it or so and stuff i work at red hat and i've been involved in brno now i think seven years what really draw to be known is the focus on making stuff usable and for me that's the paradox between security and usability there often at once but i like the challenge of making them work together we're the first cover some abstract concepts or some principles that you can apply when writing security features in your software and then some examples of how we are implementing in applying those principles or in a cover a bunch a different topics so feel free to interrupt if you want if you want to get your question and while we're on topic i might tell you that it's gonna be answered but no loss there so when working with security we have or just in general as developers we often have this abstract concept of the user as mystical being and it as security guys we kind of sometimes shake our heads at the user you know it's clicking on stuff is not supposed to clicking on right installing should be software and falling for fishing and so on and so forth well we kind of failed to remember but the users a human humans are intelligent fun creative crazy but they're usually overwhelmed because our lives are full of all sorts of information full of choice in the world today we have to choose between all sorts of little things and then comes no and forces these poor humans to choose between more choices they may be possible they may be capable of learning about security but realistically they're not going to this we have to understand the user their nature this is one of the fundamental things we do in our daily lives we filter out extraneous information costly being bombarded by massive amounts of information and just even while doing mundane things work constantly filtering out the stuff we think we don't need we should not be surprised when the user ignores something that we wanted him to see there's a lot of discussion about that we've all been involved in this discussion freedom is not people to choice freedom is equal to match the choice freedom is equal to the choice to choose you have to be able to choose the software you run on your computer you have to be able to choose to modify you have to be free to do these things but you definitely don't wanna be micromanaging all the tiny choices that these tools are supposed to be doing for you sometimes users think they want choice probably really want as much a choice so if you force the user to be part of a security system they're gonna have a really bad time a as the professionals writing the software whether we feel maybe we know all the details are not we are better equipped to make a security decision for the user then the use of themself and just like a doctor sometimes doctors get frustrating "'cause" they present you all these different possible remedies or possible ways to treat you know let's you might have and there if you see involved make a choice you know it's up to you have to doctor what would you do well it depends on each situation is different and sure there is a sometimes you want to professional to make a decision or to make a strong proposal strong decision you can choose to reject that decision that's about a choice there that you want that's from a professional like one of us in general this should be our goal like in the security feature the user has to identify themselves have to know who they are if we could do that automatically we probably would but sadly we're not there yet so you have to use a for password or something to improve that they are right but after that we shouldn't interrupt the user with security questions insecurity decisions now there's a different kind of user profession of these professionals use different tools the duh that is how and so they use different tools they look inhuman when they're doing their job actually professionals have alert how to reject part of humanity essentially to be specialised and do one thing really well but we can't forget that even professionals when they go on to something else they don't wanna micro manage the rest of their lives even someone who drive the fire truck for a living with a massive console full of all the buttons many which you know you have to learn and be trained to use that thing drive home a normal car right and he won't want to draw the firecracker i mean pretty basic stuff so given that one is the worst possible time to ask the user a risky question to make a risky decision when they're trying to do something else that's the worst possible time you're gonna get results that are worse than random chance if it's something is really truly going well let's say someone is attacking the user and something is going wrong and they get a problem the chance of them making the right decision there and not just clicking through and ignoring it or whatever if you just did a fifty you probably be better than what the right so so we just to our first max and problems are dubious if you are coding a problem for you see a problems looking at you know for yourself are you factoring something there's a problem there regarded with suspicion do you actually need to prompt the user and this goes across the board i mean sure the technology we have sometimes requires that's the problem maybe to save a file or something we really we don't want that like our end goal should be to get rid of yes no problem toward the equivalent stuff but taking a step further security problems are wrong sure sometimes you have to prompt for a password and that's an identification problem right you're asking use it identify themselves and unfortunately passed first is one way we do that but in general a question about security like do you want to continue you wanna ignore this bad certificate all those exact all those things will cover some examples later they are wrong almost ninety nine percent the time and if you can the user tries to make that permanent you're adding insult injury basically say okay fine go ahead they can choice alright we're actually doing that forever now ridiculously alright so here's an example we all sing this and the user is really ill equipped to answer this question i mean completely unlike what there are very few people you can answer this question correctly there's another example i don't even know what is going on here what's offered be i can't even as a security professional cannot answer this question correctly just gonna exactly here's another example i mean i could go on and on with examples i mean there so many examples so it's just game over you lose alright stop interrupting so what we do instead of interrupting we let the user express their