**Session Date/Time:** 24 Jul 2023 16:30 ```markdown # dispatch ## Summary The dispatch session covered four topics: Spiffy workload identity, securing ancillary data for CDN (SADCDN), SDP security assurance, and S-expressions. The discussion focused on determining the appropriate IETF area or working group for each topic, with considerations for security, applicability, and existing work. ## Key Discussion Points * **Spiffy Workload Identity:** * Justin presented Spiffy and its potential applications within IETF, particularly regarding node attestation and identity management in cloud environments. * The group discussed whether Spiffy-related work belonged in the art area or the security area (SEC). * Concerns were raised about the applicability of standardizing protocols that might be vendor-specific. * Participants highlighted ongoing work in the OAuth working group related to identity chaining and transaction tokens. * **Securing Ancillary Data for CDN (SADCDN):** * Matt presented a draft on securing ancillary data for CDNs, focusing on adaptive video traffic shaping as a use case. * The group explored the limitations of existing signaling methods and the need for a secure, interoperable standard. * Discussion revolved around privacy concerns and potential information leakage with explicit signaling. * Participants raised the need for a broad approach including both network-to-endpoint and endpoint-to-network signaling. * Related prior work on traffic pacing in MPAC and hint signaling in CTA were mentioned as relevant. * **SDP Security Assurance:** * Kaiser presented a problem related to the lack of signaling for the SRTP rollover counter (ROC) in SDP security. * Various scenarios where this can lead to interoperability issues and decryption problems were discussed. * Participants considered if this update was needed, considering the existence of DTLS-SRTP. There was debate around updating existing tech versus transitioning to newer standards. * Options for signaling the ROC in SDP were proposed. * **S-Expressions:** * Donald presented a draft to update and standardize S-expressions. * The discussion centered on whether to proceed with AD sponsorship or submit the draft to the Independent Submissions Editor (ISE) for publication. * Concerns were raised about the necessity of publishing the draft within the IETF, as opposed to other means. ## Decisions and Action Items * **Spiffy Workload Identity:** Propose a Birds of a Feather (BoF) session at IETF 118. Coordinate with the SEC area to ensure their participation. Join the mailing list for workload identity in multi service environments. * **Securing Ancillary Data for CDN (SADCDN):** Propose an art area BoF session. Incorporate privacy and leakage concerns in the session's setup. * **SDP Security Assurance:** Take the topic to the Media and Indication (in music) working group for consideration. * **S-Expressions:** Do not proceed with IETF standardization. Subtly suggest to the author the possibility of independent submission stream. ## Next Steps * Justin to propose a BoF for Spiffy Workload Identity at IETF 118. * Matt to propose an art area BoF session for SADCDN. * Kaiser to present SDP Security Assurance to the in music working group. * Donald to consider submitting the S-expressions draft to the ISE. * Review use case documentation to really kick the conversation forward.