[{"author": "Martin Thomson", "text": "it might be OK now
", "time": "2022-03-22T13:29:57Z"}, {"author": "dkg", "text": "i'm hearing richard just fine
", "time": "2022-03-22T13:30:00Z"}, {"author": "Martin Thomson", "text": "perfect
", "time": "2022-03-22T13:30:07Z"}, {"author": "dkg", "text": "you fixed it!
", "time": "2022-03-22T13:30:14Z"}, {"author": "Andrew Campling", "text": "That\u2019s better in the room too
", "time": "2022-03-22T13:30:20Z"}, {"author": "Eric Rescorla", "text": "It's bad again Barnes
", "time": "2022-03-22T13:31:06Z"}, {"author": "Martin Thomson", "text": "yep, getting some chop again
", "time": "2022-03-22T13:31:15Z"}, {"author": "Martin Thomson", "text": "maybe lose the video
", "time": "2022-03-22T13:31:21Z"}, {"author": "Ira McDonald", "text": "still breakup in richard's audio
", "time": "2022-03-22T13:31:30Z"}, {"author": "dkg", "text": "Barnes we like looking at you but we like hearing you more.
", "time": "2022-03-22T13:31:45Z"}, {"author": "dkg", "text": "please turn off your video
", "time": "2022-03-22T13:31:49Z"}, {"author": "Richard Barnes", "text": "will try switching audio
", "time": "2022-03-22T13:31:58Z"}, {"author": "Richard Barnes", "text": "don't know if it's the Cisco headset or something upstream
", "time": "2022-03-22T13:32:10Z"}, {"author": "Ted Hardie", "text": "Would it be possible to bring draft-campling-ech-deployment-considerations-01
forward by one?
", "time": "2022-03-22T13:32:56Z"}, {"author": "Sean Turner", "text": "Joe is going to present ;)
", "time": "2022-03-22T13:33:06Z"}, {"author": "Ted Hardie", "text": "Actually, if those are smaller than 15 minutes, then ignore that request.
", "time": "2022-03-22T13:33:20Z"}, {"author": "Sean Turner", "text": "syslog ought to be fast
", "time": "2022-03-22T13:34:04Z"}, {"author": "Eric Rescorla", "text": "\"Keys Should Be Consistent\". WGLC
", "time": "2022-03-22T13:34:09Z"}, {"author": "Richard Barnes", "text": "Meetecho folks: are we supposed to get a speaker view?
", "time": "2022-03-22T13:34:36Z"}, {"author": "Richard Barnes", "text": "ah, there we go
", "time": "2022-03-22T13:34:43Z"}, {"author": "Meetecho", "text": "Here it is
", "time": "2022-03-22T13:34:45Z"}, {"author": "Richard Barnes", "text": "thanks
", "time": "2022-03-22T13:34:50Z"}, {"author": "Sean Turner", "text": "seems like we ought to do some maintenance ;)
", "time": "2022-03-22T13:35:40Z"}, {"author": "cabo", "text": "There should be a \"MTI registry\" that contains all drafts that need their MTI recommendations revisited every 5 years or so.
", "time": "2022-03-22T13:36:36Z"}, {"author": "Chris Inacio", "text": "let's do a WG, maybe call it CURDLE
", "time": "2022-03-22T13:36:53Z"}, {"author": "Martin Thomson", "text": "is UTA still taking this sort of work on?
", "time": "2022-03-22T13:36:55Z"}, {"author": "Ted Hardie", "text": "Ad sponsor?
", "time": "2022-03-22T13:36:58Z"}, {"author": "Russ Housley", "text": "AD sponsor seems right
", "time": "2022-03-22T13:37:08Z"}, {"author": "Sean Turner", "text": "It is super simple ;)
", "time": "2022-03-22T13:37:11Z"}, {"author": "Martin Thomson", "text": "do you have a story for 0-RTT?
", "time": "2022-03-22T13:37:23Z"}, {"author": "sftcd-x", "text": "other than the 0rtt bit AD sponsor seems right (and would still be if the 0rtt stuff is easy, not sure)
", "time": "2022-03-22T13:37:30Z"}, {"author": "Sean Turner", "text": "@MT not yet - it's a TBD
", "time": "2022-03-22T13:37:33Z"}, {"author": "Rich Salz", "text": "UTA
", "time": "2022-03-22T13:37:47Z"}, {"author": "sftcd-x", "text": "UTA if any WG, yeah
", "time": "2022-03-22T13:37:57Z"}, {"author": "Martin Thomson", "text": "I don't know syslog, what does a server do with the logs?
", "time": "2022-03-22T13:38:07Z"}, {"author": "Yaron Sheffer", "text": "@Sean please try to have it in line with RFC7525bis (now past WGLC).
", "time": "2022-03-22T13:38:07Z"}, {"author": "Roman Danyliw", "text": "I didn't catch it. Which WG is ekr say?
", "time": "2022-03-22T13:38:08Z"}, {"author": "dkg", "text": "UTA or OPSWG sound fine to me
", "time": "2022-03-22T13:38:13Z"}, {"author": "dkg", "text": "Roman Danyliw: ekr says UTA
", "time": "2022-03-22T13:38:23Z"}, {"author": "Rich Salz", "text": "EKR said UTA
", "time": "2022-03-22T13:38:24Z"}, {"author": "sftcd-x", "text": "@MT: usually everyone ignores logs:-)
", "time": "2022-03-22T13:38:31Z"}, {"author": "Eric Rescorla", "text": "Sorry, I don't think TLS.
", "time": "2022-03-22T13:38:32Z"}, {"author": "Roman Danyliw", "text": "Thanks.
", "time": "2022-03-22T13:38:33Z"}, {"author": "mcr", "text": "ISE is not possible because you can't update a std-track document that way.
", "time": "2022-03-22T13:38:40Z"}, {"author": "Roman Danyliw", "text": "I'm hearing UTA or OPSWG.
", "time": "2022-03-22T13:38:46Z"}, {"author": "Eric Rescorla", "text": "Also it's just bad form
", "time": "2022-03-22T13:38:51Z"}, {"author": "Roman Danyliw", "text": "If WG is the way
", "time": "2022-03-22T13:38:53Z"}, {"author": "Martin Thomson", "text": "sftcd-x: yes, but when you need 'em...
", "time": "2022-03-22T13:38:55Z"}, {"author": "Eric Rescorla", "text": "This is the way
", "time": "2022-03-22T13:38:58Z"}, {"author": "mcr", "text": "UTA is a better choice than OPSAWG.
", "time": "2022-03-22T13:39:03Z"}, {"author": "mcr", "text": "OPSAWG is too bogged down with xxxVPN stuff.
", "time": "2022-03-22T13:39:22Z"}, {"author": "Martin Thomson", "text": "Richard: audio is good now
", "time": "2022-03-22T13:39:28Z"}, {"author": "Sean Turner", "text": "Happy with UTA - thanks!
", "time": "2022-03-22T13:39:30Z"}, {"author": "Ira McDonald", "text": "+1 Rich - UTA makes sense
", "time": "2022-03-22T13:39:36Z"}, {"author": "David Schinazi", "text": "+1 to UTA
", "time": "2022-03-22T13:39:41Z"}, {"author": "Richard Barnes", "text": "@mt AirPods FTW
", "time": "2022-03-22T13:39:44Z"}, {"author": "cabo", "text": "Rather narrow view
", "time": "2022-03-22T13:39:54Z"}, {"author": "Martin Thomson", "text": "aspect ratio mixup?
", "time": "2022-03-22T13:40:05Z"}, {"author": "David Schinazi", "text": "Slides look weird in the room too
", "time": "2022-03-22T13:40:11Z"}, {"author": "Martin Thomson", "text": "9:16 rather than 16:9
", "time": "2022-03-22T13:40:19Z"}, {"author": "Steffen Fries", "text": "Thank you Joe for taking up that issue
", "time": "2022-03-22T13:40:34Z"}, {"author": "dkg", "text": "Meetecho: slides are in a weird orientation
", "time": "2022-03-22T13:40:37Z"}, {"author": "sftcd-x", "text": "the meetecho gods jumped in before even being asked
", "time": "2022-03-22T13:41:01Z"}, {"author": "Ted Hardie", "text": "I'm preemptively arguing for AD sponsorship for this one as well.
", "time": "2022-03-22T13:41:10Z"}, {"author": "dkg", "text": "gone now, but the slides coming from Mohit were rendered as though in portrait mode, with the left and right sides cropped off.
", "time": "2022-03-22T13:41:35Z"}, {"author": "Ted Hardie", "text": "IANA registry requirements do not need a BoF, at least in my humble opinion.