intent what they want to do and then we make a decision based on so yours volume you some examples of this to get you thinking there's a principle to apply figure out what the user wants to do design so that he can expresses intent during the task is trying to do and then don't problem with random problems either confirming or whatever right so we heard letter to talk about portals well that's part is that boxing right enforce and this product talk so but anyway portals our away for some what's application to kind of call of the system and ask the system to do something that i just and what's application but otherwise not be allowed to do now these are right for doing it wrong is are right for problems and actually we're approaching this from a different angle right so the classical example which i think must dimension is if a somewhat suffocation wants to open the file that's not in the sample X ask the system to the portal october the file system for parts of a file chooser user selects the file the user expresses the intent the open the file and then the system allows that security access at no point is the user prompted to with a with a this application wants to access this file in read mode in right now i don't know what and then continue disallow both should not of that right so that's expressing intent make insecure decision based off of it another example this is just a theoretical example you know for the subtext of dot in them you can imagine software that wants to be not within our privacy campaign right you can imagine going to software and checking for this that we don't upload them accidently that we don't think them to public service sick that data to public service so rotten than seeing a problem like this i mean of course the designers can probably we work this but you might we might choose to make the data visible thank you very visible what is the what is in that photo so it this is the sense of data that's in this photo and just like we allow you know rotating photos and stuff you might have a button to clear so it's very clear the user has the data is intent is to take this started here put it online if you doesn't like the data that's here you can change it maybe take out that X of data or whatever i mean well apply the principle is to be applied that user can express the intent is in control knows that he wants to do and then that doesn't get these problems to allow or deny access so so moving onto concrete some more concrete examples what are we doing to fix this here are some steps and things that i've been working on i'm just one person though and i know security sometimes seems like the dark side but in reality it's it there there's very few people who are actively working on this stuff and so i would encourage your involvement so examples that i'm gonna give one stuff that i've sort of have find out or have worked on already are no means comprehensive solution to this problem and so we need everyone's involvement to try and apply as you're making you software and help fix the stuff so first no more certificate problems i mean this is the details of a certificate i mean i don't include the like binary details that you actually are the ones that you need to verify here but barely anyone can actually go through this and double check that you know certificate matches what it's supposed to be this is what we're gonna do how should just drop the connection with something is wrong if the user is connecting let's say from a web browser or the thing i am let's and the server's not listening on the right port what do you do we display big dialogue telling him how to change the word for to contact whoever or like some thing know it's in this country it's a problem that's on the server side miss configuration and we're like oops something's broken i mean sure their remedies i can be done for example if i think of someone doesn't pay the D N S for jabber daughter work doesn't pay the domain registration we should we could possibly put up a dialogue this is do you want to send an email to the admin of whatever based on who is information and like so why we do it for certificates but i hear these but yes so let's look at the use cases what the users want to do the user intent well one big class is enterprise the A's enterprise company organisation has their own see a their own anchor right so for those of you fortunate enough not to know how this works there's an anchor which is stored on your system a whole bunch of them right and the website has a certificate that it signs the dollar that's coming from the server with and that certificate has a signature on it by the anchor and so your browser or software is checking that it's signed by one of the anchors on your system so what we need for enterprise see ace is a way to configure it we might have a link that pulls of a help file we might we now we have a way just or anchors this is already in the door and debian you open so we have a way to store anchors across so that by default all the different corpora libraries will use them and here are some details how it works so you can see that there is kept alive is unfortunate that we have so many so what we don't here is this trust or now the trust or basically holds a list of all the anchors and blacklist and everything from file so happens can just put files in a directory there are tools to do this too and and assessing can at last read this information through protocol called you can see it's a lot now some of that we haven't yet retrofitted open ssl in java to do the same so in addition as kind of a concession to getting this working now whenever that restores modified we also expect some bundles so that these kind of a legacy uses of the bundles will still work so the upshot is that and enterprise user or and price admin can how to see a and have it just work so that's all like to on is and tons and tons of the instances of the use cases where you want to use a certificate that your system doesn't trucks and it's not yet done but we once having can only user interface for adding that the a C H your system sure there will be an every application applications that use it it's saw could include a link to help documentation if we want but after dropping the connection of course and then you have your that those use cases don't know there's also professionals professional tools right so we're maybe is maybe a developers developing against a system that is just a test system as certificate on it that they just generate a quickly and in production are gonna use a good like a signed certificate or for some other reason you might have a personal server that