
Yeah,
that's
me
again
of
the
last
one
I
started
to
work
on
the
split
so
I
created
on
the
Ace
GitHub
organization
in
your
repo
for
this
document.
With
the
agree
title,
it
used
to
be
just
a
skeleton.
Until
a
few
days
ago,
I've
been
feeling
it
with
content.
I
I
pull
back
from
the
main
draft
as
soon
as
I
have
something
complete.
I'll
start
publishing
at
the
main
draft,
actually
taking
away
Coral
content
from
them.
D
C
Yeah,
so
can
you
switch
when
I
when
I
give
you
the
signal
to
go
next
slide?
Could
you,
okay.
C
Yeah
so
hi
this
is
malicious.
Speaking
so
I'll
present
the
update
to
the
EST
or
Score
draft,
which
was
recently
adopted
in
Ace
next
slide.
Please.
C
Yeah,
so
there
was
a
call
and
option
called
for
adoption
on
the
list
which
ended
on
19th
of
April.
The
draft
was
adopted
as
a
working
group
document.
In
the
meantime,
we
received
a
review
from
from
Marco
on
29th
of
April.
Oh
so
I
would
just
like
to
take
the
opportunity
to
thank
Marco
for
this
review.
Really.
A
million
thanks,
Marco
I've,
already
went
ahead
and
fixed
non-controversial
points.
C
The
points
I
deemed
as
non-controversial
and
they
are
fixed
in
this
pull
request
that
is
open
on
the
in
GitHub
I
will
go
ahead
after
this
meeting
and
respond
to
Marco's
email
with
point
to
point
replies
to
the
to
these
points
which
were
fixed,
and
the
goal
of
my
today's
presentation
is
to
discuss
the
remaining
comments
from
Marco
that
when
that
were
a
little
more,
that
require
a
little
more
discussion
than
than
usual.
So
next
slide.
Please.
C
Foreign,
so
first
comment
is:
is
here,
I
mean
the
the
outline
of
the
next
slides
will
be.
The
italic
words
represent
the
Marcos
quote,
then
I
give
some
context
and
then
the
proposed
action
at
the
very
end.
So
the
first
comment
is
regarding
the
the
message
flow
which
which,
which
is
implied
in
the
draft
to
be
to
be
a
forward
message
flow
in
in
respect
to
the
roles
of
ad
hoc
peers
and
the
ESD
protocol,
client
and
roles.
C
So
the
implied
the
implied
flow
is
that
the
EST
client
is
currently
the
ad
hoc
initiator,
and
this
is
implicitly
assumed
throughout
the
draft.
But
there
is
no
explicit
mention
of
it
whatsoever.
C
So
Marco
brought
up
a
question
whether
a
reverse
flow,
where
the
EST
client
plays
the
role
of
the
ad
hoc
responder
can
be
ruled
out
and
I
think
that
we
can
safely
rule
out.
I,
don't
see
a
use
case
for
that
role,
unless
someone
is
can
bring
it
up
so
I.
My
proposed
action
here
would
be
to
explicitly
specify
in
Section
3,
which
is
the
sectional
authentication,
that
the
ESD
client
must
play
the
role
of
the
ad
hoc
initiator.
Unless
there
are
any
objections
to
this.
C
I
hear
no
objections,
so,
okay,
I
I,
hear
I
a
note
approval
from
euron
in
the
in
the
chat.
So
I
suppose
this
can
be
yes,
so,
okay,
so
the
proposed
action,
let's
keep
it,
as
is
here
next
slide.
Please.
C
Yes,
so
the
Marcos
comment
number
two
is
on
section
one
where
we
state
that
we
also
support
pre-shared,
Oscar
King
material,
and,
apart
from
supporting
the
exchange,
the
Adcock
exchange
for
authentication
and
Marco
is
asking
whether
in
such
a
case,
Channel
binding
is
simply
not
achievable
or
it's
or
it
is
somehow
possible.
As
long
the
escort
King
material
was
established
through
some
sort
of
interactive
protocol.
C
So
to
to
respond
to
this,
I
would
like
to
give
context,
while,
while
we
use
Channel
binding
in
the
first
place-
and
we
are
mimicking
what
EST
Co-op
s
is
doing
in
terms
of
making
Channel
binding
optional
in
order
to
counter
which
they
do
in
order
to
counter
the
triple
Shake
attack
on
TLS
1.2.
C
And
since
we
are
not
using
TLS
1.2,
you
might
you
might
wonder
what.
Why
are?