", "time": "2022-03-22T13:41:39Z"}, {"author": "cabo", "text": "Rather wide view :-)
", "time": "2022-03-22T13:41:45Z"}, {"author": "Sean Turner", "text": "cutting the problem a different way :)
", "time": "2022-03-22T13:41:50Z"}, {"author": "Rich Salz", "text": "LOL
", "time": "2022-03-22T13:42:01Z"}, {"author": "Eric Rescorla", "text": "+1
", "time": "2022-03-22T13:42:41Z"}, {"author": "Richard Barnes", "text": "TIL IANA manages SSH parameters
", "time": "2022-03-22T13:42:52Z"}, {"author": "sftcd-x", "text": "AD sponsor seems fine for this yeah
", "time": "2022-03-22T13:43:00Z"}, {"author": "Rich Salz", "text": "+1 for AD
", "time": "2022-03-22T13:43:10Z"}, {"author": "Martin Thomson", "text": "that is a LOT of registries
", "time": "2022-03-22T13:43:11Z"}, {"author": "Martin Thomson", "text": "AD sponsor seems right
", "time": "2022-03-22T13:43:18Z"}, {"author": "Sean Turner", "text": "It is a lot of regs
", "time": "2022-03-22T13:43:22Z"}, {"author": "David Schinazi", "text": "+1 to AD
", "time": "2022-03-22T13:43:33Z"}, {"author": "Sean Turner", "text": "I tend to agree with AD sponsor (I am biased though that I probably brought this up)
", "time": "2022-03-22T13:43:41Z"}, {"author": "Sean Turner", "text": "It seems to be the way the regs are going
", "time": "2022-03-22T13:44:03Z"}, {"author": "Richard Barnes", "text": "Dispatched!
", "time": "2022-03-22T13:44:09Z"}, {"author": "Richard Barnes", "text": "Next!
", "time": "2022-03-22T13:44:15Z"}, {"author": "Rich Salz", "text": "get yer popcorn
", "time": "2022-03-22T13:44:35Z"}, {"author": "Brendan Moran", "text": ":sweat_smile:
", "time": "2022-03-22T13:44:53Z"}, {"author": "sftcd-x", "text": "that's a new definition of new input I think
", "time": "2022-03-22T13:45:26Z"}, {"author": "Eric Rescorla", "text": "To the best of my knowledge this is not new input.
", "time": "2022-03-22T13:45:28Z"}, {"author": "Ted Hardie", "text": "Yeah, so this argues that RFC 8744 didn't consider these. It did, but described these in terms of adversarial action. So, if they want to update RFc 8744, I would argue it has to go to TLS. Where I expect it to be received rather poorly, but still.
", "time": "2022-03-22T13:46:20Z"}, {"author": "Rich Salz", "text": "\"rather poorly\"
", "time": "2022-03-22T13:46:42Z"}, {"author": "Robin Wilton", "text": "It's a misstatement to say that outcome is loss of visibility of SNI data.
", "time": "2022-03-22T13:46:57Z"}, {"author": "Ted Hardie", "text": "\"quickly\" would also work.
", "time": "2022-03-22T13:46:58Z"}, {"author": "Brendan Moran", "text": "It strikes me that RFC8890 is clear on this...
", "time": "2022-03-22T13:47:30Z"}, {"author": "Antoine Delignat-Lavaud", "text": "\"data encapsulated by ECH is of legitimate interest to on-path actors\"? is it really?
", "time": "2022-03-22T13:47:56Z"}, {"author": "svaldez@jabber.hot-chilli.net/barnowl", "text": "Misread \"on-path security actors\" as \"on-path security attackers\". >_<
", "time": "2022-03-22T13:48:03Z"}, {"author": "Robin Wilton", "text": "No. Not \"on path\"...
", "time": "2022-03-22T13:48:11Z"}, {"author": "Eric Rescorla", "text": "Well, that is in fact the point
", "time": "2022-03-22T13:48:12Z"}, {"author": "Richard Barnes", "text": "svaldez: \"Misread\"?
", "time": "2022-03-22T13:48:22Z"}, {"author": "dkg", "text": "svaldez yeah, they're kind of indistinguishable
", "time": "2022-03-22T13:48:23Z"}, {"author": "Rich Salz", "text": "@valdez: !!
", "time": "2022-03-22T13:48:27Z"}, {"author": "Robin Wilton", "text": "If there's a legitimate access interest, it is off-path. (IMO)
", "time": "2022-03-22T13:48:47Z"}, {"author": "Rich Salz", "text": "oh, that \"THEY\" is really important.
", "time": "2022-03-22T13:48:56Z"}, {"author": "Eric Orth", "text": "In my opinion, if not authorized by the owner/admin of the client machine, it is not \"legitimate\" interest.
", "time": "2022-03-22T13:48:58Z"}, {"author": "sftcd-x", "text": "\"legitimate interest\" seems to be a buzzword for \"I'm gonna ignore all your GDPR crap and try get away with it\" - probably an at least unwise choice of term
", "time": "2022-03-22T13:49:05Z"}, {"author": "Antoine Delignat-Lavaud", "text": "I also think \"security actor\" == attacker
", "time": "2022-03-22T13:49:18Z"}, {"author": "dkg", "text": "\"legitimate interest\" is definitely a problematic turn of phrase
", "time": "2022-03-22T13:49:46Z"}, {"author": "Ted Hardie", "text": "I picture the security actors guild meetings as very different from the screen actors guild.
", "time": "2022-03-22T13:49:59Z"}, {"author": "dkg", "text": "ha ha
", "time": "2022-03-22T13:50:13Z"}, {"author": "Robin Wilton", "text": "+1 Eric (apologies if I was making the word \"if\" do some heavy lifting, there).
", "time": "2022-03-22T13:50:28Z"}, {"author": "Rich Salz", "text": "I am sure that \"legitimate interest\" was deliberately chosen.
", "time": "2022-03-22T13:50:35Z"}, {"author": "Jim Fenton", "text": "School environment == \"think of the children!\"
", "time": "2022-03-22T13:50:35Z"}, {"author": "Kathleen Moriarty", "text": "It would help if alternate solutions to detect and prevent malware from executing were further along and scaled for the use cases he is discussing.
", "time": "2022-03-22T13:51:13Z"}, {"author": "Brendan Moran", "text": "If they're going to apply those restrictions, they can do them in the application instead of weakening the protocol.
", "time": "2022-03-22T13:51:19Z"}, {"author": "Ira McDonald", "text": "+1 Brendan
", "time": "2022-03-22T13:51:38Z"}, {"author": "sftcd-x", "text": "@kathleen: it would help if people worked on that yes, rather than do things like this draft (IMO:-)
", "time": "2022-03-22T13:51:46Z"}, {"author": "Robin Wilton", "text": "@Kathleen But the slide deck says that Tor is a better protective approach...
", "time": "2022-03-22T13:51:49Z"}, {"author": "Robin Wilton", "text": "(See the Summary slide)
", "time": "2022-03-22T13:52:03Z"}, {"author": "ekr@jabber.org", "text": "So in this case \"unanticipated\" refers to what the designers of SNI anticipated
", "time": "2022-03-22T13:52:13Z"}, {"author": "Kathleen Moriarty", "text": "For the US State, Local, Tribal, and Territorial organizations, they rely on DNS screening, but DoH to hard coded servers evades the screening protections.
", "time": "2022-03-22T13:52:18Z"}, {"author": "Brendan Moran", "text": "If the goal is content filtering, then what's needed is a content filtering browser.
", "time": "2022-03-22T13:52:41Z"}, {"author": "ekr@jabber.org", "text": "It's important to recognize that this is applies exclusively to the setting in which the network operator does not have effective control of the device
", "time": "2022-03-22T13:52:58Z"}, {"author": "Ted Hardie", "text": "Presumably any connection to hard coded servers evades them as well?
", "time": "2022-03-22T13:53:04Z"}, {"author": "Kathleen Moriarty", "text": "His intent with Tor (and VPNs) is that they are used by those avoiding cencorship
", "time": "2022-03-22T13:53:08Z"}, {"author": "Jim Fenton", "text": "Requiring schools to do content filtering is easier than teaching kids to use the internet responsibly.
", "time": "2022-03-22T13:53:20Z"}, {"author": "dkg", "text": "avoiding censorship == avoiding content filtering
", "time": "2022-03-22T13:53:23Z"}, {"author": "ekr@jabber.org", "text": "A setting in which the network operator is indistinguishable from an on-path attacker
", "time": "2022-03-22T13:53:23Z"}, {"author": "Yoav Nir", "text": "Yes if you need to filter/snoop abandon BYOD. Otherwise every device has to be compromised.
", "time": "2022-03-22T13:53:25Z"}, {"author": "dkg", "text": "Jim++
", "time": "2022-03-22T13:53:32Z"}, {"author": "Brendan Moran", "text": "If you have no control over the device, then you can't control what they access.
", "time": "2022-03-22T13:53:51Z"}, {"author": "Kathleen Moriarty", "text": "Ted - but regular DNS goes through the host and is usually done via a server programmed be it hard coded or DHCP
", "time": "2022-03-22T13:53:54Z"}, {"author": "Rich Salz", "text": "So maybe this is really 8744bis ?
", "time": "2022-03-22T13:54:01Z"}, {"author": "dkg", "text": "those school content-filtering policies are counterproductive from any reasonable educational perspective
", "time": "2022-03-22T13:54:04Z"}, {"author": "Martin Thomson", "text": "here, they just insist on installing software in endpoints before they open the firewall
", "time": "2022-03-22T13:54:07Z"}, {"author": "ekr@jabber.org", "text": "I'm not sure where the claim that ECH cannot be disabled comes from
", "time": "2022-03-22T13:54:26Z"}, {"author": "sftcd-x", "text": "in schools in Ireland, kids will use their phones
", "time": "2022-03-22T13:54:41Z"}, {"author": "ekr@jabber.org", "text": "Firefox, at least, has not decided on what configuration settings we intend to be available
", "time": "2022-03-22T13:54:50Z"}, {"author": "Jim Fenton", "text": "Stephen +1 lots of other places too
", "time": "2022-03-22T13:55:05Z"}, {"author": "Brendan Moran", "text": "+1 Martin
", "time": "2022-03-22T13:55:09Z"}, {"author": "ekr@jabber.org", "text": "But at present, it is tied to DoH and you can disable DoH
", "time": "2022-03-22T13:55:11Z"}, {"author": "Ira McDonald", "text": "in schools around the world, kids use their cell phones (in preference to laptops)
", "time": "2022-03-22T13:55:25Z"}, {"author": "Kathleen Moriarty", "text": "Jim - and when sites are compromised or a user clicks on a link, we're supposed to chase down the infections and remediate? It's a big burden at the moment.
