►
From YouTube: 2021-12-01 Multicast W3C Community Group Meeting
Description
Minutes: https://www.w3.org/2021/12/01-multicast-minutes.html
More about the cg: https://github.com/w3c/multicast-cg
A
Okay,
so
we're
recording,
so
I
sent
the
agenda
by
email.
I
did
not
actually
put
together
slides
for
today,
so
I'm
not
going
to
be
sharing
my
screen
or
anything
I'll
just
be
chatting.
But
what
we
have
on
the
agenda
is,
I
wanted
to
discuss
whether
it
would
be
okay
with
those
attending
to
move
this
meeting
back
by
half
an
hour
or
60
minutes.
A
So
I
guess
chris.
This
is
probably
mostly
your
question,
but
for
today,
anyway,.
A
B
Yeah,
I'm
okay.
I
there
is
another
group
that
meets
in
the
next
hour
that
I
would
want
to
join.
Would
two
hours.
B
C
A
Casey
any
objections
on
your
side.
I
think
I'm
going
to
float
this
by
the
list
also
and
see
if
anybody
raises
objections,
but
I'm
kind
of
going
to
consider
downplaying
people
who
haven't
managed
to
attend
any
yet
at
this
time
slot
so
yeah
and.
A
A
All
right,
so
I
will
tentatively
consider
I'll
I'll
confirm
that
on
the
list
and
see
if
there's
anybody
else
who
raises
objections,
but
I
will
look
to
to
plan
to
move
this
two
hours
later.
Then,
if
that's
that's,
okay,
all
right.
So
the
the
next
item
on
the
list
was
20
minutes
for
a
status
update
last
month
was
reasonably
busy
with
both
the
so
we,
the
last
meeting
we
had
was
was
the
tpack
meeting
that
recording
is
up.
A
I
apologize
for
being
so
late,
sending
it
out,
but
that
recording
is
up
and
the
notes
are
there.
I
guess
so.
I
reviewed
it
again
yesterday.
I
guess
my
my
takeaway
on
that
was.
We
aired
some
of
the
complexity
in
in
getting
the
the
kind
of
adoption
we
need
to
move
forward.
A
We
had
opinions
from
eric,
especially
that
that
what
we
really
need
to
do
you
know,
is
to
get
more
people
involved
one
way
or
another
by
you
know
getting
them
to
feel
the
pain,
particularly.
I
think
the
browser
vendors.
A
But
some
of
the
isps
are
on
board.
I
think
you
know,
and
casey
here
is-
is
coming
from
a
network
ops
side
which
is
great
there's
a
few
other
people
that
are
in
the
group
that
haven't
really
made
it
to
these
meetings,
but
but
many
of
whom
have
been
talking
to
separately
from
time
to
time.
A
But
it's
I
take
it
that
for
most
isp
employees,
it's
it's
a
challenge
to
to
do
work
toward
browser
implementation,
sort
of
development.
A
A
My
take
on
this
at
this
stage
is
getting
it
into
the
browser
is
the
step
that
makes
it
most
interesting
to
everybody,
because
then
there's
then
there's
a
distributed
receiver
that
anybody
can
use,
and
so
to
that
end
is
is.
Can
I
I
didn't
hear
anything
that
really
changed
my
position
on
yeah.
We
have
to
get
the
security
stuff
ironed
out
and
we
have
to
get
some
level
of
consensus
built
so
that
the
browsers
would
be
potentially
willing
to
take
it.
A
I
guess
anybody
else
who
saw
anything
different
do.
Let
me
know
that
was
kind
of
my
summary
takeaway
on
it.
Is
that
we're
on
the
right
track?
It's
not
an
easy
or
short
track,
but
but
we're,
but
we're
trying
to
do
the
the
right
sorts
of
things
based
on
the
you
know.
Who
needs
to
to
be
into
this.
A
So
as
follow
up
on
that,
I
guess
there's
no
other
questions
or
comments
there.
D
I
think
you're
right
that
getting
it
into
the
browser
is
critical
to
finding
that
break.
Point
and
you're
also
right
that
it's
we're
more
than
more
than
willing,
actually
enthusiastic
about
helping
to
provide
relays
and
as
soon
as
internet2
will
allow
us
to
build
those
overlays
we'll
get
ourselves
back
connected
to
others,
so
that
that
becomes
more
useful
but
yeah.
