1. draft-jennings-vipr-overview IETF 81
Cullen Jennings

2. Changes Editorial and typos Header name changed to remove X-Cisco
Michael Proctor raised an interesting attack and provided more information about a two existing attacks (more later)

3. Document Refactoring Overview does more than just be an overview
VAP draft contains bits essential to VIPR, but the VAP protocol was meant to be optional
Proposal:
Refactor the drafts to make the rest of the VIPR drafts not normatively dependent on VAP
Refactor to move parts of overview to other drafts or new drafts. Consider moving section 7, 8, 9

4. Evil Tracking
Attack: Let's assume EvilCorp registers its node-id against the hash of the sales number of its competitor, VictimCorp.  Then, whenever a ViPR-enabled caller tries to call VictimCorp to buy something, a few hours later their ViPR server will attempt to establish a connection to EvilCorp.
Proposal (half baked): blacklist validations with EvilCorp after failed validation
This solution is broken: in normal conditions with no attacks, if networks goes down, domain will get black listed

5. First Call Problem
Particularly for video systems, the first call and re-validations falls back to the PSTN. This is an awful user experience
Proposal:
Define some more validation protocols based on passing the secret over the PSTN, rapidly detecting, and instantly moving the call to IP
Might try ISDN USI (User Service Information) field
Might try in band audio “flag” sent by sender, then audio secret is sent by receiver
Fingerprint the audio
Watermark inserted in the audio
Send some DTMF like digits at start of call if other side claims to support this type of VIPR validation
Use a “cocktail” approach where try all of the above at the same time

6. Proposal Find a better editor for overview
Refactor documents by Sept 15
Have some assigned reviewers provide reviews
Have a virtual interim meeting mid October