you just decide to like what self signed certificates on a no okay but you wanna make it work well there is room for professional tools to recognise that to work with that and here's how instead of prompting the user even in professional tools number the professionals are users to they also ignore information a i know i have click throughs also i certificates too many times it's just like so what you do there is there a don't feel like you're tool needs to do this you're a but what you do there is association a certificate with the account as you would let the user specify host name or username or whatever what that does it does two things is that we can be more secure with less security does two things one is that's the user you know not get prompted later and you know use work around the fact that it's a self signed certificate but to it also lets the user do it's called a certificate pinning where if the certificate to the server sends does not match that certificate so doesn't work anymore let's really micromanaging secure users double check certificates that they want to use with a given service and and then there and if something changes get notified so but not every application has to do this so if you're building special application or something that you imagine these this feature this is how to do it instead of prompting this is how to do it alright want another topic application passive storage so in currently in in brno we have no hearing which is kind of like the central database of all the passwords not application some faster than there and they can get about now this is really surprising to users because it doesn't match their intent their intent is that they type faster than this application the application remembers it what they don't expect is that every other application including their younger brother using C horse go and we all the passwords and in addition to create all these problems where we have one set one security domain you would call it for all the applications they can all read each other's passwords and crap so really the password is partly account info when you set up a password and i'm the or whatever really is part of the account why don't we store today count well because most people agree that putting up password on encrypted on a laptop disk is that practise i mean there are certain store just where you can write actually clear tax like an encrypted this maybe a phone where you can well some sort of phones where you cannot read this wrong about the wrong this for sandbox applications so we likely need to use some for sort of encryption but and starbucks applications really thrown a wrench into this because if you have the more sharing their passwords right in the central database you have all these like all this but this that wants to read this past where the not all these weird if the prompts or situations that problems are likely to appear so instead what we wanna do is have a session key in the kernel keyring the kerdock eerie it's kind of it's kind of like know keyring of that but it's volatile and only stays around on for one for the brooded life for the computer i guess or well it's on and we really want applications to store the passwords in their account information so they use the library to access the kernel keyring and ask for session key with which they can use to encrypted password so they can store the right there and they pass it through and store the result in the account information and the colonel keyring if it's not if we don't yet have a session keyring their little house but that's not the secret service or whatever to be the prompt the user or get a notice i think hearing based on the user's market this actually lets you do some really interesting things where you can have policy like that the whole scheme let's you have policy where different applications you could you could tell them this application i want to never to store passwords and so the kernel clearing always refuses to have a session a master session key for that and respects that doesn't write a password or you could say and M T P mean store in clear text then you can have either propagation or for the whole system away for to indicate the applications just put that lay down in your in your account information in clear text don't want to bother with encryption here so again another example modelling the user intent when we're keeping the password in the account data and again you have more secure because you can you can model all these different things you don't have maps interacting with each other to sam box office apps especially to retrieve the past for from somewhere of course unless the case where apps want to share an accountant from account right and we do that is through can a lot line accounts or service like that more sound what's applications there should be part of for that and and i related use case that someone actually brought up just the other day so i would mention it is people like to look up the past with that they use in an archive our back so we might also have a portal or something for that to kind of say i'd use this password if the user wants be reminded of it later story but we but after just don't necessarily use that look up stuff the user for looks up stuff there he wants to use it somewhere else and if an application you put and so another topic when you login to your you know that start using fingerprints are all the login or anything about a passer morgan to get this problem which is really stupid because it's a password right so users pleasantly chose not to login password you get this no the reason for that is because although we can authenticate the user we can make a guess no decision based on his identity who he is we cannot we don't have any secret data like a master password or anything but which to decrypt the stuff on the best so we can open his password store and so on so known keyring stubbornly puts at this prompt that's really unusable users intent is to monologue in for example just have a static be accessible right actually ask for fingerprint the ask for although its kind of secure to make is donna accessible based on the fingerprint that he's leaving all over the place right so really the user has way to secure at the a decision already that says i want to be less than a hundred percent or less than password secure and i want to i don't care this point so this is how we're gonna solve this so again for those of you fortunate enough not to understand how power works have the stack of modules and one of the modules what usually more the early ones in the stock will prompt the user for a password