We
are
doing
this
and
we
are
specif.
We
are
men,
we
are
having
optional
Channel
binding
in
order
to
counter
any
future
attacks,
so
essentially
for
future
proofing
the
protocol
in
and
to
have
a
possibility
of
linking
the
ad
hoc
session
to
the
to
the
ESD
Exchange.
C
We,
the
my
proposed
action,
would
be
simply
to
specify
that
ad
hoc,
exporter-based,
Channel
binding,
is
applicable
only
to
cases
when
ad
hoc
is
executed.
So
essentially
just
a
notorial
note
in
the
draft
that
we
support
this
and
that
we
do
not
support
it
for
cases
when
pre-shared
Oscar
context
is
used
I.
Unless
there
is
any
objection
to
this.
A
Yes,
one
thing
I
didn't
get
is
why
we
have
to
specify
TLS,
1.3,
1.2
and
and
another
one
three.
So.
C
So
it's
not
related
I
was
I
was
saying
that
EST
Co-op
s,
which
is
RFC
9148,
if
I'm
not
mistaken,
specifies
optional
Channel
binding
to
counter
this
triple
Shake
attack
on
TLS
1.2,
and
they
also
go
ahead
and
specify
the
TLs
using
the
TLs
exporter
interface
for
for
TLS
1.3,
so
that
they
cover
both
cases.
C
Oh
the
origin,
but
from
what
I
understood
from
that
draft
is
that
this
requirement
on
having
optional
support
for
channel
binding
comes
from
from
the
need
came
from
the
need
to
counter
the
triple
Shake
attack,
which
is
a
specific
attack
on
TLS
1.2,
but
they
they
kept
it
also
and
as
they
discussed
in
the
security
considerations
for
TLS
1.3.
B
I
have
a
comment.
Yes,
yes,
during
the
loss
ITF,
there
was
a
discussion
about
TLS,
1.2
and
I
record
during
a
discussion,
but
around
duplicating
TS
1.2,
at
least
leaving
it
frozen,
and
one
of
the
issues
were
mentioned
by
I.
Think
one
of
the
guys
from
Google
or
YouTube.
B
C
Okay,
so
just
to
make
sure
so
we
are
not
using
TLS
1.2,
so
this
was
just
making
a
parallel
with
RFC
9148.
We
are
using
in
this
draft
in
EST
Oscar
draft
we
are
using
ad
hoc
to
achieve
authentication.
Ad
hoc
is
another
protocol
which
is
being
standardized
in
ITF
Lake,
another
working
group
of
the
ITF,
and
but
we
are
still
using
we
in
this
draft.
We
have
a
mechanism
similar
to
TLS
1.3's
exporter
interface,
to
achieve
Channel,
binding.
C
Okay,
yeah
thanks
okay.
So
if
there
are
no
other
comments
on
this
slide,
I
propose
we
keep
the
proposed
action.
C
I
did
not.
There
is
a
question
by
Marco
Marco.
Maybe
you
can
so
maybe
you
can
jump
in
on.
Is
it
somehow
possible,
as
long
as
the
Oscar
King
material
was
established
through
some
sort
of
interactive
protocol?
We
do
not.
We
do
not
detail
this
in
the
draft,
so
I
don't
think
it's
really
relevant
to
specify
Channel
binding
for
something
that
is
not
detailed
in
the
draft.
D
C
Foreign,
yes,
so
this
is
a
Marco's
comment
on
using
in
scenarios
where
using
message,
four,
wouldn't
wouldn't
it
make
sense
to
have
the
pkcs
10
request
and
response
transported
in
ead3
and
ead4
item
respectively.
So
I
I
just
want
to
clarify
here
that
EST
payloads
are
currently
carried
in
Oscar
protected
messages,
so
they
are
not
carrying
within
the
external
authorization
data
fields
of
ad
hoc,
and
this
is
specifically
for
the
reason
to
be
homogeneous
with
respect
to
the
re-enrollment
and
not
require
ad
hoc.
C
So
essentially,
when
we
do
the
first
enrollment,
we
want
to
do
it
with
Oscar
and
not
with
ad
hoc,
not
with
EAD
fields,
in
order
to
be
homogeneous,
when
we
do
a
re-enrollment
that
we
do
not
require
ad
hoc
in
the
first
place.
So
my
assessment-
so
this
is
is,
is
it
is
detailed
here
on
this
slide?
Is
that
carrying
a
request
and
response
in
the
EAD
items
would
complicate
the
protocol
as
the
flow
would
no
longer
be
homogeneous
and
I
propose
to
take
no
action
on
this
comment.