", "time": "2022-03-22T13:55:25Z"}, {"author": "Rich Salz", "text": "I imagine a future where instead of passing naughty magazines, kids on the playground pass around base64 SVCB records.
", "time": "2022-03-22T13:55:50Z"}, {"author": "c.amsuess", "text": "Have people looked into whether only letting devices in the network that self-advertise as \"yes I can apply the filter rules you demand locally\"?
", "time": "2022-03-22T13:55:55Z"}, {"author": "c.amsuess", "text": "Doesn't necessarily need to be a trustworthy statement, but the filtering requirements might thus be addressed.
", "time": "2022-03-22T13:56:23Z"}, {"author": "Martin Thomson", "text": "the implicit assumption here is that a bad actor won't be able to avoid detection by the security appliance; something that needs to be established
", "time": "2022-03-22T13:56:24Z"}, {"author": "Jim Fenton", "text": "Kathleen infections will just happen from places that aren't content filtered anyway. Also a problem that's not unique to schools.
", "time": "2022-03-22T13:56:24Z"}, {"author": "Ted Hardie", "text": "Yeah, you have to kill hotspots as well to avoid that.
", "time": "2022-03-22T13:56:50Z"}, {"author": "dkg", "text": "Kathleen: yes, maintaining school infrastructure does indeed requiring chasing down and remediating broken or compromised machines
", "time": "2022-03-22T13:57:00Z"}, {"author": "Brendan Moran", "text": "I mean, MASQUE is specifically designed to work around this.
", "time": "2022-03-22T13:57:08Z"}, {"author": "c.amsuess", "text": "(Someone really wanting to get around the filtering will do that either way, can just as well take their word for it, and off-the-shelf browsers might still do that unless built to lie).
", "time": "2022-03-22T13:57:09Z"}, {"author": "Richard Barnes", "text": "periodic reminder that if your malware detection depends on SNI, you have already lost
", "time": "2022-03-22T13:57:13Z"}, {"author": "Paul Wouters", "text": "i guess schools need BeyondCorp ? :)
", "time": "2022-03-22T13:57:22Z"}, {"author": "Tirumaleswar Reddy.K", "text": "SNI is not sufficient, I have sees malware about SNI.
", "time": "2022-03-22T13:57:24Z"}, {"author": "c.amsuess", "text": "Richard: +1
", "time": "2022-03-22T13:57:26Z"}, {"author": "Tommy Pauly", "text": "+1 richard
", "time": "2022-03-22T13:57:27Z"}, {"author": "dkg", "text": "been there, done that, yes, it's a burden, but there are many burdens involved with operating a school.
", "time": "2022-03-22T13:57:45Z"}, {"author": "Jim Fenton", "text": "Richard +1
", "time": "2022-03-22T13:57:48Z"}, {"author": "Richard Barnes", "text": "\"Of course this criminal organization wouldn't lie about what server they're connecting to!\"
", "time": "2022-03-22T13:57:53Z"}, {"author": "Rich Salz", "text": "the scare quotes around dissidents, especially with the world today, is offensive
", "time": "2022-03-22T13:58:01Z"}, {"author": "Ted Hardie", "text": "Actual effect: man in hat dresses up as a checkmark.
", "time": "2022-03-22T13:58:21Z"}, {"author": "Ira McDonald", "text": "+1 Richard
", "time": "2022-03-22T13:58:22Z"}, {"author": "Paul Wouters", "text": "rich salz: I agree
", "time": "2022-03-22T13:58:23Z"}, {"author": "Robin Wilton", "text": "This slide presents a false dichotomy. That \"good actor\" should not be attempting to access the secure link.
", "time": "2022-03-22T13:58:30Z"}, {"author": "Jim Fenton", "text": "Rich indeed
", "time": "2022-03-22T13:58:35Z"}, {"author": "c.amsuess", "text": "yes
", "time": "2022-03-22T13:58:36Z"}, {"author": "Kathleen Moriarty", "text": "The alternate solutions are not developed enough, cost effective, or scale for the numerous organizations that lack resources.
", "time": "2022-03-22T13:58:44Z"}, {"author": "Brendan Moran", "text": "@Robin All the +'s
", "time": "2022-03-22T13:58:48Z"}, {"author": "sftcd-x", "text": "@rich: yep, I'd have thought current events would've gotten rid of those scare quotes and the use of that term in these arguments
", "time": "2022-03-22T13:58:48Z"}, {"author": "dkg", "text": "\"dissidents\" is in quotes because andrew is acknowledging that schoolchildren are indeed often dissidents, and rightly so.
", "time": "2022-03-22T13:58:53Z"}, {"author": "c.amsuess", "text": "Then maybe those who want to apply filters should spend money to develop the alternative solutions.
", "time": "2022-03-22T13:59:19Z"}, {"author": "Christopher Wood", "text": "@Kathleen that seems like a problem for alternative solutions to solve, not a reason to slow or impede ECH, no?
", "time": "2022-03-22T13:59:21Z"}, {"author": "Robin Wilton", "text": "IMO it's inappropriate to propose that this solution isn't needed because \"dissidents can just choose another tool\".
", "time": "2022-03-22T13:59:25Z"}, {"author": "Kathleen Moriarty", "text": "I'm not advocating for SNI, but the underserved and under resourced in the US rely on DNS, expect when evaded by DoH or home devices not using the DNS servers that perform screening. Intrusions and them impact are a real concern.
", "time": "2022-03-22T14:00:03Z"}, {"author": "Ted Hardie", "text": "Nice mix of offsite and onsite comments in the queue.
", "time": "2022-03-22T14:00:54Z"}, {"author": "Kathleen Moriarty", "text": "@Chris, yes. Certificates were used prior to TLSv1.3 as a more reliable inspection point. This is a problem that needs to be solved at scale as the impact is very real.
", "time": "2022-03-22T14:00:55Z"}, {"author": "David Benjamin", "text": "I've heard the claim that folks are blocking TLS 1.3 before. I don't think this is true, at least in non-terminating proxy cases. That would have caused a significant chunk of websites to stop working at this point.
", "time": "2022-03-22T14:00:56Z"}, {"author": "Britta Hale", "text": "@Kathleen: That is an argument for holding back security for what are essentially legacy cases though...
", "time": "2022-03-22T14:01:15Z"}, {"author": "Richard Barnes", "text": "Folks: Please remember to focus on the DISPATCH outcomes
", "time": "2022-03-22T14:01:23Z"}, {"author": "Christopher Wood", "text": "@Kathless so might I suggest folks try to solve that problem -- as Mark Nottingham pointed out in his message - - rather than impede progress?
", "time": "2022-03-22T14:01:40Z"}, {"author": "Sean Turner", "text": "+1 to Richard
", "time": "2022-03-22T14:01:42Z"}, {"author": "Christopher Wood", "text": "Kathleen*
", "time": "2022-03-22T14:01:58Z"}, {"author": "Martin Thomson", "text": "I think that the contributions are working to the \"don't do this\" answer.
", "time": "2022-03-22T14:02:10Z"}, {"author": "Mike Ounsworth", "text": "I\u2019m a newcomer to this space. Does \u201cIf you want to be on my network, then you need to install my root cert\u201d allow for the correct types of inspection?
", "time": "2022-03-22T14:03:16Z"}, {"author": "Chris Inacio", "text": "breaking up here, anyone else?
", "time": "2022-03-22T14:03:26Z"}, {"author": "dkg", "text": "audio is pretty choppy, Tommy
", "time": "2022-03-22T14:03:27Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "MikeO: yes
", "time": "2022-03-22T14:03:28Z"}, {"author": "Bob Moskowitz", "text": "This goes back to Memphis IETF with the push to put filtering data in front of the ESP wrapper. there is this always tension between need to protect and need to filter.
", "time": "2022-03-22T14:03:30Z"}, {"author": "Chris Inacio", "text": "Oh's Tommy's back
", "time": "2022-03-22T14:03:32Z"}, {"author": "Brendan Moran", "text": "@mike that's reasonable, yes
", "time": "2022-03-22T14:03:32Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "choppy here as well
", "time": "2022-03-22T14:03:33Z"}, {"author": "Richard Barnes", "text": "MikeO: yes
", "time": "2022-03-22T14:03:34Z"}, {"author": "Rich Salz", "text": "@Mike: and of course it lets a lot more happen, like site impersonation
", "time": "2022-03-22T14:03:50Z"}, {"author": "sftcd-x", "text": "@mikeO: not quite yes - what's \"correct\" can often be contentious
", "time": "2022-03-22T14:03:53Z"}, {"author": "Eric Kinnear", "text": "I'm not seeing data showing significant blocking of TLS 1.3 either, would be interested to hear more about it if that exists
", "time": "2022-03-22T14:04:27Z"}, {"author": "Sean Turner", "text": "@Eric I mean the news two years ago the great big firewall was blocking 1.e entirely
", "time": "2022-03-22T14:05:02Z"}, {"author": "Richard Barnes", "text": "about to close the queue, please get in if you want to
", "time": "2022-03-22T14:05:03Z"}, {"author": "Eric Kinnear", "text": "(Sure, thinking about deployed versions today, but fair enough)
", "time": "2022-03-22T14:05:34Z"}, {"author": "sftcd-x", "text": "ted's right there IMO, ISTM using a dispatch process to try overturn existing IETF consensus isn't a good process-plan
", "time": "2022-03-22T14:05:37Z"}, {"author": "Mike Ounsworth", "text": "@Rich yeah I was wondering if root cert still does not meet Mark Nottingham's \"targeted data collection\" objective.