usually it pam unix although it could be the S T component have S as and so one so what we really want is that password to come from somewhere else first of all we want all the counts to have a password but then the user can choose not to use that us so when configuring fingerprint on or auto login or pay login even users password is written to a file and ideally that file would be secured via something on the hardware like a T P M trip or pretend and be ram or something but if not we written in clear text and this is the users explicit choice in addition we wanna fix the case where you i'll you unlock your disk encryption and then you have to like the same password again when you login so both of these data into the kernel keyring the colonel keyring contain is the users login password in these cases this can a login fingerprint authentication and then when the login starts there is no authentication token there's no password that they call it so the first thing in the stock looks and check so the kernel keyring do you have the user's login password can i just use it and if you didn't this time at the top and then the underlying component see there's already one there tries to use it and if it works then know product and on we go down the bottom can known keyring is also able to use that how sort to unlock the users passwords or to provide like it's in the last that master session keys for us on what their own past so we got are usable login experience that models users intense and in fact you get ability to use more secure stuff which is your just encryptions smoothly so those are the things that i sort of have scheme than this area but there is so much more if you're if you want to join in on any of these tasks i can break them down we can we can work together i'd love that i'm this is not my job to work on this stuff i work part time on it and if you see other places where you want to apply the principles i talked about that by all means don't be afraid of join in the darkside the security bring us back from the dark side we have cookies so who's your comment terminate security problems with extreme prejudice and this is really interesting about this the other day for every keystroke or click that the user has to use to use a security or crypto feature user base declines by you can imagine how that goes alright any questions yes are you very the if you so the web browser example we back that we just gonna draw connections if the certificates mismatching there are some sites that they're gonna practise that you can take people want to go to them do you think you just gonna find you know like more extreme measures of disabling the security system so that they can get what they want and that will match user intent like i find with someone who's crazy or someone who is a it is come used to living on the extreme going in disabling have to secure this but if like user intent is i want to see this site and then you force them into like and disabling all security validation or something like that that's a possibility but i think we've also made it possible for the user to fix that situation in a straightforward secure way without getting a problem interrupting them so not only are we taking something away but we given them the ability to fix it really it's been hopeless so far right you try to trust some see a or something like see a start for example i was like what you have to figure and every application that's not so we're trying to do is really solve the problem that the users are actually facing and they're always be some weirdos who want to ignore that stuff or totally valid you serious want ignore that stuff and verify minutes open source they can going modify they can we can figure it they can change it but we don't necessarily have to present that to all these is that option to all the users did you have a question there we go so with the decline of the passwords this is secure mission to the contention relates to the ultimate just a user can remember is for below the amount of that is that compute complete for some half an hour the two and with the jan on the availability of the two factor authentication right what can we do to fix the problem a lot of lot of research unless the sure that it i don't have an amazing response to that i mean if and if if someone wants to work on you authentication methods or implementing ones that are in research that certainly interesting work that we can do i mean but we have established stuff we could try implementing in to go but i don't be shy when exploring the stuff there's definitely a need for something better but we don't have sure or the i think it's a good approach to try to catch the use intents but it's at the same time very far as it is hard i mean it's security i don't know it might be very different see what you know the uses and ten E it's there's no doubt that and that's one reason i wanted to get this talk is we're on the verge of design in this somewhat applications and it would be so easy the fall into the trap of getting more problems so easy and i agree it is hard is really hard like for example do you want to share your location yes no what is the answer to that what if you what if you i mean this is just spit balling here but what if you were displaying and say select your location share but like a user clicks it takes the share button it has a web at and you get some i guess like of course under his current location and all and it kind of modelling some attached to do rather than a permission i mean i realise it's hard and no i don't think any of us have like this ingenious solution for each and every problem i mean each one it's going to be a child but we really not just fall into the trap of prompting users that just makes like i mean showing transit are just going to be click through when you kind of get in the habit of just picking to i think it is useful to make a distinction between props that or like would you like to share your location yes-no versus parts that are more like would you like me to do what will allow you to do what you're trying to do so i mean equipment industry choice that's later you know if i'm clicking no i don't get what i want verses okay this is really a preference and then i can proceed writing there's a you want to do your task like exactly and then the ability to of course stop it if it was a surprise that somehow this thing popped up so saying that all yes we know choices are only back i'm not sure that that's true that's why i said problems are dubious and i understand a your point but we need to react when we see if we as developers we to react when we see problem and