D
Is
good
honestly
I
missed
the
re-enrollment
option
document
I,
don't
I,
don't
know
if
it's
there
already,
so
maybe
it
makes
sense
actually
to
say
that
that
path
is
intentionally
excluding
or
not
considering
the
interest
of
of
a
better
alignment
that
you
have.
Instead,
if
you
considered
the
combined
Adult
School
request,
because
in
that
case
the
EST
messages
in
all
effects
and
all
score
Co-op
message.
D
You
can't
you
can't
in
that
case,
but
I'm
saying
it:
it's
good
to
rule
out
EAD
items,
then
I
I
think
there's
value
in
stating
that
explicitly.
D
C
Okay,
so
I
also
note
in
the
draft.
A
comment
by
yoran
carrying
EST
in
oscot
is
also
another
analogous
to
RFC
9148,
where
the
EST
messages
are
not
sent
in
the
handshake.
So
what
I
gather
here
is
that
we
should
clarify
essentially
for
the
optimization
I'll
sync
up
with
Marco,
for
for
for
exact
action
to
take
on
the
mailing
list.
C
All
right
next
slide,
please.
B
So
so,
yes,
action
is
going
to
be
taken
on
this
for
more,
like
clarification.
C
Yes,
so
more
clarification
and
I
will
detail
this.
We
will
discuss
this
on
the
mailing
list
in
the
in
my
response
to
on
the
mailing
list.
Understand.
C
So
this
this
one
is
straightforward.
So
in
terms
of
the
proposed
action,
the
comment
is
on
per
section.
Marcus
comment
is
per
section
9
of
RFC
8613,
which
is
the
Oscar
RFC.
The
osc
attribute
is
optionally
included
in
a
link
to
specify
that
the
resource
has
to
be
accessed
with
our
score.
C
Should
it
remain
optional
here
too,
and
then
Marco
goes
on
and
gives
a
compelling
example
where
we
support
both
the
Oscar
and
dtls
that
accessing
a
resource
with
when
we
are
accessing
a
resource
and
over
dtls,
and
we
are,
it
may
signal
to
the
device
that
we
are
essentially
using
ESD
Co-op
s
and
we
are
not
instead
of
ESD,
oscore
and
I.
Think
the
proposed
action
here
is
really
to
mandate
the
osc
attribute
in
links
to
SD
resources.
In
order
to
to
to
signal
that
we
are
using
the
STL
score.
C
So
I'll
give
a
minute
if
anyone
everyone
wants
to
comment,
so
this
is
plus
one
from
there
is
plus
one
from
your
run
in
the
track.
So
I
note
that.
D
C
Oh
yes,
I
I
forgot
to
mention
yeah.
The
alternative
would
be
to
define
a
new
new
set
of
esdr
score
resource
type
values.
C
C
So
the
next
slide
is
related
to
server-side
generation
of
keys
and
Marcos
commented
regards
the
response
from
SKC
resource
which
is
and
he's
asking.
Is
it
possible
to
deviate
from
what
is
defined
in
1948
and
not
encrypted
the
private
key?
After
all,
end-to-end
encryption
of
the
whole
EST
payload
is
insured
by
your
score
and
then,
if,
yes,
that
might
open
for
a
new
content
format
pair
an
unencrypted
PK,
cs8
private
key
together
with
a
single
certificate.
C
So
just
to
give
context
here
in
our
draft,
contrary
to
to
EST
Coopers.
C
Saying
yes,
so
I
was
saying
about
the
Marcos
comment:
I
was
reading
out
the
Marcos
comment,
and
that
is:
is
it
possible
to
deviate
from
what
is
defined
in
RFC
9148
and
not
encrypt
the
private
key?
After
all,
end-to-end
encryption
of
the
whole
EST
payload
is
insured
by
your
score
and
just
to
give
context
on
this.
In
our
draft,
contrary
to
to
EST
Co-op
s
where
register
May
terminate
the
dtls
connection.
Oscar
protection
is
end-to-end
between
the
EST
client
and
the
ESD
server.
C
So
this
indeed
allows
the
private
key
to
be
returned
as
unencrypted
PK
cs8,
because
the
key
will
later
be
encrypted
by
your
score,
but
we
are
not
specifying.
We
are
not
mentioning
this
in
the
draft
draft,
and
my
assessment
is
that
we
can
safely
specify
this
in
the
draft
and
use
the
new.
The
proposal
by
Mark
on
the
content
format
pair.