", "time": "2022-03-22T14:05:41Z"}, {"author": "Cullen Jennings", "text": "+1 Ted on this was discussed perviously
", "time": "2022-03-22T14:06:08Z"}, {"author": "Mike Ounsworth", "text": "Still, in a corp or school network, there really should not be as assumption of any privacy anyway ...
", "time": "2022-03-22T14:06:22Z"}, {"author": "sftcd-x", "text": "nice typo fluffy
", "time": "2022-03-22T14:06:23Z"}, {"author": "Rich Salz", "text": "Agree with Ted.
", "time": "2022-03-22T14:06:34Z"}, {"author": "Martin Thomson", "text": "Ted nailed it.
", "time": "2022-03-22T14:06:40Z"}, {"author": "Sean Turner", "text": "We've been talking about ESNI/ECH for a 10 years
", "time": "2022-03-22T14:06:49Z"}, {"author": "Rich Salz", "text": "Took myself off the queue
", "time": "2022-03-22T14:06:49Z"}, {"author": "Samuel Weiler", "text": "In 2014, the IETF declared pervasive monitoring to be an attack. This draft doesn't persuade me that we should revise that conclusion.
", "time": "2022-03-22T14:06:53Z"}, {"author": "Cullen Jennings", "text": "oops :-) I'll use the great edit feature to fix that
", "time": "2022-03-22T14:07:03Z"}, {"author": "Rich Salz", "text": "Sounds like a great commercial opportunity. Up with capitalism.
", "time": "2022-03-22T14:07:41Z"}, {"author": "Jim Fenton", "text": "There are service providers available to help the under-resourced.
", "time": "2022-03-22T14:07:41Z"}, {"author": "mcr", "text": "Kathleen, you need to get into the endpoints: for you, that means you need to do this via SOCKS.
", "time": "2022-03-22T14:07:57Z"}, {"author": "Richard Barnes", "text": "from the 8890 perspective, the argument here appears to be \"the end users don't know what's best for them\"
", "time": "2022-03-22T14:08:07Z"}, {"author": "Martin Thomson", "text": "I wish people would stop conflating DoH with resolver selection.
", "time": "2022-03-22T14:08:08Z"}, {"author": "Martin Thomson", "text": "If you are using DNS for this stuff, then it will be imperfect, but you can continue to do that.
", "time": "2022-03-22T14:08:35Z"}, {"author": "Eric Orth", "text": "MT: DoH is at least relevant though in cases where networks are otherwise relying on interception of DNS to any DNS server.
", "time": "2022-03-22T14:08:46Z"}, {"author": "mcr", "text": "You'll have to get into the crypto by not allowing end2end crypto.
", "time": "2022-03-22T14:08:47Z"}, {"author": "jhoyla", "text": "@Richard Barnes_web_534 with children that is explicitly true
", "time": "2022-03-22T14:08:53Z"}, {"author": "Antoine Delignat-Lavaud", "text": "+1 Martin. DNS based filtering is the correct answer to move filtering out of the TLS threat model
", "time": "2022-03-22T14:08:58Z"}, {"author": "Martin Thomson", "text": "Antoine, I'm not suggesting that DNS-based filtering is a good answer, but if it is the answer you have right now, you can continue to use it.
", "time": "2022-03-22T14:09:29Z"}, {"author": "Brendan Moran", "text": "@Antoine: how do you work around DoH?
", "time": "2022-03-22T14:09:34Z"}, {"author": "Tommy Pauly", "text": "Let's talk about the right way to solve the problem with better mechanisms for networks to tell endpoints what their contract for access is, not trying to compromise the security of protocols
", "time": "2022-03-22T14:09:52Z"}, {"author": "Brendan Moran", "text": "@Tommy +1
", "time": "2022-03-22T14:10:03Z"}, {"author": "Christopher Wood", "text": "+1 Tommy
", "time": "2022-03-22T14:10:06Z"}, {"author": "Britta Hale", "text": "This sounds like more of a research problem than a standardization problem.
", "time": "2022-03-22T14:10:22Z"}, {"author": "Ted Hardie", "text": "this is not the voice of the user; this is the voice of the network operator. They are not the same, especially in the cases like schools.
", "time": "2022-03-22T14:10:23Z"}, {"author": "sftcd-x", "text": "@tommy: not sure that's solveable
", "time": "2022-03-22T14:10:25Z"}, {"author": "Rich Salz", "text": "+1 Ted
", "time": "2022-03-22T14:10:35Z"}, {"author": "Brendan Moran", "text": "+1 Ted
", "time": "2022-03-22T14:10:46Z"}, {"author": "sftcd-x", "text": "is that a hybrid-ivory-tower?
", "time": "2022-03-22T14:11:11Z"}, {"author": "Martin Thomson", "text": "I'm curious as to what we might do differently, concretely.
", "time": "2022-03-22T14:12:02Z"}, {"author": "Rich Salz", "text": "\"doesn't weaken their security\" ARGH I hate politics
", "time": "2022-03-22T14:12:09Z"}, {"author": "Eric Orth", "text": "I think everybody developing ECH is aware of (and generally accepting of) these concerns. So who is the target audience if this stuff were documented in an RFC?
", "time": "2022-03-22T14:13:11Z"}, {"author": "Bob Moskowitz", "text": "Network filters are by definition an on-path attacker.
", "time": "2022-03-22T14:15:03Z"}, {"author": "sftcd-x", "text": "I don't think this draft ought be brought to TLS
", "time": "2022-03-22T14:15:05Z"}, {"author": "dkg", "text": "i'm concerned that \"tell endpoints what their contract for access is\" leads toward \"identify yourself with your govt ID in order to connect to the internet\"
", "time": "2022-03-22T14:15:09Z"}, {"author": "David Benjamin", "text": "Chrome also has not made any decisions here.
", "time": "2022-03-22T14:15:39Z"}, {"author": "Phillip Hallam-Baker", "text": "If there is a problem here, and that is an if, it is that there is a need to support 'networks' that are not public networks. That is closed networks that are for use inside schools or inside an enterprise where acceptance of a set of rules is necessary to gain access.
", "time": "2022-03-22T14:16:44Z"}, {"author": "Brendan Moran", "text": "@dkg Seems like a reasonable concern, but at the same time, there are enterprises that deliberately break TLS on the fly...
", "time": "2022-03-22T14:16:57Z"}, {"author": "Jim Fenton", "text": "\"tell endpoints what their contract for access is\" sounds like \"read our 100 page terms and conditions on your phone\" unfortunately.
", "time": "2022-03-22T14:17:01Z"}, {"author": "Phillip Hallam-Baker", "text": "I am entirely unsympathetic to the UK government concerns which are likely behind this draft.
", "time": "2022-03-22T14:17:11Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "It seems that there are a number of cases of things fighting the
previous war. That may actually work 90+% of the time, but it won't
work against intelligent dediated attackers
", "time": "2022-03-22T14:17:24Z"}, {"author": "Phillip Hallam-Baker", "text": "@Jim, except if it is Cisco telling you what you are allowed to do on the Cisco network as a Cisco employee
", "time": "2022-03-22T14:18:02Z"}, {"author": "Lucas Pardue", "text": "on-psth SNI inspection can't accomodate coalescing, that ship sailed in 2015
", "time": "2022-03-22T14:18:05Z"}, {"author": "Richard Barnes", "text": "good point re coalescing @jhoyla
", "time": "2022-03-22T14:18:37Z"}, {"author": "Martin Thomson", "text": "the goal should be to improve technical capabilities to the dkg level, not reduce it
", "time": "2022-03-22T14:18:39Z"}, {"author": "Phillip Hallam-Baker", "text": "I don't see where schools come into it. the kids have phones, the phones connect to the broadband carriers. The availability of school WiFi is besides the point.
", "time": "2022-03-22T14:19:04Z"}, {"author": "Martin Thomson", "text": "maybe that's unattainable, but we should all aspire to be as good as dkg
", "time": "2022-03-22T14:19:09Z"}, {"author": "Jim Fenton", "text": "@phb I was thinking more of the networks you connect to occasionally, e.g., coffee shops and hotels
", "time": "2022-03-22T14:19:09Z"}, {"author": "Samuel Weiler", "text": "If it weren't too early for popcorn, I might be more patient with the amount of time we're allowing for this.
", "time": "2022-03-22T14:19:11Z"}, {"author": "Kathleen Moriarty", "text": "@mcr - at the endpoint is very difficult, costs and management requirements are the problem for the user base. I am not arguing for SNI - just for solutions that scale in terms of management. We already have a 3.5 million person security profession deficit and I listen to organizations tell me that if lucky, they can hire a high school student to do their security. Scale for security management is a very big problem.