really think hard is this really necessary and i guess that's my point so we've been so used to just generating problem so after that extreme here and there are exceptions but it really should be part of our first reaction to think hey this is the problem what are we doing here can we can we change this there were actually matching what the user wants to do or presenting a like part of the flow or somehow let me show isn't and or something like that just for the so continuing rinds question before i think which is absolutely terrible has had invalid sort of the certificate for five years and i don't see any fixed that that i mean you i know i is they bought my credit card your like any money right now a but i mean it's just sort of i mean i sort of agree with brian sentiment that it's like there's a valid certificate websites all over the place like just sorta children actually and he obviously the right now like it's very bad by record choose you like but like i would do that as you were on your fish will be use like we could do i wanna do i get my money's so it's just like i understand your point with like i don't use any for just terrible websites or so i probably not use their online banking system but i'm gonna return anecdote in time and that is on them as a that bugs a lot about our website where people file bugs about firefox there are and number of bugs the people that exact same thing hey you guys suck you do not recognizer certificate five bank i keep getting prompted and blah and then similar looks and the details and they are in fact being that in the middle someone is attacking that and they have enough knowledge to go and post like certificate details and all that stuff on for example so you're how many people are just ignoring the i mean my factor of thousand more right so i realise there's a trade off here but i think this is completely the right approach and there are ways to get up to obviously we haven't totally ignore the fact that all certificates automatically validate and there are ways to do it so someone might make a browser plug in for you or you might make it that says hey when i go to this bookmark always check to make sure it's the certificate no matter outdated or whatever in the certificate to the bookmark and there you go the other question i have we think about this you linux the reaction i was expecting thank you know i think i think that i think there's a lot of good use cases for it and i just think many of much of what we try to do with it now is to find great so it's again that the chairman E of small decisions we need to and there there's definitely working done on this i'm not trying to not get we need to use it at a higher level more like for example with a marxist that's kind of the abstraction we containers or with virtual machines that's kind of the level like you're talking about rather than the something i wanna micro manage and sassy the next always support that i think we take it to the next level now and by removing all those tiny little incipiency intricate decisions and micromanaging every detail you sort of have these bigger bar bigger security domains where stuff in their interacts fine but when it once interactive something outside there only to find ways for to do that so i two questions the first one was i mean you were mentioning some alternative plan for the take to be able to still access is websites planning and strategic it's to some sourced or something like is percent like just an I them and then have like a you why that you didn't really specify so okay so that's this is the infrastructure i've been working on actually it's already done the infrastructure and this is just or is that what you're talking about and the trust or is basically stuff in these two directories so right now and your food or nineteen your debian testing or your opens is the back to re think you can put your see a certificate in that one of these direction for jack that because i think some of them change the directory to be compatible with their old stuff you can put it in there and suddenly everything will respect obviously user interface is very important and i wish i was really hoping to have that done by quack unfortunately a lot of other stuff conspired against me there are tools command line tools now that's very new to do that so you don't have to like manually place files it'll just take a adding a listing and stuff like that and then there are based on those tools we have to build a you why for example to see orthodox can reference because i understand that not everyone has an admin even in enterprise not everyone has an admin caring about their every you know need any them don't care that you on the next so by having the documentation how to do this we can guide the user through these that if they really have to okay and the question the i'm really interested in is you mentioned like encrypted hard disks but like when you installed or it doesn't give you like langford lot checked by default so will it be saying that you like to see like say linux distributions gently like pushing for people drink their drives but there's a lot of discussion about that problem is password recovery right unless you can provide the user really same way of recovering that password checking a by default is very "'cause" i'm just from a developers so i i'm i totally would love to see it check right before but we have to have a good passer just got password recovery mechanism you talk about you would support sort of like advanced interface repenting what's your opinion on this idea a certificate pending by default on first years so that you know when i go and access my bank you can all the suddenly like you know by the way your bank is now authorised by a russian certificate it's already are you sure that that's really what you intend right so there's a lot of work being done on how to solve the see a problem because C As or that's pretty much a recipe for corruption right basically get money for doing the right thing and more money for doing the wrong thing you know so there's a lot of work on this and some proposals like tack have a way to pinna finicky to a website and the first time you see a first time user you can make a leap of faith and thereafter you kind of build trust and because you keep seeing the same thing there's a way to migrate to new keys a not necessary you will ever really do that again and it's a interesting approach and but it needs more work from the user interface perspective because it really depends on the use case if the user is logging onto for example it really makes sense in the case of social networking if you