C
C
So
is
there
any
objection
to
this
to
this
proposed
action.
C
Okay,
I
hear
none.
There
is
a
plus
one
for
by
Carson
thanks
Carlton.
C
So
these
these
two
comments
are
really
straightforward.
So
the
comment
is
on
content
formats
mimicking
an
RFC
9148,
which
we-
which
we
indeed
intend
to
do,
but
we
did
not
explicitly
State
and
the
proposed
action
is
really
to
just
explicitly
make
a
statement
on
the
content
format
support
as
in
RFC
9148.
So
this
should
be
non-controversial
and
to
add
a
table
similar
to
RFC
9148
table
3
in
our
draft.
In
order
to
summarize
the
supported
content
formats.
C
B
C
C
So
this
is,
there
is
a
list
of
requirements
in
section
4.4
which
is
currently
preceded
by
it
is
recommended
that
which
makes
these
requirements
optional.
However,
isn't
it
a
must
for
at
least
the
co-op
options?
Oscar
and
Yuri
part
and
I
give
a
screenshot
of
the
proposed
action
where
essentially
I
am
proposing
to
replace
the
recommended
with
required
in
order
to
mandate
the
support
for
these
set
of
requirements
that
are
listed
here.
So
the
first
one
is
that
the
EST
Oscar
endpoints
must
support
delayed
responses.
C
The
second
one
is
that
the
endpoints
must
support
the
following
Co-op
options,
which
is
oscorruption
so
the
which
is
natural,
because
we
are
using
Oscar
to
practice.
Uri
host
your
iPad
URI,
Port
content,
format,
block
one
and
block
2
and
accept,
and
the
third
one
is
that
the
EST
URLs
based
on
https
are
translated
to
co-op,
but
with
the
mandatory
use
of
the
Coopers
corruption.
C
So
the
action
here
is
only
is
to
change
from
a
recommended
to
required.
So
I
would
like
to
hear
if
there
are
any
voices
against
this
against
making
this
change.
G
So
oh
you're
on
here,
can
you
hear
me?
Yes,
so
I'm
I'm
a
little
bit
curious?
Why
do
we
need
to
mandate
this
or
what
does
it?
What
is
the
impact
here?
I
understand
that
you
have
to
have
an
old
score
option
because
you're
using
of
oscore,
so
that's
clear
but
a
new
right
path.
Of
course,
if
you
need
to
identify
which
of
the
which
of
the
different
enrollment
operations
that
that's
going
to
be
used,
but
what
what?
Why
do
we
need
to
go
into
this
detail
of
mandating
options.
C
So,
okay,
so
it
could
be
so
one
one
response
I
can
make.
Is
that
this?
So
there
was
a
comment
on
this
specific
section
that
was
recommended
before,
so
that
it
was
optional.
So
now
the
question
is
whether
what
should
we
do
with
it
and
whether
we
should
mention
I
guess.
Your
comment
is
whether
we
should
be
mentioning
this
at
all.
G
E
Yeah
I
think
the
the
problem
is
that
statements
like
this
can
be
misinterpreted
as
overriding
the
statements
in
the
normative
references
and
that
that
problem
is
understood
as
the
restatement
anti
pattern,
because
it
makes
implementers
believe
the
the
requirements
are
actually
in
the
referencing
a
document
and
not
in
the
reference
document,
and
you
need
to
be
very,
very
careful
when
you
restate
things
that
that
are
in
other
standards
that
you
qualify.
E
E
You
evade
this
little
problem
because
you
are
not
giving
the
the
implementer
leeway
in
in
misinterpreting
this
as
a
relaxing
the
details
from
the
reference
reference
standards
but
generally
I
would
hope
that
when
we
do
restatements,
we
are
always
very
explicit
about
them
being
consequences
or
summaries
or
nodes,
as
opposed
to
just
saying
something
as
if
it
were
a
new
statement
that
replaces
existing
statements.
G
E
So
this,
this
is
all
just
summary,
information
and
information
that
that
I
think
is
actually
useful
for
as
the
checklist
for
an
implementer,
so
I
would
leave
it
in
in
every
case,
but
it
should
not
be
stated
as
a
new
requirement.
It
should
be
something
that
that
is
identified
as
something
that
simply
is
required
by
nature
and
not
required
by
Fiat
here
in
in
this
particular
statement.