D
A
A
A
I
haven't
followed
up
yet,
but
I
will
be
I
mean
I
haven't
followed
up
seriously.
I
did
get.
I
did
ping
the
msec
list
to
verify
that
during
the
session
there
was
some
question:
should
it
be
msec,
or
should
it
be
a
new
mailing
list,
a
pangdem
sect
to
ask?
I
got
unanimous
responses
from
two
people
that
that
msac
seems
like
a
good
place
for
it
for
the
discussion
about
the
security
considerations
for
multicast.
A
A
A
That
was
kind
of
after
the
tpac
meeting,
mostly
I
think
and
and
then
some
some
good
discussion
during
the
session.
I
think
I
guess
my
my
summary
is
that
people
who
are
into
security
are
skeptical
of
this,
which
I
think
is.
A
Not
entirely
unjustified,
but
I
think
that
so
ecker
did
a
review
of
the
draft
and
he
seems
to
think
it's
not
a
good
idea,
but
he
didn't
have
any
technical
objections
that
he
maintained
throughout
during
that
discussion
that
we
had
he.
He
ended
up
in
the
position
that
well
browsers
aren't
interested
in
this.
So
why
should
we
bother
looking
at
it?
A
A
I
had
some
offline
communications,
they're,
not
public,
and
I
don't
want
to
name
any
names,
but
but
some
of
these
have
contributed
to
my
view
that
the
people
who
are
into
browser
security
tend
to
be
skeptical
toward
this,
the
I
think
it
will
help
to
get
the
the
sort
of
web
transport
integration
running
so
that
there's
a
an
actual.
A
This
was
also
one
of
the
comments
in
the
chat
during
the
sec
dispatch
presentation,
I
think
from
martin
another
luminary
in
the
sort
of
security
and
browser
space
martin
thompson,
and
that
was
that
we
needed
a.
A
We
need
to
have
a
an
actual
protocol
with
actual
security
properties
before
we
can
meaningfully
discuss
this,
and
I
think
that's
not
an
unreasonable
position,
and
so
I
I
I
don't
entirely
agree
because
I
do
think
that
the
the
security
consideration
stock
lays
out
a
lot
of
things
that
we
that
we
need
to
hit
in
that
protocol
and
has
a
good
framework
for
sort
of
for
sort
of
thinking
about
it
and,
I
think,
is
appropriate
as
a
separate
doc.
A
A
That
would
be
a
a
sort
of
first
stage
proposal
at
how
to
do
the
secure
transport
with
web
transport
or
or
something
else.
But
I
think
that
you
know
to
go
along
with
that.
One
of
the
other
notions
was
like
a
sort
of
origin
linked
authentication
of
the
objects
that
were
delivered.
A
That
that
might
be
worth
exploring
in
some
sense
to
sort
of
see
whether
the
origin
can
actually
provide
a
response
that
validates
the
total
receipt
of
everything.
I'm
not
sure
it's
necessary,
the
way
we're
doing
the
authentication.
A
But
but
it's
I
wouldn't
say
it's
entirely
off
the
table,
but
I'm
gonna
see
if,
if
we
can
do
something
just
with
datagrams
and
web
transport
first,
I
started
setting
up
like
a
local
web
transport,
the
web
platform
tests
to
run
web
transport
against
some
browsers
and
then
I'll
be
hacking
on
that.
I
got
sidetracked
with
ip6
dual
stack
work,
which
of
course
took
much
longer
than
I
was
expecting
so
I'll
speak
about
that
a
little
bit.
B
B
At
what
level
is
it
we're
not
interested
in
this?
Because
we
think
that
the
security
properties
that,
like
that's
too
hard
of
a
problem
to
solve
or
is
it
like,
even
if
we
were
to
develop
a
solution
there,
that
we
think
is
acceptable?
Then
there
then
there
there
are
other
reasons,
perhaps
that
they're
not
yeah.
A
Nobody
yet
privately
or
publicly
has
given
me
any
indication
that
this
problem
is
unsolvable,
that
they
believe
this
problem
is
unsolvable.
I've
asked
that
question
explicitly
to
a
number
of
people.
All
of
them
have
declined
to.
C
A
So,
with
with
that
said,
I
I
should
say
that
you
know
they
that
there
is
a
position
that
it's
going
to
be
a
high
effort
to
update
the
web
security
model.
To
allow
for
this
that
you
know
there
there's.