were creating account that's a with facebook the first time you're creating that account you wanna know that later when you connect and add more your personal information that you're going back to the same website and also works very well for ad hoc communication between people the first time i met you i have no idea we were and whether you trustworthy or not and the same thing works with pinning right the first time i kinda make a leap of faith or kind of i there's not much at stake but over time you wanna be sure you're going back to the same place as far as the leap of faith when you're connecting to someone you that you like your bank that you have to know is the right party from the beginning that is kind of more unsolved problem you in this like you have your labial the weighted keys in user sure if i don't trust them from the files and it's that or is it strictly additive know there's also black listing so you should be able to take a certificate i say never use this certificate again now not all of those libraries support it and assesses the only one that supports well i mean so that i can just right get out of the trust shortly you can do that it's from that see and see okay like i don't if you want to provide actually the last we have a way to do that i can basically you market as untrusted for any use each of those anchors are trusted for various uses like web or you know someone and the tool would unmark the to tool does on market for any use when you disable it and crystal there but can't really be i wanna say that this slide like i love you for because this is gonna disasters and i don't have to really like a lot better so that's all that's great stick what concerns me right now is that there's a lot of us on a lot there are some of us in our community the reading harassed as we go through T S A check like that part i don't have that were like going to T S A checkpoints we raster resize get take in the get image what are we doing to prevent things like lee keen you know are keys in memory i shut my laptop what just happened to make sure they are actually going to this you know a lot of the service stuff goes to you bustling application once you get a password securing a makeover debusk we have no control over D but zero we not the memory that contains my password well nor do necessarily zero the password before free need in the applications that what are we gonna do about conventions how can we deal with that to make sure that our applications or protecting us even when we were right so there's various aspects that question and what are the interesting things is like this distinction between privacy and security some was telling me yesterday and it was really good point that security is off and the implementation of privacy right so we have this privacy campaign what i've talked here today it was a lot about security and our privacy campaign we should be examining those various use cases especially if are community is already run into these problems and a bunch of us were having a disk and how hard discussion about it but we need to start christa lighting what we're going to do for that privacy right i mean i'm certainly not running it but so if you have any ideas though i'd be happy to andreas or to be us or holland or myself we can start a discussion on that like what task do we want to do obviously twenty K is not gonna solve the world's problems but right you can actually start to tackle some of those things as far as the security side ask doing their security that is a problem and i hope that part of that is all by this we have a much more secure infrastructure for after that passed around the system although currently a list not hearing doesn't after password over developed by in here the number that at least presumably that the colonel hearing area is gonna be unlocked memory so when you shut it no chance of this so i mean we do need to take some steps when you when you suspend your computer to clear the kerdock hearing and then unlock use that unlock password to we populate that master section as far as point the second thing is concerns a right now i'm still gathering what we we won't be community a knowledge and see what we gonna be using the money full it's very possible that will end up having just like to produce the nation's in previous campaigns that will just add one company working on a particular set of tasks but it's also very possible that will and of speeding up the the problems into small pieces some of codes of P W participants can can use that we can even make some of the stuff into going on goals right is a week you page on which we have a really point is ready and we need to flesh that out we need to figure out what's the most important in the short term cool i just one comment on the privacy campaign is what as we accept bids from companies are ideas of things we need to secure is such a broad topic i mean it means something different to everyone so i think we need to focus as we are more on privacy i think especially i think yes exactly so if we excepted three companies we're gonna get a lot of security stuff as well we have and you know bundled them down to privacy and do this regime where account service their applications are storing passwords as account information inside and sells presumably and all sorts of different ways that the system doesn't really have any awareness of the if i want to change the this key that's a marking all of the is that it seems that i really can't do that yes that's a good point and i didn't covered in the slide but you might as there's a little to here okay what that does is when you ask the kerdock hearing for to unlock a password that you've stored previously you also pastor identifier that's all the which has certainly used to market previously when you're doing it for the first time well when you're storing capacity use the current identifier and you tag in into your value you pass a back so that allows for migration between see so using the ski i mean there may be more holes and i'd love to discuss the details make sure we have it all right if this can you have a lot of the protocol the whole model has a lot of flexibility a lot of power not necessary that we have to expose all that in the default install but you have that does the protocol you an opportunity to say it's you requesting like a generation to did you know there's a generation three would you like three include no i would suggest personally that we always have the out just have a well known place to retrieve the currently when they're storing a password just use that great stuff more question thank you much right and then