E
G
E
C
So
I
believe
you're
reading
it
correctly
Carson
and
the
action
I
hear
now
is
to
summarize
this
without
a
requirement,
even
though
you
you
mentioned
the
keyword,
must
but
without
making
a
normative
statement
here
on
that,
we
that
we
need
to
support
these
options
that
it's
just
a
natural
consequence
of
having
support
support
for
us.
Essentially.
E
C
That
makes
sense
to
me:
do
we
have
any
other
comments
on
this.
G
I,
just
typed
the
corresponding
well
there
are.
There
are
a
couple
of
sentences
in
the
corresponding
section,
which
is
also
section
four
yeah
section.
Four,
four
sorry
I
don't
see
any
normative
language.
There.
G
C
Okay,
so
this
is
a
Remnant
then
from
the
previous
version
of
the
draft,
which
I
think
we
can
fix
by
evading
any
requirement
keywords,
any
normative
keywords.
C
Okay,
so
let's
write
down
in
the
minutes
that
the
action
here
is
to
evade
to
rephrase
this
to
not
to
use
any
normative
language
and
to
precede
the
sentence.
With
note
that.
C
So
the
next
slide
is
on
us
on
a
sentence
that
I
quote
here:
the
EST
URLs
based
on
https
are
translated
to
co-op,
but
with
mandatory
use
of
the
co-op
Oscar
option,
and
the
comment
is
that
the
scheme
Co-op,
is
the
translation
Target
only
if
dtls
is
not
additionally
used.
C
So
the
proposed
my
proposed
action
here
is
to
explicitly
mention
that
if
dtls
is
used,
the
scheme
is
Co-op
s
and
I.
Hope
I'm,
not
misunderstanding,
something
here
Marco.
Maybe
you
could
comment.
D
As
you
said,
it's
most
a
special
case
when
you
use
both
all
square
and
dtls
use
those
scroll.
The
the
translation
is
into
Co-op.
F
C
Okay,
okay,
so
it's
a
minor!
So
it's
a
small
fix
to
make
okay.
C
Okay,
unless
there
are
other
comments
on
this
slide,
I
propose
we
move
on
to
the
next.
G
C
So
this
is
actually
related
to
the
the
to
the
discussion
we
just
had
on
a
normative
statement
in
section
4.4,
I,
I
believe
and
Marco's
comment
is
that
he
quotes
this
specification.
C
Manda
is
the
implementation
of
Co-op
option
block
one
and
block
two
fragmentation
mechanism
which
contradicted
the
text
where
Co-op
option,
block
1
and
block
2
is
only
recommended
so
I
had
a
mandate
block
as
a
proposed
action
on
this
slide
was
to
mandate
block
one
and
block
two
in
section
4.4
s
per
slide
number
nine,
which
is
the
discussion
we
just
had,
but
since
we
agreed
on
having
just
in
informational
text
in
that
section,
we
should
probably
restate
this
to
support.
Also
to
to
some
inform,
inform,
informative
language.
C
I,
don't
know,
I,
don't
see
a
better
resolution
at
this
point.
Maybe
I
would
need
to
think
a
little
bit
about
more
unless
there
are
new
comments.
C
So
Mark
was
saying
that
it
sounds
good,
so
just
to
make
sure
the
proposed
action
is
to
rephrase
this
to
inform
informational
text
informational
note,
instead
of
mandating
anything
as
it
is,
because
this
is
just
a
reference
to
the
section
4
4.4.
B
C
No,
so
we
we
do
not
want
to
make
we
as
part
of
the
discussion.
We
just
had
cartoon
on
slide
number
nine
or
we
don't
want
to
mandate
anything
on
block
one
and
block
two
in
section
point
four,
so
my
proposed
action.
This
is
not
the
proposed
action
I'm
proposing
in
here
it's
just
to
informatively
summarize
that
that
it's
a
logical
consequence
of
the
draft
that
these
options
need
to
be
implemented.
C
So
but
I
mean
so
block
one
and
block
two
special
regarding
block
one
and
block
two
or
yes.
E
I
I
don't
have
a
strong
opinion
on
this,
yet
I.
Just
think
that
if
you
single
these
out
to
be
optional,
then
essentially
you
are
creating
an
interability
problem.
When
you
are,
you
happen
to
hit
a
link
that
that
has
problems
with
large
packets,
so
I'm
just
trying
to
understand
what
the
rationale
behind
that
is.
G
Yeah
I
think
I
think
this
was
a
good
discussion,
because
first
we
had
the
more
principal
discussion
about
what
to
mandate
whether
we
should
mandate
any
Co-op
options,
and
now
we
have
a
specific
example
of
where
it
might
be
useful,
but
I
I'm
thinking
like
this,
so
we're
doing
certificate
enrollment.