", "time": "2022-03-22T14:19:19Z"}, {"author": "Phillip Hallam-Baker", "text": "@Jim, I am not sympathetic to their 'need' to filter.
", "time": "2022-03-22T14:19:38Z"}, {"author": "Jim Fenton", "text": "@phb me either
", "time": "2022-03-22T14:19:54Z"}, {"author": "dkg", "text": "Sam: it's never too early for popcorn
", "time": "2022-03-22T14:20:02Z"}, {"author": "ekr@jabber.org", "text": "The point Tiru is making is important. SNI (and even the server cert) are not meaningfully tied to the TLS connection from the perspective of an on-path inspector
", "time": "2022-03-22T14:20:21Z"}, {"author": "Phillip Hallam-Baker", "text": "@Kathleen, I agree that the 'filter traffic to exclude malware' is an important use case
", "time": "2022-03-22T14:20:31Z"}, {"author": "jhoyla", "text": "I accept the argument that children can sometimes be exposed to things unintentionally that are bad for them, I just think that it isn't an IETF problem to solve.
", "time": "2022-03-22T14:20:36Z"}, {"author": "Antoine Delignat-Lavaud", "text": "coalescing is a case where SNI filtering fails \"accidentally\". You can also make it fail deliberately by patching your host file and that works more often than not
", "time": "2022-03-22T14:20:40Z"}, {"author": "Brendan Moran", "text": "I'm curious as to what the goal of filtering in schools on BYOD actually is. Is it to force those who want to look at filtered content onto their mobile data?
", "time": "2022-03-22T14:20:43Z"}, {"author": "dkg", "text": "Brendan: that's the effect of it, yes
", "time": "2022-03-22T14:21:03Z"}, {"author": "Phillip Hallam-Baker", "text": "@Kathleen, I think we need to address that explicitly though. Not just occasionally look at where we might tread on existing hacks
", "time": "2022-03-22T14:21:09Z"}, {"author": "Richard Barnes", "text": "why did they not just call this Binary Transparency?
", "time": "2022-03-22T14:21:24Z"}, {"author": "dkg", "text": "for schools that want to play CYA, but don't have the capacity to address the underlying educational goals.
", "time": "2022-03-22T14:21:29Z"}, {"author": "Richard Barnes", "text": "smaller mouthful
", "time": "2022-03-22T14:21:32Z"}, {"author": "Kathleen Moriarty", "text": "It's more than just schools though. We help lots of organizations hit with ransomeware and filtering protections block many more such problems from occurring.
", "time": "2022-03-22T14:21:36Z"}, {"author": "ekr@jabber.org", "text": "B-SCITT
", "time": "2022-03-22T14:21:36Z"}, {"author": "jhoyla", "text": "@Brendan Moran_web_375 that's the intended effect, it protects the school from legal liability.
", "time": "2022-03-22T14:21:37Z"}, {"author": "Martin Thomson", "text": "Richard, because they want it to be even more generic
", "time": "2022-03-22T14:21:39Z"}, {"author": "Antoine Delignat-Lavaud", "text": "@Richard it is not called binary transparency because it is meant to also address other uses cases beyond software transparency
", "time": "2022-03-22T14:21:54Z"}, {"author": "Martin Thomson", "text": "you need to maintain the temperature of fish apparently
", "time": "2022-03-22T14:21:55Z"}, {"author": "ekr@jabber.org", "text": "I found the fish example a bit jarring in the context of the rest of the document
", "time": "2022-03-22T14:22:14Z"}, {"author": "Antoine Delignat-Lavaud", "text": "fair enough :slightly_smiling_face:
", "time": "2022-03-22T14:22:45Z"}, {"author": "cabo", "text": "Fish in jars can be delicious
", "time": "2022-03-22T14:22:52Z"}, {"author": "jhoyla", "text": "More apropos would be the need to keep vaccines at a consistent temperature.
", "time": "2022-03-22T14:23:07Z"}, {"author": "Lucas Pardue", "text": "or wine
", "time": "2022-03-22T14:23:27Z"}, {"author": "Ira McDonald", "text": "+1 Jonathan
", "time": "2022-03-22T14:23:32Z"}, {"author": "Rich Salz", "text": "And that's a solved problem, right? Special thermometers. The fish thing sounds like \"let's put your lightbulb on the internet\"
", "time": "2022-03-22T14:23:40Z"}, {"author": "Richard Barnes", "text": "@Antoine, that seems challenging given how tied up the security properties are with the deployment properties
", "time": "2022-03-22T14:23:41Z"}, {"author": "Paul Wouters", "text": "(whoever was helping with minuting, thank you!)
", "time": "2022-03-22T14:23:43Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "If your network filtering is forced into using a technique that is
only partially effective, it seems to me that DNS as a more
centralized point is going to be more useful than looking at SNI.
", "time": "2022-03-22T14:24:25Z"}, {"author": "sftcd-x", "text": "feck - all this talk of fish means I'll have to read the draft:-(
", "time": "2022-03-22T14:24:41Z"}, {"author": "Bob Moskowitz", "text": "He is fishing for reviewers?
", "time": "2022-03-22T14:25:04Z"}, {"author": "Deb Cooley", "text": "LOL
", "time": "2022-03-22T14:25:09Z"}, {"author": "Deb Cooley", "text": "@robert green text for you
", "time": "2022-03-22T14:25:53Z"}, {"author": "Deb Cooley", "text": "gag
", "time": "2022-03-22T14:26:25Z"}, {"author": "Rich Salz", "text": "okay, \"fish and chips\" was brilliant
", "time": "2022-03-22T14:26:29Z"}, {"author": "Brendan Moran", "text": ":rolling_on_the_floor_laughing:
", "time": "2022-03-22T14:26:30Z"}, {"author": "ekr@jabber.org", "text": "These supply chain examples for software seem kind of inappropros
", "time": "2022-03-22T14:26:36Z"}, {"author": "Brendan Moran", "text": "That was genius
", "time": "2022-03-22T14:26:38Z"}, {"author": "ekr@jabber.org", "text": "Most of those cases there was no doubt about provenance
", "time": "2022-03-22T14:26:54Z"}, {"author": "sftcd-x", "text": "ok now I've heard the pun I won't read the drafts
", "time": "2022-03-22T14:26:59Z"}, {"author": "Deb Cooley", "text": "Dad jokes.
", "time": "2022-03-22T14:27:00Z"}, {"author": "mcr", "text": "fish... Firmware Integrated Software Hardening = FISH?
", "time": "2022-03-22T14:27:03Z"}, {"author": "ekr@jabber.org", "text": "Or about transpareny
", "time": "2022-03-22T14:27:05Z"}, {"author": "Robin Wilton", "text": "@Deb They're the wurst.
", "time": "2022-03-22T14:27:17Z"}, {"author": "Dave Thaler", "text": "mcr :)
", "time": "2022-03-22T14:27:29Z"}, {"author": "Deb Cooley", "text": "they are!
", "time": "2022-03-22T14:27:33Z"}, {"author": "Brendan Moran", "text": ":clap:
", "time": "2022-03-22T14:27:38Z"}, {"author": "ekr@jabber.org", "text": "why can't the chips that are in the vaccines just monitor the cold chian
", "time": "2022-03-22T14:28:03Z"}, {"author": "Deb Cooley", "text": "that would be brilliant!
", "time": "2022-03-22T14:28:22Z"}, {"author": "Brendan Moran", "text": ":100:
", "time": "2022-03-22T14:28:25Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "They can't get a good signal off with the interference from each other
when tightly packed
", "time": "2022-03-22T14:28:29Z"}, {"author": "Bob Moskowitz", "text": "then he should be using upper case for acronyms.
", "time": "2022-03-22T14:28:30Z"}, {"author": "mcr", "text": "I got a 5G capable phone the day after I got my booster.
", "time": "2022-03-22T14:28:53Z"}, {"author": "sftcd-x", "text": "so my only remaining hope is he doesn't have a gag about making fish scale
", "time": "2022-03-22T14:29:13Z"}, {"author": "mcr", "text": "BOO!
", "time": "2022-03-22T14:29:21Z"}, {"author": "Dave Thaler", "text": "sftcd :)
", "time": "2022-03-22T14:29:36Z"}, {"author": "mcr", "text": "Something something cod.
", "time": "2022-03-22T14:29:38Z"}, {"author": "Brendan Moran", "text": "@mcr, I had a friend who sold \"signal boosters\" for phones in the 2000s
", "time": "2022-03-22T14:29:57Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Your fish might have to go through some lox in transit
", "time": "2022-03-22T14:29:58Z"}, {"author": "Bob Moskowitz", "text": "Now you are getting to the outer bank.
", "time": "2022-03-22T14:30:09Z"}, {"author": "Samuel Weiler", "text": "argh!
", "time": "2022-03-22T14:30:13Z"}, {"author": "Jim Fenton", "text": "Something about a codpiece belongs here.
", "time": "2022-03-22T14:30:26Z"}, {"author": "sftcd-x", "text": "https://www.theguardian.com/environment/2021/mar/15/is-your-fish-a-fake-how-to-spot-seafood-and-what-to-do-if-youre-suspicious
", "time": "2022-03-22T14:30:27Z"}, {"author": "jhoyla", "text": "Why are Germans stocking up on cheese and sausage? They're preparing for a w\u00fcrst k\u00e4se scenario.