A
You
know
this
seems
to
be
the
default
position
of
this
is
part
of
why
I,
I
think
the
the
people
who've
done
a
lot
of
web
security.
Work
tend
to
be
skeptical.
Is
that
this
is
they
view
this
as
as
challenging,
because
it's
different
and
their
default
position
is
that
it's
probably
not
worthwhile.
A
A
As
about
how
much
traffic
could
be
saved,
how
much
energy
usage
could
be
saved,
so
I
I
really
think
that
to
me
it
looks
like
they.
They
have
not
considered
this
problem
seriously,
yet
yeah
and
it
might
you
know,
is
it
likely
that
they
will
come
around
once
they
do
consider
it.
A
You
know
the
the
alternatives
do
not
help,
in
my
opinion,
with
with
user
safety
like
what
they're
saying
is
this
can't
be
in
browsers
not
that
users
will
be
safer
by
keeping
it
out
of
browsers,
and
this
is,
and
the
reason
is
because
users
end
up
doing
something
that
scales
anyway,
because
that's
their
only
option
for
some
of
the
content
they
want
to
receive
and
the
things
that
scale
have
the
same
exact
privacy
problems.
A
So
yeah
yeah,
for
example,
the
you
know
when
you
can't
deliver
it
to
a
browser
and
it's
a
it's
a
high
volume
sort
of
event.
What
you
end
up
doing
is
in
order
to
deliver
the
high
volume
event.
You
use
a
a
tv
station
kind
of
approach
right,
you
send
it
to
the
isp
who
sends
it
to
their
to
their
customers
and
now
what
you've
done?
A
The
net
effect
that
you
end
up
with
now
is
okay,
so
we
deliver
it
through
the
isp
by
handing
it
to
them
explicitly,
and
then
they
give
it
to
their
customers
as
part
of
service,
offering.
C
C
You
know
a
proprietary
manner
that
has
not
undergone
the
kind
of
privacy
review
that
we
would
expect
from
a
standardized
ietf
w3c
collaboration,
yeah.
A
A
You
know
likewise,
I
hope
to
do
this
with
with
the
sort
of
smart
tv
devices
in
some
some
of
the
specific
ones,
for
some
of
the
specific
content
owners
that
need
to
to
do
some
delivery
god.
I
hope.
A
Yeah
I
mean
you
know
it's.
It
is
a
concern
that
that
that
people
would
find
out
what
content
is
being
delivered.
That's
one
of
the
ones
that's
been
raised.
Part
of
the
response
is
that
it's
well
a
when
it's
popular
enough,
then
that
that's
very
discoverable
anyway,
through
traffic
analysis.
This
is
even
mentioned
in
the
tls
specs.
A
As
a
as
a
thing
that
tls
is
vulnerable
to
and
there's
you
know
a
never-ending
stream
of
papers
about
how
that
works,
you
can
defeat
it,
but
only
by
making
all
the
content
look
identical,
which
has
a
very
high
overhead,
because
everything
has
to
be
be
it
the
size
of
whatever
you're
trying
to
hide
it
within.
A
So
you
have
to
have
everything,
be
it
the
same
size
as
the
biggest
thing
you're
sending
essentially-
or
you
know,
a
large
volume
of
stuff
being
being
at
that
size
and
people
aren't
willing
to
do
that
right.
It's
like
well.
Are
we
gonna
you're,
saying
we're
gonna
triple
the
traffic
that
we're
gonna?
Send
you
know
so
that
we
can
protect
our
users
from
discovering
that
from
their
isp
discovering
if
they
bother
to
look
that
their
that
they're
downloading
call
of
duty,
you
know
what
are
they
gonna
do
with
that
information?
A
Why
is
this
a
threat
model?
We
have
to
pay
three
times
as
much
for
delivery.
To
actually
prevent
you
know,
and
and
the
answer
is
they
don't
do
it
today
and
there's
no
reason
to
think
that
they're
gonna
do
it
for
the
popular
content?
A
And
yet
you
know
ins
like
by
telling
them
we
can't
use
multicast
while
we're
telling
them
that
no,
you
have
to
do
30
times
as
much
traffic
instead
and
I'm
not
sure
why
this
is
a
different
answer
exactly,
except
that
I
think
people
haven't
really
thought
through
all
the
implications.
