[{"author": "Michael Richardson", "text": "<p><a href=\"https://www.youtube.com/watch?v=jr0JaXfKj68\">https://www.youtube.com/watch?v=jr0JaXfKj68</a></p>\n<div class=\"youtube-video message_inline_image\"><a data-id=\"jr0JaXfKj68\" href=\"https://www.youtube.com/watch?v=jr0JaXfKj68\"><img src=\"/external_content/0924711c4b8364422da00e6ab5793cde01a5ff8c/68747470733a2f2f692e7974696d672e636f6d2f76692f6a72304a6158664b6a36382f64656661756c742e6a7067\"></a></div>", "time": "2023-03-31T03:01:14Z"}, {"author": "Brendan Moran", "text": "<p>I dropped out for a moment there</p>", "time": "2023-03-31T03:12:19Z"}, {"author": "Alexey Melnikov", "text": "<p>We can hear you Brendan</p>", "time": "2023-03-31T03:12:49Z"}, {"author": "Alexey Melnikov", "text": "<p>But you might not hear us</p>", "time": "2023-03-31T03:12:58Z"}, {"author": "Carsten Bormann", "text": "<p>+1 MCR don't break it up</p>", "time": "2023-03-31T03:13:51Z"}, {"author": "Alexey Melnikov", "text": "<p>@Brandan: Listen to audio/read minutes. I think we had 3 speakers saying against lots of little documents.</p>", "time": "2023-03-31T03:16:53Z"}, {"author": "Brendan Moran", "text": "<p>Thanks!</p>", "time": "2023-03-31T03:17:05Z"}, {"author": "Brendan Moran", "text": "<p>That was the whole deck</p>", "time": "2023-03-31T03:18:02Z"}, {"author": "Henk Birkholz", "text": "<p>ack!</p>", "time": "2023-03-31T03:18:18Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>Isn't CoAP-over-TCP the baseline for CoAP-over-TLS?</p>", "time": "2023-03-31T03:31:01Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>OK, I think that's also John's answer.</p>", "time": "2023-03-31T03:31:12Z"}, {"author": "Dominique Barthel", "text": "<p>@John, you will find a first stab at SCHC-compressed security for CoAP (DTLS vs. OSCORE vs. no security) inEffective interoperability and security support for constrained IoT networks<br>\nMarion Dumay, Dominique Barthel, France Laurent Toutain, Julien Lecoeuvre<br>\nOrange Labs, IMT Atlantique, Acklio (FRANCE)<br>\n2021 IEEE Global Communications Conference (GLOBECOM)<br>\nFebruary 2, 2022</p>", "time": "2023-03-31T03:34:24Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>Getting support in ACME would make a lot of things MCR and I contemplated in IoTSF much simpler :-)</p>", "time": "2023-03-31T03:36:27Z"}, {"author": "Brendan Moran", "text": "<p>If this fixes my NAS onboarding issues, I will be very happy</p>", "time": "2023-03-31T03:38:34Z"}, {"author": "Alexey Melnikov", "text": "<p>@Brendan: do you have a clarifying question or are you happy to wait till the end of the presentation?</p>", "time": "2023-03-31T03:44:32Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>In the IoTSF proposal we had the rough plan to allow entities in the Internet (eg. vendors) to run a (from mixing the terminologies here) \"global site specific\" domain. It gains us usability with today's browser, and loses the assurance that the device is \"local\", but is that even a goal?</p>", "time": "2023-03-31T03:45:15Z"}, {"author": "Brendan Moran", "text": "<p>Clarification has happened :)</p>", "time": "2023-03-31T03:45:21Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>(my question can wait to the end, I'll queue up then)</p>", "time": "2023-03-31T03:45:42Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>\"This is a local device, it will only steal local babies\" ;-0</p>", "time": "2023-03-31T03:47:35Z"}, {"author": "Brendan Moran", "text": "<p>Christian, that sounds like DANE</p>", "time": "2023-03-31T03:52:37Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>I explored it from the PoV of constrained devices, but yes, DANE-but-still-getting-you-an-ACME-cert.