", "time": "2022-03-22T14:30:40Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "So what are the incentives for someone to participate in this
meta-transparency ledger?
", "time": "2022-03-22T14:30:56Z"}, {"author": "Martin Thomson", "text": "what we need here is \"BLOCKCHAIN\"
", "time": "2022-03-22T14:30:58Z"}, {"author": "Richard Barnes", "text": "an SCT is not an inclusion proof!!!!!
", "time": "2022-03-22T14:31:02Z"}, {"author": "Richard Barnes", "text": "aaaaaaaahhhh!
", "time": "2022-03-22T14:31:08Z"}, {"author": "Richard Barnes", "text": "EKR made exactly this point on the mailing list
", "time": "2022-03-22T14:31:19Z"}, {"author": "Kathleen Moriarty", "text": "The work will benefit from IETF review. I'd like to see the hard requirement for distributed PKI be removed so that traditional PKI can be used with the same solution as that would help with alignment to other similar projects like SigStore and others that may have higher assurance requirements provided by a traditional PKI (and policy level). ACME could be used as well to obtain the code signing certificate in that case with a cert/key or raw public key for authentication.
A transparency log is used for SigStore too
", "time": "2022-03-22T14:31:21Z"}, {"author": "Jim Fenton", "text": "@Martin it's too early to drink
", "time": "2022-03-22T14:31:22Z"}, {"author": "Martin Thomson", "text": "Jim does 1:30am count?
", "time": "2022-03-22T14:31:35Z"}, {"author": "Richard Barnes", "text": "thankfully, the blockchain that the DIDs rely on will provide enough heat to boil the ocean
", "time": "2022-03-22T14:31:54Z"}, {"author": "ekr@jabber.org", "text": "There are 100+ kinds of DID, so that may be more than \"a little bit of flexibility\"
", "time": "2022-03-22T14:31:54Z"}, {"author": "Britta Hale", "text": "+1 Kathleen
", "time": "2022-03-22T14:31:55Z"}, {"author": "Jim Fenton", "text": "That's late IMO, I'm referring to my time
", "time": "2022-03-22T14:31:56Z"}, {"author": "Sean Turner", "text": "@Jim it is noon somewhere in the world ;)
", "time": "2022-03-22T14:32:00Z"}, {"author": "Dave Thaler", "text": "Kathleen's comment makes sense to me
", "time": "2022-03-22T14:32:07Z"}, {"author": "Martin Thomson", "text": "why not W3C verifiable claims if you are using DIDs?
", "time": "2022-03-22T14:32:23Z"}, {"author": "Robin Wilton", "text": "@Richard Ready-cooked fish, then.
", "time": "2022-03-22T14:32:31Z"}, {"author": "ekr@jabber.org", "text": "@MT: I fear that those claims are verifiable in a different way
", "time": "2022-03-22T14:32:43Z"}, {"author": "sftcd-x", "text": "jokes aside, is there really a set of people who wanna do stuff on this problem in the IETF? If so, then it'd definitely need a BoF - scoping it to something doable before the heat-death of the universe wouldn't be that easy
", "time": "2022-03-22T14:33:16Z"}, {"author": "Richard Barnes", "text": "i would love to know if anyone actually shipping any of these systems is involved, vs. just researchers
", "time": "2022-03-22T14:33:19Z"}, {"author": "jhoyla", "text": "Wasn't there something about Walmart tracking cabbage or something @Richard Barnes_web_534?
", "time": "2022-03-22T14:33:55Z"}, {"author": "dkg", "text": "proof that artifact X version Y is included in the ledger doesn't prove that there isn't some other claim that artifact X version Y is included in the ledger pointing to some other resource.
", "time": "2022-03-22T14:34:09Z"}, {"author": "Bob Moskowitz", "text": "I am looking at this throw the discussions we are have in aviation (ICAO TRON) dealing with this challenge.
", "time": "2022-03-22T14:34:10Z"}, {"author": "Steve Lasker", "text": "@kathleen, the premise would use DiD to enable various identities, where policy may be applied for which identities would be allowed. Similar to what identities may be used to enter an airport, or cross a border.
", "time": "2022-03-22T14:34:15Z"}, {"author": "Britta Hale", "text": "@Richard: those are not mutually exclusive. Let's try to keep professionalism in the chat.
", "time": "2022-03-22T14:34:17Z"}, {"author": "ekr@jabber.org", "text": "I think sftcd-x (don't you know that x- headers have been deprecated?) has the right question. whois deploying this that wants to do it in IETF
", "time": "2022-03-22T14:34:18Z"}, {"author": "Rich Salz", "text": "Didn't RATS just get sent back to the drawingboard by Roman because of some confusion about WG consensus on claims?
", "time": "2022-03-22T14:34:18Z"}, {"author": "Dave Thaler", "text": "@Richard, I think it's a collaboration between both researchers and solution builders
", "time": "2022-03-22T14:34:47Z"}, {"author": "Rich Salz", "text": "If so, then this strikes me as Henk&co re-flogging this same idea.
", "time": "2022-03-22T14:34:48Z"}, {"author": "Richard Barnes", "text": "yeah, i think sftcd-x is right that the answer here is \"BoF if anything\"
", "time": "2022-03-22T14:34:50Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "I think that's conflating some other things, Rich.
", "time": "2022-03-22T14:34:56Z"}, {"author": "Roman Danyliw", "text": "@Rich. That was in EAT. We have sorted those out now.
", "time": "2022-03-22T14:35:03Z"}, {"author": "Martin Thomson", "text": "Richard: maybe a bit of \"find a community\" before a BOF
", "time": "2022-03-22T14:35:14Z"}, {"author": "Paul Wouters", "text": "TRANS also had some effort here but the WG wasn't ready yet with the bis doc and could not really do new work - especially work that would have a somewhat different transparency protocol spec
", "time": "2022-03-22T14:35:28Z"}, {"author": "Richard Barnes", "text": "@mt yeah, and \"focus on a more well-defined problem\"
", "time": "2022-03-22T14:35:31Z"}, {"author": "Dave Thaler", "text": "BOF sounds right to me
", "time": "2022-03-22T14:35:32Z"}, {"author": "Phillip Hallam-Baker", "text": "This seems like a vast amount of mechanism. How much of the same value could we get by extending GIT so that every time someone commits to a repo, they sign and the signatures are enrolled in a CT like thing?
IE take out 90% of this.
", "time": "2022-03-22T14:35:37Z"}, {"author": "Rich Salz", "text": "I know it's sorted now. And I can never keep RATS and EAT separate. So thanks @ADs
", "time": "2022-03-22T14:35:40Z"}, {"author": "Kathleen Moriarty", "text": "@Steve Yes, but doesn't need to be limited to DID
", "time": "2022-03-22T14:35:45Z"}, {"author": "Sean Turner", "text": "There's a tonne here so yeah BOF Is anything
", "time": "2022-03-22T14:35:47Z"}, {"author": "Richard Barnes", "text": "so if folks think a BoF is right, please provide comments at the mic about what the proponents should do to prepare for the BoF
", "time": "2022-03-22T14:35:55Z"}, {"author": "Rich Salz", "text": "@Sean: putting on aires with \"tonne\" ?
", "time": "2022-03-22T14:36:05Z"}, {"author": "sftcd-x", "text": "@rlb: they should do less
", "time": "2022-03-22T14:36:19Z"}, {"author": "Martin Thomson", "text": "Kathleen: using DID doesn't constrain you at all. \"Promiscuous\" is an understatement for how broad DID is.
", "time": "2022-03-22T14:36:24Z"}, {"author": "Sean Turner", "text": "I was almost put metric tonne, but google told me the metric part wasn't needed so - yeah and no ;)
", "time": "2022-03-22T14:36:30Z"}, {"author": "Cedric Fournet", "text": "I agree DID is too general in principle, but each transparency service can restrict the DID methods it supports. If it uses did:web then it is not very far from traditional PKIs and ACME-issued certs.
", "time": "2022-03-22T14:36:31Z"}, {"author": "Steve Lasker", "text": "@kathleen, can you share more thoughts? We believe DiD is a means to provide broad extensibility to not exclude anything.
", "time": "2022-03-22T14:36:55Z"}, {"author": "Kathleen Moriarty", "text": "@Paul yes, the draft references the transparency log work
", "time": "2022-03-22T14:37:14Z"}, {"author": "Sean Turner", "text": "\"to not exclude anything\" = boils ocean
", "time": "2022-03-22T14:37:21Z"}, {"author": "Richard Barnes", "text": "CCF appear to be an MSR thing, right @Antoine ?
", "time": "2022-03-22T14:37:22Z"}, {"author": "Rich Salz", "text": "The proper term, @sean, is \"metric fuck tonne\"
", "time": "2022-03-22T14:37:27Z"}, {"author": "Sean Turner", "text": "@r$ :)
", "time": "2022-03-22T14:37:36Z"}, {"author": "Steve Lasker", "text": "> \"Promiscuous\" is an understatement for how broad DID is.
lol, yes, this is why we believe a policy system is required, to decide which identities each instance would accept
", "time": "2022-03-22T14:37:48Z"}, {"author": "ekr@jabber.org", "text": "@Cedric: did:web seems quite different, actually, because it's not offline verifiable
", "time": "2022-03-22T14:38:13Z"}, {"author": "Rich Salz", "text": "This is huge and needs to be broken up into bite-sized chunks for the IETF to work on it.