A
Yet,
as
far
as
I
can
tell
there's
this
sort
of
getting
people
to
take
it
seriously
problem
that
multicast
has
that,
I
think
is,
is
each
new
group
that
encounters
it
has
to
overcome
that
and
yeah
all
the
web
security
stuff
over
the
last
decade
has
been
done
without
any
considerations
for
multicast,
so
we'll
have
to
sort
of
rebuild
that
in
like
in
the
multicast
world
and-
and
you
know,
do
find
out
where
there
really
are
user
threats,
because
we,
you
know
it
is
very
important
not
to
expose
users
to
that.
A
Like
I,
I
don't,
I
don't
mean
to
diminish
their
concerns,
but
but
I
think
that
most
of
the
concerns
that
people
have
are
coming
from
a
place
of
not
having
yet
engaged
with
the
problem
seriously
and
with
the
problems
they're
raising
and
what
the
actual
impact
on
users
is,
and
the
scalability
you
know
is
just
it's
something.
That's
hard
to
turn
your
back
on
once
you
understand
how
big
it
is.
A
C
That
that
the
the
the
argument
for
you
know,
I
mean
just
the
simple
argument
for
let's
make
it
part
of
the
web
security
model,
so
that
we
kind
of
bring
it
into
the
light
is
something
that
we
should
probably
add
to
the
dock.
C
Unless
you
think
it's
too
on
the
nose,
but
it
seems
like
it
seems
like
a
a
framing
that
would
that
would
be
that
some
percentage
of
people
who
were
interested
in
the
question
would
be
receptive.
To
I
mean,
if
others
other
people.
D
A
Yeah,
I
mean
certainly
that's
a
point
that
lucas
raised
like
this
is
reminiscent
of
of
the
sort
of
what
was
the
one
you
pointed
out
like
a
decade
ago
or
or
even
a
few
years
ago,
getting.
A
So
dns
has
turned
into
a
privacy
consideration
sort
of
a
sort
of
a
thing
and
it
was
like
well,
you
know
eight
years
ago
it
wasn't
really
on
anybody's
radar
and
over
the
last
eight
years
it's
turned
into
like
well
everybody's
making
encrypted
connections
to
their
dns
now
or
there's
a
there's,
a
large
portion
of
people
that
are
doing
it
and
people
were,
you
know,
scraping
all
that
dns
data,
and
now
it's
it's
only
the
particular
provider
that
you've
chosen.
A
That
gets
this
great
pet
dns
data,
not
not
everyone
on
the
path,
and
so
there's
there's
sort
of
a
an
analogy
here
where
there
is
a
bunch
of
multicast
traffic
happening
today.
Nobody
knows:
what's
what
people
are
analyzing
it
and
what
they're
getting
out
of
it?
And
so
you
know
if
there
is
really
a
privacy
problem
here,
then
it's
a
privacy
problem,
that's
present
today
and
and
it's
something
that
that
we
should
be
thinking
about
and
discussing.
A
If
there's
not
actually
a
privacy
problem,
then
I'm
not
sure
why
it's
a
blocker
to
getting
it
into
the
browsers
in
general.
So
so
that's
kind
of
the
the
state
of
the
discussion.
A
I
agree
it
should
go
into
the
doc
yeah.
That's
a
good
point
to
raise.
I
don't
know
you
want
to
you
want
to
make
an
issue
for
it
or
and
okay
yeah.
C
A
Let's
see
so,
I
think
that's
about
it.
It's
I'm
hoping
to
get
that
discussion
going
between
now
and
the
march
iatf
and
kind
of
see
where
things
stand.
A
I
don't
know
if
we'll
be
ready
for
a
buff,
yet
at
the
march
ietf,
but
I'd
like
to
you
know,
maybe
if
the
discussion
goes
well
but
over
the
holidays,
it
really
never
does
so,
but
I'd
like
to
get
a
buff
at
some
point
to
reopen
msec
and
take
this
document
on,
as
well
as
some
of
the
others
that
are
listed
in
the
sec
dispatch
presentation
and
get
get
the
the
actual
iatf
consensus
there,
so
that
project
will
be
ongoing
in
parallel
I'll,
be
doing
the
web
platform
tests
for
for
web
transport
and
seeing
if
I
can
get
together
an
actual,
you
know
at
least
to
start
at
a
straw
man
protocol
that
has
that
has
the
actual
characteristics
that
that
I'd
be
looking
to
start
with.