</p>", "time": "2023-03-31T03:53:46Z"}, {"author": "Michael Richardson", "text": "<p>Don't try to solve the enterprise case.</p>", "time": "2023-03-31T03:54:48Z"}, {"author": "Michael Richardson", "text": "<p>DANE doesn't help because the home doesn't have DNS beyond .local</p>", "time": "2023-03-31T03:55:14Z"}, {"author": "Michael Richardson", "text": "<p>We can use the non-certificate versions of DANE into .local, but browsers don't speak that.</p>", "time": "2023-03-31T03:55:46Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>I won't hold the queue any longer, but: It doesn't need to be the vendor that provides that service (issuing the certs and doing DDNS), that could be outsourced.</p>", "time": "2023-03-31T03:55:47Z"}, {"author": "Michael Richardson", "text": "<p>@chairs, I would like to have a design team meeting on this document.</p>", "time": "2023-03-31T03:56:05Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>If possible please CC me in the invite, I'm not regularly reading the list.</p>", "time": "2023-03-31T03:56:34Z"}, {"author": "Michael Richardson", "text": "<p>20 years... on an inkjet.... hahahaha.  But... yes, on a laser, easily.</p>", "time": "2023-03-31T03:56:50Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>I'll respond offline to the 20-years-on-market and billions-of-device.</p>", "time": "2023-03-31T03:56:58Z"}, {"author": "Michael Richardson", "text": "<p><em>all your yogurt are belong to Wes</em></p>", "time": "2023-03-31T03:57:49Z"}, {"author": "Alexey Melnikov", "text": "<p>@Michael: possibly. There is clearly lots of interest in the topic. Henk and I will discuss.</p>", "time": "2023-03-31T03:58:30Z"}, {"author": "Wes Hardaker", "text": "<p>I meant to talk about inclusion issues with css/js too.  so all your yogurt belongs to the peanut butter which belongs to Wes.</p>", "time": "2023-03-31T04:01:04Z"}, {"author": "John Preu\u00df Mattsson", "text": "<p>Agree that presentation in ACME would be good</p>", "time": "2023-03-31T04:01:08Z"}, {"author": "Wes Hardaker", "text": "<p>or better, REQUIRED</p>", "time": "2023-03-31T04:01:30Z"}, {"author": "John Preu\u00df Mattsson", "text": "<p>It the doc decribing the problem, decribing existing solutions, or standardizing a solution?</p>", "time": "2023-03-31T04:01:58Z"}, {"author": "Michael Richardson", "text": "<p>The problem is not, how do we hack the Browsers, the question is how do we introduce new trust anchors into the variety of operating systems, in a home-user friendly way.  Ideally, the browser could be told about restrictions on that trust anchor.</p>", "time": "2023-03-31T04:03:10Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>Aren't browsers already (at least partially) ignoring what's in the OS store?</p>", "time": "2023-03-31T04:03:41Z"}, {"author": "Michael Richardson", "text": "<p>@Warren, the captive portal people are basically going in the wrong direction as well.</p>", "time": "2023-03-31T04:03:44Z"}, {"author": "Wes Hardaker", "text": "<p><span class=\"user-mention\" data-user-id=\"507\">@Christian Ams\u00fcss</span> many actually use the OS store, from my understanding.</p>", "time": "2023-03-31T04:04:07Z"}, {"author": "John Preu\u00df Mattsson", "text": "<p>I don't see why compromised printer is a bigger problem than compromised <a href=\"http://ietf.org\">ietf.org</a> showing a bank login</p>", "time": "2023-03-31T04:07:39Z"}, {"author": "Christian Ams\u00fcss", "text": "<p>I think the larger issue is what if you have a local compromised ACME server, that suddenly browsers trust, and then it starts issuing <a href=\"http://bank.com\">bank.com</a> certs instead of printer.local -- and that's an issue of configuring root certs to limit what they may do.</p>", "time": "2023-03-31T04:08:21Z"}]