", "time": "2022-03-22T14:38:26Z"}, {"author": "Kathleen Moriarty", "text": "@Steve, let's chat. I have to read the draft closer and am also looking deeper at SigStore
", "time": "2022-03-22T14:38:40Z"}, {"author": "Martin Thomson", "text": "r$, I'm concerned that even the pieces are too big.
", "time": "2022-03-22T14:38:44Z"}, {"author": "Roman Danyliw", "text": "For all of the references of transparency log work, speaking of just of TRANS WG, we barely had enough energy to finish it.
", "time": "2022-03-22T14:38:45Z"}, {"author": "dkg", "text": "there are folks actually doing this kind of work, like https://reproducible-builds.org/, but they're not using this complex framing. they're starting from infrastructure and working out, rather than imagining a completely-verified system and dropping it fully-formed.
", "time": "2022-03-22T14:38:45Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Is this bigger than the mathematical mesh, or the same size?
", "time": "2022-03-22T14:38:46Z"}, {"author": "Lucas Pardue", "text": "reel big
", "time": "2022-03-22T14:38:55Z"}, {"author": "Kathleen Moriarty", "text": "And have a draft in ACME to get code signing certificates with new challenge types to enable automation based on standards
", "time": "2022-03-22T14:39:06Z"}, {"author": "Kathleen Moriarty", "text": "@Ben - there's lots of reuse of existing standards
", "time": "2022-03-22T14:39:34Z"}, {"author": "Cedric Fournet", "text": "@ekr agreed... We use it in our POC for simplicity (securely logging the DID document that is retrieved at time of registration) but it is not great for auditing.
", "time": "2022-03-22T14:39:49Z"}, {"author": "jhoyla", "text": "Given the number of sub-protocols etc. here this is a really good time to start talking about channel bindings.
", "time": "2022-03-22T14:39:52Z"}, {"author": "Deb Cooley", "text": "even if the standard part has lots of pieces from other places, the implementation of this would be a monster.
", "time": "2022-03-22T14:40:11Z"}, {"author": "sftcd-x", "text": "@kathleen: I wondered if x.509-based code signing is really a place to put in new effort, seems like lotsa packages are signed via pgp for example
", "time": "2022-03-22T14:40:17Z"}, {"author": "Phillip Hallam-Baker", "text": "@kaduk, it seems to duplicate many of the components that the Mesh has. But they are designed for a single purpose. It is not clear if they can be reused.
", "time": "2022-03-22T14:40:31Z"}, {"author": "Richard Barnes", "text": "reminder to focus on DISPATCH outcomes in the queue
", "time": "2022-03-22T14:41:11Z"}, {"author": "Phillip Hallam-Baker", "text": "I think we need to get the git people in and see if they are interested. And then work out the smallest increment can make it work
", "time": "2022-03-22T14:41:12Z"}, {"author": "jhoyla", "text": "If there's beer involved I'm game.
", "time": "2022-03-22T14:41:27Z"}, {"author": "ekr@jabber.org", "text": "This link needs a QR code
", "time": "2022-03-22T14:41:30Z"}, {"author": "Rich Salz", "text": "I think Henk's p15 already has the dispatch decision.
", "time": "2022-03-22T14:41:36Z"}, {"author": "mcr", "text": "I saw him buy the beer.
", "time": "2022-03-22T14:41:40Z"}, {"author": "sftcd-x", "text": "fishflavouredbeer
", "time": "2022-03-22T14:41:45Z"}, {"author": "mcr", "text": "beerflavouredfish.
", "time": "2022-03-22T14:41:53Z"}, {"author": "Lucas Pardue", "text": "drink, like a fish
", "time": "2022-03-22T14:41:54Z"}, {"author": "Kathleen Moriarty", "text": "@Sftcd - yes, x.509 is in use for this too
", "time": "2022-03-22T14:41:54Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "sftcd-x: I think you owe some people keyboard wipes
", "time": "2022-03-22T14:42:01Z"}, {"author": "Britta Hale", "text": "The fact that there are various industry solutions for this generally indicates differing security guarantees and a lack of standardized definitions, which makes this fit well for the IETF. The enormity of it though points for a need to focus or splice into component efforts.
", "time": "2022-03-22T14:42:06Z"}, {"author": "sftcd-x", "text": "@kathleen: sure, just wondering if new effort on code-signing might be better considering pgp as well or instead
", "time": "2022-03-22T14:42:38Z"}, {"author": "Kathleen Moriarty", "text": "SigStore is an example gaining lot os traction. I'd like to see alignment from a standards perspective for these efforts, hence my comments
", "time": "2022-03-22T14:43:05Z"}, {"author": "Steve Lasker", "text": "@Britta Hale,
Yes, we are looking to fill the gaps by connecting the existing standards, like x509, DiD, COSE, with ledgers
", "time": "2022-03-22T14:43:09Z"}, {"author": "cabo", "text": "sftcd-x: Do a did:pgp then
", "time": "2022-03-22T14:43:20Z"}, {"author": "Kathleen Moriarty", "text": "@Sftcd - let's chat more
", "time": "2022-03-22T14:43:23Z"}, {"author": "cabo", "text": "(If that doesn't exist yet)
", "time": "2022-03-22T14:43:28Z"}, {"author": "dkg", "text": "there are definitely a lot of OpenPGP software signatures out there
", "time": "2022-03-22T14:43:43Z"}, {"author": "jhoyla", "text": "I don't think ledgers are necessary here. You could do it with channel bindings.
", "time": "2022-03-22T14:43:46Z"}, {"author": "Kathleen Moriarty", "text": "Scale for management has to be a consideration too, not just for writing to a log, but using the data late and not putting organizations into a difficult management position later
", "time": "2022-03-22T14:44:04Z"}, {"author": "jhoyla", "text": "(Not saying that's the best solution per se, just that you _could_ do it.)
", "time": "2022-03-22T14:44:11Z"}, {"author": "Thom Wiggers", "text": "J \u201cchannel binding\u201d hoyla
", "time": "2022-03-22T14:44:32Z"}, {"author": "Kathleen Moriarty", "text": "So scale for the organizations who use this later, not scale for those signing software
", "time": "2022-03-22T14:44:45Z"}, {"author": "Kathleen Moriarty", "text": "just
", "time": "2022-03-22T14:44:52Z"}, {"author": "jhoyla", "text": "\ud83d\ude05\ud83d\ude05\ud83d\ude05
", "time": "2022-03-22T14:45:13Z"}, {"author": "Thom Wiggers", "text": "The largest Dutch supermarkt chain did a blockchain thing for supply chain of eggs.
", "time": "2022-03-22T14:45:57Z"}, {"author": "Dave Thaler", "text": "Richard just hit all the points I was going to make. I could +1 or just drop from the queue if we're behind schedule?
", "time": "2022-03-22T14:46:12Z"}, {"author": "Richard Barnes", "text": "sorry, did EKR just mention web3 *positively*?
", "time": "2022-03-22T14:46:30Z"}, {"author": "Richard Barnes", "text": "@Dave we have time if you have things to add
", "time": "2022-03-22T14:46:46Z"}, {"author": "Steve Lasker", "text": "Interoperability:
Software has moved past; \"I will only deploy code I write or buy\", to consume anything from anyone.
We're hoping interop standards for how we can interchange information (claims, signatures) will enable projects and products to evolve to secure software.
", "time": "2022-03-22T14:47:38Z"}, {"author": "Dave Thaler", "text": "I guess I'll briefly weigh in at mic then
", "time": "2022-03-22T14:47:39Z"}, {"author": "jhoyla", "text": "I guess my question is, is this an Internet standard, as opposed to just a supply-chain standard?
", "time": "2022-03-22T14:48:47Z"}, {"author": "Richard Barnes", "text": "i mean, if there were a synthesis of the existing BT stuff, that could be interesting
", "time": "2022-03-22T14:49:29Z"}, {"author": "ekr@jabber.org", "text": "@Steve Lasker: I agree with you about the importance of software supply chains, but my take here is that transparency is not the major issue. Many of the cases I am aware of the malicious code was just published on npm or whatever
", "time": "2022-03-22T14:49:44Z"}, {"author": "ekr@jabber.org", "text": "or perhaps \"not the major\" is too strong. \"not the biggest\" rather
", "time": "2022-03-22T14:50:03Z"}, {"author": "sftcd-x", "text": "while I still think a BoF is the right outcome (modulo getting others involved and downsizing the problem), if it's not possible to come up with a sensible-sized BoF then maybe someone ought poke the IAB into hosting a w/s
", "time": "2022-03-22T14:50:49Z"}, {"author": "ekr@jabber.org", "text": "In fact, one could think of \"publish it on npm\" as weak-sauce transparency against the code author
", "time": "2022-03-22T14:51:01Z"}, {"author": "Dave Thaler", "text": "agree with PHB that the coordination with other groups would be a key aspect of a draft charter if this becomes a WG-forming BOF
", "time": "2022-03-22T14:51:05Z"}, {"author": "Steve Lasker", "text": "@ekr, I completely agree this isn't the only answer. It's one of the pieces.