A
A
So
the
reason
I'm
not
further
along
on
that
so
going
to
my
next
point
on
the
agenda-
was
the
the
dual
stack
relays.
I
tried
to
set
some
up
the
I
so
the
the
where
I'm
running
them
is
is
the
there's
some
some
test
traffic
on
23.212.185.2.
A
As
the
source
and
then
232.1.1.1
with
port
5001.,
I
can
paste
that
into
the
chat
here.
If
you
want
to
paste
it
into
the
notes
there,
chris.
A
And
those
I'm
bringing
them
up
and
down
still
there's
still
some
pieces
that
I
haven't
been
able
to
to
properly
test
or
get
working,
but
the
relays
I'm
trying
to
get
functioning
and
then
my
intent
is
to
so
giant
also
has
brought
up
some
some
multicast
capability
in
their
multicast
working
group.
They
actually
have
like
a
beer
forward,
plane
and
and
some
pretty
neat
relays
running.
A
They
gave
me
an
idea
because
they're
playing
some
some
public
domain
music
over
their
multicast
channel,
which
you
can
just
leave
running
you
don't
have
to
be
watching
it
right.
So
I
I
might
do
the
same
for
some
of
my
sources
with
the
through
vlc,
where
you
can
just
leave
it
running
and
listen
to
some
music.
A
I
think
that
would
be
a
good
way
to
have
it
just
active
all
the
time.
So
I
can
notice
if
there's
problems,
but
anyway
the
the
relay
there
is
theoretically
running
in
dual
stacked.
I
I
still
am
working
on
trying
to
get
it
functioning.
A
You
can
do
the
discovery
through
dns
for
that
source,
I'm
working
on
getting
a
v6
source
together.
I
guess
I
can
that
address
would
be
I'll
paste
that
one
too,
although
I
don't
have
the
the
sender
up
yet,
unfortunately,.
A
Every
part
of
the
the
ip6
work
is
is
taking
longer
than
than
I
would
wish.
Unfortunately,
there's
there's
challenges
in
in
the.
A
This
challenge
is
at
the
aws
level,
just
getting
that
dual
stack
functioning,
but
that
part
is
the
part,
that's
working,
but
then
inside
the
device.
That's
the
that's
running
there.
It's
not
behaving
the
same.
So
if
this
is
a
an
ubuntu
sender
in
ip4,
what
I'm
doing
is
I
create
a
v
pair
and-
and
I
just
set
the
route
to
send
it
to
one
side
of
the
v
pair.
A
The
relay
listens
on
the
other
side
of
that
v
pair
and
that's
how
I
get
the
traffic
into
the
relay
to
be
distributed
to
whoever's,
trying
to
get
it.
A
Unfortunately,
the
with
ip6
for
reasons
I've
not
yet
been
able
to
track
down
setting
the
route
does
not
seem
to
be
sufficient.
It's
going
out
the
the
the
physical
interface
whether
or
not
I
have
a
route
to
go
to
the
thief
pair
interface,
and
I'm
I'm
waffling
between
setting
this
up
inside
a
net
namespace
versus.
So
I
know
from
previously
working
on
it
that
if
I
set
it
up
as
a
separate
device,
then
the
multicast
traffic
will
not
transfer
between
the
the
two
aws
instances.
A
Into
the
relay
somehow
or
into
some
other
kind
of
tunnel,
I
don't
know
yet
why
the
routing
isn't
behaving
the
way
I
expect
it
to,
and
I
think
the
network
name
space
is
the
most
promising
way
to
to
force
it.
I
thought
about
trying
it
in
a
verf.
Also
I
I
I
I
might,
but
that
seems
like
it
has
challenges
too.
Anyway,
I've
been
on
this
for
a
couple
of
weeks
now,
I'm
hoping
to
actually
end
up
with
it
running,
but.
A
It's
it's
not
it's
not
what
I
wish
it
was
for
sure.
So
I
guess
anyone
who
who
wants
to
work
on
that
with
me.
Please
do
let
me
know
and
I'll
I'll
hook
you
up
and
see.
If
you
can
help
me
troubleshoot
it
but
yeah,
it's
it's
not
fantastic,
but
that
one
when
it
when
I
do
set
it
up
does
have
the
same
sort
of
I.
I
did
get
the
relay
discovery.