So
if
there
is
a
certificate
coming
back,
we
probably
have
a
problem
with
fragmentation
and
then
again
do
we
have
options
when
there
is
not
a
certificate
coming
back,
I'm
thinking
loud
now.
G
So
do
we
have
a
case
where
you
get
back
just
a
reference
rather
than
a
certificate,
because
in
that
case
you
may
not
need
to
implement
any
fragmentation
scheme
because
you
don't
have
the
sizes
and
and
when
you
need,
as
we
said
you
you
implement
URI
host
because
you
need
to
send
the
main
names
or
the
the
well.
There
is
some
obvious
need
for
for
the
certain
options.
G
So
I
don't
have
a
strong
conclusion
here:
I'm
just
noting
that
either
we
could
rely
on
on
that
that
we
will
state
somewhere
that
these
are
the
options
that
are
being
used
in
section
4-4.
We
state
that
block
one
block
two
are
being
used
and
and
then
you
need
to
implement
those
if
you're,
if
you're,
if
you
hit,
if
you
have
large
sites
and
payload
sizes,
yes,.
C
G
G
I
think
we
need
to
think
a
little
bit
more
about
content
of
section
four
four,
it's
just
a
good
discussion,
and
let's
and
yeah
that
I
mean
that
what
whatever
we
state
in
section
four
four
weeks
will
be
repeated
here.
I.
F
G
F
G
C
They're
saying
the
co-op
options
used
are
block
one
and
block
two,
but
I
don't
see
as
you
as
you
said,
but
I
don't
see
a
normative
that
team.
No
indeed,
there
is
EST
core
best
servers
must
Implement
block
1
and
block
two
EST
Co-op
s.
Clients
must
Implement
block
2.
G
E
C
C
E
E
Definitely
a
boundary
that
is
not
wrong,
so
maybe
we
shouldn't
change
that.
C
Okay,
so
we
keep
the
normative
requirements
from
RFC
9148.
Essentially,
that
would.
G
C
C
Yes,
so
this
is,
this
is
I
believe
the
last
comment
that
I
outlined
in
this
presentation
here
and
the
comment
is
in
on
Section
Five,
where
there
is
a
secure
association
between
the
SD
client
and
the
co-op
to
HTTP
proxy
and
Marco
is
stating
that
this
may,
alternatively,
and
more
conveniently
rely
on
Oscar
as
well
and
he's
referencing
an
individual
draft.
C
The
local
code,
Oscar
capable
proxies
so
so
my
proposed
action
would
be
to
informatively
reference,
this
draft
as
a
way
to
establish
a
secure
association
between
the
ESD
client
and
the
co-op
to
HTTP
proxy,
but
not
to
mandate
anything.
Essentially,
it's
just
as
a
way
architecturally
how
this
could
work.
G
Is
pointing
at
that
you
may
use
TLS
and
dtls
and
what
yeah,
so
the
hope,
I
hope
might
be
using
transport
layer
securely.
But
what
Mark
was
saying
here
is
that
the
hope,
I
hope
might
use
oscore.
G
D
Yeah
I
was
talking
specifically
of
the
leg
between
client
and
proxy.
In
fact,
that's
where
you
gain
conveniency,
especially
from
the
client
point
of
view.
You
may
want
to
reapply
that
again
also
between
the
proxy
and
the
server,
but
I
expect
that
to
be
less
considered.
G
D
C
G
F
B
E
B
Do
you
think
you
can
update
the
draft.
C
G
G
For
this
interim,
what
I've
been
working
with
is
the
shepherd
write-up
on
the
revoked
token.
So
that's
the
second
point
on
the
agenda,
but
that's
not
finished
either,
but
I
expect
that
to
be
finished
first
and
then
come
back
with
the
Costco
profile
for
for
the
next
meeting
or
for
the
next
ITF
meeting.
B
Okay,
so
thank
you
very
much
is
anything
we
missed
before
we
closed
this
session.
E
A
No,
so
so
I
guess
the
the
shepherd
we
can
expect
to
have
it
in
the
in
the
in
the
two
next
week
am
I,
correct.
G
Yeah
I'm
working
on
it
now
I
hope
to
be
ready
soon.
But
that's
all
I
can
say
right
now,
but
yes,
I
think.
A
Oh
no,
no,
then
it's
not
because
I
had
the
impression
I
updated
that,
but
that
was
not
this
morning.
Okay
yeah.
We
will
work
on
it.