", "time": "2022-03-22T14:51:07Z"}, {"author": "Thom Wiggers", "text": "https://github.com/crev-dev/ Is an interesting project to do crowd-sourced code review
", "time": "2022-03-22T14:51:23Z"}, {"author": "ekr@jabber.org", "text": "What about Mercurial /ducks
", "time": "2022-03-22T14:51:24Z"}, {"author": "sftcd-x", "text": "svn
", "time": "2022-03-22T14:51:40Z"}, {"author": "sftcd-x", "text": "cvs
", "time": "2022-03-22T14:51:42Z"}, {"author": "ekr@jabber.org", "text": "SCCS
", "time": "2022-03-22T14:51:47Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "perforce
", "time": "2022-03-22T14:51:52Z"}, {"author": "Richard Barnes", "text": "how do i supply-chain verify my emailed patch sets
", "time": "2022-03-22T14:51:56Z"}, {"author": "Thom Wiggers", "text": "Version-43-final.doc
", "time": "2022-03-22T14:51:59Z"}, {"author": "ekr@jabber.org", "text": "Proof of code
", "time": "2022-03-22T14:52:01Z"}, {"author": "Martin Thomson", "text": "\"ledger\" is tainted
", "time": "2022-03-22T14:52:13Z"}, {"author": "Steve Lasker", "text": "naming is hard
", "time": "2022-03-22T14:52:23Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Phill is right that just signing commits isn't enough -- the signature
needs to be placed in some context to give it a useful meaning
", "time": "2022-03-22T14:52:30Z"}, {"author": "Roman Danyliw", "text": "Seems like the BOF will take a particular finesse. Explain enough of the end-to-end-chain to contextualize the big-picture, but be specific enough on the narrow IETF slice.
", "time": "2022-03-22T14:52:34Z"}, {"author": "Antoine Delignat-Lavaud", "text": "agree that blockchain is tainted, but ledger remains a fairly neutral term for a verifiable data structure
", "time": "2022-03-22T14:52:48Z"}, {"author": "Jim Fenton", "text": "@mt \"ledger\" is better than most other words because it focuses on what those technologies actually do.
", "time": "2022-03-22T14:52:54Z"}, {"author": "Roman Danyliw", "text": "Less, specific use cases better than many shollow ones
", "time": "2022-03-22T14:53:04Z"}, {"author": "Cedric Fournet", "text": "would \"transparency log\" do better?
", "time": "2022-03-22T14:53:04Z"}, {"author": "cabo", "text": "That's the title, more or less
", "time": "2022-03-22T14:53:19Z"}, {"author": "Kathleen Moriarty", "text": "Yes, transparency log is stated in the draft
", "time": "2022-03-22T14:53:21Z"}, {"author": "Richard Barnes", "text": "i wouldn't worry too much about the terminology, as long as it's clear
", "time": "2022-03-22T14:53:22Z"}, {"author": "Mark McFadden", "text": "@Roman: 1] non-WG forming BoF; 2] identify that there is actually a community to do the work; 3] identify a small, tightly defined scope.
", "time": "2022-03-22T14:53:42Z"}, {"author": "Steve Lasker", "text": "Code signing is definitley part of it, at the beginning. As code becomes packages, consumers consume packages, without having to look at the source. Promotion workflows are important to capture why something was promoted.
", "time": "2022-03-22T14:53:45Z"}, {"author": "ekr@jabber.org", "text": "append only digital datas structure -- aodds
", "time": "2022-03-22T14:53:46Z"}, {"author": "jhoyla", "text": "In the same way we have research on deniability, by making a protocol _non_ deniable, we circumvent the need for any sort of ledger.
", "time": "2022-03-22T14:54:07Z"}, {"author": "ekr@jabber.org", "text": "@jhoyla: I don't think that's correct
", "time": "2022-03-22T14:54:22Z"}, {"author": "ekr@jabber.org", "text": "one of the things you want to verify is cardinality
", "time": "2022-03-22T14:54:33Z"}, {"author": "ekr@jabber.org", "text": "This is especially true for BT
", "time": "2022-03-22T14:54:43Z"}, {"author": "Antoine Delignat-Lavaud", "text": "signatures are non-repudiable but not transparent without a ledger. Transparency is different from deniability
", "time": "2022-03-22T14:55:00Z"}, {"author": "Martin Thomson", "text": "\"is this the only Firefox 99.0.1 build?\"
", "time": "2022-03-22T14:55:12Z"}, {"author": "ekr@jabber.org", "text": "@MT: exactly
", "time": "2022-03-22T14:55:20Z"}, {"author": "Antoine Delignat-Lavaud", "text": "right
", "time": "2022-03-22T14:55:21Z"}, {"author": "jhoyla", "text": "non-repuditability is not the same as deniability
", "time": "2022-03-22T14:55:23Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Huh, the me et ec ho icon thinks schinazi is remote, but he is clearly
in the room
", "time": "2022-03-22T14:56:11Z"}, {"author": "jhoyla", "text": "Just as a straw man as to how you can get \"at most one\" without a blockchain is with a trusted third party.
", "time": "2022-03-22T14:56:24Z"}, {"author": "Thom Wiggers", "text": "Lots use the full client because the lite client doesn\u2019t have chat
", "time": "2022-03-22T14:56:34Z"}, {"author": "Martin Thomson", "text": "using the full client perhaps
", "time": "2022-03-22T14:56:42Z"}, {"author": "sftcd-x", "text": "the full client gives a different icon when you're present
", "time": "2022-03-22T14:56:54Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "But there's also a person-in-a-circle for on-site, not just the mobile
phone icon
", "time": "2022-03-22T14:57:08Z"}, {"author": "Antoine Delignat-Lavaud", "text": "@jhoyla that's what the initial implementation of SCITT draft 0 uses. It uses SGX as a trusted third party but no blockchain. Generally blockchains are a poor choice for transparency systems
", "time": "2022-03-22T14:57:14Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "I wonder what you have to do to get the person-in-circle, then
", "time": "2022-03-22T14:57:26Z"}, {"author": "sftcd-x", "text": "@kaduk: pay for the cookies I guess
", "time": "2022-03-22T14:57:44Z"}, {"author": "Thom Wiggers", "text": "Person in circle is in person using full client it seems
", "time": "2022-03-22T14:58:01Z"}, {"author": "Martin Thomson", "text": "oh, another point: using SGX is maybe not a good idea (vendor lock-in, plus questions of how effective it is)
", "time": "2022-03-22T14:58:07Z"}, {"author": "Thom Wiggers", "text": "Because I got it
", "time": "2022-03-22T14:58:10Z"}, {"author": "Rich Salz", "text": "SGX as a trusted third party. Given the problems with SGX leakage, is that still worth doing?
", "time": "2022-03-22T14:58:12Z"}, {"author": "Richard Barnes", "text": "@Martin - there is a Linux Foundation effort to do more vendor-neutral enclave stuff (Confidential Computing Consortium)
", "time": "2022-03-22T14:58:33Z"}, {"author": "jhoyla", "text": "@Antoine Delignat-Lavaud_web_465 interesting, I guess I need to read the docs.
", "time": "2022-03-22T14:58:37Z"}, {"author": "Antoine Delignat-Lavaud", "text": "it is possible to do much better, for instance a BFT network running on different TEE platforms
", "time": "2022-03-22T14:58:43Z"}, {"author": "Martin Thomson", "text": "Richard: good news, but that we are saying SGX still speaks volumes to its maturity
", "time": "2022-03-22T14:59:30Z"}, {"author": "Kay Williams", "text": "Thanks to the secdispatch for considering this work.
", "time": "2022-03-22T14:59:33Z"}, {"author": "ekr@jabber.org", "text": "Also we are out of time
", "time": "2022-03-22T15:00:23Z"}, {"author": "Antoine Delignat-Lavaud", "text": "an important point of SCITT is to not be prescriptive of how you protect the ledger, so if say Amazon wants to run Trillian in a Nitro enclave they can protect their ledger that way
", "time": "2022-03-22T15:00:26Z"}, {"author": "jhoyla", "text": "@Antoine Delignat-Lavaud_web_465 Do you even need SGX? I think just an online stateful signer (with epochs maybe, to limit the state requirement) would achieve the necessary effect, no?
", "time": "2022-03-22T15:00:29Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "ekr: we go til half-past
", "time": "2022-03-22T15:00:36Z"}, {"author": "ekr@jabber.org", "text": "OK
", "time": "2022-03-22T15:00:40Z"}, {"author": "Martin Thomson", "text": "our key consistency request wasn't accepted until too late for us to prepare properly
", "time": "2022-03-22T15:00:42Z"}, {"author": "ekr@jabber.org", "text": "I got confused about the start time
", "time": "2022-03-22T15:00:48Z"}, {"author": "Christopher Wood", "text": "^ MT
", "time": "2022-03-22T15:00:52Z"}, {"author": "Antoine Delignat-Lavaud", "text": "@jhoyla you can use a distributed ledger without any trusted third party, but with the condition that a large enough quorum of honest participant exists
", "time": "2022-03-22T15:01:37Z"}, {"author": "Bob Moskowitz", "text": "fun chating bye
", "time": "2022-03-22T15:01:46Z"}, {"author": "Robin Wilton", "text": "Thanks everyone
", "time": "2022-03-22T15:01:51Z"}, {"author": "Steve Lasker", "text": "Thanks folks
", "time": "2022-03-22T15:02:03Z"}, {"author": "mcr", "text": "https://teams.microsoft.com/l/meetup-join/19%3ameeting_OWUwMDhiZjEtYjkwNS00NDA0LTlmMTgtNGZhOGE0NmU3ZTcz%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%22bced92fe-7c20-456e-9afd-5b18c383de81%22%7d for SCITT meeting.
", "time": "2022-03-22T15:56:03Z"}]