A
Part
working
for
that,
so
that
doing
the
same
dryad
lookup,
with
the
with
the
reverse
ip
of
the
of
the
source
address,
does
find
the
the
relay
that
it's
supposed
to
be
running
on.
I
just
don't
have
actual
traffic
sending
there,
so
I
might
give
this
another
week
before
I
abandon
it,
but
I'm
hopeful
that
in
a
week
I'll
I'll
get
through
all
the
hoops
that
need
to
happen,
but
I
really
do
want
to
get
onto
the
quick
bit.
A
So
I'm
in
the
web
transport
part-
and
I
feel
like
this-
this
ip6
digression
is
important
because
there's
several
people
who
are
really
interested
in
in
making
this
work
for
ip6,
but
but
not
my
core
mission
here
either.
So
so
I
don't
want
to
let
it
go
for
too
long.
If
I
really
can't
get
it.
A
I
guess
any
questions
about
that.
I'd
be
happy
to
dive
into
more
details,
but
I'm
not
sure
it's
the
right
place.
A
All
right
great
then,
let's
see
did
I
have
yeah.
So
I
guess
just
in
terms
of
next
steps.
My
plan
was
to.
A
And
I
think
that's
all
I
had
on
the
agenda.
Did
anyone
have
any
other
questions?
Chris
er
casey?
You
were,
I
think
you
mentioned
last
time.
We
met
that
you'd
be
willing
to
set
up
an
ingest
platform
device
to
to
pull
traffic
in
from
the
relays
that
are
discoverable
with
the
dns.
A
I
don't
think
we
arranged
something
that
week
and
it
was.
It
was
kind
of
a
busy
month
for
me
yeah,
but
maybe
do
you
want
to
do
you
want
to
set
up
a
working
session
to
try
and
bring
one
of
those
up
in
in
your
in
your
network
or
in
lab.
D
D
Yeah,
let
me
take
a
look
at
my
calendar.
I
let
me
get
the
right
window
open.
A
This
is
basically
the
the
proof
of
concept
work
that
we
did
with
the
with
the
four
with
the
four
other
isps
they
set
this
up
in
lab.
There
was
one
that
did
it
across
their
production
network,
but
but
the
receiver
was
still
lab
set
up
and
yeah
I
mean,
if
you're,
if
you're
willing
to
do
that,
then
I
think
that
that
could
be.
That
could
be
good
and
we
can.
We
can
bring
up
the
the
relay
connectivity.
A
Yeah,
I
could
do
this
friday
when
okay
wednesday
of
next
week,
I
think,
there's
there's
a
an
event
going
on
that
week
that
I
don't
have
yet
on
my
schedule.
D
Well,
let's,
let's
circle
up
after
the
meeting
here
and
we'll
pick
a
time
on
friday,
sure
that
sounds
great.
A
B
Yeah,
so
a
question
I
I
wasn't
able
to
join
the
second
screen
group
meeting
did:
was
there
anything
useful
that
came
out
of
that?
I'm
just
aware
that
that
group
was
has
has
been
designing
protocols
for
use
like
on
a
local
network
that
you
know
have
web
compatible
security
properties,
so
it
may
be
wonderful.
A
Okay,
good
question:
I
I
think
we
had
a
reasonably
interesting
conversation
there.
I
think
it
it
was
pretty
inconclusive.
You
know
they.
A
They
did,
they
had
looked
at
some
of
the
privacy
considerations,
but
had
not,
as
I
recall,
considered
whether
it
was
necessary
to
to
do
things
like
disable
it
in
private,
browsing
mode
or.
A
I
I
think,
in
terms
of
action
items,
it's
probably
right
to
circle
back
with
them
and
see
if
those
discussions
ever
go
anywhere
or
went
anywhere
or
if
they
did
any
follow-up.
I
think
I
they
had
some
some
other
questions
that
I
ended
up.
A
I
think
they
were
more
interested
in
that
were
like
as
tls
connections
to
local
devices
that
ended
up
having
some
some
discussion
on
github.
You
know,
I
think
a
few
people
that
were
in
that
meeting
came
to
the
tpac
discussion
for
multicast,
but
they
did
not
later
join
the
group
or
attend
this
meeting.
Unfortunately,
so
so
I
don't
think
I
sufficiently
interested
them
to
to
actually
get
involved
at
this
stage.
So.
A
I
I
still
think
there's
some
overlap
in
some
of
the
privacy
considerations,
especially
kind
of
discoverability,
of
local,
of
local
traffic
like
or
of
local
devices.
A
Sort
of
information
exposure
between
the
browser
and
devices
online-
you
know
this
is
a
concern
that
there
was
a
there
was
a
presentation
in
mbondi
at
ietf,
from
tommy
paulie
at
apple
apple,
introduced
in
the
last
within
the
last.
A
I
think
it
was
the
version
before
this
one,
so
maybe
about
a
year
ago,
some
protections
against
local
discovery
so
that
you
have
to
have
like
user
permission
before
before
an
app
can
access
can
access
apis
that
do
local
network
discovery
operations.
A
Some
other
sort
of
protections
like
you
can
pre-register.
You
know
at
build
time
to
have
a.
A
You
know
to
say
what
specific
kinds
of
services
or
names
you're
going
to
be
trying
to
discover
with
your
application
and
then
and
then
apple
has
some
degree
of
control
over
over
the
apps
that
are
allowed
to
do
that.
Apparently,
they
saw
some
abuses
from
from
some
sdks,
often
that
the
apps
didn't
even
know
were
were
doing
sketchy
things,
but
the
sdks
were
were
probing
the
local
network
in
some
ways,
and
so
they
so
they
lock
down
a
number
of
local
discovery.
Sorts
of
things
you
can
take
a
look
at.
A
A
A
What
the
actual
abuse
was
like
what
the
danger
to
users
was,
but
there's
a
sort
of
abundance
of
caution.
I
think
for
things
that
are
doing
poorly
understood,
you
know
whatever
is
going
on
this.
The
sketchy
try
to
discover
information
about
your
user
and
and
their
network
environment.
A
You
know,
there's
a
principle
of
data
minimization
or
something
that
you
know
just
want
to
expose
all
this
stuff
yeah.
They
seemed
to.
They
seemed
like
they're
in
a
reasonably
similar
place.
There's
like
they
haven't,
really
got
much
of
an
answer.
They
don't
really
know
what
the
threat
model
is
that
they
need
to
protect
against.
A
You
know,
yeah.
I
didn't
see
anything
that
was
super
helpful.
I
was
hoping
they
had
already
just
sort
of
solved
this
problem,
but
I
think
it's
some
indication
that
the
local
network
part
is
not
necessarily
what
people
are
worried
about
at
least
right
now,
although
I'm
not
sure
it's
what
they
shouldn't
it's
a
thing
they
shouldn't
be
worried
about,
but
in
terms
of
browser
security
and
the
feedback
that
people
have
gotten
yet
yeah.
A
I
feel
like
there's
a
there's,
a
sort
of
big
gap
here,
where
nobody
really
has
a
great
understanding
of
what
what's
necessary
to
actually
achieve,
and
so
there's
a.
A
So
far,
I
think
it's
been
driven
more
by
responses
to
to
abuses,
but
we're
seeing
people
push
back
on
things
that
open
up
just
new
information.
That's
exposed,
because
every
new
piece
of
information
that's
exposed
has
some
kind
of
fingerprinting
at
least
and
maybe
starts
to
to
present
new
threat
models
that
we
don't
know
what
they
are,
and
so
in
that
sense
it
just
sort
of
continues
raising
the
bar
for
for
what
all
needs
to
happen
in
terms
of
answering
all
the
security
questions.
A
So
the
yeah
I
I
didn't
feel
like
it
ended
up
being
as
useful
as
I
was
hoping,
I'm
not
sure
it
was
useless,
but
but
I
I
don't,
I
don't
think
I
walked
away
with
like
follow-up
actions
on
this.
Okay,
so
yeah.
A
Yeah
good
question,
though
I
I
did
meet
with
them.
I
went
to
their
session
and
some
of
the
some
of
the
people
that
were
there
came
to
my
session,
but
I
think
we're
were
not
really
looking
at
the
same
problem.
A
On
some
of
the
privacy
considerations,
so
it
might
be
good
to
see
what
they
land
on
to
keep
an
eye
on
that
you
know
and
whether
it's
a
problem
for
them
in
the
course
of
time,
but
and
it
might
inform
our
our
later
security
considerations,
I
think,
but
I
don't
really
know
what
to
do
with
it
beyond
that
right
now:
okay,.
A
All
right,
then,
thank
you
very
much
and
I
think
we'll
wrap
it
up.
A
few
minutes
early.